f0000000440)='mem\x00\x01y7swaS.cur\x89\xc9B\xab\xe3\xfarent\x00', 0x0, 0x0) mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000540)='ramfs\x00', 0x0, 0x0) chdir(&(0x7f00000001c0)='./file0\x00') r2 = creat(&(0x7f0000000400)='./bus\x00', 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") ftruncate(r2, 0x208200) r4 = open(&(0x7f0000000200)='./bus\x00', 0x14103e, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x7ffffe, 0x4002011, r4, 0x0) preadv(r1, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c) [ 463.060613] do_syscall_64+0x1e8/0x640 [ 463.060622] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 463.060639] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 463.060648] RIP: 0033:0x459697 [ 463.060654] RSP: 002b:00007f4eb8d06a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 463.060665] RAX: ffffffffffffffda RBX: 0000000020000228 RCX: 0000000000459697 [ 463.060670] RDX: 0000000000000006 RSI: 0000000000004c00 RDI: 0000000000000007 [ 463.060676] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 463.060681] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000006 [ 463.060688] R13: 00000000004c88e2 R14: 00000000004df6b0 R15: 0000000000000005 [ 463.098718] audit: type=1400 audit(2000000249.409:2071): avc: denied { map } for pid=17793 comm="blkid" path="/sbin/blkid" dev="sda1" ino=16128 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=0 03:37:29 executing program 5: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) capget(&(0x7f0000000040)={0x19980330}, 0x0) [ 463.149982] audit: type=1400 audit(2000000249.519:2072): avc: denied { map } for pid=17795 comm="modprobe" path="/bin/kmod" dev="sda1" ino=1440 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=0 [ 463.219043] audit: type=1400 audit(2000000249.529:2073): avc: denied { map } for pid=17800 comm="modprobe" path="/bin/kmod" dev="sda1" ino=1440 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=0 [ 463.268905] audit: type=1400 audit(2000000249.649:2074): avc: denied { map } for pid=17805 comm="blkid" path="/sbin/blkid" dev="sda1" ino=16128 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=0 [ 463.292208] audit: type=1400 audit(2000000249.649:2075): avc: denied { map } for pid=17807 comm="blkid" path="/sbin/blkid" dev="sda1" ino=16128 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=0 [ 463.343042] audit: type=1400 audit(2000000249.739:2076): avc: denied { map } for pid=17809 comm="blkid" path="/sbin/blkid" dev="sda1" ino=16128 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=0 [ 463.366586] audit: type=1400 audit(2000000249.759:2077): avc: denied { map } for pid=17810 comm="blkid" path="/sbin/blkid" dev="sda1" ino=16128 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=0 [ 463.397676] audit: type=1400 audit(2000000249.789:2078): avc: denied { map } for pid=17811 comm="blkid" path="/sbin/blkid" dev="sda1" ino=16128 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=0 [ 463.715343] audit: type=1400 audit(2000000250.109:2079): avc: denied { map } for pid=17812 comm="blkid" path="/sbin/blkid" dev="sda1" ino=16128 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=0 03:37:32 executing program 2: socketpair$unix(0x1, 0x0, 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="2001000010db55000000000000649bdb382db60cdb35feaf0900000000000000000000000000201483d9b22701010000d08a38cd02fa9ed7d2"], 0x1}}, 0x0) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x38) ptrace$cont(0x18, 0x0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r0, 0x0, 0x0) 03:37:32 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000ac0)='/dev/ptmx\x00', 0x41, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000600)) r1 = syz_open_pts(r0, 0x0) write$binfmt_aout(r0, &(0x7f0000000240)=ANY=[], 0x35b) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000040)={0x17}) 03:37:32 executing program 5: prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f00000001c0)={0x1, &(0x7f0000000240)=[{0x6, 0x0, 0x0, 0x50000}]}) r0 = memfd_create(0x0, 0x0) getsockopt$inet6_tcp_buf(r0, 0x6, 0x0, 0x0, 0x0) 03:37:32 executing program 3: r0 = socket$inet6_sctp(0xa, 0x1, 0x84) sendto$inet6(r0, &(0x7f0000000000)='I', 0x1, 0x0, &(0x7f00000001c0)={0xa, 0x0, 0x0, @local, 0x3}, 0x1c) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x400001000008912, &(0x7f0000000140)="11dca50d5e0bcfe47bf070") listen(r0, 0x2003) 03:37:32 executing program 4 (fault-call:1 fault-nth:16): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f0000000380)="8da4363ac0ed0000000000000000004d01000000000000000000000000000013fff6f2a2299748aeb81e1b00920efd9a000001000000000001000000000000005f42485266535f4d860c1317278d451fd38e4071a1e91c0523b67fecca5b668ef40000000000000000e4bd9fa7c5fcb3aefd8d4a6c4952162a5a06316567de06abe647d21f253840c118ae9982c6c238e719ccfbd8f5ee215e30bf31f59401e921c6a9fca5349ebf4294d39b5931232929caf81701a7540962141efc672ae1459ef04de89c7a092e7f", 0xc9, 0x10000}], 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) 03:37:32 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") r1 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x8046) write(r1, &(0x7f0000000100)="b63db85e1e8d020000000000003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1acfbd6cbf87798a9b02de7a91a3cbdfa009cf75a7eadb", 0x46) readv(r1, &(0x7f000085dff0)=[{&(0x7f0000000000)=""/62, 0x3e}], 0x1) [ 465.959336] sg_write: data in/out 167162/22 bytes for SCSI command 0xff-- guessing data in; [ 465.959336] program syz-executor.1 not setting count and/or reply_len properly [ 465.963225] FAULT_INJECTION: forcing a failure. [ 465.963225] name failslab, interval 1, probability 0, space 0, times 0 [ 466.016011] CPU: 1 PID: 17822 Comm: syz-executor.4 Not tainted 4.14.134 #30 [ 466.023449] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 466.032815] Call Trace: [ 466.035416] dump_stack+0x138/0x19c [ 466.039059] should_fail.cold+0x10f/0x159 [ 466.043227] should_failslab+0xdb/0x130 [ 466.047224] kmem_cache_alloc+0x2d7/0x780 [ 466.051380] ? wait_for_completion+0x420/0x420 [ 466.055978] __kernfs_new_node+0x70/0x420 [ 466.060142] kernfs_new_node+0x80/0xf0 [ 466.064043] __kernfs_create_file+0x46/0x323 [ 466.068464] sysfs_add_file_mode_ns+0x1e4/0x450 [ 466.073150] internal_create_group+0x232/0x7b0 [ 466.077748] sysfs_create_group+0x20/0x30 [ 466.081906] lo_ioctl+0x1176/0x1ce0 [ 466.085542] ? loop_probe+0x160/0x160 [ 466.089351] blkdev_ioctl+0x96b/0x1860 [ 466.093242] ? blkpg_ioctl+0x980/0x980 [ 466.097139] ? __might_sleep+0x93/0xb0 [ 466.101030] ? __fget+0x210/0x370 [ 466.104491] block_ioctl+0xde/0x120 [ 466.108141] ? blkdev_fallocate+0x3b0/0x3b0 [ 466.112472] do_vfs_ioctl+0x7ae/0x1060 03:37:32 executing program 5: r0 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/net/pfkey\x00', 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @local}}}, 0x80, 0x0}}], 0x1, 0x0, 0x0) socket$inet(0x2, 0x0, 0x0) preadv(0xffffffffffffffff, 0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(r0, &(0x7f0000000300)=[{&(0x7f0000000340)=""/47}, {&(0x7f00000001c0)=""/190}, {&(0x7f0000000280)=""/81}], 0x3ee, 0x0) 03:37:32 executing program 5: r0 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet6(0xa, 0x400000000001, 0x0) close(r1) r2 = socket$inet6_sctp(0xa, 0x801, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r2, 0x84, 0x64, &(0x7f0000cf6fe4)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c) connect$inet6(r2, &(0x7f0000000080)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) setsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r1, 0x84, 0xa, &(0x7f00000000c0)={0x0, 0x40009, 0x0, 0xffffffff, 0x2000000000000, 0x6, 0x0, 0x412f}, 0x20) r3 = dup2(r0, r0) getsockopt$inet6_IPV6_IPSEC_POLICY(r2, 0x29, 0x22, &(0x7f0000000300)={{{@in, @in, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6}, 0x0, @in6=@mcast2}}, &(0x7f0000000400)=0xe8) r5 = getgid() fstat(r1, &(0x7f0000000600)={0x0, 0x0, 0x0, 0x0, 0x0}) mount$fuseblk(&(0x7f0000000140)='/dev/loop0\x00', &(0x7f0000000280)='./bus\x00', &(0x7f00000002c0)='fuseblk\x00', 0x8, &(0x7f0000000680)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r3, @ANYBLOB=',rootmode=00000000000000000170000,user_id=', @ANYRESDEC=r4, @ANYBLOB="2ccb7e01814982e77648ce7824be07f7cb678670", @ANYRESDEC=r5, @ANYBLOB=',allow_other,allow_other,max_read=0x0000000000000005,default_permissions,allow_other,dont_appraise,appraise_type=imasig,uid=', @ANYRESDEC=r6, @ANYBLOB=',\x00']) timerfd_create(0x1, 0x80800) ioctl$sock_SIOCGIFBR(r1, 0x8940, &(0x7f0000000100)=@add_del={0x2, &(0x7f0000000000)='lapb0\x00'}) r7 = open(&(0x7f0000000080)='./bus\x00', 0x141042, 0x0) ftruncate(r7, 0x200004) getsockopt$ARPT_SO_GET_INFO(r7, 0x0, 0x60, &(0x7f0000000200)={'filter\x00'}, &(0x7f0000000040)=0x44) sendfile(r1, r7, 0x0, 0x80001d00c0d0) 03:37:32 executing program 0: r0 = getpgrp(0x0) r1 = gettid() r2 = syz_open_dev$cec(&(0x7f0000000140)='/dev/cec#\x00', 0x1, 0x2) r3 = syz_genetlink_get_family_id$tipc(&(0x7f00000001c0)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_WINDOW(r2, &(0x7f0000000340)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000200)={&(0x7f00000002c0)={0x68, r3, 0x8, 0x70bd2b, 0x25dfdbfc, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0x3ff, @link='syz1\x00'}}}, ["", ""]}, 0x68}, 0x1, 0x0, 0x0, 0x4004000}, 0x20004001) rt_sigprocmask(0x0, &(0x7f0000032ff8)={0xfffffffffffffff8}, 0x0, 0x8) rt_tgsigqueueinfo(r0, r1, 0xb, &(0x7f0000000000)={0x0, 0x0, 0x3}) rt_sigtimedwait(&(0x7f0000a72000)={0x563}, &(0x7f0000000080), 0x0, 0x8) r4 = syz_open_dev$audion(&(0x7f0000000100)='/dev/audio#\x00', 0xdc, 0x8001) ioctl$VIDIOC_DQBUF(r4, 0xc0585611, &(0x7f0000000240)={0x7b, 0x7, 0x4, 0x1, {0x0, 0x7530}, {0x800000000000005, 0x8, 0xe60c, 0x4329, 0x401, 0xfbe, "6c873a19"}, 0x3, 0x4, @offset=0x95d, 0x4}) [ 466.116364] ? selinux_file_mprotect+0x5d0/0x5d0 [ 466.121119] ? lock_downgrade+0x6e0/0x6e0 [ 466.125267] ? ioctl_preallocate+0x1c0/0x1c0 [ 466.129681] ? __fget+0x237/0x370 [ 466.133144] ? security_file_ioctl+0x89/0xb0 [ 466.137560] SyS_ioctl+0x8f/0xc0 [ 466.140923] ? do_vfs_ioctl+0x1060/0x1060 [ 466.140938] do_syscall_64+0x1e8/0x640 [ 466.140949] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 466.140967] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 466.140976] RIP: 0033:0x459697 03:37:32 executing program 0: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000000000)={0x4, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)={0x2, 0x3, 0x0, 0x0, 0xc, 0x0, 0x0, 0x0, [@sadb_x_sa2={0x2, 0x8}, @sadb_address={0x3, 0x6, 0x0, 0x0, 0x10000e0, @in={0x2, 0x0, @multicast1}}, @sadb_sa={0x2}, @sadb_address={0x3, 0x5, 0x0, 0x0, 0x0, @in={0x2, 0x0, @multicast1}}]}, 0x60}, 0x1, 0x2000000000000000}, 0x0) r1 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/avc/cache_stats\x00', 0x0, 0x0) setsockopt$inet_sctp_SCTP_ADAPTATION_LAYER(r1, 0x84, 0x7, &(0x7f0000000140), 0x4) [ 466.140981] RSP: 002b:00007f4eb8d06a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 466.140992] RAX: ffffffffffffffda RBX: 0000000020000228 RCX: 0000000000459697 [ 466.140998] RDX: 0000000000000006 RSI: 0000000000004c00 RDI: 0000000000000007 [ 466.141003] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 466.141009] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000006 [ 466.141015] R13: 00000000004c88e2 R14: 00000000004df6b0 R15: 0000000000000005 03:37:32 executing program 0: r0 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x365f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) setxattr$trusted_overlay_nlink(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='trusted.overlay.nlink\x00', &(0x7f00000000c0)={'U+', 0x5bb}, 0x28, 0x0) splice(r0, &(0x7f0000000100), r0, &(0x7f00000004c0), 0x5, 0x4) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000001200)=""/148, 0x94}], 0x100000c7, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, &(0x7f0000000500)) r1 = syz_open_procfs(0x0, &(0x7f0000000140)='attr/current\x00') ioctl$sock_inet_SIOCDELRT(r1, 0x890c, &(0x7f0000000540)={0x0, {0x2, 0x4e22, @multicast2}, {0x2, 0x4e22, @broadcast}, {0x2, 0x4e22, @loopback}, 0x2, 0x0, 0x0, 0x0, 0xe8, &(0x7f0000000000)='ip6gretap0\x00', 0x7, 0x1f, 0x7fffffff}) preadv(r1, &(0x7f0000000380)=[{&(0x7f00000003c0)=""/255}, {&(0x7f0000000200)=""/81}, {&(0x7f0000000280)=""/125}, {&(0x7f0000000300)=""/65}], 0x1000000000000146, 0x0) 03:37:32 executing program 4 (fault-call:1 fault-nth:17): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f0000000380)="8da4363ac0ed0000000000000000004d01000000000000000000000000000013fff6f2a2299748aeb81e1b00920efd9a000001000000000001000000000000005f42485266535f4d860c1317278d451fd38e4071a1e91c0523b67fecca5b668ef40000000000000000e4bd9fa7c5fcb3aefd8d4a6c4952162a5a06316567de06abe647d21f253840c118ae9982c6c238e719ccfbd8f5ee215e30bf31f59401e921c6a9fca5349ebf4294d39b5931232929caf81701a7540962141efc672ae1459ef04de89c7a092e7f", 0xc9, 0x10000}], 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) [ 466.320106] net_ratelimit: 17 callbacks suppressed [ 466.320111] protocol 88fb is buggy, dev hsr_slave_0 [ 466.320149] protocol 88fb is buggy, dev hsr_slave_1 [ 466.325231] protocol 88fb is buggy, dev hsr_slave_1 [ 466.395285] FAULT_INJECTION: forcing a failure. [ 466.395285] name failslab, interval 1, probability 0, space 0, times 0 [ 466.400987] protocol 88fb is buggy, dev hsr_slave_0 [ 466.412163] protocol 88fb is buggy, dev hsr_slave_1 [ 466.415216] CPU: 0 PID: 17858 Comm: syz-executor.4 Not tainted 4.14.134 #30 [ 466.424340] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 466.424345] Call Trace: [ 466.424361] dump_stack+0x138/0x19c [ 466.424378] should_fail.cold+0x10f/0x159 [ 466.424394] should_failslab+0xdb/0x130 [ 466.424406] kmem_cache_alloc+0x2d7/0x780 [ 466.424417] ? wait_for_completion+0x420/0x420 [ 466.424435] __kernfs_new_node+0x70/0x420 [ 466.424449] kernfs_new_node+0x80/0xf0 [ 466.424463] __kernfs_create_file+0x46/0x323 [ 466.469225] sysfs_add_file_mode_ns+0x1e4/0x450 [ 466.473895] internal_create_group+0x232/0x7b0 [ 466.478477] sysfs_create_group+0x20/0x30 [ 466.482619] lo_ioctl+0x1176/0x1ce0 [ 466.486242] ? loop_probe+0x160/0x160 [ 466.490043] blkdev_ioctl+0x96b/0x1860 [ 466.493924] ? blkpg_ioctl+0x980/0x980 [ 466.497813] ? __might_sleep+0x93/0xb0 [ 466.501696] ? __fget+0x210/0x370 [ 466.505152] block_ioctl+0xde/0x120 [ 466.508772] ? blkdev_fallocate+0x3b0/0x3b0 [ 466.513087] do_vfs_ioctl+0x7ae/0x1060 [ 466.517055] ? selinux_file_mprotect+0x5d0/0x5d0 [ 466.521802] ? lock_downgrade+0x6e0/0x6e0 [ 466.525965] ? ioctl_preallocate+0x1c0/0x1c0 [ 466.530366] ? __fget+0x237/0x370 [ 466.533827] ? security_file_ioctl+0x89/0xb0 [ 466.538232] SyS_ioctl+0x8f/0xc0 [ 466.541592] ? do_vfs_ioctl+0x1060/0x1060 [ 466.545737] do_syscall_64+0x1e8/0x640 [ 466.549615] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 466.554454] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 466.559631] RIP: 0033:0x459697 [ 466.562811] RSP: 002b:00007f4eb8d06a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 466.570512] RAX: ffffffffffffffda RBX: 0000000020000228 RCX: 0000000000459697 [ 466.577855] RDX: 0000000000000006 RSI: 0000000000004c00 RDI: 0000000000000007 [ 466.585116] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 466.592392] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000006 [ 466.599739] R13: 00000000004c88e2 R14: 00000000004df6b0 R15: 0000000000000005 [ 466.720145] protocol 88fb is buggy, dev hsr_slave_1 [ 466.960148] protocol 88fb is buggy, dev hsr_slave_0 [ 466.965281] protocol 88fb is buggy, dev hsr_slave_1 [ 468.400128] protocol 88fb is buggy, dev hsr_slave_0 [ 468.400131] protocol 88fb is buggy, dev hsr_slave_0 03:37:35 executing program 2: socketpair$unix(0x1, 0x0, 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="2001000010db55000000000000649bdb382db60cdb35feaf0900000000000000000000000000201483d9b22701010000d08a38cd02fa9ed7d2"], 0x1}}, 0x0) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x38) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xffffffffffffffff, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r0, 0x0, 0x0) 03:37:35 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000080)='/dev/hwrng\x00', 0x103000, 0x0) ioctl$BLKSECTGET(r1, 0x1267, &(0x7f00000000c0)) r2 = socket$packet(0x11, 0x3, 0x300) write$FUSE_INIT(r1, &(0x7f0000000100)={0x50, 0xffffffffffffffda, 0x5, {0x7, 0x1f, 0x100000001, 0xa8000, 0x7fffffff, 0x80000000, 0x200, 0x243e}}, 0x50) setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000fbe000)={0x2, &(0x7f0000000000)=[{0x2c}, {0x80000006}]}, 0x10) getsockopt$inet_sctp6_SCTP_PR_STREAM_STATUS(r1, 0x84, 0x74, &(0x7f0000000180)=""/4, &(0x7f00000001c0)=0x4) 03:37:35 executing program 5: r0 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0x14, 0x1a200) clock_gettime(0x0, &(0x7f0000000080)) write$P9_RREMOVE(r0, &(0x7f00000000c0)={0x7, 0x7b, 0x1}, 0x7) ioctl$SNDRV_RAWMIDI_IOCTL_STATUS(r0, 0xc0245720, &(0x7f00000003c0)={0x1, {0x0, 0x1c9c380}, 0x8}) perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x200}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = socket$inet(0x2, 0x6000000000000001, 0x0) r2 = openat$autofs(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/autofs\x00', 0x8000000000000002, 0x0) ioctl$UFFDIO_WAKE(r2, 0x8010aa02, &(0x7f0000000040)={&(0x7f0000ffd000/0x2000)=nil, 0x2000}) getsockopt$EBT_SO_GET_ENTRIES(r1, 0x0, 0x81, &(0x7f00000001c0)={'nat\x00\x00\x00\x00\x00\x00\x00\x00\xb9\xd9\xd3q\xa1h\x00', 0x0, 0x0, 0x28d, [], 0x0, 0x0, &(0x7f0000000100)=""/5}, &(0x7f00000002c0)=0x78) r3 = getpgid(0xffffffffffffffff) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_user\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x800000000000000, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000600)}}, r3, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r5 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IP_VS_SO_SET_STOPDAEMON(r5, 0x0, 0x48c, &(0x7f0000000080)={0x0, 'bond0\x00', 0x80000000000002}, 0x18) ioctl(r5, 0x800000000008982, &(0x7f0000000080)) openat$ppp(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ppp\x00', 0x0, 0x0) write$FUSE_NOTIFY_DELETE(r4, &(0x7f00000009c0)=ANY=[@ANYBLOB="2900000006000f0000000500004000000400000000000000000000000069127f0f1f4cb25800000000001021b0c9d86ea050325f77727e71405b57a5ecf7ae7b1562bff4c99eef50960ade32c473684a8645e6b024020f322903f5bad83ae70100b4c5f4e09e154fb199422ba5fbe2f6b026e54b8ee2a5a9d0c7afe27cbf6ad872554c11f2d718a163a44b44a701c9d350cfcc68c9b06cfb20478fd4dcdc7e27c00ce89799d4bd6ee9fe8b34ad5117fe175bd2879a6f813f09bae8ded663b62f0b058f8e040000000000003ab523a088facf09cfb6555cce7f3aa2135721aa795e7927a0e2caa0a0ef5947901cdd183f958014ac2a6521e785449a7b0949f4d086c1470c1f00000000000000ac20c97996c45194ca3172b5c1a171b3e59d16b5e8a7c684635c7588d96ee383f7ff6bcacfb9cae2c4eeefc399b4ae69000100000000000000e0a965185611000000000000"], 0x150) mount(&(0x7f00000007c0)=ANY=[@ANYBLOB="cb2b9b5055175d43fca389e340fe96132329a39f9214ef505217695a040000007ee9df5f70f2c901b0443d5bc274a1f1576385a885b764dc4bab000000000000f32605fbb40acfad0fe7c80493e49ba14620b9ce91fe2210273cba5c743c43d01bf6c0523b7c01d8f6d05182c3c4fa95a918e64e76ecdbf643831e56a1a2b6a7ddf33a0993c1e6a73725783b1f37b0d9a9e25b4c86556de5dcfe4db16e4519c447476c04a7ac02a3fefc3f947e07d5f9e8b59e98f5db6b95b47d65af66aa458cdef6248ddbc74add2b9408f0bc4ef800696716d69ff7110e40ebba7dac3c8a44dda4c0d4e6457c1930ef1f0e89a4e4f5b6d9451d5b82a6171ca1ae9bb05485fb7d43b539a755d7eb2b4f2880b9aa841ba7f59cd7478458f18159bbba0958c11985bb380e3f2ef9ea900e66e4d204134f75e7bdc5cad74dd34eb0c1d7676eb42f99f56f651a21ce264d6900d9caf430bc0204da8037a13c6805d70932fa57ddf1b09034e2f00ed4bac45fc683e64150f270d358dfa777baddbc8e9cd5e825065cb285c008c904ce6012cd14d5853650fc8d4b6785de9307406e87b3672910e081b148e0aa89f0648cc82398e82d2d5c8bd5882d0eb815719b900167a2cece2682d920f3"], 0x0, 0x0, 0x8000000000000002, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9f5, 0x0, 0xffff, 0x100000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100}, 0x0, 0xbfffffffffffffff, 0xffffffffffffffff, 0x0) syz_open_dev$loop(&(0x7f0000000540)='/dev/loop#\x00', 0xfffffffffffffffc, 0x0) getsockopt$inet_sctp6_SCTP_PEER_AUTH_CHUNKS(r4, 0x84, 0x1a, &(0x7f0000000880)=ANY=[], 0x0) r6 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r6, &(0x7f0000004fc8)={&(0x7f0000016000), 0xc, &(0x7f000000b000)={&(0x7f000002c000)=@mpls_newroute={0x20, 0x18, 0x21, 0x0, 0x0, {0x1c, 0x14, 0x0, 0x0, 0xfe, 0x0, 0x0, 0x1}, [@RTA_DST={0x4, 0x9}]}, 0x20}}, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x401, 0x40000000000004}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$inet6(0xa, 0x3, 0x20000000021) setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6) r7 = socket(0x11, 0x80002, 0x0) setsockopt$packet_int(r7, 0x107, 0x7, &(0x7f0000000000)=0x2, 0x4) bind$packet(r7, &(0x7f0000000480)={0x11, 0x3, 0x0, 0x1, 0x0, 0x6, @local}, 0x14) setsockopt(r7, 0x107, 0x5, &(0x7f0000001000), 0xc5) 03:37:35 executing program 4 (fault-call:1 fault-nth:18): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f0000000380)="8da4363ac0ed0000000000000000004d01000000000000000000000000000013fff6f2a2299748aeb81e1b00920efd9a000001000000000001000000000000005f42485266535f4d860c1317278d451fd38e4071a1e91c0523b67fecca5b668ef40000000000000000e4bd9fa7c5fcb3aefd8d4a6c4952162a5a06316567de06abe647d21f253840c118ae9982c6c238e719ccfbd8f5ee215e30bf31f59401e921c6a9fca5349ebf4294d39b5931232929caf81701a7540962141efc672ae1459ef04de89c7a092e7f", 0xc9, 0x10000}], 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) 03:37:35 executing program 3: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000000)='/dev/fuse\x00', 0x2, 0x0) ioctl(0xffffffffffffffff, 0x0, &(0x7f00000001c0)) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000100)={0xffffffffffffffff}) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000780)={'gre0\x00', 0x3}) preadv(r1, 0x0, 0xb6, 0xfffffffffffffffc) ioctl$RTC_EPOCH_SET(0xffffffffffffffff, 0x4008700e, 0x9) r2 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000180)='/dev/snapshot\x00', 0x400, 0x0) socket$can_raw(0x1d, 0x3, 0x1) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, &(0x7f00000001c0)) sched_setattr(0x0, &(0x7f0000000600)={0x30, 0x0, 0x0, 0x7fff, 0x1, 0x0, 0x6, 0x7b0}, 0x0) sched_setattr(0x0, &(0x7f00000006c0)={0x0, 0x6, 0x0, 0x0, 0x0, 0x9917, 0xffff}, 0x0) iopl(0x0) preadv(0xffffffffffffffff, &(0x7f0000000480)=[{&(0x7f0000000300)=""/158, 0x9e}], 0x1, 0x0) ioctl$sock_inet_SIOCSARP(r2, 0x8955, &(0x7f0000000200)={{0x2, 0x4e22, @rand_addr=0x7}, {0x1, @broadcast}, 0x2, {0x2, 0x4e23, @multicast2}, 'bridge0\x00'}) unshare(0x40000000) ioctl$DRM_IOCTL_SET_MASTER(r0, 0x641e) getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(r2, 0x84, 0xf, &(0x7f00000003c0)={0x0, @in6={{0xa, 0x4e24, 0x0, @ipv4={[], [], @multicast2}, 0x3}}, 0x9, 0x7f3f, 0x0, 0x0, 0x883b}, &(0x7f0000000080)=0x98) setsockopt$inet_sctp_SCTP_SET_PEER_PRIMARY_ADDR(r2, 0x84, 0x5, &(0x7f00000004c0)={r3, @in={{0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x28}}}}, 0x84) 03:37:35 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") r1 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x8046) write(r1, &(0x7f0000000100)="b63db85e1e8d020000000000003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1acfbd6cbf87798a9b02de7a91a3cbdfa009cf75a7eadb", 0x46) readv(r1, &(0x7f000085dff0)=[{&(0x7f0000000000)=""/62, 0x3e}], 0x1) [ 468.988937] kauditd_printk_skb: 17 callbacks suppressed [ 468.988945] audit: type=1400 audit(2000000255.379:2097): avc: denied { map } for pid=17873 comm="blkid" path="/sbin/blkid" dev="sda1" ino=16128 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=0 [ 469.022787] sg_write: data in/out 167162/22 bytes for SCSI command 0xff-- guessing data in; [ 469.022787] program syz-executor.1 not setting count and/or reply_len properly 03:37:35 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000000)) lsetxattr$trusted_overlay_opaque(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='trusted.overlay.opaque\x00', &(0x7f00000000c0)='y\x00', 0x2, 0x3) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000140)=0x11) ioctl$TCSETSW(r1, 0x5403, &(0x7f0000000100)) [ 469.050760] FAULT_INJECTION: forcing a failure. [ 469.050760] name failslab, interval 1, probability 0, space 0, times 0 [ 469.109654] CPU: 0 PID: 17879 Comm: syz-executor.4 Not tainted 4.14.134 #30 [ 469.116810] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 469.126276] Call Trace: [ 469.128887] dump_stack+0x138/0x19c [ 469.132531] should_fail.cold+0x10f/0x159 [ 469.136691] should_failslab+0xdb/0x130 [ 469.140738] kmem_cache_alloc+0x2d7/0x780 [ 469.144904] ? wait_for_completion+0x420/0x420 [ 469.149520] __kernfs_new_node+0x70/0x420 [ 469.153677] kernfs_new_node+0x80/0xf0 [ 469.153693] __kernfs_create_file+0x46/0x323 [ 469.153706] sysfs_add_file_mode_ns+0x1e4/0x450 [ 469.153729] internal_create_group+0x232/0x7b0 [ 469.153746] sysfs_create_group+0x20/0x30 [ 469.153757] lo_ioctl+0x1176/0x1ce0 [ 469.153770] ? loop_probe+0x160/0x160 [ 469.153781] blkdev_ioctl+0x96b/0x1860 [ 469.153789] ? blkpg_ioctl+0x980/0x980 [ 469.153804] ? __might_sleep+0x93/0xb0 [ 469.153818] ? __fget+0x210/0x370 [ 469.153832] block_ioctl+0xde/0x120 [ 469.153841] ? blkdev_fallocate+0x3b0/0x3b0 [ 469.162360] do_vfs_ioctl+0x7ae/0x1060 [ 469.162373] ? selinux_file_mprotect+0x5d0/0x5d0 [ 469.162384] ? lock_downgrade+0x6e0/0x6e0 [ 469.162394] ? ioctl_preallocate+0x1c0/0x1c0 [ 469.162407] ? __fget+0x237/0x370 [ 469.162425] ? security_file_ioctl+0x89/0xb0 [ 469.162438] SyS_ioctl+0x8f/0xc0 [ 469.162448] ? do_vfs_ioctl+0x1060/0x1060 [ 469.162462] do_syscall_64+0x1e8/0x640 [ 469.162471] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 469.162488] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 469.162499] RIP: 0033:0x459697 [ 469.176002] RSP: 002b:00007f4eb8d06a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 469.176014] RAX: ffffffffffffffda RBX: 0000000020000228 RCX: 0000000000459697 [ 469.176021] RDX: 0000000000000006 RSI: 0000000000004c00 RDI: 0000000000000007 [ 469.176027] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 469.176033] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000006 [ 469.176040] R13: 00000000004c88e2 R14: 00000000004df6b0 R15: 0000000000000005 [ 469.186947] audit: type=1400 audit(2000000255.489:2098): avc: denied { map } for pid=17886 comm="blkid" path="/sbin/blkid" dev="sda1" ino=16128 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=0 [ 469.221176] audit: type=1400 audit(2000000255.619:2099): avc: denied { map } for pid=17892 comm="net.agent" path="/bin/dash" dev="sda1" ino=1473 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=0 [ 469.274063] audit: type=1400 audit(2000000255.669:2100): avc: denied { map } for pid=17893 comm="blkid" path="/sbin/blkid" dev="sda1" ino=16128 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=0 [ 469.348407] IPVS: ftp: loaded support on port[0] = 21 03:37:35 executing program 4 (fault-call:1 fault-nth:19): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f0000000380)="8da4363ac0ed0000000000000000004d01000000000000000000000000000013fff6f2a2299748aeb81e1b00920efd9a000001000000000001000000000000005f42485266535f4d860c1317278d451fd38e4071a1e91c0523b67fecca5b668ef40000000000000000e4bd9fa7c5fcb3aefd8d4a6c4952162a5a06316567de06abe647d21f253840c118ae9982c6c238e719ccfbd8f5ee215e30bf31f59401e921c6a9fca5349ebf4294d39b5931232929caf81701a7540962141efc672ae1459ef04de89c7a092e7f", 0xc9, 0x10000}], 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) [ 469.401790] audit: type=1400 audit(2000000255.799:2101): avc: denied { map } for pid=17894 comm="net.agent" path="/bin/dash" dev="sda1" ino=1473 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=0 03:37:35 executing program 5: r0 = socket$inet6(0xa, 0x8000000000001, 0x8010000000000084) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @empty}, 0x1c) setsockopt$inet6_opts(r0, 0x29, 0x36, &(0x7f0000000300)=@dstopts, 0x8) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r0, 0x84, 0x72, &(0x7f0000000240)={0x0, 0xfffffffffffffffd, 0x30}, 0xc) socket$can_bcm(0x1d, 0x2, 0x2) connect$inet6(r0, &(0x7f0000000200)={0xa, 0x4e21, 0x0, @loopback}, 0x1c) write$binfmt_script(r0, &(0x7f0000000380)=ANY=[@ANYBLOB="2321212c2ae6696c65300a50c250a99b82b41b03f678dbc091a981bc54bae2a33064fc3a0e73a98fc9cec239b216659b6f2723ead944f1de854e3cb06d82edf2833453abc3120c16101a1ec474658a7c5b2adb95f19ce463f89e200e02c00338b32a2db96cda61a8ff29129b5f3db1d5ff67e97042bc6786132cc72627dada98264e03cb56fbfcb80862dcd43f859166ceb7fde6471fbd8fa0ce3e21bcc5ff323164025160f1946b4d485827f002fc4158d165b32a2e1a846548389e26fe1a735081d33edac8a3bcb246ec42666c0dee50e95250351dafec02c1683b924b947919449facd745d58ff1f26628832a66f1e7d8e2aa3694fdb07af40e79b2df4312be41faaea633e7b1115fc5"], 0x10094) write$binfmt_script(r0, &(0x7f0000000100)={'#! ', './file0'}, 0xb) write(r0, &(0x7f0000000340)="d0", 0x1) write$binfmt_script(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="16"], 0x1) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r0, 0x84, 0x72, &(0x7f00000002c0), 0xc) write$binfmt_script(r0, &(0x7f0000000000)=ANY=[@ANYBLOB], 0x1a000) 03:37:35 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) sendmsg(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)=@nfc={0x103}, 0x80, 0x0}, 0x0) r1 = openat$audio(0xffffffffffffff9c, &(0x7f0000000100)='/dev/audio\x00', 0x20000, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_NAMED_QUEUE(r1, 0xc08c5336, &(0x7f00000001c0)={0x302, 0x5, 0x800, 'queue1\x00', 0x8}) setsockopt$inet6_dccp_buf(r1, 0x21, 0xc0, &(0x7f0000000280)="8598083287d0831c8772038a1c6b5acf0ae7db7739c6ef3f8b6bc94350474dcaee8feca3f37bff8d795bbcece7b47e3049c578bd971eec6eb31668a97deb5f0dead91964baf5a9aab1957aaa3c1c83bbf885a05b520d599e7013023b68d8ffd5d20cbdf44087be92b65e1650c0e99f329f282b1e4108bbc05bfe68056cbc7a06f370962073a005cf9c9f30ae1cfc096f4c9e885bbd5530fe4467b7540c6b0cae9bbe9f8903f3af3b37a3f2ade4a0c1fb94c7c4da071d75d83e3c9ef3c7ce3aa9fcdbc96f5c2c55cbb503452e9da328d093822acc7216b4d2cae24eca49131011ff512bd07e3de0a888c7567a15ac234992ea5774eba3ffdff14cba96fe45d08ad409ef0251b8d4fdd87fdf21df06eaaacd2637d5db98c89d12ffe91905f660f59a2438b64729862d228317376018189f95dc770ffd8eb98d2347920505cb3f159508881715194953e5425aa492cd4cb41e8d600eca4ef63c1853d3b106a2b9e045d0ba0a73a1a0adec958ee3c71639838f19afe2da53c343b6c3f9860344d0dbf9d454c32ab63c1a6e1ce8df31b228967a2c4509e13d04b1b47a1436517bdd7ee4e9ac911b52dfbc50122c08b806c0bd3c40c953b4588e8c8ac40fc58faab8af0d07bcaaed438db0a8536b8bb961096dd626ff343bd03132fe7bd5e0d5e686603a156445d505a19bb9df79e2044da43f0023cb38ad393273a8fb7e17e31e300494d805dee4100bdca23a97ac015cf90d743a0bc7d17c99ba3b57255b4eff8c0050dc5b6133f2e272601e584eaf63f17ec87dd603f7a438f981db0a2635bfc685c95fde3012827714bec8442022f12a9339fd9c2a88a4533e7739685a6905cfd24c26c0e7df4e6b7eaf1cddef1d6071c4c72048f4d162e02c19b5d8df2b14e128137bbca35edae03c9e73afe13b81741aa17192ece21724ef30d6c565cb90bf1370939000ff8ae8b6462e255053d436d6048444ff9f75f04fd0534d94e1b8db93c9f9340ada73eb44eaa014cfae2fdd57d73826feb3a804e8ae1059d7483468fcdd6d4773d4409fcdd12e29f1ddde56d2ffc370219a0503e5037134864d11fc3ffe9fadcf2c5d7569179aa862b8a419c4cb59b30dfc59e84918412e5f7b3c05f6e83daa67f427474ebe8186c3fe77cf1f827ba8ce77e8c5ac54aee9a262c074f0cff34d5441d74cc1c1d7551fd25809587020d3c9d411616961795e4266f37cff9c28ffede25ca12bbd565a476053b09df884fc9b80a7eb7d7d9835e3e67d560ce800d7901e588f03b031ed39f743b376048b8bb931176704833178b5ad7a970a222988a8052c6a0a318a7b58331844dda0d0a25b4ff5c7000a1adf2bf30db47ca7be8fb7a04023dde55f3714ab1a3c6bac79dc0f5d9db7a108e42717137f0ad62c2cfc51b5efc3720596f08a8970cae229237628b1d9f15447e5657b6cba5d3bbcac548c7479c253f7307aec8c0dce387fc7f26227bae9ff2e265f380d715427cc8803a050890a909d84cce7c084a9dc1de772e538255945c993615ba985d80934e7c07dd418847f8bce91edef070074149b2cfb8e734af4bc3fef393d035d9d3175ffb7dadfee04a4f826609e6000f039a8f0d16a7b17dd83e3b1a846ec53017954e52f8e621a4c9cd6e7e546d7fc1e89bf03ce35575111deba5723f9bec97dd6e2bb9d3ca92c25cdc7519ba6d70dd107bf54114c596ae2439ae4e45e03ea910460b882a9ba74761de70afc8b64d27c9df0b2611a816c3c93be3e62298d4350e7681c3be93ed95515b8c56299889aac48be19de68dadff349cafcbb1b49843a76ba2375b2998f38826d36b950a39161bf01acf40165c992a745c55ba568a19832b4d1cdd513ffd3a042f60e67eac82b5ff287b6495471b8a1f65c141b28808749645b4626d8f22a74f3853f3a0058d7cca5095b83d7fe87f0bf55deffec46fe13c16a595803dd618e65a1a8de57c729f6e482fb11c2290745d257a19da456e92ee310e4f8b2cad55e09a6b01f150cd67d21235c17530e6ffb857849a5bac8cc12d61344a5811812e934da2a7c02173a9ea9ac90af9e128d9f2b0ab78f23d6aaf907ad376dee8427389ee145380ea0e21600fc38299538f20e52cbf07ae270bb7c7481d1b9aa851c6d80f736a6dc0447db72224e5350425d878d6d72dd3193bdd6d1661f0ad3e4107dc4232fd36027250b1915736b799a9952619829c60420391f4fb94d352442aef1de597176e2d44d110fc32f6a8cb507b8c75a098e72c1f5585b433da60cc7774f9181e685e50baaaac08c0c20172c3a0fd96ef2fa973b158421317dd4452bf6b86bace1eccd24c6c60623921342030b88ee9daf19327f94b2fa85d3841b53c78b12b91825468073d0a0c9480951f89469c0655036f71f41bd3d9ff7759bd29a3d8c736851a62edc673fd2a2b8f076d451d96d182dd99f48b09d6187709da2b686c58ca8178f131052e9d817b385cb070bea4628328b0f1936fb308b9b44e2d4c8f53712c77600f97a8043b6280bbc63d7c4a3f0f4705ada2a97105ff77f760f25d829144aeb029a7c2ae2b27874b528ab62a98133bdf22c86c39bbf2de0efb7815c5e248e9981bd29d2b1d3cfa161d56d2f4182feb933bbb62d4aac6d44e2cabf7d2af492281e09b3713aac17850011414b4c9d2f09208164ce363ea5af50aea84692be968bf8fb16301633e39ed8d23b7dc6524a8d66577b98d3f9a51316a34e7efc0499e25dde8639b1ce28f6d4f4bde727d441a6cecad72ce7ef20fc7b6c87eeffa0508ecfece6c69923ce7323c35a926a725598a4429ed1982ba596520539f3814b70f502962d339872499aa4e888de67294d6e7842f462cdd0ca7d5a2a11b19a663e3e628d3b595848deaab3dd5a413fddcc8f4313d08ec5e837401ea598b1ef1ff20baaf883d728c0fd090d153b2f90b8372195fba2296150a1fc9ceec68da7e18fd3a0082c82fcc55566d2fd094c4dd806fe54fd32aaa36b7e54bece566466e75f03010f2ed97b9efdb0a169582df0072525e5f5da1a904480fc967ed6657b20fd572f2b9b7942a2b74049a310417059c3b6c5184acf7e4b58254dc9b195ee3d351edb77663ec73e865a1bce6ba9888a775ad7b53aca7657dbef6d23853fcdacba4c50798a633807074d368b46f6e1f9378ba3530d18446e69fa6adb2e077457407a5f6b49c264ab6ea8a2daf3d7a29a7def8ab491b2061d8e9d6130fb41f68c70cde149e2bdabd721c211c4eb7602d05e5d7f1fcbdb50cde4b044f06acdaa9083fb6caa52a3307dd9ae14707e05c91df992545a96e55e985ea0bf93dbc8d8a8484a32e8e57b4114d56c04a8d80db5d96d9fedd6035d0d9709373a9bf3415f144f07f8cf7d7560cb763ab89593fa555a58badd2ca63e38731d73c0c74281413af227c06120bccd08b9362441e07fe6afddf083b5ef36396f82a7f7ca006f65fef34474efebfca34dedb9fbbaf9f218edf768d991a5b1eb35826924da4c959e1ab396648a2774778edddb01af6fd2dcfdb6dbceb448c1a2deb757fcdfd2d9b577853086b984244c270c41cda559f55abfe4a6d1da031dbb09bf844cf159f0dc3c7cdbcd10ee43812e1362911f17221637333e98b976caacccd39d2e99b2eb16525f2d4a66e664fe1f4107739f83d53fff28283e0a7ceaced6132bb34e6300513913fb29818d2f57a8320389477142f12516c18d264bb34b0b922f97155a7374f418cf2c29305ca5ec41bc1495dd321e2ba4921ac95d425e980b94df5046831a486602b36103cfff367c2b89fbf7d33a785c8823638b810c6e045624ebce886176837ef8b038ebfc8ed654a501174d476cfd4742a7998f6721a1ab88511f5fd978f1f978076b214fe9e624d27c083c9cc340998b3fa5b7b9f78a7359d714ebf2da54e507692e8a63591f00fb0c204233782e4b49d189026fa54d590b7e3a48328fddbf1d3819cb5b4164da53b79ae17b5397539108db659b5c1e8086175ee4cfd08483b7231caed1b3190a28758f94e54edd0381577f2ad2671aabe3a1a6f82c7f79879388cce0953c7eb606a625069acf289db0bb34934ce5459433848868cf62f3f80a6fe3f68a6dcda4f3838b5c44d25198eff7048129899c86ad7e6287c3a227113d6c6c8ec0374620045e5610a013dabb5c494662685dd63bbf65c3cf7b82c38e7009decd96e2db09fefdf98462cf157054fc0d468305c511f0984376629774f516c01cfa5add5b5a401b4b74ba3132ce251f46a3946d5da6eb15fe49778feb01fbabfc72bf732eafb43a57fa9ad0cad89bf6a067fae50117cafb7c854126bda23a35cd2c505c5e4814047053362af8b751c3e90501ddab88b49f4c39fc2ee9fbdeb97c53f378382030f5ea3be286ab5338ffe4be8d880a16e9fa4e450c6a7f64bc067ccc52dea9e7503d9600b710254a6297a588ea54c1cba75f97024317abf6ae9efeb5c25f48d7b34ba79ea003a08bb1813a8fc35d0bfc3da66ea2aea3ff9cffd55c03a16a9110253153a287ecca661bb9563b64d463fa6e685ea849b30f043cea789e0a9a61608231a8b5f5924350b4bcbc2ad82911731e58706d787a9e42998558b332c4c2d9a6cdcb62a2072a8ebf74027a9366723aaa869e65bc2134e53028ee46d91099e6a1e2e838c2d4170f64862d09e1c4c9529b83c2b8701e4fc388d3e29cf5d03aa619e249c4f23e6e0049d4c4344df207e69a33644acb272370bfbce439eee7017d05bddce9fc3dc7753b8470364a7deb92f744e1dd15366cb2bd678a4718ac890623093d81be3ab5c9354609eb719f38b4668b86c99095d043837b6200ca4e2e158242411255da6b3dfe89039911e1e0ceef1230776f258758afcd2f0c43dd683371cd3b53f18ca681f47f002e6bbb1675b2cb297f2200745deee89aec78e38a69a1946ff9777251bfc0717dc484502f94e50b997817e88a4ec098b34697a6cd05f6a9b5b43fca138e3a9e06823ccf4a6f5809548e04ca1867fb2c03c2b2da87779901963f7997dc912f768a56a4b04c584b65b264bb856288184254c4ebbdcdc84f94072587868ea3c0961965a2bbe12a3e5c58ab5b663485c066cf1e12a84c4802e5a71f7cfdf6498f066078a74b8ded9303065378e83ec22037f630a9782ca0cc4e3f7caee00f07a95ece842c19c453019f8f7ea87bdcf0fe02725948d0e74db9d7debcf4894c21066c8163de75d7e3b5cf7b3e413fd649f67bddf6124a0110c4da4d12fd1b79bf58938cbd954ef3512ec01247be70f16388704b520c14a367b349cce190484bd6f4947084413aaf31c93896b2102369ff5ebe264024cc28e2e08caa3a7bb8743bcffa2876a4a2a30aac654c63583f66126396a1a8edcee070a1acabdc7bce3033215267689715d4f6e0f7a9e0f3889c197ba71595f10510cf89f31ba7f7ffd61744d46c2cedfd30ec20c0027fa026c9282918494c29649587f70abefbb285f5f3fac3e1628585e3f7cfa04b6440b0e326717d4c3a8940322ed07c3cc92890f7a2494e40d8f573cbc7248f07b09afda398da8bfac45467bfdd364a6382bc167c26c4c237bf4c50b681801e21aae418fa0cdeeaa66f4adff3dca191b8777b09b411cd67b22874fedcf854a5b7624969ce3627e2daa56a1e54165b6c41d081743926a9915cbdf245c90af239135d76608bce5257943ad2704f31730b4aec8c7b60688961583821049a17f41003195f02112309ff076b530dd614d7e8b83df0ffc15a9164c50c630343923cca2ccddcef2c1f1cbb3ee04b217f758a4ff0215344475c8af9", 0x1000) r2 = socket(0x1e, 0x2, 0x0) getsockname$inet(r2, &(0x7f0000000140), &(0x7f0000000180)=0xd) writev(0xffffffffffffffff, &(0x7f0000000080)=[{&(0x7f0000000000), 0x1e6}], 0x1038) sendmmsg(r2, &(0x7f0000000080), 0x1c0, 0x0) [ 469.506964] audit: type=1400 audit(2000000255.899:2102): avc: denied { map } for pid=17897 comm="blkid" path="/sbin/blkid" dev="sda1" ino=16128 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=0 [ 469.550880] audit: type=1400 audit(2000000255.929:2103): avc: denied { map } for pid=17901 comm="blkid" path="/sbin/blkid" dev="sda1" ino=16128 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=0 [ 469.576459] FAULT_INJECTION: forcing a failure. [ 469.576459] name failslab, interval 1, probability 0, space 0, times 0 [ 469.590318] CPU: 0 PID: 17902 Comm: syz-executor.4 Not tainted 4.14.134 #30 [ 469.597432] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 469.606783] Call Trace: [ 469.609369] dump_stack+0x138/0x19c [ 469.612997] should_fail.cold+0x10f/0x159 [ 469.617141] should_failslab+0xdb/0x130 [ 469.621110] kmem_cache_alloc+0x2d7/0x780 [ 469.625249] ? wait_for_completion+0x420/0x420 [ 469.629836] __kernfs_new_node+0x70/0x420 [ 469.633983] kernfs_new_node+0x80/0xf0 [ 469.637864] __kernfs_create_file+0x46/0x323 [ 469.642269] sysfs_add_file_mode_ns+0x1e4/0x450 [ 469.646958] internal_create_group+0x232/0x7b0 [ 469.651544] sysfs_create_group+0x20/0x30 [ 469.655688] lo_ioctl+0x1176/0x1ce0 [ 469.659332] ? loop_probe+0x160/0x160 [ 469.663126] blkdev_ioctl+0x96b/0x1860 [ 469.667006] ? blkpg_ioctl+0x980/0x980 [ 469.670896] ? __might_sleep+0x93/0xb0 [ 469.674795] ? __fget+0x210/0x370 [ 469.678246] block_ioctl+0xde/0x120 [ 469.681871] ? blkdev_fallocate+0x3b0/0x3b0 [ 469.686184] do_vfs_ioctl+0x7ae/0x1060 [ 469.690069] ? selinux_file_mprotect+0x5d0/0x5d0 [ 469.694816] ? lock_downgrade+0x6e0/0x6e0 [ 469.698962] ? ioctl_preallocate+0x1c0/0x1c0 [ 469.703367] ? __fget+0x237/0x370 [ 469.706818] ? security_file_ioctl+0x89/0xb0 [ 469.711219] SyS_ioctl+0x8f/0xc0 [ 469.714580] ? do_vfs_ioctl+0x1060/0x1060 [ 469.718730] do_syscall_64+0x1e8/0x640 [ 469.722609] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 469.727453] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 469.732632] RIP: 0033:0x459697 [ 469.735807] RSP: 002b:00007f4eb8d06a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 469.743511] RAX: ffffffffffffffda RBX: 0000000020000228 RCX: 0000000000459697 03:37:36 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") r1 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x8046) write(r1, &(0x7f0000000100)="b63db85e1e8d020000000000003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1acfbd6cbf87798a9b02de7a91a3cbdfa009cf75a7eadb2a", 0x47) readv(r1, &(0x7f000085dff0)=[{&(0x7f0000000000)=""/62, 0x3e}], 0x1) [ 469.750778] RDX: 0000000000000006 RSI: 0000000000004c00 RDI: 0000000000000007 [ 469.758039] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 469.765319] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000006 [ 469.772583] R13: 00000000004c88e2 R14: 00000000004df6b0 R15: 0000000000000005 03:37:36 executing program 0: r0 = socket$inet_sctp(0x2, 0x1, 0x84) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f00000000c0)="11dca50d5e0bcfe47bf070") connect$inet(r0, &(0x7f0000000340)={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x10) r2 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vsock\x00', 0x105000, 0x0) ioctl$VIDIOC_REQBUFS(r2, 0xc0145608, &(0x7f0000000180)={0x8, 0xb, 0x1}) r3 = socket$netlink(0x10, 0x3, 0x400000000000004) writev(r3, &(0x7f0000000080)=[{&(0x7f0000000100)="480000001400190d09004beafd0d8c560284ed7a80ffe00600000000000000a2bc5603ca00000f7f89000000200000000101ff0000000309ff5bffff00c7e5ed4e00000000000000", 0x48}], 0x1) recvmmsg(r3, &(0x7f0000001680)=[{{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000380)=""/166, 0xa6}, {&(0x7f0000000500)=""/4096, 0x1000}, {&(0x7f0000001580)=""/220, 0xdc}], 0x3}}], 0x2, 0x0, 0x0) [ 469.828389] audit: type=1400 audit(2000000256.219:2104): avc: denied { map } for pid=17909 comm="blkid" path="/sbin/blkid" dev="sda1" ino=16128 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=0 [ 469.903303] sg_write: data in/out 167162/23 bytes for SCSI command 0xff-- guessing data in; [ 469.903303] program syz-executor.1 not setting count and/or reply_len properly [ 469.939943] audit: type=1400 audit(2000000256.229:2105): avc: denied { map } for pid=17910 comm="blkid" path="/sbin/blkid" dev="sda1" ino=16128 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=0 [ 469.979565] audit: type=1400 audit(2000000256.269:2106): avc: denied { map } for pid=17913 comm="blkid" path="/sbin/blkid" dev="sda1" ino=16128 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=0 03:37:38 executing program 2: socketpair$unix(0x1, 0x0, 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="2001000010db55000000000000649bdb382db60cdb35feaf0900000000000000000000000000201483d9b22701010000d08a38cd02fa9ed7d2"], 0x1}}, 0x0) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x38) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xffffffffffffffff, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r0, 0x0, 0x0) 03:37:38 executing program 4 (fault-call:1 fault-nth:20): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f0000000380)="8da4363ac0ed0000000000000000004d01000000000000000000000000000013fff6f2a2299748aeb81e1b00920efd9a000001000000000001000000000000005f42485266535f4d860c1317278d451fd38e4071a1e91c0523b67fecca5b668ef40000000000000000e4bd9fa7c5fcb3aefd8d4a6c4952162a5a06316567de06abe647d21f253840c118ae9982c6c238e719ccfbd8f5ee215e30bf31f59401e921c6a9fca5349ebf4294d39b5931232929caf81701a7540962141efc672ae1459ef04de89c7a092e7f", 0xc9, 0x10000}], 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) 03:37:38 executing program 5: r0 = socket$inet_tcp(0x2, 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = dup3(r0, r0, 0x80000) setsockopt$inet6_opts(r1, 0x29, 0x3b, &(0x7f0000000080)=@dstopts={0x3b, 0x29, [], [@pad1, @generic={0x101, 0xd0, "a45aab2e80e7ddc4f818195e0b439a2d783267b7ceeac1c8a113eefe372bcd81d9aa64b634d0c7ade4db23f39cbf8bfccf75872a77e4846caf7c9f14dd8cd00d6035a7d5e4a92885867a93ca7c0ded6397d642d762d75bb4566814d2ffa6e228c41bcdb41275d8c7d339185b950d2656815b3dae7dfe4855edc3b694223d818dc33833164d7e1f5e4e6f7aba3eb7ce57a34bf7d65a4ad691cd4fdd94b767884762ec995d4ad2be35e4cac46139405f022be83b6abf59f3aeb860f04ba5cd47ce67cc9d64fc0b156d62b945bd5cc499a0"}, @padn={0x1, 0x1, [0x0]}, @padn={0x1, 0x5, [0x0, 0x0, 0x0, 0x0, 0x0]}, @jumbo={0xc2, 0x4, 0x8001}, @pad1, @pad1, @generic={0x81, 0x5d, "a6dc9587e959fd468016c296f65c213542efc7b698c773a739152749c7fb4304b5b7ccc965282db7e7efe05cb63f0ff1054c3ea872e7aecd9343c8fbe782bac5629d8833bc70ba8be6b025090f60f04343713daeaae62c4ed5f1973e9d"}]}, 0x158) ioctl$sock_inet_SIOCSIFDSTADDR(r0, 0x8918, &(0x7f0000000240)={'caif0\x00', {0x2, 0x0, @loopback}}) ioctl$sock_SIOCBRDELBR(r0, 0x89a1, &(0x7f0000000000)='syz_tun\x00') 03:37:38 executing program 3: r0 = accept(0xffffffffffffffff, 0x0, &(0x7f00000000c0)) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f00000001c0)={'nlmon0\x00', 0x0}) sendto$packet(r0, &(0x7f0000000100)="0998b1d3af8ece62f1adc79f3d237d5814ebfd70e255f94c102019e84640aa9162eaefffb2292154f768d914d68900ddffb99847c14b2cdefa4340b5526721f686645ca5370d8cc73ef9027f13ac2b9f6b01cfaf8b51dcf350a78d0edd373b373a220792ea39a490ee80ad4069e3b07eeea1fe058d1182c6c7f87a8f82c796fbef69dada223c0ef609f6cc4eeb63c522f9989368724a59", 0x97, 0x40040, &(0x7f0000000200)={0x11, 0x19, r1, 0x1, 0x3, 0x6, @remote}, 0x14) r2 = inotify_init1(0x0) r3 = getpid() r4 = syz_open_dev$cec(&(0x7f0000000000)='/dev/cec#\x00', 0x3, 0x2) ioctl$VT_RESIZEX(r4, 0x560a, &(0x7f0000000040)={0x6, 0x200, 0x6, 0x2, 0x1, 0xb859}) fcntl$setown(r2, 0x8, 0xffffffffffffffff) fcntl$getownex(r2, 0x10, &(0x7f0000000080)={0x0, 0x0}) kcmp(r3, r5, 0x1, 0xffffffffffffffff, 0xffffffffffffffff) 03:37:38 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") r1 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x8046) write(r1, &(0x7f0000000100)="b63db85e1e8d020000000000003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1acfbd6cbf87798a9b02de7a91a3cbdfa009cf75a7eadb2a", 0x47) readv(r1, &(0x7f000085dff0)=[{&(0x7f0000000000)=""/62, 0x3e}], 0x1) 03:37:38 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f00008feff0)={0x0, 0x1af}}, 0x0) r2 = openat$selinux_commit_pending_bools(0xffffffffffffff9c, &(0x7f0000000080)='/selinux/commit_pending_bools\x00', 0x1, 0x0) r3 = openat$vcs(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/vcs\x00', 0x7fc, 0x0) ioctl$NBD_CLEAR_SOCK(r3, 0xab04) ioctl$KVM_IOEVENTFD(r2, 0x4040ae79, &(0x7f0000000200)={0x2000, &(0x7f00000000c0), 0x2, r3, 0xe}) sendmsg$key(0xffffffffffffffff, &(0x7f0000000100)={0x4, 0x0, &(0x7f00008feff0)={&(0x7f0000000000)=ANY=[@ANYBLOB="020d0000100000000000000000000000030006000700000002000000e0000001000000f500000000080012004d4c5c5131884c470000000030006c0002010000ff3f567b000000200200000000152c000000000000000001020014bb000000000000000000000000030005000000000002000000000000000400000000000000"], 0x80}}, 0x0) r4 = socket$key(0xf, 0x3, 0x2) sendmmsg(r4, &(0x7f0000000180), 0x400024c, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) syz_open_dev$vbi(&(0x7f0000000240)='/dev/vbi#\x00', 0xffffffffffffffff, 0x2) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) write(r6, &(0x7f0000000340), 0x41395527) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000040)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r7+30000000}, 0x0) vmsplice(r5, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) openat$vsock(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vsock\x00', 0x0, 0x0) r8 = openat$ipvs(0xffffffffffffff9c, 0x0, 0x2, 0x0) write$P9_RLERROR(r8, &(0x7f0000000280)=ANY=[], 0x0) ftruncate(r0, 0x2c5) [ 472.041403] sg_write: data in/out 167162/23 bytes for SCSI command 0xff-- guessing data in; [ 472.041403] program syz-executor.1 not setting count and/or reply_len properly [ 472.054269] FAULT_INJECTION: forcing a failure. [ 472.054269] name failslab, interval 1, probability 0, space 0, times 0 [ 472.086851] CPU: 0 PID: 17937 Comm: syz-executor.4 Not tainted 4.14.134 #30 [ 472.093985] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 472.103338] Call Trace: [ 472.105927] dump_stack+0x138/0x19c [ 472.109550] should_fail.cold+0x10f/0x159 [ 472.113699] should_failslab+0xdb/0x130 [ 472.117674] kmem_cache_alloc+0x2d7/0x780 [ 472.121818] ? wait_for_completion+0x420/0x420 [ 472.126397] __kernfs_new_node+0x70/0x420 [ 472.130539] kernfs_new_node+0x80/0xf0 [ 472.134424] __kernfs_create_file+0x46/0x323 [ 472.138824] sysfs_add_file_mode_ns+0x1e4/0x450 [ 472.143492] internal_create_group+0x232/0x7b0 [ 472.148074] sysfs_create_group+0x20/0x30 [ 472.152212] lo_ioctl+0x1176/0x1ce0 [ 472.155833] ? loop_probe+0x160/0x160 [ 472.159629] blkdev_ioctl+0x96b/0x1860 [ 472.163513] ? blkpg_ioctl+0x980/0x980 [ 472.167400] ? __might_sleep+0x93/0xb0 [ 472.171280] ? __fget+0x210/0x370 [ 472.174732] block_ioctl+0xde/0x120 [ 472.178350] ? blkdev_fallocate+0x3b0/0x3b0 [ 472.182661] do_vfs_ioctl+0x7ae/0x1060 [ 472.186545] ? selinux_file_mprotect+0x5d0/0x5d0 [ 472.191293] ? lock_downgrade+0x6e0/0x6e0 [ 472.195460] ? ioctl_preallocate+0x1c0/0x1c0 [ 472.200653] ? __fget+0x237/0x370 [ 472.204112] ? security_file_ioctl+0x89/0xb0 [ 472.208515] SyS_ioctl+0x8f/0xc0 [ 472.211874] ? do_vfs_ioctl+0x1060/0x1060 [ 472.216020] do_syscall_64+0x1e8/0x640 [ 472.219896] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 472.224738] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 472.229915] RIP: 0033:0x459697 [ 472.233093] RSP: 002b:00007f4eb8d06a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 03:37:38 executing program 5: r0 = socket(0x10, 0x3, 0xc) setsockopt$inet_int(r0, 0x0, 0x15, &(0x7f0000000000)=0x9, 0x4) mkdirat(0xffffffffffffff9c, 0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x12000, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r1 = open(&(0x7f0000000300)='./file0\x00', 0x0, 0x0) fchdir(r1) r2 = open(&(0x7f00000000c0)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r2, &(0x7f0000000440)=ANY=[@ANYRES64], 0x8) perf_event_open(&(0x7f0000000800)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) unlink(&(0x7f0000001e00)='./bus\x00') sendfile(r2, r2, &(0x7f0000000000), 0x8080fffffffe) connect$packet(0xffffffffffffffff, &(0x7f0000000880)={0x11, 0xf9, 0x0, 0x1, 0x9, 0x6, @remote}, 0x14) syz_genetlink_get_family_id$ipvs(0x0) ioctl$TIOCSSERIAL(r2, 0x541f, &(0x7f0000000680)={0x98, 0x3, 0x4, 0x0, 0x10000, 0x1f, 0x0, 0x6edd8feb, 0x0, 0x4, 0xff, 0x40, 0xff, 0x8, &(0x7f0000000480)=""/132, 0x37, 0x1, 0x40}) setsockopt$packet_fanout(r2, 0x107, 0x12, &(0x7f0000000100)={0x2, 0x0, 0x8000}, 0x4) creat(&(0x7f00000003c0)='./file1\x00', 0x0) write(r0, &(0x7f0000000200)="130000001000ffdde200f49ff60f050000230a009d000000119dc53022e5f9ec364f0000c0ff030000001c24e175ce463437101108bd81dc3181ddd83f8d3d1f2c53e45fca5ab94018975d7db754129310d0cb4526408e88cac1f2cbefbb693d8a0c8efc28ce3ff429592e5de7e4f28bca763acd06f40ad03226af55e3129849ae2d726cf46a629bf91efdb19a5faccffe8090d92237be9951004bd7c2a1c1a2b5b2684ade4025622c962d916c000000000000003400000000000000d5ba641663ac6847d35b87b0d9b4dc16d6d3b1a7a416989da28d36087321d135c4320eb1e488de1e9c694983a0240a5c97b38b46472a7c49c1897ab6", 0xf8) 03:37:38 executing program 3: syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x1, &(0x7f0000000100)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x3a, 0x400}], 0x0, 0x0) r0 = openat$selinux_checkreqprot(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/checkreqprot\x00', 0x1, 0x0) ioctl$SG_SET_FORCE_PACK_ID(r0, 0x227b, &(0x7f0000000140)) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000340)) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) [ 472.240793] RAX: ffffffffffffffda RBX: 0000000020000228 RCX: 0000000000459697 [ 472.248054] RDX: 0000000000000006 RSI: 0000000000004c00 RDI: 0000000000000007 [ 472.255316] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 472.262572] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000006 [ 472.269830] R13: 00000000004c88e2 R14: 00000000004df6b0 R15: 0000000000000005 03:37:38 executing program 3: syz_mount_image$jfs(&(0x7f0000000180)='jfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000001ac0)={[{@gid={'gid'}}]}) stat(&(0x7f0000000200)='./file0\x00', &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000040)='./file0/file0\x00', 0x400, 0x2, &(0x7f0000000140)=[{&(0x7f0000000080)="2e198687d331dfd78845d73d9bf039067546b0a4d140d866fbf1f74a9ac85851873672d198ed446791f2bc6114567ba528a93bdc3f5b7db6b118322d54b300dfc01ddec170a34d087bf99087e336c425f174d6147dddbad3e72babcf0475ce9c466e9e5dcadee6e1", 0x68, 0x1ef6}, {&(0x7f0000000100)="cd0bf73fd3081c2a114ea1ed59d0cb1ccefd2fff13e8f82248a0766abf63b0a0f7098c177f519e30ed7e13", 0x2b, 0x3779}], 0x200000, &(0x7f00000002c0)={[{@gid={'gid', 0x3d, r0}}, {@quota='quota'}, {@iocharset={'iocharset', 0x3d, 'iso8859-9'}}], [{@smackfsdef={'smackfsdef', 0x3d, 'lo-#vboxnet1'}}, {@dont_appraise='dont_appraise'}, {@permit_directio='permit_directio'}]}) 03:37:38 executing program 0: r0 = socket(0x200000000000011, 0x4000000000080002, 0x0) setsockopt$packet_int(r0, 0x107, 0x14, 0x0, 0x0) socket$packet(0x11, 0x0, 0x300) 03:37:38 executing program 4 (fault-call:1 fault-nth:21): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f0000000380)="8da4363ac0ed0000000000000000004d01000000000000000000000000000013fff6f2a2299748aeb81e1b00920efd9a000001000000000001000000000000005f42485266535f4d860c1317278d451fd38e4071a1e91c0523b67fecca5b668ef40000000000000000e4bd9fa7c5fcb3aefd8d4a6c4952162a5a06316567de06abe647d21f253840c118ae9982c6c238e719ccfbd8f5ee215e30bf31f59401e921c6a9fca5349ebf4294d39b5931232929caf81701a7540962141efc672ae1459ef04de89c7a092e7f", 0xc9, 0x10000}], 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) 03:37:38 executing program 3: r0 = syz_open_dev$usb(&(0x7f0000000080)='/dev/bus/usb/00#/00#\x00', 0x100, 0x0) ioctl$KVM_SET_XSAVE(r0, 0x5000aea5, &(0x7f00000003c0)={"839da326bbcb2325e0fcb12b7cd27628af6bc50848d050421ad7a7b0e49dee47540cd626cd8953cc6490347b989653bcf5ca0c0290ecf4cbbf1c0a054a04b662f551b5ecbcbd77115e51291e47aacbe3df3c11e3e9fd759458faa2e6bf3b47deeb85f5382e0ea2162fc872b4fa747b126ca8786879d7a5bc75c36b98ff5a5ed2d7bf4a0d0edc814836facd2504ecbd876172550ad3710db689a1bef71cdd3a6ff5e5c2a9dff357fe0cfecd8140e493cc556402a366f25e2a839de3ae4467fb0bdbcd6f32c6c4b5969d5c97ee8dbe4418142fce61f91ae1dd7554bac08a24a4b152950b58c8faad40efaf2b9a148feeebfd6bed425873689595bea3733a3c1690658e8462a0c93b3c499fcb455860f76b6cb6667d2968092193c6ac0777670c5865440b14f6127ea4818698d749ec16fa3b690f15cd67db4c818a38c2dcb608103787396c070e00b3aebe29537730bd678dad6749696e076ee5b65d20a215dab872218c02fcf5debbfa156dab706274be46199f7cbf024082edb70e49f19564b419e2ee290d4a187d2370b562e39923b7245ff6bcdfa6cac5b0c7ec89861942382d8a1c90e712cd8b6c3abaf12470903b4fb502a16a5096a50688f85d09231b57f246d9d9b8e3d018fe6ac98f7e48dcc9a8223b0e8f90a29b78c6f0a1551bd4a74d051af92f051121b17d71e5d2d9c5920b22612727c629ad53d8a84ee2b40659aa611c8e3962007f14e75dd460b950a50694d5356b0cc72bd1677cff389481d59340a1a327cca624b94cbde6728429b3e211cb9cde86833f2f1e969ab4b224baef033201b5cc01aa871aea529c5e248d9fcdda17457d35a5e760ae16ff8950410530d422158c94e86a97e1daf2183e8923372ad4d24d37f892a1c552495faac8ca1d406d0512cea4122233a6df44515a7e25e57f150216d79a2d76ff6799fc1808d94bb27a57b72816dae6343452fc22743e6d068d5da726860e207a2d6c4e7bc144ed31af0d66c66e793df2d2843688ff6baf52b15da045dc6903c8eadc1bb389f23049ea10d9d89645ebf48d12a2351aa30fed6b3dbb9ac370748dc20c49bb77cecc401b7fc436ac205ae93375815cbdac058281988d831cf895a13b5cc42c7275c69bf921a2648868550abe7dac950562a19abd09a91b78730c480a17367c49ed6a94968cc673ef5ab9aa2aa39d2226dd468b751d6296682b8d248fb2ee8a1b24307ae180b97f44b3a50777f7f5bcf86caefd8b1eae28ae179e5841ff70a4cd2f4b20e651f2b97f2a780f3f605ae531da320dd4e15f502f4ae40f5ce85589e2b792ec8e15b6c595c380ee2f240189c66f22b52182c69dde74fa88490f0b6e4401406afc6c18a13bf3ba91dda12a959460c0ad33f08f547e7cc22e8837394f6aee94bd9dc9dac3b592cce7620d9340137faf10f0b4d589a082cf720dd04bd0"}) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000380)='/dev/ion\x00', 0x0, 0x0) socket$inet(0x2, 0x2, 0x0) setsockopt$inet_opts(0xffffffffffffffff, 0x0, 0x4, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) r2 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r2, &(0x7f0000000000)={0xa, 0x0, 0x0, @remote, 0x3}, 0x1c) r3 = socket$l2tp(0x18, 0x1, 0x1) connect$l2tp(r3, &(0x7f0000000040)=@pppol2tpv3={0x18, 0x1, {0x0, r2, {0x2, 0x0, @multicast2}, 0x4}}, 0x2e) r4 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000100)='/dev/btrfs-control\x00', 0x204100, 0x0) ioctl$KDDISABIO(r4, 0x4b37) setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x23, &(0x7f00000001c0)={{{@in6=@local, @in, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in, 0x0, 0x32}, 0x2, @in=@loopback, 0x0, 0x4}}, 0xe8) write$USERIO_CMD_REGISTER(r3, &(0x7f00000000c0)={0x0, 0x43}, 0x2) sendmmsg(r3, &(0x7f0000005fc0), 0x800000000000059, 0x0) ioctl$ION_IOC_ALLOC(r1, 0xc0184900, &(0x7f0000000040)={0x40008, 0x2e, 0x0, 0xffffffffffffffff}) ioctl$DMA_BUF_IOCTL_SYNC(r5, 0x40086200, &(0x7f0000000000)=0x8) [ 472.520226] FAULT_INJECTION: forcing a failure. [ 472.520226] name failslab, interval 1, probability 0, space 0, times 0 [ 472.548777] CPU: 1 PID: 17967 Comm: syz-executor.4 Not tainted 4.14.134 #30 [ 472.555913] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 472.565278] Call Trace: [ 472.567879] dump_stack+0x138/0x19c [ 472.571529] should_fail.cold+0x10f/0x159 [ 472.575692] should_failslab+0xdb/0x130 [ 472.579843] kmem_cache_alloc_trace+0x2e9/0x790 [ 472.584513] ? kernfs_put+0x35e/0x490 [ 472.588308] ? sysfs_add_file_mode_ns+0x1e4/0x450 [ 472.593145] ? devm_device_remove_groups+0x50/0x50 [ 472.598068] kobject_uevent_env+0x378/0xc23 [ 472.602382] ? internal_create_group+0x49a/0x7b0 [ 472.607138] kobject_uevent+0x20/0x26 [ 472.610932] lo_ioctl+0x11e7/0x1ce0 [ 472.614560] ? loop_probe+0x160/0x160 [ 472.618356] blkdev_ioctl+0x96b/0x1860 [ 472.622242] ? blkpg_ioctl+0x980/0x980 [ 472.626155] ? __might_sleep+0x93/0xb0 [ 472.630036] ? __fget+0x210/0x370 [ 472.633483] block_ioctl+0xde/0x120 [ 472.637099] ? blkdev_fallocate+0x3b0/0x3b0 [ 472.641414] do_vfs_ioctl+0x7ae/0x1060 [ 472.645294] ? selinux_file_mprotect+0x5d0/0x5d0 [ 472.650043] ? lock_downgrade+0x6e0/0x6e0 [ 472.654187] ? ioctl_preallocate+0x1c0/0x1c0 [ 472.658589] ? __fget+0x237/0x370 [ 472.662040] ? security_file_ioctl+0x89/0xb0 [ 472.666443] SyS_ioctl+0x8f/0xc0 [ 472.669798] ? do_vfs_ioctl+0x1060/0x1060 [ 472.673938] do_syscall_64+0x1e8/0x640 [ 472.677815] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 472.682832] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 472.688099] RIP: 0033:0x459697 [ 472.691279] RSP: 002b:00007f4eb8d06a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 472.698996] RAX: ffffffffffffffda RBX: 0000000020000228 RCX: 0000000000459697 [ 472.706274] RDX: 0000000000000006 RSI: 0000000000004c00 RDI: 0000000000000007 [ 472.713532] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 472.720794] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000006 [ 472.728054] R13: 00000000004c88e2 R14: 00000000004df6b0 R15: 0000000000000005 [ 472.735550] net_ratelimit: 16 callbacks suppressed [ 472.735554] protocol 88fb is buggy, dev hsr_slave_0 [ 472.740951] protocol 88fb is buggy, dev hsr_slave_0 [ 472.745595] protocol 88fb is buggy, dev hsr_slave_1 [ 472.745761] protocol 88fb is buggy, dev hsr_slave_0 [ 472.750692] protocol 88fb is buggy, dev hsr_slave_1 [ 472.755743] protocol 88fb is buggy, dev hsr_slave_1 [ 472.960128] protocol 88fb is buggy, dev hsr_slave_1 [ 473.200118] protocol 88fb is buggy, dev hsr_slave_0 [ 473.205428] protocol 88fb is buggy, dev hsr_slave_1 [ 474.800199] protocol 88fb is buggy, dev hsr_slave_0 03:37:41 executing program 2: socketpair$unix(0x1, 0x0, 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="2001000010db55000000000000649bdb382db60cdb35feaf0900000000000000000000000000201483d9b22701010000d08a38cd02fa9ed7d2"], 0x1}}, 0x0) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x38) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xffffffffffffffff, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r0, 0x0, 0x0) 03:37:41 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = fcntl$dupfd(r1, 0x0, r0) fsetxattr$trusted_overlay_opaque(0xffffffffffffffff, &(0x7f00000004c0)='trusted.overlay.opaque\x00', 0x0, 0x0, 0x2) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$sock_kcm_SIOCKCMUNATTACH(r2, 0x89e1, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) setxattr$security_evm(&(0x7f0000000540)='./file0\x00', &(0x7f0000000580)='security.evm\x00', 0x0, 0x0, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_LAPIC(r3, 0x4400ae8f, &(0x7f00000000c0)={"6cdd4237dd245c8404721efdc9c8dc1964125fa96fa42b761c6ec25b2bec0ba4c81036c93a40c8a4d4412a763b00040000000000003c5ca206c047ecee377abaece6b88378e38e06c5fc191f361d264ffa8b46485f02baee1ab6b8154252066178868d1ef4b53606000000000000007c21a984c2b9ca4bbb7a87165c0c1dbc75d7ea4df1001000000000694525952f44500a1f0db509c32cc7ace842c28f37f06e4ea9f1e5f0c6c379f9cc58bf69fcde317fad4825aa1b6a832d4e48cc41bb5a6baa41d614f6c8941bee805954a62d196a4e8d4bf6b21224b57f530d0000c1ff53bf79a1f5c5dc34b22645cbc11c4562d22db88d0edc5daee171cc04d96d9ec2db07478f347edbd6404923ad4a5672b1b285c7988c4ec0922c655ff600000000c00dc290d936d93236051fadfb4b95d02c0bda7ce38dabb7cd103fe4d0c9c963cd717a77f8df8d46099b1f580968af6afbbc19db161c6df3e7c9c71bc08a282fc2c142856b5e4caff4c0a4f72445ef10dcd2c569319d6e9bb2058d023f669a64fc7d9684b45b00000000364673dcfa9235ea5a2ff23c4bb5c5acb290e8976dcac779ff000000000000003d4e185afe28a774b99d3890bd37428617de4cdd6f53c419ce31054182fd098af7b7f1b1152c691611f897558d4b755cb783978d9859b0537b05b623dcb5c4ca9317471a40fa4998cca80e961efffb4e1aa25d8a17deef0c8694c4395fc99be3c3fe7aeb8af4929ce7d346ca62b25d48fda5d10146702f78b233b5208752726ed9f0c340d494b92d19cc930bb8a5f8b4da8f4603ac0c3b698384e17a570dc8524823ed15af4ecfabb4b2541d3c114b7bba1c21a845c9cf0d1cc24aba47e30f558b2246ad95ccf7d2f80cc0ab26f08336ea1a33b79cf35b898837016eb211a1734c7af076e15451e33519fc978f66df7df4557c91024a8dc130a28ef5f63ad07b39c8d23b85cf434e065e8a29a80047fe17dee6f6347b4951f97b5703dc78b1ca9d74ea6a9ae12ab367c0de2659cc38d2f33ddd86e0597d33361eada119b5132145fa4525c488c7fffd6ceda6e9a02ebd97ced6b0161f2cc84615ceb8b18883299c636e9e46724a9a0600a8bb02f3e489631d522019a35fe12a33caf9dd8768ddbc02a484c345c3eff254297b1dbb04989c3f9f3c7b3c985c39b1d313018068d3809bac8c657e39f4f692613e28387e955722908dd88b56163be8312ff47c5b6f280472935af74e97a5a8110a4d74496f4c8ec82ddb010100000000000001a047526865c888c9ff36056cc4ad258021e1581d43badaaec6cc5a2ef989de9801fed6d4be2bfcfe07a69c46bffbe9dd03970800000000000000d372bdd6d89dc1ecf63c23d506114d0fba2bd1c69e8f7e3fccdcda85ce975ec1381b1cec6ddaa76e186719d819164300"}) openat$uinput(0xffffffffffffff9c, 0x0, 0x2, 0x0) ioctl$KVM_SET_MP_STATE(r3, 0x4004ae99, &(0x7f0000000700)=0x100005) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_X86_SETUP_MCE(r2, 0x4008ae9c, &(0x7f0000000680)={0x5, 0x6, 0x9}) 03:37:41 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") r1 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x8046) write(r1, &(0x7f0000000100)="b63db85e1e8d020000000000003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1acfbd6cbf87798a9b02de7a91a3cbdfa009cf75a7eadb2a", 0x47) readv(r1, &(0x7f000085dff0)=[{&(0x7f0000000000)=""/62, 0x3e}], 0x1) 03:37:41 executing program 3: socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x822102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg$netlink(0xffffffffffffffff, &(0x7f0000001dc0)={0x0, 0x0, &(0x7f00000000c0)=[{0x0}, {0x0}, {}, {&(0x7f00000019c0)=ANY=[@ANYBLOB="78000000000000000000000000000000680000002557750361337a6b244bc43aad71be506c3aec2653ff9bfe5db955b598cfe308d0405750e1344b23d22f08e8fe0136e63b990cbef17b261c9f931817a6c2e2eecda2358db45519ccd0f970431b8f3c639cbcf9038a2207a08de66fd84f00b55c22000000"], 0x78}], 0x4}, 0x0) r1 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x4) ptrace$cont(0x18, r1, 0x0, 0x0) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r1, 0x0, 0x0) 03:37:41 executing program 5: syz_open_dev$midi(&(0x7f00000002c0)='/dev/midi#\x00', 0x0, 0x0) r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r1 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f00000001c0)='TIPCv2\x00') sendmsg$TIPC_NL_NET_SET(0xffffffffffffffff, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000a00)=ANY=[@ANYBLOB="ad8c31e4125835ee09c69ae6aaedd519a866cc3cc1879f73b5e99b24c3ed4858234c5274ba109a979468cc166d80875fce28d58cc68ef10a719c3d07c4b71bb318aa12eae25e6cb44eb5f5a0f6291decaa47aace082e181653054c3d60af833f91c52d7acb352c341593c6ffea83f11a4eb3ab3a0ca32b6a2c7b15cd0a8b577890ccbe6ae00a2a0197aa214e657ce1d436014965cd1856bffc34464963118772978cb98ea829af7fc3b68232379f663f76d1e9b2cb676b588f9975ce9befc2352228a5cf3ee9ce1bd4f28629366f40db1f728d4e6e4ff502df561b0062fb9f43989159b587462fe7b390e1839cce43132e32fa0782a1908d4f7488f4ed48c54a86cdbf579a56ae9b85efea8d180380a4451885b1ece489f8c4177ff65ff256ab55ba59b9771b40ea36a69636ed5da27882af56df9b481f911c6be0a5", @ANYRES16=r2, @ANYBLOB="0000000000080002000400040008000600040002001c000200080001000000000001040400080002000000000004000400700004000c00070008d27c32550000003c00070008010000000000080001000000000008000100000000000800018a6e000000080002000000000008000400040000000c00010073797a31000000000c00010bca476e30000000000c00010073797a3000000000280007000c000300007488aa4479a9000000000000000c00040000000000000000000c0004000000000000000000"], 0xd8}, 0x1, 0x0, 0x0, 0x40}, 0x0) ioctl$KVM_SET_REGS(r1, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x800000400400200) ioctl$KVM_RUN(r1, 0xae80, 0x0) ioctl$KVM_RUN(r1, 0xae80, 0x0) ioctl$KVM_NMI(r1, 0xae9a) ioctl$ifreq_SIOCGIFINDEX_team(r4, 0x8933, &(0x7f0000000980)={'team0\x00', 0x0}) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f00000009c0)={'nlmon0\x00', r5}) ioctl$KVM_DEASSIGN_PCI_DEVICE(r0, 0x4040ae72, &(0x7f0000000080)={0x9, 0x1, 0x9, 0x4, 0x5}) r6 = syz_open_dev$adsp(&(0x7f0000000180)='/dev/adsp#\x00', 0xfffffffffffffffa, 0x20000) ioctl$TCSETAW(r6, 0x5407, &(0x7f0000000300)={0x7, 0x4, 0x6, 0x800, 0xf, 0x401, 0x9, 0x7ff, 0xb24, 0x3}) getpeername(r3, &(0x7f00000004c0)=@nfc, &(0x7f0000000540)=0x80) openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000)='/dev/hwrng\x00', 0x0, 0x0) ioctl$KVM_SET_REGS(r1, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r1, 0xae80, 0x0) ioctl$TUNGETSNDBUF(r6, 0x800454d3, &(0x7f0000000480)) 03:37:41 executing program 4 (fault-call:1 fault-nth:22): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f0000000380)="8da4363ac0ed0000000000000000004d01000000000000000000000000000013fff6f2a2299748aeb81e1b00920efd9a000001000000000001000000000000005f42485266535f4d860c1317278d451fd38e4071a1e91c0523b67fecca5b668ef40000000000000000e4bd9fa7c5fcb3aefd8d4a6c4952162a5a06316567de06abe647d21f253840c118ae9982c6c238e719ccfbd8f5ee215e30bf31f59401e921c6a9fca5349ebf4294d39b5931232929caf81701a7540962141efc672ae1459ef04de89c7a092e7f", 0xc9, 0x10000}], 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) [ 475.072778] kauditd_printk_skb: 16 callbacks suppressed [ 475.072786] audit: type=1400 audit(2000000261.469:2123): avc: denied { map } for pid=17983 comm="blkid" path="/sbin/blkid" dev="sda1" ino=16128 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=0 [ 475.106050] sg_write: data in/out 167162/23 bytes for SCSI command 0xff-- guessing data in; [ 475.106050] program syz-executor.1 not setting count and/or reply_len properly [ 475.127344] FAULT_INJECTION: forcing a failure. [ 475.127344] name failslab, interval 1, probability 0, space 0, times 0 [ 475.155230] audit: type=1400 audit(2000000261.519:2124): avc: denied { create } for pid=17982 comm="syz-executor.5" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=0 [ 475.181642] CPU: 0 PID: 17992 Comm: syz-executor.4 Not tainted 4.14.134 #30 [ 475.188776] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 475.198139] Call Trace: [ 475.200738] dump_stack+0x138/0x19c [ 475.204373] should_fail.cold+0x10f/0x159 [ 475.208635] should_failslab+0xdb/0x130 [ 475.212620] __kmalloc+0x2f0/0x7a0 [ 475.216155] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 475.221603] ? kobject_uevent_env+0x378/0xc23 [ 475.226110] ? rcu_read_lock_sched_held+0x110/0x130 [ 475.231120] ? kobject_get_path+0xbb/0x1a0 [ 475.235350] kobject_get_path+0xbb/0x1a0 [ 475.239406] ? devm_device_remove_groups+0x50/0x50 [ 475.244332] kobject_uevent_env+0x39c/0xc23 [ 475.248649] ? internal_create_group+0x49a/0x7b0 [ 475.253405] kobject_uevent+0x20/0x26 [ 475.257203] lo_ioctl+0x11e7/0x1ce0 [ 475.260827] ? loop_probe+0x160/0x160 [ 475.264620] blkdev_ioctl+0x96b/0x1860 [ 475.268497] ? blkpg_ioctl+0x980/0x980 [ 475.272470] ? __might_sleep+0x93/0xb0 [ 475.276349] ? __fget+0x210/0x370 [ 475.279799] block_ioctl+0xde/0x120 [ 475.283419] ? blkdev_fallocate+0x3b0/0x3b0 [ 475.287736] do_vfs_ioctl+0x7ae/0x1060 [ 475.291623] ? selinux_file_mprotect+0x5d0/0x5d0 [ 475.296369] ? lock_downgrade+0x6e0/0x6e0 [ 475.300512] ? ioctl_preallocate+0x1c0/0x1c0 [ 475.304914] ? __fget+0x237/0x370 [ 475.308382] ? security_file_ioctl+0x89/0xb0 [ 475.312786] SyS_ioctl+0x8f/0xc0 [ 475.316142] ? do_vfs_ioctl+0x1060/0x1060 [ 475.320283] do_syscall_64+0x1e8/0x640 [ 475.324159] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 475.329001] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 475.334183] RIP: 0033:0x459697 [ 475.337364] RSP: 002b:00007f4eb8ce5a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 475.345078] RAX: ffffffffffffffda RBX: 0000000020000228 RCX: 0000000000459697 [ 475.352340] RDX: 0000000000000006 RSI: 0000000000004c00 RDI: 0000000000000007 [ 475.359610] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 475.366875] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000006 03:37:41 executing program 3: r0 = creat(&(0x7f0000000180)='./file0\x00', 0x0) r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000400)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='fuse\x00', 0x0, &(0x7f0000000000)={{'fd', 0x3d, r1}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}}) ioctl$VIDIOC_S_PRIORITY(r0, 0x40045644, 0x2) [ 475.374137] R13: 00000000004c88e2 R14: 00000000004df6b0 R15: 0000000000000005 03:37:41 executing program 5: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000300)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) ioctl$TIOCLINUX2(r0, 0x541c, &(0x7f00000000c0)={0x2, 0xdfb, 0xc2, 0x5, 0x2, 0x6}) r1 = accept4$x25(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000080)=0x12, 0xf8b3035c3595956c) getsockopt$sock_timeval(r1, 0x1, 0x15, &(0x7f0000000100), &(0x7f0000000280)=0x10) r2 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dlm_plock\x00', 0x101000, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(r2, 0xc018620b, &(0x7f00000002c0)) write$RDMA_USER_CM_CMD_REJECT(r0, &(0x7f0000000140)={0x9, 0x108, 0xfa00, {0xffffffffffffffff, 0x2, "bd4530", "002a758b91015353e150cb6132923551e9e75b1590382e15723f34334f2d9c7d319e6fd2f2b1d11e3bfb99e5a848cc1e9f36a3fd5177acbd8970abb10832363d78af645c2afa3d0a76e2e970f73a183d1dc6a1483f8adc103e4deacc2e5bcb5028e0e28c23b15b7b5be09e9df61ef39043399d6cc739b670bc42c2c3e564dd60470017a6fb7c632a0b2521d4daa3c23264fb4a444adca92ede15f6547f7120eea398911dfac4c6809213f453e6cb7bd9a699c1a2c63a7dc73407182447bccabc0b25149467e573644d2a4fa57545a5e441abcd658d078ec95afe4780b51d369db8b6de8e90cfabe4efb849f7ff17df0f64dbdf85fa87e6e0a23c425e9ad4be79"}}, 0x85d241b205ced3e7) 03:37:41 executing program 0: r0 = creat(&(0x7f0000000540)='./file0\x00', 0xfffffffffffffdfa) mount(&(0x7f0000000340)=ANY=[@ANYBLOB="90babb6e7fa700c8850fe94c913b"], &(0x7f0000000080)='./file0\x00', 0x0, 0x1000, 0x0) sendmsg$nl_crypto(r0, &(0x7f00000002c0)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000280)={&(0x7f0000000180)=@getstat={0xe0, 0x15, 0xc10, 0x70bd29, 0x25dfdbff, {{'sha3-512-generic\x00'}, [], [], 0x2000, 0x2000}, ["", "", "", ""]}, 0xe0}, 0x1, 0x0, 0x0, 0x80}, 0x4040004) syz_mount_image$ext4(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x880420, &(0x7f0000000300)=ANY=[@ANYBLOB='max_batch_time=0']) write$selinux_context(r0, &(0x7f0000000380)='system_u:object_r:ipmi_device_t:s0\x00', 0x23) ioctl$TIOCGPGRP(r0, 0x540f, &(0x7f0000000440)=0x0) prctl$PR_SET_PTRACER(0x59616d61, r1) sendto$inet6(r0, &(0x7f0000000040)="77ade16349caddb7d221076af6db09acbc1628c620b38c3f801afa5249ae21010144bc44a51bb03990650e037a8285", 0x2f, 0x0, &(0x7f00000000c0)={0xa, 0x4e21, 0x8000, @dev={0xfe, 0x80, [], 0x24}, 0x6}, 0x1c) ioctl$VHOST_SET_VRING_BUSYLOOP_TIMEOUT(r0, 0x4008af23, &(0x7f0000000480)={0x0, 0x10000}) setsockopt$ARPT_SO_SET_ADD_COUNTERS(r0, 0x0, 0x61, &(0x7f00000003c0)={'filter\x00', 0x4}, 0x68) ioctl$SG_GET_COMMAND_Q(r0, 0x2270, &(0x7f00000004c0)) [ 475.424288] audit: type=1400 audit(2000000261.529:2125): avc: denied { map } for pid=17997 comm="modprobe" path="/bin/kmod" dev="sda1" ino=1440 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=0 [ 475.452361] audit: type=1400 audit(2000000261.529:2126): avc: denied { map } for pid=17998 comm="modprobe" path="/bin/kmod" dev="sda1" ino=1440 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=0 [ 475.482126] audit: type=1400 audit(2000000261.539:2127): avc: denied { create } for pid=17982 comm="syz-executor.5" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=0 03:37:41 executing program 3: r0 = socket$inet(0x2, 0x2, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) bind$inet(r0, &(0x7f0000000200)={0x2, 0x1004e20}, 0x10) connect$inet(r0, &(0x7f0000000080)={0x2, 0x4e20, @empty}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x0, 0x0, 0x0) r3 = accept$inet6(r1, &(0x7f0000000000)={0xa, 0x0, 0x0, @empty}, &(0x7f0000000040)=0x1c) getsockopt$inet6_tcp_int(r3, 0x6, 0x7, &(0x7f0000000140), &(0x7f0000000180)=0x4) setsockopt$sock_int(r0, 0x1, 0x28, &(0x7f0000000100)=0x42, 0x4) recvmmsg(r0, &(0x7f0000003c80), 0x38e, 0x62, 0x0) 03:37:41 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) openat$pfkey(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/net/pfkey\x00', 0x40, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f00000000c0)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}]}) [ 475.512704] audit: type=1400 audit(2000000261.579:2128): avc: denied { map } for pid=18003 comm="modprobe" path="/bin/kmod" dev="sda1" ino=1440 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=0 [ 475.539272] audit: type=1400 audit(2000000261.789:2129): avc: denied { map } for pid=18007 comm="modprobe" path="/bin/kmod" dev="sda1" ino=1440 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=0 03:37:42 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, &(0x7f0000001000)=ANY=[@ANYBLOB="bf16000000000000b7070000010010004070000000185819bc700000000000009500000000000000"], &(0x7f0000000140)='vS\xfdIG|\x8aL[\xf2\'\x9c\xea\xb1\xc0\xb1\x19\x91\x9d/Q\xd9\xe3T\xce\xdax;\x02%\xc5\x1c\xd5GA\xad[(\xbblZ\x01\x1dF\x92#]%sj\xd0i\xc6C\x1f&\xe2\xc5\xa5z\x7f\xe1 \xfb\xc27\x03\x84\x8e\xef\x82-\xfc$$\xaf\v\xbd\x95\x1e\x0f\xbeVI\xec\r!\f\x86\xf5\xfb[Y\x1e\xd4\xdfc\xb1\xc8\xa2\xc1/5\xffr\x1f\x80@\xb8F\xea\xde\x93\xa1\xcb6\xee\xf2\xce\x95\xf2\xfdxR\x17F\xad\xc1~\xa2\x97=O^o\"\xbb\xa8\x9746'}, 0x48) r0 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000400)='/dev/vga_arbiter\x00', 0x10280, 0x0) write$cgroup_type(r0, &(0x7f0000000440)='threaded\x00', 0x9) recvmsg(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000200)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @local}}}, 0x80, &(0x7f0000000040)=[{&(0x7f0000001040)=""/4096, 0x1000}], 0x1, &(0x7f0000000280)=""/187, 0xbb}, 0x2) ioctl$sock_inet_SIOCADDRT(r1, 0x890b, &(0x7f0000000380)={0x0, {0x2, 0x4e22, @remote}, {0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x20}}, {0x2, 0x4e22, @rand_addr=0x5}, 0x38, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000340)='veth1_to_team\x00', 0x100000000, 0x5, 0xffff}) [ 475.585452] audit: type=1400 audit(2000000261.949:2130): avc: denied { map } for pid=18014 comm="blkid" path="/sbin/blkid" dev="sda1" ino=16128 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=0 [ 475.636461] audit: type=1400 audit(2000000262.029:2131): avc: denied { map } for pid=18023 comm="blkid" path="/sbin/blkid" dev="sda1" ino=16128 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=0 [ 475.698473] audit: type=1400 audit(2000000262.089:2132): avc: denied { map } for pid=18028 comm="blkid" path="/sbin/blkid" dev="sda1" ino=16128 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=0 03:37:44 executing program 2: socketpair$unix(0x1, 0x0, 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="2001000010db55000000000000649bdb382db60cdb35feaf0900000000000000000000000000201483d9b22701010000d08a38cd02fa9ed7d2"], 0x1}}, 0x0) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x38) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, 0x0, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r0, 0x0, 0x0) 03:37:44 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) dup(r0) openat$zero(0xffffffffffffff9c, &(0x7f0000000040)='/dev/zero\x00', 0x115003, 0x0) openat$dsp(0xffffffffffffff9c, &(0x7f0000000280)='/dev/dsp\x00', 0x802, 0x0) pipe(&(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x10000014c) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clock_gettime(0x9, &(0x7f00000002c0)) pselect6(0x40, &(0x7f00000000c0)={0x2, 0x0, 0x0, 0x0, 0x800000}, 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200), 0x0) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0xffffffffffffff79}], 0x1, 0x0) 03:37:44 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000400)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="2be00fe2f2e5bc83e9ffd79f9c1644d5c8dadd0d8d8e7ec75d67c94eea9918f784a76eb98a"], 0x0, 0x25}, 0x20) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000000c0)={0x10004, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff], 0x1f004}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 03:37:44 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000140)='/dev/dlm-control\x00', 0x40000, 0x0) ioctl$VHOST_SET_FEATURES(r1, 0x4008af00, &(0x7f0000000180)=0x8000000) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'syz_tun\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@ipv6_newaddr={0x34, 0x14, 0x101, 0x0, 0x0, {0xa, 0x0, 0x0, 0x0, r2}, [@IFA_FLAGS={0x8, 0x8, 0x190}, @IFA_LOCAL={0x14, 0x2, @local}]}, 0x34}}, 0x0) r3 = syz_open_dev$usb(&(0x7f0000000080)='/dev/bus/usb/00#/00#\x00', 0x1, 0x280001) ioctl$VIDIOC_QUERYBUF(r3, 0xc0585609, &(0x7f00000000c0)={0x6, 0xe, 0x4, 0x100001, {0x0, 0x7530}, {0x0, 0x0, 0x80000000, 0x1, 0x20, 0x3, "ac66df5d"}, 0x5, 0x1, @fd, 0x4}) 03:37:44 executing program 4 (fault-call:1 fault-nth:23): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f0000000380)="8da4363ac0ed0000000000000000004d01000000000000000000000000000013fff6f2a2299748aeb81e1b00920efd9a000001000000000001000000000000005f42485266535f4d860c1317278d451fd38e4071a1e91c0523b67fecca5b668ef40000000000000000e4bd9fa7c5fcb3aefd8d4a6c4952162a5a06316567de06abe647d21f253840c118ae9982c6c238e719ccfbd8f5ee215e30bf31f59401e921c6a9fca5349ebf4294d39b5931232929caf81701a7540962141efc672ae1459ef04de89c7a092e7f", 0xc9, 0x10000}], 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) 03:37:44 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") r1 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x8046) write(r1, &(0x7f0000000100)="b63db85e1e8d020000000000003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1acfbd6cbf87798a9b02de7a91a3cbdfa009cf75a7eadb2a00", 0x48) readv(0xffffffffffffffff, &(0x7f000085dff0)=[{&(0x7f0000000000)=""/62, 0x3e}], 0x1) [ 478.120577] sg_write: data in/out 167162/24 bytes for SCSI command 0xff-- guessing data in; [ 478.120577] program syz-executor.1 not setting count and/or reply_len properly [ 478.138288] FAULT_INJECTION: forcing a failure. [ 478.138288] name failslab, interval 1, probability 0, space 0, times 0 [ 478.150145] CPU: 1 PID: 18040 Comm: syz-executor.4 Not tainted 4.14.134 #30 [ 478.157262] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 478.166622] Call Trace: [ 478.169319] dump_stack+0x138/0x19c [ 478.172974] should_fail.cold+0x10f/0x159 [ 478.177139] should_failslab+0xdb/0x130 [ 478.181120] kmem_cache_alloc_node+0x287/0x780 [ 478.185763] __alloc_skb+0x9c/0x500 [ 478.189484] ? skb_scrub_packet+0x4b0/0x4b0 [ 478.193867] ? netlink_has_listeners+0x20a/0x330 [ 478.200177] kobject_uevent_env+0x781/0xc23 [ 478.204504] ? internal_create_group+0x49a/0x7b0 [ 478.209280] kobject_uevent+0x20/0x26 [ 478.213094] lo_ioctl+0x11e7/0x1ce0 [ 478.216733] ? loop_probe+0x160/0x160 [ 478.220537] blkdev_ioctl+0x96b/0x1860 [ 478.224422] ? blkpg_ioctl+0x980/0x980 [ 478.228315] ? __might_sleep+0x93/0xb0 [ 478.232200] ? __fget+0x210/0x370 [ 478.235672] block_ioctl+0xde/0x120 [ 478.239307] ? blkdev_fallocate+0x3b0/0x3b0 [ 478.243638] do_vfs_ioctl+0x7ae/0x1060 [ 478.247534] ? selinux_file_mprotect+0x5d0/0x5d0 [ 478.252298] ? lock_downgrade+0x6e0/0x6e0 [ 478.256449] ? ioctl_preallocate+0x1c0/0x1c0 [ 478.260859] ? __fget+0x237/0x370 [ 478.264332] ? security_file_ioctl+0x89/0xb0 [ 478.268753] SyS_ioctl+0x8f/0xc0 [ 478.272121] ? do_vfs_ioctl+0x1060/0x1060 [ 478.273842] sg_write: data in/out 167162/24 bytes for SCSI command 0xff-- guessing data in; [ 478.273842] program syz-executor.1 not setting count and/or reply_len properly [ 478.276275] do_syscall_64+0x1e8/0x640 [ 478.296191] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 478.301051] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 478.306245] RIP: 0033:0x459697 [ 478.309434] RSP: 002b:00007f4eb8d06a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 03:37:44 executing program 0: r0 = syz_open_dev$video4linux(0x0, 0x80000005, 0x0) connect$l2tp(0xffffffffffffffff, &(0x7f0000000180)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @multicast1}, 0x2, 0x2, 0x2}}, 0x2e) ioctl$VIDIOC_S_PARM(r0, 0xc0cc5616, &(0x7f0000000400)={0xf, @output={0x1000, 0x1, {0x0, 0x3}, 0x800, 0x7}}) lsetxattr$trusted_overlay_nlink(&(0x7f0000000300)='./file0\x00', 0x0, 0x0, 0x0, 0x1) r1 = socket$inet_udp(0x2, 0x2, 0x0) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) llistxattr(0x0, &(0x7f0000000500)=""/223, 0xdf) ioctl$TUNGETIFF(0xffffffffffffffff, 0x800454d2, 0x0) r3 = dup2(r2, r1) ioctl$SIOCX25CALLACCPTAPPRV(r3, 0x89e8) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000003c0)='./cgroup\x00', 0x200002, 0x0) fchdir(r4) syz_genetlink_get_family_id$tipc2(&(0x7f0000000100)='TIPCv2\x00') syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xe008, 0x1, &(0x7f0000000040)=[{&(0x7f0000000240)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) r5 = syz_open_dev$radio(&(0x7f0000000140)='/dev/radio#\x00', 0x1, 0x2) write$selinux_create(0xffffffffffffffff, &(0x7f0000000600)=ANY=[], 0xbafe553b56e1a683) umount2(&(0x7f0000000280)='./file0\x00', 0x0) mremap(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x1000, 0x0, &(0x7f0000ffc000/0x1000)=nil) ioctl$VIDIOC_SUBDEV_S_FMT(r0, 0xc0585604, &(0x7f0000000080)) syz_genetlink_get_family_id$ipvs(&(0x7f0000000200)='IPVS\x00') sendmsg$IPVS_CMD_NEW_DAEMON(r5, &(0x7f0000000380)={&(0x7f00000001c0), 0xc, 0x0, 0x1, 0x0, 0x0, 0x20000000}, 0x0) 03:37:44 executing program 5: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) close(r0) r2 = socket(0x200000100000011, 0x803, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000000c0)={'veth0_to_bond\x00', 0x0}) bind$packet(r2, &(0x7f0000000200)={0x11, 0x0, r3, 0x1, 0x0, 0x6, @link_local}, 0x14) getsockopt$inet_sctp_SCTP_ADAPTATION_LAYER(r2, 0x84, 0x7, &(0x7f0000000000), &(0x7f0000000040)=0x4) setsockopt$packet_int(r2, 0x107, 0xf, &(0x7f00000001c0)=0x8, 0x4) io_setup(0x7, &(0x7f0000000280)=0x0) io_submit(r4, 0x1, &(0x7f0000000080)=[&(0x7f0000000240)={0x0, 0x0, 0x0, 0x800000000001, 0x0, r0, &(0x7f0000000440)="773b9a0072246005144c", 0xa}]) 03:37:44 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") r1 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x8046) write(r1, &(0x7f0000000100)="b63db85e1e8d020000000000003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1acfbd6cbf87798a9b02de7a91a3cbdfa009cf75a7eadb2a00", 0x48) readv(0xffffffffffffffff, &(0x7f000085dff0)=[{&(0x7f0000000000)=""/62, 0x3e}], 0x1) 03:37:44 executing program 0: r0 = memfd_create(&(0x7f0000000100)='\vem1\xc1\xf8\xa6\x8dN\xc0\xa3\\\xe2\xcb\xa2\xba\xe5\xf4\x97\xac#*\xff', 0x0) write(r0, &(0x7f0000000040)="0600", 0x2) write$FUSE_NOTIFY_STORE(r0, &(0x7f00000002c0)=ANY=[@ANYBLOB="06000100000000000400000005007c00000000000100000000000000"], 0x1c) socket$kcm(0x29, 0x5, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x40000002, &(0x7f0000000b80)={0x0, 0x1c9c380}) sendfile(r0, r0, &(0x7f0000001000), 0xffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x7000)=nil, 0x7000, 0x80000000004, 0x11, r0, 0x0) r1 = syz_open_dev$vcsa(&(0x7f0000000080)='/dev/vcsa#\x00', 0x9, 0x2) ioctl$DRM_IOCTL_GET_MAP(r1, 0xc0286404, &(0x7f00000000c0)={&(0x7f0000005000/0x11000)=nil, 0x2, 0x5, 0xdf2793b050a81abd, &(0x7f0000000000/0x4000)=nil, 0x4}) socketpair$unix(0x1, 0x5, 0x0, &(0x7f000001a000)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f000002eff0)={0x32b, &(0x7f0000000000)=[{}]}, 0x10) 03:37:44 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") r1 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x8046) write(r1, &(0x7f0000000100)="b63db85e1e8d020000000000003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1acfbd6cbf87798a9b02de7a91a3cbdfa009cf75a7eadb2a00", 0x48) readv(0xffffffffffffffff, &(0x7f000085dff0)=[{&(0x7f0000000000)=""/62, 0x3e}], 0x1) [ 478.317142] RAX: ffffffffffffffda RBX: 0000000020000228 RCX: 0000000000459697 [ 478.324416] RDX: 0000000000000006 RSI: 0000000000004c00 RDI: 0000000000000007 [ 478.331780] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 478.339052] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000006 [ 478.346321] R13: 00000000004c88e2 R14: 00000000004df6b0 R15: 0000000000000005 03:37:44 executing program 5: r0 = syz_open_dev$midi(&(0x7f0000000000)='/dev/midi#\x00', 0xffffffff, 0x101000) ioctl$KVM_SET_VAPIC_ADDR(r0, 0x4008ae93, &(0x7f0000000040)=0xd000) ioctl$VIDIOC_QUERYCTRL(r0, 0xc0445624, &(0x7f0000000140)={0x7, 0x7, "7fa79c78f950c88b25a9d3f7dd2f324849f95a316c84dfb9258d5b636f5d3781", 0x19e9, 0x10001, 0x807ee0, 0x8000000000fc, 0x214}) r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x80802, 0x0) write$sndseq(r1, &(0x7f0000000280)=[{0x81, 0x6, 0x0, 0x0, @tick, {}, {}, @queue}], 0x30) [ 478.413892] sg_write: data in/out 167162/24 bytes for SCSI command 0xff-- guessing data in; [ 478.413892] program syz-executor.1 not setting count and/or reply_len properly [ 478.960136] net_ratelimit: 17 callbacks suppressed [ 478.960141] protocol 88fb is buggy, dev hsr_slave_0 [ 478.960206] protocol 88fb is buggy, dev hsr_slave_1 [ 478.965160] protocol 88fb is buggy, dev hsr_slave_1 [ 478.980360] protocol 88fb is buggy, dev hsr_slave_0 [ 478.985399] protocol 88fb is buggy, dev hsr_slave_1 [ 479.200591] protocol 88fb is buggy, dev hsr_slave_1 [ 479.520151] protocol 88fb is buggy, dev hsr_slave_0 [ 479.525278] protocol 88fb is buggy, dev hsr_slave_1 [ 481.040150] protocol 88fb is buggy, dev hsr_slave_0 [ 481.040154] protocol 88fb is buggy, dev hsr_slave_0 03:37:47 executing program 2: socketpair$unix(0x1, 0x0, 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="2001000010db55000000000000649bdb382db60cdb35feaf0900000000000000000000000000201483d9b22701010000d08a38cd02fa9ed7d2"], 0x1}}, 0x0) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x38) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, 0x0, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r0, 0x0, 0x0) 03:37:47 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") r1 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x8046) write(r1, &(0x7f0000000100)="b63db85e1e8d020000000000003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1acfbd6cbf87798a9b02de7a91a3cbdfa009cf75a7eadb2a00", 0x48) readv(r1, 0x0, 0x0) 03:37:47 executing program 4 (fault-call:1 fault-nth:24): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f0000000380)="8da4363ac0ed0000000000000000004d01000000000000000000000000000013fff6f2a2299748aeb81e1b00920efd9a000001000000000001000000000000005f42485266535f4d860c1317278d451fd38e4071a1e91c0523b67fecca5b668ef40000000000000000e4bd9fa7c5fcb3aefd8d4a6c4952162a5a06316567de06abe647d21f253840c118ae9982c6c238e719ccfbd8f5ee215e30bf31f59401e921c6a9fca5349ebf4294d39b5931232929caf81701a7540962141efc672ae1459ef04de89c7a092e7f", 0xc9, 0x10000}], 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) 03:37:47 executing program 0: r0 = dup(0xffffffffffffffff) getsockopt$bt_BT_SNDMTU(r0, 0x112, 0xc, &(0x7f0000000000)=0xfffffffffffff001, &(0x7f0000000040)=0x2) openat$cgroup(r0, &(0x7f0000000080)='syz1\x00', 0x200002, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f00000000c0)={{0x1, 0x0, 0x3, 0x3, 0x76}}) r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000000140)='TIPC\x00') sendmsg$TIPC_CMD_GET_NODES(r0, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x1c, r1, 0x201, 0x70bd2d, 0x25dfdbfe, {}, ["", "", "", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x4004}, 0x20000001) connect$x25(r0, &(0x7f0000000240)={0x9, @null=' \x00'}, 0x12) connect(r0, &(0x7f0000000280)=@l2={0x1f, 0x5, {0x3ff, 0x2, 0xef0, 0x2a, 0x0, 0x6}, 0xffffffff, 0x8}, 0x80) r2 = openat$urandom(0xffffffffffffff9c, &(0x7f0000000300)='/dev/urandom\x00', 0x4000, 0x0) getsockopt$inet_sctp_SCTP_RESET_STREAMS(r0, 0x84, 0x77, &(0x7f0000000340)={0x0, 0x6, 0x8, [0xb5f4, 0x0, 0x2, 0x1, 0x1, 0x0, 0x80000000, 0x1c]}, &(0x7f0000000380)=0x18) setsockopt$inet_sctp6_SCTP_PR_SUPPORTED(r0, 0x84, 0x71, &(0x7f00000003c0)={r3, 0x2}, 0x8) setsockopt$inet_sctp6_SCTP_RESET_STREAMS(r0, 0x84, 0x77, &(0x7f0000000400)={r3, 0x1}, 0x8) ioctl$sock_bt_bnep_BNEPCONNDEL(r0, 0x400442c9, &(0x7f0000000440)={0x1, @local}) ioctl$EVIOCREVOKE(r0, 0x40044591, &(0x7f0000000480)=0x10001) lstat(&(0x7f00000004c0)='./file0\x00', &(0x7f0000000500)={0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$SIOCAX25DELUID(r0, 0x89e2, &(0x7f0000000580)={0x3, @default, r4}) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000600)={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000005c0)={0xffffffffffffffff}, 0x13f, 0x8}}, 0x20) write$RDMA_USER_CM_CMD_LISTEN(r0, &(0x7f0000000640)={0x7, 0x8, 0xfa00, {r5, 0x97a3}}, 0x10) ioctl$TIOCOUTQ(r0, 0x5411, &(0x7f0000000680)) ioctl$TIOCGPTLCK(r0, 0x80045439, &(0x7f00000006c0)) syz_open_dev$loop(&(0x7f0000000700)='/dev/loop#\x00', 0x8001, 0x20000) r6 = request_key(&(0x7f0000000740)='asymmetric\x00', &(0x7f0000000780)={'syz', 0x3}, &(0x7f00000007c0)='system(+\x00', 0xfffffffffffffffb) r7 = add_key$keyring(&(0x7f0000000840)='keyring\x00', &(0x7f0000000880)={'syz', 0x1}, 0x0, 0x0, 0xffffffffffffffff) keyctl$instantiate(0xc, r6, &(0x7f0000000800)=@encrypted_update={'update ', 'ecryptfs', 0x20, 'trusted:', '/dev/loop#\x00'}, 0x24, r7) ioctl$SNDRV_RAWMIDI_IOCTL_DRAIN(r0, 0x40045731, &(0x7f00000008c0)=0x80000000) ioctl$TUNSETPERSIST(r0, 0x400454cb, 0x1) write$binfmt_aout(r2, &(0x7f0000000900)={{0x10f, 0x1ff, 0x401, 0xf6, 0x354, 0x3ff, 0x123, 0x10000}, "fcea722fe7087f00c0f4ac6b22f3548f6f1c13b1546b41938ff3", [[], []]}, 0x23a) r8 = syz_open_dev$audion(&(0x7f0000000b40)='/dev/audio#\x00', 0x8, 0x0) sendto$rose(r8, &(0x7f0000000b80)="3ea76d00c4d80219755fed27c9cf1412fa652221cfa991640b7384f959734f98f0e338d4610e74f8a3f777e4b424c9b75a5c802b127f0fa5723da85287877a58693f34a52e88632ec90b3472bdeba680a9d7a55b3e88010c5276be919030c5ad0c37db24d89c69d18a5b1eb29fbc4ee63e8425cba7a9d818a8d95322659952b1b699a500670ffffb31c3360786c10e8558d129436078af29e1bcf1f82de4fa56e84c20a0c536e70676d33983", 0xac, 0x4000, &(0x7f0000000c40)=@full={0xb, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, 0x6, [@remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @default, @default]}, 0x40) setsockopt$inet_sctp_SCTP_AUTOCLOSE(r0, 0x84, 0x4, &(0x7f0000000c80), 0x4) 03:37:47 executing program 5: socket$inet_udplite(0x2, 0x2, 0x88) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r1, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) ioctl$EXT4_IOC_MOVE_EXT(0xffffffffffffffff, 0xc028660f, 0x0) r2 = getpgrp(0x0) ioctl$sock_SIOCSPGRP(r1, 0x8902, &(0x7f0000000200)=r2) write$P9_RREMOVE(0xffffffffffffffff, 0x0, 0x90) bind$inet6(0xffffffffffffffff, 0x0, 0x0) ioctl$sock_TIOCOUTQ(0xffffffffffffffff, 0x5411, 0x0) ioctl$FIONREAD(r0, 0x541b, &(0x7f0000000040)) preadv(0xffffffffffffffff, 0x0, 0x0, 0x0) sendto$inet6(r1, 0x0, 0x0, 0x20000001, &(0x7f0000b63fe4)={0xa, 0x2}, 0x1c) splice(r1, 0x0, r0, 0x0, 0x1000000000000003, 0x0) inotify_init1(0x0) setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, &(0x7f0000000080)='bpq0\x00', 0x10) write$UHID_CREATE2(0xffffffffffffffff, 0x0, 0x0) setsockopt$inet6_mtu(0xffffffffffffffff, 0x29, 0x17, 0x0, 0x0) syz_genetlink_get_family_id$nbd(0x0) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(0xffffffffffffffff, 0x800c6613, 0x0) syz_genetlink_get_family_id$nbd(0x0) ioctl$GIO_FONTX(r0, 0x4b6b, 0x0) ioctl$PPPIOCGFLAGS1(0xffffffffffffffff, 0x8004745a, 0x0) sendmsg$NBD_CMD_RECONFIGURE(0xffffffffffffffff, 0x0, 0x0) ioctl$GIO_UNISCRNMAP(0xffffffffffffffff, 0x4b69, 0x0) sendto$packet(r1, &(0x7f0000000340), 0xfffffffffffffd4d, 0x57, 0x0, 0x0) 03:37:47 executing program 3: r0 = socket(0x40000000015, 0x5, 0x0) connect$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @loopback}, 0x10) bind$inet(r0, &(0x7f00000001c0)={0x2, 0x4e20, @loopback}, 0x10) accept$packet(r0, &(0x7f00000003c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @local}, &(0x7f0000000400)=0x14) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000440)={'veth0_to_team\x00', 0x0}) sendmsg$inet(r0, &(0x7f0000000600)={&(0x7f0000000080)={0x2, 0x4e23, @multicast1}, 0x10, &(0x7f0000000380)=[{&(0x7f00000000c0)="44da8078806507b99b923741b56a3134bf4eeda188982fa66ed613b73365ab42014604f087", 0x25}, {&(0x7f0000000100)="d4cec6bf0295a176b123a273d991b7754f6daabfb3a175f02c9133815f269c195e322a67a8ddeb6387b604c50af2c00f2d3cc254a75e4f37f5f88f054ccd09dd5eab1f44f7779244fc9650e743d6cde052e9371a06968ef4f2ae72f005ccaf607ef86e6605745360166c96bdc8c83e9eaa0dc70d5b68edcb0c771beb6b8a21106beb301020f7e53ba681dd12e18dbaf489c4ed187af9b96f13663a4aa20bca69e58c52bc290d34f33dcb715b488dd2eb9f34", 0xb2}, {&(0x7f0000000200)="4cbbdb81b4072812e7fd401f2e63b66ede817c91c0efd05f86402730f051063c6cf411f73d2b335c0c91198637b05823430050cb4b51776d3d5e7368981e56efde1848d21890ec122c665ef28fbd65aaede4d6bb1185644b6d9bd0e5e2a2a71e52c4eb5bc1808ac963736f083cfbc076783738", 0x73}, {&(0x7f0000000280)="5883e8ec0b3c1353ac2d45bc605e0f0013d07936c25097382e6c499a42f286d53030e1626a9d0cdf0fd34bf60e072b1e87219341bb74108601f5ca4c20c1d9117f8446df2f0f8fe8233c8f15d530897a6709988874d2a10e00d6843d6b2ea5756d3403fb9b7fa27ce135ebb78ab90a8e2cdf5630517a472a3eca06e89ef72750536f0f5a79ed3cb8ee7a4438acfce8f1037f4328f2476fd49a09cfe4a53460d6d6d25486a755b18924f0882a18262e1f20cca60a8394b0dec7a3b3eab910e51b0b", 0xc1}], 0x4, &(0x7f0000000480)=[@ip_tos_u8={{0x11, 0x0, 0x1, 0x4800000000000}}, @ip_pktinfo={{0x1c, 0x0, 0x8, {r1, @broadcast, @multicast1}}}, @ip_tos_int={{0x14, 0x0, 0x1, 0x7fff}}, @ip_pktinfo={{0x1c, 0x0, 0x8, {r2, @rand_addr=0x100000000, @empty}}}, @ip_retopts={{0x5c, 0x0, 0x7, {[@noop, @timestamp={0x44, 0x2c, 0x8, 0x1, 0x8001, [{[@empty], 0x3}, {}, {[@loopback], 0x1000}, {[], 0x10001}, {[@multicast1], 0x40}, {[@remote], 0x5917}]}, @lsrr={0x83, 0x1f, 0xdab, [@empty, @local, @loopback, @multicast1, @remote, @empty, @empty]}]}}}, @ip_ttl={{0x14, 0x0, 0x2, 0x7}}, @ip_tos_int={{0x14, 0x0, 0x1, 0x100}}, @ip_retopts={{0x48, 0x0, 0x7, {[@lsrr={0x83, 0x27, 0x2, [@dev={0xac, 0x14, 0x14, 0x12}, @remote, @empty, @multicast2, @rand_addr, @multicast1, @multicast1, @empty, @empty]}, @noop, @lsrr={0x83, 0x7, 0x1ff, [@loopback]}, @noop, @rr={0x7, 0x7, 0x8000, [@local]}]}}}], 0x148}, 0x1) sendto$inet(r0, &(0x7f0000000900)="ba", 0x1, 0x0, 0x0, 0x0) ioctl$KVM_ARM_SET_DEVICE_ADDR(r0, 0x4010aeab, &(0x7f0000000040)={0x0, 0x104001}) recvfrom$rxrpc(r0, 0x0, 0x1a0, 0x0, 0x0, 0x0) [ 481.169746] kauditd_printk_skb: 19 callbacks suppressed [ 481.169755] audit: type=1400 audit(2000000267.559:2152): avc: denied { map } for pid=18084 comm="blkid" path="/sbin/blkid" dev="sda1" ino=16128 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=0 03:37:47 executing program 3: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f000000b000)={0x0, 0x0, &(0x7f00005a6ff0)={&(0x7f0000451ccc)=ANY=[@ANYBLOB="100100e91a0001000000000000000000fe80ff0f0000000000000000000000007f00000100000000ef00"/64, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="00000000000000000000000000000000000000002b0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a000000000000000000000014000e00ac1414aa0000000000000000000000000c0015000000000000000000"], 0x110}}, 0x0) 03:37:47 executing program 0: r0 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(r0, &(0x7f000047b000)={0xa, 0x4e20}, 0x1c) listen(r0, 0x4000000020000000) r1 = socket$inet6(0xa, 0x6, 0x0) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) connect$inet6(r1, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r3 = accept4(r0, 0x0, 0x0, 0x0) recvfrom$unix(r3, 0x0, 0x0, 0x0, 0x0, 0x0) sendmmsg(r3, &(0x7f0000003d40)=[{{0x0, 0x0, 0x0}}], 0x4000000000000d0, 0x0) ioctl$SCSI_IOCTL_GET_BUS_NUMBER(0xffffffffffffffff, 0x5386, 0x0) r4 = dup3(r2, r2, 0x80000) ioctl$KVM_GET_LAPIC(r4, 0x8400ae8e, &(0x7f0000000040)={"e4371a0568fd0daa08ef16efc4abe515b7ffd4cbe2aaedd3f79c00a944db39b22edb0647c44edec008ad4be6352876b41469fa64621dfc53be3440a1e1654a4268bc2ae2733048ef2d3c1f9efdc28c46227373feedf323f8317cc671b039caff8c05c1be34d571e86a6a10510407790721088011cf6eb83f09848cf6754795f98e68576bd22c979ac642d8426b99b8595af8ca556769513ada991e3bd4ecad3a77bd814300e5c53eff8c41a3a859c56392c1e991edceed73f3f312b0489f9e2d8cf7a5ce66e2db0a6b1fd2ace024a83dedf52ee2679d54852b34b9fdb1a45294d4fd1beac734deecbd840cd47265984c4507e915a747f052726984c65b93c804446a585b3ac92fb16c4d32fd8acd41c06f0848ad8350cae9caa406e5cbeb941ecc9230188afc6b3a597407edb61f8f99b548d7f0baf435e640096e4093a04a6a09a3d917781472689551c334715e751f54767a1c541ad09d68475a948dd530bbcd85b424fd2a1d0a60402904181e398ed88f1f361d21fc3ab87f7c0bb6272849b1b36c8c85536711b2581c7dd9ad1cf6080360fa624a104bbf8ffa339eebc4cbd8699d3c9210bbd8c154f1877b0892dbc2dbeb4b4f3457832aa50cea7a4eb503eb93cd3c07ab607da3b8a01ee724c476caf5c92f2985947bc7ba05103005ef50e6c50ed7bcbbbfba1e7ee56f9757a4b9a4d3f94caefe3b65aecb0a65a69ba8f8c4f530cbd1993f1e376cc06d137b348e3b2b71ce2e744d176c950a830b49cf04dc03805aa02a34a87a38439e7a3194650cc8c44d1ed9047e7e603ec7ff118dbd8a9dba53b83ebeeb0f47914d5f510995912c57e4efb959849b4dfd268eb23d59566e7be21961c5d88c7e371e3f73eae8baa25096ceeafd15a660e96ee052d06769ded7e384fce205e80465b2332ddb3cb3ab17cea981a72646f3fafee223f085b233e5d42baa3a3e88de2ef7f52a32e73f4c688a30b508ed5588c6a2c045081ee1839a1f20c01dc1ed3af611f1f456d70b6ba59caabfea69012fae16667d1e53df21609b5cc11f5abe9ffc71aae95e4948b01b76400df59a533cbab95b44911c762517fa31733d3af1ef6fb3bf6bff3bb9ae861d9abf0c32114a1c090cb1a9c085e1f9d8b00a7eb9373e41eaa8b386bcfa0be6e8f7f5af60dc3336f443ccc6686228b38c82fdc6c2028b34b12c975ed3c474b3629aa9913055940dece028554d00e98891ad1f6bc6d2ce4b88f3d072ac629f1bff33e34b8f7d93640209d491b67aebbada933a255789ae4e9f8d6feb86af41cf91d7bae3220e5644f9537e98e5e08cc28fe31be93d780a276b5c574344fc2c4f3aeefb48a286e272bccc26e5006cf37166b54ec0692d7e8cdec0fad3e0ae00bab8411cfbd5416a46ad38193d078a78f72af012d19dc21eac88c383732656401cc2e66d0cdeeab8d29a5d6eb437"}) [ 481.212016] sg_write: data in/out 167162/24 bytes for SCSI command 0xff-- guessing data in; [ 481.212016] program syz-executor.1 not setting count and/or reply_len properly [ 481.238700] FAULT_INJECTION: forcing a failure. [ 481.238700] name failslab, interval 1, probability 0, space 0, times 0 03:37:47 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") r1 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x8046) write(r1, &(0x7f0000000100)="b63db85e1e8d020000000000003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1acfbd6cbf87798a9b02de7a91a3cbdfa009cf75a7eadb2a00", 0x48) readv(r1, 0x0, 0x0) [ 481.252596] audit: type=1400 audit(2000000267.599:2153): avc: denied { create } for pid=18080 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=0 [ 481.280212] CPU: 0 PID: 18088 Comm: syz-executor.4 Not tainted 4.14.134 #30 [ 481.287326] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 481.296690] Call Trace: [ 481.299283] dump_stack+0x138/0x19c [ 481.302921] should_fail.cold+0x10f/0x159 [ 481.307083] should_failslab+0xdb/0x130 [ 481.311095] kmem_cache_alloc_node_trace+0x280/0x770 03:37:47 executing program 3: r0 = socket$pptp(0x18, 0x1, 0x2) bind$pptp(r0, &(0x7f0000000000)={0x18, 0x2, {0x0, @local}}, 0x1e) connect$pptp(r0, &(0x7f00000000c0)={0x18, 0x2, {0x3, @initdev}}, 0x1e) [ 481.316211] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 481.321676] __kmalloc_node_track_caller+0x3d/0x80 [ 481.326691] __kmalloc_reserve.isra.0+0x40/0xe0 [ 481.331385] __alloc_skb+0xcf/0x500 [ 481.335018] ? skb_scrub_packet+0x4b0/0x4b0 [ 481.339351] ? netlink_has_listeners+0x20a/0x330 [ 481.344127] kobject_uevent_env+0x781/0xc23 [ 481.348496] ? internal_create_group+0x49a/0x7b0 [ 481.353267] kobject_uevent+0x20/0x26 [ 481.356142] sg_write: data in/out 167162/24 bytes for SCSI command 0xff-- guessing data in; [ 481.356142] program syz-executor.1 not setting count and/or reply_len properly [ 481.357072] lo_ioctl+0x11e7/0x1ce0 [ 481.357088] ? loop_probe+0x160/0x160 [ 481.357101] blkdev_ioctl+0x96b/0x1860 [ 481.357111] ? blkpg_ioctl+0x980/0x980 [ 481.357130] ? __might_sleep+0x93/0xb0 [ 481.392136] ? __fget+0x210/0x370 [ 481.395592] block_ioctl+0xde/0x120 [ 481.399222] ? blkdev_fallocate+0x3b0/0x3b0 [ 481.403542] do_vfs_ioctl+0x7ae/0x1060 [ 481.407437] ? selinux_file_mprotect+0x5d0/0x5d0 [ 481.412194] ? lock_downgrade+0x6e0/0x6e0 [ 481.416346] ? ioctl_preallocate+0x1c0/0x1c0 03:37:47 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") r1 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x8046) write(r1, &(0x7f0000000100)="b63db85e1e8d020000000000003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1acfbd6cbf87798a9b02de7a91a3cbdfa009cf75a7eadb2a00", 0x48) readv(r1, 0x0, 0x0) [ 481.420765] ? __fget+0x237/0x370 [ 481.424226] ? security_file_ioctl+0x89/0xb0 [ 481.428649] SyS_ioctl+0x8f/0xc0 [ 481.432015] ? do_vfs_ioctl+0x1060/0x1060 [ 481.436176] do_syscall_64+0x1e8/0x640 [ 481.440069] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 481.444922] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 481.450113] RIP: 0033:0x459697 [ 481.453300] RSP: 002b:00007f4eb8d06a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 481.461017] RAX: ffffffffffffffda RBX: 0000000020000228 RCX: 0000000000459697 03:37:47 executing program 0: r0 = syz_init_net_socket$llc(0x1a, 0x2, 0x0) connect$llc(r0, &(0x7f0000000000)={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @link_local}, 0x10) r1 = syz_open_dev$vcsa(&(0x7f0000000040)='/dev/vcsa#\x00', 0x8, 0x6000) ioctl$SCSI_IOCTL_TEST_UNIT_READY(r1, 0x2) [ 481.468284] RDX: 0000000000000006 RSI: 0000000000004c00 RDI: 0000000000000007 [ 481.475553] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 481.476730] audit: type=1400 audit(2000000267.629:2154): avc: denied { create } for pid=18080 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=0 [ 481.482818] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000006 [ 481.482825] R13: 00000000004c88e2 R14: 00000000004df6b0 R15: 0000000000000005 [ 481.524502] sg_write: data in/out 167162/24 bytes for SCSI command 0xff-- guessing data in; [ 481.524502] program syz-executor.1 not setting count and/or reply_len properly [ 481.576327] audit: type=1400 audit(2000000267.819:2155): avc: denied { name_bind } for pid=18099 comm="syz-executor.0" src=20000 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:port_t:s0 tclass=dccp_socket permissive=0 [ 481.600918] audit: type=1400 audit(2000000267.829:2156): avc: denied { name_connect } for pid=18099 comm="syz-executor.0" dest=20000 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:port_t:s0 tclass=dccp_socket permissive=0 [ 481.624859] audit: type=1400 audit(2000000267.839:2157): avc: denied { name_bind } for pid=18099 comm="syz-executor.0" src=20000 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:port_t:s0 tclass=dccp_socket permissive=0 [ 481.649212] audit: type=1400 audit(2000000267.839:2158): avc: denied { name_connect } for pid=18099 comm="syz-executor.0" dest=20000 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:port_t:s0 tclass=dccp_socket permissive=0 [ 481.673322] audit: type=1400 audit(2000000267.889:2159): avc: denied { create } for pid=18082 comm="syz-executor.5" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=0 [ 481.697704] audit: type=1400 audit(2000000267.889:2160): avc: denied { create } for pid=18082 comm="syz-executor.5" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=0 [ 481.722077] audit: type=1400 audit(2000000267.959:2161): avc: denied { map } for pid=18115 comm="blkid" path="/sbin/blkid" dev="sda1" ino=16128 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=0 03:37:50 executing program 2: socketpair$unix(0x1, 0x0, 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="2001000010db55000000000000649bdb382db60cdb35feaf0900000000000000000000000000201483d9b22701010000d08a38cd02fa9ed7d2"], 0x1}}, 0x0) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x38) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, 0x0, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r0, 0x0, 0x0) 03:37:50 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") r1 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x8046) write(r1, &(0x7f0000000100)="b63db85e1e8d020000000000003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1acfbd6cbf87798a9b02de7a91a3cbdfa009cf75a7eadb2a00", 0x48) readv(r1, &(0x7f000085dff0), 0x0) 03:37:50 executing program 3: r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) stat(&(0x7f0000000140)='./file1\x00', &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0}) getgroups(0x2, &(0x7f0000000200)=[0xee00, 0xee01]) stat(&(0x7f0000000240)='./file0\x00', &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0}) lstat(&(0x7f0000000340)='./file0\x00', &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, 0x0}) mount$fuse(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000100)='fuse\x00', 0x29028, &(0x7f0000000480)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {'user_id', 0x3d, r1}, 0x2c, {'group_id', 0x3d, r2}, 0x2c, {[{@default_permissions='default_permissions'}, {@default_permissions='default_permissions'}, {@max_read={'max_read', 0x3d, 0xfff}}], [{@euid_eq={'euid', 0x3d, r3}}, {@uid_lt={'uid<', r4}}, {@smackfsfloor={'smackfsfloor', 0x3d, 'nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4'}}, {@func={'func', 0x3d, 'BPRM_CHECK'}}, {@dont_measure='dont_measure'}]}}) request_key(0x0, 0x0, &(0x7f0000000900)='\x00', 0xfffffffffffffffd) perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, @perf_bp={0x0}, 0x200000000, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$VFIO_CHECK_EXTENSION(r0, 0x3b65, 0x0) ioctl$VIDIOC_QUERYSTD(r0, 0x8008563f, &(0x7f0000000380)) mount(0x0, &(0x7f0000000280)='./file0\x00', &(0x7f00000003c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) ioctl$ASHMEM_GET_PIN_STATUS(r0, 0x7709, 0x0) 03:37:50 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x100000000, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x1, 0xc000) ioctl$SCSI_IOCTL_DOORLOCK(r0, 0x5380) r1 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000000180)='/dev/dlm-monitor\x00', 0x2001, 0x0) setsockopt$inet6_MCAST_JOIN_GROUP(r1, 0x29, 0x2a, &(0x7f0000000500)={0x1, {{0xa, 0x4e23, 0x3, @mcast2, 0xfff}}}, 0x88) ioctl$TIOCGPTLCK(r1, 0x80045439, &(0x7f0000000400)) openat$ashmem(0xffffffffffffff9c, 0x0, 0x0, 0x0) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000080)='/dev/loop-control\x00', 0x2000000000000000, 0x0) ioctl$LOOP_CTL_ADD(r3, 0x4c80, 0x0) flock(0xffffffffffffffff, 0x8) setsockopt$TIPC_GROUP_JOIN(r1, 0x10f, 0x87, &(0x7f0000000280)={0x40, 0x0, 0x1}, 0x10) ioctl$SIOCRSGL2CALL(r1, 0x89e5, &(0x7f00000002c0)=@netrom) ioctl$LOOP_CTL_REMOVE(r3, 0x4c81, 0x0) r4 = syz_open_dev$vcsn(&(0x7f0000000000)='/dev/vcs#\x00', 0x0, 0x40) unshare(0x20000) ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f0000000480)=ANY=[@ANYBLOB="ff03000000000000ffffffff000000000200000000000000", @ANYRES32=r2, @ANYBLOB="0000000fff00002100ae795399562194ba00"/31, @ANYRES32=r2, @ANYBLOB='\x00\x00\x00\x00~\x00'/28]) prctl$PR_GET_FPEMU(0x9, &(0x7f0000000240)) ioctl$FS_IOC_FIEMAP(r1, 0xc020660b, &(0x7f0000000300)={0x1ff, 0x200, 0x4, 0x8db, 0x2, [{0x40, 0x2, 0x42}, {0x2, 0x81, 0x8000, 0x0, 0x0, 0x400}]}) r5 = syz_open_procfs$namespace(0x0, &(0x7f00000001c0)='ns/pid\x00') setns(r5, 0x0) ioctl$void(r2, 0xc0045878) syslog(0x2, &(0x7f0000000000)=""/156, 0x9c) syz_open_dev$midi(&(0x7f00000000c0)='/dev/midi#\x00', 0x6, 0x10080) ioctl$PIO_CMAP(r1, 0x4b71, &(0x7f0000000200)={0xfffffffffffffff9, 0xfff, 0xffff, 0x1, 0x11, 0x2}) accept$inet(r4, &(0x7f00000003c0), &(0x7f0000000440)=0x10) 03:37:50 executing program 4 (fault-call:1 fault-nth:25): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f0000000380)="8da4363ac0ed0000000000000000004d01000000000000000000000000000013fff6f2a2299748aeb81e1b00920efd9a000001000000000001000000000000005f42485266535f4d860c1317278d451fd38e4071a1e91c0523b67fecca5b668ef40000000000000000e4bd9fa7c5fcb3aefd8d4a6c4952162a5a06316567de06abe647d21f253840c118ae9982c6c238e719ccfbd8f5ee215e30bf31f59401e921c6a9fca5349ebf4294d39b5931232929caf81701a7540962141efc672ae1459ef04de89c7a092e7f", 0xc9, 0x10000}], 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) 03:37:50 executing program 5: r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r0, 0xc1105517, &(0x7f0000000100)={{0x0, 0x0, 0x0, 0x0, 'syz1\x00'}, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 'syz0\x00', 0x0}) r1 = dup(r0) ioctl$FIBMAP(r1, 0x1, &(0x7f0000000280)=0xffd) write$P9_RWRITE(r1, &(0x7f0000000000)={0xb, 0x77, 0x1, 0xffffffffffff8000}, 0xb) splice(r0, &(0x7f0000000040)=0x22, r0, &(0x7f0000000080), 0x80000001, 0xa) [ 484.225780] sg_write: data in/out 167162/24 bytes for SCSI command 0xff-- guessing data in; [ 484.225780] program syz-executor.1 not setting count and/or reply_len properly [ 484.245802] FAULT_INJECTION: forcing a failure. [ 484.245802] name failslab, interval 1, probability 0, space 0, times 0 [ 484.258708] CPU: 0 PID: 18129 Comm: syz-executor.4 Not tainted 4.14.134 #30 [ 484.265852] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 484.275206] Call Trace: 03:37:50 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") r1 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x8046) write(r1, &(0x7f0000000100)="b63db85e1e8d020000000000003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1acfbd6cbf87798a9b02de7a91a3cbdfa009cf75a7eadb2a00", 0x48) readv(r1, &(0x7f000085dff0), 0x0) [ 484.277807] dump_stack+0x138/0x19c [ 484.281442] should_fail.cold+0x10f/0x159 [ 484.285597] should_failslab+0xdb/0x130 [ 484.289578] kmem_cache_alloc_node_trace+0x280/0x770 [ 484.294693] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 484.300157] __kmalloc_node_track_caller+0x3d/0x80 [ 484.305091] __kmalloc_reserve.isra.0+0x40/0xe0 [ 484.308550] sg_write: data in/out 167162/24 bytes for SCSI command 0xff-- guessing data in; [ 484.308550] program syz-executor.1 not setting count and/or reply_len properly 03:37:50 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") r1 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x8046) write(r1, &(0x7f0000000100)="b63db85e1e8d020000000000003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1acfbd6cbf87798a9b02de7a91a3cbdfa009cf75a7eadb2a00", 0x48) readv(r1, &(0x7f000085dff0), 0x0) [ 484.309768] __alloc_skb+0xcf/0x500 [ 484.309780] ? skb_scrub_packet+0x4b0/0x4b0 [ 484.309793] ? netlink_has_listeners+0x20a/0x330 [ 484.309808] kobject_uevent_env+0x781/0xc23 [ 484.309818] ? internal_create_group+0x49a/0x7b0 [ 484.309838] kobject_uevent+0x20/0x26 [ 484.351304] lo_ioctl+0x11e7/0x1ce0 [ 484.354937] ? loop_probe+0x160/0x160 [ 484.354950] blkdev_ioctl+0x96b/0x1860 [ 484.354960] ? blkpg_ioctl+0x980/0x980 [ 484.362672] ? __might_sleep+0x93/0xb0 [ 484.362681] ? __fget+0x210/0x370 [ 484.362694] block_ioctl+0xde/0x120 [ 484.362704] ? blkdev_fallocate+0x3b0/0x3b0 [ 484.362715] do_vfs_ioctl+0x7ae/0x1060 [ 484.362727] ? selinux_file_mprotect+0x5d0/0x5d0 [ 484.362744] ? lock_downgrade+0x6e0/0x6e0 [ 484.362756] ? ioctl_preallocate+0x1c0/0x1c0 [ 484.362766] ? __fget+0x237/0x370 [ 484.362784] ? security_file_ioctl+0x89/0xb0 [ 484.362796] SyS_ioctl+0x8f/0xc0 [ 484.409831] sg_write: data in/out 167162/24 bytes for SCSI command 0xff-- guessing data in; [ 484.409831] program syz-executor.1 not setting count and/or reply_len properly [ 484.410259] ? do_vfs_ioctl+0x1060/0x1060 [ 484.410275] do_syscall_64+0x1e8/0x640 [ 484.410284] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 484.410301] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 484.410310] RIP: 0033:0x459697 [ 484.410315] RSP: 002b:00007f4eb8d06a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 484.410326] RAX: ffffffffffffffda RBX: 0000000020000228 RCX: 0000000000459697 [ 484.410332] RDX: 0000000000000006 RSI: 0000000000004c00 RDI: 0000000000000007 [ 484.410338] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a 03:37:50 executing program 5: r0 = dup(0xffffffffffffffff) socket$nl_generic(0x10, 0x3, 0x10) syz_open_dev$sndseq(0x0, 0x0, 0x0) sched_setaffinity(0x0, 0x7, &(0x7f00000000c0)=0x9) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = creat(&(0x7f0000000180)='./bus\x00', 0x0) ftruncate(r1, 0x8003f1) r2 = open(&(0x7f0000000200)='./bus\x00', 0x121401, 0x0) ioctl$TIOCGPTPEER(r2, 0x5441, 0x3) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000140)) ioctl$FS_IOC_FIEMAP(r2, 0xc020660b, &(0x7f0000000000)=ANY=[@ANYBLOB="0000000000000000ffffffff0057b0000000000000000000000000000000000000aa648ae390d702bacc16c705dd13c63cd3ca1292035aa079"]) modify_ldt$write(0x1, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x7, 0x0, 0x7, 0x0, 0x17c267d8, 0x7}, 0x10) getsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, 0x0, &(0x7f0000000340)) ioctl$BLKBSZGET(0xffffffffffffffff, 0x80081270, 0x0) ioctl$sock_inet_SIOCGIFNETMASK(r0, 0x891b, &(0x7f00000000c0)={'gretap0\x00', {0x2, 0x0, @multicast2}}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) add_key$keyring(0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd) unshare(0x0) prctl$PR_GET_TIMERSLACK(0x1e) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, 0x0) set_mempolicy(0x0, &(0x7f0000000100)=0x7, 0x800) 03:37:50 executing program 3: openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='cpuacct.usage_sys\x00\xc7\xec\xac\xd9&{\x0f\x96\xad\xd1\x8fl![\x8f\xb9\f\xca\x1d\xc2{\xee\xb7\x03K\x0f\xa6\xaa;\xf6\x89\xf7b^\xa5\xafI\r\xc4\x9f\v\xf2\x1c\xdc\xddp2\xb7\xbb\x1b\xfev\xea\xed\xe0\xaa\xe8\xceR`\xbb\xf2\xed;pC\x19\xbfn\x16\xaa\x199\xfe.Q\xebvB\xd2\x19&l?\x87\x17H\x1f.\xdbA\x1b\xafz\xe3\xdc};*\xec\xfe\xfa\xfb/\x18g\x80y\xfe\x89', 0x26e1, 0x0) close(r0) ioctl$VHOST_SET_VRING_ADDR(r1, 0x4028af11, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000380)=""/179, &(0x7f0000000440)=""/44, &(0x7f0000000480)=""/77, 0x100000}) close(r1) socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000040)) write$cgroup_type(r1, &(0x7f0000000080)='threaded\x00', 0xfffffc61) socket$kcm(0x29, 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) recvmsg(r0, &(0x7f0000000140)={0x0, 0x1d, &(0x7f0000000000)=[{&(0x7f00000000c0)=""/110, 0x2000012e}], 0x1, 0x0, 0xd01}, 0x3f00) ioctl$SNDRV_CTL_IOCTL_RAWMIDI_NEXT_DEVICE(r1, 0xc0045540, &(0x7f00000002c0)=0x4) close(r1) openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000280)='/dev/dlm_plock\x00', 0x400, 0x0) recvmsg$kcm(0xffffffffffffffff, 0x0, 0x0) socketpair(0x8, 0x80000, 0xfffffffffffffc4e, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_inet_udp_SIOCOUTQ(r2, 0x5411, &(0x7f0000000340)) geteuid() clone(0x0, 0x0, 0x0, 0x0, 0x0) ioctl$TUNSETVNETHDRSZ(0xffffffffffffffff, 0x400454d8, 0x0) [ 484.410344] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000006 [ 484.410350] R13: 00000000004c88e2 R14: 00000000004df6b0 R15: 0000000000000005 03:37:50 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") r1 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x8046) write(r1, &(0x7f0000000100)="b63db85e1e8d020000000000003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1acfbd6cbf87798a9b02de7a91a3cbdfa009cf75a7eadb2a00", 0x48) readv(r1, &(0x7f000085dff0)=[{0x0}], 0x1) 03:37:50 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") r1 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x8046) write(r1, &(0x7f0000000100)="b63db85e1e8d020000000000003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1acfbd6cbf87798a9b02de7a91a3cbdfa009cf75a7eadb2a00", 0x48) readv(r1, &(0x7f000085dff0)=[{0x0}], 0x1) [ 484.553943] sg_write: data in/out 167162/24 bytes for SCSI command 0xff-- guessing data in; [ 484.553943] program syz-executor.1 not setting count and/or reply_len properly [ 484.626320] sg_write: data in/out 167162/24 bytes for SCSI command 0xff-- guessing data in; [ 484.626320] program syz-executor.1 not setting count and/or reply_len properly [ 485.200128] net_ratelimit: 16 callbacks suppressed [ 485.200134] protocol 88fb is buggy, dev hsr_slave_0 [ 485.200394] protocol 88fb is buggy, dev hsr_slave_0 [ 485.205198] protocol 88fb is buggy, dev hsr_slave_1 [ 485.210489] protocol 88fb is buggy, dev hsr_slave_1 [ 485.215335] protocol 88fb is buggy, dev hsr_slave_0 [ 485.231120] protocol 88fb is buggy, dev hsr_slave_1 [ 485.440125] protocol 88fb is buggy, dev hsr_slave_1 [ 485.760123] protocol 88fb is buggy, dev hsr_slave_0 [ 485.765225] protocol 88fb is buggy, dev hsr_slave_1 03:37:53 executing program 2: socketpair$unix(0x1, 0x0, 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="2001000010db55000000000000649bdb382db60cdb35feaf0900000000000000000000000000201483d9b22701010000d08a38cd02fa9ed7d2"], 0x1}}, 0x0) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x38) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, 0x0) ptrace$cont(0x9, r0, 0x0, 0x0) 03:37:53 executing program 5: r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000240)='/dev/dsp\x00', 0x102, 0x0) ioctl$int_in(r0, 0xc0000880045017, &(0x7f0000000000)) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f00000000c0)={0x0, 0x18, 0xfa00, {0x2, &(0x7f0000000080)={0xffffffffffffffff}, 0x13f, 0x8}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_IP(r0, &(0x7f0000000100)={0x3, 0x40, 0xfa00, {{0xa, 0x4e64, 0x0, @remote, 0x8001}, {0xa, 0x4e21, 0x2, @empty, 0x5}, r1, 0x1}}, 0x48) socket$inet6_dccp(0xa, 0x6, 0x0) ioctl$PIO_CMAP(r0, 0x4b71, &(0x7f0000000040)={0x7, 0x80, 0x8, 0x1, 0x8, 0x1}) ioctl$VIDIOC_CROPCAP(r0, 0xc02c563a, &(0x7f00000001c0)={0x7, {0xfff, 0x1000, 0x5, 0x7}, {0x4, 0x35c07033, 0xfffffffffffff000, 0x80}, {0x8102, 0x6}}) write$eventfd(r0, &(0x7f0000000300)=0x2000000000007f, 0x2f) getpeername$netrom(r0, &(0x7f0000000280)={{0x3, @netrom}, [@default, @remote, @null, @remote, @null, @default, @netrom, @netrom]}, &(0x7f0000000180)=0x48) 03:37:53 executing program 0: request_key(&(0x7f0000000100)='trusted\x00', &(0x7f0000000200)={'syz', 0x0}, &(0x7f0000000240)='/dev/vcs\x00', 0xfffffffffffffffe) r0 = add_key$keyring(&(0x7f0000000280)='keyring\x00', &(0x7f00000002c0)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffd) r1 = add_key$user(&(0x7f0000000300)='user\x00', &(0x7f0000000340)={'syz', 0x3}, &(0x7f0000000380)="9cb4d4d521be00b12fb70e9fa2bd8a3f51b26367c917ec6d3191613dbf85e43fb42322e4d9a71d79db1356f0b3a246a1ac98381790bd1c8facb408255a3c14486d20ac94bc18b0c8c59056f4841c711e638fe93a3fb5e7847bca0c02d8918191274c4ae4a2d70ecc", 0x68, 0xfffffffffffffffc) keyctl$instantiate(0xc, r1, &(0x7f00000014c0)=ANY=[@ANYRES16, @ANYRESDEC, @ANYRES64, @ANYPTR, @ANYPTR=&(0x7f0000000400)=ANY=[@ANYRESDEC], @ANYPTR=&(0x7f0000000480)=ANY=[@ANYRES64, @ANYBLOB="7e23af99510209997aff12de04fc905455a6d5c8f75464fdc0b0474c104ad14f12d944080cd813b91e0ed210d53d72734a68c284b46e169cc7fa0a5780ce5b95caf0b1d8c867fafeb675aafb069cc733cbbbd77a5abb2fec79a1e510eef2e9d8cc2f3162c7fb87788c84cca0aa14139ac91ed1b4027253d6fe24869046133ace77424ce744526885c10a86c16d898b5c981d7a760aed1518b77add1d18117f8f17bcf99746313b1ea070f874f8367d76322abd96d5b121b82879e7f0f80552a9760343b6c233772fd47deeab90c3e8f582266c24f816b8cc94a87e4eabbb03924ac2ad23228b4fe88547e61c60d7f34ea015a71f51265c8d218b53f4717b47b1d9d0daf15a8afdb80b0b690f8695320c4b051f95504047cdce3ded3232fc5e01bb842fcc30d8523fe7c226b737e0d1bbdddbd381b8f78a7cbd4bdffb838b8c8396a7ad48ca28ab650eb6920dc502d63e386ea761a6a7299dcc025d306543f73c95577839efe8c820c7c6767533b6e7295dc709f92b64118999f49983312386cb51ce19098c5d4fa52ccfe75adff6f5348ba1aad7ad0c139b64f5a8bf60edc8c4364db53319c1b68b6569950a923c7b1318e752a08bb1d1dfc2eacc0c9e0a6eee297b665e1c6027526e4613988bab7d611212b7188be4f178e00434fd4b32817235d3d9d08bc22ea539c53ae08c6b40e7d1fee6cf07fc326c62615b3c0d14793af04dade037e2e3791dce3f5c1acbb85cf947f0868617a3ad80d09bbf030ab2a32aaf9408cf8ff52f524908fa340a8ee092e3d179b1d3af610bc51a72328d55f5502c8f37bf9890524c3f97040218a276f07b244d8db098595f68057459e3a05562e707f863af40a39cdee0612df6974de26a1f708e54e588d10f1287bf0405f902a2cf15d13f1e2f976b046ec1a396d0331353cd77a2fa16a0362767293b8cc0253d7a733fa70bca100ff0ae5b2721947f0dc80fef49ae302d4a7983fc7c14484349491a9b12295d638e8a7720b1a5370cfb3069d06f362576f5d759abc57af4a45efafb6af369b28267c6a287d68f1990af4ae3bea1dae51f16e252f20bfa57a3cb962d00421ad3dc5bd554738a8aab65ade38292599a0cf304be38616c752f5f3dfdb3b9fd46772a6f7b2c82ec0035ca97d38c1f885b89d7d198b3b5379cd8a33f06f40500bb35a8f2e17b4926dcf60af84be15e1c26b2de9f33087f4aca7c47ca6c7fd88a68a365c8788b0a8cefec5a817d5839ab7d0fe18910125d8cf753d211375048e094cc4bf7c6496890bfe3d5d623880c5cbbdb7b776688fa4d262c78e15c1ef6220708cd3344ec6aff79c42fcc9e201b6845d7cc6e4056f25363b6ebf747b7f8b76975f6a4c0ac39e4a5720f4c43757ead9cc251fd12bc9aa67cf6062604bcc7201563f55e50b74fa1f905964f36a8087e8fcea82a26268f4f9ac66746e263a5742c404fb421758f6e1f123ff66b21ded221dcbda967735fe278b427cb0cffe3b9ac0953069d49e4dece874117558897ab75277c5f6cc65e035f3509a3675e4e4d2d954e11b1251ff61f6dd6890f0df0376d1e96032eef8fc361cd43b8d883c4429643811efb4dd438a6c4c33851f2967b38e87401887b96bd301a9bee894de82edacf58e984451cec6d8936a48be823f8419f92656af9d7be86100f650ee3219dae071b127c69a19cc416a89d2fe9ce8e7c6771d2a79ecf0b55dbac37c502d05b0ce1b5add06e4c8aa146210b68d50cdd403b84092b7fb03fdea815df6114b49ddd332e566cd35f3077b00a5af47c5ec236b69a1cc579f2db621f4210c276501348a0dd99d9824db1e41ad32f56d1ad53a4598bc8371df2a4b6625c891006340730856b48208824041a85af5735dd6f1adf22fe2a5f490f5ed372e63c13c07c015df88e4201f39dee1defe45387250029334cab3164a4301a4dc3386db7104f0b0a4a796c57a2791a6fc67b263b6add5e4e89483f565cba4a670601c1ec0bf0ddf36358ef2d0a6896f2fab16f7ba9d544b7b2a0f09c397db9c410c93c9890e9df2ee99173e1b41fb4b491095b466cff47508ca64e1bfcb36c180ce1151c07733631e230e95eb22abff7b05d298ffead4d6aed6bc6bf2efb44dd7457585cb1b5a0aa8b334a5294107023b37f38686e706f7958ab95df6621865def916678ea9e66cb03e9de0830796ca091ebe131ddde95ea150e1eefcbd6b167d0121ae74e8917c99bfe4b7571029716c6aea0fe8fb4d0ca82827d04bb2ea1fb21abb314fcfd857ed4814fe1afeb096469c11ce51b3f0cd00622b569914337b48436c7b62c9a2d6a8201cca7f312502d8db9a38f96e371e7c8f4e0e0b685f2ce969287261e248968a18fe5893b3a88d2a91d574a83b666046fc2c4b68c0ec7cbfb9e18cecaf703d906c45216bc2f9d279b9ad94a89c757fdc4ecc06370778181f749e2df0aaf958ad1aba29cf0345a30dc443307b382ac1fa5e4b865f5705bd9939fe776772d881dc3d6ef0bdc1a68cd1419e2417fa9f6403cf19d432a52968133188d1b890c1f77946b27fe8103e59c058cc14f46781bce3cd6917dd83bce474cc8b1e30139eb77a0c2de8c3c5577f789dc7af0f32cca524ea429cb25b0e0402ca610b4b32c9104f8d8ef5164eba551057b9f2f72bf333b18f046c8d48b4d28a67a8492352f88acae9ffc37b642285287b38c9964803f86f54b38ea9997c9b38916caaac39d13f65311156805bb9f787deec864963904ab67ccef2f98990efbb8e53018c785135e93b2c4b8537a2cb7b04e253ecef42a50843828f647d67d60600851e99994d2a176314463dc8ae747fc1e844cbc69fd1ed21102fe573a9b60329e303ef8917610779512c3cd8b62568a021a904cbbe53bbeb473298996de789651b1722a5fd7e0d2b0d25163de06288a8e5ffa1bd05cac1ee28723b2ed1bf17e1aa9c8c37daafefe263443a897327ea47557b0914fa4d9e366820c878033ec4fe2382ba594d6568599f7bedb96d393bf640e7e2523a6eaaf8db85573ea4995e26cf48aced98a3724f7f97741402bdf1487ab6271cb199ebbcc8fc80e68aaf864a29bdb227b49da8441c0a9ec31ae8f622a145a5e94679579d116d097a6b6c0243002c4611bb7d82db6ad9e1aa2fd77bdd5ca4c58d3551981481b55fc8b2fb1ed770552d9fb5ead5151df1c0997030a1a0498e7cc0b7c9b955711fbe8cf587dda8344a27145d29faeb89b3d39df0c447d89e8b4f45f96e6d33c4c9ed295575ef4a3d0e5875094ecff11ca2f5927bd79126f9b3b3a815c9ccc931343c9e45ffd716c6e69a9b05b2e57c07f77570c1df836b1225d4b709d50e2b78b29b30371c51d8ceccfdd196d67b0d3725f27f04e47053223b8d59cd4124723dd2110721807ac4d80978a459a3a55d78b395959874f21a3bc3a02eaa7c60eb575d2b20f8877a8c66bad9c5d43ba609959cb1d866033d4de938e07edcd977eae0ce65acc71da3672dec887f098606e68227abc3cf7bc3cc46075839556d0c9737f812a68caa4f24268007be08003b97e80d29824ddb7657a1069d2188254f88a3b78b4d24a8d21e5ae5c85df01cfadabc016b68848d66ca2e7dbdc75f1396b9de834d647dbc529aea2b03908bd299897f4a019fe4c07ad1ae19fd9b2a0192428071106d6871d82645935cf0d23d3cd11f6f0cdb02c5c1bf5b92ad3a7cf2e405abfd6b2f36c4f9667ef1beec18014e6f47b59b51659fbc8381c388ac3542b1c23fcfcf50568e498b7a54e17ad7ca7c31a754000169aa3960b479b68e7f1b91dddfb3e26744b056acb6c80b8ade8a6ec43f91d6ae48e2ced0076fcfd40362620e3a6e14c5172af150c093923de435330756de87d2e60313f44f104eb2dda48ed26be966505d2da28304e2e4e0dcd7bc7c3ebc0c25548de2c9da4d9cb957e3bcf48468f3a421c4159005533e51bf20795b93328a96362adb7353f0df0ed757aa0c37b57bc6c486c076f6749f7934e1ef0193c02d6d4bf989af4fbfa848e223f72b3ecf02c48af3a7fb36cba9a375ff26a044511a909e1a2211b4c26404ba9b92ade0cdfbf262e07e060982b70a5467de6db97f8b6bf37ead97f1be37a84a7535132934dee0c744e9e981da4881faf543de6535523b37f7b5434f2dfd07449493ad65d3f2560140b0f0474f14cc316497a9c55534a446d81b78d28b8f055fdcb5d786cac20dbaaacb9d9cf54156aa8e6f99243cdd19a9878e139c5dfd5f7f08b760d977d5a95350c7ec0db7c498567301f795f17efec55f37ee56b5019f6d4db303c959dd04accf0a4974b41360e4fdfd5281363159a76f120ed8e5d21b2b371b6a1a08ef51b3e981f96fec7fd894de3e3c33e3894b329853067e4ebdf4d6317926f9b666ba078b1da02f476db0491dbbdf386851509ff15b4901d3fd31d8c587da67cfae4f4970287d077d106411b5664eaf4c26707fd9ba9c83b74a061dfb21ace0f6e40918461997b2f54ec38ad40ea46d3ad4c3a1422688037f7562938d37d45f85a2caad002e0ad69c1edf347175a30c62bf052bc2f01c92f48981bf156a339730746b79403e8a7a8167a706ae3c0d8d122c37ad772e4d5115a176a96c50af68e38d33a7f312f8688dc8c529eb4a6ec4e9794f538cb17c65b44643a3f850d1bb7868c3af2bfbfea6523fd019cc11e295aff825f77b9f01b9348816d356fc27c0a60b5884a8cfe2a26b13b6506e3e6238a1dbc564c7ddd119ae9f5d8d13b09a159a33d668d52b57e9633f9acc92bda7d305dbbb37fa54f7fdcc00b593f61230382c1c7314b59150ac4025bc5242112b1cf265d46a14e38c7de68bf7bbcbb1ae042b12fb074040a11113208ee80cfcc56d1e642002a1f569476b3e30e7820f4d737fff6fc7494d5d53bd22fb61ca3d8c356a1630e4cf21e2cd3aa0d96ad71f6670f86511f599c9099f49feddf99d8313a3229c77ea16d83038b239a21c4bc165326bf2f38c9750b02799a79c7bfd3ab5e4cb1ec53b6d36521665851d59bd88a032b73f7a80148cf8cb7a8077a83b921626e02cbf9bca94ce7a25579fbcdfa398bd67bdb2c0b3093bf70a9b22a532e020549dbfa4d002bc5c309fba92cf07df17da0e4b2f162cb3db98ee46f5d08f1b569b94890925a0b3720cfaf29cd88f968701a00a888a3243d9ac013cf5b39158a3767975b3e226c46a467e5b50e37dbc3b23fc5419bdfc1e4368edcf10c5e9f7e5818d6645835a46beefcf0806c06123f68bd3c87bbb205224a0a51b874e936137a5c4c09f6112924f2140eefbb0f994a54bd3a96fa10d4c395fed9eb29ed115cea2a778e4eba0364cc0e9501cc92b4a741a873bb4cdf3ae9b258775c4862af02e90173fa435a31f643f9d0c4b29b3d18a4b8785cbd569681cfe3534c98edf609512e1bc6b3d80211fed44fc3f9d027f2956ab4b95ffda451f5fd1dc6e4de8dd30bae99f5b29ff005a41a881449ef5d24913e1d157a7f2fb24ea0954d48e096693f1535daebbc7a9199fdf21faee2160c6df04583825219f69c44ccb1c68fa623c2709c601f429440d1e3428004cafb9194971c20a6ca21966d56a34abbf21dfe4dcffb1b8e19bcd37f1f83b4c2486841d8fc563df2aaea220222f59c4a97e1906fc678f006600185fe0b16aaf8d60c3a963b247e544f2633e9f470d414dc214b1a7b1a813749499ba1fdbd55a8e407f29e9c59270253c41476fe1684819c5e0b7927eb73e66b35ce60663b85d468568739e8f76f6fd82f0731152986e05673016f461b87a9af74c35479f1eaf90ae35e19d7803a1f50689c", @ANYRESHEX]], 0x6, r0) r2 = accept(0xffffffffffffffff, 0x0, &(0x7f00000001c0)) setsockopt$inet_sctp6_SCTP_AUTO_ASCONF(r2, 0x84, 0x1e, &(0x7f0000001500)=0x5, 0x4) r3 = add_key(&(0x7f0000000140)='encrypted\x00', &(0x7f0000000180)={'syz'}, &(0x7f0000000100), 0xca, 0xfffffffffffffffe) getsockopt$inet_IP_XFRM_POLICY(r2, 0x0, 0x11, &(0x7f0000001540)={{{@in=@local, @in6=@empty, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@initdev}, 0x0, @in=@remote}}, &(0x7f0000001640)=0xfedf) ioprio_get$uid(0x3, r4) r5 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vcs\x00', 0x2, 0x0) write$USERIO_CMD_SEND_INTERRUPT(r5, &(0x7f00000000c0)={0x2, 0x5699c2f}, 0x2) r6 = add_key$user(&(0x7f0000000040)='user\x00', &(0x7f0000000000)={'syz'}, &(0x7f0000000440)='X', 0x1, 0xfffffffffffffffe) keyctl$link(0x8, r6, r3) 03:37:53 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") r1 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x8046) write(r1, &(0x7f0000000100)="b63db85e1e8d020000000000003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1acfbd6cbf87798a9b02de7a91a3cbdfa009cf75a7eadb2a00", 0x48) readv(r1, &(0x7f000085dff0)=[{0x0}], 0x1) 03:37:53 executing program 4 (fault-call:1 fault-nth:26): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f0000000380)="8da4363ac0ed0000000000000000004d01000000000000000000000000000013fff6f2a2299748aeb81e1b00920efd9a000001000000000001000000000000005f42485266535f4d860c1317278d451fd38e4071a1e91c0523b67fecca5b668ef40000000000000000e4bd9fa7c5fcb3aefd8d4a6c4952162a5a06316567de06abe647d21f253840c118ae9982c6c238e719ccfbd8f5ee215e30bf31f59401e921c6a9fca5349ebf4294d39b5931232929caf81701a7540962141efc672ae1459ef04de89c7a092e7f", 0xc9, 0x10000}], 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) 03:37:53 executing program 3: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_int(r0, 0x29, 0x19, &(0x7f0000039000)=0x8, 0x4) r1 = accept4$inet6(r0, 0x0, &(0x7f0000000000), 0x800) ioctl$sock_inet6_tcp_SIOCINQ(r1, 0x541b, &(0x7f0000000040)) ioctl$sock_inet6_tcp_SIOCINQ(r1, 0x541b, &(0x7f0000000080)) syz_emit_ethernet(0xffe4, &(0x7f000010ef70)={@random="cd390b081bf2", @broadcast, [], {@ipv6={0x86dd, {0x0, 0x6, "02290f", 0x38, 0x3a, 0x0, @ipv4, @mcast2, {[], @icmpv6=@dest_unreach={0x1, 0x0, 0x0, 0x0, [], {0x0, 0x6, "d5cae2", 0x0, 0x3a, 0x0, @empty, @mcast2, [], "f601929f106531aa"}}}}}}}, 0x0) getsockopt$inet_sctp6_SCTP_MAXSEG(r1, 0x84, 0xd, &(0x7f00000000c0)=@assoc_value={0x0, 0x6}, &(0x7f0000000200)=0x8) getsockopt$inet_sctp6_SCTP_GET_PEER_ADDRS(r1, 0x84, 0x6c, &(0x7f0000000140)={r2, 0x4e, "7f68597ede4c78a3d5d894fab0525433b3740e1054b54162c99792bc7f465c8ee4940f68f795d3607ddb27302057ddd815db72bf935fa9fb1a25719e9fcc71cfa84dc7b3592c9fe59d517e788572"}, &(0x7f00000001c0)=0x56) [ 487.241164] kauditd_printk_skb: 13 callbacks suppressed [ 487.241178] audit: type=1400 audit(2000000273.639:2175): avc: denied { map } for pid=18172 comm="blkid" path="/sbin/blkid" dev="sda1" ino=16128 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=0 [ 487.271116] encrypted_key: insufficient parameters specified [ 487.278648] FAULT_INJECTION: forcing a failure. [ 487.278648] name failslab, interval 1, probability 0, space 0, times 0 03:37:53 executing program 5: r0 = shmget$private(0x0, 0x4000, 0x41, &(0x7f0000938000/0x4000)=nil) shmat(r0, &(0x7f000093a000/0x4000)=nil, 0xc000) r1 = syz_open_dev$usbmon(&(0x7f0000000000)='/dev/usbmon#\x00', 0x4eaad054, 0x40) getsockopt$inet6_int(r1, 0x29, 0x50, &(0x7f0000000140), &(0x7f0000000180)=0x4) write$P9_RREAD(r1, &(0x7f0000000040)={0xcd, 0x75, 0x2, {0xc2, "aa856b25aa9f3c0a3eb6de6283befe611e73f8bd42dc2221892df7763c62acaf534f56485e41217b6394a571092bf79cce8bfc5cee5250f5cd0adb0bfda82b246ac08950ad9d1311e4f4d4be28c831dc2680afe48400c51ade41dfb5b756009627a9dc68c447a08ef997416eb923bdae6baa36caa30b9271a56f0b89cb422970adf5d76d408ec66ba77aadeadaef918e4eb004bbadd6e15b67f0d4c4e78668da7ce125988a248b961b97a9bcc31ee43b98124e41de2009c5c91f388548f1dee25d68"}}, 0xcd) [ 487.280145] protocol 88fb is buggy, dev hsr_slave_0 [ 487.312387] CPU: 0 PID: 18171 Comm: syz-executor.4 Not tainted 4.14.134 #30 [ 487.314496] sg_write: data in/out 167162/24 bytes for SCSI command 0xff-- guessing data in; [ 487.314496] program syz-executor.1 not setting count and/or reply_len properly [ 487.319539] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 487.319545] Call Trace: [ 487.319565] dump_stack+0x138/0x19c [ 487.319584] should_fail.cold+0x10f/0x159 [ 487.319603] should_failslab+0xdb/0x130 03:37:53 executing program 3: sendmsg$IPVS_CMD_SET_CONFIG(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) request_key(&(0x7f0000000000)='user\x00', &(0x7f0000000040)={'syz'}, &(0x7f0000000080), 0xfffffffffffffffd) r0 = socket$inet(0x2, 0x4000000000000001, 0x0) sendto$inet(r0, 0x0, 0x0, 0x0, 0x0, 0xb2) recvmmsg(r0, &(0x7f0000005bc0)=[{{0x0, 0x0, &(0x7f0000001240)=[{0x0}, {&(0x7f0000000e80)=""/51, 0x33}, {&(0x7f0000000ec0)=""/208, 0xd0}, {0x0}, {&(0x7f0000001000)=""/92, 0x5c}, {&(0x7f0000001080)=""/162, 0xa2}, {&(0x7f0000001140)=""/249, 0xf9}], 0x7, &(0x7f00000012c0)=""/91, 0x5b}, 0x6}, {{&(0x7f0000001340)=@nfc, 0x80, 0x0}, 0x6}, {{0x0, 0x0, 0x0}}, {{0x0, 0x0, &(0x7f0000002ec0)=[{&(0x7f0000003180)=""/4096, 0x1000}], 0x1, &(0x7f0000002f00)=""/128, 0x80}, 0xffff}, {{&(0x7f0000002f80)=@isdn, 0x80, &(0x7f00000030c0)}, 0x3f}, {{&(0x7f0000005600)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @multicast1}}}, 0x80, &(0x7f0000005b00)=[{&(0x7f0000005740)=""/209, 0xd1}, {&(0x7f0000005900)=""/172, 0xac}, {0x0}, {&(0x7f0000005a80)=""/114, 0x72}], 0x4, &(0x7f0000005b80)}, 0x2}], 0x6, 0x2000, 0x0) bind$ax25(r1, &(0x7f0000000080)={{0x3, @bcast, 0x2}, [@null, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}]}, 0x48) r2 = syz_open_procfs(0x0, &(0x7f00000007c0)='status\x00') preadv(r2, &(0x7f00000017c0), 0x199, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) 03:37:53 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfe47bf070") unshare(0x40000000) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0) pipe(0x0) r1 = socket$inet6(0xa, 0x3, 0x3a) setsockopt$inet6_int(r1, 0x29, 0xc8, &(0x7f00000007c0), 0x4) setsockopt$inet6_MRT6_ADD_MIF(r1, 0x29, 0xca, &(0x7f0000000440)={0x0, 0x1}, 0xc) ioctl$sock_kcm_SIOCKCMCLONE(r1, 0x89e2, &(0x7f0000000040)={r1}) connect$unix(r2, &(0x7f0000000080)=@abs={0x1, 0x0, 0x4e22}, 0x6e) setsockopt$inet6_MRT6_ADD_MFC(r1, 0x29, 0xc9, 0x0, 0x0) 03:37:53 executing program 1 (fault-call:4 fault-nth:0): r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") r1 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x8046) write(r1, &(0x7f0000000100)="b63db85e1e8d020000000000003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1acfbd6cbf87798a9b02de7a91a3cbdfa009cf75a7eadb2a00", 0x48) readv(r1, &(0x7f000085dff0)=[{&(0x7f0000000000)=""/62, 0x3e}], 0x1) [ 487.319619] kmem_cache_alloc_node_trace+0x280/0x770 [ 487.319640] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 487.370294] __kmalloc_node_track_caller+0x3d/0x80 [ 487.370312] __kmalloc_reserve.isra.0+0x40/0xe0 [ 487.370324] __alloc_skb+0xcf/0x500 [ 487.370334] ? skb_scrub_packet+0x4b0/0x4b0 [ 487.370347] ? netlink_has_listeners+0x20a/0x330 [ 487.370362] kobject_uevent_env+0x781/0xc23 [ 487.370382] kobject_uevent+0x20/0x26 [ 487.370394] lo_ioctl+0x11e7/0x1ce0 [ 487.370409] ? loop_probe+0x160/0x160 [ 487.370421] blkdev_ioctl+0x96b/0x1860 [ 487.370431] ? blkpg_ioctl+0x980/0x980 [ 487.370449] ? __might_sleep+0x93/0xb0 [ 487.370459] ? __fget+0x210/0x370 [ 487.370473] block_ioctl+0xde/0x120 [ 487.370483] ? blkdev_fallocate+0x3b0/0x3b0 [ 487.370494] do_vfs_ioctl+0x7ae/0x1060 [ 487.370507] ? selinux_file_mprotect+0x5d0/0x5d0 [ 487.370517] ? lock_downgrade+0x6e0/0x6e0 [ 487.370528] ? ioctl_preallocate+0x1c0/0x1c0 [ 487.370540] ? __fget+0x237/0x370 [ 487.370557] ? security_file_ioctl+0x89/0xb0 [ 487.370570] SyS_ioctl+0x8f/0xc0 [ 487.370579] ? do_vfs_ioctl+0x1060/0x1060 [ 487.370593] do_syscall_64+0x1e8/0x640 [ 487.370602] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 487.370620] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 487.370629] RIP: 0033:0x459697 [ 487.370634] RSP: 002b:00007f4eb8d06a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 487.370646] RAX: ffffffffffffffda RBX: 0000000020000228 RCX: 0000000000459697 [ 487.370652] RDX: 0000000000000006 RSI: 0000000000004c00 RDI: 0000000000000007 [ 487.370658] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 487.370664] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000006 [ 487.370670] R13: 00000000004c88e2 R14: 00000000004df6b0 R15: 0000000000000005 [ 487.388213] audit: type=1400 audit(2000000273.769:2176): avc: denied { map } for pid=18181 comm="blkid" path="/sbin/blkid" dev="sda1" ino=16128 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=0 [ 487.432062] audit: type=1400 audit(2000000273.819:2177): avc: denied { map } for pid=18192 comm="blkid" path="/sbin/blkid" dev="sda1" ino=16128 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=0 [ 487.443870] encrypted_key: insufficient parameters specified [ 487.492808] IPVS: ftp: loaded support on port[0] = 21 [ 487.505217] sg_write: data in/out 167162/24 bytes for SCSI command 0xff-- guessing data in; [ 487.505217] program syz-executor.1 not setting count and/or reply_len properly [ 487.624641] FAULT_INJECTION: forcing a failure. [ 487.624641] name failslab, interval 1, probability 0, space 0, times 0 [ 487.648623] CPU: 1 PID: 18198 Comm: syz-executor.1 Not tainted 4.14.134 #30 [ 487.660750] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 487.660755] Call Trace: [ 487.660771] dump_stack+0x138/0x19c [ 487.660788] should_fail.cold+0x10f/0x159 [ 487.660803] should_failslab+0xdb/0x130 [ 487.660816] kmem_cache_alloc_trace+0x2e9/0x790 [ 487.660830] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 487.672753] ? finish_wait+0x18c/0x260 [ 487.672764] ? sg_get_rq_mark+0x158/0x1a0 [ 487.672778] sg_read+0xbd9/0x15c0 [ 487.680531] ? avc_policy_seqno+0x9/0x20 [ 487.680544] ? sg_check_file_access.isra.0+0x160/0x160 [ 487.680555] ? finish_wait+0x260/0x260 [ 487.680569] ? rw_verify_area+0xea/0x2b0 [ 487.680581] do_iter_read+0x3e2/0x5b0 [ 487.694301] vfs_readv+0xd3/0x130 [ 487.694315] ? compat_rw_copy_check_uvector+0x310/0x310 [ 487.694335] ? __fget+0x237/0x370 [ 487.702346] ? __fget_light+0x172/0x1f0 [ 487.702361] do_readv+0x10a/0x2d0 [ 487.702373] ? vfs_readv+0x130/0x130 [ 487.702385] ? do_preadv+0x200/0x200 [ 487.702396] SyS_readv+0x28/0x30 [ 487.702409] do_syscall_64+0x1e8/0x640 [ 487.709914] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 487.709933] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 487.709941] RIP: 0033:0x459829 [ 487.709947] RSP: 002b:00007f128f041c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000013 [ 487.719085] RAX: ffffffffffffffda RBX: 00007f128f041c90 RCX: 0000000000459829 [ 487.719091] RDX: 0000000000000001 RSI: 000000002085dff0 RDI: 0000000000000004 [ 487.719097] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 487.719104] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f128f0426d4 [ 487.719110] R13: 00000000004c6b3c R14: 00000000004dbf18 R15: 0000000000000005 03:37:54 executing program 3: r0 = accept4(0xffffffffffffffff, &(0x7f0000000180)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @mcast2}}}, &(0x7f0000000000)=0x80, 0x800) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000840)={0x0, 0xffffffffffffffff, 0x0, 0x3, &(0x7f0000000100)='syz'}, 0x30) setsockopt$inet6_MCAST_LEAVE_GROUP(r0, 0x29, 0x2d, &(0x7f0000000b80)={0xfffffffffffffbff, {{0xa, 0x4e21, 0x39, @remote, 0xfffffffffffffffd}}}, 0x88) getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f0000000880)={{{@in=@initdev, @in6=@initdev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@local}, 0x0, @in=@empty}}, &(0x7f0000000980)=0xe8) getgroups(0x2, &(0x7f00000009c0)=[0xffffffffffffffff, 0x0]) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000a00)=0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000e80)={0x0, 0x0}, &(0x7f0000000ec0)=0xffffffffffffff1c) getgroups(0x9, &(0x7f0000000ac0)=[0xee01, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xee00, 0xee01, 0x0, 0xffffffffffffffff, 0xee01]) sendmsg$unix(r0, &(0x7f0000000b40)={&(0x7f0000000300)=@abs={0x0, 0x0, 0x4e22}, 0x6e, &(0x7f00000007c0)=[{&(0x7f0000000380)="2136a347d5543ef0f049e8f999b4352615be88f273e45b595255b51e25b50b68fa19cb10a7befd824f3a379c5d15f31f1e35245c9e56577a8a96f2a43197870138d5e1e33207542f80f809e17e38acec6fd691ca63fc56c2", 0x58}, {&(0x7f0000000080)="b10fce8fbcfc3cb0b95eea7f063f1430092719547afa0be44869c4707a7174c6864254f8bd27b6d5837b", 0x2a}, {&(0x7f0000000400)="c5878187cef933cd8d6012c73da394eb5a8448843cc8bebe3c4a4003f0851626d1eeff31f738444353d2093ac732ee1d407217b57f5284d3c15cd8827462ce9af0022b72c6db580c730e8ad2002987d4cdce0172c8f4d5f2994b240f420db1761897cbdc1add84c5da9440d0645aa8bacf0dee383d911f74cf9742180311833a0e792d15e7b1679915a827a11ccd3a6506a3659b0a26c2c7fe5625782b3de8d6bebd1c198725352766053a87dbeda62d299ccf76d421ca077e306a7a2698b0", 0xbf}, {&(0x7f00000004c0)="4300fef462bdf8b2efbcee1c3abf8f9d61bb16e694393581a3b6a9a9af3066e22c9effed2621e9988e659f83c03c8f90c0bd504717e406f359ce0bccc36ae31f2e00741df89666a61cfb3336421296fc67c01ae15f783538f3d47a959eb4641638a66ed965bd0dbbb29a82ced28ecaa7c6932ba78b99770746184a1ce72f7f0909aa72ff99e062a6f1e8ea6bf7a2fa6ede53a2e73236e488e9fd92948831cfe8f3721167c146c14198ebc39b3a505cb6e84a549f4f83ce04dd42bb8aff29b43541ff5c1dee89b9cc49fbcbc73eb4cb7cff", 0xd1}, {&(0x7f00000005c0)="8ae1dc66dff76893790a462e3c9c5aa604fcdc48b94bc268b4171426d1cbc6351def3ce84dbe934089e0e115cd58b2ac4a601a085fd6f8e85ed143f3ffc3f7d74d83f39bfac5112d0c2a087797fb6f4b0ca9f7bd73179b040302861b0051530a55213bb4a935239d061077c62d", 0x6d}, {&(0x7f0000000640)="67351a2a4ff72563464d00d5c36098fb1f316c47894e028765c20a9fdee5f9c6cdce4ec70257d0d158544e8ec84774fd9561fabd75108501d512a3fab0eeac7f2186a45c", 0x44}, {&(0x7f00000006c0)="ba9759a346904cff6abcc097382a6c6bac2bbc297cf6ac4cd5b4bf97f74f27a0267fe2b6186c303bd026fd9102458871dac20c3f5be7df8299e3a356d83fa574a9a7409bccebc052e0f1b0e6914ebd5d99622fb7f6eec6e21979fdef6739e020f06747d847a0049130999d470058fb5974dfcdaedf02eca84afaf7837cb8b1183cfb59eed04e0bead1211af85d2162e77c226c4a7109e7755e71622b1a3d16934b9313ce6d13a22232130b001d369f5484dbc1bfa23587778832bc26763c8522caca2fac463d023f9d4be56585a5768fd633b01e43d6c255fab817e3", 0xdc}], 0x7, &(0x7f0000000b00)=[@cred={{0x1c, 0x1, 0x2, {r1, r2, r3}}}, @cred={{0x1c, 0x1, 0x2, {r4, r5, r6}}}], 0x40, 0x4000}, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000240)='./file0\x00', 0x0) mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000200)='devtmpfs\x00', 0x0, 0x0) add_key$keyring(0x0, &(0x7f0000000140)={'syz'}, 0x0, 0x0, 0xfffffffffffffffb) r7 = open$dir(&(0x7f0000000040)='./file0\x00', 0x0, 0x0) getdents64(r7, &(0x7f0000000280)=""/121, 0x200002f9) 03:37:54 executing program 4 (fault-call:1 fault-nth:27): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f0000000380)="8da4363ac0ed0000000000000000004d01000000000000000000000000000013fff6f2a2299748aeb81e1b00920efd9a000001000000000001000000000000005f42485266535f4d860c1317278d451fd38e4071a1e91c0523b67fecca5b668ef40000000000000000e4bd9fa7c5fcb3aefd8d4a6c4952162a5a06316567de06abe647d21f253840c118ae9982c6c238e719ccfbd8f5ee215e30bf31f59401e921c6a9fca5349ebf4294d39b5931232929caf81701a7540962141efc672ae1459ef04de89c7a092e7f", 0xc9, 0x10000}], 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) [ 487.736802] audit: type=1400 audit(2000000274.129:2178): avc: denied { map } for pid=18201 comm="blkid" path="/sbin/blkid" dev="sda1" ino=16128 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=0 [ 487.911748] FAULT_INJECTION: forcing a failure. [ 487.911748] name failslab, interval 1, probability 0, space 0, times 0 [ 487.934256] CPU: 0 PID: 18208 Comm: syz-executor.4 Not tainted 4.14.134 #30 [ 487.941392] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 487.950770] Call Trace: [ 487.953360] dump_stack+0x138/0x19c [ 487.956997] should_fail.cold+0x10f/0x159 [ 487.957682] audit: type=1400 audit(2000000274.309:2179): avc: denied { map } for pid=18205 comm="blkid" path="/sbin/blkid" dev="sda1" ino=16128 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=0 [ 487.961151] should_failslab+0xdb/0x130 [ 487.961165] kmem_cache_alloc_node+0x287/0x780 [ 487.961182] __alloc_skb+0x9c/0x500 [ 487.961191] ? skb_scrub_packet+0x4b0/0x4b0 [ 487.961203] ? netlink_has_listeners+0x20a/0x330 [ 487.961216] kobject_uevent_env+0x781/0xc23 [ 487.961235] kobject_uevent+0x20/0x26 [ 487.961254] lo_ioctl+0x11e7/0x1ce0 [ 487.984680] audit: type=1400 audit(2000000274.309:2180): avc: denied { map } for pid=18207 comm="blkid" path="/sbin/blkid" dev="sda1" ino=16128 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=0 [ 487.987256] ? loop_probe+0x160/0x160 [ 487.987270] blkdev_ioctl+0x96b/0x1860 [ 487.987280] ? blkpg_ioctl+0x980/0x980 [ 487.991922] audit: type=1400 audit(2000000274.329:2181): avc: denied { map } for pid=18209 comm="blkid" path="/sbin/blkid" dev="sda1" ino=16128 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=0 [ 487.995467] ? __might_sleep+0x93/0xb0 [ 487.995479] ? __fget+0x210/0x370 [ 487.999817] audit: type=1400 audit(2000000274.329:2182): avc: denied { map } for pid=18211 comm="blkid" path="/sbin/blkid" dev="sda1" ino=16128 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=0 [ 488.004523] block_ioctl+0xde/0x120 [ 488.004533] ? blkdev_fallocate+0x3b0/0x3b0 [ 488.004544] do_vfs_ioctl+0x7ae/0x1060 [ 488.004555] ? selinux_file_mprotect+0x5d0/0x5d0 [ 488.004565] ? lock_downgrade+0x6e0/0x6e0 [ 488.004576] ? ioctl_preallocate+0x1c0/0x1c0 [ 488.004588] ? __fget+0x237/0x370 [ 488.004604] ? security_file_ioctl+0x89/0xb0 [ 488.134064] SyS_ioctl+0x8f/0xc0 [ 488.137409] ? do_vfs_ioctl+0x1060/0x1060 [ 488.141565] do_syscall_64+0x1e8/0x640 [ 488.145465] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 488.150295] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 488.155468] RIP: 0033:0x459697 [ 488.158636] RSP: 002b:00007f4eb8d06a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 488.166331] RAX: ffffffffffffffda RBX: 0000000020000228 RCX: 0000000000459697 [ 488.173597] RDX: 0000000000000006 RSI: 0000000000004c00 RDI: 0000000000000007 [ 488.180846] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 488.188105] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000006 [ 488.195354] R13: 00000000004c88e2 R14: 00000000004df6b0 R15: 0000000000000005 [ 488.239931] IPVS: ftp: loaded support on port[0] = 21 [ 488.296776] audit: type=1400 audit(2000000274.689:2183): avc: denied { map } for pid=18215 comm="blkid" path="/sbin/blkid" dev="sda1" ino=16128 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=0 [ 488.351968] audit: type=1400 audit(2000000274.749:2184): avc: denied { map } for pid=18216 comm="blkid" path="/sbin/blkid" dev="sda1" ino=16128 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=0 03:37:56 executing program 2: socketpair$unix(0x1, 0x0, 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="2001000010db55000000000000649bdb382db60cdb35feaf0900000000000000000000000000201483d9b22701010000d08a38cd02fa9ed7d2"], 0x1}}, 0x0) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x38) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, 0x0) ptrace$cont(0x9, r0, 0x0, 0x0) 03:37:56 executing program 0: r0 = creat(&(0x7f00000001c0)='./file0\x00', 0x0) write(r0, &(0x7f0000000280)="f5622e187a3ebbbac4f84fd4aae2c271a3a2464e70fd02b5bd46e61c680914286fac52340ad0c961bf207f5fffc288651d8ed39518fc73ee3a6cce1efece1646b0c04aaee9aa188bde0982391419b5277a62f51352bc34849d380b8cc7ee8865d3c6338797429fe2f33c3fcf3f1d67ddd87d5a4fb02cebbaa4f3893efaf395c31ed7a7109999a46b51ed2e512e205c0af63cf2fa75b814b074042432fc402b78969dbf3630f294826064024612147520face38f631db10b2b22f10f5391c0612ac4fa905e729d3531edc473c73faf25a4f77701461ea77a0f30ac7fd1da7292688f3764cae2946270576d94998e849313ff1ea5b01fe7fe8dbc0dc3620d687074e4e0b91ea46e867b52a78a646bbd2ac3607ba1445f18f19f1f1267f573a5573968e15750a482961b4a7867cd5bbffaba7205554b7e7928050c0414ff4b292a698189567e0c3363c72afaee188b72b7e8c97f9da62dba57ec7e2e3140ee31fe014d18b867d50dedf71e7dfd5eb128e1d4aff5a90c0b198c0a871e8a851383a4574b7784d23c03d12350e895d91faef193c3a344baf4efcd71cd761b278b4a6a7028faa1838cc664e7bf3dfe6550dcda138fec09a82145864dbaadc51d6ac14bed3bf631ad70a3a1d163b1966859f93fb2e8d170034eae7563ba6e28a2630f31a11c55c6d703dee35b9c8307280b66706cdecb9ad0ca5e537d61ca32b145a62a6f8825035153cfad2fa5967202920b95566f6c6297735deb343d7d1ec795eaf9903172798997a6921edcc0124afd63cb6b8294fac663fac9a3944cd528cac82e4df6648e16e9a3456a2f76a5015ad06d10e1e22fc591eada4b55d0a1608fc6721e0baaf73191d956a7617b68df7d055c2825b1ffb837f059c25580448dfff3bfec99d3464608a1258e027d0e76ad99e58d3484c904996af777f042d882ba841a0da87e91ef5c8d9dbe19e1176cc2edb2009f7a2fcd46d5003868680a7d5dd73a1676b8658dc22f64ca11b791c6f3d8aed3b2d0e1446c2c5de11a07a14591a63b1d2d59db19ad856384369f810ab833be95604bfd12685ee6339defa2cb2ac2efea48c23e99fa028469bd862b640897b5d743178821025efac010a4ea03c2f3265a40ffcae524b88fc8f8a1444e76cb9ff11732b8982101b5c2bb5ca1fccd8fcc5a92e76fdd5ac66b210128d663bd6dec2d5c9c24adfee8310167f2d8b269cb4541f19af0c43428563cf2d0351d2daa99d289acff564a837875b9d970ec84c44eb5198d12a44ade1ba43acd4d904deabe21f1ff2eb4cf20a63182177c49afc7f367169af2c5480d321272de6b53f5726cd37d3614bfa9b46a1bdc4b31f59eb0ef0f2957e204cb24cc2eb665c6bb964fbbea1c2fc460975e29fbd8ac3ca55a983fea4b47b32d484d5fbed9afd0c0f4933a0ec07214dff96af7310a51b71c5512a3d78001cf89d8dd3695719c5503a804d66fc6426a5fef80503f0782a386255474e1cd84b4f8d4b4205e81b70d43fd02a61f2bc10309939a2c3a371143a75da86cac56de19cc67146d4255c284ad533dfc9b262db82a2bbe43cceb33ea1c09d7dd64426ffd786dac07d6a7d9f57abdff21a4be642274121f5c93ba11a7daf8173acb45033686fceca25545dc247e40502fc15a044376af0471afe11ff618686c38a49670160868148ad5a82728c71a1ce8d549365084b0125887e3244eeb2a6780788e7467b699005bdb87352aaefaead914b119001a0524e721befae3b6af462c55bd5275dd11ccdc3c78d722da3f3025646f044c5c883fb54001a2328b450e90d27d5251715d9729112211be79fa07234351bfdf065ee905af0d7c09a2ead21b4d282bd03c8f544a61f69959976ec42837c2bec9112522954a5622fcaeea381fd368f6daa08ef72e52d9b82bfbdb0c3ddcf853e0721b5d47fb32088dbf603318356d54c7b23ca01801531697e2b3bfbf208bda80ffd7587c188b91ddc86de45962a47959572ca1e85534fe601ea69818420e0d9b6798a2bf6db1e7c8e1fe1cbac2b8c9d1ae4d1a2572c8c773a38644998540bb1e14e0a915f2c880e982926f6eea7049fa94ad065f5b6828316c95c44a0a258dcaa24a117615a50811bf7349aff291c3cd5af820c921ef0c9b31a15d781e54dc07350dc80e6e53e520c2a232973bff51d98459ba52381e7d0627fdb1e21e189211fb25c7a3056c64075d2ad9164c9b33c4aa3b2b17cc14c4279fe296bc277cec9c778aa950230e333ea43faebe637f75dc116e74e16efa26e3f1422436e0458dd6d41b862828b490c4711e7ed3cdeeb7ddc94f51e2c987870c25b436a2ee87d7b4b7328cef2f83f6accd3738a18ca530d355a407b6fddf98d5dacb13f38523b772ece148ec1f667895bdc713347f2017ca027bf5f5052046852c2ffab7d0f060e40d5c80d710b6a2e38d7b63b8ebe53e338bb0f88fcdcccdfb9781b4142d4ea2be1cb4099a096d10033983c09f9f0d6c14b79eec66bbe1c976621fa30b09f6e54a6c5f79c0ba31d514f3adda020e9e6ae47f49989da6857cbc4aef8b17e0725fe689a6b242455c6d58309f8e3a70827048bafb71933a4a9713024803edc765ab4dc9cf224cc6b7087ad6e61eec7989e2b9ae3466e5c8fa211d7de455031d77cbc2645113b4f3112cb238ffd306a442a6ff246b44974a3a630abe7841c2357dcdbe3cb254f0e0359129e707df83cb0a5804340b8ceee5b8dd9e1b916f60643b7e52088849420d20cc37c002eaf76c8c0e5801d41fabb5c7827460c9f4e02cc31099e55fc3f1270dbdf5f56f38301525b82320bd74823a275e95974d3a8434c6763e0ae42d110b5f9a96698bdb16c89697f9dace9c5edef7dd3ea9c1ac129d9ca8c3ad6a4e4a1893babb747eca75b3c3d883877684ec9971b588ab48376f42c9bc7fc5186f8b66377eff4eba5e65982a7ce4939ff60daa7d9dc9edf4e9986ffe4d2282cc719738325c46864be7f68f9b32f645fa88442bc3423a2c345e2d31559127c77642c539be2af3bfb07b90f27f51501c1ea35bd3601754bffae1e11f3664a214ec0e49f3ae41c035979e9e5d693267f957ca1105b46d211c7dc3f6f0b7a6cf9eed6baffd18f781cdba5fd2efea178fb07d79b83c3404bd79f439db4cea52d263880c4850469c0392ef9db2dee4a0d9d937429d88be19d3ba3c0226b7ecda7f55bdac941630c42bdccffeb7396599dbe2029b2ae0943565617d7f504a701984eb23aaabc5578d8af5cd061b42b566ab4f935f537a5f28e6db6f269b6624b7e5e0185d95a34c5543040f01135480fd4830cda82d482433068102ce7bb43ad899989d39ff7aba70c74dbe8478a5cc02f4b16f232d7901a8ce663956f1fd64e5af45bfcb328600e845d7f6466ccbac3a00715003f95ab66a65e34ad86c135265daf6de60f8b830c847e43e3552739f8f1fad968f38848ac14408498565f3f8a70c371ba490c80e2f44072b6a3d70d3715503f5c324aa2e36756622bd7d5aabac7bd0d4226cc958e64dbd5cfaee1de3d9774da81f5682c3515a8bd4a1c3309ca2dd9c3e3832c319e800eb89bfdd211ff11e8ae2ac825ce3dedfcd3c3062f2a7c7a2642b44a84bacdc05785c74ebec58c81b590acf607347cbfe44fabd32de534f4bfb1394866128552e46139f4bc12e47e8a3549a97ccf1d1fc903e8335d9cabf082c6ddea38ce2ca9c925c2987025c34b35824fc08f747e92a88e9d112154e9fb06f0fb94bc133cd1d4d20af0ac5d5e86d25caac64b43b89938e1f558936881c0f28d0db6a20c9b5b91031b060868036f96afcdc0b6645faa63ccdc69550b0b201dc1f2dc77ae0d1479ff04004f136eefcf6cf6fc0641a484b7865589b8301fb38cb46cb0cd2c511f635d1c3bfecabfbc89a842ff5ccd0ad96489f4e1a247285fe635bf21304c48396e21a62ff3c63049c35665f3de7303af47eaf80b084d7df8ffbe68299ab54659c9a1d1f204d0a37781fddd380dc506a45f9b227b1c63f3b3ba355432fb70f5b5edde2ad8c177f3d28733da11d347b0c1f6a583a47389b9dad964ff8a0d8912dbecc8ee5bcab73a6910ab788bf47c2482c1a01bc73f72bd11fe6f2c0b15074d2eef78ef523d77be9ef53be5323aafa2a988c63cc053f8dcbd87573604fa1198e8d928f22aa1a23c05cccc10e139e53d036cbeead64ab6f19df9694fc56c5e70d3864c1466c6163b573710f4ca6d913af3780e6e24d79d6d634acc201e5d15c501041bed21447cd126c88df3015b34d2af5410e4dd7025276f296fb7cd836852891d48df1b1a9a3922394f284769dc6189bd0677066f7e37f3bb7d9f7174c0674421fe8ed0193f62ce385cf0b2cb7e1d9dbcf478a69dbe986085c424a9cd9b29e27a2f4904595afb678e3b2bbc5f30859d7337fb5ee18ba5cc966bb7074271c7be7991a256b6729ba188032d25594a770eafb0ce1d86473160acc5f5fc46c23c7c0788eeda8cccf373a2ab66334092c7327d9a4b1d37726c7e4f2e844b45c002860bc1bbf8d3387666f2d101b2d4183061ecc25c50c74c92becca9b749af668e06292e565afc0d02261f4929de39ebf11862245e35bbb011414733a5b1dea9630ec683ff1a8135243fc0f5926b6216aefee2f974808ac53cc3b4d544960ef79064b26f17ec457395bd1ef72f6e32e213b556fab1352626bb56e42c2b9ff676f1da88c207c719de6d075fb17aa6b318451fcb7788470138f2ee83a40dbede1d9d80fad83077705d7b2109c8c48177d8758e6c6e11eb4c82b9e19c4d5c5b09a86af4be1966ee2411d46822fb5e957a46210fa9729daba3346b9a60f02cc8dba0a340af80a2d2ee29beb35e89fd03c14c679c172a030b3d7f80ada9f6de61a43548b411a7720c952a44f4b22a3f5793f581f82b8e662e828c124fcaf25c0e3ce6f31d29da1d270801b5a36a4434acc5d4e84fa745f596ccb91f00964c543fe68619e09152769bad794e067d2c66e0608053ebd5024352125ef3ab97f7f98d7cfaff8727d5241523c6cb098fc5b77d7b4bfafc229c4661a337118e276dbc9ccda2b69a026a60784b627df267d8f79831306a69e9f6e6de648741b8d37fd0d7bb791a493ab999ccc3d25fbb7b77a669f2b1ccf191dfb5a09c97cca590c19547eac96192d64c892b8685a5f330c595c6376b3128fb3520d66d5c0590e5c26dd356e28b430d3742b6eb0502a4f750a3f846f83d603428264091868943778233ca9feb2fe1cb612e5c6538e70ee9d4b33d9229d2bbeb0c0554983af7db5f693182c95ab3fb8acee51ca11d2e9b52f818b558b3f4a2cdf8f8a36e3a61626860417b6e0250f0d7961f8263c02cc1acfc8095d1adb9967add6fae0d19f89d350178aba063075eac90fb168a89c4e57c98aacea5ad5beb498426eb62b68597b2470e66e30a52232b79f7426ea65d30d8514cf687bfbb18bf609f1b285da3c4260c89d541943f30ece811681489c602ad65ea32ee6a77fd43af39239200961490c00db56083157f61a8ccfb143155eb9cc030c729fe7fb78c8881b05241dc891f5c658b3d2845b9ea02fc39b4da6364425f6920ec9b0157ba957e43efdef48649040f8215e4793838649f979d0da7930b3b04aaa3147a9b50dc4d7bdf1f1a835c462fbde5fc1e90d552fb2a666ca219d6befeacc9eb6a5d6d277988500db78e8c7fc0f356fcf3a42370cae7cd2dedc0eb656303c7d59e681adba15c01e36ed5b88a5e24cb1961ca3eede904d8520dabc875590ba0225b33ed13bf7da39dd88fd8d8a6e6b499ca85c667ab2eec", 0x1000) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_type(r0, &(0x7f0000000100)='threaded\x00', 0x9) fallocate(r1, 0x0, 0x3, 0x10000) fsync(r0) 03:37:56 executing program 1 (fault-call:4 fault-nth:1): r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") r1 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x8046) write(r1, &(0x7f0000000100)="b63db85e1e8d020000000000003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1acfbd6cbf87798a9b02de7a91a3cbdfa009cf75a7eadb2a00", 0x48) readv(r1, &(0x7f000085dff0)=[{&(0x7f0000000000)=""/62, 0x3e}], 0x1) 03:37:56 executing program 3: socket$inet6(0xa, 0x2, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/igmp\x00') mremap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1000, 0x3, &(0x7f0000ffd000/0x1000)=nil) sendmsg(0xffffffffffffffff, &(0x7f0000002fc8)={0x0, 0x0, &(0x7f0000000540), 0xc1}, 0x0) clock_adjtime(0x5, &(0x7f00000004c0)={0xffffffffffffff80, 0x0, 0x0, 0x7fff, 0x7fffffff, 0x1f, 0x9, 0x101, 0x8, 0xefe, 0x4, 0xfff, 0x7dc5, 0xff, 0x3, 0x100000001, 0x2, 0x1ff, 0x40, 0x7f, 0x4, 0x8, 0x3, 0x9, 0xfff, 0xfffffffffffffff8}) ioctl$VT_OPENQRY(r0, 0x5600, &(0x7f0000000300)) r1 = socket$inet6(0xa, 0x400000000001, 0x0) r2 = dup(r1) prctl$PR_SET_MM_AUXV(0x23, 0xc, &(0x7f0000000540)="e65ec6579fad2b31c93d9d829577481f82f59fc706f4782ace8b5299df4da42597aadfa842b08fa7e394e46473fa0dfa2daec061593b09f7152de7f283e1f69bea2b49fada15ffeb403640e7355dc68e80c652cd2766454ad7a0ae47d541b5043730a82ddf35d1e727b38d8fb490ec0c7167c71b620192205511a281f3c23a10c9", 0x81) r3 = openat$selinux_avc_cache_threshold(0xffffffffffffff9c, &(0x7f0000000380)='/selinux/avc/cache_threshold\x00', 0x2, 0x0) ioctl$TIOCMSET(r3, 0x5418, &(0x7f0000000200)=0x80) ioctl$GIO_UNIMAP(r2, 0x4b66, 0x0) bind$inet6(r1, &(0x7f0000000480)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r1, 0x0, 0xfcd5, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) ioctl$TUNSETVNETLE(0xffffffffffffffff, 0x400454dc, 0x0) mknod(0x0, 0x0, 0x0) ioctl$EXT4_IOC_GROUP_EXTEND(r3, 0x40086607, 0x0) creat(&(0x7f0000000000)='./bus\x00', 0x20) getsockopt$IP_VS_SO_GET_INFO(0xffffffffffffffff, 0x0, 0x481, 0x0, 0x0) syz_open_dev$mouse(&(0x7f0000000040)='/dev/input/mouse#\x00', 0x1, 0x0) getsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, 0x0, 0x0) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000180)='syz_tun\x00', 0x10) write(0xffffffffffffffff, 0x0, 0x0) mmap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x0, 0x10, 0xffffffffffffffff, 0x0) r4 = open(&(0x7f0000000440)='./bus\x00', 0x141042, 0x0) setsockopt$packet_rx_ring(0xffffffffffffffff, 0x107, 0x5, 0x0, 0x0) lsetxattr$security_smack_transmute(0x0, 0x0, 0x0, 0x0, 0x0) setsockopt$inet6_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000400)=0x1, 0x4) ftruncate(r4, 0x2007fff) sendfile(r2, r4, &(0x7f0000d83ff8), 0x8000fffffffe) 03:37:56 executing program 4 (fault-call:1 fault-nth:28): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f0000000380)="8da4363ac0ed0000000000000000004d01000000000000000000000000000013fff6f2a2299748aeb81e1b00920efd9a000001000000000001000000000000005f42485266535f4d860c1317278d451fd38e4071a1e91c0523b67fecca5b668ef40000000000000000e4bd9fa7c5fcb3aefd8d4a6c4952162a5a06316567de06abe647d21f253840c118ae9982c6c238e719ccfbd8f5ee215e30bf31f59401e921c6a9fca5349ebf4294d39b5931232929caf81701a7540962141efc672ae1459ef04de89c7a092e7f", 0xc9, 0x10000}], 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) 03:37:56 executing program 5: dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x80000) setsockopt$rose(0xffffffffffffffff, 0x104, 0x1, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x1, 0x8010000000000084) getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r0, 0x84, 0x22, &(0x7f0000000940)={0x1f, 0x200, 0x100, 0x7fffffff}, &(0x7f0000000980)=0x10) getsockopt$inet_sctp6_SCTP_PEER_AUTH_CHUNKS(r0, 0x84, 0x1a, 0x0, &(0x7f0000000a00)) socket$inet6_udp(0xa, 0x2, 0x0) bind$inet6(r0, 0x0, 0x0) ioctl$DRM_IOCTL_SET_SAREA_CTX(0xffffffffffffffff, 0x4008641c, &(0x7f0000000080)={0x0, &(0x7f0000000140)=""/88}) sendmsg(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000400)=[{&(0x7f0000000000)="c7b6099e99cd", 0x6}, {&(0x7f0000000040)="6c09ad24b83a22afff8fa2e90300efc8c1", 0x11}, {&(0x7f00000001c0)="4864fc1712737b037920c03d1d4c630295a9e4a121b3880f08ea8264b68f17d3494dbff8bae041363ecdd6d8d128dc94a29711dc1ff169d67ddb04ac72426dc26e56215bcd8f6a4926d23b3277ee4abc6904433707233a7552816a1160a426af2a9de0d7860b602fe7c7fea281c347e822b85dfd7c53c7f744d64f02d2af0d280ddeca", 0x83}, {&(0x7f00000000c0)="67432816a833eeb05deec8716db67d2a55e94274abdf8adb4ce4208c6e9932cb9c68ac3cacd99308e05d025dc9c6df709922a66973294f2112f2b5d0f9edada9a09b28e9e2b2d721d6002b20db33bba52023774f496a7adfe3b362b40b9c1fa9f66f039996e494ea317e49d04afd02ea9104e9e0", 0x74}, {&(0x7f0000000280)="470d3ac709755f02e0ec278c1231a4010e80cce7ecf970b2b3d0be870e190036a0d759d6c7b41a77d2097f626432a93b7952c259b4736997f6eb7fec1c2f5a97d089fa079b5453b84113f2047551400f1ef1c011c49e809def0acdddcb44445d6f8a184765", 0x65}, {&(0x7f0000000300)="5818077f2d8c67b98cc9906fb3ee8d75991c4524bb85276ab39f6e69d29ce2fd416ea638248c0659d34634d2ea478e46e60360da6a856256ac5ec899ff3b11c1109cfb594dfd7721b34bf9daf7f9af28f83643e2592686c824972e0e0618779dc0cc01137a2e5bafb8fb8fd4da688312383fbb33d2a6a6d0bc5d6f137a61ba54c56bea42afd4925b59", 0x89}, {&(0x7f00000003c0)="e540e781facbb05998f308627fc1d082201c1139a4b2340e11129f", 0x1b}], 0x7, &(0x7f0000000a40)=[{0xe0, 0x11f, 0xffffffffffffffff, "efa1fd59a6de7ef878d3c6e7e951931204e32e86786d346b6b4720bd1777079bd8eb5f7c2973358fb88d152e9b6444f541352a4a54e35b2a16f2f33d13a6dda23a240edcb1f418f284ee9d086190c1721fc12c0782e6126821f2029142f7d15f12de2faca86eb6d05b12fa93574f474841067baebcd36617ec823dd1ff48c696b58bf446141db12f2933159cfc50a168c8ccdc364334fc85ef7cc35f5e1b47637696bbcf7fba89281d0ae0fca849100db9e76c0494ca65b811d7627d010bbde1096e9ed9aef8797c68d2dc059456"}, {0xa0, 0x107, 0x59b, "5e6da73de3cd8a7f72b21e6277ed0672861142ddc32e4ce7fb82d2c7589d823a62c122bc71793b010d2c2983390fc2fac5e31c7af9107d31154cfea170c71d3061c9354674b9eecba52264a36f04de045102a985e5a8355d7f13053a7999d18993e3717fbc4aab8a4d34d082b72824983f2127aa89261e7f8f64c5d77992079e3e02681b48e776477e54ef91ca85"}, {0x58, 0x11d, 0xf8c6, "542a28d84250dd5acf67fde7591c61d47de01e3a87a87a2a75e303287f0cf5775afa6bdbb9b02e2d0fc09c4c04041c092b19eae4d7d32a85494419d7ce4cd9900766"}, {0xe8, 0x0, 0x4, "380bf1366468d6d451f1b3f4b52c2094fbd957d2573e5c40b5f644241c92f2ee82a508fb5c65b012b9a018dac639a76be96145d1148c3aaba871ebca46c384bc4fd3dad3cbddea1abdb2904ce2bf13466ce4b60bb568cb82418c8d73713786dbb7e9e4209caf8bba8c76625af9d64da0ed15fd08f7e667d1c37a0705c5479624c639498aab71995ca01bc1d0aa2e133445f662ff17e6deb9ef174c8780c45d0d5d3dab4079f0efd2146cfe766deeb5b3c05ad9ea433c24d458217e18447b0c7a2e12c3d2a6deb86f1d1a777a27aeb2c228fd4c0f9fe7"}, {0x108, 0x0, 0x0, "ad6daafdd9ebbcdefb7bdd35b0f5d3046ef607ae4b22ea4af7b602d62db7fbe932e1476de757ada42a84f23b402167ed248e2e0764b19d6b067ca83aca4ad2c4250d6d6f548ffda97dc3215b60c6ef737121cb5aba81f7752f37d3aa46f43094076c25cdbdd64bb9625957cedb8ee97560ab3c50cce9a7fbc7202e2690b78cc3d5b792114abef92d666c0ea34f1d30896547d2aefa1c33f86f44ecda6c886b036502037a7ef7a9ae87a854ecc0c969eb1ed7cbc50d33bb181195fdd1b85b3cb77e0624fadccafb34e827c9b996115bafce05c871dbba25188925ec4113101956305fb7ef943fcd593dcab476c38f11b4a7ab955b3ac1"}, {0xf0, 0x10b, 0xce, "094b684a9bca35e5402fd3703f74483cdb53d726e2f125b305e564cff41bb37b086b7e03bf079b1acc1132a6ab249c970f30eff408dfc1a33e09c10a8662ace782eb241380a61d1ecd7251d11a85c76ac06ab759abf1311cfd13f3788e2af673a565cf4959bc1cee5fcbffe0e0fd2d3419bfca31eedda6cfb2c6f5669610a527a13a98afbbd65b4725b3661aa70fd06d8a73f0728b89a0953e9fd59260a3375e0dd6d4104a0a2681d772cc48371790b52aa01b9a52ef17717d183dc6f1a3a9af28f16ea95e77bce4ffc7216e8abc8dc65f0b87c15b98013f71c94493eea178"}, {0x110, 0x10c, 0x73, "2e5438569e5665024761428ffb0ce8554bfd325707f4976246b0a9105118a92979a7df3d588699f962b5d11b8f93f39e6c7eb0b965380ef0c0d59c4fe0da66c53f3db93758d74f608cfd1c0382a894fa24f678520255072c4a676f2f8e746667060e19264ad0a54260d1c9d782871ac31fbe7b185eb3269e653337e0a226ef0181ea803c76185ef05d854b30ead3e949fee1274de484e2beea4e232a1ec837a0eb83949d7457c40c411557f6a0a519ead8738817635f6b34f1b493e6ea6784b210f65dbb5eb85683050be3f4501ab26b79396e04d46700e30274f220cba55af279e803426f925624b88fd784087470c39cd8009b064cbf8c72f4cfffe81f"}], 0x5c8}, 0x4000) openat$selinux_mls(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = openat$selinux_commit_pending_bools(0xffffffffffffff9c, &(0x7f0000000580)='/selinux/commit_pending_bools\x00', 0x1, 0x0) openat$cgroup_int(r1, &(0x7f00000005c0)='rdma.max\x00', 0x2, 0x0) getpgrp(0xffffffffffffffff) getsockopt$inet_sctp6_SCTP_PR_SUPPORTED(r0, 0x84, 0x71, 0x0, 0x0) listen(0xffffffffffffffff, 0x0) socket$inet6_sctp(0xa, 0x1, 0x84) accept4(r0, 0x0, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(0xffffffffffffffff, 0x84, 0x6b, 0x0, 0x0) setxattr$security_evm(&(0x7f00000004c0)='.\x00', &(0x7f0000000500)='security.evm\x00', &(0x7f0000000540)=@sha1={0x1, "58b3d59500148aefb52f50c575d47322c9f7653a"}, 0x15, 0x3) [ 490.314868] sg_write: data in/out 167162/24 bytes for SCSI command 0xff-- guessing data in; [ 490.314868] program syz-executor.1 not setting count and/or reply_len properly [ 490.344384] FAULT_INJECTION: forcing a failure. [ 490.344384] name failslab, interval 1, probability 0, space 0, times 0 [ 490.386815] CPU: 1 PID: 18222 Comm: syz-executor.4 Not tainted 4.14.134 #30 [ 490.393962] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 490.403377] Call Trace: [ 490.405973] dump_stack+0x138/0x19c [ 490.409611] should_fail.cold+0x10f/0x159 [ 490.413767] should_failslab+0xdb/0x130 [ 490.417744] kmem_cache_alloc_node+0x287/0x780 [ 490.422333] __alloc_skb+0x9c/0x500 [ 490.425957] ? skb_scrub_packet+0x4b0/0x4b0 [ 490.430280] ? netlink_has_listeners+0x20a/0x330 [ 490.435040] kobject_uevent_env+0x781/0xc23 [ 490.439370] kobject_uevent+0x20/0x26 [ 490.443166] lo_ioctl+0x11e7/0x1ce0 [ 490.446792] ? loop_probe+0x160/0x160 [ 490.450590] blkdev_ioctl+0x96b/0x1860 [ 490.454473] ? blkpg_ioctl+0x980/0x980 [ 490.458362] ? __might_sleep+0x93/0xb0 [ 490.462247] ? __fget+0x210/0x370 [ 490.465722] block_ioctl+0xde/0x120 [ 490.469348] ? blkdev_fallocate+0x3b0/0x3b0 [ 490.473666] do_vfs_ioctl+0x7ae/0x1060 [ 490.477552] ? selinux_file_mprotect+0x5d0/0x5d0 [ 490.482302] ? lock_downgrade+0x6e0/0x6e0 [ 490.486447] ? ioctl_preallocate+0x1c0/0x1c0 [ 490.490853] ? __fget+0x237/0x370 [ 490.494308] ? security_file_ioctl+0x89/0xb0 [ 490.498721] SyS_ioctl+0x8f/0xc0 [ 490.502087] ? do_vfs_ioctl+0x1060/0x1060 [ 490.506231] do_syscall_64+0x1e8/0x640 [ 490.510116] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 490.514961] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 490.520142] RIP: 0033:0x459697 [ 490.523324] RSP: 002b:00007f4eb8d06a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 03:37:56 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) r2 = memfd_create(&(0x7f0000000100)='\x88])+\x00', 0x0) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x11, r2, 0x0) ftruncate(r2, 0x2) setsockopt$inet_group_source_req(r1, 0x0, 0x2e, &(0x7f00000000c0)={0x0, {{0x2, 0x0, @multicast2}}, {{0x2, 0x0, @local}}}, 0x108) 03:37:56 executing program 3: socketpair$unix(0x1, 0x9, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) socket$rxrpc(0x21, 0x2, 0xa) mount$bpf(0x0, 0x0, 0x0, 0x0, 0x0) mkdir(0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='fd/0\x00yFAtz\x9b\x88\xb3\x04\x04\xd7a7\x1a\xb2h-ex\xb4\x13\x89\xc1\xc6_\xd9\xb3<^\xfe\b\x10\f\xad\xf6\xd6J\th\xeb;!o\xa2\xcf\xc18)\xa29\xca#9\xbc$\xfd\xef~\x12\x81\xd4\xc5~c\b\xb1\xb091\xbe\xe0%k\x83\xeen\xa6R\xab`:{\x97rg\xd3.\x13\x10\xaf]\xc1\xf7\xec\xcdz\xb2\x00W\xd5G\xff\x9c\xa4Z\xac\x85n\xcc\x00') ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = openat$dsp(0xffffffffffffff9c, 0x0, 0x0, 0x0) r2 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000300)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_CREATE_BUFS(r2, 0xc100565c, &(0x7f0000000480)={0xa77, 0xfffffff9, 0x0, {0x1, @sdr={0x39565559, 0x5}}}) write$USERIO_CMD_SEND_INTERRUPT(r1, &(0x7f0000000140)={0x2, 0x13d4}, 0x2) eventfd2(0x3c1b7a71, 0x800) 03:37:56 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = openat$selinux_avc_cache_threshold(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/avc/cache_threshold\x00', 0x2, 0x0) setsockopt$TIPC_MCAST_REPLICAST(r1, 0x10f, 0x86) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000015000/0x1000)=nil}) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x3f, 0x0, 0x0, 0x0, 0xff], 0x1f004}) r4 = socket$tipc(0x1e, 0x0, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) r5 = shmget$private(0x0, 0x2000, 0x1000000000020, &(0x7f0000ff4000/0x2000)=nil) shmctl$SHM_INFO(r5, 0xe, &(0x7f0000000380)=""/195) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f00000002c0)) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe5000/0x18000)=nil, &(0x7f0000000180)=[@text16={0x10, &(0x7f0000000100)="640ff24101660f08f20f1bfa0f20e06635000040000f22e0bad004b00fee36260f01dfaa8fc900010b0f080f005b9a", 0x2f}], 0x1, 0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$sock_inet_SIOCSIFPFLAGS(0xffffffffffffffff, 0x8934, 0x0) clone(0x0, 0x0, 0x0, 0x0, 0x0) bpf$OBJ_PIN_MAP(0x6, 0x0, 0x0) getsockopt$sock_cred(r4, 0x1, 0x11, &(0x7f0000000000)={0x0, 0x0}, &(0x7f0000000080)=0xc) ioprio_set$uid(0x3, r6, 0x7f) setsockopt$inet6_MCAST_LEAVE_GROUP(r1, 0x29, 0x2d, &(0x7f0000000480)={0xffffffffffffffc1, {{0xa, 0x4e21, 0x3, @dev={0xfe, 0x80, [], 0x11}, 0x3}}}, 0x88) poll(0x0, 0x0, 0x0) 03:37:57 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") r1 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x8046) write(r1, &(0x7f0000000100)="b63db85e1e8d020000000000003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1acfbd6cbf87798a9b02de7a91a3cbdfa009cf75a7eadb2a00", 0x48) ioctl$SCSI_IOCTL_GET_PCI(r1, 0x5387, &(0x7f0000000080)) readv(r1, &(0x7f000085dff0)=[{&(0x7f0000000000)=""/62, 0x3e}], 0x1) [ 490.531030] RAX: ffffffffffffffda RBX: 0000000020000228 RCX: 0000000000459697 [ 490.538289] RDX: 0000000000000006 RSI: 0000000000004c00 RDI: 0000000000000007 [ 490.545561] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 490.552847] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000006 [ 490.560209] R13: 00000000004c88e2 R14: 00000000004df6b0 R15: 0000000000000005 03:37:57 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r1, &(0x7f00000002c0)=[{&(0x7f0000000080), 0x156}], 0x1, 0x0) accept4$x25(r0, &(0x7f0000000340)={0x9, @remote}, &(0x7f00000003c0)=0x12, 0x80800) move_pages(0x0, 0x2, &(0x7f0000000300)=[&(0x7f0000005000/0x2000)=nil], &(0x7f0000000380)=[0x1], 0x0, 0x0) bind$alg(r1, &(0x7f0000000080)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_ctr_aes256\x00'}, 0x58) ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000000000)=0x0) setsockopt$inet6_group_source_req(r1, 0x29, 0x2c, &(0x7f0000000180)={0x3, {{0xa, 0x4e20, 0xfffffffffffffff8, @mcast2, 0x3}}, {{0xa, 0x4e22, 0x6, @loopback, 0x4}}}, 0x108) perf_event_open(&(0x7f0000000100)={0x2, 0x70, 0x41, 0x5, 0x64, 0x7f, 0x0, 0xde, 0x1008, 0x0, 0x1f, 0xfffffffffffffbff, 0xd4, 0x323, 0x401, 0x2, 0xdacb, 0x94, 0x0, 0x1, 0xfffffffffffffffc, 0x1, 0x400, 0xffff, 0x2, 0xfffffffffffff445, 0xfffffffffffffffa, 0x6, 0x67, 0xe3, 0x4, 0x3, 0x8, 0x8, 0x7ff, 0x1, 0x8, 0x3, 0x0, 0x2, 0x2, @perf_config_ext={0x8001, 0x9}, 0x20, 0x0, 0x6, 0x0, 0x680b, 0x0, 0x6}, r2, 0x0, r0, 0xa) 03:37:57 executing program 3: creat(&(0x7f0000000180)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x2000, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$UI_DEV_DESTROY(0xffffffffffffffff, 0x5502) mount(0x0, &(0x7f0000000240)='./file0\x00', &(0x7f0000000080)='cgroup2\x00', 0x0, &(0x7f00000002c0)) getsockopt$inet_sctp_SCTP_AUTO_ASCONF(0xffffffffffffffff, 0x84, 0x1e, &(0x7f0000000100), &(0x7f0000000140)=0x4) openat$uhid(0xffffffffffffff9c, &(0x7f0000000000)='/dev/uhid\x00', 0x0, 0x0) stat(&(0x7f0000000040)='./file0\x00', &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0}) ioprio_get$uid(0x3, r0) [ 490.634146] sg_write: data in/out 167162/24 bytes for SCSI command 0xff-- guessing data in; [ 490.634146] program syz-executor.1 not setting count and/or reply_len properly [ 490.719707] sg_write: data in/out 167162/24 bytes for SCSI command 0xff-- guessing data in; [ 490.719707] program syz-executor.1 not setting count and/or reply_len properly [ 491.440605] net_ratelimit: 16 callbacks suppressed [ 491.440624] protocol 88fb is buggy, dev hsr_slave_0 [ 491.440642] protocol 88fb is buggy, dev hsr_slave_0 [ 491.446121] protocol 88fb is buggy, dev hsr_slave_1 [ 491.451519] protocol 88fb is buggy, dev hsr_slave_1 [ 491.467932] protocol 88fb is buggy, dev hsr_slave_0 [ 491.473453] protocol 88fb is buggy, dev hsr_slave_1 [ 491.680190] protocol 88fb is buggy, dev hsr_slave_1 [ 492.000182] protocol 88fb is buggy, dev hsr_slave_0 [ 492.005637] protocol 88fb is buggy, dev hsr_slave_1 03:37:59 executing program 2: socketpair$unix(0x1, 0x0, 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="2001000010db55000000000000649bdb382db60cdb35feaf0900000000000000000000000000201483d9b22701010000d08a38cd02fa9ed7d2"], 0x1}}, 0x0) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x38) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, 0x0) ptrace$cont(0x9, r0, 0x0, 0x0) 03:37:59 executing program 5: r0 = socket$inet6(0xa, 0x2, 0x88) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x14e24}, 0x1c) r1 = openat$audio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/audio\x00', 0x2600, 0x0) ioctl$BLKSECDISCARD(r1, 0x127d, &(0x7f00000000c0)=0x4) recvmmsg(r0, &(0x7f0000000200), 0x38c, 0x0, 0x0) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x4e24, 0x0, @ipv4={[], [], @loopback}}, 0x1c) setsockopt$inet6_IPV6_ADDRFORM(r0, 0x29, 0x1, &(0x7f0000000200), 0x522) sendmmsg(r0, &(0x7f00000092c0), 0x4ff, 0x0) accept4$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, &(0x7f0000000140)=0x14, 0x800) ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000180)={@loopback, @ipv4={[], [], @empty}, @rand_addr="9374a61b201bad1119381b7160281d58", 0x7fffffff, 0x8, 0x0, 0x500, 0x7, 0x1000000, r2}) 03:37:59 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = syz_open_dev$radio(&(0x7f00000001c0)='/dev/radio#\x00', 0x0, 0x2) ioctl$SNDRV_CTL_IOCTL_ELEM_LIST(r1, 0xc0505510, &(0x7f0000000340)={0x0, 0x5, 0x8, 0x6, &(0x7f0000000200)=[{}, {}, {}, {}, {}]}) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") r2 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x8046) r3 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/btrfs-control\x00', 0x8000, 0x0) ioctl$CAPI_GET_ERRCODE(r3, 0x80024321, &(0x7f00000000c0)) write(r2, &(0x7f0000000100)="b63db85e1e8d020000000000003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1acfbd6cbf87798a9b02de7a91a3cbdfa009cf75a7eadb2a00", 0x48) readv(r2, &(0x7f000085dff0)=[{&(0x7f0000000000)=""/62, 0x3e}], 0x1) prctl$PR_SET_NAME(0xf, &(0x7f0000000180)='/dev/btrfs-control\x00') 03:37:59 executing program 4 (fault-call:1 fault-nth:29): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f0000000380)="8da4363ac0ed0000000000000000004d01000000000000000000000000000013fff6f2a2299748aeb81e1b00920efd9a000001000000000001000000000000005f42485266535f4d860c1317278d451fd38e4071a1e91c0523b67fecca5b668ef40000000000000000e4bd9fa7c5fcb3aefd8d4a6c4952162a5a06316567de06abe647d21f253840c118ae9982c6c238e719ccfbd8f5ee215e30bf31f59401e921c6a9fca5349ebf4294d39b5931232929caf81701a7540962141efc672ae1459ef04de89c7a092e7f", 0xc9, 0x10000}], 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) 03:37:59 executing program 3: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) r0 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = socket$inet6(0xa, 0x800000002, 0x0) connect$rds(0xffffffffffffffff, &(0x7f00000002c0)={0x2, 0x4e20, @local}, 0x10) r2 = dup(r0) ioctl$sock_bt_bnep_BNEPCONNADD(r2, 0x400442c8, &(0x7f00000000c0)={r1, 0x20, 0x3, "9e8bc5412a0fbf44090447e3d17029e2107cc902fb68d2c12892825f04f73f8427f2740b6927fe88d9b8a10dc96f676e722cfdd135bc8c42c4d75eca8f2fa6e21e9dd4cba49e886ccff71efd121344e8680792f9703e66295ef7d00dd4e255"}) getsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x23, &(0x7f0000000300)={{{@in=@initdev, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@empty}, 0x0, @in6=@dev}}, &(0x7f0000000140)=0xe8) setsockopt$inet6_mreq(r2, 0x29, 0x1d, &(0x7f0000000180)={@ipv4={[], [], @rand_addr=0x100000001}, r3}, 0x14) write$UHID_CREATE2(0xffffffffffffffff, 0x0, 0x0) bind$inet6(r1, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) sendto$inet6(r1, 0x0, 0x0, 0x8000, &(0x7f0000000240)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$sock_int(r1, 0x1, 0x2a, &(0x7f0000000000), 0x4) recvmmsg(r1, &(0x7f0000008880), 0x400000000000048, 0x44000102, 0x0) sendto$inet6(r1, &(0x7f00000001c0)="b4", 0x1, 0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000030c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000240)='net/ip_vs\x00') preadv(0xffffffffffffffff, 0x0, 0x0, 0x0) 03:37:59 executing program 0: prctl$PR_SET_SECUREBITS(0x1c, 0x5) setresuid(0x0, 0xee01, 0x0) r0 = syz_open_dev$adsp(&(0x7f0000000000)='/dev/adsp#\x00', 0x3, 0x200400) getsockname$llc(r0, &(0x7f0000000080), &(0x7f0000000140)=0x10) getgroups(0x2, &(0x7f0000000100)=[0xffffffffffffffff, 0xee00]) setregid(0x0, r1) ioctl$SIOCRSGL2CALL(r0, 0x89e5, &(0x7f0000000180)=@default) setgroups(0x1, &(0x7f0000000040)=[r1]) syz_open_dev$mice(&(0x7f00000000c0)='/dev/input/mice\x00', 0x0, 0x0) [ 493.333421] kauditd_printk_skb: 11 callbacks suppressed [ 493.333430] audit: type=1400 audit(2000000279.729:2196): avc: denied { map } for pid=18277 comm="blkid" path="/sbin/blkid" dev="sda1" ino=16128 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=0 [ 493.364576] FAULT_INJECTION: forcing a failure. [ 493.364576] name failslab, interval 1, probability 0, space 0, times 0 [ 493.388575] CPU: 1 PID: 18282 Comm: syz-executor.4 Not tainted 4.14.134 #30 [ 493.389465] sg_write: data in/out 167162/24 bytes for SCSI command 0xff-- guessing data in; [ 493.389465] program syz-executor.1 not setting count and/or reply_len properly [ 493.396046] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 493.396051] Call Trace: [ 493.396070] dump_stack+0x138/0x19c [ 493.396085] should_fail.cold+0x10f/0x159 [ 493.396100] should_failslab+0xdb/0x130 03:37:59 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") r1 = syz_open_dev$vbi(&(0x7f0000000080)='/dev/vbi#\x00', 0x1, 0x2) getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(0xffffffffffffffff, 0x84, 0x6d, &(0x7f0000000180)={0x0, 0xb0, "c04aa6ec5b2d7ac6b50b8710887b21eecda993c5bdd4b33ac02dbfa6720c5ebc4adbf385321ba131c639fca33ea30b69915354470bbc5c9cc2f3fdedc99ca084b92e3bc435efb605adf375a3158383512dba741ce6e78dd80e23dbaa8387df5f91d2e683c09878039fed9286a74218f3d145a0713a503dd67d7444ea66b4609db9e847f0aa72cdaf2c9df9938487dd16513846acfa8b807b03cc02f097823167ab5dce3aca9bbcbb2342a4f344d0d88d"}, &(0x7f00000000c0)=0xb8) getsockopt$inet_sctp6_SCTP_GET_PEER_ADDR_INFO(r1, 0x84, 0xf, &(0x7f0000000240)={r2, @in6={{0xa, 0x4e22, 0x9, @local, 0x24}}, 0x101, 0x7b4, 0x7fffffff, 0x1, 0x4}, &(0x7f0000000300)=0x98) r3 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x8046) write(r3, &(0x7f0000000100)="b63db85e1e8d020000000000003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1acfbd6cbf87798a9b02de7a91a3cbdfa009cf75a7eadb2a00", 0x48) readv(r3, &(0x7f000085dff0)=[{&(0x7f0000000000)=""/62, 0x3e}], 0x1) [ 493.396113] kmem_cache_alloc_node_trace+0x280/0x770 [ 493.396125] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 493.396140] __kmalloc_node_track_caller+0x3d/0x80 [ 493.396155] __kmalloc_reserve.isra.0+0x40/0xe0 [ 493.396170] __alloc_skb+0xcf/0x500 [ 493.417815] audit: type=1400 audit(2000000279.779:2197): avc: denied { map } for pid=18286 comm="blkid" path="/sbin/blkid" dev="sda1" ino=16128 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=0 [ 493.422044] ? skb_scrub_packet+0x4b0/0x4b0 03:37:59 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") r1 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x8046) write(r1, &(0x7f0000000100)="b63db85e1e8d020000000000003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1acfbd6cbf87798a9b02de7a91a3cbdfa009cf75a7eadb2a00", 0x48) r2 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/snapshot\x00', 0x40000, 0x0) setsockopt$nfc_llcp_NFC_LLCP_RW(r2, 0x118, 0x0, &(0x7f0000000200)=0xffe0000000000000, 0x4) ioctl$EXT4_IOC_PRECACHE_EXTENTS(r0, 0x6612) recvfrom$unix(r2, &(0x7f0000000240)=""/133, 0x85, 0x1, &(0x7f0000000300)=@abs={0x0, 0x0, 0x4e23}, 0x6e) r3 = syz_open_dev$vcsa(&(0x7f0000000080)='/dev/vcsa#\x00', 0x8, 0x8000) ioctl$DRM_IOCTL_ADD_CTX(r3, 0xc0086420, &(0x7f00000000c0)) readv(r1, &(0x7f000085dff0)=[{&(0x7f0000000000)=""/62, 0x3e}], 0x1) ioctl$PPPIOCSMRU(r3, 0x40047452, &(0x7f0000000180)=0x401) [ 493.422058] ? netlink_has_listeners+0x20a/0x330 [ 493.422072] kobject_uevent_env+0x781/0xc23 [ 493.422089] kobject_uevent+0x20/0x26 [ 493.422101] lo_ioctl+0x11e7/0x1ce0 [ 493.422115] ? loop_probe+0x160/0x160 [ 493.422126] blkdev_ioctl+0x96b/0x1860 [ 493.447371] ? blkpg_ioctl+0x980/0x980 [ 493.457073] ? __might_sleep+0x93/0xb0 [ 493.457084] ? __fget+0x210/0x370 [ 493.457097] block_ioctl+0xde/0x120 [ 493.469490] sg_write: data in/out 167162/24 bytes for SCSI command 0xff-- guessing data in; 03:37:59 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") r1 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x8046) write(r1, &(0x7f0000000100)="b63db85e1e8d020000000000003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1acfbd6cbf87798a9b02de7a91a3cbdfa009cf75a7eadb2a00", 0x48) readv(r1, &(0x7f000085dff0)=[{&(0x7f0000000000)=""/62, 0x3e}], 0x1) r2 = syz_open_dev$audion(&(0x7f0000000080)='/dev/audio#\x00', 0x7, 0x12000) ioctl$KVM_TRANSLATE(r2, 0xc018ae85, &(0x7f00000000c0)={0xf000, 0x7002, 0x400, 0x9}) [ 493.469490] program syz-executor.1 not setting count and/or reply_len properly [ 493.482856] ? blkdev_fallocate+0x3b0/0x3b0 [ 493.482868] do_vfs_ioctl+0x7ae/0x1060 [ 493.482881] ? selinux_file_mprotect+0x5d0/0x5d0 [ 493.482891] ? lock_downgrade+0x6e0/0x6e0 [ 493.482901] ? ioctl_preallocate+0x1c0/0x1c0 [ 493.482914] ? __fget+0x237/0x370 [ 493.482929] ? security_file_ioctl+0x89/0xb0 [ 493.482941] SyS_ioctl+0x8f/0xc0 [ 493.482953] ? do_vfs_ioctl+0x1060/0x1060 [ 493.492683] sg_write: data in/out 167162/24 bytes for SCSI command 0xff-- guessing data in; 03:38:00 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_open_dev$usb(&(0x7f0000000080)='/dev/bus/usb/00#/00#\x00', 0x200, 0x0) socket$pppoe(0x18, 0x1, 0x0) [ 493.492683] program syz-executor.1 not setting count and/or reply_len properly [ 493.496370] do_syscall_64+0x1e8/0x640 [ 493.496382] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 493.496399] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 493.496408] RIP: 0033:0x459697 [ 493.496417] RSP: 002b:00007f4eb8d06a88 EFLAGS: 00000246 [ 493.524724] sg_write: data in/out 167162/24 bytes for SCSI command 0xff-- guessing data in; [ 493.524724] program syz-executor.1 not setting count and/or reply_len properly 03:38:00 executing program 1: socket$inet_udplite(0x2, 0x2, 0x88) r0 = syz_open_dev$sg(&(0x7f0000000080)='/dev/sg#\x00', 0x0, 0x8046) write(r0, &(0x7f0000000100)="b63db85e1e8d020000000000003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1acfbd6cbf87798a9b02de7a91a3cbdfa009cf75a7eadb2a00", 0x48) readv(r0, &(0x7f000085dff0)=[{&(0x7f0000000000)=""/62, 0x3e}], 0x1) [ 493.526741] ORIG_RAX: 0000000000000010 [ 493.526748] RAX: ffffffffffffffda RBX: 0000000020000228 RCX: 0000000000459697 [ 493.526754] RDX: 0000000000000006 RSI: 0000000000004c00 RDI: 0000000000000007 [ 493.526759] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 493.526766] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000006 [ 493.526772] R13: 00000000004c88e2 R14: 00000000004df6b0 R15: 0000000000000005 [ 493.527068] protocol 88fb is buggy, dev hsr_slave_0 03:38:00 executing program 3: mkdir(&(0x7f0000fd5ff8)='./file0\x00', 0x0) mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000180)='sysfs\x00*\x86OK\xc0\v\xce\x1b\xdb cr\x13\xb1\xe8\x94\xd1 q_\x9d\xc1\x12[\x04,r&\xeb\x016\xd9bN\xa1\xd23t\xa6`\xfeZ\xc1sr/\xd3g\xad\"\xe8U0%\xa2\xe8\xbe\v\xc5QCy\xafr\x13\xd3+\x8d]\x06\xdc\x8f\xbf,\x84\x9e\xd9\xcd\xef\xc7K\x03\xdf\xa9\xcbZ\x90\xb2\x8bK$\xd7\x86,=f\xfc\xa51g\xd5BB5CZ=\xbbv\xbc}0xffffffffffffffff}) syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f0000000380)="8da4363ac0ed0000000000000000004d01000000000000000000000000000013fff6f2a2299748aeb81e1b00920efd9a000001000000000001000000000000005f42485266535f4d860c1317278d451fd38e4071a1e91c0523b67fecca5b668ef40000000000000000e4bd9fa7c5fcb3aefd8d4a6c4952162a5a06316567de06abe647d21f253840c118ae9982c6c238e719ccfbd8f5ee215e30bf31f59401e921c6a9fca5349ebf4294d39b5931232929caf81701a7540962141efc672ae1459ef04de89c7a092e7f", 0xc9, 0x10000}], 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) 03:38:02 executing program 5: r0 = eventfd(0x0) r1 = syz_open_dev$sndpcmp(&(0x7f0000000000)='/dev/snd/pcmC#D#p\x00', 0x7ff, 0x30d001) getsockopt$IP_VS_SO_GET_DESTS(r1, 0x0, 0x484, &(0x7f0000000180)=""/208, &(0x7f0000000040)=0xd0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000080)=0x13) writev(r0, &(0x7f00000000c0)=[{&(0x7f0000000140)="b392ab46c05265ca", 0x8}, {0x0, 0x3f00}], 0x2) [ 496.410792] audit: type=1400 audit(2000000282.809:2205): avc: denied { map } for pid=18329 comm="blkid" path="/sbin/blkid" dev="sda1" ino=16128 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=0 [ 496.443435] FAULT_INJECTION: forcing a failure. [ 496.443435] name failslab, interval 1, probability 0, space 0, times 0 03:38:02 executing program 3: r0 = socket$inet(0xa, 0x801, 0x84) connect$inet(r0, &(0x7f0000004cc0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10) listen(r0, 0x1400000000000) r1 = accept4(r0, 0x0, 0x0, 0x0) getsockopt$inet_sctp_SCTP_PR_ASSOC_STATUS(r1, 0x84, 0x74, &(0x7f0000000040)={0x0, 0xa}, &(0x7f0000000080)=0x18) [ 496.472009] sg_write: data in/out 167162/24 bytes for SCSI command 0xff-- guessing data in; [ 496.472009] program syz-executor.1 not setting count and/or reply_len properly [ 496.473587] CPU: 1 PID: 18331 Comm: syz-executor.4 Not tainted 4.14.134 #30 [ 496.495762] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 496.505371] Call Trace: [ 496.507977] dump_stack+0x138/0x19c [ 496.511732] should_fail.cold+0x10f/0x159 [ 496.512148] sg_write: data in/out 167162/24 bytes for SCSI command 0xff-- guessing data in; [ 496.512148] program syz-executor.1 not setting count and/or reply_len properly [ 496.516182] should_failslab+0xdb/0x130 [ 496.516196] kmem_cache_alloc_node+0x287/0x780 [ 496.516214] __alloc_skb+0x9c/0x500 [ 496.516223] ? skb_scrub_packet+0x4b0/0x4b0 [ 496.516235] ? netlink_has_listeners+0x20a/0x330 [ 496.516260] kobject_uevent_env+0x781/0xc23 [ 496.559180] kobject_uevent+0x20/0x26 [ 496.563008] lo_ioctl+0x11e7/0x1ce0 [ 496.563027] ? loop_probe+0x160/0x160 03:38:02 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") r1 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x8046) write(r1, &(0x7f0000000100)="b63db85e1e8d020000000000003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1acfbd6cbf87798a9b02de7a91a3cbdfa009cf75a7eadb2a00", 0x48) readv(r1, &(0x7f000085dff0), 0x0) symlink(&(0x7f0000000300)='./file0\x00', &(0x7f0000000280)='./file0\x00') getsockopt$IP_VS_SO_GET_DESTS(r0, 0x0, 0x484, &(0x7f0000000080)=""/119, &(0x7f0000000340)=0x77) openat$btrfs_control(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/btrfs-control\x00', 0x40200, 0x0) r2 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000440)='/dev/ubi_ctrl\x00', 0x1c085, 0x0) ioctl$LOOP_GET_STATUS64(r2, 0x4c05, &(0x7f0000000180)) [ 496.570467] blkdev_ioctl+0x96b/0x1860 [ 496.570476] ? blkpg_ioctl+0x980/0x980 [ 496.570492] ? __might_sleep+0x93/0xb0 [ 496.570501] ? __fget+0x210/0x370 [ 496.570515] block_ioctl+0xde/0x120 [ 496.570525] ? blkdev_fallocate+0x3b0/0x3b0 [ 496.586866] sg_write: data in/out 167162/24 bytes for SCSI command 0xff-- guessing data in; [ 496.586866] program syz-executor.1 not setting count and/or reply_len properly [ 496.589706] do_vfs_ioctl+0x7ae/0x1060 [ 496.589722] ? selinux_file_mprotect+0x5d0/0x5d0 03:38:03 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfe47bf070") r1 = openat$audio(0xffffffffffffff9c, &(0x7f0000000200)='/dev/audio\x00', 0x2, 0x0) openat$selinux_commit_pending_bools(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/commit_pending_bools\x00', 0x1, 0x0) ioctl$int_in(r1, 0x80000040045010, &(0x7f0000003ff8)) 03:38:03 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$l2tp(0x18, 0x1, 0x1) r1 = shmget$private(0x0, 0x13000, 0x0, &(0x7f0000feb000/0x13000)=nil) shmat(r1, &(0x7f0000ff2000/0x3000)=nil, 0x7000) mremap(&(0x7f0000ff3000/0x3000)=nil, 0x3000, 0x1000, 0x3, &(0x7f0000ffa000/0x1000)=nil) ioctl$EVIOCGEFFECTS(r0, 0x80044584, &(0x7f0000000000)=""/84) r2 = openat$selinux_commit_pending_bools(0xffffffffffffff9c, &(0x7f0000000080)='/selinux/commit_pending_bools\x00', 0x1, 0x0) ioctl$TIOCSSOFTCAR(r2, 0x541a, &(0x7f00000000c0)=0x7) 03:38:03 executing program 0: socketpair$unix(0x1, 0x200400000000003, 0x0, &(0x7f00001f0ff8)={0xffffffffffffffff, 0xffffffffffffffff}) getsockopt$sock_buf(r0, 0x1, 0x1c, 0x0, &(0x7f0000000100)) r2 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x100000000, 0x620000) accept4$alg(r2, 0x0, 0x0, 0x10b1a78651e78139) r3 = dup(r1) ioctl$TIOCCBRK(r3, 0x5428) read(r0, &(0x7f0000000000)=""/40, 0x28) getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r3, 0x84, 0x7b, &(0x7f0000000040)={0x0, 0x231}, &(0x7f0000000080)=0x8) setsockopt$inet_sctp_SCTP_MAX_BURST(r3, 0x84, 0x14, &(0x7f00000000c0)=@assoc_value={r4, 0x1f}, 0x8) [ 496.589732] ? lock_downgrade+0x6e0/0x6e0 [ 496.589743] ? ioctl_preallocate+0x1c0/0x1c0 [ 496.589755] ? __fget+0x237/0x370 [ 496.598495] IPVS: length: 119 != 24 [ 496.610594] ? security_file_ioctl+0x89/0xb0 [ 496.610609] SyS_ioctl+0x8f/0xc0 [ 496.610619] ? do_vfs_ioctl+0x1060/0x1060 [ 496.610632] do_syscall_64+0x1e8/0x640 [ 496.610641] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 496.610657] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 496.610664] RIP: 0033:0x459697 03:38:03 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer2\x00', 0x90200, 0x0) ioctl$DRM_IOCTL_GET_UNIQUE(r1, 0xc0106401, &(0x7f00000001c0)={0xd, &(0x7f0000000180)=""/13}) ioctl(r0, 0x1000008912, &(0x7f0000000080)="11dca50d5e0bcfe47bf070") r2 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x8046) syz_extract_tcp_res$synack(&(0x7f0000000200), 0x1, 0x0) write(r2, &(0x7f0000000100)="b63db85e1e8d020000000000003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1acfbd6cbf87798a9b02de7a91a3cbdfa009cf75a7eadb2a00", 0x48) readv(r2, &(0x7f000085dff0)=[{&(0x7f0000000000)=""/62, 0x3e}], 0x1) r3 = getuid() ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000002c0)={'bridge_slave_1\x00', 0x0}) r5 = getuid() getsockname$packet(r1, &(0x7f0000000300)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000340)=0x14) sendmsg$nl_xfrm(r1, &(0x7f0000000540)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x376433782bd10641}, 0xc, &(0x7f0000000500)={&(0x7f0000000380)=@acquire={0x148, 0x17, 0xb20, 0x70bd2a, 0x25dfdbfc, {{@in6=@local, 0x4d2, 0xff}, @in=@loopback, {@in6=@ipv4={[], [], @remote}, @in, 0x4e20, 0x5, 0x4e22, 0xf2, 0xa, 0x20, 0x20, 0x2c, 0x0, r3}, {{@in6=@dev={0xfe, 0x80, [], 0x28}, @in6=@empty, 0x4e21, 0x10000, 0x4e23, 0x1, 0xa, 0xa0, 0x80, 0x6c, r4, r5}, {0xffffffff00000000, 0x0, 0x2, 0xffffffff, 0x5, 0x7fffffff, 0x6f11, 0x7}, {0x1ff, 0xffffffffffffff01, 0x9, 0xffff}, 0x1, 0x6e6bb4, 0x1, 0x1, 0x1, 0x1}, 0x8, 0x5, 0x7f, 0x70bd27}, [@offload={0xc, 0x1c, {r6, 0x1}}, @coaddr={0x14, 0xe, @in6=@dev={0xfe, 0x80, [], 0x23}}]}, 0x148}, 0x1, 0x0, 0x0, 0x20000004}, 0x0) [ 496.610669] RSP: 002b:00007f4eb8d06a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 496.610680] RAX: ffffffffffffffda RBX: 0000000020000228 RCX: 0000000000459697 [ 496.610685] RDX: 0000000000000006 RSI: 0000000000004c00 RDI: 0000000000000007 [ 496.610695] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 496.618865] IPVS: length: 119 != 24 [ 496.619347] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000006 [ 496.619354] R13: 00000000004c88e2 R14: 00000000004df6b0 R15: 0000000000000005 [ 497.680173] net_ratelimit: 17 callbacks suppressed [ 497.680178] protocol 88fb is buggy, dev hsr_slave_0 [ 497.680216] protocol 88fb is buggy, dev hsr_slave_1 [ 497.685227] protocol 88fb is buggy, dev hsr_slave_1 [ 497.702664] protocol 88fb is buggy, dev hsr_slave_0 [ 497.708351] protocol 88fb is buggy, dev hsr_slave_1 [ 497.920250] protocol 88fb is buggy, dev hsr_slave_1 [ 498.240180] protocol 88fb is buggy, dev hsr_slave_0 [ 498.245570] protocol 88fb is buggy, dev hsr_slave_1 03:38:05 executing program 1: r0 = openat$urandom(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/urandom\x00', 0x0, 0x0) fcntl$F_GET_FILE_RW_HINT(r0, 0x40d, &(0x7f0000000200)) socket$inet_udplite(0x2, 0x2, 0x88) r1 = syz_open_dev$dspn(&(0x7f0000000080)='/dev/dsp#\x00', 0x9, 0x80000) write$selinux_access(r1, &(0x7f0000000180)={'system_u:object_r:man_t:s0', 0x20, 'system_u:system_r:kernel_t:s0', 0x20, 0xd8}, 0x4e) ioctl(r1, 0x1000008912, &(0x7f0000000040)="11dc4abe168ce596cf0d38") r2 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x8046) write(r2, &(0x7f0000000100)="b63db85e1e8d020000000000003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1acfbd6cbf87798a9b02de7a91a3cbdfa009cf75a7eadb2a00", 0x48) readv(r2, &(0x7f000085dff0)=[{&(0x7f0000000000)=""/62, 0x3e}], 0x1) 03:38:05 executing program 3: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000040)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000000)={0xffffffffffffffff}, 0x13f, 0x3}}, 0x101) write$RDMA_USER_CM_CMD_BIND_IP(r0, &(0x7f0000000080)={0x2, 0x28, 0xfa00, {0x0, {0xa, 0x4e22, 0x0, @empty}, r1}}, 0x30) fadvise64(r0, 0x2000000000000, 0x885, 0x5) r2 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/sys/net/ipv4/vs/cache_bypass\x00', 0x2, 0x0) ioctl$VIDIOC_S_HW_FREQ_SEEK(r2, 0x40305652, &(0x7f0000000140)={0x4, 0x58bf4cfc2f0122d2, 0x1, 0x513, 0x4, 0xfffffffffffffff9, 0x3}) 03:38:05 executing program 2: socketpair$unix(0x1, 0x0, 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="2001000010db55000000000000649bdb382db60cdb35feaf0900000000000000000000000000201483d9b22701010000d08a38cd02fa9ed7d2"], 0x1}}, 0x0) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x38) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0xffffffffffffffff, r0, 0x0, 0x0) 03:38:05 executing program 0: r0 = socket(0x40000000015, 0x5, 0x0) connect$inet(r0, &(0x7f0000000000)={0x2, 0x0, @loopback}, 0x10) getpeername$packet(r0, 0x0, &(0x7f0000000140)) syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0x5, 0x100fff) 03:38:05 executing program 4 (fault-call:1 fault-nth:31): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f0000000380)="8da4363ac0ed0000000000000000004d01000000000000000000000000000013fff6f2a2299748aeb81e1b00920efd9a000001000000000001000000000000005f42485266535f4d860c1317278d451fd38e4071a1e91c0523b67fecca5b668ef40000000000000000e4bd9fa7c5fcb3aefd8d4a6c4952162a5a06316567de06abe647d21f253840c118ae9982c6c238e719ccfbd8f5ee215e30bf31f59401e921c6a9fca5349ebf4294d39b5931232929caf81701a7540962141efc672ae1459ef04de89c7a092e7f", 0xc9, 0x10000}], 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) 03:38:05 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$l2tp(0x18, 0x1, 0x1) r1 = shmget$private(0x0, 0x13000, 0x0, &(0x7f0000feb000/0x13000)=nil) shmat(r1, &(0x7f0000ff2000/0x3000)=nil, 0x7000) mremap(&(0x7f0000ff3000/0x3000)=nil, 0x3000, 0x1000, 0x3, &(0x7f0000ffa000/0x1000)=nil) ioctl$EVIOCGEFFECTS(r0, 0x80044584, &(0x7f0000000000)=""/84) r2 = openat$selinux_commit_pending_bools(0xffffffffffffff9c, &(0x7f0000000080)='/selinux/commit_pending_bools\x00', 0x1, 0x0) ioctl$TIOCSSOFTCAR(r2, 0x541a, &(0x7f00000000c0)=0x7) [ 499.491496] kauditd_printk_skb: 6 callbacks suppressed [ 499.491503] audit: type=1400 audit(2000000285.889:2212): avc: denied { map } for pid=18377 comm="blkid" path="/sbin/blkid" dev="sda1" ino=16128 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=0 [ 499.499296] sg_write: 3 callbacks suppressed [ 499.499305] sg_write: data in/out 167162/24 bytes for SCSI command 0xff-- guessing data in; [ 499.499305] program syz-executor.1 not setting count and/or reply_len properly 03:38:05 executing program 0: r0 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/sys/net/ipv4/vs/lblcr_expiration\x00', 0x2, 0x0) ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(r0, 0xc058534f, &(0x7f0000000180)={{0x5, 0x7}, 0x1, 0x6, 0xf6, {0x81, 0x6}, 0x8b, 0x5}) r1 = socket(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r1, 0xa00000000000000, 0x80, &(0x7f0000000040)=@broute={'broute\x00', 0x20, 0x1, 0x948, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000480], 0x0, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff010000000b00000000000000000062726964676530000000000000000000626f6e645f736c6176655f3000000000736974300000000000000000000000007465716c3000000000000000000000000000000000000000000000000180c20000000000000000000000b8080000b8080000e8080000616d6f6e67000000000000000000000000000000000000000018040000000000000100000082ee0c000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010684e6c0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000fffffffffffffff80000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006cc95c6ba6550c1ee45c2b564b0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000726564697265637400"/2376]}, 0x9c0) getsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r1, 0x84, 0x72, &(0x7f0000000000)={0x0, 0x7e}, &(0x7f00000000c0)=0xc) setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r1, 0x84, 0x22, &(0x7f0000000100)={0x4, 0x800d, 0x5, 0x8c92, r2}, 0x10) 03:38:05 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca50d5e0bcfe47bf070") r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0xf) ioctl$KDADDIO(r1, 0x400455c8, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000000)) r2 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000080)='/selinux/avc/cache_stats\x00', 0x0, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000001740)={0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x1, &(0x7f0000001700)='\x00', 0xffffffffffffffff}, 0x30) fsetxattr$trusted_overlay_opaque(r1, &(0x7f0000003380)='trusted.overlay.opaque\x00', &(0x7f00000033c0)='y\x00', 0x2, 0x2) getresuid(&(0x7f0000001780), &(0x7f00000017c0), &(0x7f0000001800)=0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000001840)={0x0, 0x0, 0x0}, &(0x7f0000001880)=0xc) r6 = gettid() getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f00000018c0)={{{@in, @in=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@ipv4={[], [], @loopback}}, 0x0, @in6=@ipv4={[], [], @loopback}}}, &(0x7f00000019c0)=0xe8) getgroups(0x4, &(0x7f0000001a00)=[0x0, 0xffffffffffffffff, 0x0, 0x0]) ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000001a40)=0x0) r10 = getuid() r11 = getegid() r12 = shmget$private(0x0, 0x1000, 0x140, &(0x7f0000fff000/0x1000)=nil) shmctl$SHM_STAT(r12, 0xd, &(0x7f0000003400)=""/3) r13 = gettid() fstat(r0, &(0x7f0000002f80)={0x0, 0x0, 0x0, 0x0, 0x0}) stat(&(0x7f0000003000)='./file0\x00', &(0x7f0000003040)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r16 = syz_genetlink_get_family_id$tipc(&(0x7f0000003480)='TIPC\x00') sendmsg$TIPC_CMD_ENABLE_BEARER(r2, &(0x7f0000003540)={&(0x7f0000003440)={0x10, 0x0, 0x0, 0x4080}, 0xc, &(0x7f0000003500)={&(0x7f00000034c0)={0x34, r16, 0x411, 0x70bd26, 0x25dfdbfe, {{}, 0x0, 0x4101, 0x0, {0x18, 0x17, {0x0, 0x9, @l2={'ib', 0x3a, 'ip_vti0\x00'}}}}, [""]}, 0x34}, 0x1, 0x0, 0x0, 0x80}, 0x40001) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f00000030c0)={0x0}, &(0x7f0000003100)=0xc) getresuid(&(0x7f0000003140), &(0x7f0000003180)=0x0, &(0x7f00000031c0)) r19 = getgid() sendmmsg$unix(r2, &(0x7f0000003300)=[{&(0x7f0000000100)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000001640)=[{&(0x7f0000000180)="989ab639a01db6eef76b6db8fe210fa64ffa8140105f0a224574797d966aa02eb8a5fa605ccc567e1e27c387bec5cf1f461a8257091ebf54668f971ff7d0180f3f1e9ac9c03abca7f636bbc355a63278ab3a22c563ddef46be71ee0fb96dcac7ea5d19c237d482dfc032531a4ebf5929789c0ed1a00b2caf15e533b052628cc674a332e3a7415e523e834b964faf5234657d5e497d524cb09553a5a300231852f11dbd81", 0xa4}, {&(0x7f0000000240)="1ecdc254c430ec22a331002c45dfa0e546731038e96426841e0034e416f0f8e8e2abe24fbec3b4295e3e7023c3cab36a734cc0b8269cb4f13f49b77a1b164f59060365f74d680b6d9786a6ff7a687f66f0ecd5a434f0b011528887e12c6d37ddd8a8a49ae9cd6a1148c395acc97e8886be81f0dcac1e277f06775ccf6395dbcc73f873c32e5cf2d969cecab3b93e435ffb95ea1eda2b8e08846b128ca5f7c7638c2cea56a697fc672ad5496a95b7", 0xae}, {&(0x7f0000000300)="8e4a40414053615543f1fcb58a2c6de6526117e2e76a7b1635c975", 0x1b}, {&(0x7f0000000340)="e044c9b3af81820c318d56faa5279f01e6e3f798e00e46cf51a30319fb0faaf4979076986345d858be68b5eed9081bdfb7bd212a1cf1e2ad8434fe7d56db7d9f0ff98d1000b73b8b6790fcffb505dc7d619c584152fed748d7b161372663075b", 0x60}, {&(0x7f00000003c0)="57b5e8c9408daad129c72903b943259c5b3c527e1d001838badcdbb1b4c129701a9067430037c4fcdb91eafe7566406b559f41bbbbcc0d21a7157b76c31d7efd56a70b0827609e9a16367e23750a447a3fbace75cbeed87d9b339996a86a26011edd46c23ad772a0d9cac3ae0232636a0d4e8c27a6b8c6d768d9e065329b3c82762f54e8e7a1ffc58b830bb36d6fd387fc023e6250f9b04fc4310c14944fb25accdeae4d879833bc3029d2cc88dfff6c8d3a6e47522c77a7d851af465e554c738fb8d8df5ede90c29de3bb49669b8ec6315cb8eb0ad169a3d8b33ce60a26752f1039d55fac746e91173f8dafff7ed02be02a4e7795b4e02c0ad15511082d77828bf1a561640f4c55931bcda565ae9fa5a9ee04971c75f3273073457b5069d87942ff3c759670f136f63b28815fd38febc4dfc05466a468c42921718ae4bbd951a33f04683fdacd4206be06745ea5c8614d146ac031869f0ebed900328de9570532655683670a378ff8b64ae8efae6d8cf96c46522fd25e18a054334214f31e380e413e3c38f8414db8944617420b43e01d5ffdbef92f659571550193392bf1c363a82066e257700d1f28c6e7e10847261efb3aa027f167fd70e968152c8374e98a6766fc4fd7988a337e4877aaeb8236ca364fd44689b4da2d339a3d24822ad806729c0b4d5f145b9f8d3e6953f179d746f2203fdac3aa38071771ee90434783da62ad5ba8220adad2327057f8ec250f639a3774b307126550a3c5c23cf5253809eec75d56842be201388e24330d8b029533e2e9f9cb6e6e8cd1b9c89059619feb7c1a4bbcf6a0687a2ffeeeec80131aa4a2174d3ff13b05686ac561d58103201635deaa4ddc57c9d6e7dcba75b385b34184e374838043f26bd467ffaa181f881c61b0478af4ce3aa98a52a8a8555e74d750fdfa09461ae963340b0a35c1099a872868251f97ca7bccf079769e7ea6307d321eec54bad40c41b8be6f510709660465bd7578999141c833986a4890ee8137178e0cb415ae006414e37b13e66df9661e1e3676464e405d38e608adf70926da44d5ed05fdafd98caca2d3b8064c46b5f53fa8d70e80da61d9e4facd8fafd5be48a9ff8820c9e32c8278cfad4560b5c73b79965344c9b0480cec2c5dcabb5794c1dad12fc02703963e1f994aa93d9b3b6a928f5e685c86ae1a81b846608442c93af3b0009c23ab39d040071c63039f0c49047b5c8b46cf20350f2b107527ad0f1bccfa204004883c1b632c244d2cc8b27dfa7ae474b7392e9455c7d33904e367dcb516ebf2b8f85c1b15376482a702b4dbb83dd4d68820a769a86ab0fd2256aef2e89aabbea68854cd22065ff583d995d4b585f78c49cdc28ba1ae1ebe9403d24ab7ed47d6b23195fc76ac5d67c9fcc37654c705f6636795ab2c268657c68b5864dd1766dbdcc0955ecb20349ebb6ccffbabb744760bce01539484db002c6b41f09667993f0bf0c4c9ef117d42793a3c2445f9d620aafd6174f923ba2f7b2aeb1610c020071ef7e3e24a11af88a3c2ca31cd2731431bc791d4a7728ac480848e5caa6d5308a0639e200911fc8ee45ea476959bd20b76f6dda92739f44173663944beb7836ef09772e5f74c2036ad309cd679227f4b2205c1ca3f973ab04fc2fb9567f34553e2440ae75ce62034d8f05f8228710d8c5a33275a0902b8789c4ca5cb28f72e10dbf08a6dcb7eebb41d388b8d9d367603877c70318797bae5a8c55e794838063a7eb4a12a8b4cc63d46b065839241e116115cbce8a41f02bcdca04cc0705d0e1fdfc69ba0b561e78ff14eb4c189fcaf3056a8b00ed56a9fdace399eede7ff7119824c87bfc3e68be56630d0ff650e002b80d4245c3437a16cc4b051cb31f90e84200e1145f00d092828e248094d86076e477c2fcaeaf709b8ae7d079f1ed325e11ca87434a86078d70a3679cd05827bd4e3023c831ad7a1ab63a3a74e761dbc9cefa2785679d47e54f63aa1b3db11fc4d1e38a45f125517dc8d42f276a8a8e3a74fb843e0638a40784b8b2d8e24c55ca1d9915e8ca0a247a576a22a5332290d3038940367612666bb17a995a946858375dffc269999dcf312612d545887bd777a8bc397d45eabe5e7ad5b4258f32cacbd74ac49f6f25e85cb21ae8d1a997e349a0e6d77d21f09a1aabf907c05fe4534973f8730440a665f0ae6a0419c5b34bb55b9ab75d215345f22b4630d5373df8bbae645d8286de1a520e9397b88ecade5b35c15d09b09929f6a688727a59336ef72ebb5b93e6b7664d0b381462621b362e32edddbfaea1e95c4257d79b256634931af1dfb08b88460a5424b260f359ec186c5a7cb2c9498191ae6a0c7ec474c3e6699511772793303fa7ee151b273fb181a44021bee70c1ddba9f5773c09edaebfe6ee08deb53ee4fc1fcdae8d7fb78cdfc0577b1689d9c312b041b19c0ef05358426153e2aa15667d92251ed5361caf3730c52e21ee6ba12a143fe04cd7a07099a804c8ed76b985b35a9a9f0a94c387f8f017f94a5dd13925ebb8131b68ca70b8fcd35c881d5d7813ef6645ba5fd2c551088caf5fbc2f61a7d43712dded3d13743d229dcfd6ad01908e713dc568c79190a6f88706374341fecd04ebc0dcacec4f60f19fd75ba0c4f7b0bb5489803a155cf3887566fa05306551e6842d023d0e4b98bdfebb06589f963fec46b61b2c77dcc7d36ddbfef4469c7d5134a8c1e35ca415be90400643604decb376bf8e656d05e75ab96077f835c2cdcc7ea9e387b6a609773cc06e5797a8c38a6f69293c4bb08a6e214364cccc559f776a8ed59764cb1fe42facb403e4895cfab698fdeaba124279f6cb7fe1faa5d14c404c8645d1711acb0b1f474fd969fe33575ac755dae5853c32df262ac11a7c0d637156ea8da5920600b344824b80901e5d464df9ad74323d09d2aa73b9299e78c0ea22a80a1350cae648ed8b6097caa97c9b59c4a4cc3076afd3aa94fb7c7632a6cd08239368eb7b87f62c2faff409b5e69568bff69d26487ec1c7e5cb60e0c88bb46dd3738955669cb61d5ff5decf65f049e04de269d6401b201e5c4acaec70c18de403d816311565f4aa094645300509b373903e927562b850e9303a06c65f2ddfe2ed6c8bc142fe9017ee35310ad23ee0c529b5e993d726eb7247b3e9f0ab1584cf5ddf56a26a2ebcdbaac7108a41e86dd8c1bfd1159ca6e8f6359582e359698b1db1c113a753f11e6eb0219293f657678c47d785b14c89f21b552b736f757f51386615c1c39e1af80e0b16e0d81a9ae338e3ca5dfd1d2c8a8d07a50bc241aa6c369141ffe5961fb3e800e15b5ead5df706c1ef4ae88eecd4a48ea574c7aae6444bca5e4cc10954169d30484607054d4b80802c8370d4c5e5c765459bac2cc14f5fd968e37082c08c1f4009aad73682db8733348c15f4b658e57ef7ca05d243ed86f3c22f9c641fe1cd1ffcc94c1a462a4575948f1eb81b9d47ec08135a1bd5e6606fdfaf84054a13f1ae27fac22ae8ae09f84a601436b9e8a5484397278f0f311dc3654ea782923d3411edf3c6375120a1472aa73a10461da112473471cefaaa412575c59fb5dcbd2c567382366a08f7f07ac7b87e60b479069472ef6f12904aef42ede10cfe0ce849b2fdeefdceee989d8426a03ff4e17fb4ca60a6584299707aadaeda422cb9d08e7190f1f688da9846f0a39469dc518f95e2a6c2a79ef9e44ce8330a05f39e34147df8a3b82ef5bdaa26bfd38903d87a316e4ac4537a8694361e35ce9971880a7802f5d5aa09730f490d5d9b108a556b0fd87998239820b58381569556fc3d93d44606c263827d9da22bbff2963c47ba76b88c630bf2e74e5dd8de700aa6ae47bce7e011c930a13e9656fd05e7f2c71209bd1f18c34ddf56818d819fc6a0fcc7389b27130d27d8ef8f003d4b8eb2a2a0898eecda7497b53524896d6bbc9014e026f75777497b727e4a8fc7eb385806b5ed666d49d16439ebe56d0698fb6cf0dc574bd57dc1adf36574952c71b823d97f300d9cfe8a1353bde67cead91a5eb1bd1a8bdafaf830a062323a7ec476f905a0162404744b6013e85a08045ae85aeab04fc7754ab90ef6862c247df4468fe5b9893ff1581927803e23bfe8836193fbd685584f22eeee5dbf78006c22dbb60c15121d0ec8174465b9909afd3321303e4d6be133c845719f277762cc3f1433c0e21279cade6d59d6b967f078710bfa42d4facf0e9378494e67de8a6c4f54c09c75bd02838c3e8a8001180f3a7d88a88ee6520367f65f46296699b60997848d09e23630653cf541055fe3412fc9afae946fc0765828f4bab20aaac9187c23d83d5cdc3f0ab1831f61e2de2a2f4bf0826c086415512f74ca0233e42fcd1adfb545a614aae2fd0cc0ef0128e9e3c3f45a611d811df16335eb3404f5111414e9507c62cf51c04cb9f2eaf197a8001e8a43a6320689a64ade4458146321b072bb9cc3f154b2a6e45d5949e5c91a057ae243683f7c871eef16f7b01dc24a6018884303b0a0e60e9775885ed85d26eaae4f85869a96a30ef550f1ecacaa442f570f82cfd42012b3db574f65ec0fba6cd222b277e5501b1d72fd630770d027d3f174d46484334593520dfedd74760448f5c0ecdb0478a2e82d95a189c90e65aa5af7ee038ebedbab8b8e7ffbace7e05b6093c210de384d02d8bf62eeb78b9343b5f5f7691b285ce9542bdc090fd379491322d22ffa44bc40d3e2345df849db20174eb79465b5832e147d542093c175cf83cbdc7c8e314bbdf024d5a06e0166257276a70aea9c6df865fafb10589e527cd0b50e40a36a26c909c83c6125715f9338668109839863d387af08304d7169babbefbc792b4d2a30689240bece8af59bcdaecbc2a83d0985a8f27aa5a69aad137a7739f01e3c8be0f6d825fa9102dbfb51a755359cce9b274a6564ea36b4be9f07b1fa430f9ba55d7cda4dd592108dbea352187c0115416336aa7d912b30c8ab359570baf9ec827872405bae5574d23714abccf1fd11876b0f620b6b2a63fba8db9b263b6f7fe293f10d2da7731fb41f6f9464a43357f31b7022962c56b7f4144fb048dc53da26f0519d6a33d78a4fc89de3bf47dcfcc8487f5e623576077448b8bfddadf6791d797d6a96baba49db1d4410c5beb2cea678b3313a2583bf313fd5111b06cb60e496ed20bcf5bb21a6dea0a8e26b1cd274d85c292a1f4f5fa0ab83cac2896da8f9934851b14c146d4e849a6125529dc630274d297141e7a86eb980180fe953b63e7cbb94367faab7aec20ccaf3accf7ffcd89ae9c317824902ea75a54d873c2674d6059ebd794d6865315aa485eb97c23299aac62433aeac15f8a0e6ca47e88834308a3e5a9b636590e1238899215befeb29ee0aaf240b8c6f8076aa325788a0208cbbf15ea8056e8352a85e5afa6b8233bdfb406319b73d7c8642220c4a044e757608d33a170c7e8bf5992414dd1fa96d88fe507adeb9dbd335897abeb3c07fd4f5ee20e83b43eba1df3096c36c5cc214a907fd6643a2aa953bb11621a3e6ffc17f38162fe1b12702f735cc7a263f285a48c2b929ccd9346ac9f172d8dcafd91348ca808722592a8fb7fa4b5f384ef0c71e00ac72450d9a2cd25066edb393d984204c12d9df535dddd1303712fa85c1aea477a6a48f1dfd347f770b0b9706f6390690c75af898e1dc4b5106aed12fa009fc850dcefafab7232111072db128b1f2ab2bfb84e2be9437e3976cb96284f21ded32f4e3f12600891b585d88b76de7c0d1f203f54036d777b127dbefdf1623c77ae210db9", 0x1000}, {&(0x7f00000013c0)="d9b14a2915a9610dfa0984915f52a34ec2fe86a9e0d6f55b1ac1086745547c519c19b19df0eb99211efc95a0ed0539c02e7e1467cabd547dad457e98c029f4f8", 0x40}, {&(0x7f0000001400)="6d232dc4f6615a62594d96356ca04c015ba64fbea0b31a1ce427699b54b52a78e98de006618bbd62cfcf15718fcf8ada0caa5d9782192972cb5fd29dd633877d7e945b16c6a4478a7573c9ed8b770e3262590823a42475176486d9e948da2e25b3dee6b6a589bc534ac6fa0b4cbe528597628797bce852fcae69a48399d600623801c7a2933425e3659e368394bbd924669bb7758d93fd49d3d6c9b1d4dc7fba7460d28c37ec", 0xa6}, {&(0x7f00000014c0)="48eb8c4d285d64bfa58276ab05bcbc51b878939c1ed5675632c058b09cd099f9a28fdc1e5584faa8e391cc8aa8a66bc7cb4a1402d8d16a2a2869593863bda7b11d7cae8a63d4a244b3afe94bbffea788e0a5cb31c899213ae054c05c496d5b691917122923ccbb5613db5000d5156093f4c06efdd0c36dc6fceb361601414dbd54ee525bad476cc5bb8777def170c410ba6dd2a5e76736", 0x97}, {&(0x7f0000001580)="5be6e1fb38f67f9d8dbbca3df3b344617c6056231defaf9d73404688704ca0c8043a97a6d7167f984918bc37f6c817d06b5a31b44eef175a41b8ecd57f13616018cb48915a6fd4fb4c7f197ab555bdf0d413733fed08b678d950b9c247ff9fd850b892552ae7c90ca68fe8dff1ea1cbced767e67025f8827bfd444990e1e3014e6071512316bdb479658512e3f54692cc0f878edad89a94e020f3065f6d5bb6fb1f63d675ebaf3b48e923c4f9c0153778b37", 0xb2}], 0x9, &(0x7f0000001a80)=[@cred={{0x1c, 0x1, 0x2, {r3, r4, r5}}}, @cred={{0x1c, 0x1, 0x2, {r6, r7, r8}}}, @cred={{0x1c, 0x1, 0x2, {r9, r10, r11}}}], 0x60, 0x4000}, {&(0x7f0000001b00)=@abs={0x0, 0x0, 0x4e23}, 0x6e, &(0x7f0000002f00)=[{&(0x7f0000001b80)="1043c7e22a70f9e232f5bb5cba4272d2800696f94ab0d4b6785afeb460d1a303515eeb24a007c27c752da9bab0c0b25481be0d93cfd0d3617633d1b1c95a94747d27ca3071a5c7d0cf5911c09b105ee06c58b367411c0bbff51e5b534cc02de2bee854cb918d31fd45f4873b3583a4896b12f6c4fcd4dfae77cf212a54d251cbad9da4a952b0313c30b32732f6731fea3c1cab9c89df85f22d08a4651ea49b03ac71d516d963ccff91f17521710afa99e701668195b8f529aa0f7fbcc60fc05ba3c316a2990c9a9f6895820ff157e125f69a4437af5544f9797687c8ad0f329ebaa14ec7bdf231092df3", 0xea}, {&(0x7f0000001c80)="2bf3e2dad7fb0ee102d2756bfaa271deedd2769a46aefadc0a20fb2366dca43e8bd62ed278798d2addcbdfc32d2db1dc58cf2d9dbdf9493dac2d340d9b78ed64fe44e449dacf38c5690cfd141b05bf3a490acb11b8b4d6aaa03b2e932b82c1c8239b4c6053a7dd92d1bd931960b48194975cdefae70e092532f01e33340b6409c4997d9b802f546b6adee98f9b1e6e04412a34714b03e0e0b8c1562dded181b37b92261047acc2d96697385142e5930d3d0a773c6b5c0005b69f7d6b1bb62d0e6ca6aa331267abd24815c33cf8502f1426998cd6369e67d50d432d353d1b66804493009b8d71445d2b37910a48d37d9b3f74286a3cf26363f1e67c03e4f29c8892661e7927971fc732da7c138799db33073a24de31454aabd249244d75a33483b02dc1eaf92c0bab30b2b6d6aa778eba31b9d851ce467912c70dd50c23c226d150eea3bf0e68102a46040befc618e3734a08587291bfe7d424d2c552c8a5043f5536090d45d9377fc8d2324627afa0c5510dac8f2835d14e8bb4ef88d4bd6ec4066adce490e059b9f9e8697932e96c35acc7eadc87a5cf5c2ee653173855cf2fb796abf27fdfd3b1b41a3889ff909adb47f00f4dda781d67a1376692630380a36c1e76d0efd39d1d1176949cc76e02ee3b4f649388def93803455bb7c33386b3b9af049fccfa9a3cb5bcbbfc57686f39d110419e4037c3f58f686745327ac9f1bb2ab04516d87c43e8e41485a84910402495138f4f3e718393316b6e88a90be52da1212644b2db03a0fcf333cc316943430bd185019cc51846d01a4c59ba68e59b57af739605f6cf57c0864b93ec6f3604efa8450dd625025c4f32fe0a13880f672ce2306da0a0eaa79a3dbff43984f212cbd150bc40b6419fc3f69923cced2c9c80df2408b660af1a6b781db6859ac69334079adeda1d05e72ef605f1204e6b7a9111c5acc06b39692bfb6e1df88f193a82a764a7568a73ede3ad630bc158be76945163f4b80aef253450c747e59817004a185edef8f8cf0d2fa9c9a72b77c687b9ebe5c2dc496316edd5f6d53237c7deee214fa2addb52fd0bea9acdd81beaccf820884b03112a8dc7baaa2ac58807fb33661ca116de32e2664f2f3cd5587de6cec925f7fa10ba99566d64bfb8be327eba7758c4ac87e847ce32304e33b1aed744a75ef646faf04fd8db631fd655a85ac4c1eb65fa69e7b5d4c46b3e2f74029c2368d0dc2d9d58ddd963b998e54690498b0a1475b84b7233cbe7b26229bc341fd3b5cb7cc8ebe6f4569aa011b2861fe574d1ae6b82c827bcef779cdfdc57ebb537f41602ee04640af31dbc1dd5939873d303a3849395900b2e7ec3142238e4504390ed3dded552461f2ad512ac86aacc22247998c60796a315bd2484b5a99e81dd2ea93e38b2f2b877a9dbb21361248e7295728a9239774a69050e4ca561ef5e89e1a12e755e906d3595ea2a68b463dbdb45fa01686ab261f35a1daeaa68f426720356ef3f34efa87702169d3ec493cc4b625203f1321400f40d3197456c77e1835944535ee83da502ca8999bd6d83be19e3e896ba3b8958b71d0ddee9c710d20b09d7c4e13d51ccc95a6cb54e709898b0b3b80e4eb131894948eb63a4cb73326bb24ec650bbec6f27feb4e4cc6d0040f058b66842e031b70fa3f35b7998217694e767b461511fe8433b0b884f125bda5d7c01ed28f161b33cf128cfa6e4fbc456037143247d3c2a49ee73fc99144aaf21944c2ef32075153cb94da1ffd8232aab462d2ff97521021c3274aa1e7c3dd389770d835b3d9a20af7c9bfb007fdbb59f374133f5cba2a246d72206dbbe9c7106ee88f7b8e94b731b99a1ab83262af72c3e39b30c5890e7b1baa10346c2683e3ed0e24ee70f421f5240aa4115054b4db730242e4d554801d5ebe363cf0d4a6503d3fbf22eb1e548909d9862b4a8397bdfa22eeba7e4c851126247d266f1c2433827abeea2141fb81cf896420dcb566761d6aab21f084a87f7ad07a421d64a2da9c476fb4e3902baa1584de7967a4544e84f4ffc623230099272c2cab021f2e6377f4d611d4907f4acae793bfc51af7e422e592f8a80ce3a16f68a0e15372e87cf6a79298e97b00811fb509cb9ce331d65ed101519da15ccb0ddca00281ebe98fc5ab2aff82131117ab8125101093275c79f7afc88bf488d3e6b99708f98f2afb942bcd4c885d7d02109ec443fc00ee001f42b67cd0a2f6b9df1ab4e322ef24d1ba5d700baa2fca5a5d63f57ade544456de80e1a01d9c8b9c82ef3bea33993bee22abbb667c49fb206e33788c4be6bd447a5017150be1f1bde7ac80016178314c1d9a397565a46bcac3010f23a5a1735478e16eb2292bd97ba3296d406a198a1c9b3d99ce533083e9528444c1099b7ce86ee17d5e38bdf05842af10a5419395e27d0e60a38ec8be7279f51ab91c1f4fef00e432f9f6e15d04e1864c8ab95e96031fb3ca7e0bc09188302592ed989699a391e31cae57b06d707c6e01d0ab90f24761b5552f64b91246fa43844984a955280640e13011809754d854062645de390f2c98da2ede973847e663b40558a5d48b32b85e05205b020bf94068558897030744e221f8842206b25eb93ab2655599e9349d5d076dca518d819805dd3eab8cebd7b6b6a589bfa7735632af33d7eef33f6245db1820a67e58a29ea1247612f72c2cf9dba5a9c313ab47f254b27410faf53fb8dafefe641f8774d3456b5a399560529ddfefa64b20fd76574abd952ee50d2eee226f12e35de29798b13595bffbba182e04587c8d46fa21d8da5b28e95180056bc8def013e9e496e71b79c54052d259bfce643bf2632c9e45a729402fc4b36dcad5cb02a4300c58aa67b0424b6135eaf197f04e835a72f54ad76974ffef774c618b88526542397326ee8668b30ccd2cdc62b5c090cb624c7c13db314db26be4bf81723bc248a7a0975507783112cb22c541477020dc11c1030c0548ca7d51d84633bfa9d0fd148efebbbcae5ed55f845f8cdf1a8ed1fd0ea6b81670660806e3777f32aa02839e2cfd4b98c2f2da975b2f9263759da88ef766d29d355413066ee376ac58a08cf2b60cd577a1a8e2b552bfb4752eb8ce6ceb6a4e13bfae9073e1444ded8c31d7a3dca2317e56d10d17a8da54aeb90e03bc2600150d1c5304661a3f33104a6e4b3e96a1ea3bd35a357f2a3ed12e735beeacf5961ac12b48a4cbc3c861e790056e16460b961132ca3c6ff1078938fb969d9290ad7b714bcf23d017685fc0be3edbad2215f0290d1ad26c85ad050a5110d7cc2e8dd00aa5a8920db16fd659a72d95ace888f6cd39d740d21fbf3d9d32dd4a78dd4374edae01e4b4be4f73a8f7eda1587fc2d3a7963b11ef172d759878bc27e75803384055f386eb90759fae5fb1d3ba5114dcfdf4a965249fbda64dd9d25a7a01e0f2944e978e1d4fb934b2be7799a1cf6fcc6b34385b57f880ebfade6f52dbbbe0bf4add3b821742afc7123f70364004e1478ccf4c8a682aa7e9c7ad23a52de67be6096d5a007f6d83e275452766b65ac7349b10137f215fe5d4ece36e099320fb645e4cde5f6527f52dcf9292d353703b0174fac0a9075993a81822b102e46d90c92b3027d76b4e13769c1c4979352b41e3012137893c0e2bb0cc5e05290d75fc6119026e9ad7c85e8bf52e3af57ea34a07a55af88afbcd7fc4024c1a4a33f29fa246ed0e8abeacf57a404172e9a32344f3b7391f47cfa6463fb22c5250a6a3572c48a785a26e4092b5d80dcaf5ab0e3699a0f362b0a3c8032b603f1b14102674f00e3ba71549d4213fd2102289fb0156e87ad56162b0d29100b4e39a995aa4db650535a19a23ae2c4085cbcb73e1da779d6da9b29b1676df7ee1a1117d44f6bd07b7e2c7436defa9da83da20c1d22b3214a90c47f15baf0fe75802fdb66e1d3d6479ef2329ee14c6823d8d6060cf90067306073f83a224ec7a5c78610fbecdce5ec1139b349a4ba781244a0a64df96af1f100c4d4f703592c22faa20059f45404f0f64259d936b313c0b2a9933cfbf6038447347ddc516998cff510ce7fb14ce0b22fdffb44eb42f675417ba20903f88a0e511296e7bb6262e65d6ef157a509eb63f865cef5f27f606fdf0f7ff82bc9380296379f2381b55ad06e8e5871438ee413f59956062139e5cc28dd4c80ca92d4229e58c8924f911ce72bf6a9b573e7644968cba1610f0563a089294e3191d78830b305790a15123c4c931f3b2cbf512b7f351209e3b8c168dde9374dbde69c3bafc6147ebd31b85e7b466249ac3b32dd653408a553114d3c2a5dfac9f85cde9a898a24a7b126ef0c1609ce04c1ca05f5140419956d641ec0eb9ccbea10490054b2e0dadf36f32256f3e57ef385b5b8cb87c7a0cbcbd042818074710d6506679db5f22e356fd79402e1f69343c64bb13be8512c2bcf5ca44691f9224505836264305e396f71de26c379a151a9e9e20f8b3e11ce894bc9f2cc24abf501430bc33afe7770f98ed7ae8c265032a05757f2dbc92880e51ba86a75acb41ee543a5e30939c37d4812de1d7a0a8dcd818ba9c4b642f38603b262a73520fe5990dbe9c323d7da5c489bc573018665af34b866049c12a90e2c5e13416fbd284279ec1029eb3ab5611c4563eb776bce9a794f24359d1e6a37691c0044b6807d6f02fac1aab98abc4a34b37d21598a6306907346132fede4a4c7e294ebf769d3c00d216844dccfaf2dcafcda5c0cdafdb4a03a7c1a7bd3de5510be3090cb9495f19c1538d6025b4b46b686bbceb802b050d7ef39dcaf3ca824cc16bc40b7dbb8fda03dc7b2e29c5b49664d1e23490d18091e31e2684e756a1282142b56380719479fa354d4018b02e5c68ca5f514c7c7ac4ff59810b43041d1493042eb6f3fcfe46e9b4d5b7622fda55c3685403a6abc829e978f86963819bfc13455d493bc8530d6848434d307558a6ebe15c58e938eefb136e4d5271b3da9523b1b26e3e095e5a760829f06324a4832ae136e11de4b80b4bd7af43de0d40b683d7f48b8a0491b1b43e2f8583b7632cab9ae1c2ce276262576e126f321565dac43b8e1c1e2b4b137214ace44e2f35daeddf4d1378a880eeccc7293c311e1b91183be4239f6114a7286d7b7c941e75d1342778f0b12f6df9ed747153c3764f19ac7d3f7f815fc794834ced366396050d6f306c856c1aabcbe6b42bdc7e7b5f0b7cb6bde0fe5d9021a6832361b2f4f49497537824a1e860dcc545b1f5bc82bceb196cf26768938d411555d35c6a65e774021c445cc66d213aaba4d8944c84f2875b8dacbd2338c018821f9f3b7f57289309f5a194e350e2f1ab9940f73e4d6ded538b0e2e939889033bdfa1ed49f8b36372ae9a84c3312363cff525d682fb22f63db18881ac5fc31c35aa1842d005d1c1e465bf953466dcaa6c507983b4cc27ae52c60e43d2a3b07020f3904fdcd7d9ef972b6b9672692e86a9e25e7e1edf11fbbc21e638e60cd02fafdf65dce7973feff746e35ae08918a9a97bc74d63479517a13872d0f8981f8d9608201a0f88298a417e92d825c1c8ced8e48fdc04add27326adffd312981b7dd26af1e8c771480ed912778b90c9a793d9682ad09f98460087a060217df102322042b5e7aa70fe1546c65882826d910c44b320c716eca2b8efc617c2084637250726d2f259f11b67594dc23d9ea3cab336a8a47692107f59d5cf69321677cadd36e8e959a76ca9c6b7b2ec5a9b0e5d785cbcdae4f1570d5677a1559e71c1780d18a5bc98065d50f65e91c52f3d6489bc853e137bd47bf1f50", 0x1000}, {&(0x7f0000002c80)="b5d876444f2af9dba091d63138fbf1ef77cc1aec3de7e461203b76d0da1598999afd0c3a48ec3d2c192b3524cdce302f42dae081bf75f1333ea284db3c7ebd26d5f823acce7c8f15b04c66430a2830b30f86b0a66fbb867522f6552edc5df8aa0f370d53ae385d8ce0b4a88c04263c1788b9386e844fba73306e302503abd4616ecb570cff144e4ceff15797a37f0912150dbfaefb6a1a6795df99a9a928645d9d25a02244921e9946d2bfa01f94c5b83dcb4021de932f3417db90c981e173ec09b2ed561365a1a576b96b516ad4df40b1a77448022e8ee95ec6447b323aa1a44fe185f72de3019455ae8cb1f62cc0", 0xef}, {&(0x7f0000002d80)="2fc23b1e139f91cf8e4bc840b5ee8580d8d0bcc147982c2fd0f0beaa8d6924c30891fee33a6dbf766fab69e9dddb29ff5c4ea93706b800ac72aefac4bde5cdac3348399b4aa55bcc5b99ffe6574bf53f0ba4dc60fa1f349cbfa3229878106d42c3ca71d614cb6173c74c706b0c6dde4b8db2b5a8bf8343a0954fa0931760d1a21f78f1d41f3e79d2d4634e228aca7755bc326b7aad89eca36d309a72e18369ff56f2a3bc8924806843d1ab2bad199b9706980e7d6bba601778", 0xb9}, {&(0x7f0000002e40)="55e7bab9b28db08c90dfe424f9f10bfe91f6e2bf821e488db1bbab2b5b7e5ba95a2cf9a32c2bed9513aa9ffb1a73cb71d7f620c2cb974d2d8c08916da799e897c2cacb29f24a425fef730220da1bad58a8e166222c7f34a84e393fa38503dfa5638ed9c12b0c3a4608b0ba34246e4db53eaed1a171db008c79d4e38912db2698af868c0ed6e21977e556ce7081d9290f1da4", 0x92}], 0x5, &(0x7f0000003200)=[@rights={{0x30, 0x1, 0x1, [r1, r0, r0, r1, r1, r1, r1, r1]}}, @cred={{0x1c, 0x1, 0x2, {r13, r14, r15}}}, @cred={{0x1c, 0x1, 0x2, {r17, r18, r19}}}, @rights={{0x28, 0x1, 0x1, [r0, r1, r0, r0, r0, r1]}}, @rights={{0x14, 0x1, 0x1, [r0]}}, @rights={{0x28, 0x1, 0x1, [r1, r0, r1, r0, r1, r1]}}], 0xd8, 0x80}], 0x2, 0x5) [ 499.546382] FAULT_INJECTION: forcing a failure. [ 499.546382] name failslab, interval 1, probability 0, space 0, times 0 [ 499.577234] CPU: 1 PID: 18381 Comm: syz-executor.4 Not tainted 4.14.134 #30 [ 499.584403] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 499.593947] Call Trace: 03:38:06 executing program 5: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = getpgid(0x0) pipe2(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) ioctl$DRM_IOCTL_MODE_GETCRTC(r2, 0xc06864a1, &(0x7f00000000c0)={&(0x7f0000000040)=[0xd742, 0x5, 0xc6fc, 0x1, 0xffffffffffffff54, 0x9], 0x6, 0x2, 0x0, 0x1ff, 0x2000, 0x200, {0x9, 0x3f, 0x6, 0x4, 0xd95, 0x1000, 0x1ec, 0x6, 0xc0, 0x97b4, 0x2, 0x1, 0x40, 0x5, "97534d0b57e74f5192036e5d3f79927678f8d0d984d7eb8ea51c903609d80c77"}}) r3 = inotify_init1(0x0) fcntl$setown(r3, 0x8, r1) fcntl$getownex(r3, 0x10, &(0x7f000045fff8)={0x0, 0x0}) r5 = openat$null(0xffffffffffffff9c, &(0x7f0000000080)='/dev/null\x00', 0x0, 0x0) syz_open_dev$sndpcmc(0x0, 0x0, 0x0) kcmp(r4, r4, 0x0, r5, r0) inotify_init1(0x80800) socket$inet6(0xa, 0x2, 0x0) [ 499.596697] dump_stack+0x138/0x19c [ 499.600350] should_fail.cold+0x10f/0x159 [ 499.604903] should_failslab+0xdb/0x130 [ 499.608983] kmem_cache_alloc_node+0x287/0x780 [ 499.613593] __alloc_skb+0x9c/0x500 [ 499.617330] ? skb_scrub_packet+0x4b0/0x4b0 [ 499.621794] ? netlink_has_listeners+0x20a/0x330 [ 499.626748] kobject_uevent_env+0x781/0xc23 [ 499.629552] sg_write: data in/out 167162/24 bytes for SCSI command 0xff-- guessing data in; 03:38:06 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) lseek(r0, 0x0, 0x36dacd3511a5a8eb) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") r1 = syz_open_dev$sg(&(0x7f00000000c0)='/dev/sg#\x00', 0xfffffffffffffffd, 0x8045) ioctl$LOOP_CHANGE_FD(r1, 0x4c06, r1) write(r1, &(0x7f0000000100)="b63db85e1e8d020000000000003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1acfbd6cbf87798a9b02de7a91a3cbdfa009cf75a7eadb2a00", 0x48) readv(r1, &(0x7f000085dff0)=[{&(0x7f0000000000)=""/62, 0x3e}], 0x1) r2 = syz_open_dev$vcsn(&(0x7f0000000600)='/dev/vcs#\x00', 0x7fffffff, 0x200000) getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER(0xffffffffffffffff, 0x84, 0x7b, &(0x7f0000000640)={0x0, 0x5}, &(0x7f0000000680)=0x8) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r2, 0x84, 0x7c, &(0x7f00000006c0)={r3, 0x2, 0xd8}, 0x8) r4 = syz_open_dev$sndpcmp(&(0x7f0000000080)='/dev/snd/pcmC#D#p\x00', 0x52, 0x400) ioctl$PERF_EVENT_IOC_REFRESH(r4, 0x2402, 0x401) write$uinput_user_dev(r4, &(0x7f0000000180)={'syz0\x00', {0x7fffffff, 0x1, 0x1, 0x2}, 0x17, [0x7, 0xf8c, 0x7, 0x6, 0x9, 0x4, 0x10001, 0x4, 0x0, 0x8, 0xfffffffffffffffd, 0x9, 0x1, 0x17bf2d1c, 0x2, 0x7, 0x2, 0x7ff, 0x1, 0x7fffffff, 0x8, 0x10000, 0x7, 0x1, 0x0, 0x7, 0x61, 0x6a4, 0x1, 0x3ff, 0x3ff, 0x92, 0x9, 0x6, 0x2, 0x4, 0xffffffff, 0xfffffffffffff801, 0x10000, 0x20, 0x8d, 0x2, 0x7f, 0x8, 0x4, 0x0, 0x400, 0x80000000, 0x3, 0x9, 0x5, 0x401, 0x5, 0x6, 0x395f, 0x7, 0x7, 0x4, 0x9, 0x8, 0x8000, 0x39fc, 0xf2b, 0x1], [0x0, 0x400, 0x40, 0x0, 0x100000001, 0x7f000000000, 0x400, 0x0, 0x9, 0xacc4, 0x0, 0x71d, 0x0, 0x0, 0xfff, 0xffffffff, 0x6, 0x1, 0x7, 0x0, 0x909a624, 0x101, 0x9, 0x2, 0xfff, 0x316, 0xe1, 0x9, 0x4, 0x7, 0x1, 0x20, 0x2, 0x4, 0x5, 0xa9, 0x1000, 0x6, 0x8, 0xec43, 0x3, 0x4, 0xfffffffffffffff9, 0x40, 0x200, 0xffffffff, 0x7, 0x1, 0x3e3a68f, 0x3, 0x1e07, 0xcc30, 0x0, 0xff, 0x9, 0x153, 0x9, 0x1, 0x5, 0x4, 0x0, 0x5, 0x0, 0x731], [0x4, 0x40, 0x400, 0x1, 0x3, 0x10000, 0x238, 0x1c, 0x7c, 0x9, 0x35, 0xc8b9, 0x1, 0x5, 0x5, 0x3, 0x3, 0x6, 0x2a50, 0x0, 0x80, 0x80000000, 0x102, 0xe00000000, 0x8, 0x7, 0x5, 0x5, 0x3, 0xfc000000000, 0x3, 0x3, 0x3ff, 0x2, 0x80000000, 0x5, 0x8, 0x13c, 0x9, 0x7, 0x8001, 0xae, 0x0, 0x1, 0x400, 0x5f, 0xfec, 0x3, 0x5, 0x401, 0xddb, 0x1000, 0x9, 0x9, 0x8, 0xf8, 0xffffffffffffffd5, 0x9, 0x1, 0x0, 0x434, 0xfffffffffffff039, 0x8, 0x2], [0x6, 0x7, 0x6, 0x22a4, 0x8000, 0x0, 0x7ff, 0xfffffffffffffffc, 0x249436cf, 0x7fffffff, 0x5, 0x0, 0x6, 0x2, 0x7ef, 0x4, 0x3, 0x7, 0x5079, 0xffffffffffffff00, 0xd6ecdd, 0xff, 0x52, 0x2, 0xeac0, 0x0, 0x9, 0x2, 0xe2d3, 0x2, 0xd5, 0x5, 0x0, 0x7fffffff, 0x1f, 0x1, 0xbc9, 0x1, 0x40, 0x9, 0x4, 0xcbf, 0x3, 0x10, 0x204000000000000, 0x89c, 0xffff, 0x1, 0x7, 0x7, 0x8, 0x101, 0x2, 0x7, 0x200, 0x7f, 0x8, 0x1, 0x8, 0x7, 0x7fff, 0xffffffffffffff81, 0x5, 0x20]}, 0x45c) [ 499.629552] program syz-executor.1 not setting count and/or reply_len properly [ 499.631792] kobject_uevent+0x20/0x26 [ 499.631806] lo_ioctl+0x11e7/0x1ce0 [ 499.631822] ? loop_probe+0x160/0x160 [ 499.631833] blkdev_ioctl+0x96b/0x1860 [ 499.631842] ? blkpg_ioctl+0x980/0x980 [ 499.631860] ? __might_sleep+0x93/0xb0 [ 499.631870] ? __fget+0x210/0x370 [ 499.631891] block_ioctl+0xde/0x120 [ 499.678941] ? blkdev_fallocate+0x3b0/0x3b0 [ 499.683372] do_vfs_ioctl+0x7ae/0x1060 [ 499.687549] ? selinux_file_mprotect+0x5d0/0x5d0 [ 499.692329] ? lock_downgrade+0x6e0/0x6e0 03:38:06 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uinput\x00', 0xfffffffffffffffd, 0x0) r1 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/autofs\x00', 0x101200, 0x0) setsockopt$inet_sctp_SCTP_DISABLE_FRAGMENTS(r1, 0x84, 0x8, &(0x7f0000000080)=0x86c, 0x4) ioctl$int_out(r0, 0x2, &(0x7f0000000000)) write$binfmt_elf32(r1, &(0x7f0000000100)={{0x7f, 0x45, 0x4c, 0x46, 0x7fff, 0x1f, 0x40, 0x1, 0x8001, 0x2, 0x0, 0x6, 0x29d, 0x38, 0x146, 0xf5, 0x6, 0x20, 0x1, 0x3, 0x401}, [{0x3, 0xfff, 0x2, 0x100, 0x7, 0x3, 0x2, 0x1000}], "ea3f5f9fe5d3276a019daea5297a09fe98b987312aed19cb5342d9384ef5ae4af6ac0786f224105f8d58a4e573399037512af3b9894e3144559a1644381e071503464065e1f2b0c4183b08a105f0cfb183d14b9a16759883e5a7ec092ebb97747e924686", [[], [], [], [], []]}, 0x5bc) [ 499.696681] ? ioctl_preallocate+0x1c0/0x1c0 [ 499.701114] ? __fget+0x237/0x370 [ 499.704599] ? security_file_ioctl+0x89/0xb0 [ 499.709122] SyS_ioctl+0x8f/0xc0 [ 499.712699] ? do_vfs_ioctl+0x1060/0x1060 [ 499.716879] do_syscall_64+0x1e8/0x640 [ 499.720874] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 499.726102] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 499.731396] RIP: 0033:0x459697 [ 499.734617] RSP: 002b:00007f4eb8d06a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 03:38:06 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") r1 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x8046) write(r1, &(0x7f0000000100)="b63db85e1e8d020000000000003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1acfbd6cbf87798a9b02de7a91a3cbdfa009cf75a7eadb2a00", 0x48) readv(r1, &(0x7f000085dff0)=[{&(0x7f0000000000)=""/62, 0x3e}], 0x1) fstat(r0, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0}) r3 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000240)='/dev/btrfs-control\x00', 0x40000, 0x0) ioctl$DRM_IOCTL_ADD_CTX(0xffffffffffffffff, 0xc0086420, &(0x7f0000000280)={0x0}) ioctl$DRM_IOCTL_DMA(r3, 0xc0406429, &(0x7f00000003c0)={r4, 0x1, &(0x7f00000002c0)=[0x0], &(0x7f0000000300)=[0x1, 0x6, 0x6, 0x0, 0x7f], 0x0, 0x4, 0x8, &(0x7f0000000340)=[0x4, 0x68a, 0x1000, 0x4], &(0x7f0000000380)=[0x0, 0x223c, 0x2, 0x4f1]}) getresuid(&(0x7f0000000180)=0x0, &(0x7f00000001c0), &(0x7f0000000200)) setreuid(r2, r5) 03:38:06 executing program 5: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000100)={0x26, 'skcipher\x00', 0x0, 0x0, 'lrw(aes)\x00'}, 0x58) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000340)={0x0, 0xffffffffffffff9c, 0x0, 0x2e, &(0x7f0000000300)='keyring}usercgroup!${em1wlan0usermd5sumcpuset\x00', 0xffffffffffffffff}, 0x30) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000380)=0x0) r2 = syz_open_procfs(r1, &(0x7f00000003c0)='net/ptype\x00') ioctl$TIOCSSERIAL(0xffffffffffffffff, 0x541f, &(0x7f0000000180)={0x1b44, 0x10, 0x0, 0x1, 0x5, 0x0, 0x0, 0x635, 0x8, 0xffffffffffff0000, 0x5, 0x0, 0x6c95, 0x8, 0x0, 0x0, 0x0, 0x4}) preadv(0xffffffffffffffff, 0x0, 0x0, 0x0) socketpair(0x14, 0x4, 0xfffffffffffffffd, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000040)="0a0775db7b2803b4f0a12585675d26b0d5e383e5b3b60ced5c54dbb7295df0df8217ad62005127000000000000e60000", 0x30) r3 = accept$alg(r0, 0x0, 0x0) r4 = dup(r3) write$UHID_DESTROY(r4, &(0x7f0000000200), 0xffffff77) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) recvmmsg(r3, &(0x7f0000004580)=[{{0x0, 0x0, &(0x7f0000001440)=[{&(0x7f0000001340)=""/239, 0xef}, {&(0x7f0000000280)=""/24, 0x20000298}], 0x2}}], 0x1, 0x0, 0x0) ioctl$PIO_SCRNMAP(r2, 0x4b41, &(0x7f0000000080)="6a023e1dc46d98d2") openat$pidfd(0xffffffffffffff9c, &(0x7f00000002c0)='/proc/self\x00', 0x80, 0x0) ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f0000000240)=ANY=[@ANYBLOB="faffffffff40ff020000000000000000010000c5a7620000000000", @ANYRES32=r3, @ANYBLOB="00000000feffffffffffffff00"/28]) openat$fuse(0xffffffffffffff9c, &(0x7f0000000000)='/dev/fuse\x00', 0x2, 0x0) ftruncate(r3, 0x0) open(0x0, 0x0, 0x0) [ 499.742486] RAX: ffffffffffffffda RBX: 0000000020000228 RCX: 0000000000459697 [ 499.749777] RDX: 0000000000000006 RSI: 0000000000004c00 RDI: 0000000000000007 [ 499.757312] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 499.764599] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000006 [ 499.772056] R13: 00000000004c88e2 R14: 00000000004df6b0 R15: 0000000000000005 [ 499.779636] protocol 88fb is buggy, dev hsr_slave_0 [ 499.780222] protocol 88fb is buggy, dev hsr_slave_0 [ 499.786691] audit: type=1400 audit(2000000285.959:2213): avc: denied { map } for pid=18390 comm="blkid" path="/sbin/blkid" dev="sda1" ino=16128 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=0 [ 499.834719] sg_write: data in/out 167162/24 bytes for SCSI command 0xff-- guessing data in; 03:38:06 executing program 0: r0 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vga_arbiter\x00', 0x200380, 0x0) ioctl$INOTIFY_IOC_SETNEXTWD(r0, 0x40044900, 0x1ff) getpeername$inet(r0, &(0x7f00000000c0)={0x2, 0x0, @empty}, &(0x7f0000000140)=0x10) write(0xffffffffffffffff, &(0x7f0000000040)="06", 0x1) ioctl$TIOCMBIS(r0, 0x5416, &(0x7f0000000100)=0x2) mmap(&(0x7f0000000000/0x7000)=nil, 0x7000, 0x80000000004, 0x11, 0xffffffffffffffff, 0x0) ioctl$KDADDIO(r0, 0x4b34, 0x0) r1 = socket$inet_dccp(0x2, 0x6, 0x0) getsockopt$inet_int(r1, 0x10d, 0x1, 0x0, &(0x7f0000000080)) [ 499.834719] program syz-executor.1 not setting count and/or reply_len properly [ 499.844448] audit: type=1400 audit(2000000286.229:2214): avc: denied { create } for pid=18392 comm="syz-executor.3" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=0 [ 499.883039] audit: type=1400 audit(2000000286.279:2215): avc: denied { create } for pid=18392 comm="syz-executor.3" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=0 [ 499.943054] audit: type=1400 audit(2000000286.279:2216): avc: denied { map } for pid=18419 comm="blkid" path="/sbin/blkid" dev="sda1" ino=16128 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=0 [ 499.979647] audit: type=1400 audit(2000000286.319:2217): avc: denied { map } for pid=18416 comm="modprobe" path="/bin/kmod" dev="sda1" ino=1440 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=0 [ 500.002976] audit: type=1400 audit(2000000286.369:2219): avc: denied { map } for pid=18422 comm="modprobe" path="/bin/kmod" dev="sda1" ino=1440 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=0 [ 500.033474] audit: type=1400 audit(2000000286.369:2218): avc: denied { map } for pid=18418 comm="blkid" path="/sbin/blkid" dev="sda1" ino=16128 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=0 [ 500.058976] audit: type=1400 audit(2000000286.369:2220): avc: denied { map } for pid=18423 comm="blkid" path="/sbin/blkid" dev="sda1" ino=16128 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=0 [ 500.087935] audit: type=1400 audit(2000000286.369:2221): avc: denied { map } for pid=18426 comm="modprobe" path="/bin/kmod" dev="sda1" ino=1440 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=0 03:38:08 executing program 2: socketpair$unix(0x1, 0x0, 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="2001000010db55000000000000649bdb382db60cdb35feaf0900000000000000000000000000201483d9b22701010000d08a38cd02fa9ed7d2"], 0x1}}, 0x0) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x38) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0xffffffffffffffff, r0, 0x0, 0x0) 03:38:08 executing program 0: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0xffffff7ffffffffd, 0x3) setsockopt$netrom_NETROM_T1(r0, 0x103, 0x1, 0x0, 0xfffffffffffffe99) r1 = gettid() ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f0000000280)=0x0) prlimit64(r1, 0x6, 0x0, 0x0) r3 = syz_open_procfs(r2, &(0x7f0000000000)='net/dev\x00') ioctl$BLKROTATIONAL(r3, 0x127e, &(0x7f00000002c0)) r4 = syz_open_procfs(r2, &(0x7f0000000240)='statm\x00') mq_notify(r4, &(0x7f0000000200)={0x0, 0x3a, 0x1, @thr={&(0x7f0000000040)="6ba507d47368b5c10a200a618b4f9a008f8d0d8d614293f64a3756623e087b6b95160fe26c4791b344aab408e6e5a81a9c304d77c83cc8b9ed4856c5c9a563b8c65ecef67f149009fa6c5e3d25d24e62a508c70a45e852943f2ef9fb0ac6d4f919e0bdc55224e8c72e88744b823517d29275189ef28ead2577977ee77acefb64df92e343013b25bc487177313860b2415331b42884d4097800f97f94d635e8517d68c5e7", &(0x7f0000000100)="3877fdf0ff5f2f6c0398bdc7b770af452ab02dec68eedff5350a7a973291eb5379f4539769682272ea7914bd939c2c2c2368bd27407976632c941d7191170781946c51c2267bafc5fff685fae6bfa379d5341cf474de7f188d8984624c15434130459d20c3db9aa68ee298675ed894a7cf267c49f94f2fd5944c5facd93a01f0c5a75e52e09d9a692e5ef25ed9a3414e957c5f17d95473254fcfa457bf03542c24d073c49bd7d6ad67ff04069bdd96a0a423bc2423f868ab7a7605eadf1f4d69d5a23e0df70174a88d623d9af4"}}) 03:38:08 executing program 3: mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000180)='/dev/fuse\x00', 0x2, 0x0) r1 = syz_open_dev$midi(&(0x7f0000000540)='/dev/midi#\x00', 0x6, 0x2) getsockopt$inet_sctp_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, &(0x7f0000000580)={0xb78d1c9, 0x8001, 0x12b7, 0x7fffffff, 0x0}, &(0x7f00000005c0)=0x10) setsockopt$inet_sctp_SCTP_ADD_STREAMS(r1, 0x84, 0x79, &(0x7f0000000600)={r2, 0xda77, 0x100000001}, 0x8) mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='fuse\x00', 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) mount$fuse(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000140)='fuse\x00', 0x0, &(0x7f0000000280)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xa000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}, 0x2c, {[{@allow_other='allow_other'}, {@allow_other='allow_other'}, {@allow_other='allow_other'}]}}) 03:38:08 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") r1 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x8046) write(r1, &(0x7f0000000100)="b63db85e1e8d020000000000003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1acfbd6cbf87798a9b02de7a91a3cbdfa009cf75a7eadb2a00", 0x48) readv(r1, &(0x7f000085dff0)=[{&(0x7f0000000000)=""/62, 0x3e}], 0x1) 03:38:08 executing program 4 (fault-call:1 fault-nth:32): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f0000000380)="8da4363ac0ed0000000000000000004d01000000000000000000000000000013fff6f2a2299748aeb81e1b00920efd9a000001000000000001000000000000005f42485266535f4d860c1317278d451fd38e4071a1e91c0523b67fecca5b668ef40000000000000000e4bd9fa7c5fcb3aefd8d4a6c4952162a5a06316567de06abe647d21f253840c118ae9982c6c238e719ccfbd8f5ee215e30bf31f59401e921c6a9fca5349ebf4294d39b5931232929caf81701a7540962141efc672ae1459ef04de89c7a092e7f", 0xc9, 0x10000}], 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) 03:38:08 executing program 5: r0 = syz_open_dev$dspn(&(0x7f00000001c0)='/dev/dsp#\x00', 0x1005, 0x0) syz_open_dev$vcsn(&(0x7f0000000000)='/dev/vcs#\x00', 0x6, 0x400000) ioctl$int_in(r0, 0x5452, &(0x7f00000000c0)) [ 502.520572] FAULT_INJECTION: forcing a failure. [ 502.520572] name failslab, interval 1, probability 0, space 0, times 0 [ 502.554972] CPU: 1 PID: 18440 Comm: syz-executor.4 Not tainted 4.14.134 #30 03:38:08 executing program 0: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000440)=@allocspi={0xf8, 0x16, 0x31d, 0x0, 0x0, {{{@in6, @in6=@ipv4={[], [], @multicast2}}, {@in6}}}}, 0xf8}}, 0x0) r1 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vsock\x00', 0x82000, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000080)={'team0\x00', 0x0}) sendto$packet(r1, &(0x7f0000000040)="098ddc3bd3e35e3021a2cdc3d2d8947750331614355372c64a8041ba11170f62562c45e23060ac7530b000b70837f3d6df8d", 0x32, 0x800, &(0x7f00000000c0)={0x11, 0x1d, r2, 0x1, 0x7, 0x6, @dev={[], 0xe}}, 0x14) [ 502.562126] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 502.571483] Call Trace: [ 502.574080] dump_stack+0x138/0x19c [ 502.577719] should_fail.cold+0x10f/0x159 [ 502.581878] should_failslab+0xdb/0x130 [ 502.585858] kmem_cache_alloc_node+0x287/0x780 [ 502.585878] __alloc_skb+0x9c/0x500 [ 502.594088] ? skb_scrub_packet+0x4b0/0x4b0 [ 502.598411] ? netlink_has_listeners+0x20a/0x330 [ 502.598428] kobject_uevent_env+0x781/0xc23 [ 502.598449] kobject_uevent+0x20/0x26 [ 502.598461] lo_ioctl+0x11e7/0x1ce0 [ 502.598475] ? loop_probe+0x160/0x160 03:38:09 executing program 5: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r1 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = dup3(r0, r1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) openat$btrfs_control(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/btrfs-control\x00', 0x0, 0x0) r3 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000180)='IPVS\x00') sendmsg$IPVS_CMD_NEW_DAEMON(r2, &(0x7f0000000380)={&(0x7f0000000140), 0xc, &(0x7f0000000340)={&(0x7f00000002c0)={0x4c, r3, 0x820, 0x70bd29, 0x25dfdbfe, {}, [@IPVS_CMD_ATTR_SERVICE={0x14, 0x1, [@IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x5c}, @IPVS_SVC_ATTR_PORT={0x8, 0x4, 0x4e24}]}, @IPVS_CMD_ATTR_DAEMON={0x1c, 0x3, [@IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @dev={0xac, 0x14, 0x14, 0x1e}}, @IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x8, 0x4, 0x520}, @IPVS_DAEMON_ATTR_MCAST_PORT={0x8, 0x7, 0x4e21}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x4}]}, 0x4c}, 0x1, 0x0, 0x0, 0x80}, 0x4000010) r4 = add_key$user(&(0x7f0000000280)='user\x00', &(0x7f0000000000)={'syz'}, &(0x7f0000000240)='X', 0x1, 0xfffffffffffffffe) prlimit64(0x0, 0x0, 0x0, &(0x7f0000000100)) r5 = add_key$user(&(0x7f0000000200)='user\x00', &(0x7f00000005c0)={'syz'}, &(0x7f00000000c0), 0x390, 0xfffffffffffffffd) keyctl$dh_compute(0x17, &(0x7f0000000080)={r4, r5, r5}, 0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000040)={'crct10dif\x00'}}) 03:38:09 executing program 0: socketpair$unix(0x1, 0x40000000005, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) keyctl$setperm(0x5, 0x0, 0x3080004) rmdir(&(0x7f00000004c0)='./bus\x00') ioctl(r1, 0x100, &(0x7f0000000880)="5c010000000000000600006b35d4c055b3d9a5fb292ea1edfcc8b3f73b1474c1697e26d9edf847d512567974d58ffd7ed4d1ecbfa26461b48795537fdca4bc32184c8d09b14d5c6bf5e59638ec3908eff095c6557c321300f7") r2 = creat(&(0x7f0000000600)='./bus\x00', 0x200000000020008) rmdir(&(0x7f0000000000)='./bus\x00') fallocate(r2, 0x10028, 0x5, 0x8c) r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='uid_map\x00') ioctl$EVIOCGKEYCODE_V2(r3, 0x80284504, &(0x7f0000000780)=""/145) write$binfmt_elf64(0xffffffffffffffff, &(0x7f00000005c0)=ANY=[@ANYPTR, @ANYRESDEC=r0], 0x18) ioctl$PIO_UNISCRNMAP(0xffffffffffffffff, 0x4b6a, &(0x7f0000000440)) r4 = socket$inet6(0xa, 0xa, 0x0) socket$nl_route(0x10, 0x3, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x10, 0xffffffffffffffff, 0x0) getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, &(0x7f0000000680)={{{@in=@broadcast, @in6=@mcast1}}, {{@in=@broadcast}}}, &(0x7f0000000640)=0xe8) recvfrom$unix(r1, &(0x7f0000000040)=""/42, 0x2a, 0x3, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, 0x0) ioctl$RNDADDTOENTCNT(0xffffffffffffffff, 0x40045201, 0x0) close(r0) getsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, 0x0, 0x0) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0xcf, 0x0, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r4, 0x29, 0x20, &(0x7f0000000080)={@remote, 0x0, 0x1000000000000, 0x102, 0x1, 0x0, 0x6, 0x1}, 0x20) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r4, 0x29, 0x20, &(0x7f0000000180)={@mcast1, 0x400, 0x0, 0x1, 0x3, 0x9}, 0x20) ioctl$TIOCLINUX5(r2, 0x541c, &(0x7f0000000400)={0x5, 0x0, 0x6, 0x7}) connect$inet6(r4, &(0x7f0000000500)={0xa, 0x0, 0x4bd5, @loopback, 0x2}, 0x17f) r5 = syz_open_procfs(0x0, &(0x7f0000000340)='net/ip6_flowlabel\x00n\xc01\x14\x894X\xed\xc1\xc9\xd8\xdcK\r\x8d\xae\x98&@\xd0\xe6\xbbQ\xd7\xffYn\x1c\x92\xde\x0e\xaa1\x91\x98\xe9\x1f\nMCi|+\xcdw\xf0\x176Z\xf1`\xac\xf3;\xd6d2\xeb\xe5\f\x0e\x8b\xda\xf7\xfc9\xfe\xff4\xef\'\xa19q\x93\"\x7fG3\xc1E\xe6e6\xc6\xc2u\x11% \xe7+0\x97\x84;\\\xda\xc4\x80\xc3\xb18N\xbfY%\x05\xf8\x85\x89\xfc\xd2\xd7') connect$inet6(r2, &(0x7f0000000100)={0xa, 0x4e21, 0x5, @loopback, 0x401}, 0x1c) keyctl$search(0xa, 0x0, &(0x7f00000000c0)='trusted\x00', &(0x7f0000000240)={'syz', 0x0}, 0x0) sendfile(r5, r5, &(0x7f00000002c0)=0x202, 0xdd) [ 502.598486] blkdev_ioctl+0x96b/0x1860 [ 502.610528] sg_write: data in/out 167162/24 bytes for SCSI command 0xff-- guessing data in; [ 502.610528] program syz-executor.1 not setting count and/or reply_len properly [ 502.611333] ? blkpg_ioctl+0x980/0x980 [ 502.611353] ? __might_sleep+0x93/0xb0 [ 502.611363] ? __fget+0x210/0x370 [ 502.611376] block_ioctl+0xde/0x120 [ 502.611387] ? blkdev_fallocate+0x3b0/0x3b0 [ 502.657830] do_vfs_ioctl+0x7ae/0x1060 [ 502.661725] ? selinux_file_mprotect+0x5d0/0x5d0 [ 502.666488] ? lock_downgrade+0x6e0/0x6e0 [ 502.670645] ? ioctl_preallocate+0x1c0/0x1c0 [ 502.675063] ? __fget+0x237/0x370 [ 502.678525] ? security_file_ioctl+0x89/0xb0 [ 502.682958] SyS_ioctl+0x8f/0xc0 [ 502.686317] ? do_vfs_ioctl+0x1060/0x1060 [ 502.690461] do_syscall_64+0x1e8/0x640 [ 502.694342] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 502.699187] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 502.704453] RIP: 0033:0x459697 [ 502.707642] RSP: 002b:00007f4eb8d06a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 03:38:09 executing program 3: r0 = socket$inet6(0xa, 0x5, 0x0) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast2, 0x6}, 0x1c) setsockopt$inet6_group_source_req(r0, 0x29, 0x2f, &(0x7f0000000300)={0x9, {{0xa, 0x4e20, 0x61f4658f, @loopback, 0x2}}, {{0xa, 0x4e21, 0xb4c, @remote, 0x7}}}, 0x104) bind(r0, &(0x7f00000001c0)=@sco={0x1f, {0x1, 0x10000, 0x4, 0x24000000000000, 0x1f, 0x2be}}, 0x80) r1 = socket$inet_udplite(0x2, 0x2, 0x88) connect$inet(r1, 0x0, 0x0) ioctl(0xffffffffffffffff, 0x0, 0x0) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) write$binfmt_elf64(0xffffffffffffffff, 0x0, 0x0) socket$netlink(0x10, 0x3, 0x8000000) syz_genetlink_get_family_id$ipvs(0x0) sendmsg$IPVS_CMD_GET_SERVICE(0xffffffffffffffff, 0x0, 0x0) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(0xffffffffffffffff, 0x6, 0x14, 0x0, 0xfffffffffffffebe) socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCADDRT(0xffffffffffffffff, 0x890b, 0x0) setsockopt$IP_VS_SO_SET_FLUSH(0xffffffffffffffff, 0x0, 0x485, 0x0, 0x0) setsockopt$inet6_tcp_TLS_TX(0xffffffffffffffff, 0x6, 0x1, 0x0, 0xfffffffffffffe03) r2 = socket$inet_tcp(0x2, 0x1, 0x0) getsockopt$EBT_SO_GET_ENTRIES(0xffffffffffffffff, 0x0, 0x81, 0x0, 0x0) setsockopt$inet_tcp_int(r2, 0x6, 0x10000000013, &(0x7f0000000100)=0x1, 0xbf) ioctl$sock_inet_SIOCGIFBRDADDR(0xffffffffffffffff, 0x8919, 0x0) connect$inet(0xffffffffffffffff, 0x0, 0x9fc1) ioctl(0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) connect$inet(0xffffffffffffffff, 0x0, 0x0) bind$inet(r2, &(0x7f0000738ff0)={0x2, 0x4e21, @multicast1}, 0x10) connect$inet(r2, &(0x7f0000000180)={0x2, 0x4e21}, 0x10) setsockopt$inet_tcp_int(r2, 0x6, 0xa, &(0x7f00000000c0)=0xffffffffffffffff, 0x4) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r2, 0x6, 0x1d, &(0x7f0000000700)={0xffffffffffffffff, 0x40000007fff, 0x80000001}, 0x14) shutdown(r2, 0x1) [ 502.715432] RAX: ffffffffffffffda RBX: 0000000020000228 RCX: 0000000000459697 [ 502.722699] RDX: 0000000000000006 RSI: 0000000000004c00 RDI: 0000000000000007 [ 502.729969] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 502.737252] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000006 [ 502.744521] R13: 00000000004c88e2 R14: 00000000004df6b0 R15: 0000000000000005 03:38:09 executing program 1: socketpair(0x8, 0x1, 0x3, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_bt_hidp_HIDPCONNDEL(r0, 0x400448c9, &(0x7f00000000c0)={{0x6, 0x9c39, 0x8000, 0xbeb5, 0x6, 0x334}, 0x2}) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") r2 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x8046) write(r2, &(0x7f0000000100)="b63db85e1e8d020000000000003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1acfbd6cbf87798a9b02de7a91a3cbdfa009cf75a7eadb2a00", 0x48) readv(r2, &(0x7f000085dff0)=[{&(0x7f0000000000)=""/62, 0x3e}], 0x1) [ 502.775604] sg_write: data in/out 167162/24 bytes for SCSI command 0xff-- guessing data in; [ 502.775604] program syz-executor.1 not setting count and/or reply_len properly 03:38:09 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) mlock2(&(0x7f0000fed000/0x1000)=nil, 0x1000, 0x1) socketpair$unix(0x1, 0x1000000000005, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe6000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) pipe2(&(0x7f0000000000)={0xffffffffffffffff}, 0x80000) ioctl$VIDIOC_ENUM_FREQ_BANDS(r4, 0xc0405665, &(0x7f0000000040)={0x7ff, 0x0, 0x8, 0x25, 0x20, 0x1000}) r5 = dup3(r0, r1, 0x0) ioctl$sock_inet_tcp_SIOCOUTQNSD(r5, 0x894b, &(0x7f0000000080)) dup2(r1, r3) [ 502.910866] sg_write: data in/out 167162/24 bytes for SCSI command 0xff-- guessing data in; [ 502.910866] program syz-executor.1 not setting count and/or reply_len properly [ 503.920142] net_ratelimit: 16 callbacks suppressed [ 503.920148] protocol 88fb is buggy, dev hsr_slave_0 [ 503.920185] protocol 88fb is buggy, dev hsr_slave_1 [ 503.925200] protocol 88fb is buggy, dev hsr_slave_1 [ 503.940420] protocol 88fb is buggy, dev hsr_slave_0 [ 503.945487] protocol 88fb is buggy, dev hsr_slave_1 [ 504.160213] protocol 88fb is buggy, dev hsr_slave_1 [ 504.480132] protocol 88fb is buggy, dev hsr_slave_0 [ 504.485229] protocol 88fb is buggy, dev hsr_slave_1 03:38:11 executing program 2: socketpair$unix(0x1, 0x0, 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="2001000010db55000000000000649bdb382db60cdb35feaf0900000000000000000000000000201483d9b22701010000d08a38cd02fa9ed7d2"], 0x1}}, 0x0) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x38) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, 0x0, 0x0, 0x0) 03:38:11 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x4) getsockopt$ARPT_SO_GET_INFO(0xffffffffffffffff, 0x0, 0x60, 0x0, &(0x7f0000000640)) ioctl$sock_inet_SIOCSIFPFLAGS(0xffffffffffffffff, 0x8934, 0x0) getsockopt$packet_buf(0xffffffffffffffff, 0x107, 0x2, 0x0, &(0x7f0000000b80)) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x3000000a0160101, 0x0, 0x0, 0x0, 0x0) mkdir(&(0x7f00000000c0)='./file1\x00', 0x0) r1 = openat$full(0xffffffffffffff9c, &(0x7f0000000080)='/dev/full\x00', 0x0, 0x0) getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f0000000780)={{{@in6=@dev, @in=@dev}}, {{@in=@initdev}, 0x0, @in6=@dev}}, &(0x7f0000000880)=0xe8) poll(0x0, 0x0, 0xffffffff) rename(&(0x7f0000000300)='./file1\x00', &(0x7f0000000040)='./file0\x00') getsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x23, &(0x7f0000000100)={{{@in6=@mcast1, @in=@remote}}, {{@in=@remote}}}, &(0x7f0000000200)=0xe8) writev(r0, &(0x7f0000000000)=[{&(0x7f0000000240)="39000000130009006900000000000000ab0080482600000046000107000000141900010010000000000003f5000000000000ef38bf461e59d7", 0x39}], 0x1) signalfd4(r0, &(0x7f0000000040)={0x9}, 0x8, 0x80000) 03:38:11 executing program 4 (fault-call:1 fault-nth:33): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f0000000380)="8da4363ac0ed0000000000000000004d01000000000000000000000000000013fff6f2a2299748aeb81e1b00920efd9a000001000000000001000000000000005f42485266535f4d860c1317278d451fd38e4071a1e91c0523b67fecca5b668ef40000000000000000e4bd9fa7c5fcb3aefd8d4a6c4952162a5a06316567de06abe647d21f253840c118ae9982c6c238e719ccfbd8f5ee215e30bf31f59401e921c6a9fca5349ebf4294d39b5931232929caf81701a7540962141efc672ae1459ef04de89c7a092e7f", 0xc9, 0x10000}], 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) 03:38:11 executing program 3: rt_sigprocmask(0x0, &(0x7f0000000140)={0xfffffffffffffffa}, 0x0, 0x8) r0 = gettid() timer_create(0x9, &(0x7f0000001440)={0x0, 0x30, 0x4, @tid=r0}, &(0x7f0000001480)) clock_gettime(0x0, &(0x7f00000000c0)={0x0, 0x0}) timer_settime(0x0, 0x0, &(0x7f0000000300)={{0x0, r1+10000000}, {0x0, 0xe4c}}, 0x0) r2 = signalfd4(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffdb0}, 0x8, 0x0) r3 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000280)='/dev/sequencer2\x00', 0x2, 0x0) ioctl$VIDIOC_G_SELECTION(r3, 0xc040565e, &(0x7f00000002c0)={0xf, 0x2, 0x4, {0xb1d, 0x3, 0x3, 0x100000001}}) read(r2, &(0x7f0000000040)=""/128, 0x80) r4 = syz_genetlink_get_family_id$tipc(&(0x7f0000000380)='TIPC\x00') sendmsg$TIPC_CMD_GET_MEDIA_NAMES(r3, &(0x7f0000000440)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000400)={&(0x7f00000003c0)={0x1c, r4, 0x704, 0x70bd2d, 0x25dfdbfb, {}, ["", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x4001}, 0x800) r5 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000100)='/proc/capi/capi20ncci\x00', 0x40080, 0x0) ioctl$KDSKBSENT(r5, 0x4b49, &(0x7f0000000180)="cfaecb58ff8bb0da10712074981f9d5b4865c6e47ff60748dc9df00ffa0ba5322ff954794d63cc76116f04bbfa3da70aa698abc9935a79615ae7f7227a0d0a937a50c51fdf8a96f9ab6779e08ee087ca12c0d4ec86e583f4707559e3d643fb2de0c95450ea80514d89ab385c6a52377b7e158b83b641f6988e27f4d7f19eb66920156478ece4a6a52d371eb7413909217e736fb7e447e8f6f72f07b9600542bb436bc12f027573b187b904d048182ec219c75d8e6ac180cc1337fbd4ac80b504921f7d52772704be0addddd3690a3c") 03:38:11 executing program 0: r0 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000180)='TIPCv2\x00') sendmsg$TIPC_NL_NODE_GET(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x90, r0, 0x20, 0x0, 0x25dfdbfd, {}, [@TIPC_NLA_BEARER={0x7c, 0x1, [@TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e24, 0x30, @rand_addr="1481e5d98398fa56bff859f94ff63a3e", 0x92d9}}, {0x20, 0x2, @in6={0xa, 0x0, 0x2, @dev={0xfe, 0x80, [], 0x2a}, 0x2}}}}, @TIPC_NLA_BEARER_NAME={0x10, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_NAME={0x10, 0x1, @l2={'eth', 0x3a, 'bridge0\x00'}}, @TIPC_NLA_BEARER_PROP={0x14, 0x2, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x18}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x1}]}]}]}, 0x90}, 0x1, 0x0, 0x0, 0x80}, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r1, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r1, 0x0, 0x0, 0x200007fa, &(0x7f0000000140)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendmsg$rds(0xffffffffffffffff, 0x0, 0x0) setsockopt$CAIFSO_REQ_PARAM(0xffffffffffffffff, 0x116, 0x80, &(0x7f0000000380)="9014f6734664966690051d384ca1bb8d64f55a8383177b180d06d87a049257abc52e1eaf7393693b0883924c22b243b30cf8a04bff7ddf3ea3721f063c83392bb39d638f76e608c75381f386b97e45b8cfc68558e428fa6e3768d06eef230d4c69fe23f55c2420952c52f5b2c49d463a905f904084ad649ab5a954d9631bb1aa1e0f94bf519689d7449f1e6ee3d2eddb43a7f2f27ded0b728e222d07364d552184e4e44b", 0xa4) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000200)='sit0\x00', 0x10) r2 = syz_open_dev$loop(&(0x7f00000001c0)='/dev/loop#\x00', 0x0, 0x105084) r3 = memfd_create(&(0x7f00000000c0)='\x00\x00\x00\x00\x8c\x00'/15, 0x0) pwritev(r3, &(0x7f0000f50f90)=[{&(0x7f0000000100)="a8", 0x1}], 0x1, 0x81003) ioctl$LOOP_CHANGE_FD(r2, 0x4c00, r3) socket$bt_bnep(0x1f, 0x3, 0x4) sendfile(r1, r2, 0x0, 0x102000002) 03:38:11 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") r1 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ubi_ctrl\x00', 0xa4401, 0x0) r2 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000180)='IPVS\x00') sendmsg$IPVS_CMD_NEW_DAEMON(r1, &(0x7f0000000240)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x24, r2, 0x102, 0x70bd2c, 0x25dfdbfe, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x2}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x3}]}, 0x24}, 0x1, 0x0, 0x0, 0x20000000}, 0x800) r3 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x8046) write(r3, &(0x7f0000000100)="b63db85e1e8d020000000000003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1acfbd6cbf87798a9b02de7a91a3cbdfa009cf75a7eadb2a00", 0x48) readv(r3, &(0x7f000085dff0)=[{&(0x7f0000000000)=""/62, 0x3e}], 0x1) [ 505.594307] kauditd_printk_skb: 22 callbacks suppressed [ 505.594315] audit: type=1400 audit(2000000291.989:2244): avc: denied { map } for pid=18491 comm="blkid" path="/sbin/blkid" dev="sda1" ino=16128 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=0 [ 505.601001] sg_write: data in/out 167162/24 bytes for SCSI command 0xff-- guessing data in; [ 505.601001] program syz-executor.1 not setting count and/or reply_len properly [ 505.671148] FAULT_INJECTION: forcing a failure. [ 505.671148] name failslab, interval 1, probability 0, space 0, times 0 [ 505.700325] CPU: 1 PID: 18500 Comm: syz-executor.4 Not tainted 4.14.134 #30 [ 505.707477] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 505.709404] audit: type=1400 audit(2000000291.989:2246): avc: denied { create } for pid=18490 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=0 [ 505.716833] Call Trace: [ 505.716855] dump_stack+0x138/0x19c [ 505.716874] should_fail.cold+0x10f/0x159 [ 505.716891] should_failslab+0xdb/0x130 [ 505.716910] kmem_cache_alloc_node+0x287/0x780 [ 505.716931] __alloc_skb+0x9c/0x500 03:38:12 executing program 5: mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x0, 0x31, 0xffffffffffffffff, 0x0) r0 = socket$rds(0x15, 0x5, 0x0) setsockopt$SO_RDS_TRANSPORT(r0, 0x114, 0x1d, &(0x7f0000000000), 0x4) r1 = syz_open_dev$vbi(&(0x7f0000002980)='/dev/vbi#\x00', 0x0, 0x2) r2 = syz_genetlink_get_family_id$ipvs(&(0x7f0000002a00)='IPVS\x00') sendmsg$IPVS_CMD_ZERO(r1, &(0x7f0000002bc0)={&(0x7f00000029c0)={0x10, 0x0, 0x0, 0x3200}, 0xc, &(0x7f0000002b80)={&(0x7f0000002a40)={0x108, r2, 0x12, 0x70bd25, 0x25dfdbfc, {}, [@IPVS_CMD_ATTR_DEST={0x14, 0x2, [@IPVS_DEST_ATTR_TUN_TYPE={0x8, 0xd, 0x1}, @IPVS_DEST_ATTR_U_THRESH={0x8}]}, @IPVS_CMD_ATTR_DAEMON={0x24, 0x3, [@IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @local}, @IPVS_DAEMON_ATTR_MCAST_PORT={0x8, 0x7, 0x4e24}, @IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @rand_addr=0x3}, @IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @broadcast}]}, @IPVS_CMD_ATTR_SERVICE={0x30, 0x1, [@IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x1, 0x1}}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x3b}, @IPVS_SVC_ATTR_AF={0x8, 0x1, 0x2}, @IPVS_SVC_ATTR_PORT={0x8, 0x4, 0x4e20}, @IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0x5d}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x80}, @IPVS_CMD_ATTR_DAEMON={0x54, 0x3, [@IPVS_DAEMON_ATTR_SYNC_ID={0x8}, @IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @loopback}, @IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'sit0\x00'}, @IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x8, 0x4, 0x9}, @IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x8, 0x4, 0x120000000000}, @IPVS_DAEMON_ATTR_MCAST_PORT={0x8, 0x7, 0x4e20}, @IPVS_DAEMON_ATTR_MCAST_PORT={0x8, 0x7, 0x4e24}]}, @IPVS_CMD_ATTR_SERVICE={0x14, 0x1, [@IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0xe}, @IPVS_SVC_ATTR_PROTOCOL={0x8, 0x2, 0x2e}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x7fff}, @IPVS_CMD_ATTR_DEST={0x14, 0x2, [@IPVS_DEST_ATTR_ACTIVE_CONNS={0x8, 0x7, 0x3}, @IPVS_DEST_ATTR_TUN_PORT={0x8, 0xe, 0x4e24}]}]}, 0x108}, 0x1, 0x0, 0x0, 0x40000}, 0x4) [ 505.741274] audit: type=1400 audit(2000000291.989:2245): avc: denied { create } for pid=18492 comm="syz-executor.1" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=0 [ 505.743633] ? skb_scrub_packet+0x4b0/0x4b0 [ 505.743646] ? netlink_has_listeners+0x20a/0x330 [ 505.743661] kobject_uevent_env+0x781/0xc23 [ 505.743680] kobject_uevent+0x20/0x26 [ 505.747407] audit: type=1400 audit(2000000292.029:2247): avc: denied { wake_alarm } for pid=18489 comm="syz-executor.3" capability=35 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=capability2 permissive=0 [ 505.751429] lo_ioctl+0x11e7/0x1ce0 [ 505.751446] ? loop_probe+0x160/0x160 [ 505.751458] blkdev_ioctl+0x96b/0x1860 [ 505.751467] ? blkpg_ioctl+0x980/0x980 [ 505.751483] ? __might_sleep+0x93/0xb0 [ 505.751492] ? __fget+0x210/0x370 [ 505.751508] block_ioctl+0xde/0x120 03:38:12 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x100000890f, &(0x7f00000000c0)="11dca50d5e0bcfe47bf070") r1 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x8046) syz_open_dev$admmidi(&(0x7f0000000080)='/dev/admmidi#\x00', 0x7f, 0x80000) write(r1, &(0x7f0000000100)="b63db85e1e8d020000000000003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1acfbd6cbf87798a9b02de7a91a3cbdfa009cf75a7eadb2a00", 0x48) readv(r1, &(0x7f000085dff0)=[{&(0x7f0000000000)=""/62, 0x3e}], 0x1) [ 505.758937] audit: type=1400 audit(2000000292.089:2248): avc: denied { create } for pid=18490 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=0 [ 505.760039] ? blkdev_fallocate+0x3b0/0x3b0 [ 505.760052] do_vfs_ioctl+0x7ae/0x1060 [ 505.760064] ? selinux_file_mprotect+0x5d0/0x5d0 [ 505.760074] ? lock_downgrade+0x6e0/0x6e0 [ 505.760085] ? ioctl_preallocate+0x1c0/0x1c0 [ 505.760097] ? __fget+0x237/0x370 03:38:12 executing program 5: r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vcs\x00', 0x280001, 0x0) getsockopt$bt_rfcomm_RFCOMM_LM(r0, 0x12, 0x3, &(0x7f0000000080), &(0x7f0000000100)=0x77e167c8) r1 = syz_open_dev$sndtimer(&(0x7f00000000c0)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r1, 0x40345410, &(0x7f0000000040)={{0x3}}) ioctl$SNDRV_TIMER_IOCTL_STOP(r1, 0x80e85411) [ 505.780393] audit: type=1400 audit(2000000292.089:2249): avc: denied { map } for pid=18505 comm="blkid" path="/sbin/blkid" dev="sda1" ino=16128 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=0 [ 505.787862] ? security_file_ioctl+0x89/0xb0 [ 505.787878] SyS_ioctl+0x8f/0xc0 [ 505.787888] ? do_vfs_ioctl+0x1060/0x1060 [ 505.787905] do_syscall_64+0x1e8/0x640 [ 505.797298] audit: type=1400 audit(2000000292.099:2250): avc: denied { create } for pid=18489 comm="syz-executor.3" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=0 03:38:12 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") r1 = socket$inet(0x10, 0x3, 0x0) getsockopt$inet_buf(r0, 0x0, 0x29, &(0x7f0000000100)=""/37, &(0x7f0000000140)=0x25) sendmsg(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000080)="24000000180007041dfffd946f6105000a00000a1f000007002808000800080004001000280000001100ffffba16a0aa1c0900000000000012000000000000eff24d8238cfa47e23f7efbf54", 0x4c}], 0x1}, 0x0) r2 = getpid() r3 = getpid() kcmp$KCMP_EPOLL_TFD(r2, r3, 0x7, r0, &(0x7f0000000000)={r0, r1, 0xfffffffffffffffd}) r4 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000180)='/dev/sequencer\x00', 0x2000, 0x0) ioctl$BLKBSZSET(r4, 0x40081271, &(0x7f00000001c0)=0x33305099) 03:38:12 executing program 0: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) chroot(&(0x7f00000000c0)='./file0/../file0\x00') chdir(&(0x7f0000000200)='./file0\x00') mkdir(&(0x7f0000000040)='./file0\x00', 0x1c) mount(0x0, &(0x7f0000000080)='./file0/../file0\x00', &(0x7f0000000380)='sysfs\x00*\x86OK\xc0\v\xce\x1b\xdb cr\x13\xb1\xe8\x94\xd1 q_\x9d\xc1\x12[\x04,r&\xeb\x016\xd9bN\xa1\xd23t\xa6`\xfeZ\xc1sr/\xd3g\xad\"\xe8U0%\xa2\xe8\xbe\v\xc5QCy\xafr\x13\xd3+\x8d]\x06\xdc\x8f\xbf,\x84\x9e\xd9\xcd\xef\xc7K\x03\xdf\xa9\xcbZ\x90\xb2\x8bK$\xd7\x86,=f\xfc\xa51g\xd5BB5CZ=\xbbv\xbc}0x0}, &(0x7f0000000400)=0xc) connect$can_bcm(r3, &(0x7f0000000440)={0x1d, r4}, 0x10) getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r2, 0x84, 0x7b, &(0x7f0000000080)={0x0, 0x7f}, &(0x7f0000000500)=0x8) getsockopt$inet_sctp_SCTP_CONTEXT(r3, 0x84, 0x11, &(0x7f0000000540)={r5, 0x16}, &(0x7f0000000580)=0x8) openat$selinux_context(0xffffffffffffff9c, &(0x7f0000000480)='/selinux/context\x00', 0x2, 0x0) signalfd(r3, &(0x7f00000004c0)={0x200009}, 0xffffffffffffff4d) ioctl$LOOP_SET_STATUS(r2, 0x4c02, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x9, 0x3, 0x16, 0x8, "734d044a85eb9be9657f849e4888e09ccf7834eaee2af978387337f1560eec9734b2ff5954c29ef8ebecfd5f5eb9d1002a84b8351e2aa55db07465b00eab627e", "6dde4927b59ab55dcd4d1378eb115fd93ee568ab3d30024bc2488a18b58bca76", [0x80]}) connect$llc(r2, &(0x7f0000000180)={0x1a, 0x2, 0x200000000800, 0xffffffffffffffc0, 0x6, 0x3, @remote}, 0x3a4) [ 505.840432] program syz-executor.1 not setting count and/or reply_len properly [ 505.853826] audit: type=1400 audit(2000000292.239:2252): avc: denied { create } for pid=18492 comm="syz-executor.1" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=0 [ 505.902449] audit: type=1400 audit(2000000292.259:2253): avc: denied { create } for pid=18512 comm="syz-executor.5" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=0 [ 505.920300] sg_write: data in/out 167162/24 bytes for SCSI command 0xff-- guessing data in; [ 505.920300] program syz-executor.1 not setting count and/or reply_len properly [ 506.007073] protocol 88fb is buggy, dev hsr_slave_0 [ 506.007127] protocol 88fb is buggy, dev hsr_slave_1 [ 506.044136] nla_parse: 36 callbacks suppressed [ 506.044151] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.5'. [ 506.092491] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.5'. [ 506.188299] sg_write: data in/out 167162/24 bytes for SCSI command 0xff-- guessing data in; [ 506.188299] program syz-executor.1 not setting count and/or reply_len properly 03:38:15 executing program 2: socketpair$unix(0x1, 0x0, 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="2001000010db55000000000000649bdb382db60cdb35feaf0900000000000000000000000000201483d9b22701010000d08a38cd02fa9ed7d2"], 0x1}}, 0x0) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x38) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, 0x0, 0x0, 0x0) 03:38:15 executing program 0: r0 = timerfd_create(0x0, 0x0) timerfd_settime(r0, 0x1, &(0x7f000000b000)={{0x77359400}, {0x0, 0x989680}}, 0x0) timerfd_settime(r0, 0x0, &(0x7f0000000000)={{0x0, 0x1c9c380}, {0x77359400}}, 0x0) r1 = dup2(r0, r0) ioctl$sock_bt_bnep_BNEPGETCONNLIST(r1, 0x800442d2, &(0x7f00000000c0)={0x1, &(0x7f0000000080)=[{0x0, 0x0, 0x0, @remote}]}) ioctl$KVM_ASSIGN_SET_INTX_MASK(r1, 0x4040aea4, &(0x7f0000000040)={0x9, 0xff, 0x4, 0x1, 0x4}) 03:38:15 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uinput\x00', 0x0, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$sock_inet6_tcp_SIOCOUTQ(r1, 0x5411, &(0x7f0000000000)) setsockopt$inet_sctp6_SCTP_DELAYED_SACK(r1, 0x84, 0x10, &(0x7f0000000100)=@assoc_value={0x0, 0x101}, 0x8) read$eventfd(r1, &(0x7f0000000180), 0x8) r2 = openat$selinux_status(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/status\x00', 0x0, 0x0) getsockopt$inet_IP_XFRM_POLICY(r2, 0x0, 0x11, &(0x7f0000000280)={{{@in6=@dev, @in=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@multicast1}, 0x0, @in6}}, &(0x7f0000000380)=0xe8) lstat(&(0x7f00000003c0)='./file0\x00', &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, 0x0}) mount$9p_unix(&(0x7f0000000080)='\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000240)='9p\x00', 0x2108000, &(0x7f0000000480)={'trans=unix,', {[{@version_u='version=9p2000.u'}, {@mmap='mmap'}, {@uname={'uname', 0x3d, '/selinux/status\x00'}}, {@noextend='noextend'}, {@privport='privport'}], [{@uid_gt={'uid>', r3}}, {@audit='audit'}, {@obj_type={'obj_type'}}, {@fowner_lt={'fowner<', r4}}, {@appraise_type='appraise_type=imasig'}]}}) preadv(r0, &(0x7f0000000700)=[{&(0x7f0000000540)=""/98, 0x62}, {&(0x7f00000005c0)=""/248, 0xf8}, {&(0x7f00000006c0)=""/40, 0x28}], 0x3, 0x0) connect$nfc_llcp(r1, &(0x7f00000001c0)={0x27, 0x1, 0x1, 0x7, 0x200, 0x3, "78d4827222afa1e00297ec5af2b8a3d18f455ce410a86a30e24370f255dbdeba41bf3b17ab8254f40147dd9839430c166d626107d247c71d20650687409f99", 0x27}, 0x60) 03:38:15 executing program 1: socket$inet_udplite(0x2, 0x2, 0x88) r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x8046) r1 = openat$proc_capi20(0xffffffffffffff9c, &(0x7f0000000080)='/proc/capi/capi20\x00', 0x1213483814e5304e, 0x0) ioctl$BLKIOMIN(r1, 0x1278, &(0x7f00000000c0)) write(r0, &(0x7f0000000100)="b63db85e1e8d020000000000003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1acfbd6cbf87798a9b02de7a91a3cbdfa009cf75a7eadb2a00", 0x48) readv(r0, &(0x7f0000000180)=[{&(0x7f00000001c0)=""/62, 0x3e}], 0x273) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000240)={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000000200)={0xffffffffffffffff}, 0x117, 0x1}}, 0x20) write$RDMA_USER_CM_CMD_SET_OPTION(r1, &(0x7f0000000280)={0xe, 0x18, 0xfa00, @id_afonly={&(0x7f0000000000)=0x1, r2, 0x0, 0x2, 0x4}}, 0x20) 03:38:15 executing program 4 (fault-call:1 fault-nth:34): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f0000000380)="8da4363ac0ed0000000000000000004d01000000000000000000000000000013fff6f2a2299748aeb81e1b00920efd9a000001000000000001000000000000005f42485266535f4d860c1317278d451fd38e4071a1e91c0523b67fecca5b668ef40000000000000000e4bd9fa7c5fcb3aefd8d4a6c4952162a5a06316567de06abe647d21f253840c118ae9982c6c238e719ccfbd8f5ee215e30bf31f59401e921c6a9fca5349ebf4294d39b5931232929caf81701a7540962141efc672ae1459ef04de89c7a092e7f", 0xc9, 0x10000}], 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) 03:38:15 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='ramfs\x00', 0x50, 0x0) r0 = creat(&(0x7f0000000040)='./file0/bus\x00', 0x0) fcntl$lock(r0, 0x7, &(0x7f0000027000)={0x1}) r1 = open(&(0x7f0000021000)='./file0\x00', 0x0, 0x0) fchdir(r1) r2 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r2, &(0x7f0000000100)=ANY=[@ANYBLOB="09000000000004000000000000005e614085e773da"], 0x15) sendfile(r2, r2, &(0x7f0000000240), 0x7fff) [ 508.637281] sg_write: data in/out 167162/24 bytes for SCSI command 0xff-- guessing data in; [ 508.637281] program syz-executor.1 not setting count and/or reply_len properly [ 508.658632] FAULT_INJECTION: forcing a failure. [ 508.658632] name failslab, interval 1, probability 0, space 0, times 0 [ 508.679244] CPU: 1 PID: 18550 Comm: syz-executor.4 Not tainted 4.14.134 #30 [ 508.686381] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 508.695737] Call Trace: [ 508.698330] dump_stack+0x138/0x19c [ 508.701959] should_fail.cold+0x10f/0x159 [ 508.706106] should_failslab+0xdb/0x130 [ 508.710079] kmem_cache_alloc_node_trace+0x280/0x770 [ 508.715180] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 508.720631] __kmalloc_node_track_caller+0x3d/0x80 [ 508.725559] __kmalloc_reserve.isra.0+0x40/0xe0 [ 508.730224] __alloc_skb+0xcf/0x500 [ 508.733843] ? skb_scrub_packet+0x4b0/0x4b0 [ 508.738157] ? netlink_has_listeners+0x20a/0x330 [ 508.742910] kobject_uevent_env+0x781/0xc23 [ 508.747232] kobject_uevent+0x20/0x26 [ 508.751023] lo_ioctl+0x11e7/0x1ce0 [ 508.754646] ? loop_probe+0x160/0x160 [ 508.758438] blkdev_ioctl+0x96b/0x1860 [ 508.762320] ? blkpg_ioctl+0x980/0x980 [ 508.766206] ? __might_sleep+0x93/0xb0 [ 508.770085] ? __fget+0x210/0x370 [ 508.773575] block_ioctl+0xde/0x120 [ 508.777212] ? blkdev_fallocate+0x3b0/0x3b0 [ 508.781531] do_vfs_ioctl+0x7ae/0x1060 [ 508.785413] ? selinux_file_mprotect+0x5d0/0x5d0 [ 508.790158] ? lock_downgrade+0x6e0/0x6e0 [ 508.794303] ? ioctl_preallocate+0x1c0/0x1c0 [ 508.798703] ? __fget+0x237/0x370 [ 508.802157] ? security_file_ioctl+0x89/0xb0 [ 508.806562] SyS_ioctl+0x8f/0xc0 [ 508.809917] ? do_vfs_ioctl+0x1060/0x1060 [ 508.814058] do_syscall_64+0x1e8/0x640 [ 508.817934] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 508.822776] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 508.827955] RIP: 0033:0x459697 [ 508.831132] RSP: 002b:00007f4eb8d06a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 508.838833] RAX: ffffffffffffffda RBX: 0000000020000228 RCX: 0000000000459697 [ 508.846095] RDX: 0000000000000006 RSI: 0000000000004c00 RDI: 0000000000000007 [ 508.853365] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 508.860655] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000006 [ 508.867911] R13: 00000000004c88e2 R14: 00000000004df6b0 R15: 0000000000000005 03:38:15 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000bd7000)={&(0x7f0000000180)=ANY=[@ANYBLOB="38010000100013070000000000000000fe8000000000000000000000000000ff000000000000000000b8e26226823d0ff6ab491f00ffffac14ffaa00"/75, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0000000000000000000000000000000000ff000033000000ffffffff0000000000000000000000000000000000000000000000000000000000000000f1ffffffffffffff00000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000480001006d643500000000000000000000000000000000000000002000"/240], 0x138}}, 0x0) pipe2(&(0x7f0000000000)={0xffffffffffffffff}, 0x84000) setsockopt$rose(r1, 0x104, 0x3, &(0x7f0000000040)=0x200, 0x4) ioctl$TCSETXW(0xffffffffffffffff, 0x5435, 0x0) 03:38:15 executing program 0: r0 = syz_init_net_socket$llc(0x1a, 0x1, 0x0) accept4$llc(r0, 0x0, 0x0, 0x0) r1 = openat$null(0xffffffffffffff9c, &(0x7f0000000000)='/dev/null\x00', 0x121040, 0x0) setsockopt$bt_BT_RCVMTU(r1, 0x112, 0xd, &(0x7f0000000040)=0x9, 0x2) syz_mount_image$ntfs(&(0x7f0000000080)='ntfs\x00', &(0x7f00000000c0)='./file0\x00', 0x9, 0x2, &(0x7f0000001180)=[{&(0x7f0000000100)="afe59c37e890fee8dd29e4cfc074243244f1303f55def82709018d57a069de3b5e1322984b788daeb9136e9513f612ccaa85a28ccb0c098a02860d4e8c4a047a24f3858b581d5e48bc34c47645e9c78b40c410972e4eb82f43564409f75b2f04ffa8738c0d9a8e87d31eb6c3dd5b9c283db1a576a9", 0x75, 0x2}, {&(0x7f0000000180)="aca9da0d89ecb7717712fe68e3422f1598d6d1cec97778eb74dd65d0ee6e12b8305d0bbb58629522ef8b142a1d5ab9367150710c23ff53dc152efa6e27747ffa9037dadf5fff9666914a06b88e0840cfe9cbb7ae17677f3ad5fc2ffc6218bfc3d3944ef6797cf90215ada17d32f15e5e0a3688641633adb09e6f9fd92cfbb30b69851e057eb191afa3d53d6681e466e5609fdaedb4f76e728a29f71263dfe4f598403326286c3d0768f69f8bcd4913ca7304d412641f3fb27eade0b90d8250f48191dbfd043e631ef87c8252b7d7c1267444a6e7f987e167438c7d26ffec70e8cfecd7dcd57a867b66ae3c9ddca3b3dae05ceec75a50d9bf7ebb1ba4f52a1962a01bc51cb27a7fe65615c9c1dc86a8f32a46894f931a5633d9f57a3baff3d3a8b6e74f6397c02c0e0c4be2e364054ebc5ccf06eb162e5b52604c6ee8ff649c5bd1e96e6ac04fbf92c90f495c1354df0e64c1172f762554a255568edd42ce6735b35036a65a9d7da5ae3f93cd8826d3f5d3ec9daa08e078c1b6b8870319b9867b3ee1b366c28d2e5e19df9e92bae85483ca2457bbe7046a301484233f082f05bf994f2d8ba63535d42e7f808abb403fce99f0b9656722408e6e59c969ad95a483102f00d95dc0f66c70d7f8c283c3dc42a7a8d69637da18a0e687c6fe61857eabbd55ba56cd95bfcaf841745a50e4bc315df41f1cce05b9db595ed5469f6afb5444bf974cdb7de925370c6ad5b864c02d58b2e76fa254064bf25f9fcb47e9d4343e2fc0ae4319a6ae51383d3770736a19927d728f28a8585b5cc57a2639a90f45188bd405948abb68edeed44106b5277ab76d12ab1b66c5689b80a511a541188cb73fcfa01b2e96cbb453be711f72e3000b841fff1dd288f1821310823b9ade0452dea7f60c9d02674dcae2a55dd2f0f7cbb0eed7661569438d134dc50639e3e5baa503b7ba7e6afb7b1b3db24749ffef8b50fd44f326700bd05d7ce3a37a031262e7e733e26125553b0fd6fc5b0cf4afba9893160d0b7095db0fb125be36ce46c8c6ae5548c98abc7623ee47e3c76bde4a97436e4d3c084af4f054d73a34da5471911a47880b0d22d2f8eaa28fb3356e5918d2fb6c1a2f67d218c57857095842bf33afecae0573fec775b156a209104979e416ba362581e93bce5e3d23e05c39056a5a470aaf24be09986257caed83efa206532e566d493a240993c96c2018c8957c8ac4259a4d1b7e644281984d3542d2418e62bb726170c02e8e6e64f31b99e75be8b7c04ae1953c65f674888a563bd359c9be2468f063b4bcb3e209f92dc1e13a1aaf2626a83253d66f6119e64748a7d2d47adc0f20bf5209f88080af7eb240c2f758e170cb1e4a632b0409776fd7ff0091ef135a23db0ec312f0b5e18732916dff55a43b69897479a16b0d12ba986b1f81955ab2f99e419a62f677e887042d7723eaa4821036ca757b0f18790373452bf6826ac9997b7b9b6297383436459e59f22fbb63879f3fcada483b334b00ea95cae7c6c7a659868d7413dc20b4cd9e333ae350f6ef7a2baf29af21e011ba2e2486284dc38a7d1cdede02c1c641c8af39532eab3f9281468ede4c2d2c4d717b7dec2c182ce5407b1d308a6b6d82737193efd17c6120b3a8fe66fee1ce0cad175aeb106018a53d5ab78c301e97cf6ec6a75e5d49e0d1dd5188fdba983174e52ef3e63616ec8f44b3f9e715a23172ff887673f0a873dad512107b17f263af89375fc2152a6a614e315ae6679ee87bc2b5a7f69e8d16c270a6f0686fc2a5d953e27f44666b0d7ff69dc23fa8a5f1f8743d6ed73c14c4ae75b97e4caa3f76d813552abc1610148ee09446581e8a1c8c665b2c5fd8e48f1fd58a5297bda32de3f1de316fff3b2cf963aff1ef997f097a13c699eb12b050831d7d74d557db48ffff65e1a2881f5840e46a808763e4fb34834b496c0f345ae55d7606816eb5f7359ae08134c049dba7659a0b063555866f0ca42b699b328b2badb62d74d3937cb6fc58884d25f6fe4b5b81073b89df3e08121772a2f5bf85d7aed6bd0f571da28771751ad6b5cb931af5e7e5516adab0fa0961b9b70cd163080da9f57a7f63d874454116d92e620ae49b03a17fdf0a0dfd97e41f17825f0cff9eb328cf6ef1f4234f1b7f651b067d79762c59d37269f066ba8dfd2e6b8c1440d3cd0d23588eed399f4712e9b44b3483007eb1fecc59bd2918d54d839e86dc33d844bf4a6295faf38b66ec1c7332086a2d989d424d9f2b5f755fde87133ba5b66edd505dfdab39a2e533482f45c5aaefc4b7df6a4c40624d2c7689cb460b308e0b59e590a0dde76f7aaf41ccd6d9cdd660f8d89ebaa2ec3cd3f3d2b0f024d07be73075544269a1865aa26f133062d8e5b23a2a4051f4484a552f926c9d1ce678770babb65d6af0f836379e9af0b84a02f48db5bfd11d5f6a36abc94982f45e156084c5317f97272175874ee6cf38b7a4832ad980e6ece64be6d831e8559082bd8d9a69a060ae17ba15f1d02f789a05495a554058ed06c163eaf77addaffbd75acbff2a136ca3ded595ad743344571b58f4ccb422c68a01edc115ba029227260a9611fac9f130084760789762ae08e82a64332a27e84a11bca9325c8aa989f579111e010d05f3787e42f4a445f321bb9c54301cf903eea4aee0540b854309741fa8430389a9c31875a25733a0dc5b99102351b2041abc694dcaa60e1ab065f8a360b3909641e786dd1b0563d2ec1d1d332ad8200ed44ce3b54df38e82c481e6f662260f811c99f347b037d21b8cf55ccbe2f7930e9b599e74437fa3aece4b9ea779fb0e2375c852f94ab7e08a935e9cc4af6c8bfb87060634c6a1f1e9185b64645ab19ead1462a3e2a36e2557df53dbde3f94d5f37f9fb72ad28794c5effd72b42017659776908d33d905ce2fa94216cd41b05195ed1c9de7374f658004a85f2802ea4734869eff462ed8eee8649c0bc20d3890d9d4fe2da02c809019c2ba0886de8d029918dd6e61d82998789126036ba66af17377f559320c3f230fd108628e6961537587f12843f5f23dbfd0788d749e5a42cfe367ed304bf0dad127b98e7254e29b159914b0f5b3b6c2824db9d0253bfef5de356c46fb3df98d760d91d48b107b351eba0eeec9e99622d3476e70aaad42915cc27fe620be39021826bc846724c88733ec82c81923854b7a879c21ffa05299c8c6610525ed1d68d1ae63d983f424c1cd64298d60d735b4214bf141169e84f1efa15cadf81236dbc273c6cb53eaea4b335e7097ed617121847e3a006641d5d736b4d5fac4dea34e50240758775207e2d02c153e136e853535b9bb4ce353db6a2d216deae51e60c14478e75a995c77d8f188ebb94392fcb008b4c80362dc1ee6f09fd9415958530648736980ce6ad17e5d1755cbefe080736766ed60565b1e841aff89dee958aff4d0e6f7822486982433ffebae4ea8e25289da0fe4f3a57f09845fabd0592810416b0b4232e1443d0bfad1adeb89efe13f8098c82d28bb2d74390c5ebccf1df41b66ddbb8e19eeb0cc3b20daf58977f2dadf74c0cca7b9d7cca1f056d092bf329ffce07f3f82b231e8dbaf4c3f202a50ef54eecb97045c1532961948deda5465b778a331e7a33dae060e8994a45d30e45267b8cf91ae4a7ef9e78cfde4da6d051ff0cf1ce1796150f84cfe07cf457bbe2de1afc1cc07e3dd026ad7334a05b45f6e4d901d1fa694f2887e90c54f8e5443b7a09854c69a2d326b58903f168cca26c19f06267c237a41b65d802c0d1a5e2683b08b8a36c27ebc666c7ab53c023f4500770fc6166240a2530ab8fecf0dc14798596df2b9905c1672f8322d8cdbce38fc1543e395c281a7182261ce0ca982c189d3910eaed84c36b082f02be0f7c912f01088fa5796890fa2fc2a34a1b2c15bb3ecde6b302d743080afa20e0b407952c301980332218a55ec66b6a04b844982b4ecb5b0a57b80a80f1e48f6487c1ab7c7fde6c257a87f9133eda40811c8717638ffe714dc94e6ce0ac88d6fb5639733fd79233c37b677d2b2e56955160860b97fa68cf01c82ccfa18bfad032cbd63e48fdc458844c02ba5ab66936494213b6881ba3ed234be2b86e22adb3ebe62c52f062a6763a7b0847965c9c8272d77fdecab3fda068dbdf951776a337bf0ebbdac77a7b8e30188c9618d9382b9c8ab88747ab9335ca96a3eabd07477a2e4ed6d828b1140c78c16083507fae4eb701ed77e41b0dd474571e16798b7fca22764fc8909fc3c12dd19a9ca94c7d7bb1ac0773c7a57fee950b2b50d29a185091efa61b62b9ae3618fb6c69864809b515cb322ccdb9e107cf6d7a094d94c1287fa74958bedc02fe891e9b88ba3e0cb3380375d59385fc513ea13d5f4ca404b61d72ebc8cdc16bb752dca44b3092ba282f82d5571127139f0e3f18e4374a33c3ae8d53bffb56026cc73ceb3b5d6c80bed24570d52397ea8dd8da0d55e3cc4ae723fe886f2e125eb2676716c31946bbf7f9bee471797befaf912f22f7e60f2c6ad029a7c1cdc7a5cbb80ee0df29d767102c06caaeb8e266884eae565cccb64c7ccbe7d0bf6c10bd753033e5cc729613ac7303931242323660661b948748d973afa783b44991e47d7596ac0b397c418e409bd858b7f3a948672d45cd510360e7c14be590678b38a1d154c91540818e2a05417e041fa0f988d9df1eccd389196ad272c2bec1ee11f81a53f777fb9b63b1a1e307d351e5e7fcfddc1de20690e930bac2b494a4e6ac15a1caa742278f0f574ed13998a7078bb81eca3a2fbc562ac39adc2727f1872ab756b126e467aaa2a4387be3257f0ec6b10cc47f376c2d31ebf53693f0fd5501f40ff860c32094ce0cdc03ab05ebff2c839c8ba5c4077fa22db74e232214490bbfb31b089c4e164ca48dcb66254fcc3696b783e4de926b14b799ebf23513ac7d4afad45168a10325fc85beef9e68db000dd0c122ec43ff1059ff82af669374f8b870db7e633ae3d56bf67727528f0d8f84e641764122a02f793d5f47b320227f27788fb9ebd62a3b8c845c046ce8032e7e6c77f8b3c257c908485428563cd0b506019b3fa22d43376821e4503aa2ecfbf66c71720df1771b2de42832c073e1b9a91acf66aa8b430e64f266da385c5a569aaabcf5f824c1a75fe93e87550b60a5c1c11a3693a6045fefd9661e53e5bb782276b43b3021fc7bcb13efb53bd45b01b54a2b5007f19a39f523f8bc798483515332b125c01fd499742a5eef73d3bd5ae3e6693ff0f49a39ca4d4a138a434b6c9abdf223ecd3984a00430b2f162095ce936de47f102bfefbd389ef6cd768ab870b13c4d1a75c6d5e1d1074374ecc7b29c26537e7e6059aab1853be6710d00f649849a00e66494a10403c202ef92046a35b4cf532456afa074fa54419e66c1289076626d616b89c66a8587c3cc3d908c0a3ae906db526686b758b5be73aa87f07256c2d3fb6eaf6c6d71fa598a9cc876a719d087cab8a43055bb9bc70eac41d3a20d6608cb7adfc3adfb0d80731b394fc37ef63c23679a2ebbca15732970604f97f90efe70a2ccf6f2252ac14e04207a382867e3c26cb85be2dbe1bb30711cc480f81580d6698dadaf4b7d89d61503098f32dea035d4f1f2bd85553f7967b5f7569ae2098ec472f5dd4a6746215116df2b35be4d69b97763c827c3630ae24e756db57dd2beb4d5deae11a2dd05a2c6aaf96f38498023c1a7a3a10cb7a233df90eb65e1b0bef65a7b8625686d08b59ebcf17b3523c5c8c85ee9e1ba2556eb556ed6adf21c3d4b07fb1a13ba7893d9", 0x1000, 0x1ff}], 0x1000001, &(0x7f00000011c0)={[{@disable_sparse_no='disable_sparse=no'}, {@nls={'nls', 0x3d, 'iso8859-15'}}, {@case_sensitive_yes='case_sensitive=yes'}, {@show_sys_files_yes='show_sys_files=yes'}, {@nls={'nls', 0x3d, 'iso8859-7'}}], [{@dont_appraise='dont_appraise'}, {@obj_user={'obj_user', 0x3d, '/dev/null\x00'}}, {@mask={'mask', 0x3d, 'MAY_EXEC'}}, {@dont_hash='dont_hash'}]}) [ 508.894162] sg_write: data in/out 167162/24 bytes for SCSI command 0xff-- guessing data in; [ 508.894162] program syz-executor.1 not setting count and/or reply_len properly 03:38:15 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") r1 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x8046) write(r1, &(0x7f0000000100)="b63db85e1e8d020000000000003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1acfbd6cbf87798a9b02de7a91a3cbdfa009cf75a7eadb2a00", 0x48) ioctl$int_in(r1, 0x5452, &(0x7f00000000c0)=0x9c1) readv(r1, &(0x7f000085dff0)=[{&(0x7f0000000000)=""/62, 0x3e}], 0x1) r2 = syz_open_dev$usbmon(&(0x7f0000000080)='/dev/usbmon#\x00', 0x2, 0x20000) ioctl$RNDADDENTROPY(r2, 0x40085203, &(0x7f0000000180)={0x5, 0xde, "16840258e925adf7e4ecba5779c3bb67edc46a2aa1c425453cdc103ede09fad8afdf5082d7fdcfe2aa339920e3d49653754a59ce5482c61dcd2fee8380589b6016a3cccc8cb768a8ab198ee1b73aaaaccb56fd25baf09045e6971378334a8344656a72d82b602d1ce657ba879e90630ebbeeeb39e140b8f495fd09b54145b0e807be342398ecd521f1a3f9052ef56bda3c495a134e7c230a3322d90641daea54b664153d4fccc0ae5f757a7100f357224638d9ebdb738d7555ae76799dc29b6b1e458c6de38c83d651d52ed66ad9eed6cb5244e9fd6ec7cf10c7a4a79a0a"}) 03:38:15 executing program 4 (fault-call:1 fault-nth:35): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f0000000380)="8da4363ac0ed0000000000000000004d01000000000000000000000000000013fff6f2a2299748aeb81e1b00920efd9a000001000000000001000000000000005f42485266535f4d860c1317278d451fd38e4071a1e91c0523b67fecca5b668ef40000000000000000e4bd9fa7c5fcb3aefd8d4a6c4952162a5a06316567de06abe647d21f253840c118ae9982c6c238e719ccfbd8f5ee215e30bf31f59401e921c6a9fca5349ebf4294d39b5931232929caf81701a7540962141efc672ae1459ef04de89c7a092e7f", 0xc9, 0x10000}], 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) 03:38:15 executing program 0: pwritev(0xffffffffffffffff, 0x0, 0x0, 0x0) connect$ax25(0xffffffffffffffff, &(0x7f00000002c0)={{0x3, @default}, [@default, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @default, @netrom, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @default, @bcast]}, 0x48) r0 = openat$selinux_avc_cache_threshold(0xffffffffffffff9c, &(0x7f0000000ac0)='/selinux/avc/cache_threshold\x00', 0x2, 0x0) r1 = syz_open_dev$cec(&(0x7f0000000b00)='/dev/cec#\x00', 0x3, 0x2) ioctl$TUNSETSTEERINGEBPF(r1, 0x800454e0, 0x0) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) accept4$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @dev}, &(0x7f0000000100)=0x1c, 0x800) syz_mount_image$bfs(&(0x7f0000000080)='bfs\x00', &(0x7f0000000340)='./file0\x00', 0x20000000000000, 0xa, &(0x7f00000009c0)=[{&(0x7f00000003c0)="d3334b2a0805c62d1e988bf3bb544ef44e", 0x11, 0x7}, {&(0x7f0000000440)="e42bb3400d9ad6f77cb0afb1ac092045d64279116b2d6b7cd4dfe0004088c3dadd6a39245e0ec36f8cb7562def80288a9a74fcd5b8200f9bbb6cb33a013d2281ee67f1516dcb8f2f71", 0x49, 0xfffffffffffffffe}, {&(0x7f0000000500)="70f373ac4d857d0899", 0x9, 0x1ffe000000000000}, {&(0x7f0000000540)="16204f936aca0f6b7e51d8577430ee9c69764dd7dcdd2582944a7d6d59e9489003f5de", 0x23, 0xf7f}, {&(0x7f0000000580)="205ac6a0123c6c6868d09e73f1fe4c68631a94ab8760483fa4b5f4e41ffc3ac433b80987ef1d919e47148bd6eebf477fba960ae86d710b8bb7bd95cb7824c5f5f16096f3b929a242971280f30d9b4bb109efd7d20286e5aa75955f548b49962f96196c4f7dbb3a63aaad9769704ff3891d12b68791df80585c1f91d8d4e0cf9b8369ff80445de8ee067284a877d0b244b4746bf5ca34f37cf8b1870b40670a3326d5ec6dba04432ec4bd35bafb084d486f0a562b3c49eb7feaaa7725a5bcb0aa3206c4973bf07e090b2266aeee10e5fc951d35fb51a5f840c26e7b3bdd07e4620ff7c254883d141362df8f41e7df8507c0ae78737f7956", 0xf7, 0x1}, {&(0x7f0000000680)="702ade3f870a6aabd55f28b15b87a531fe774187a1e8f1291b979d261d072c69621590267d9e8dd5d6b5f52287b299f4dae9d5d6960f2ab5c78a0e", 0x3b, 0x8000}, {&(0x7f00000006c0)="4eac1b4c01f7f0986e53c2d39f4b1a59ce9ea958e594bdcc3646bbd6fa3592c3142dbe58f5bc5868b29ca09245b0425091ff28ac5112a066268fdb0e38824f919360e07f6fea6fa8385cf3194cf54b0515282c3d70606e141a8b5224d6de1997e4ed7040f5b88828e62100fb03cf5ed6ece67e8d388e59ccc2fce819a0d93c2a5ea5208b6a210ae72cf16f8ae763ea3fa19b8eb7a02ebab82b87f3c4535f0e004ba1782685d94003f63e15bb721e866e0685c415f46b40525fb8cc825382dd79cf870f3be50aa2", 0xc7, 0x8}, {&(0x7f00000007c0)="7c4b0b1739dcbde9c866fc9f76afa2f1ebeed52665f9c3232f16976d90ad9d781cb43d9eee2140a0c561a0d98bf1690bd8723f0c5d0292a5af9114a78967095033b2ca438b24dad049e8792d5b5ccabfa6e1f9e1db15c04d645b3f2744083f5d4f", 0x61, 0x1}, {&(0x7f0000000840)="714d4dd199da5779694cd8801db94b99262c3d154f238ef318597901d1ec0a27a80474b180b90e3d56e1f9cf51ce800772ee0728269ed5e0cdf16ae77455eb6b4de87d716b972b9ae8ca256aa2b8f1e33cf036334cdca3bdecf2b2f084a0e3c6419cc001d23e266bcceac0e6f876a5a7a03e61a357a60807d379f616d56ba27e8bc80e36a61fee98f372dbc18a0744b828760c5ac019cac38c33", 0x9a, 0x2}, {&(0x7f0000000900)="19379fa4e901d56840e34607b7e5c90c2e15ebaf5cac370f20e927cc5e3a8591aa517474740fad70df08c5db0334a37f55a388b810f82ab950e6bf85b369a26175497de3f992e78fbabc34ee61840381a4701f5f59d40c4747caeb0af7ac5e7382626c90a71dcf84cdc5fd7164bd8ebcf800e6c674c42c4f005b0236e5445919833837c4b50eafba6606954ed3e3fbc0165837841f0429972580a22736623dd3a834c3fe20d368a4e21f2840691143d4ff851e04", 0xb4, 0xdf0}], 0x8, 0x0) sendmsg$TIPC_CMD_ENABLE_BEARER(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000240)={&(0x7f00000001c0)={0x34, 0x0, 0xe00, 0x0, 0x25dfdbfc, {{}, 0x0, 0x4101, 0x0, {0x18, 0x17, {0x1c, 0x7, @l2={'ib', 0x3a, 'erspan0\x00'}}}}}, 0x34}}, 0x4004080) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000081, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./co5p\x00', 0x200002, 0x0) fchdir(r0) syz_mount_image$vfat(&(0x7f0000000200)='vfat\x00', &(0x7f00000004c0)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000140)="eb3c902d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) umount2(&(0x7f0000000400)='./file0\x00', 0x4) ioctl$SNDRV_CTL_IOCTL_TLV_COMMAND(0xffffffffffffffff, 0xc008551c, &(0x7f0000000380)={0xfffffffffffffffb, 0x18, [0x969, 0x1f, 0x0, 0x3441, 0x94e, 0x0]}) [ 509.039835] netlink: 72 bytes leftover after parsing attributes in process `syz-executor.5'. [ 509.069378] sg_write: data in/out 167162/24 bytes for SCSI command 0xff-- guessing data in; [ 509.069378] program syz-executor.1 not setting count and/or reply_len properly [ 509.095736] FAULT_INJECTION: forcing a failure. [ 509.095736] name failslab, interval 1, probability 0, space 0, times 0 [ 509.129727] CPU: 0 PID: 18574 Comm: syz-executor.4 Not tainted 4.14.134 #30 [ 509.136877] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 509.146235] Call Trace: [ 509.148833] dump_stack+0x138/0x19c [ 509.152468] should_fail.cold+0x10f/0x159 [ 509.156630] should_failslab+0xdb/0x130 [ 509.160609] kmem_cache_alloc_node_trace+0x280/0x770 [ 509.165722] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 509.171182] __kmalloc_node_track_caller+0x3d/0x80 [ 509.176131] __kmalloc_reserve.isra.0+0x40/0xe0 [ 509.180813] __alloc_skb+0xcf/0x500 [ 509.184441] ? skb_scrub_packet+0x4b0/0x4b0 [ 509.188783] ? netlink_has_listeners+0x20a/0x330 [ 509.193543] kobject_uevent_env+0x781/0xc23 [ 509.197877] kobject_uevent+0x20/0x26 [ 509.201684] lo_ioctl+0x11e7/0x1ce0 [ 509.205318] ? loop_probe+0x160/0x160 [ 509.209122] blkdev_ioctl+0x96b/0x1860 [ 509.213012] ? blkpg_ioctl+0x980/0x980 [ 509.216908] ? __might_sleep+0x93/0xb0 [ 509.220799] ? __fget+0x210/0x370 [ 509.224258] block_ioctl+0xde/0x120 [ 509.227896] ? blkdev_fallocate+0x3b0/0x3b0 [ 509.232222] do_vfs_ioctl+0x7ae/0x1060 [ 509.236115] ? selinux_file_mprotect+0x5d0/0x5d0 [ 509.240874] ? lock_downgrade+0x6e0/0x6e0 03:38:15 executing program 5: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="2132fad8b103e0a07e9d2341e31a719e1d21e22d05cc3fe703000000000000000edbffa6032e71ec000014e0efc5fcf2faab3a91b389ba3ac1"], 0x1}}, 0x0) r1 = gettid() prctl$PR_SET_PTRACER(0x59616d61, r1) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) tkill(r2, 0x38) ptrace$cont(0x18, r2, 0x0, 0x0) ptrace$setregs(0xd, r2, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r2, 0x0, 0x0) [ 509.245030] ? ioctl_preallocate+0x1c0/0x1c0 [ 509.249478] ? __fget+0x237/0x370 [ 509.252948] ? security_file_ioctl+0x89/0xb0 [ 509.257426] SyS_ioctl+0x8f/0xc0 [ 509.260891] ? do_vfs_ioctl+0x1060/0x1060 [ 509.265154] do_syscall_64+0x1e8/0x640 [ 509.269090] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 509.273955] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 509.273965] RIP: 0033:0x459697 [ 509.273971] RSP: 002b:00007f4eb8d06a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 509.282386] RAX: ffffffffffffffda RBX: 0000000020000228 RCX: 0000000000459697 [ 509.282393] RDX: 0000000000000006 RSI: 0000000000004c00 RDI: 0000000000000007 [ 509.282398] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 509.282402] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000006 [ 509.282407] R13: 00000000004c88e2 R14: 00000000004df6b0 R15: 0000000000000005 [ 510.160132] net_ratelimit: 16 callbacks suppressed [ 510.160138] protocol 88fb is buggy, dev hsr_slave_0 [ 510.160177] protocol 88fb is buggy, dev hsr_slave_1 [ 510.165194] protocol 88fb is buggy, dev hsr_slave_1 [ 510.180313] protocol 88fb is buggy, dev hsr_slave_0 [ 510.185355] protocol 88fb is buggy, dev hsr_slave_1 [ 510.400144] protocol 88fb is buggy, dev hsr_slave_1 [ 510.720123] protocol 88fb is buggy, dev hsr_slave_0 [ 510.725282] protocol 88fb is buggy, dev hsr_slave_1 03:38:18 executing program 2: socketpair$unix(0x1, 0x0, 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="2001000010db55000000000000649bdb382db60cdb35feaf0900000000000000000000000000201483d9b22701010000d08a38cd02fa9ed7d2"], 0x1}}, 0x0) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x38) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, 0x0, 0x0, 0x0) 03:38:18 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") r1 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x8046) write(r1, &(0x7f0000000100)="b63db85e1e8d020000000000003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1acfbd6cbf87798a9b02de7a91a3cbdfa009cf75a7eadb2a00", 0x48) readv(r1, &(0x7f000085dff0)=[{&(0x7f0000000000)=""/62, 0x3e}], 0x1) openat$smack_thread_current(0xffffffffffffff9c, &(0x7f0000000080)='/proc/thread-self/attr/current\x00', 0x2, 0x0) socket$can_raw(0x1d, 0x3, 0x1) 03:38:18 executing program 0: r0 = socket(0x2, 0x80002, 0x0) setsockopt$inet_int(r0, 0x0, 0xb, &(0x7f0000000600)=0xdb, 0x4) sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0x2, 0x4e20}, 0xfffffffffffffe51) getsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f0000000040)={{{@in=@multicast1, @in6=@mcast2}}, {{@in6=@initdev}, 0x0, @in=@broadcast}}, &(0x7f0000000180)=0xe8) getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(r0, 0x84, 0x6c, &(0x7f00000001c0)={0x0, 0x86, "5b0e339bd2f511ab4a4c6a7e44e7ce024bbffa1c6e30e4cd1adc740aeff2192e203a84c26cb41eb10482ef5dd18bd72f809c9f8f0cb804c98af4eb2d2bc19fce06416284a992ba28a42de33944b4934edfab0b90065cb7e784c79813d079cc3d7e238f147dad30d804829021d01ef85b2ab1bac3fae707628df1be8678d035d078774dc88025"}, &(0x7f0000000280)=0x8e) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(r0, 0x84, 0x70, &(0x7f00000002c0)={r1, @in6={{0xa, 0x4e21, 0x1, @loopback, 0x8001}}, [0x4, 0x9, 0x6, 0xffffffff, 0x2, 0x3fa, 0x1, 0x8001, 0x6, 0x8, 0x7, 0x20, 0x995, 0x2]}, &(0x7f00000003c0)=0x100) recvmsg(r0, &(0x7f0000000140)={0x0, 0xfffffffffffffe13, 0x0}, 0x2001) 03:38:18 executing program 4 (fault-call:1 fault-nth:36): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f0000000380)="8da4363ac0ed0000000000000000004d01000000000000000000000000000013fff6f2a2299748aeb81e1b00920efd9a000001000000000001000000000000005f42485266535f4d860c1317278d451fd38e4071a1e91c0523b67fecca5b668ef40000000000000000e4bd9fa7c5fcb3aefd8d4a6c4952162a5a06316567de06abe647d21f253840c118ae9982c6c238e719ccfbd8f5ee215e30bf31f59401e921c6a9fca5349ebf4294d39b5931232929caf81701a7540962141efc672ae1459ef04de89c7a092e7f", 0xc9, 0x10000}], 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) 03:38:18 executing program 3: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) ioctl$UI_SET_RELBIT(r0, 0x40045566, 0x6) ioctl$KVM_GET_NR_MMU_PAGES(r0, 0xae45, 0xfffffffffffffffe) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='cpuset.effective_mems\x00', 0x26e1, 0x0) epoll_ctl$EPOLL_CTL_DEL(r1, 0x2, r1) write$cgroup_int(r1, &(0x7f0000000140), 0xffffff35) getdents(r0, &(0x7f0000000000)=""/14, 0xe) getdents(r0, &(0x7f0000000580)=""/4096, 0x1000) ioctl$SNDRV_TIMER_IOCTL_PAUSE(r0, 0x54a3) socket$packet(0x11, 0x3, 0x300) [ 511.649626] kauditd_printk_skb: 24 callbacks suppressed [ 511.649634] audit: type=1400 audit(2000000298.039:2278): avc: denied { map } for pid=18603 comm="blkid" path="/sbin/blkid" dev="sda1" ino=16128 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=0 [ 511.665506] sg_write: data in/out 167162/24 bytes for SCSI command 0xff-- guessing data in; [ 511.665506] program syz-executor.1 not setting count and/or reply_len properly [ 511.705348] FAULT_INJECTION: forcing a failure. [ 511.705348] name failslab, interval 1, probability 0, space 0, times 0 [ 511.723796] CPU: 1 PID: 18608 Comm: syz-executor.4 Not tainted 4.14.134 #30 [ 511.730922] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 511.740309] Call Trace: [ 511.742910] dump_stack+0x138/0x19c [ 511.746551] should_fail.cold+0x10f/0x159 [ 511.750714] should_failslab+0xdb/0x130 [ 511.754703] kmem_cache_alloc_node_trace+0x280/0x770 [ 511.759819] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 511.765286] __kmalloc_node_track_caller+0x3d/0x80 [ 511.770229] __kmalloc_reserve.isra.0+0x40/0xe0 [ 511.771929] sg_write: data in/out 167162/24 bytes for SCSI command 0xff-- guessing data in; [ 511.771929] program syz-executor.1 not setting count and/or reply_len properly [ 511.774902] __alloc_skb+0xcf/0x500 [ 511.774915] ? skb_scrub_packet+0x4b0/0x4b0 [ 511.774927] ? netlink_has_listeners+0x20a/0x330 [ 511.774942] kobject_uevent_env+0x781/0xc23 [ 511.774960] kobject_uevent+0x20/0x26 [ 511.811689] lo_ioctl+0x11e7/0x1ce0 [ 511.815322] ? loop_probe+0x160/0x160 [ 511.819128] blkdev_ioctl+0x96b/0x1860 [ 511.823036] ? blkpg_ioctl+0x980/0x980 [ 511.826933] ? __might_sleep+0x93/0xb0 [ 511.830821] ? __fget+0x210/0x370 [ 511.834275] block_ioctl+0xde/0x120 [ 511.837922] ? blkdev_fallocate+0x3b0/0x3b0 [ 511.842251] do_vfs_ioctl+0x7ae/0x1060 [ 511.846152] ? selinux_file_mprotect+0x5d0/0x5d0 [ 511.850909] ? lock_downgrade+0x6e0/0x6e0 [ 511.855063] ? ioctl_preallocate+0x1c0/0x1c0 [ 511.859479] ? __fget+0x237/0x370 [ 511.862942] ? security_file_ioctl+0x89/0xb0 [ 511.864660] sg_write: data in/out 167162/24 bytes for SCSI command 0xff-- guessing data in; [ 511.864660] program syz-executor.1 not setting count and/or reply_len properly [ 511.867358] SyS_ioctl+0x8f/0xc0 [ 511.867369] ? do_vfs_ioctl+0x1060/0x1060 [ 511.867384] do_syscall_64+0x1e8/0x640 [ 511.867393] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 511.867410] entry_SYSCALL_64_after_hwframe+0x42/0xb7 03:38:18 executing program 0: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x365f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) write$UHID_INPUT(0xffffffffffffffff, &(0x7f00000005c0)={0x8, "0c908c7996162ab2bb70968fda7b6d5cfa64ae8934fe61a860118158053e315fa49c146fc23d1fbea89fbddb4ceb456f5a999b3a1c73e4d1761022f9a90c4bea934f046e63b56b249291b35e232999547ebdfb38f9b3afa535ecb6815fe84222a27115765606d370d2a6b611c4fbc49d66507a46b50f5a6baf4f17da5da9302e7be9b5345c9b547a7ca50c4bfb7c1cda5f23b1c4747ffd04c440beffdfc716a16856a434a2213cd3b587b332fc9836d44a214022ed74c11f6b2e7e68cde4aeb286c86069d7287672dab82d021e17f0c1f0ca3249d41e297398d1a92d588d6461fea83221c8d47aed83b300cad2342dbe1ba346411e9b91ad3829e4857cdcce78b1da02042c582023caa63cfbd49c3f6f93554ea2334f85e1ab07739adc295f7906ad5a2d590098f3624a1e2d694444ba97f04ffc17420b8c5b5b40ad65ab7531d7a0b38a959f5f38a40257535a62d705f665a4da1d0f4868f6c6dce995db09b9c321fe99e5a08b51714565f588fd6dd1df5f841ea8fd20945aca778a9e0e95726f7cada1b0d752e399a1473d60dd804cb1c2f4e09979ba439082cdc8338950a4425aa6b0093a0195dba49a9f841755d3332193626611c5b0b0bb57d357a7615014ed3d5447a206a47632f75d99e9b39ce1ec30b1bb685b28f43563be47908c10b4dc5ad6e7392a4370a22a871a1bb4416d5f04de24e5f25d2556f7c44db8e26fed6613c4cb14be263d6ed4e7444c61bc411df4764a05f0386cba77285ae8925942980b8c8ab77e64e8563a5e89b0f12127d455cd5c08d9ed256b74b757cbce34f2d238abc3a63473f333e606227b9bef9544c5e174cf84b9cedcf730134766e39683de3bf047c204d88c56b7650338041d71ab32974748eb63f29d6b33b95d116df4cf465bc8bcc93318a6c376e47def0c0ab6c91494a8c8f3bb9af14aacc7149bb6315796059e4dd444e1f0f2ccdece623d92a064b9df36829126f987c63af8454897e9683a82975666cc1ccf1c45c7a18e33f363a20db5f38e0d5406c9172e8696218d4c10e3d7cd00805e3a646beb3366a1cf55e53eef832fa1094e30bd1c981194a70060b8a8e4d888f45d838d2c912e8801388d342a54bcd7a1ccf3ffe785a186cb9fc077caf19abd953f4aaa822474e1dfaab32b1636918393eced12efca59f51da2d6f55da0263547ec858aead83913574655546d9dd7b962e3f1f34cc99749f23994f24e600bd8cbcd52b7fa39e526128a76296d0b4c2632e1c47c3eb1789f0433303aab36812006b07774f502bcf0e6886754172474c60c6feb165590bf954c6873cc4dcb4a0ef55422b1be7940914e67df6d9413b12e76ccfb86a1f060d77840ef0a507be887aef6f5971958c96740e789cfdc62cef16b2a648fb4434e30e3cab685a7563bcc6d328716c9f07a76bb060753745a9ac8b4e88a09ad46da16aa0a577a19941dcf2521a404f03e2b74fbb8c51168633bace09cbed4a119cf82d0a33e31ab5c4b1a708b7f8fe0d4b5524234fae96b0055580526cb5a5e5f7e4bc918d5f69cb960189dafa02f7f4fce371a0394331bb398ea83ffcef57751ebfdde6b057b91db71bffdaf44ae356abe0e93f729cd5f09d73333b45fabf9924471b0c908db11c346abafe3d2e6a3120646fc0c0c1d6016aa3978d17fac66c73a68b38dbcdb474a0b7ae8870adaab9a56a00a1bec2d9b2ac27b223dba064842587b819629e346206968937a0400a3139b936ec088db6e431853bb675407050d2710c308a35202f50991674fa8549bbffa184477737e7962f12c1719fa9bb18021d20cc0a55427b93b8aba81c7596bebd97a7a63e98dfdabba1657ec5c9d4938d614dc353a5d67cf30587cfde18675304dc2e672b1f3253969a0203aa3ad1576f5429f5217d2b66c80b4936a91b78ec5004ea0ae56c579cb5b6a67ce6cbdc791e376387bbb3d18f43c8d48068cfa86a5d9ed366c9f2fcf4eb3138cf1af2c33d6f18aad546ff4bffac76c727e5ee2d06d74241c63f51f12a247da979df5c2b0fc0824e8d3026abe864cf125fd5b6984a0da92af09e129791f046d5eda7b57a442e348d99f0e3b8da6028d4874f4b53f2d696a06f8bf97ee93479c4958f643b11cb39fc69ffb3411f0641f0432db490ac2fd0e982a5dba7677bb15015365fde55a554680b844c04ac471e68039cbb914f1117039eb2d3968d8e7b257b6076849ccc251ba6a6e3a09e532680d4c8375f612a017fb650417c036c09b82e18c96cac460308d9cf8584a6006d7d2a8506c9e90edb149a6a58c2d5035359d1e733ffd68dbab58f829705a979a818c0cd35cfcf305de2efe8c24a054a01c2907db2e145527aa90749e4a8b1b68239e0b819000e92833bea83ddbf41453cc933ed9bd414fb93d3cf15991d972bbe58938cc75117f3422277d061d1d5671cff1f3f2d2ba709eb9fdb4857305eadf011da288b0c16250773f036c6e4564d93642a820ed47849e19340fd3d15b353ef67f1c3e9956b862afacd3bc5b4bbc29ddf083df4210442ab19b5506a50582f1a49d0b2e10973bfa5f616de5dfeb0c3f93243b4013fc6d6c930663cf745ad2417a2c5cb6ab7be45f31124245dc7e2239edd0615488831d2263209fb8070cc9c728eb2b362755c4dca5a8001b72bb3b8d1df0cd4301edbf62fa71effbcd4569dbf0b66478df2bd6e2560e4286261b14aef16de8aa1c95d208e214695bf4f3d1ac1d190b8d515e61170d1d4168c384f5bb895e41b99707f62cc786d67bf44775c8e73725f56782429d5aeb93b7d35c34dd23b4f6f59406f5f66c9ee3ba1f1159e4b9d67eee7978945dd4259de355c1b8fe6bf3cdcfbb87b2ecfeccaff72c680cd14cb4a08af05bbba8ba7c292ee574a30fd69375deef965edc4a82ae3d7ae197ad4edb4ced64e2ead6dabb7c7f7fc409f0507e1962d3537b83d4fe70a97286ed9a880818f17f4065d7738bc6fbbe07a16e8ad2239f68c72e8426d00d7757cce3413d20abaa5e4b802bbb8e7d592f7ec7dec97b51281b81aa0a5d5decc165362d220e56bb8658f3fe2f9be69e2963a52c1c33a6beccc1abed289cc17d7d8f0c4e7dbb3ef05da02f36e9044819811b2ab36c2ffea5a15715be92a5a9159ab2248acc8e31aeae5727f4a7766e2b62a8457caa6505aa64f2cf5eedf6521503116af7b5692f8753f1870cd4246a2b075b73b2760dc0b2ac03ce9f3eee48c4e76f7029dc9c76745dd0a5b0e6aba7098aec40bcd9648b8d5dcc3f14f9e5acd6bb08582f88990e60eaf06fcb8104c789cc5bd153679f42cd1fa7d481a4d48e40ef856aa30b0df206c92435a4f2c3d76bdeeed75f24dc3029063904de7e0c825f9756f34698eea711bdf52029de30fa8d68c213f6c032c100eebba37532c71195225eb1706b7cd4aa61c0567c0a6ccb43cbac7176c1464a97cf82c5609236ffb5128335e7a6488f5d6a48a60b1f3adf065afbb2453c4d1d9279e0be519909a300208de5f2dc585a34cdf71cf2633aa5c58856eeb1a7bd5b75b09b1789ef196569f8a812206c61c97d8a8fc9b2b5fc39d83c1f2619e82251d9a4e8c490efe88ec61ffb2c1fcf8f194e030a64e6ad5c30b0876c652cb23bde300b65c7d1786c8122fed16109a3108980f4e00fdd6ee57863a9173c36523d8f04f4f1e665381fe781a8ddb5b50c3e1d3147973c3255c9717295b13e680efedbc2c151d622a2be72cf9847fba8acd87dbb1a61f4ac98fb36b1450bf9031c2c6386015354fc7461df37074a5ac1449b7eae64d1a67a4fed439014e768a1c0e995377db53bda5009dc74b6529a0cffca5f3b160fe89dd31efcfa731a25a472796b2ec531772a31ef47565e26def4835df8c8f1c461e90d2886fd309f55c3bb57a9824f4fa2264fc126662abe8311c0fe78e2cda39a4725d5b88ecd9ed42e53131f963f367df14e767ab668486ea3d42713af79d31fad9437020fe24aaf994ecd35baa619c9f78b5771ca63abf631bae4e98c8833596f48e697e4cb434e0c6fa9bbed73c43ffcd4c1fa7c74140ef29f82c5e2f67cfebb8aa34befdc1b8f2bc3cdf0c93415377b209d8d59e105da1a05857338926701bccd4ac8fcbbd903d40c3865db875a76ee9245d1f1b99e3a829d2b8c4e77701fd5003beaab93d99dc16087699d5639524a4ede2d33157f8b73afb3ef5f5bb3592e9d2775bb638db2bee82ff365741bed66aa557d93516760be92198b2824e65b555b2b7db019711c9f26445de783943a93b11ebda95be10fc14090020b43a6cbac931b04f2139c3544580a95476593032c7d248bca1203867b77e27089dee5419d2b2e7dd4b21b8dabf0f1b98d903725b8b73738229dc73d8bf1a80203b2c20b2d31311cfa21525d9eee16599a289fbc4988ad50908cdd64ba6d3827457d3c76f4f90d99369c9a2df715f15b69cbba0ceda418696aea093b5fbbdc1cf4d499fce4d7514e15c547318d55e3b67f9d593879284e6cc6cd1ce2a6e595b85abb9637e5d30aa87b08f5d48dc02c30813f5dd657f5e8bd9388488eaaff7db8b035926ca714c051c2e453e799728a75b1b032d5fcec0ff60d025f355e9665ea0dc769c88661e006c39e4b6b7deaf6a08c7c78e2d0b63a6384fa7332613aa4f3c2b8290f8a81f5aed190c482d0abd5c780c07e801cb66f90ba44ada8340eb745ac574d31d74a791ffee537a7f8f5e31136bb5510738d7385dbfb910f1008e9baab52f12132e03e3468c1f28bf9e39a2b515254e95bee589846b8a4641d9d67f8273ec2e6e21e403b1d2f610cb8ce8ccf667cfb2ec46a73c3027e0b3e021e28a1d53dea68a125a6284bb59aa28a2df197c20d9e90873c491bb2c1bb78ec713f703eb2f7c88060c032380a1b28524fa0832c1efa930ba6ce871d9017e7740f850f26fe3d1861fb40d89aaf18735278f047ecc66c0d8c45a21932c8bf6eed1fe5c30818b1eea246b50bb2e606344296fc4172683d575acb33d1bf62d9ce08a9774417fd9c4ee30ba1e5f75e973593e8a44249fc0a745e69ae28c4501b3831849b34233319ac1d432b2bf348f66c9163021dbac845b3db2cc80d716646f53a12800c361c17aa6b9f0a239e4d1830355566d03d408d85d2519de7904ad1b4cb89e5a56ef81d017c76f24babe3ede9bc2733af5eba42ef6307a90b4d21b5dc839b3e16ad4cbe9859f3e848751d0cb62ef4d8b6320d62a320d95ec8c513f22593322ff44a8419cbc1b958433c041e5a6702cbda99dd6f40502eb050bf166ed6958a77e6016994ef8d19400524b8bd0ffc666befdbe10b2abc7964abc2a3ea772f2f94e41c85c250e5dd94b7de7af94dc4d1d5656161512b17f0b37cd9cec9ac19d84f56fc09a0232b6574aedab537678e35d9f88374d4f344ccc9346d3fed423410a05477dc68b1881eba710d1838b5aabcf94ce4550816992d3a392d537e5502f74e10e42390cb15bb338cacbdd1c3e030b20c88afffe761a5038f1d1280796bda482988674f1806c7ff6f7855cca25fa0516665ed7839b7ec06ad90598c22f7746de006abec1939dd26a8f085c9add166ac75d2025d3225cd78c343072c1dbf18ae8309242f95845e0ec68ab89eeb082e5e81469e6e75b91a519ffbe1683bf8cefbf2185bc3515f916ace80202226a42259dd62fd97595a01dc42832ff6c02d2508412cc649ac5062a2b0615c4575a520c656f2ba154a8c2ef946799af2e5bf04411417592ad28bd723eb86f5f71bfcba5c7c74f79cabc9f9ed923ff29dab771445fff7c18d35ee85a463e486b33fba25588d1be3eaf5", 0x1000}, 0x1006) setgroups(0x582, &(0x7f0000000180)=[0x0, 0x0, 0x0, 0x0]) 03:38:18 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") r1 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x8046) write(r1, &(0x7f0000000100)="b63db85e1e8d020000000000003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1acfbd6cbf87798a9b02de7a91a3cbdfa009cf75a7eadb2a00", 0x48) readv(r1, &(0x7f000085dff0)=[{&(0x7f0000000000)=""/62, 0x3e}], 0x1) r2 = syz_open_dev$admmidi(&(0x7f0000000080)='/dev/admmidi#\x00', 0x2, 0x444000) ioctl$SNDRV_CTL_IOCTL_ELEM_UNLOCK(r2, 0x40405515, &(0x7f00000000c0)={0x3, 0x0, 0x3ff, 0x5, 'syz0\x00', 0x100}) 03:38:18 executing program 1: ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x8046) r1 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer\x00', 0x0, 0x0) getsockopt$inet_sctp6_SCTP_ASSOCINFO(0xffffffffffffffff, 0x84, 0x1, &(0x7f00000000c0)={0x0, 0x707, 0x4, 0xc51, 0x5, 0x101}, &(0x7f0000000180)=0x14) setsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(r1, 0x84, 0x18, &(0x7f00000001c0)={r2, 0x4577}, 0x8) write(r0, &(0x7f0000000100)="b63db85e1e8d020000000000003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1acfbd6cbf87798a9b02de7a91a3cbdfa009cf75a7eadb2a00", 0x48) readv(r0, &(0x7f000085dff0)=[{&(0x7f0000000000)=""/62, 0x3e}], 0x1) [ 511.867426] RIP: 0033:0x459697 [ 511.907975] RSP: 002b:00007f4eb8d06a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 511.916038] RAX: ffffffffffffffda RBX: 0000000020000228 RCX: 0000000000459697 [ 511.923314] RDX: 0000000000000006 RSI: 0000000000004c00 RDI: 0000000000000007 [ 511.930599] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 511.937872] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000006 [ 511.945147] R13: 00000000004c88e2 R14: 00000000004df6b0 R15: 0000000000000005 [ 511.957141] audit: type=1400 audit(2000000298.099:2279): avc: denied { map } for pid=18611 comm="blkid" path="/sbin/blkid" dev="sda1" ino=16128 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=0 [ 511.972460] sg_write: data in/out 167162/24 bytes for SCSI command 0xff-- guessing data in; [ 511.972460] program syz-executor.1 not setting count and/or reply_len properly 03:38:18 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x4, 0x32, 0xffffffffffffffff, 0x0) r1 = socket(0x40000000015, 0x40000000000005, 0x0) ioctl$VIDIOC_SUBDEV_S_FRAME_INTERVAL(r0, 0xc0305616, &(0x7f0000000000)={0x0, {0x6, 0x6}}) setsockopt(r1, 0x100000114, 0xa, &(0x7f0000c63ffc)="66014ebe", 0x4) [ 512.009057] audit: type=1400 audit(2000000298.399:2280): avc: denied { map } for pid=18627 comm="blkid" path="/sbin/blkid" dev="sda1" ino=16128 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=0 [ 512.065153] audit: type=1400 audit(2000000298.439:2281): avc: denied { map } for pid=18628 comm="blkid" path="/sbin/blkid" dev="sda1" ino=16128 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=0 [ 512.072173] sg_write: data in/out 167162/24 bytes for SCSI command 0xff-- guessing data in; [ 512.072173] program syz-executor.1 not setting count and/or reply_len properly 03:38:18 executing program 0: socket(0x10, 0x0, 0x0) r0 = socket$inet_tcp(0x2, 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) add_key$keyring(0x0, &(0x7f00000001c0)={'syz'}, 0x0, 0x0, 0xfffffffffffffffd) keyctl$restrict_keyring(0x1d, 0x0, 0x0, 0x0) r1 = openat$full(0xffffffffffffff9c, &(0x7f0000000040)='/dev/full\x00', 0x200, 0x0) openat$cgroup_procs(r1, &(0x7f0000000100)='tasks\x00', 0x2, 0x0) unshare(0x20600) ioctl$sock_SIOCGPGRP(r0, 0x8904, 0x0) fstat(0xffffffffffffffff, 0x0) r2 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000280)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r2, 0x4c81, 0x0) ioctl$LOOP_CTL_ADD(r2, 0x4c80, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000440)='/dev/net/tun\x00', 0x20000, 0x0) ioctl$TCSETSW(r1, 0x5403, &(0x7f0000000140)={0xffff, 0xfffffffffffff801, 0x7, 0x5, 0x14, 0x1, 0x4, 0x6, 0x1000, 0x5, 0x0, 0xffffffffffff8dba}) ioctl$sock_inet6_tcp_SIOCATMARK(0xffffffffffffffff, 0x8905, &(0x7f0000000080)) getrandom(0x0, 0x0, 0x2000000003) openat$audio(0xffffffffffffff9c, &(0x7f0000000000)='/dev/audio\x00', 0x111700, 0x0) openat$ppp(0xffffffffffffff9c, &(0x7f0000000480)='/dev/ppp\x00', 0x0, 0x0) accept4(r0, &(0x7f0000000200)=@ipx, &(0x7f00000000c0)=0x80, 0x80000) ioctl$FS_IOC_MEASURE_VERITY(0xffffffffffffffff, 0xc0046686, &(0x7f00000004c0)=ANY=[@ANYBLOB="02004500c8d91975bce4b798e5d6fd1b0010000000000000c253c4ce642468f50bc774c5ab5a20ebb6e1ce8a7abdc7f5fa104cd2aef1befa3ed9052ebf4a31f5b8e17688fbbbaaa2dc489700301ece5ecbdd1f8c7e1682fd11efe3801d1f44b1bf4e12a8bf51cd7ce23b9a62878309917bff853c25a047c7b32084b9039814e3d17fe60a055413d0c6ab4548190dbdb34c5c50e54b45e863f9f2258ebd340afaae39015a395f7526b715def696bf31c009fd8dcf"]) [ 512.116448] audit: type=1400 audit(2000000298.459:2282): avc: denied { map } for pid=18630 comm="blkid" path="/sbin/blkid" dev="sda1" ino=16128 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=0 03:38:18 executing program 5: socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000b80)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = syz_open_dev$midi(&(0x7f0000000080)='/dev/midi#\x00', 0x62c, 0x40) r2 = syz_genetlink_get_family_id$team(&(0x7f0000000100)='team\x00') getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, &(0x7f0000000200)={{{@in6=@ipv4={[], [], @local}, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@initdev}, 0x0, @in=@multicast2}}, &(0x7f0000000140)=0xe8) getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000300)={@ipv4={[], [], @multicast2}, 0x0}, &(0x7f0000000340)=0x14) getsockname$packet(0xffffffffffffffff, &(0x7f0000000380)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random}, &(0x7f00000003c0)=0x14) getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000440)={0x0, @dev, @remote}, &(0x7f0000000480)=0xc) getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, &(0x7f00000004c0)={{{@in6, @in=@loopback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@empty}, 0x0, @in6}}, &(0x7f00000005c0)=0xe8) sendmsg$TEAM_CMD_NOOP(r1, &(0x7f00000008c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x1000002}, 0xc, &(0x7f0000000880)={&(0x7f0000000600)={0x258, r2, 0x2, 0x70bd25, 0x25dfdbfd, {}, [{{0x8, 0x1, r3}, {0x230, 0x2, [{0x3c, 0x1, @enabled={{{0x24, 0x1, 'enabled\x00'}, {0x8}, {0x4}}, {0x8, 0x6, r4}}}, {0x38, 0x1, @notify_peers_interval={{0x24, 0x1, 'notify_peers_interval\x00'}, {0x8}, {0x8, 0x4, 0x5}}}, {0x4c, 0x1, @lb_tx_method={{0x24, 0x1, 'lb_tx_method\x00'}, {0x8}, {0x1c, 0x4, 'hash_to_port_mapping\x00'}}}, {0x40, 0x1, @lb_port_stats={{{0x24, 0x1, 'lb_port_stats\x00'}, {0x8}, {0x8, 0x4, 0x9}}, {0x8, 0x6, r5}}}, {0x38, 0x1, @notify_peers_count={{0x24, 0x1, 'notify_peers_count\x00'}, {0x8}, {0x8, 0x4, 0x60}}}, {0x40, 0x1, @lb_hash_stats={{{0x24, 0x1, 'lb_hash_stats\x00'}, {0x8}, {0x8, 0x4, 0x4}}, {0x8}}}, {0x40, 0x1, @name={{0x24, 0x1, 'mode\x00'}, {0x8}, {0x10, 0x4, 'broadcast\x00'}}}, {0x3c, 0x1, @user_linkup_enabled={{{0x24, 0x1, 'user_linkup_enabled\x00'}, {0x8}, {0x4}}, {0x8, 0x6, r6}}}, {0x38, 0x1, @mcast_rejoin_interval={{0x24, 0x1, 'mcast_rejoin_interval\x00'}, {0x8}, {0x8, 0x4, 0x399b}}}]}}, {{0x8, 0x1, r7}, {0x4}}]}, 0x258}, 0x1, 0x0, 0x0, 0x80}, 0x4) setsockopt$netrom_NETROM_IDLE(r1, 0x103, 0x7, &(0x7f0000000400)=0x6, 0x4) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) syz_mount_image$msdos(&(0x7f0000000180)='msdos\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000a40)={[{@fat=@flush='flush'}]}) r8 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000000)='/dev/btrfs-control\x00', 0x208000, 0x0) ioctl$TIOCLINUX4(r8, 0x541c, &(0x7f0000000040)) 03:38:18 executing program 4 (fault-call:1 fault-nth:37): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f0000000380)="8da4363ac0ed0000000000000000004d01000000000000000000000000000013fff6f2a2299748aeb81e1b00920efd9a000001000000000001000000000000005f42485266535f4d860c1317278d451fd38e4071a1e91c0523b67fecca5b668ef40000000000000000e4bd9fa7c5fcb3aefd8d4a6c4952162a5a06316567de06abe647d21f253840c118ae9982c6c238e719ccfbd8f5ee215e30bf31f59401e921c6a9fca5349ebf4294d39b5931232929caf81701a7540962141efc672ae1459ef04de89c7a092e7f", 0xc9, 0x10000}], 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) [ 512.240141] protocol 88fb is buggy, dev hsr_slave_0 [ 512.240180] protocol 88fb is buggy, dev hsr_slave_1 [ 512.307563] audit: type=1400 audit(2000000298.579:2283): avc: denied { map } for pid=18636 comm="blkid" path="/sbin/blkid" dev="sda1" ino=16128 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=0 [ 512.353051] FAULT_INJECTION: forcing a failure. [ 512.353051] name failslab, interval 1, probability 0, space 0, times 0 [ 512.375843] CPU: 0 PID: 18643 Comm: syz-executor.4 Not tainted 4.14.134 #30 [ 512.382976] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 512.392337] Call Trace: [ 512.394936] dump_stack+0x138/0x19c [ 512.398581] should_fail.cold+0x10f/0x159 [ 512.402746] should_failslab+0xdb/0x130 [ 512.406741] kmem_cache_alloc_node_trace+0x280/0x770 [ 512.411855] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 512.417327] __kmalloc_node_track_caller+0x3d/0x80 [ 512.422268] __kmalloc_reserve.isra.0+0x40/0xe0 [ 512.426944] __alloc_skb+0xcf/0x500 [ 512.430570] ? skb_scrub_packet+0x4b0/0x4b0 [ 512.434900] ? netlink_has_listeners+0x20a/0x330 [ 512.439662] kobject_uevent_env+0x781/0xc23 [ 512.439963] audit: type=1400 audit(2000000298.599:2284): avc: denied { map } for pid=18635 comm="blkid" path="/sbin/blkid" dev="sda1" ino=16128 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=0 [ 512.443990] kobject_uevent+0x20/0x26 [ 512.444001] lo_ioctl+0x11e7/0x1ce0 [ 512.444015] ? loop_probe+0x160/0x160 [ 512.444027] blkdev_ioctl+0x96b/0x1860 [ 512.444036] ? blkpg_ioctl+0x980/0x980 [ 512.444052] ? __might_sleep+0x93/0xb0 [ 512.444060] ? __fget+0x210/0x370 [ 512.444072] block_ioctl+0xde/0x120 [ 512.444082] ? blkdev_fallocate+0x3b0/0x3b0 [ 512.444095] do_vfs_ioctl+0x7ae/0x1060 [ 512.496909] audit: type=1400 audit(2000000298.659:2285): avc: denied { map } for pid=18639 comm="blkid" path="/sbin/blkid" dev="sda1" ino=16128 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=0 [ 512.500643] ? selinux_file_mprotect+0x5d0/0x5d0 [ 512.500656] ? lock_downgrade+0x6e0/0x6e0 [ 512.500668] ? ioctl_preallocate+0x1c0/0x1c0 [ 512.500679] ? __fget+0x237/0x370 [ 512.500694] ? security_file_ioctl+0x89/0xb0 [ 512.500705] SyS_ioctl+0x8f/0xc0 [ 512.500713] ? do_vfs_ioctl+0x1060/0x1060 [ 512.500726] do_syscall_64+0x1e8/0x640 [ 512.500735] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 512.500751] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 512.500760] RIP: 0033:0x459697 [ 512.500765] RSP: 002b:00007f4eb8d06a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 512.509267] audit: type=1400 audit(2000000298.669:2286): avc: denied { map } for pid=18640 comm="blkid" path="/sbin/blkid" dev="sda1" ino=16128 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=0 [ 512.526701] RAX: ffffffffffffffda RBX: 0000000020000228 RCX: 0000000000459697 [ 512.526708] RDX: 0000000000000006 RSI: 0000000000004c00 RDI: 0000000000000007 [ 512.526713] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 512.526718] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000006 [ 512.526722] R13: 00000000004c88e2 R14: 00000000004df6b0 R15: 0000000000000005 [ 512.651617] audit: type=1400 audit(2000000298.699:2287): avc: denied { create } for pid=18641 comm="syz-executor.5" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=0 03:38:21 executing program 5: r0 = socket$alg(0x26, 0x5, 0x0) r1 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vsock\x00', 0x100, 0x0) getsockopt$inet_sctp_SCTP_CONTEXT(0xffffffffffffffff, 0x84, 0x11, &(0x7f0000000080)={0x0, 0x6}, &(0x7f00000000c0)=0x8) getsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000180)={r2, @in={{0x2, 0x4e20, @multicast1}}, 0xffffffff, 0x1, 0x1ff, 0x6}, &(0x7f0000000240)=0x98) bind$alg(r0, &(0x7f0000000100)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x2, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x200000000000}, 0x0, 0x0, 0xffffffffffffffff, 0x0) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(0xffffffffffffffff, 0x84, 0x6b, 0x0, 0x0) r3 = accept4(r0, 0x0, 0x0, 0x80800) accept$packet(r3, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, &(0x7f00000002c0)=0x14) bind(r0, &(0x7f0000000300)=@hci={0x1f, r4, 0x3}, 0x80) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) sendto$unix(r3, &(0x7f0000000140), 0x14ded905162a6a4b, 0x0, 0x0, 0x429) recvfrom(r3, &(0x7f0000001240)=""/4096, 0x1000, 0xffffffffffffffff, 0x0, 0xfffffffffffffd6a) 03:38:21 executing program 1: r0 = dup(0xffffffffffffffff) setsockopt$inet_mreqsrc(r0, 0x0, 0x26, &(0x7f00000005c0)={@multicast2, @remote, @remote}, 0xc) ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") r2 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x8046) write(r2, &(0x7f0000000100)="b63db85e1e8d020000000000003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1acfbd6cbf87798a9b02de7a91a3cbdfa009cf75a7eadb2a00", 0x48) ioctl$sock_inet_udp_SIOCINQ(r1, 0x541b, &(0x7f0000000080)) readv(r2, &(0x7f0000000540)=[{&(0x7f00000002c0)=""/212, 0xd4}, {&(0x7f00000003c0)=""/129, 0x81}, {&(0x7f0000000480)=""/149, 0x95}], 0x3) r3 = syz_open_dev$vivid(&(0x7f0000000000)='/dev/video#\x00', 0x0, 0x2) ioctl$VIDIOC_TRY_ENCODER_CMD(r3, 0xc028564e, &(0x7f0000000280)={0x3, 0x1, [0x3, 0x0, 0x3f, 0x0, 0x1400, 0xfffffffffffff801, 0x3, 0x3]}) ioctl$int_in(r1, 0x5473, &(0x7f0000000580)=0x12) mkdir(&(0x7f0000000600)='./file0\x00', 0xb1) r4 = openat$sequencer2(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer2\x00', 0x0, 0x0) readv(r4, &(0x7f0000000240)=[{&(0x7f0000000180)=""/157, 0x9d}], 0x1) 03:38:21 executing program 3: r0 = socket$inet(0xa, 0x801, 0x84) r1 = syz_open_dev$media(&(0x7f0000000000)='/dev/media#\x00', 0x5, 0x400000) connect$inet(r0, &(0x7f0000004cc0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10) listen(r1, 0xfc0004) r2 = accept4(r0, 0x0, 0x0, 0x80800) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$SCSI_IOCTL_BENCHMARK_COMMAND(0xffffffffffffffff, 0x3) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000180)=[@textreal={0x8, &(0x7f0000000140)="66b9810000400f322ed30cbad104ec660f38df2b0fe21526660ff85e503ede1b0f20c06635000000800f22c0b800088ec00fae470b", 0x35}], 0x1, 0x51, 0x0, 0x0) syz_kvm_setup_cpu$x86(r4, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) r6 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f00000015c0)={{{@in6, @in6=@dev}}, {{}, 0x0, @in=@loopback}}, &(0x7f00000016c0)=0xe8) fstat(r1, &(0x7f00000001c0)) ioctl$TIOCGSID(r6, 0x5429, &(0x7f00000019c0)) lstat(&(0x7f0000001a00)='./file0\x00', &(0x7f0000001a40)) getgid() stat(&(0x7f0000001d80)='./file0\x00', 0x0) stat(&(0x7f0000001e40)='./file0\x00', &(0x7f0000001e80)) ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000000100)) geteuid() fstat(r2, &(0x7f0000004400)) ioctl$sock_FIOGETOWN(r0, 0x8903, &(0x7f0000004480)) getresgid(&(0x7f0000004580), &(0x7f00000045c0), &(0x7f0000004600)) lstat(&(0x7f00000046c0)='./file0\x00', &(0x7f0000004700)) stat(&(0x7f0000004780)='./file0\x00', &(0x7f00000047c0)) ioctl$TIOCGSID(r1, 0x5429, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000040), &(0x7f00000048c0)=0xc) getpgrp(0xffffffffffffffff) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000004a00), &(0x7f0000004a40)=0xc) connect(0xffffffffffffffff, &(0x7f0000000080)=@un=@abs={0x1, 0x0, 0x4e23}, 0x3fd) 03:38:21 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$unix(0x1, 0x1, 0x0) r1 = socket$unix(0x1, 0x200000000000001, 0x0) getpeername(r1, &(0x7f0000000040)=@ipx, &(0x7f00000000c0)=0x80) bind$unix(r1, &(0x7f0000003000)=@abs={0x1}, 0x8) listen(r1, 0x0) connect(r0, &(0x7f0000985ff8)=@un=@abs={0x1}, 0x8) r2 = syz_open_procfs(0x0, &(0x7f0000000000)='net/ipv6_route\x00') sendfile(r0, r2, 0x0, 0x800000bf) 03:38:21 executing program 4 (fault-call:1 fault-nth:38): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f0000000380)="8da4363ac0ed0000000000000000004d01000000000000000000000000000013fff6f2a2299748aeb81e1b00920efd9a000001000000000001000000000000005f42485266535f4d860c1317278d451fd38e4071a1e91c0523b67fecca5b668ef40000000000000000e4bd9fa7c5fcb3aefd8d4a6c4952162a5a06316567de06abe647d21f253840c118ae9982c6c238e719ccfbd8f5ee215e30bf31f59401e921c6a9fca5349ebf4294d39b5931232929caf81701a7540962141efc672ae1459ef04de89c7a092e7f", 0xc9, 0x10000}], 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) 03:38:21 executing program 2 (fault-call:10 fault-nth:0): socketpair$unix(0x1, 0x0, 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="2001000010db55000000000000649bdb382db60cdb35feaf0900000000000000000000000000201483d9b22701010000d08a38cd02fa9ed7d2"], 0x1}}, 0x0) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x38) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r0, 0x0, 0x0) [ 514.734522] sg_write: data in/out 167162/24 bytes for SCSI command 0xff-- guessing data in; [ 514.734522] program syz-executor.1 not setting count and/or reply_len properly [ 514.758150] FAULT_INJECTION: forcing a failure. [ 514.758150] name failslab, interval 1, probability 0, space 0, times 0 [ 514.800234] CPU: 1 PID: 18661 Comm: syz-executor.4 Not tainted 4.14.134 #30 [ 514.807387] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 514.816747] Call Trace: [ 514.819350] dump_stack+0x138/0x19c [ 514.822992] should_fail.cold+0x10f/0x159 [ 514.827149] should_failslab+0xdb/0x130 [ 514.831127] kmem_cache_alloc+0x2d7/0x780 [ 514.835327] ? selinux_file_mprotect+0x5d0/0x5d0 [ 514.840086] ? lock_downgrade+0x6e0/0x6e0 [ 514.844253] ? ioctl_preallocate+0x1c0/0x1c0 [ 514.848861] getname_flags+0xcb/0x580 [ 514.852860] SyS_mkdir+0x7e/0x200 [ 514.856361] ? SyS_mkdirat+0x210/0x210 [ 514.860277] ? do_syscall_64+0x53/0x640 [ 514.865009] ? SyS_mkdirat+0x210/0x210 [ 514.868929] do_syscall_64+0x1e8/0x640 [ 514.872945] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 514.877809] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 514.883009] RIP: 0033:0x458c47 [ 514.886201] RSP: 002b:00007f4eb8d06a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 03:38:21 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$unix(0x1, 0x1, 0x0) r1 = socket$unix(0x1, 0x200000000000001, 0x0) getpeername(r1, &(0x7f0000000040)=@ipx, &(0x7f00000000c0)=0x80) bind$unix(r1, &(0x7f0000003000)=@abs={0x1}, 0x8) listen(r1, 0x0) connect(r0, &(0x7f0000985ff8)=@un=@abs={0x1}, 0x8) r2 = syz_open_procfs(0x0, &(0x7f0000000000)='net/ipv6_route\x00') sendfile(r0, r2, 0x0, 0x800000bf) 03:38:21 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") r1 = open(&(0x7f0000000000)='./file0\x00', 0x400000, 0x44) getdents64(r1, &(0x7f0000000080)=""/161, 0xa1) socketpair(0xe, 0x80006, 0x20, 0x0) 03:38:21 executing program 3: r0 = socket$inet_sctp(0x2, 0x800000000000001, 0x84) sendto$inet(r0, &(0x7f0000a34fff)='H', 0x1, 0x0, &(0x7f0000030ff0)={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x10) sendto$inet(r0, &(0x7f000026cfff)="c6", 0x1, 0x0, &(0x7f0000033ff0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10) shutdown(r0, 0x1) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f00000001c0)={0x0, @in6, 0x0, 0x10001, 0x0, 0x0, 0x46}, 0x98) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f00000004c0)={0x0, @in, 0x0, 0x0, 0x0, 0x0, 0x34}, 0x98) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000340)={0x0, @in, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x98) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000000)={0x0, @in6, 0x0, 0x0, 0x0, 0x0, 0xc}, 0x98) [ 514.894021] RAX: ffffffffffffffda RBX: 0000000020000228 RCX: 0000000000458c47 [ 514.901303] RDX: 0000000000000006 RSI: 00000000000001ff RDI: 0000000020000100 [ 514.908579] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 514.915868] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000006 [ 514.923145] R13: 00000000004c88e2 R14: 00000000004df6b0 R15: 0000000000000005 03:38:21 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = syz_open_dev$dspn(&(0x7f0000000000)='/dev/dsp#\x00', 0x5, 0x101000) clock_gettime(0x0, &(0x7f0000000080)={0x0, 0x0}) timerfd_settime(r3, 0x1, &(0x7f00000000c0)={{r4, r5+10000000}, {0x0, 0x1c9c380}}, &(0x7f0000000100)) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text32={0x20, &(0x7f0000000140)="0f20dc0f001a66b897000f00d0b8fd7f00000f23d00f21f835300000050f23f8c4e27d59020f20c035000004000f22c0b92f090000b800000000ba000000000f30c744240000900000c744240278000000c7442406000000000f011424b9770b0000b800380000ba000000000f308fc8508e659ad6", 0x75}], 0x1, 0x0, 0x0, 0x1ea) ioctl$KVM_RUN(r2, 0xae80, 0x0) 03:38:21 executing program 4 (fault-call:1 fault-nth:39): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f0000000380)="8da4363ac0ed0000000000000000004d01000000000000000000000000000013fff6f2a2299748aeb81e1b00920efd9a000001000000000001000000000000005f42485266535f4d860c1317278d451fd38e4071a1e91c0523b67fecca5b668ef40000000000000000e4bd9fa7c5fcb3aefd8d4a6c4952162a5a06316567de06abe647d21f253840c118ae9982c6c238e719ccfbd8f5ee215e30bf31f59401e921c6a9fca5349ebf4294d39b5931232929caf81701a7540962141efc672ae1459ef04de89c7a092e7f", 0xc9, 0x10000}], 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) 03:38:21 executing program 5: r0 = socket$kcm(0x10, 0x2, 0x10) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000001900)="2e0000001d008104e08f80ecdb4cb9d9026319016993bc1a454ada35a564f3f7af5312140002003bb214bbe10001", 0x2e}], 0x1}, 0x0) [ 515.091064] FAULT_INJECTION: forcing a failure. [ 515.091064] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 515.103105] CPU: 1 PID: 18697 Comm: syz-executor.4 Not tainted 4.14.134 #30 [ 515.110212] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 515.119571] Call Trace: [ 515.119592] dump_stack+0x138/0x19c [ 515.119611] should_fail.cold+0x10f/0x159 [ 515.125815] __alloc_pages_nodemask+0x1d6/0x7a0 [ 515.125828] ? fs_reclaim_acquire+0x20/0x20 [ 515.125841] ? __alloc_pages_slowpath+0x2930/0x2930 [ 515.125864] cache_grow_begin+0x80/0x400 [ 515.125878] kmem_cache_alloc+0x6a6/0x780 [ 515.152202] ? selinux_file_mprotect+0x5d0/0x5d0 [ 515.156983] ? lock_downgrade+0x6e0/0x6e0 [ 515.161152] getname_flags+0xcb/0x580 [ 515.164967] SyS_mkdir+0x7e/0x200 [ 515.168440] ? SyS_mkdirat+0x210/0x210 [ 515.172345] ? do_syscall_64+0x53/0x640 [ 515.176331] ? SyS_mkdirat+0x210/0x210 [ 515.180224] do_syscall_64+0x1e8/0x640 [ 515.184112] ? trace_hardirqs_off_thunk+0x1a/0x1c 03:38:21 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$null(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = socket$unix(0x1, 0x1, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) r3 = openat$btrfs_control(0xffffffffffffff9c, 0x0, 0x220140, 0x0) bind$unix(r2, &(0x7f0000003000)=@abs={0x1}, 0x8) ioctl$void(r2, 0x5451) ioctl$KVM_DEASSIGN_DEV_IRQ(r3, 0x4040ae75, &(0x7f0000000240)={0x85, 0x73, 0x101, 0x1}) listen(r2, 0x0) connect(r1, &(0x7f0000985ff8)=@un=@abs={0x1}, 0x8) r4 = syz_open_procfs(0x0, &(0x7f0000000000)='net/ipv6_route\x00') prctl$PR_SET_CHILD_SUBREAPER(0x24, 0x0) sendfile(r2, r4, 0x0, 0x800000bf) getsockopt$ARPT_SO_GET_INFO(r0, 0x0, 0x60, 0x0, &(0x7f0000000380)) write$RDMA_USER_CM_CMD_CREATE_ID(r4, 0x0, 0x0) r5 = add_key(&(0x7f0000000480)='logon\x00', &(0x7f00000004c0)={'syz', 0x1}, 0x0, 0x0, 0x0) ioctl$DRM_IOCTL_MARK_BUFS(r4, 0x40206417, &(0x7f0000000300)={0xfffffffffffffff7, 0x3ff, 0x765, 0x9, 0x10, 0x9}) openat$selinux_context(0xffffffffffffff9c, &(0x7f0000000280)='/selinux/context\x00', 0x2, 0x0) request_key(&(0x7f00000003c0)='id_legacy\x00', &(0x7f0000000400)={'syz', 0x3}, &(0x7f0000000440)='GPLsecurityself}bdevcpuset\x00', r5) write$RDMA_USER_CM_CMD_QUERY(r3, &(0x7f00000002c0)={0x13, 0x10, 0xfa00, {&(0x7f0000000040), 0xffffffffffffffff, 0x1}}, 0x18) [ 515.188968] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 515.194163] RIP: 0033:0x458c47 [ 515.197884] RSP: 002b:00007f4eb8d06a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 515.205939] RAX: ffffffffffffffda RBX: 0000000020000228 RCX: 0000000000458c47 [ 515.213201] RDX: 0000000000000006 RSI: 00000000000001ff RDI: 0000000020000100 [ 515.220465] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 515.227820] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000006 [ 515.235136] R13: 00000000004c88e2 R14: 00000000004df6b0 R15: 0000000000000005 03:38:21 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") r1 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x8046) ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f0000000140)=0x0) r3 = syz_open_dev$vcsa(&(0x7f0000000240)='/dev/vcsa#\x00', 0x3, 0x40000) perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x2, 0x1f, 0x2, 0x7, 0x0, 0x5a, 0x0, 0x2, 0xd0, 0x3ff, 0x3, 0x2, 0x4, 0x2, 0x5, 0x9, 0x5, 0x0, 0x6, 0x5, 0xd28, 0x100000000, 0x81, 0x9, 0x2, 0xfffffffffffffdcd, 0x9, 0xffff, 0x10000, 0xffff, 0x1c000000, 0x0, 0xfffffffffffff375, 0x200, 0x400, 0x2, 0x0, 0x0, 0x3, @perf_config_ext={0xffffffff, 0x8}, 0x2800, 0x2, 0x7, 0x5, 0xde07, 0x1, 0x3f}, r2, 0xd, r3, 0x1) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000080)=0x40, 0x4) write(r0, &(0x7f0000000180)="b63db85e0fb1504800000000003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1acfbd6cbf87798a9b02de7a91a3cbdfa009cf75a7dbdb2a003056204a89ee324780e5010097c288562c14a116f063ff72111faee5c8572b87b99ffd18dafd6b119a7c86e8ceed13ea78fe57fc217a1d2f1eb3a29bd6f340700ee8d987619e4eefb1dae87456b2ddbdcdee625d977450b8ca", 0xbb) readv(r1, &(0x7f000085dff0)=[{&(0x7f0000000000)=""/62, 0x3e}], 0x1) 03:38:21 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000000)={'bond0\x00\x00Z\x00', @ifru_ivalue=0x20b17d7b}) ioctl$sock_ifreq(r1, 0x4000000000089f0, &(0x7f0000000000)={'sit0\x00\x00\x00\x04\x00', @ifru_flags}) 03:38:21 executing program 5: socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) 03:38:21 executing program 4 (fault-call:1 fault-nth:40): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f0000000380)="8da4363ac0ed0000000000000000004d01000000000000000000000000000013fff6f2a2299748aeb81e1b00920efd9a000001000000000001000000000000005f42485266535f4d860c1317278d451fd38e4071a1e91c0523b67fecca5b668ef40000000000000000e4bd9fa7c5fcb3aefd8d4a6c4952162a5a06316567de06abe647d21f253840c118ae9982c6c238e719ccfbd8f5ee215e30bf31f59401e921c6a9fca5349ebf4294d39b5931232929caf81701a7540962141efc672ae1459ef04de89c7a092e7f", 0xc9, 0x10000}], 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) [ 515.631491] FAULT_INJECTION: forcing a failure. [ 515.631491] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 515.643377] CPU: 0 PID: 18719 Comm: syz-executor.4 Not tainted 4.14.134 #30 [ 515.650477] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 515.659832] Call Trace: [ 515.662406] dump_stack+0x138/0x19c [ 515.666019] should_fail.cold+0x10f/0x159 [ 515.670164] __alloc_pages_nodemask+0x1d6/0x7a0 [ 515.674834] ? fs_reclaim_acquire+0x20/0x20 [ 515.679151] ? __alloc_pages_slowpath+0x2930/0x2930 [ 515.684173] cache_grow_begin+0x80/0x400 [ 515.688229] kmem_cache_alloc+0x6a6/0x780 [ 515.692377] ? selinux_file_mprotect+0x5d0/0x5d0 [ 515.697130] ? lock_downgrade+0x6e0/0x6e0 [ 515.701280] getname_flags+0xcb/0x580 [ 515.705080] SyS_mkdir+0x7e/0x200 [ 515.708525] ? SyS_mkdirat+0x210/0x210 [ 515.712402] ? do_syscall_64+0x53/0x640 [ 515.716371] ? SyS_mkdirat+0x210/0x210 [ 515.720251] do_syscall_64+0x1e8/0x640 [ 515.724135] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 515.728976] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 515.734159] RIP: 0033:0x458c47 [ 515.737337] RSP: 002b:00007f4eb8d06a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 515.745051] RAX: ffffffffffffffda RBX: 0000000020000228 RCX: 0000000000458c47 [ 515.752311] RDX: 0000000000000006 RSI: 00000000000001ff RDI: 0000000020000100 [ 515.759572] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 515.766837] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000006 [ 515.774107] R13: 00000000004c88e2 R14: 00000000004df6b0 R15: 0000000000000005 [ 516.400145] net_ratelimit: 14 callbacks suppressed [ 516.400152] protocol 88fb is buggy, dev hsr_slave_0 [ 516.400190] protocol 88fb is buggy, dev hsr_slave_1 [ 516.405203] protocol 88fb is buggy, dev hsr_slave_1 [ 516.420353] protocol 88fb is buggy, dev hsr_slave_0 [ 516.425685] protocol 88fb is buggy, dev hsr_slave_1 [ 516.640189] protocol 88fb is buggy, dev hsr_slave_1 [ 516.960159] protocol 88fb is buggy, dev hsr_slave_0 [ 516.965298] protocol 88fb is buggy, dev hsr_slave_1 03:38:24 executing program 2: socketpair$unix(0x1, 0x0, 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="2001000010db550000000000000000000000000000000000201483d9b22701010000d08a38cd02fa9ed7d200"/57], 0x1}}, 0x0) r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000180)='/dev/sequencer2\x00', 0x40, 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(r0, 0x40605346, &(0x7f00000001c0)={0x0, 0x1, {0xffffffffffffffff, 0x3, 0xffffffffffffffff, 0x2, 0xe46}}) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r1, 0x0, 0x0) setxattr$trusted_overlay_nlink(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='trusted.overlay.nlink\x00', &(0x7f0000000100)={'L+', 0x3}, 0x28, 0x3) tkill(r1, 0x38) ptrace$cont(0x18, r1, 0x0, 0x0) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r1, 0x0, 0x0) 03:38:24 executing program 0: r0 = openat$audio(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/audio\x00', 0x40000000806, 0x0) write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000400)={'syz1\x00'}, 0x45c) ioctl$UI_SET_RELBIT(0xffffffffffffffff, 0x40045566, 0x8) r1 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snapshot\x00', 0x0, 0x0) getuid() fsetxattr$trusted_overlay_upper(r1, &(0x7f0000000a80)='trusted.overlay.upper\x00', &(0x7f00000012c0)=ANY=[@ANYBLOB="00fb110107d317c938c71552ddfe3badced0701e219c04ab50a466983a262c4ecd25a6df5ab9a7e4ef4feb788b0b68bfec72fb55992e2f032600e5108ab161cf562828500d00002af8a9e0d3684bbf9dfbd457a8f64f949cafa162aac4dfd3c0409ec6730101000000000000f459e0cd5478cf1bd40f26945f6478b87863e6f40000000000000fff439d89d32003dba4000087facbd841e3dc29d087b5c19ce9645e6edc832e1c3da54a6da46fab8a051098c36fa25ada979d9821e4d5c6c0a72bf325f86146a62891c998a10d28f305effcec0be72061a386fdec00003edd0b04a6536473f5e0f055fe0103189bfb8d6079466eaaaa836c807d3bb00b13c068684d18ab92a3bdec9bb1fd11762070e5885d0000000000"], 0x1, 0x2) ioctl$sock_FIOGETOWN(r1, 0x8903, &(0x7f0000000180)) fcntl$getown(r0, 0x9) ioctl$TIOCGPGRP(r1, 0x540f, &(0x7f0000000200)) fcntl$getown(r0, 0x9) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000280), &(0x7f00000008c0)=0xc) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000940)={0x0}, &(0x7f0000000980)=0xc) r3 = getpgid(r2) getsockopt$inet_IP_IPSEC_POLICY(r1, 0x0, 0x10, &(0x7f0000001040)={{{@in=@loopback, @in6=@ipv4={[], [], @remote}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@remote}, 0x0, @in=@multicast2}}, &(0x7f0000000f00)=0xfffffffffffffd81) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000340), &(0x7f0000000380)=0xc) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r5 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f00000002c0)='anon_inodefs\x00', 0x0, 0x0) getsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(0xffffffffffffffff, 0x84, 0x75, 0x0, 0x0) getpgid(r3) io_setup(0x4, &(0x7f0000000240)=0x0) io_submit(r6, 0x1, &(0x7f0000000a00)=[&(0x7f00000009c0)={0x0, 0x0, 0x0, 0x0, 0x99d9, 0xffffffffffffffff, &(0x7f00000003c0)="cdc2185b2083", 0x6, 0xfffffffffffff001, 0x0, 0x1, r1}]) ioctl$UI_SET_EVBIT(0xffffffffffffffff, 0x40045564, 0x1) getsockopt$inet_tcp_TCP_REPAIR_WINDOW(r1, 0x6, 0x1d, &(0x7f0000000900), &(0x7f0000000880)=0xffffffffffffff97) ioctl$UI_DEV_SETUP(0xffffffffffffffff, 0x5501, 0x0) ioctl$UI_SET_RELBIT(r0, 0x40045566, 0x4) writev(r5, &(0x7f0000001240)=[{&(0x7f0000001140)="f915877a3a6225bc315439956a7137a52348344248ef9546ad7fbeb8cdd6482a9a85a5cc0ddd358d82add4a8a9f8fd7ed47ba8c9c647bea582c83fb915c94754380b4e73197fe4b2e78bf8e826ff3f071b50e22f257cfb739e3a97abed3328ec61e7ea4dd9f5cdef61e319b50f3daece11390d20632fb9c63280c8296509cc68ca26ea9604739efbda199a5d01c00d97f4cd057c4d1277ccf2af1c880d63d3b7835f8222ad06d15508aa82854ddbabe24ac7721fff46c62f4f995018ce55ce5189af49b75b28fcf95b0f1db7d8e7a301c1672179", 0xd4}], 0x1) bpf$MAP_CREATE(0x0, &(0x7f0000000a40)={0xb, 0xfffffffe, 0x3c, 0x8000000, 0x0, r0, 0x806, [], r4, r0, 0x5, 0x2}, 0x3c) syz_open_dev$mice(&(0x7f00000001c0)='/dev/input/mice\x00', 0x0, 0x0) ioctl$UI_DEV_DESTROY(0xffffffffffffffff, 0x5502) ioctl$int_in(r0, 0x800000c0045002, &(0x7f0000000000)=0x79) sync_file_range(r1, 0x1, 0x9, 0x2) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000340)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000300)}}, 0xfffffea9) 03:38:24 executing program 5: syz_open_dev$sndseq(&(0x7f0000000280)='/dev/snd/seq\x00', 0x0, 0x0) r0 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dlm_plock\x00', 0x800, 0x0) r1 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_TOL(r0, &(0x7f00000001c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x80082010}, 0xc, &(0x7f0000000180)={&(0x7f00000002c0)=ANY=[@ANYBLOB="000000006b95cd480a7c7456f239997aa0270e8c73da494b95844ded784714766401f3a185b3438047a7dcfb6946129dccd8f9fd8e7e9f6b6aa00bd0281a8edfdf1d59571e128fae5f44cbee21a1f3dedd69eb9fa21cd8145ee314ac5a97fe27c6ba675189776edc93001000003ce443c213d6064f1e476b885b4950559a7716646f0e78", @ANYRES16=r1, @ANYBLOB="000128bd7000fddbdf25010000000000000007410000004c00180000100075647000"/98], 0x68}}, 0x8000) ioctl$BLKDISCARD(r0, 0x1277, &(0x7f0000000100)=0x48) 03:38:24 executing program 3: r0 = syz_open_procfs(0xffffffffffffffff, 0x0) openat$vcs(0xffffffffffffff9c, 0x0, 0x1, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000000)) r1 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000040)='/dev/btrfs-control\x00', 0x2000, 0x0) ioctl$DRM_IOCTL_AGP_ALLOC(r1, 0xc0206434, &(0x7f0000000140)={0x0, 0x0, 0x10001, 0x9}) ioctl$DRM_IOCTL_AGP_ALLOC(0xffffffffffffffff, 0xc0206434, &(0x7f0000000180)={0x200, 0x0, 0x0, 0x10001}) bind$inet6(0xffffffffffffffff, 0x0, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000419000)={0xa, 0x4e1e, 0x0, @loopback}, 0x1c) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f00000f0000/0x4000)=nil, 0x4000, 0x0, 0x31, 0xffffffffffffffff, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2, 0x5c831, 0xffffffffffffffff, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000cfc000/0x18000)=nil, 0x0, 0xfffffffffffffefd, 0x1, &(0x7f0000000180), 0x10000000000000a2) bpf$MAP_CREATE(0x2, 0x0, 0x0) ioctl$DRM_IOCTL_AGP_UNBIND(r1, 0x40106437, &(0x7f0000000240)={0x0, 0x1}) syz_genetlink_get_family_id$tipc2(&(0x7f0000000100)='TIPCv2\x00') sendmsg$TIPC_NL_PEER_REMOVE(r1, &(0x7f0000000300)={&(0x7f00000000c0), 0xc, &(0x7f0000000280)={&(0x7f0000000400)=ANY=[@ANYBLOB="4400000084e8cf66acee3aa5c556e4bcc07567ab5398dfced19b01823b9bcd9e6f786d9b908de1a5ec5e9766ecbf6e37e3c2f50b747ddbf46a55bd", @ANYRES16=0x0, @ANYBLOB="000827bd7000ffdbdf2514000000300006000400020008000100008000000800010007000000040002000400020008000100070000000800010001000100"], 0x44}, 0x1, 0x0, 0x0, 0x11}, 0x0) sendfile(r0, r0, 0x0, 0x80000001) ioctl$EXT4_IOC_GROUP_ADD(r0, 0x40286608, &(0x7f0000000040)={0xff, 0x2, 0x6, 0xc841, 0x401, 0xf9}) ioctl$DRM_IOCTL_ADD_CTX(r0, 0xc0086420, &(0x7f0000000340)) ioctl$VIDIOC_G_AUDIO(r0, 0x80345621, &(0x7f0000000380)) getsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f0000000580)={{{@in=@empty, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@dev}, 0x0, @in=@broadcast}}, &(0x7f0000000200)=0xe8) syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000080)='./file0\x00', 0x2, 0x1, &(0x7f00000001c0)=[{&(0x7f0000000480)="18b6801d16a1d05807b94c852c6894607edf3103ab8e12ee833a505fef4d9f0ba711cee323040454415280354160ebd56b3af257e8d3a1a3884e37fb5d3cbfa71c196ee2560440f7b3fd54e73ba7b10144c7d50360c8d11a89b31c251a6a365d5472c20eb159447a88cfddde7e116f5165e757d6e832242c120d45da334639d09d3a0271600c310b65f189a30e4bb33cb5634897da7495a0c89619bff77b2a2b7a3284bea4504e50fdddc1c6e00edbf95fc92fa7d94b760bc494caa640a50ed2dfbf87ced4a5215af82008aa32bdb67d0fb0261bc2ea", 0xd6, 0x7ff}], 0x8000, &(0x7f0000000680)=ANY=[@ANYBLOB="6772706a71756f74613d2e2f664713226bef6874b0754059ec876ee1696c65302c6a71666d743d76667376312c626172726965722c726f6f74636f6e746578743d756e636f6e66696e65645f752c73", @ANYRESDEC=r5, @ANYBLOB=',appraise,defcontext=sysadm_u,func=CREDS_CHECK,\x00']) write$P9_RLERROR(r1, &(0x7f00000003c0)={0x10, 0x7, 0x1, {0x7, 'TIPCv2\x00'}}, 0x10) 03:38:24 executing program 4 (fault-call:1 fault-nth:41): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f0000000380)="8da4363ac0ed0000000000000000004d01000000000000000000000000000013fff6f2a2299748aeb81e1b00920efd9a000001000000000001000000000000005f42485266535f4d860c1317278d451fd38e4071a1e91c0523b67fecca5b668ef40000000000000000e4bd9fa7c5fcb3aefd8d4a6c4952162a5a06316567de06abe647d21f253840c118ae9982c6c238e719ccfbd8f5ee215e30bf31f59401e921c6a9fca5349ebf4294d39b5931232929caf81701a7540962141efc672ae1459ef04de89c7a092e7f", 0xc9, 0x10000}], 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) 03:38:24 executing program 1: r0 = syz_open_dev$sndpcmp(&(0x7f0000000100)='/dev/snd/pcmC#D#p\x00', 0xff, 0x52080) openat$cgroup_procs(r0, &(0x7f0000000140)='tasks\x00', 0x2, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") r2 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x8046) write(r2, &(0x7f0000000080)="b63db85e1e8d020000000000003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1acfbd6cbf87798a9b02de7a91a3cbdfa009cf75a7eadb2a00", 0x48) readv(r2, &(0x7f000085dff0)=[{&(0x7f0000000000)=""/62, 0x3e}], 0x1) [ 517.772401] kauditd_printk_skb: 24 callbacks suppressed [ 517.772409] audit: type=1400 audit(2000000304.169:2312): avc: denied { map } for pid=18737 comm="blkid" path="/sbin/blkid" dev="sda1" ino=16128 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=0 03:38:24 executing program 5: ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) migrate_pages(0x0, 0x2a, &(0x7f00000004c0)=0xfffffffffffffffe, &(0x7f0000000000)=0x2) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(0xffffffffffffffff, 0x6, 0x16, &(0x7f0000000100), 0x0) prctl$PR_SET_SPECULATION_CTRL(0x35, 0x0) setsockopt$inet_MCAST_LEAVE_GROUP(0xffffffffffffffff, 0x0, 0x2d, 0x0, 0x0) r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer2\x00', 0x0, 0x0) ioctl$CAPI_GET_PROFILE(r0, 0xc0404309, &(0x7f0000000100)) [ 517.816281] sg_write: data in/out 167162/24 bytes for SCSI command 0xff-- guessing data in; [ 517.816281] program syz-executor.1 not setting count and/or reply_len properly [ 517.854388] FAULT_INJECTION: forcing a failure. [ 517.854388] name failslab, interval 1, probability 0, space 0, times 0 [ 517.868532] CPU: 0 PID: 18745 Comm: syz-executor.4 Not tainted 4.14.134 #30 [ 517.879399] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 517.888878] Call Trace: [ 517.891485] dump_stack+0x138/0x19c [ 517.895127] should_fail.cold+0x10f/0x159 [ 517.899286] should_failslab+0xdb/0x130 [ 517.903270] kmem_cache_alloc+0x2d7/0x780 [ 517.907455] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 517.912949] ? ext4_sync_fs+0x800/0x800 [ 517.917019] ext4_alloc_inode+0x1d/0x610 03:38:24 executing program 3: bind$alg(0xffffffffffffffff, 0x0, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$FIDEDUPERANGE(r0, 0xc0189436, 0x0) lsetxattr$trusted_overlay_nlink(0x0, 0x0, 0x0, 0x0, 0x1) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000081, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = perf_event_open(&(0x7f0000000080)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, @perf_bp={0x0, 0x1}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) readv(r1, 0x0, 0x0) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000003c0)='./cgroup\x00', 0x200002, 0x0) fchdir(r3) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f00000004c0)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) umount2(&(0x7f0000000280)='./file0\x00', 0x0) getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, 0x0, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000080)="c0dc00025e0b01047be070") setsockopt$inet_sctp_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, &(0x7f0000006200)={0x3, 0x0, 0xad6c, 0x2, 0x8000, 0x9fe7, 0x9, 0x7, 0x1, 0x620, 0x83e}, 0xb) write$binfmt_script(r0, &(0x7f00000001c0)=ANY=[@ANYPTR64=&(0x7f00000013c0)=ANY=[@ANYPTR64=&(0x7f0000001240)=ANY=[@ANYPTR64, @ANYPTR64, @ANYRESOCT=r1, @ANYRES32, @ANYRES16=r3, @ANYRESHEX=r1, @ANYRESHEX=r2, @ANYBLOB="5aabbe23768b4d3c7c92497c525d8a4a1a188f6ec59c6c5fbb8fd07fd67bd11ef14b860dc391dda15fe2cad2de19fb5e20ecc594b0240fcda35517785a27f1c982838059088c658a3f744efc6569dd2dc7325b430ca5454c34d566ac756c5eda8683aacf4e34a2606af95176308b01a702822591d80fce97a989cae8587f0975b268e0b3b49423b2d64383eddc64147393567c1f5fceb70bb234ba2c08a98032917d079f1388274b935bbda49b4c74dcfc6c1ae4f5c3cb969a4a896d2aa4e41eaa56f6f528b32cce380cf080392aeb908eca28a607ccb83134786fdd30e2bb1d0162f646b9dd3d0834f5c074077cb8bbd3f5172ab0b1970f794519f2"], @ANYRES64=r3], @ANYRES16=r0, @ANYPTR64=&(0x7f0000000180)=ANY=[@ANYRESOCT=r1], @ANYRESHEX, @ANYRES64=r2, @ANYRESDEC=r1, @ANYRESHEX=r3], 0x52) socket$inet_tcp(0x2, 0x1, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000000140)=[{{0x0, 0x0, &(0x7f0000004700)=[{&(0x7f0000000240)=""/4096, 0xfe66}], 0x1}}], 0x400001f, 0x0, 0x0) [ 517.921258] alloc_inode+0x64/0x180 [ 517.924886] new_inode_pseudo+0x19/0xf0 [ 517.928864] new_inode+0x1f/0x40 [ 517.932237] __ext4_new_inode+0x32c/0x4860 [ 517.936493] ? avc_has_perm+0x2df/0x4b0 [ 517.940476] ? ext4_free_inode+0x1210/0x1210 [ 517.944903] ? dquot_get_next_dqblk+0x160/0x160 [ 517.949594] ext4_mkdir+0x331/0xc20 [ 517.953240] ? ext4_init_dot_dotdot+0x4c0/0x4c0 [ 517.957917] ? security_inode_mkdir+0xd0/0x110 [ 517.962514] vfs_mkdir+0x3ca/0x610 [ 517.966072] SyS_mkdir+0x1b7/0x200 [ 517.969621] ? SyS_mkdirat+0x210/0x210 [ 517.973510] ? do_syscall_64+0x53/0x640 [ 517.977490] ? SyS_mkdirat+0x210/0x210 [ 517.981387] do_syscall_64+0x1e8/0x640 [ 517.985278] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 517.990140] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 517.995422] RIP: 0033:0x458c47 [ 517.998616] RSP: 002b:00007f4eb8ce5a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 518.006368] RAX: ffffffffffffffda RBX: 0000000020000228 RCX: 0000000000458c47 [ 518.013646] RDX: 0000000000000006 RSI: 00000000000001ff RDI: 0000000020000100 03:38:24 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") r1 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x9, 0x40000000808046) openat$vsock(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vsock\x00', 0x80000, 0x0) write(r1, &(0x7f0000000100)="b63db85e1e8d020000000000003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1acfbd6cbf87798a9b02de7a91a3cbdfa009cf75a7eadb2a00", 0x48) readv(r1, &(0x7f000085dff0)=[{&(0x7f0000000000)=""/62, 0x3e}], 0x1) [ 518.013998] audit: type=1400 audit(2000000304.179:2313): avc: denied { create } for pid=18734 comm="syz-executor.5" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=0 [ 518.021044] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 518.021071] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000006 [ 518.021077] R13: 00000000004c88e2 R14: 00000000004df6b0 R15: 0000000000000005 03:38:24 executing program 2: socketpair$unix(0x1, 0x0, 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="2001000010db55000000000000649bdb382db60cdb35feaf0900000000000000000000000000201483d9b22701010000d08a38cd02fa9ed7d2"], 0x1}}, 0x0) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_MRT6_DEL_MFC(r0, 0x29, 0xcd, &(0x7f0000000040)={{0xa, 0x4e22, 0x7, @remote, 0x100}, {0xa, 0x4e20, 0xf23, @dev={0xfe, 0x80, [], 0x28}, 0x93c}, 0x100000000000, [0x2, 0x149a, 0x9, 0x5, 0x7fff, 0x11857eb, 0xffffffffffffffff, 0x7f]}, 0x5c) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x38) ptrace$cont(0x18, r1, 0x0, 0x0) r2 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dlm-monitor\x00', 0x100, 0x0) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, &(0x7f0000000180)=@sack_info={0x0, 0xffff, 0x200}, &(0x7f00000001c0)=0xc) setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r2, 0x84, 0x75, &(0x7f0000000200)={r3, 0x1f}, 0x8) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r1, 0x0, 0x0) 03:38:24 executing program 4 (fault-call:1 fault-nth:42): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f0000000380)="8da4363ac0ed0000000000000000004d01000000000000000000000000000013fff6f2a2299748aeb81e1b00920efd9a000001000000000001000000000000005f42485266535f4d860c1317278d451fd38e4071a1e91c0523b67fecca5b668ef40000000000000000e4bd9fa7c5fcb3aefd8d4a6c4952162a5a06316567de06abe647d21f253840c118ae9982c6c238e719ccfbd8f5ee215e30bf31f59401e921c6a9fca5349ebf4294d39b5931232929caf81701a7540962141efc672ae1459ef04de89c7a092e7f", 0xc9, 0x10000}], 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) 03:38:24 executing program 3: add_key(&(0x7f0000000300)='.request_key_auth\x00', 0x0, 0x0, 0x0, 0xfffffffffffffffe) r0 = memfd_create(&(0x7f0000000100)='\vem1\xc1\xf8\xa6\x8dN\xc0\xa3\\\xe2\xcb\xa2\xba\xe5\xf4\x97\xac#*\xff', 0x0) write(r0, &(0x7f0000000040)="0600", 0x2) write$FUSE_NOTIFY_STORE(r0, &(0x7f00000002c0)=ANY=[@ANYBLOB="40000000000025000400000005007c00000000000000200000000000"], 0x1c) sendfile(r0, r0, &(0x7f0000001000), 0xffff) r1 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f00000006c0)='/selinux/policy\x00', 0x0, 0x0) r2 = syz_genetlink_get_family_id$SEG6(&(0x7f0000000740)='SEG6\x00') sendmsg$SEG6_CMD_SET_TUNSRC(r1, &(0x7f0000000800)={&(0x7f0000000700)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f00000007c0)={&(0x7f0000000780)={0x30, r2, 0x400, 0x70bd28, 0x25dfdbfc, {}, [@SEG6_ATTR_SECRETLEN={0x8}, @SEG6_ATTR_SECRETLEN={0x8}, @SEG6_ATTR_SECRET={0xc, 0x4, [0x6, 0xfffffffffffffffc]}]}, 0x30}, 0x1, 0x0, 0x0, 0x800}, 0x0) timerfd_gettime(0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x7000)=nil, 0x7000, 0x80000000004, 0x11, r0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f000001a000)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$SO_ATTACH_FILTER(r3, 0x1, 0x1a, &(0x7f000002eff0)={0x32b, &(0x7f0000000000)=[{}]}, 0x10) [ 518.199561] FAULT_INJECTION: forcing a failure. [ 518.199561] name failslab, interval 1, probability 0, space 0, times 0 [ 518.223693] CPU: 0 PID: 18772 Comm: syz-executor.4 Not tainted 4.14.134 #30 [ 518.230955] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 518.240341] Call Trace: [ 518.242929] dump_stack+0x138/0x19c 03:38:24 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") r1 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x8046) write(r1, &(0x7f0000000100)="b63db85e1e8d020000000000003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1acfbd6cbf87798a9b02de7a91a3cbdfa009cf75a7eadb2a00", 0x48) r2 = openat$full(0xffffffffffffff9c, &(0x7f0000000380)='/dev/full\x00', 0x32000, 0x0) write$RDMA_USER_CM_CMD_GET_EVENT(r2, &(0x7f0000000540)={0xc, 0x8, 0xfa00, {&(0x7f00000003c0)}}, 0x10) readv(r1, &(0x7f000085dff0)=[{&(0x7f0000000000)=""/62, 0x3e}], 0x1) r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000080)='cgroup.stat\x00', 0x0, 0x0) getsockopt$inet_sctp_SCTP_PEER_AUTH_CHUNKS(r3, 0x84, 0x1a, &(0x7f0000000180)={0x0, 0xad, "7ebb40e968a2b78e7604aabafb595cb3c51fa9efbcba04837ee4a8f3af03de48f462221b64796b086f7f2a0d5d837b71ef245e173df38eb2b8d54da63f78f078aafb0351efc0294ceb7db67a0fe0603aebdc30bca7b3892f032aed7f28e177ac3fffc38555b984a069ac8c002973f668544c4fa5392ecd6ccd1a363dfd211de37daac12924bf7e48defd5d7fe928b98c7265535107b92b484adad98c3abea3cdb3c61b0bbca1437994a2873d7e"}, &(0x7f0000000240)=0xb5) setsockopt$IP_VS_SO_SET_ADD(r0, 0x0, 0x482, &(0x7f0000000340)={0x33, @multicast1, 0x4e22, 0x2, 'sed\x00', 0x1c, 0x5, 0x22}, 0x2c) setsockopt$inet_sctp_SCTP_PEER_ADDR_THLDS(r3, 0x84, 0x1f, &(0x7f0000000280)={r4, @in={{0x2, 0x4e20, @multicast2}}, 0x9, 0x80000000}, 0x90) bind$rose(r3, &(0x7f0000000580)=@short={0xb, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, 0x1, @default}, 0x1c) openat$cgroup_ro(r3, &(0x7f00000000c0)='cgroup.stat\x00', 0x0, 0x0) [ 518.246565] should_fail.cold+0x10f/0x159 [ 518.246584] should_failslab+0xdb/0x130 [ 518.246598] kmem_cache_alloc+0x2d7/0x780 [ 518.258838] ? __debug_object_init+0x171/0x8e0 [ 518.263428] ? ext4_alloc_inode+0x1d/0x610 [ 518.267674] selinux_inode_alloc_security+0xb6/0x2a0 [ 518.272784] security_inode_alloc+0x94/0xd0 [ 518.277150] inode_init_always+0x552/0xaf0 [ 518.281389] alloc_inode+0x81/0x180 [ 518.285018] new_inode_pseudo+0x19/0xf0 [ 518.288989] new_inode+0x1f/0x40 [ 518.289000] __ext4_new_inode+0x32c/0x4860 [ 518.289024] ? avc_has_perm+0x2df/0x4b0 [ 518.289035] ? ext4_free_inode+0x1210/0x1210 [ 518.289056] ? dquot_get_next_dqblk+0x160/0x160 [ 518.299708] sg_write: data in/out 167162/24 bytes for SCSI command 0xff-- guessing data in; [ 518.299708] program syz-executor.1 not setting count and/or reply_len properly [ 518.300614] ext4_mkdir+0x331/0xc20 [ 518.300634] ? ext4_init_dot_dotdot+0x4c0/0x4c0 [ 518.300648] ? security_inode_mkdir+0xd0/0x110 [ 518.300661] vfs_mkdir+0x3ca/0x610 [ 518.300673] SyS_mkdir+0x1b7/0x200 [ 518.300685] ? SyS_mkdirat+0x210/0x210 [ 518.300696] ? do_syscall_64+0x53/0x640 [ 518.300706] ? SyS_mkdirat+0x210/0x210 [ 518.300717] do_syscall_64+0x1e8/0x640 [ 518.300726] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 518.300744] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 518.300752] RIP: 0033:0x458c47 [ 518.300758] RSP: 002b:00007f4eb8d06a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 518.300767] RAX: ffffffffffffffda RBX: 0000000020000228 RCX: 0000000000458c47 [ 518.300772] RDX: 0000000000000006 RSI: 00000000000001ff RDI: 0000000020000100 03:38:24 executing program 2: socketpair$unix(0x1, 0x0, 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=ANY=[@ANYBLOB="2001000010db55000000000000649bdb382db60cdb35feaf090000000000000000000000002991b5a131671b3d010000d08a38cd0208c7bde6f37979b15aeb6dc0befa9ed7d205951982db955414df767ea087c89e0e19e6c880e7c19e9d7c9ac494dbe92eb1867a93fa9d66761d7152594cea850e9c0dfc3df6b19fa3f8a55ccf9b8e296ee404a98b7dcda6dec30267dbb580a18c010aa1cc5d7790359b8b0f43817b58dd4abfe63a8bc48657f41be3879bec98402d737b2adbddf476"], 0x1}}, 0x0) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x38) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r0, 0x0, 0x0) 03:38:24 executing program 0: r0 = socket$vsock_dgram(0x28, 0x2, 0x0) bind$isdn(r0, 0x0, 0x0) r1 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000000)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_DECODER_CMD(r1, 0xc0485660, &(0x7f0000000040)={0x4, 0x1, @stop_pts=0x7f}) [ 518.300777] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 518.300782] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000006 [ 518.300795] R13: 00000000004c88e2 R14: 00000000004df6b0 R15: 0000000000000005 03:38:24 executing program 3: r0 = openat$audio(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/audio\x00', 0x0, 0x0) write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000400)={'syz1\x00'}, 0x45c) ioctl$UI_SET_EVBIT(0xffffffffffffffff, 0x40045564, 0x0) ioctl$UI_SET_RELBIT(r0, 0x40045566, 0x0) ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, 0x0) getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) io_submit(0x0, 0x0, 0x0) syz_mount_image$xfs(&(0x7f0000000140)='xfs\x00', &(0x7f0000000000)='./file0\x00', 0xffffffff, 0x1, &(0x7f00000000c0)=[{&(0x7f0000000040)="5846534200001000000000000000100000000000000000000000000000000000984f0b5042b64b06bc86cba3e6cc3f80020000000000000000000000000000800000f9ffffffff8000000000000000821c000001000010000000000100000000000006c034a40200010000100700000000000000000000000c090804", 0x7c}], 0x0, 0x0) [ 518.453046] IPVS: set_ctl: invalid protocol: 51 224.0.0.1:20002 [ 518.480140] protocol 88fb is buggy, dev hsr_slave_0 [ 518.480491] protocol 88fb is buggy, dev hsr_slave_0 03:38:24 executing program 0: r0 = socket$vsock_dgram(0x28, 0x2, 0x0) bind$isdn(r0, 0x0, 0x0) r1 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000000)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_DECODER_CMD(r1, 0xc0485660, &(0x7f0000000040)={0x4, 0x1, @stop_pts=0x7f}) [ 518.540947] audit: type=1400 audit(2000000304.189:2314): avc: denied { create } for pid=18734 comm="syz-executor.5" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=0 03:38:25 executing program 4 (fault-call:1 fault-nth:43): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f0000000380)="8da4363ac0ed0000000000000000004d01000000000000000000000000000013fff6f2a2299748aeb81e1b00920efd9a000001000000000001000000000000005f42485266535f4d860c1317278d451fd38e4071a1e91c0523b67fecca5b668ef40000000000000000e4bd9fa7c5fcb3aefd8d4a6c4952162a5a06316567de06abe647d21f253840c118ae9982c6c238e719ccfbd8f5ee215e30bf31f59401e921c6a9fca5349ebf4294d39b5931232929caf81701a7540962141efc672ae1459ef04de89c7a092e7f", 0xc9, 0x10000}], 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) [ 518.684037] audit: type=1400 audit(2000000304.199:2315): avc: denied { map } for pid=18735 comm="syz-executor.3" path=2F616E6F6E5F6875676570616765202864656C6574656429 dev="hugetlbfs" ino=66013 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:hugetlbfs_t:s0 tclass=file permissive=0 [ 518.686727] FAULT_INJECTION: forcing a failure. [ 518.686727] name failslab, interval 1, probability 0, space 0, times 0 [ 518.736393] CPU: 0 PID: 18806 Comm: syz-executor.4 Not tainted 4.14.134 #30 [ 518.743533] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 518.752914] Call Trace: [ 518.755541] dump_stack+0x138/0x19c [ 518.756125] audit: type=1400 audit(2000000304.229:2316): avc: denied { create } for pid=18735 comm="syz-executor.3" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=0 [ 518.759176] should_fail.cold+0x10f/0x159 [ 518.759193] should_failslab+0xdb/0x130 [ 518.759206] __kmalloc+0x2f0/0x7a0 [ 518.759222] ? ext4_find_extent+0x709/0x960 [ 518.788509] audit: type=1400 audit(2000000304.289:2317): avc: denied { map } for pid=18735 comm="syz-executor.3" path=2F616E6F6E5F6875676570616765202864656C6574656429 dev="hugetlbfs" ino=65266 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:hugetlbfs_t:s0 tclass=file permissive=0 [ 518.791539] ext4_find_extent+0x709/0x960 [ 518.791554] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 518.791566] ext4_ext_map_blocks+0x1a3/0x4fa0 [ 518.791579] ? save_trace+0x290/0x290 [ 518.791594] ? ext4_find_delalloc_cluster+0xb0/0xb0 [ 518.791602] ? __lock_is_held+0xb6/0x140 [ 518.791618] ? lock_acquire+0x16f/0x430 [ 518.791628] ? ext4_map_blocks+0x354/0x16e0 [ 518.791646] ext4_map_blocks+0xc8a/0x16e0 [ 518.797643] audit: type=1400 audit(2000000304.289:2318): avc: denied { create } for pid=18735 comm="syz-executor.3" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=0 [ 518.799490] ? __lock_is_held+0xb6/0x140 [ 518.799504] ? check_preemption_disabled+0x3c/0x250 [ 518.799519] ? ext4_issue_zeroout+0x160/0x160 [ 518.835336] audit: type=1400 audit(2000000304.339:2319): avc: denied { map } for pid=18749 comm="blkid" path="/sbin/blkid" dev="sda1" ino=16128 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=0 [ 518.837967] ? __brelse+0x50/0x60 [ 518.837987] ext4_getblk+0xac/0x450 [ 518.837999] ? ext4_iomap_begin+0x8a0/0x8a0 [ 518.838010] ? ext4_free_inode+0x1210/0x1210 [ 518.838025] ext4_bread+0x6e/0x1a0 [ 518.844366] audit: type=1400 audit(2000000304.539:2320): avc: denied { map } for pid=18766 comm="blkid" path="/sbin/blkid" dev="sda1" ino=16128 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=0 [ 518.847658] ? ext4_getblk+0x450/0x450 [ 518.847677] ext4_append+0x14b/0x360 [ 518.847690] ext4_mkdir+0x531/0xc20 [ 518.847705] ? ext4_init_dot_dotdot+0x4c0/0x4c0 [ 518.856452] audit: type=1400 audit(2000000304.549:2321): avc: denied { map } for pid=18761 comm="blkid" path="/sbin/blkid" dev="sda1" ino=16128 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=0 [ 518.856819] ? security_inode_mkdir+0xd0/0x110 [ 519.014846] vfs_mkdir+0x3ca/0x610 [ 519.018389] SyS_mkdir+0x1b7/0x200 [ 519.021925] ? SyS_mkdirat+0x210/0x210 [ 519.025805] ? do_syscall_64+0x53/0x640 [ 519.029763] ? SyS_mkdirat+0x210/0x210 [ 519.033645] do_syscall_64+0x1e8/0x640 [ 519.037542] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 519.042379] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 519.047571] RIP: 0033:0x458c47 [ 519.050927] RSP: 002b:00007f4eb8d06a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 519.058633] RAX: ffffffffffffffda RBX: 0000000020000228 RCX: 0000000000458c47 [ 519.065910] RDX: 0000000000000006 RSI: 00000000000001ff RDI: 0000000020000100 [ 519.073178] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a 03:38:25 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) rt_sigtimedwait(&(0x7f0000000000)={0x7}, &(0x7f0000000040), &(0x7f00000002c0), 0x8) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_SET_FPU(r3, 0x41a0ae8d, &(0x7f0000000100)={[], 0x3ff, 0x3, 0x8, 0x0, 0x4e, 0x2000, 0x6000, [], 0x8001}) 03:38:25 executing program 0: r0 = openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000300)='/dev/dlm-control\x00', 0x1ffe, 0x0) ioctl$KVM_PPC_GET_PVINFO(r0, 0x4080aea1, &(0x7f0000000180)=""/159) getsockopt$llc_int(r0, 0x10c, 0x6, &(0x7f0000000000), &(0x7f0000000040)=0x4) syncfs(r0) ioctl$VT_ACTIVATE(r0, 0x5606, 0x5) mount(&(0x7f00000000c0)=ANY=[@ANYBLOB="7563caffff00785e85b62fc3c01fe50180521e8f4995c6b2e062b74951162c41b73c4331a086f34ec8e9c47dcf9177aedf0331bba75835df72b4c66e24265505d22559a514d2ac4d7db9ad08bbce2498ea4143c02016e675520a98622d9d18854d4f7f4d8284b15e64c6593c4bc9a31ec8c74e5cd65ee84074a5e769b8ad204d47dc6b370e777384d39a47beff7085d11a75da6b3e38d2028f68a1251712815d87df73f301b4cecb7fc9ef3e6d2e829fbeb54c9eb58cc6"], &(0x7f0000000380)='.', &(0x7f0000fdb000)='ubifs\x00', 0x0, 0x0) set_thread_area(&(0x7f0000000080)={0x401, 0x20000800, 0xffffffffffffffff, 0x2, 0x9, 0x40, 0x5, 0x6, 0xffffffffffffce66, 0x9}) 03:38:25 executing program 3: r0 = socket$kcm(0xa, 0x802, 0x88) sendmsg$kcm(r0, &(0x7f0000000240)={&(0x7f0000000080)=@in6={0xa, 0x4e24, 0x0, @mcast2, 0x9}, 0x80, 0x0, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="3800000000000000290000000400000078040401000000c0073510fbff0000b408000000fab7711721190000c89e19bd8f5f9e3272200020"], 0x38}, 0x8000) acct(0x0) r1 = add_key(&(0x7f0000000180)='.dead\x00', &(0x7f00000001c0)={'syz', 0x0}, &(0x7f00000002c0)="8eab135d67dbde90a074d683a8306efcbcc49d62986a27586b445589926b772f8c9babecf74116465e69d8286c2725945f619658741de528f8c724a294363caae411a3864c767973bbc4f79a800f5873f64712201d1d", 0x56, 0xfffffffffffffffd) keyctl$invalidate(0x15, r1) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2(0x0, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={&(0x7f0000000100)=@nl=@unspec, 0x80, &(0x7f0000000040)=[{&(0x7f0000000280), 0xe803}], 0x1}, 0x0) [ 519.075005] sg_write: data in/out 167162/24 bytes for SCSI command 0xff-- guessing data in; [ 519.075005] program syz-executor.1 not setting count and/or reply_len properly [ 519.080451] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000006 [ 519.080458] R13: 00000000004c88e2 R14: 00000000004df6b0 R15: 0000000000000005 03:38:25 executing program 5: r0 = syz_open_dev$usb(&(0x7f0000000040)='/dev/bus/usb/00#/00#\x00', 0x40000fffffd, 0x200000000000042) ioctl$RFKILL_IOCTL_NOINPUT(r0, 0x5201) ioctl$FS_IOC_FSGETXATTR(r0, 0xc00c5512, &(0x7f0000000080)={0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x7ff0bdbe}) 03:38:25 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") r1 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x8046) r2 = syz_open_dev$adsp(&(0x7f0000000080)='/dev/adsp#\x00', 0x0, 0x202) ioctl$IOC_PR_RELEASE(r2, 0x401070ca, &(0x7f00000000c0)={0x1f22}) readv(r1, &(0x7f000085dff0)=[{&(0x7f0000000000)=""/62, 0x3e}], 0x1) [ 519.128239] IPVS: set_ctl: invalid protocol: 51 224.0.0.1:20002 03:38:25 executing program 0: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$unix(0x1, 0x1000000805, 0x0) r3 = socket$unix(0x1, 0x1000000005, 0x0) bind$unix(r3, &(0x7f0000003000)=@abs={0x1}, 0x8) listen(r3, 0x100000080000005) connect(r2, &(0x7f0000985ff8)=@un=@abs={0x1}, 0x8) r4 = dup2(r2, r3) ppoll(&(0x7f0000000000)=[{r4}, {r0}, {}], 0x3, 0x0, 0x0, 0x0) [ 519.183854] UBIFS error (pid: 18819): cannot open "ucÊÿÿ", error -22 [ 519.197332] UBIFS error (pid: 18819): cannot open "ucÊÿÿ", error -22 03:38:25 executing program 3: r0 = socket$kcm(0xa, 0x802, 0x88) sendmsg$kcm(r0, &(0x7f0000000240)={&(0x7f0000000080)=@in6={0xa, 0x4e24, 0x0, @mcast2, 0x9}, 0x80, 0x0, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="3800000000000000290000000400000078040401000000c0073510fbff0000b408000000fab7711721190000c89e19bd8f5f9e3272200020"], 0x38}, 0x8000) acct(0x0) r1 = add_key(&(0x7f0000000180)='.dead\x00', &(0x7f00000001c0)={'syz', 0x0}, &(0x7f00000002c0)="8eab135d67dbde90a074d683a8306efcbcc49d62986a27586b445589926b772f8c9babecf74116465e69d8286c2725945f619658741de528f8c724a294363caae411a3864c767973bbc4f79a800f5873f64712201d1d", 0x56, 0xfffffffffffffffd) keyctl$invalidate(0x15, r1) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2(0x0, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={&(0x7f0000000100)=@nl=@unspec, 0x80, &(0x7f0000000040)=[{&(0x7f0000000280), 0xe803}], 0x1}, 0x0) 03:38:27 executing program 2: socketpair$unix(0x1, 0x0, 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="2001000010db55000000000000649bdb382db60cdb35feaf0900000000000000000000000000201483d9b22701010000d08a38cd02fa9ed7d2"], 0x1}}, 0x0) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) r1 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000040)='/dev/mixer\x00', 0x800, 0x0) setsockopt$bt_l2cap_L2CAP_OPTIONS(r1, 0x6, 0x1, &(0x7f0000000080)={0x7fff, 0x6, 0xffffffffffff0441, 0xffffffffffffffc1, 0x5, 0x7, 0x1f}, 0xc) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x38) mmap(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x8011, r1, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) wait4(r0, &(0x7f0000000100), 0x4, &(0x7f0000000180)) ptrace$cont(0x9, r0, 0x0, 0x0) 03:38:27 executing program 5: r0 = openat$cgroup_procs(0xffffffffffffffff, &(0x7f00000000c0)='cgroup.procs\x00', 0x2, 0x0) r1 = accept4$netrom(0xffffffffffffffff, 0x0, &(0x7f0000000100), 0x800) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x4, 0x4008110, r1, 0x0) r2 = userfaultfd(0x0) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000000fe8)) r3 = epoll_create1(0x0) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1}) r4 = socket$inet_tcp(0x2, 0x1, 0x0) r5 = dup(r4) getsockopt$inet6_tcp_int(r5, 0x6, 0xb, 0x0, &(0x7f0000012ffc)=0x80fb268a) ioctl$sock_SIOCDELDLCI(r5, 0x8981, &(0x7f0000000080)={'team_slave_1\x00', 0x7f}) mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0) ioctl$KDGKBMODE(r5, 0x4b44, &(0x7f0000000040)) ioctl$TIOCPKT(r5, 0x5420, &(0x7f0000000180)=0x1) dup3(r3, r2, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000140)=[@in6={0xa, 0x4e24, 0x0, @dev={0xfe, 0x80, [], 0xd}, 0xffff}], 0x1c) 03:38:27 executing program 4 (fault-call:1 fault-nth:44): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f0000000380)="8da4363ac0ed0000000000000000004d01000000000000000000000000000013fff6f2a2299748aeb81e1b00920efd9a000001000000000001000000000000005f42485266535f4d860c1317278d451fd38e4071a1e91c0523b67fecca5b668ef40000000000000000e4bd9fa7c5fcb3aefd8d4a6c4952162a5a06316567de06abe647d21f253840c118ae9982c6c238e719ccfbd8f5ee215e30bf31f59401e921c6a9fca5349ebf4294d39b5931232929caf81701a7540962141efc672ae1459ef04de89c7a092e7f", 0xc9, 0x10000}], 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) 03:38:27 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000600)) r1 = syz_open_pts(r0, 0x0) ioctl$TCSETSW(r1, 0x5403, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x1ff}) r2 = syz_open_dev$adsp(&(0x7f0000000080)='/dev/adsp#\x00', 0x1, 0x0) accept$unix(r2, &(0x7f0000000100)=@abs, &(0x7f0000000180)=0x6e) ioctl$KVM_SET_IDENTITY_MAP_ADDR(r2, 0x4008ae48, &(0x7f00000000c0)) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000040)={0xfff}) 03:38:27 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0x9, 0x8, 0x209e20, 0x8000000001}, 0x2c) bpf$MAP_CREATE(0x2, &(0x7f0000003000)={0x3, 0x0, 0x77fffb, 0x0, 0x820000, 0x0}, 0x2c) r1 = openat$audio(0xffffffffffffff9c, &(0x7f0000000080)='/dev/audio\x00', 0x301600, 0x0) getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, &(0x7f0000000540)={{{@in, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6}, 0x0, @in6=@mcast1}}, &(0x7f0000000640)=0xe8) bind$bt_hci(r1, &(0x7f0000000680)={0x1f, r2, 0x1}, 0xc) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f00000000c0)={r0, &(0x7f0000000080), &(0x7f00000001c0)=""/222}, 0x10) 03:38:27 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") r1 = dup3(r0, r0, 0x80000) ioctl$SIOCAX25OPTRT(r1, 0x89e7, &(0x7f00000000c0)={@bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, 0x2, 0x64}) r2 = syz_open_dev$sg(&(0x7f0000000080)='/dev/sg#\x00', 0x0, 0x8046) write(r2, &(0x7f0000000100)="b63db85e1e8d020000000000003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1acfbd6cbf87798a9b02de7a91a3cbdfa009cf75a7eadb2a00", 0x48) getsockopt$inet_sctp6_SCTP_MAX_BURST(r1, 0x84, 0x14, &(0x7f0000000240)=@assoc_value, &(0x7f0000000280)=0x8) readv(r2, &(0x7f000085dff0)=[{&(0x7f0000000000)=""/62, 0x3e}], 0x1) r3 = fcntl$dupfd(r0, 0x0, r0) setsockopt$inet_tcp_buf(r3, 0x6, 0xe, &(0x7f0000000180)="5b6f393b8dbfe5d5416755cf66181d2fb7a86d9d97d94226c78b2c4d0b800ed8221a8bb2756adaf55f3e1103266d83afad211b3f45660349f2c750bdc8e1f14dd6bc0dd72b9760e99a6ac0b02b59f387cbce768551b51939298d78f63f84ac6b71432887e2e2443be2ecb926e389cc680f822a6185c6ab695deeb7824f5524e6ea67f71caef0a7cf20ede4885afdf0339b281c5310df0fb9d5", 0x99) [ 521.485111] FAULT_INJECTION: forcing a failure. [ 521.485111] name failslab, interval 1, probability 0, space 0, times 0 [ 521.497891] sg_write: data in/out 167162/24 bytes for SCSI command 0xff-- guessing data in; [ 521.497891] program syz-executor.1 not setting count and/or reply_len properly [ 521.527166] CPU: 1 PID: 18845 Comm: syz-executor.4 Not tainted 4.14.134 #30 [ 521.534313] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 521.543693] Call Trace: [ 521.545824] sg_write: data in/out 167162/24 bytes for SCSI command 0xff-- guessing data in; [ 521.545824] program syz-executor.1 not setting count and/or reply_len properly [ 521.546299] dump_stack+0x138/0x19c [ 521.565910] should_fail.cold+0x10f/0x159 [ 521.570078] should_failslab+0xdb/0x130 [ 521.574189] __kmalloc+0x2f0/0x7a0 [ 521.577749] ? ext4_find_extent+0x709/0x960 [ 521.582092] ext4_find_extent+0x709/0x960 [ 521.586263] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 521.591734] ext4_ext_map_blocks+0x1a3/0x4fa0 [ 521.596242] ? save_trace+0x290/0x290 [ 521.600061] ? ext4_find_delalloc_cluster+0xb0/0xb0 [ 521.605088] ? __lock_is_held+0xb6/0x140 [ 521.605107] ? lock_acquire+0x16f/0x430 [ 521.605121] ? ext4_map_blocks+0x354/0x16e0 [ 521.613159] ext4_map_blocks+0xc8a/0x16e0 [ 521.613171] ? __lock_is_held+0xb6/0x140 [ 521.613181] ? check_preemption_disabled+0x3c/0x250 [ 521.613193] ? ext4_issue_zeroout+0x160/0x160 03:38:28 executing program 0: r0 = semget$private(0x0, 0x7, 0x0) semtimedop(r0, &(0x7f0000000140)=[{0x0, 0xfffffffffffffff9}], 0x1, 0x0) semtimedop(r0, &(0x7f0000000000)=[{0x0, 0xfffffffffffffffa}, {}], 0x2, &(0x7f0000000100)={0x0, 0x989680}) pipe2$9p(&(0x7f0000000040), 0x800) [ 521.613205] ? __brelse+0x50/0x60 [ 521.613220] ext4_getblk+0xac/0x450 [ 521.613232] ? ext4_iomap_begin+0x8a0/0x8a0 [ 521.647015] ? ext4_free_inode+0x1210/0x1210 [ 521.651433] ext4_bread+0x6e/0x1a0 [ 521.654985] ? ext4_getblk+0x450/0x450 [ 521.658872] ext4_append+0x14b/0x360 [ 521.662610] ext4_mkdir+0x531/0xc20 [ 521.666262] ? ext4_init_dot_dotdot+0x4c0/0x4c0 [ 521.671827] ? security_inode_mkdir+0xd0/0x110 [ 521.676434] vfs_mkdir+0x3ca/0x610 [ 521.679978] SyS_mkdir+0x1b7/0x200 [ 521.683515] ? SyS_mkdirat+0x210/0x210 [ 521.687391] ? do_syscall_64+0x53/0x640 [ 521.691353] ? SyS_mkdirat+0x210/0x210 [ 521.695229] do_syscall_64+0x1e8/0x640 [ 521.699138] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 521.704088] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 521.709399] RIP: 0033:0x458c47 [ 521.712580] RSP: 002b:00007f4eb8d06a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 521.720309] RAX: ffffffffffffffda RBX: 0000000020000228 RCX: 0000000000458c47 [ 521.727586] RDX: 0000000000000006 RSI: 00000000000001ff RDI: 0000000020000100 03:38:28 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f0000000280)={0x5, 0x7fffffff, 0x2, 0x0, 0x0, [{r0, 0x0, 0xe363}, {r0, 0x0, 0x9}]}) r1 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x8046) r2 = syz_open_dev$dspn(&(0x7f0000000080)='/dev/dsp#\x00', 0x5, 0x100) setsockopt$inet_sctp_SCTP_AUTH_CHUNK(r2, 0x84, 0x15, &(0x7f00000000c0)={0x9}, 0x1) ioctl$EVIOCGBITKEY(r2, 0x80404521, &(0x7f0000000180)=""/201) write(r1, &(0x7f0000000100)="b63db85e1e8d020000000000003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1acfbd6cbf87798a9b02de7a91a3cbdfa009cf75a7eadb2a00", 0x48) readv(r1, &(0x7f000085dff0)=[{&(0x7f0000000000)=""/62, 0x3e}], 0x1) [ 521.734849] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 521.742111] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000006 [ 521.749363] R13: 00000000004c88e2 R14: 00000000004df6b0 R15: 0000000000000005 03:38:28 executing program 3: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$inet(0x2, 0x100000000805, 0x0) r2 = socket$inet6(0xa, 0x7, 0x7fffffff) getsockopt$inet_sctp6_SCTP_GET_ASSOC_NUMBER(r2, 0x84, 0x1c, &(0x7f0000000000), &(0x7f0000000040)=0x4) getsockopt$inet_sctp_SCTP_AUTO_ASCONF(r1, 0x84, 0x22, &(0x7f0000745ffc), &(0x7f0000b96000)=0x35b) 03:38:28 executing program 3: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$hfs(&(0x7f0000000180)='hfs\x00', &(0x7f00000001c0)='\xe9\x1fq\x89Y\x1e\x923aK\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540)={[{@creator={'creator', 0x3d, "9e2c1b74"}}]}) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000000), &(0x7f0000000040)=0xc) 03:38:28 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000108912, &(0x7f0000000280)="11dca50d5e0bcfe47bf070490ed1fd984c66772f2ce4ead6c079fce0562a2b6336511e6a32e52b2a697390bc8c6746075a5d7784b897895c90d215fd7aff2db6983a439f88f2165a4771f5a001aed12bf08c06843f622d639c792c8c36dad3223bcb743b5e53e52701bc6a496a61e0882de0") r1 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x8046) write(r1, &(0x7f0000000100)="b63db85e1e8d020000000000003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1acfbd6cbf87798a9b02de7a91a3cbdfa009cf75a7eadb2a00", 0x48) readv(r1, &(0x7f000085dff0)=[{&(0x7f0000000000)=""/62, 0x3e}], 0x3af) r2 = fcntl$dupfd(r1, 0x0, r0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x18, 0xfa00, {0x3, &(0x7f00000000c0)={0xffffffffffffffff}, 0x0, 0x6}}, 0x20) write$RDMA_USER_CM_CMD_JOIN_MCAST(r2, &(0x7f00000001c0)={0x16, 0x98, 0xfa00, {&(0x7f0000000080), 0x4, r3, 0x30, 0x1, @ib={0x1b, 0x2b90, 0x3, {"f5387660e395eca79fd8cf26d0c63577"}, 0x67, 0x6ab3}}}, 0xa0) [ 521.780120] sg_write: data in/out 167162/24 bytes for SCSI command 0xff-- guessing data in; [ 521.780120] program syz-executor.1 not setting count and/or reply_len properly [ 521.802933] sg_write: data in/out 167162/24 bytes for SCSI command 0xff-- guessing data in; [ 521.802933] program syz-executor.1 not setting count and/or reply_len properly 03:38:28 executing program 4 (fault-call:1 fault-nth:45): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f0000000380)="8da4363ac0ed0000000000000000004d01000000000000000000000000000013fff6f2a2299748aeb81e1b00920efd9a000001000000000001000000000000005f42485266535f4d860c1317278d451fd38e4071a1e91c0523b67fecca5b668ef40000000000000000e4bd9fa7c5fcb3aefd8d4a6c4952162a5a06316567de06abe647d21f253840c118ae9982c6c238e719ccfbd8f5ee215e30bf31f59401e921c6a9fca5349ebf4294d39b5931232929caf81701a7540962141efc672ae1459ef04de89c7a092e7f", 0xc9, 0x10000}], 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) [ 521.852672] sg_write: data in/out 167162/24 bytes for SCSI command 0xff-- guessing data in; [ 521.852672] program syz-executor.1 not setting count and/or reply_len properly [ 521.886606] sg_write: data in/out 167162/24 bytes for SCSI command 0xff-- guessing data in; [ 521.886606] program syz-executor.1 not setting count and/or reply_len properly [ 521.915427] FAULT_INJECTION: forcing a failure. [ 521.915427] name failslab, interval 1, probability 0, space 0, times 0 [ 521.927106] CPU: 0 PID: 18886 Comm: syz-executor.4 Not tainted 4.14.134 #30 [ 521.934216] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 521.943570] Call Trace: [ 521.946168] dump_stack+0x138/0x19c [ 521.949838] should_fail.cold+0x10f/0x159 [ 521.953997] ? __es_tree_search.isra.0+0x15f/0x1c0 [ 521.958936] should_failslab+0xdb/0x130 [ 521.963010] kmem_cache_alloc+0x47/0x780 [ 521.967077] __es_insert_extent+0x26c/0xe60 [ 521.967096] ext4_es_insert_extent+0x1f0/0x590 [ 521.967108] ? check_preemption_disabled+0x3c/0x250 [ 521.967122] ? ext4_es_find_delayed_extent_range+0x960/0x960 [ 521.986921] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 521.992374] ? ext4_es_find_delayed_extent_range+0x31d/0x960 [ 521.998167] ext4_ext_put_gap_in_cache+0xcb/0x110 [ 522.003008] ? ext4_zeroout_es+0x170/0x170 [ 522.007272] ? ext4_find_extent+0x64c/0x960 [ 522.011598] ext4_ext_map_blocks+0x1d4b/0x4fa0 [ 522.016180] ? save_trace+0x290/0x290 [ 522.020223] ? ext4_find_delalloc_cluster+0xb0/0xb0 [ 522.031341] ? __lock_is_held+0xb6/0x140 [ 522.035410] ? lock_acquire+0x16f/0x430 [ 522.039370] ? ext4_map_blocks+0x354/0x16e0 [ 522.043721] ext4_map_blocks+0xc8a/0x16e0 [ 522.047867] ? __lock_is_held+0xb6/0x140 [ 522.051911] ? check_preemption_disabled+0x3c/0x250 [ 522.056915] ? ext4_issue_zeroout+0x160/0x160 [ 522.061414] ? __brelse+0x50/0x60 [ 522.064882] ext4_getblk+0xac/0x450 [ 522.068512] ? ext4_iomap_begin+0x8a0/0x8a0 [ 522.072842] ? ext4_free_inode+0x1210/0x1210 [ 522.077250] ext4_bread+0x6e/0x1a0 [ 522.080803] ? ext4_getblk+0x450/0x450 [ 522.084687] ext4_append+0x14b/0x360 [ 522.088404] ext4_mkdir+0x531/0xc20 [ 522.092029] ? ext4_init_dot_dotdot+0x4c0/0x4c0 [ 522.096684] ? security_inode_mkdir+0xd0/0x110 [ 522.101285] vfs_mkdir+0x3ca/0x610 [ 522.104820] SyS_mkdir+0x1b7/0x200 [ 522.108361] ? SyS_mkdirat+0x210/0x210 [ 522.112232] ? do_syscall_64+0x53/0x640 [ 522.116190] ? SyS_mkdirat+0x210/0x210 [ 522.120067] do_syscall_64+0x1e8/0x640 [ 522.123950] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 522.128789] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 522.133974] RIP: 0033:0x458c47 [ 522.137149] RSP: 002b:00007f4eb8d06a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 522.144872] RAX: ffffffffffffffda RBX: 0000000020000228 RCX: 0000000000458c47 [ 522.152158] RDX: 0000000000000006 RSI: 00000000000001ff RDI: 0000000020000100 [ 522.159414] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 522.166669] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000006 [ 522.173958] R13: 00000000004c88e2 R14: 00000000004df6b0 R15: 0000000000000005 [ 522.640122] net_ratelimit: 16 callbacks suppressed [ 522.640127] protocol 88fb is buggy, dev hsr_slave_0 [ 522.640175] protocol 88fb is buggy, dev hsr_slave_1 [ 522.645178] protocol 88fb is buggy, dev hsr_slave_1 [ 522.660281] protocol 88fb is buggy, dev hsr_slave_0 [ 522.665327] protocol 88fb is buggy, dev hsr_slave_1 [ 522.880146] protocol 88fb is buggy, dev hsr_slave_1 [ 523.200142] protocol 88fb is buggy, dev hsr_slave_0 [ 523.205292] protocol 88fb is buggy, dev hsr_slave_1 03:38:30 executing program 2: socketpair$unix(0x1, 0x0, 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=ANY=[@ANYBLOB="2066a8f691211d01000010db55000000000000669bdb382db60cdb35feaf0900000000000000000000000000201483d9b22701010000d08a38cd02fa9ed7d24b53d90b96dc6b6bb3f66386def44212be72b707a768bd02"], 0x1}}, 0x0) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x38) ptrace$cont(0x18, r0, 0x0, 0x0) r1 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000080)='/dev/qat_adf_ctl\x00', 0xe0000, 0x0) r2 = syz_genetlink_get_family_id$tipc(&(0x7f0000000180)='TIPC\x00') sendmsg$TIPC_CMD_SHOW_STATS(r1, &(0x7f0000000240)={&(0x7f0000000100), 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x1c, r2, 0x2, 0x70bd2b, 0x25dfdbfc, {}, [""]}, 0x1c}, 0x1, 0x0, 0x0, 0x80}, 0x8004) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) r3 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='/dev/loop-control\x00', 0x300, 0x0) fcntl$getflags(r3, 0x0) ptrace$cont(0x9, r0, 0x0, 0x0) 03:38:30 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x2000, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_ASSIGN_PCI_DEVICE(r1, 0xae78, 0x0) 03:38:30 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") r1 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x8046) ioctl$SIOCX25SCAUSEDIAG(r1, 0x89ec, &(0x7f0000000080)={0x3, 0x6}) write(r1, &(0x7f0000000100)="b63db85e1e8d020000000000003ef0011dcc606aed4cd2bc7037cebc9bc20096aa1fae1acfbd6cbf87798a9b02de7a91a7eadb2a00"/72, 0x48) rt_sigaction(0x18, &(0x7f0000000200)={&(0x7f0000000180)="c4e2f9a8c8f00fc0993f00000045de6ae265f30fbd02f2400f2aaf07000000660f38dbfbd89e08000000c4a17f10794ec4a140148e07000000c401c4c29a00000000c7", {0xfffffffffffffff7}, 0x8000000, &(0x7f00000000c0)="36dacd36f30f165200660f383d290faef4670ffc6965c4635979cfd0660f3a6176c989c4034969470cadc42249beef430fb3582e"}, &(0x7f00000002c0)={&(0x7f0000000240)="c4c1b572e530c48170143c73460fb99a720000002666430f38f560003e0f939dc5ba0000c4c1adfd31450f451b439cc48235978efeefffff44d21a", {}, 0x0, &(0x7f0000000280)="c4a263f7fff341afc4627d1a8f441a2f7dddc966440f38095200c46275453f4101dec461795626f2f345809baed9b1df28c4227d18f8"}, 0x8, &(0x7f0000000300)) readv(r1, &(0x7f000085dff0)=[{&(0x7f0000000000)=""/62, 0x3e}], 0x1) 03:38:30 executing program 4 (fault-call:1 fault-nth:46): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f0000000380)="8da4363ac0ed0000000000000000004d01000000000000000000000000000013fff6f2a2299748aeb81e1b00920efd9a000001000000000001000000000000005f42485266535f4d860c1317278d451fd38e4071a1e91c0523b67fecca5b668ef40000000000000000e4bd9fa7c5fcb3aefd8d4a6c4952162a5a06316567de06abe647d21f253840c118ae9982c6c238e719ccfbd8f5ee215e30bf31f59401e921c6a9fca5349ebf4294d39b5931232929caf81701a7540962141efc672ae1459ef04de89c7a092e7f", 0xc9, 0x10000}], 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) 03:38:30 executing program 0: sendmsg(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000240)="240000002d0007041dfffd946fa2830020200a0009000000001d8568ff0f000000000000", 0x24}], 0x1}, 0x0) r0 = socket(0x4000000000010, 0x1000000000080002, 0x0) getpeername(r0, &(0x7f0000000000)=@can={0x1d, 0x0}, &(0x7f0000000080)=0x80) bind$packet(r0, &(0x7f0000000180)={0x11, 0x1f, r1, 0x1, 0x3a0, 0x6, @random="74ec7528fae4"}, 0xffffffffffffffe8) sendmmsg$alg(r0, &(0x7f0000000140), 0x42, 0x0) 03:38:30 executing program 5: [ 524.538473] sg_write: data in/out 167162/24 bytes for SCSI command 0xcf-- guessing data in; [ 524.538473] program syz-executor.1 not setting count and/or reply_len properly [ 524.568553] kauditd_printk_skb: 32 callbacks suppressed 03:38:31 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") r1 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x8046) write(r1, &(0x7f0000000100)="b63db85e1e8d020000000000003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1acfbd6cbf87798a9b02de7a91a3cbdfa009cf75a7eadb2a00", 0x48) readv(r1, &(0x7f000085dff0)=[{&(0x7f0000000000)=""/62, 0x3e}], 0x1) r2 = syz_open_dev$vcsn(&(0x7f0000000080)='/dev/vcs#\x00', 0x7, 0x400) getsockopt$bt_BT_CHANNEL_POLICY(r2, 0x112, 0xa, &(0x7f00000000c0)=0x8000, &(0x7f0000000180)=0x4) 03:38:31 executing program 5: [ 524.568562] audit: type=1400 audit(2000000310.959:2354): avc: denied { map } for pid=18901 comm="blkid" path="/sbin/blkid" dev="sda1" ino=16128 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=0 [ 524.614985] FAULT_INJECTION: forcing a failure. [ 524.614985] name failslab, interval 1, probability 0, space 0, times 0 [ 524.637082] sg_write: data in/out 167162/24 bytes for SCSI command 0xff-- guessing data in; [ 524.637082] program syz-executor.1 not setting count and/or reply_len properly [ 524.650629] audit: type=1400 audit(2000000311.029:2355): avc: denied { map } for pid=18906 comm="blkid" path="/sbin/blkid" dev="sda1" ino=16128 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=0 [ 524.669761] CPU: 1 PID: 18903 Comm: syz-executor.4 Not tainted 4.14.134 #30 [ 524.682397] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 524.691770] Call Trace: [ 524.694360] dump_stack+0x138/0x19c [ 524.697988] should_fail.cold+0x10f/0x159 [ 524.702152] should_failslab+0xdb/0x130 [ 524.706123] __kmalloc+0x2f0/0x7a0 [ 524.709656] ? check_preemption_disabled+0x3c/0x250 [ 524.714670] ? ext4_find_extent+0x709/0x960 [ 524.718986] ext4_find_extent+0x709/0x960 [ 524.723137] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 524.728600] ext4_ext_map_blocks+0x1a3/0x4fa0 [ 524.733094] ? save_trace+0x290/0x290 [ 524.736896] ? ext4_find_delalloc_cluster+0xb0/0xb0 [ 524.741930] ? __lock_is_held+0xb6/0x140 [ 524.745993] ? lock_acquire+0x16f/0x430 [ 524.749960] ? ext4_map_blocks+0x77b/0x16e0 [ 524.754311] ext4_map_blocks+0x7d3/0x16e0 [ 524.758459] ? ext4_issue_zeroout+0x160/0x160 [ 524.762950] ? __brelse+0x50/0x60 [ 524.766405] ext4_getblk+0xac/0x450 [ 524.770026] ? ext4_iomap_begin+0x8a0/0x8a0 [ 524.774342] ? ext4_free_inode+0x1210/0x1210 [ 524.778742] ext4_bread+0x6e/0x1a0 [ 524.782274] ? ext4_getblk+0x450/0x450 [ 524.786163] ext4_append+0x14b/0x360 [ 524.789870] ext4_mkdir+0x531/0xc20 [ 524.793491] ? ext4_init_dot_dotdot+0x4c0/0x4c0 [ 524.798157] ? security_inode_mkdir+0xd0/0x110 [ 524.802737] vfs_mkdir+0x3ca/0x610 [ 524.806273] SyS_mkdir+0x1b7/0x200 [ 524.809828] ? SyS_mkdirat+0x210/0x210 [ 524.813728] ? do_syscall_64+0x53/0x640 [ 524.817695] ? SyS_mkdirat+0x210/0x210 [ 524.821586] do_syscall_64+0x1e8/0x640 [ 524.825464] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 524.830310] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 524.835506] RIP: 0033:0x458c47 [ 524.838792] RSP: 002b:00007f4eb8d06a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 524.846494] RAX: ffffffffffffffda RBX: 0000000020000228 RCX: 0000000000458c47 [ 524.853759] RDX: 0000000000000006 RSI: 00000000000001ff RDI: 0000000020000100 [ 524.861018] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 524.868291] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000006 [ 524.875558] R13: 00000000004c88e2 R14: 00000000004df6b0 R15: 0000000000000005 [ 524.883171] protocol 88fb is buggy, dev hsr_slave_0 03:38:31 executing program 0: 03:38:31 executing program 3: [ 524.888261] protocol 88fb is buggy, dev hsr_slave_1 03:38:31 executing program 3: 03:38:31 executing program 5: ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x40305828, &(0x7f00000000c0)={0x0, 0x0, 0xfffffffffffffff7}) clone(0x2102001fff, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) socket(0x0, 0x0, 0x0) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x13, &(0x7f0000000180)) ptrace(0x10, r0) ptrace$poke(0x4209, r0, &(0x7f00000000c0), 0x0) [ 524.919491] audit: type=1400 audit(2000000311.029:2356): avc: denied { map } for pid=18911 comm="blkid" path="/sbin/blkid" dev="sda1" ino=16128 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=0 [ 524.973875] audit: type=1400 audit(2000000311.059:2357): avc: denied { create } for pid=18914 comm="syz-executor.2" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=0 [ 525.014015] audit: type=1400 audit(2000000311.299:2358): avc: denied { map } for pid=18917 comm="blkid" path="/sbin/blkid" dev="sda1" ino=16128 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=0 [ 525.037509] audit: type=1400 audit(2000000311.369:2359): avc: denied { map } for pid=18925 comm="blkid" path="/sbin/blkid" dev="sda1" ino=16128 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=0 [ 525.060258] audit: type=1400 audit(2000000311.399:2360): avc: denied { map } for pid=18927 comm="blkid" path="/sbin/blkid" dev="sda1" ino=16128 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=0 [ 525.083989] audit: type=1400 audit(2000000311.409:2361): avc: denied { map } for pid=18930 comm="blkid" path="/sbin/blkid" dev="sda1" ino=16128 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=0 [ 525.107041] audit: type=1400 audit(2000000311.409:2362): avc: denied { map } for pid=18929 comm="modprobe" path="/bin/kmod" dev="sda1" ino=1440 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=0 [ 525.132320] audit: type=1400 audit(2000000311.419:2363): avc: denied { map } for pid=18933 comm="modprobe" path="/bin/kmod" dev="sda1" ino=1440 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=0 03:38:33 executing program 2: socketpair$unix(0x1, 0x0, 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="2001000010db55000000000000649bdb382db60cdb35feaf0900000000000000000000000000201483d9b22701010000d08a38cd02fa9ed7d2"], 0x1}}, 0x0) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) rt_sigqueueinfo(r0, 0x2f, &(0x7f0000000040)={0x36, 0x7, 0x3}) tkill(r0, 0x38) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r0, 0x0, 0x0) 03:38:33 executing program 0: mknod(&(0x7f0000000180)='./file0\x00', 0x1421, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x2, 0x0) r1 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) ioctl$int_in(r0, 0x5452, &(0x7f0000000400)=0x2) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000001500)={0x6, 0x0, [{0x6004, 0xc1, &(0x7f0000000200)=""/193}, {0x0, 0x71, &(0x7f00000000c0)=""/113}, {0x5000, 0xa3, &(0x7f0000000300)=""/163}, {0x1, 0x10, &(0x7f0000000140)=""/16}, {0x3000, 0x1000, &(0x7f0000000440)=""/4096}, {0xf000, 0x95, &(0x7f0000001440)=""/149}]}) ioctl$int_in(r1, 0x5452, &(0x7f0000000000)=0x95) write$input_event(r0, &(0x7f0000000040)={{0x77359400}}, 0x18) 03:38:33 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") r1 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x8046) clock_gettime(0x0, &(0x7f0000000080)={0x0, 0x0}) setsockopt$sock_timeval(r0, 0x1, 0x15, &(0x7f00000000c0)={r2, r3/1000+10000}, 0x10) write(r1, &(0x7f0000000100)="b63db85e1e8d020000000000003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1acfbd6cbf87798a9b02de7a91a3cbdfa009cf75a7eadb2a00", 0x48) readv(r1, &(0x7f000085dff0)=[{&(0x7f0000000000)=""/62, 0x3e}], 0x1) 03:38:33 executing program 3: r0 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) r1 = creat(&(0x7f0000000240)='./file0\x00', 0x0) getsockopt$inet_sctp_SCTP_PARTIAL_DELIVERY_POINT(r1, 0x84, 0x13, &(0x7f0000000180)={0x0, 0x9e}, &(0x7f00000001c0)=0x8) getsockopt$inet_sctp_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x75, &(0x7f0000000200)={r2, 0x1ff}, &(0x7f0000000280)=0x8) write$cgroup_type(r1, &(0x7f0000001180)='threaded\x00', 0xfc9a) r3 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r0, 0x84, 0x1d, &(0x7f0000000000)={0x4, [0x0, 0x0, 0x0, 0x0]}, &(0x7f0000000080)=0x14) getsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(r0, 0x84, 0x18, &(0x7f0000000100)={r4, 0xffffffff}, &(0x7f0000000140)=0x8) ioctl(r3, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") preadv(0xffffffffffffffff, 0x0, 0x0, 0x0) fallocate(r0, 0x11, 0x2000, 0x9000000) 03:38:33 executing program 5: ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x40305828, &(0x7f00000000c0)={0x0, 0x0, 0xfffffffffffffff7}) clone(0x2102001fff, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) socket(0x0, 0x0, 0x0) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x13, &(0x7f0000000180)) ptrace(0x10, r0) ptrace$poke(0x4209, r0, &(0x7f00000000c0), 0x0) 03:38:33 executing program 4 (fault-call:1 fault-nth:47): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f0000000380)="8da4363ac0ed0000000000000000004d01000000000000000000000000000013fff6f2a2299748aeb81e1b00920efd9a000001000000000001000000000000005f42485266535f4d860c1317278d451fd38e4071a1e91c0523b67fecca5b668ef40000000000000000e4bd9fa7c5fcb3aefd8d4a6c4952162a5a06316567de06abe647d21f253840c118ae9982c6c238e719ccfbd8f5ee215e30bf31f59401e921c6a9fca5349ebf4294d39b5931232929caf81701a7540962141efc672ae1459ef04de89c7a092e7f", 0xc9, 0x10000}], 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) 03:38:34 executing program 5: ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f00000000c0)=0x0) perf_event_open(&(0x7f0000000300)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, r0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000040)=0x0) tkill(r1, 0x3c) r2 = syz_open_dev$midi(&(0x7f0000000080)='/dev/midi#\x00', 0x6, 0x280140) mq_notify(r2, &(0x7f0000000180)={0x0, 0x80000000000025, 0x1, @thr={&(0x7f00000000c0), &(0x7f0000000100)="ff663aedbc36233fb0e2ac60ef0ccabcbfb9cc3998c0eebb52d0e547203530c25aa5c313182987ad00f0d0c774ef9520aa09e33eba4831d0e79469405a21143c6693b3adb371e15b1963b5e88cc65804cd0da79a7c6dcdee"}}) r3 = openat$vnet(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/vhost-net\x00', 0x2, 0x0) io_setup(0x8001, &(0x7f0000000000)) ioctl$int_in(r3, 0x40000000af01, 0x0) r4 = gettid() tkill(r4, 0x1f) ioctl$VHOST_SET_MEM_TABLE(r3, 0x4008af30, &(0x7f0000000040)=ANY=[]) [ 527.607782] sg_write: data in/out 167162/24 bytes for SCSI command 0xff-- guessing data in; [ 527.607782] program syz-executor.1 not setting count and/or reply_len properly 03:38:34 executing program 0: mkdirat(0xffffffffffffffff, &(0x7f0000000280)='./file0\x00', 0x10) r0 = open$dir(&(0x7f00004daff8)='./file0\x00', 0x0, 0x10) r1 = add_key$user(0x0, &(0x7f0000000380)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffff9) keyctl$set_timeout(0xf, r1, 0x0) fsetxattr$trusted_overlay_redirect(r0, 0x0, 0x0, 0x0, 0x0) r2 = dup(0xffffffffffffffff) setsockopt$inet_tcp_TCP_CONGESTION(r2, 0x6, 0xd, &(0x7f0000000100)='lp\x00', 0x3) bind$inet6(0xffffffffffffffff, 0x0, 0x0) get_mempolicy(&(0x7f0000000300), &(0x7f0000000400), 0x0, &(0x7f0000ffd000/0x2000)=nil, 0x1) setsockopt$l2tp_PPPOL2TP_SO_RECVSEQ(r2, 0x111, 0x2, 0x1, 0x4) ioctl$UI_DEV_SETUP(r2, 0x405c5503, 0x0) sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$inet_IP_XFRM_POLICY(r2, 0x0, 0x11, &(0x7f0000000480)={{{@in=@broadcast, @in=@empty}}, {{}, 0x0, @in6=@mcast1}}, &(0x7f00000001c0)=0xe8) prctl$PR_GET_FPEMU(0x9, &(0x7f0000000080)) r3 = open(&(0x7f0000000040)='./bus\x00', 0x141042, 0x0) r4 = semget(0x2, 0x3, 0x412) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f00000000c0)={0x0, 0x18, 0xfa00, {0x1, &(0x7f0000000000)={0xffffffffffffffff}, 0x106, 0xa}}, 0x20) write$RDMA_USER_CM_CMD_QUERY_ROUTE(r3, &(0x7f0000000200)={0x5, 0x10, 0xfa00, {&(0x7f00000006c0), r5, 0x3}}, 0x18) semctl$SEM_INFO(r4, 0x1, 0x13, 0x0) ioctl$SNDRV_TIMER_IOCTL_GSTATUS(r3, 0xc0505405, &(0x7f0000000140)={{0x1, 0x0, 0x9, 0x2, 0x555}, 0x0, 0x2, 0x3}) getsockopt$bt_BT_DEFER_SETUP(r2, 0x112, 0x7, &(0x7f00000003c0), &(0x7f0000000580)=0x4) ioctl$KVM_S390_UCAS_MAP(r2, 0x4018ae50, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000440)=0xf) ioctl$TIOCMBIC(0xffffffffffffffff, 0x5417, &(0x7f0000000240)=0x6) ioctl$SIOCX25SSUBSCRIP(r2, 0x89e1, &(0x7f00000005c0)={'irlan0\x00', 0x9, 0x9}) fsetxattr$security_ima(r3, &(0x7f00000002c0)='security.ima\x00', &(0x7f0000000340)=@sha1={0x1, "28d0493621dfee83f00d42d3460d389df3ad9aef"}, 0x15, 0x1) ftruncate(r3, 0x7fff) sendfile(r3, r3, 0x0, 0x8040fffffffd) 03:38:34 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) splice(r0, &(0x7f0000000200), r0, &(0x7f0000000240), 0x2, 0x1bb6f5ba1588d3d7) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") r1 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x8046) membarrier(0x2, 0x0) write(r1, &(0x7f0000000100)="b63db85e1e8d020000000000003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1acfbd6cbf87798a9b02de7a91a3cbdfa009cf75a7eadb2a00", 0x48) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x44) getsockopt$inet_sctp_SCTP_ADAPTATION_LAYER(r2, 0x84, 0x7, &(0x7f0000000280), &(0x7f00000002c0)=0x4) getpeername$netrom(r2, &(0x7f0000000180)={{0x3, @rose}, [@null, @netrom, @rose, @rose, @bcast, @rose, @bcast, @rose]}, &(0x7f00000000c0)=0x48) readv(r1, &(0x7f000085dff0)=[{&(0x7f0000000000)=""/62, 0x3e}], 0x1) [ 527.650793] FAULT_INJECTION: forcing a failure. [ 527.650793] name failslab, interval 1, probability 0, space 0, times 0 [ 527.706269] CPU: 0 PID: 18948 Comm: syz-executor.4 Not tainted 4.14.134 #30 [ 527.713415] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 527.722839] Call Trace: [ 527.725438] dump_stack+0x138/0x19c [ 527.729080] should_fail.cold+0x10f/0x159 [ 527.733240] should_failslab+0xdb/0x130 [ 527.737226] kmem_cache_alloc+0x2d7/0x780 [ 527.741424] ? rcu_read_lock_sched_held+0x110/0x130 [ 527.742346] sg_write: data in/out 167162/24 bytes for SCSI command 0xff-- guessing data in; [ 527.742346] program syz-executor.1 not setting count and/or reply_len properly [ 527.746454] ? __mark_inode_dirty+0x2b7/0x1040 [ 527.746473] ext4_mb_new_blocks+0x509/0x3990 [ 527.746489] ? ext4_find_extent+0x709/0x960 [ 527.746509] ext4_ext_map_blocks+0x26cd/0x4fa0 [ 527.746529] ? ext4_find_delalloc_cluster+0xb0/0xb0 [ 527.785398] ? __lock_is_held+0xb6/0x140 [ 527.789483] ? lock_acquire+0x16f/0x430 [ 527.793476] ext4_map_blocks+0x7d3/0x16e0 [ 527.797637] ? ext4_issue_zeroout+0x160/0x160 [ 527.802150] ? __brelse+0x50/0x60 [ 527.805624] ext4_getblk+0xac/0x450 [ 527.809264] ? ext4_iomap_begin+0x8a0/0x8a0 [ 527.813592] ? ext4_free_inode+0x1210/0x1210 [ 527.818008] ext4_bread+0x6e/0x1a0 [ 527.821554] ? ext4_getblk+0x450/0x450 [ 527.825457] ext4_append+0x14b/0x360 [ 527.829190] ext4_mkdir+0x531/0xc20 [ 527.832835] ? ext4_init_dot_dotdot+0x4c0/0x4c0 [ 527.837504] ? security_inode_mkdir+0xd0/0x110 [ 527.842073] vfs_mkdir+0x3ca/0x610 [ 527.845598] SyS_mkdir+0x1b7/0x200 [ 527.849132] ? SyS_mkdirat+0x210/0x210 [ 527.853014] ? do_syscall_64+0x53/0x640 [ 527.856974] ? SyS_mkdirat+0x210/0x210 [ 527.860848] do_syscall_64+0x1e8/0x640 [ 527.864719] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 527.869569] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 527.874744] RIP: 0033:0x458c47 [ 527.877916] RSP: 002b:00007f4eb8d06a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 527.885612] RAX: ffffffffffffffda RBX: 0000000020000228 RCX: 0000000000458c47 [ 527.892891] RDX: 0000000000000006 RSI: 00000000000001ff RDI: 0000000020000100 [ 527.900152] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a 03:38:34 executing program 3: openat$null(0xffffffffffffff9c, &(0x7f0000000080)='/dev/null\x00', 0x7ffff, 0x0) getuid() prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) syz_open_dev$midi(&(0x7f0000000000)='/dev/midi#\x00', 0x200, 0x1) prctl$PR_CAPBSET_READ(0x17, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(0xffffffffffffffff, 0x84, 0x64, 0x0, 0x0) r1 = open(&(0x7f0000000080)='./bus\x00', 0x141042, 0x0) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, 0x0, 0x0) ftruncate(r1, 0x200004) sendfile(r0, r1, 0x0, 0x80001d00c0d0) clone(0x802102001fff, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000005c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ptrace$setopts(0x4206, r2, 0x0, 0x0) tkill(r2, 0x38) ptrace$cont(0x18, r2, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x3, 0x8}) ptrace$setregs(0xd, r2, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r2, 0x0, 0x0) 03:38:34 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") r1 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x8046) write(r1, &(0x7f0000000100)="b63db85e1e8d020000000000003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1acfbd6cbf87798a9b02de7a91a3cbdfa009cf75a7eadb2a00", 0x48) readv(r1, &(0x7f000085dff0)=[{&(0x7f0000000000)=""/62, 0x3e}], 0x1) fstatfs(r1, &(0x7f0000000080)=""/5) pipe2(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x4800) getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r2, 0x84, 0x22, &(0x7f0000000200)={0x1, 0x8000, 0x4, 0x0, 0x0}, &(0x7f0000000240)=0x10) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r3, 0x84, 0x7b, &(0x7f0000000280)={r4, 0x3}, 0x8) getsockopt$inet_sctp_SCTP_RECVRCVINFO(r3, 0x84, 0x20, &(0x7f0000000180), &(0x7f00000001c0)=0x4) [ 527.907409] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000006 [ 527.914671] R13: 00000000004c88e2 R14: 00000000004df6b0 R15: 0000000000000005 [ 527.937563] sg_write: data in/out 167162/24 bytes for SCSI command 0xff-- guessing data in; [ 527.937563] program syz-executor.1 not setting count and/or reply_len properly 03:38:34 executing program 0: r0 = memfd_create(&(0x7f00000001c0)='ppp0+,selfppp0vmnet1proc\']\x00', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000050000)='/dev/snd/seq\x00', 0x0, 0x2) r2 = dup2(r1, r0) ioctl$UI_SET_ABSBIT(0xffffffffffffffff, 0x40045567, 0x7) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r1, 0xc08c5332, &(0x7f00000007c0)={0x0, 0x0, 0x0, '\x9e\xdez\x8cZ\xe9^\xc8g,\x934\x0fd:fO\x13\xee\xabe\xc02)\x01\xdck\xd3l\xde,Q\xf0\x1b\x7f\v\x01O\x9f\x91\xee\xb7\xc3|r@\xf4v\xc8\xd7S\xd0\x00\xaa\x8f\xaf\x8f\xb5t\xdb\xcf\xa6\xdcM'}) ioctl$VIDIOC_G_SLICED_VBI_CAP(r2, 0xc0745645, &(0x7f00000000c0)={0xffff, [0x3f, 0xff, 0xc54, 0x3, 0x5, 0x5, 0x81, 0xfffffffffffffffa, 0xffffffffffffffe1, 0x5d, 0x6, 0x2, 0xfffffffffffffffe, 0x100000001, 0x6, 0x1, 0x7314, 0x3a6, 0x3, 0x20000, 0x8, 0x0, 0x7fffffff, 0x401, 0x2, 0x200, 0x1, 0x5, 0xa14a, 0x25, 0xfffffffffffffffc, 0x10001, 0x80000000, 0x1, 0xffffffffffffffc1, 0x4, 0xffff, 0x2, 0x8, 0x400, 0x6, 0x3, 0x6c2, 0x6a7, 0x3, 0xfff, 0x4, 0x76], 0x5}) ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_INFO(r2, 0x40bc5311, &(0x7f0000000000)={0x80, 0x1, 'clien\x00\x00\x00\x00\x00\x00\x04\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\b\x00', 0xffffffff90000004, "7fd82d5e02ca3901", "88e7ed00007fff051eae961ef6c6992b7e6e560000f9fff77711be18a3d918e0"}) setsockopt$inet_icmp_ICMP_FILTER(r2, 0x1, 0x1, &(0x7f0000000140)={0x101}, 0x4) write$sndseq(r0, &(0x7f0000042f70)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @addr}, {0x0, 0x0, 0x0, 0x0, @tick, {0x6}, {}, @addr}], 0xffffffbd) [ 528.056023] sg_write: data in/out 167162/24 bytes for SCSI command 0xff-- guessing data in; [ 528.056023] program syz-executor.1 not setting count and/or reply_len properly [ 529.040193] net_ratelimit: 16 callbacks suppressed [ 529.040199] protocol 88fb is buggy, dev hsr_slave_0 [ 529.040236] protocol 88fb is buggy, dev hsr_slave_1 [ 529.045238] protocol 88fb is buggy, dev hsr_slave_1 [ 529.060424] protocol 88fb is buggy, dev hsr_slave_0 [ 529.065505] protocol 88fb is buggy, dev hsr_slave_1 [ 529.120174] protocol 88fb is buggy, dev hsr_slave_1 [ 529.440123] protocol 88fb is buggy, dev hsr_slave_0 [ 529.445231] protocol 88fb is buggy, dev hsr_slave_1 03:38:37 executing program 2: socketpair$unix(0x1, 0x0, 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="2001000010db55000000000000649bdb382db60cdb35feaf0900000000000000000000000000201483d9b22701010000d08a38cd02fa9ed7d2"], 0x1}}, 0x0) openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/avc/cache_stats\x00', 0x0, 0x0) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) chmod(&(0x7f0000000080)='./file0\x00', 0x0) r0 = gettid() wait4(0x0, 0x0, 0xa, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x38) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r0, 0x0, 0x0) 03:38:37 executing program 4 (fault-call:1 fault-nth:48): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f0000000380)="8da4363ac0ed0000000000000000004d01000000000000000000000000000013fff6f2a2299748aeb81e1b00920efd9a000001000000000001000000000000005f42485266535f4d860c1317278d451fd38e4071a1e91c0523b67fecca5b668ef40000000000000000e4bd9fa7c5fcb3aefd8d4a6c4952162a5a06316567de06abe647d21f253840c118ae9982c6c238e719ccfbd8f5ee215e30bf31f59401e921c6a9fca5349ebf4294d39b5931232929caf81701a7540962141efc672ae1459ef04de89c7a092e7f", 0xc9, 0x10000}], 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) 03:38:37 executing program 0: r0 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/tcp6\x00') perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = socket$inet6(0xa, 0x400000000001, 0x0) ioctl$TIOCCBRK(r0, 0x5428) prctl$PR_GET_TID_ADDRESS(0x28, 0x0) prctl$PR_SET_TIMERSLACK(0x1d, 0x0) bind$inet6(r1, &(0x7f0000fa0fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r2 = dup2(0xffffffffffffffff, 0xffffffffffffffff) ioctl$UI_SET_EVBIT(0xffffffffffffffff, 0x40045564, 0x0) r3 = dup2(0xffffffffffffffff, 0xffffffffffffffff) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000140)={0x0, r3, 0x0, 0x9, &(0x7f0000000000)='net/tcp6\x00', 0xffffffffffffffff}, 0x30) perf_event_open(&(0x7f0000000240)={0x3, 0x70, 0x40, 0x7, 0xffffffffffffffff, 0x7f, 0x0, 0x0, 0x80000, 0x8, 0x80000000, 0x9, 0x7, 0x5, 0x0, 0x0, 0x1ff, 0x4, 0xfffffffffffffffb, 0x1, 0x4, 0x1, 0x5, 0x8, 0x6, 0x9, 0x2, 0x51be8173, 0x4, 0x9, 0x2, 0x81, 0x7ff, 0x1, 0x3, 0xffffffff, 0x101, 0x9, 0x0, 0xfffffffffffff35d, 0x1, @perf_config_ext={0xca, 0x81}, 0x500, 0x4, 0x7, 0x5, 0x9, 0x10, 0x7}, r4, 0xc, r2, 0x2) setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x25, 0x0, 0x0) setsockopt$inet_mreq(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) getsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) setsockopt$inet6_tcp_TCP_CONGESTION(r2, 0x6, 0xd, 0x0, 0xfde5975e) ioctl$sock_SIOCBRDELBR(0xffffffffffffffff, 0x89a1, 0x0) setsockopt$inet6_MRT6_ADD_MIF(0xffffffffffffffff, 0x29, 0xca, 0x0, 0x0) ioctl$UI_SET_LEDBIT(r3, 0x40045569, 0x1) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, 0x0) ioctl$EVIOCGMASK(r0, 0x80104592, &(0x7f0000000200)={0x1f, 0x23, &(0x7f0000000180)="4d7cbfec3208acc5cd6796cdcf7f53c3c17060fb27d05780b0f3d8c5e3eb7f5d21cdd1"}) epoll_ctl$EPOLL_CTL_MOD(r0, 0x3, r1, &(0x7f0000000040)={0x8}) sendto$inet6(r1, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r5 = open(&(0x7f0000000100)='./bus\x00', 0x141042, 0x1) setsockopt$SO_TIMESTAMPING(r1, 0x1, 0x25, &(0x7f0000000080)=0x4, 0x4) timerfd_gettime(0xffffffffffffffff, 0x0) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, 0x0) ftruncate(r5, 0x843) sendfile(r1, r5, &(0x7f00000000c0), 0x8000fffffffe) preadv(r0, &(0x7f0000000000), 0x1000008b, 0x0) 03:38:37 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") r1 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x8046) write(r1, &(0x7f0000000100)="b63db85e1e8d020000000000003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1acfbd6cbf87798a9b02de7a91a3cbdfa009cf75a7eadb2a00", 0x48) readv(r1, &(0x7f000085dff0)=[{&(0x7f0000000000)=""/62, 0x3e}], 0x1) ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000000080)) 03:38:37 executing program 5: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'\x00\x00\x00\x00\x00\x00\x00\x1f\x00\x85\x1b\x00\x00\xf5\x00', 0x2}) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xbfffffffffffffff, 0xffffffffffffffff, 0x0) r1 = memfd_create(&(0x7f0000000240)='\x00\xac=\x9d\xd2\xdb\xe6\xbf\xb4\b\xedcJ\x8e\x84\xd4N\x12\x9b\x1f\t\xbd\x11+\x86T\x16\xa3\xb3\xae0\x9f9?\xefo\xa4k\x012>\xa1\x9c\x86x\x1c\x9f\x84\x195\xde\x97_\t~\xf3Y\x12\"p^\xc1\x0f', 0x0) fallocate(r1, 0x0, 0x2000421, 0x1) write(r1, &(0x7f0000002000)='/', 0x1) sendfile(r1, r1, &(0x7f0000001000), 0xfac) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x11, r1, 0x0) ioctl$TUNSETSTEERINGEBPF(r0, 0x400454d1, &(0x7f0000000080)) ioprio_get$pid(0x0, 0x0) sendmsg$TIPC_NL_MON_GET(0xffffffffffffffff, 0x0, 0x0) 03:38:37 executing program 3: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) prlimit64(0x0, 0x7, &(0x7f0000000040)={0x6, 0x78}, 0x0) recvmsg(r1, &(0x7f0000005700)={0x0, 0x0, 0x0, 0x0, &(0x7f0000005640)=""/174, 0xae}, 0x0) sendmsg(r0, &(0x7f0000000340)={0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="180000000000000001000000010000000300000003000000"], 0x18}, 0x0) [ 530.640081] kauditd_printk_skb: 14 callbacks suppressed [ 530.640090] audit: type=1400 audit(2000000317.029:2379): avc: denied { map } for pid=18993 comm="blkid" path="/sbin/blkid" dev="sda1" ino=16128 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=0 [ 530.658851] sg_write: data in/out 167162/24 bytes for SCSI command 0xff-- guessing data in; [ 530.658851] program syz-executor.1 not setting count and/or reply_len properly 03:38:37 executing program 2: socketpair$unix(0x1, 0x0, 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="2001000010db55000000000000649bdb382db60cdb35feaf0900000000000400000000000000201483d9b22701010000d08a38cd02fa9ed7d2"], 0x1}}, 0x0) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x38) r1 = creat(&(0x7f0000000040)='./file0\x00', 0x8) ioctl$BLKTRACESETUP(r1, 0xc0481273, &(0x7f0000000180)={[], 0x1, 0x10f, 0x3ff, 0xfc, 0x1, r0}) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r0, 0x0, 0x0) 03:38:37 executing program 0: ioctl$VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000040)={0x1, @pix_mp={0x0, 0x0, 0x32344d59}}) [ 530.681930] audit: type=1400 audit(2000000317.029:2378): avc: denied { map } for pid=18990 comm="syz-executor.5" path=2F6D656D66643A202864656C6574656429 dev="tmpfs" ino=66619 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:tmpfs_t:s0 tclass=file permissive=0 [ 530.724581] FAULT_INJECTION: forcing a failure. [ 530.724581] name failslab, interval 1, probability 0, space 0, times 0 [ 530.735898] CPU: 1 PID: 18996 Comm: syz-executor.4 Not tainted 4.14.134 #30 [ 530.737005] audit: type=1400 audit(2000000317.109:2380): avc: denied { map } for pid=18990 comm="syz-executor.5" path=2F6D656D66643A202864656C6574656429 dev="tmpfs" ino=66630 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:tmpfs_t:s0 tclass=file permissive=0 [ 530.743004] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 530.743010] Call Trace: [ 530.743029] dump_stack+0x138/0x19c [ 530.743048] should_fail.cold+0x10f/0x159 03:38:37 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000340)="11dca50d750bcfe47bf0703be103cfee7683afa609d6433371d63c27ef4c4dd4fb4341715a3ac0ea3a288c0bb035904e0f93ec34d8e833786e6e1a89807572d66189e69d0b7abf83891bb7ce2fcd82fe6a398f14869d630c9b4db261bcb6e434e84b577df8ef5c") r1 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x8046) write(r1, &(0x7f0000000100)="b63db85e1e8d020000000000003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1acfbd6cbf87798a9b02de7a91a3cbdfa009cf75a7eadb2a00", 0x48) r2 = syz_open_dev$sndpcmc(&(0x7f0000000180)='/dev/snd/pcmC#D#c\x00', 0x4, 0x101000) setsockopt$l2tp_PPPOL2TP_SO_REORDERTO(r2, 0x111, 0x5, 0x9, 0x4) r3 = syz_open_dev$swradio(&(0x7f0000000080)='/dev/swradio#\x00', 0x1, 0x2) ioctl$ASHMEM_GET_SIZE(r3, 0x7704, 0x0) r4 = syz_genetlink_get_family_id$fou(&(0x7f0000000200)='fou\x00') sendmsg$FOU_CMD_ADD(r3, &(0x7f00000002c0)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000280)={&(0x7f0000000240)={0x1c, r4, 0x500, 0x70bd2a, 0x25dfdbff, {}, [@FOU_ATTR_TYPE={0x8, 0x4, 0x1}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000000}, 0x8000) readv(r1, &(0x7f000085dff0)=[{&(0x7f0000000000)=""/62, 0x3e}], 0x1) setsockopt$inet_tcp_TCP_REPAIR(r3, 0x6, 0x13, &(0x7f00000000c0)=0x1, 0x4) ioctl$TUNSETOFFLOAD(r3, 0x400454d0, 0x1) 03:38:37 executing program 5: r0 = syz_init_net_socket$ax25(0x3, 0x0, 0x1) r1 = gettid() ioctl$sock_FIOSETOWN(r0, 0x8901, &(0x7f0000000000)=r1) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000100)='cpuacct.usage_percpu\x00', 0x0, 0x0) getsockopt$bt_l2cap_L2CAP_LM(r4, 0x6, 0x3, &(0x7f0000000140), &(0x7f0000000180)=0x4) r5 = openat$cgroup_ro(r4, &(0x7f00000003c0)='age_percpu_sys\x00\xb9\x7f\xbb\x04\x1bd\x05\xf2S`1B2ai\x16\x11\x96e\xbb\x8d\x89\xb9\xd826\x84\x1bM(\x85\x10\xf4y1\xb3V2\xe0\xfc\xf3kw\x92Xp\xe8\xfb\xe7s\x1c\xd1G\x0f\xeb@\xf9\xca\xe1\xc7\xd6|w\xcb\xd3\\e\xeb&8-d\x14gz\xfe\xa3 \x99L\xd3\x12,\xa6\xc5\x8c\xb1T\xfd\xcd\xb1\'\x94\x89\x17\xb7\xd4g\x82\x84\xe2\x03\xdb\x0f6\xb8\xb5\xd30`p\x1e', 0x0, 0x0) getsockopt$netrom_NETROM_T4(r5, 0x103, 0x6, &(0x7f0000000080)=0x8, &(0x7f00000000c0)=0x4) r6 = gettid() kcmp(r6, r6, 0x0, r3, r2) [ 530.743063] ? __es_tree_search.isra.0+0x15f/0x1c0 [ 530.743080] should_failslab+0xdb/0x130 [ 530.743095] kmem_cache_alloc+0x47/0x780 [ 530.743110] ? ext4_es_can_be_merged+0x16e/0x230 [ 530.743124] __es_insert_extent+0x26c/0xe60 [ 530.743146] ext4_es_insert_extent+0x1f0/0x590 [ 530.743165] ? ext4_es_find_delayed_extent_range+0x960/0x960 [ 530.743188] ext4_map_blocks+0xa03/0x16e0 [ 530.743208] ? ext4_issue_zeroout+0x160/0x160 [ 530.830502] ? __brelse+0x50/0x60 [ 530.833969] ext4_getblk+0xac/0x450 [ 530.837605] ? ext4_iomap_begin+0x8a0/0x8a0 [ 530.841929] ? ext4_free_inode+0x1210/0x1210 [ 530.846350] ext4_bread+0x6e/0x1a0 [ 530.849898] ? ext4_getblk+0x450/0x450 [ 530.853828] ext4_append+0x14b/0x360 [ 530.854468] sg_write: data in/out 167162/24 bytes for SCSI command 0xff-- guessing data in; [ 530.854468] program syz-executor.1 not setting count and/or reply_len properly [ 530.857545] ext4_mkdir+0x531/0xc20 [ 530.857564] ? ext4_init_dot_dotdot+0x4c0/0x4c0 [ 530.857580] ? security_inode_mkdir+0xd0/0x110 [ 530.857595] vfs_mkdir+0x3ca/0x610 [ 530.857608] SyS_mkdir+0x1b7/0x200 [ 530.857619] ? SyS_mkdirat+0x210/0x210 [ 530.857637] ? do_syscall_64+0x53/0x640 [ 530.901353] ? SyS_mkdirat+0x210/0x210 [ 530.905251] do_syscall_64+0x1e8/0x640 [ 530.909137] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 530.912784] audit: type=1400 audit(2000000317.309:2381): avc: denied { create } for pid=19010 comm="syz-executor.1" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=0 03:38:37 executing program 0: mkdir(&(0x7f0000002000)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0) symlink(&(0x7f00000000c0)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38//../file0\x00', &(0x7f00000002c0)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38//../file0\x00') ioctl$TUNDETACHFILTER(0xffffffffffffffff, 0x401054d6, 0x0) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x80000000103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) umount2(&(0x7f00000004c0)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38//../file0\x00', 0x0) ioctl$FITRIM(r0, 0xc0185879, &(0x7f0000000480)={0x3226, 0x80000001, 0x8}) write(0xffffffffffffffff, 0x0, 0x0) r1 = syz_open_dev$adsp(&(0x7f0000000040)='/dev/adsp#\x00', 0x10000, 0x4000) ioctl$sock_bt_bnep_BNEPGETCONNINFO(r1, 0x800442d3, &(0x7f0000000080)={0x3, 0x4, 0x7, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}, 'erspan0\x00'}) r2 = geteuid() r3 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) ioctl$sock_SIOCGSKNS(r3, 0x894c, &(0x7f0000000440)=0x80000001) syz_mount_image$gfs2(&(0x7f0000000000)='gfs2\x00', 0x0, 0x530b, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="5364a53ffa471be365bfe2b8cf5f55e7ce2787af40c5cc7cfa13d650df8c1e61bd8ece14784bade75429f1acd8d7b7356cc2ba63c43b78a002770fc3492e819b147cd8c076ceba3c20ed0128e067764e3eb2ec2e84b6ca2c6150a3ef7ad21a23b6aa6a", 0x63, 0x7}, {0x0}], 0x84000, &(0x7f0000000540)=ANY=[@ANYBLOB, @ANYRESDEC=r2, @ANYBLOB]) read(0xffffffffffffffff, 0x0, 0x0) 03:38:37 executing program 5: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = syz_open_dev$sndpcmp(&(0x7f0000000000)='/dev/snd/pcmC#D#p\x00', 0x6, 0x4000) getsockopt$inet_sctp6_SCTP_DISABLE_FRAGMENTS(r2, 0x84, 0x8, &(0x7f0000000080), &(0x7f00000000c0)=0x4) sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0xa, 0xfffffffffffffff}]}}}]}, 0x3c}}, 0x0) [ 530.913990] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 530.914001] RIP: 0033:0x458c47 [ 530.914007] RSP: 002b:00007f4eb8d06a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 530.914019] RAX: ffffffffffffffda RBX: 0000000020000228 RCX: 0000000000458c47 [ 530.914025] RDX: 0000000000000006 RSI: 00000000000001ff RDI: 0000000020000100 [ 530.914031] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 530.914036] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000006 [ 530.914042] R13: 00000000004c88e2 R14: 00000000004df6b0 R15: 0000000000000005 03:38:37 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0x29, 0x0, 0x0) sendmmsg(r0, &(0x7f0000007e00), 0x115, 0x0) [ 531.027307] sg_write: data in/out 167162/24 bytes for SCSI command 0xff-- guessing data in; [ 531.027307] program syz-executor.1 not setting count and/or reply_len properly [ 531.079102] audit: type=1400 audit(2000000317.379:2382): avc: denied { map } for pid=19024 comm="blkid" path="/sbin/blkid" dev="sda1" ino=16128 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=0 03:38:37 executing program 4 (fault-call:1 fault-nth:49): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f0000000380)="8da4363ac0ed0000000000000000004d01000000000000000000000000000013fff6f2a2299748aeb81e1b00920efd9a000001000000000001000000000000005f42485266535f4d860c1317278d451fd38e4071a1e91c0523b67fecca5b668ef40000000000000000e4bd9fa7c5fcb3aefd8d4a6c4952162a5a06316567de06abe647d21f253840c118ae9982c6c238e719ccfbd8f5ee215e30bf31f59401e921c6a9fca5349ebf4294d39b5931232929caf81701a7540962141efc672ae1459ef04de89c7a092e7f", 0xc9, 0x10000}], 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) 03:38:37 executing program 5: r0 = socket$inet_sctp(0x2, 0x1, 0x84) sendto$inet(r0, &(0x7f000026cfff)="c6", 0x1, 0x0, &(0x7f0000033ff0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10) ioctl$SNDRV_TIMER_IOCTL_PVERSION(r0, 0x80045400, &(0x7f0000000000)) shutdown(r0, 0x1) getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(r0, 0x84, 0x66, &(0x7f00000002c0)=ANY=[@ANYRES32=0x0, @ANYBLOB="0000b7e8"], &(0x7f0000000340)=0x8) 03:38:37 executing program 3: syz_open_dev$admmidi(&(0x7f0000000240)='/dev/admmidi#\x00', 0x2, 0x0) pipe(&(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) pipe(&(0x7f0000000500)) r2 = socket$inet6(0xa, 0x100000000000001, 0x84) ptrace$peek(0xffffffffffffffff, 0x0, 0x0) connect$inet6(r2, &(0x7f0000000080)={0xa, 0x0, 0x0, @loopback}, 0x1c) sendmsg$SEG6_CMD_SETHMAC(r1, &(0x7f00000008c0)={0x0, 0x0, 0x0}, 0x0) write(r1, &(0x7f0000000340), 0x41395527) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000100)) pselect6(0x40, &(0x7f00000000c0)={0x8}, 0x0, &(0x7f0000000140)={0x1b7}, 0x0, 0x0) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setscheduler(0x0, 0x0, 0x0) 03:38:37 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") r1 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x8046) write(r1, &(0x7f0000000100)="b63db85e1e8d020000000000003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1acfbd6cbf87798a9b02de7a91a3cbdfa009cf75a7eadb2a00", 0x48) r2 = syz_open_dev$radio(&(0x7f0000000080)='/dev/radio#\x00', 0x0, 0x2) setsockopt$inet6_tcp_TLS_RX(r2, 0x6, 0x2, &(0x7f00000000c0)=@gcm_256={{0x304}, "efe2da2c840de064", "262f719bf7d67266aa9c5cbc1a8a1ad106437f455e70d433ba68682d61016c3c", "8c15e214", "a7d20b65bf9a54fc"}, 0x38) readv(r1, &(0x7f000085dff0)=[{&(0x7f0000000000)=""/62, 0x3e}], 0x1) [ 531.120185] protocol 88fb is buggy, dev hsr_slave_0 [ 531.125307] protocol 88fb is buggy, dev hsr_slave_1 03:38:37 executing program 0: fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) fcntl$getown(0xffffffffffffffff, 0x9) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = open(0x0, 0x0, 0x0) getsockopt$ARPT_SO_GET_INFO(0xffffffffffffffff, 0x0, 0x60, 0x0, 0x0) write$capi20(0xffffffffffffffff, 0x0, 0x0) socket$packet(0x11, 0xa, 0x300) r1 = socket$kcm(0xa, 0x2, 0x73) bind$inet6(r1, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x69) connect(r1, &(0x7f0000000180)=@in6={0xa, 0x0, 0x0, @dev, 0x6}, 0x80) sendmmsg$inet_sctp(r1, &(0x7f00000003c0), 0x3a301e0909ff38c, 0x0) prctl$PR_SET_MM_MAP(0x35, 0xe, &(0x7f0000000880)={&(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000fef000/0x11000)=nil, &(0x7f0000ff6000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ff6000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000ff4000/0x1000)=nil, &(0x7f0000ff6000/0x3000)=nil, 0x0}, 0x68) write$selinux_access(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="73797374656d5f753a6f626a6563745f723a7074626c69635f25624b350bc0636f7573722f7362696e2f6e74706420303030303030303030303030303030"], 0x4d) [ 531.177334] audit: type=1400 audit(2000000317.399:2383): avc: denied { map } for pid=19028 comm="blkid" path="/sbin/blkid" dev="sda1" ino=16128 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=0 [ 531.199680] sg_write: data in/out 167162/24 bytes for SCSI command 0xff-- guessing data in; [ 531.199680] program syz-executor.1 not setting count and/or reply_len properly [ 531.238554] FAULT_INJECTION: forcing a failure. [ 531.238554] name failslab, interval 1, probability 0, space 0, times 0 [ 531.249000] sg_write: data in/out 167162/24 bytes for SCSI command 0xff-- guessing data in; [ 531.249000] program syz-executor.1 not setting count and/or reply_len properly [ 531.250179] CPU: 1 PID: 19043 Comm: syz-executor.4 Not tainted 4.14.134 #30 [ 531.250229] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 531.250233] Call Trace: [ 531.250252] dump_stack+0x138/0x19c [ 531.250275] should_fail.cold+0x10f/0x159 [ 531.293033] should_failslab+0xdb/0x130 [ 531.297019] kmem_cache_alloc+0x47/0x780 [ 531.301086] ? lock_downgrade+0x6e0/0x6e0 [ 531.305248] __sigqueue_alloc+0x1da/0x400 [ 531.309428] __send_signal+0x1a2/0x1280 [ 531.313403] ? lock_acquire+0x16f/0x430 [ 531.317389] send_signal+0x49/0xc0 [ 531.318623] audit: type=1400 audit(2000000317.449:2384): avc: denied { create } for pid=19010 comm="syz-executor.1" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=0 [ 531.320930] force_sig_info+0x243/0x350 [ 531.320952] force_sig_info_fault.constprop.0+0x1c6/0x2b0 [ 531.320966] ? is_prefetch.isra.0+0x350/0x350 [ 531.320984] ? trace_raw_output_x86_exceptions+0x140/0x140 [ 531.321001] __bad_area_nosemaphore+0x1dc/0x2a0 [ 531.321016] bad_area+0x69/0x80 [ 531.321028] __do_page_fault+0x86f/0xb80 [ 531.321043] ? vmalloc_fault+0xe30/0xe30 [ 531.380912] ? page_fault+0x2f/0x50 [ 531.384553] do_page_fault+0x71/0x511 [ 531.388361] ? page_fault+0x2f/0x50 [ 531.391995] page_fault+0x45/0x50 [ 531.395447] RIP: 0033:0x45342f [ 531.398632] RSP: 002b:00007f4eb8d06a88 EFLAGS: 00010283 [ 531.403993] RAX: 00007f4eb8d06b40 RBX: 0000000020000228 RCX: 0000000000000000 [ 531.411264] RDX: 00000000000000e0 RSI: 0000000000000000 RDI: 00007f4eb8d06b40 [ 531.418533] RBP: 0000000000000001 R08: 00000000000000e0 R09: 000000000000000a [ 531.423508] audit: type=1400 audit(2000000317.629:2385): avc: denied { map } for pid=19048 comm="blkid" path="/sbin/blkid" dev="sda1" ino=16128 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=0 [ 531.425823] R10: 0000000000000075 R11: 00000000004e5080 R12: 0000000000000006 [ 531.425830] R13: 00000000004c88e2 R14: 00000000004df6b0 R15: 0000000000000005 [ 531.565500] audit: type=1400 audit(2000000317.899:2386): avc: denied { map } for pid=19060 comm="blkid" path="/sbin/blkid" dev="sda1" ino=16128 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=0 [ 531.602090] audit: type=1400 audit(2000000317.899:2387): avc: denied { map } for pid=19059 comm="blkid" path="/sbin/blkid" dev="sda1" ino=16128 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=0 03:38:40 executing program 5: clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$selinux_context(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/context\x00', 0x2, 0x0) fcntl$getownex(r0, 0x10, &(0x7f0000000140)) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffff9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$key(0xf, 0x3, 0x2) accept$inet(0xffffffffffffff9c, 0x0, &(0x7f00000001c0)) sendmsg$key(r1, &(0x7f0000001a40)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000000c0)=ANY=[@ANYBLOB="020300030c0000000a0000200000000000030006000000f9180200ee00e0000054d81458186fe8b90002000100000000000000030200044a7b030005000000000002000000e0003f010000000000fca0d9"], 0x60}}, 0x0) exit(0x0) writev(0xffffffffffffffff, 0x0, 0x0) sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r2 = syz_open_dev$radio(&(0x7f0000000200)='/dev/radio#\x00', 0x2, 0x2) accept4$rose(r2, &(0x7f0000000240)=@full={0xb, @remote, @null, 0x0, [@remote, @remote, @bcast, @null, @default, @netrom]}, &(0x7f0000000280)=0x40, 0x80000) openat$proc_capi20(0xffffffffffffff9c, &(0x7f0000000480)='/proc/capi/capi20\x00', 0x0, 0x0) getuid() openat$dlm_monitor(0xffffffffffffff9c, 0x0, 0x0, 0x0) socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x59a) 03:38:40 executing program 2: socketpair$unix(0x1, 0x0, 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="2001000010db55000010000000649bdb382db60cdb35feaf635d03160000000000b700000500000083d9b2270000000000005e6f0000000000"], 0x1}}, 0x0) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() r1 = syz_open_dev$adsp(&(0x7f0000000040)='/dev/adsp#\x00', 0x1, 0x400000) ioctl$SNDRV_TIMER_IOCTL_STATUS(r1, 0x80605414, &(0x7f0000000080)=""/4) wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x38) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r0, 0x0, 0x0) 03:38:40 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") r1 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x8046) write(r1, &(0x7f0000000100)="b63db85e1e8d020000000000003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1acfbd6cbf87798a9b02de7a91a3cbdfa009cf75a7eadb2a00", 0x48) socket$nl_netfilter(0x10, 0x3, 0xc) readv(r1, &(0x7f000085dff0)=[{&(0x7f0000000000)=""/62, 0x3e}], 0x1) 03:38:40 executing program 4 (fault-call:1 fault-nth:50): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f0000000380)="8da4363ac0ed0000000000000000004d01000000000000000000000000000013fff6f2a2299748aeb81e1b00920efd9a000001000000000001000000000000005f42485266535f4d860c1317278d451fd38e4071a1e91c0523b67fecca5b668ef40000000000000000e4bd9fa7c5fcb3aefd8d4a6c4952162a5a06316567de06abe647d21f253840c118ae9982c6c238e719ccfbd8f5ee215e30bf31f59401e921c6a9fca5349ebf4294d39b5931232929caf81701a7540962141efc672ae1459ef04de89c7a092e7f", 0xc9, 0x10000}], 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) 03:38:40 executing program 0: r0 = syz_open_dev$sndseq(&(0x7f0000000080)='/dev/snd/seq\x00', 0x0, 0x0) r1 = syz_open_dev$mouse(&(0x7f0000000000)='/dev/input/mouse#\x00', 0x8001, 0x400) ioctl$SIOCAX25NOUID(r1, 0x89e3, &(0x7f0000000280)=0x1) r2 = syz_genetlink_get_family_id$SEG6(&(0x7f0000000140)='SEG6\x00') sendmsg$SEG6_CMD_SETHMAC(r1, &(0x7f0000000240)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB='Z\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="200027bd7000fddbdf2501000000080003000200000014000100fe8000000000000000000000000000181400010000000000000000000000000000000001"], 0x44}, 0x1, 0x0, 0x0, 0x4000}, 0x4004011) ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(r0, 0x4058534c, &(0x7f00000000c0)={0x6, 0x0, 0x3, 0x0, 0x0, 0x4000}) sendto(r1, &(0x7f00000002c0)="02c9876ee7035823f261fd81308e2646bfabada21b1b58f8dd1e8d845be28ebadedfe9ec0b718d4fc3b2ada714fd787de3e92229c458fbb4d1568ff56a0f5503888b3e3cd8932bf14185541aa60100c41ee20b1d8e8268b3ca36f95f2bf4d42de14a3c2c2ea3ff0bf97066e801df1bc451e23daab774402db8b1a87b04efc644917daecadfa1fb53e93d1432f3cf3fa21bb68735333c3c1b630c0a074594bf89acf2e82e8eaa72d3515210119ea71edfa6e7a51d0e98c01def591540059a40e029d5e75a3a40fc8ee4713e9e1974bfdc6497d1", 0xd3, 0x4000000, 0x0, 0x0) 03:38:40 executing program 3: syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0) sendmmsg(r0, 0x0, 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$binfmt_aout(r1, &(0x7f0000000580)=ANY=[@ANYBLOB="00000000008b08b7960ff7aa6e041a7700fdff863809aa0063b8f24252b1d85cbf000000000038f70f653f0ffb09f0d536b564df5e0acad550fe20353fda91f7ffffff1e1ac4bfa3841f9d63e232b9b2500fb1d96033ccfdff066428eb4cb7860c131aef785f25df8e5480dcd79dbe3bfc1deea690e1b2ae74"], 0x79) perf_event_open(&(0x7f0000000800)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) open(&(0x7f00000000c0)='./file0\x00', 0x0, 0x20) prctl$PR_SET_PTRACER(0x59616d61, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(0xffffffffffffffff, 0xc04064a0, 0x0) ioctl$SNDRV_SEQ_IOCTL_RUNNING_MODE(r1, 0xc0105303, &(0x7f0000000040)={0x8, 0x6, 0xfffffffffffffff8}) sendfile(r1, r1, &(0x7f0000000000), 0x8080fffffffe) readlinkat(r0, 0x0, 0x0, 0x0) 03:38:40 executing program 0: r0 = syz_open_dev$evdev(&(0x7f0000000080)='/dev/input/event#\x00', 0x9, 0x1) ioctl$EVIOCGLED(r0, 0x80404519, &(0x7f0000000000)=""/32) r1 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000040)='/dev/snapshot\x00', 0x80, 0x0) epoll_ctl$EPOLL_CTL_DEL(r1, 0x2, r0) 03:38:40 executing program 0: r0 = add_key$keyring(&(0x7f0000000000)='keyring\x00', &(0x7f0000000040)={'syz'}, 0x0, 0x0, 0xfffffffffffffffb) r1 = syz_open_dev$media(&(0x7f0000000140)='/dev/media#\x00', 0x400, 0x100) ioctl$VIDIOC_G_AUDOUT(r1, 0x80345631, &(0x7f0000000340)) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000580)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) keyctl$setperm(0x5, r0, 0x2004) r3 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/capi/capi20ncci\x00', 0xad00, 0x0) ioctl$VIDIOC_S_FBUF(r3, 0x4030560b, &(0x7f00000002c0)={0x4, 0x10, &(0x7f0000000200)="759472c68f900a0abe35a2b84fe80c86ad8668e18dfb73b1d0d51f865ed0ff2b6d6caeb68efc2adf2f446f9d8be296aca4d77fe9ce9ef209f411a6330aa3eced9a6ca9170bb4f54df966e81459dd22e8ff219519cff4d58d9621f2efa291e6e8549ab533f5319e3a5a29c9b10ed38cd8c6b216a13193eadb70b76ed6675bfe2c5640b47dfff43702387d0ec174d9aed1bb", {0x4, 0xfffffffffffffffa, 0x36335f5e, 0x1, 0x401, 0x3, 0xf, 0xffffffffffff8000}}) r4 = syz_open_dev$dspn(&(0x7f0000000080)='/dev/dsp#\x00', 0x1f, 0x40) ioctl$VT_ACTIVATE(r4, 0x5606, 0x2) setresgid(0x0, 0xee00, 0x0) getsockopt$inet_sctp_SCTP_ENABLE_STREAM_RESET(r4, 0x84, 0x76, &(0x7f00000000c0)={0x0, 0xe99}, &(0x7f0000000100)=0x8) getsockopt$inet_sctp6_SCTP_RESET_STREAMS(r4, 0x84, 0x77, &(0x7f0000000300)=ANY=[@ANYRES32=r5, @ANYBLOB="0700010006009d4343636daee2115e5fb1cff5032028d464bea911a5d86eb51d"], &(0x7f0000000180)=0xa) setresuid(0x0, 0xfffe, 0xffffffffffffffff) keyctl$revoke(0x3, r0) [ 533.776182] sg_write: data in/out 167162/24 bytes for SCSI command 0xff-- guessing data in; [ 533.776182] program syz-executor.1 not setting count and/or reply_len properly [ 533.807828] FAULT_INJECTION: forcing a failure. [ 533.807828] name failslab, interval 1, probability 0, space 0, times 0 [ 533.848302] CPU: 0 PID: 19075 Comm: syz-executor.4 Not tainted 4.14.134 #30 [ 533.855441] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 533.864793] Call Trace: [ 533.867396] dump_stack+0x138/0x19c [ 533.871041] should_fail.cold+0x10f/0x159 [ 533.875199] should_failslab+0xdb/0x130 [ 533.875214] __kmalloc_track_caller+0x2ec/0x790 [ 533.875227] ? kasan_check_write+0x14/0x20 [ 533.875239] ? strndup_user+0x62/0xf0 [ 533.883866] memdup_user+0x26/0xa0 03:38:40 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$inet(0x10, 0x800, 0x0) sendmsg(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000200)="24000000240007011dfffd940101830020200a000900000000000000000000010d00ff7e280000001100ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47a6268e3406cf055d90f15a3", 0x4c}], 0x115}, 0x0) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(0xffffffffffffffff, 0x84, 0x70, &(0x7f0000000280)={0x0, @in6={{0xa, 0x4e21, 0x10001, @loopback}}, [0x815, 0x5, 0x49fe, 0xfff, 0x0, 0xc6, 0x7, 0x6, 0x1, 0x4, 0x6, 0x9, 0x4, 0x40, 0xffff]}, &(0x7f0000000040)=0x100) setsockopt$inet_sctp6_SCTP_SET_PEER_PRIMARY_ADDR(r1, 0x84, 0x5, &(0x7f0000000100)={r2, @in6={{0xa, 0x4e20, 0x3, @mcast1, 0x4b4e}}}, 0x84) 03:38:40 executing program 0: r0 = socket$inet_udp(0x2, 0x2, 0x0) syz_genetlink_get_family_id$team(0x0) sendmsg$TEAM_CMD_PORT_LIST_GET(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000240)={&(0x7f0000000140)=ANY=[@ANYBLOB="d28d6b93de8c63209f3d078c10", @ANYRES16=0x0, @ANYBLOB="0000000000000000000003000000"]}}, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='memory.events\x00', 0x0, 0x0) r2 = openat$full(0xffffffffffffff9c, &(0x7f0000000340)='/dev/full\x00', 0x0, 0x0) r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000000200)='TIPC\x00') sendmsg$TIPC_CMD_GET_REMOTE_MNG(r1, &(0x7f0000000380)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x64000}, 0xc, &(0x7f0000000300)={&(0x7f00000002c0)={0x1c, r3, 0x0, 0x0, 0x25dfdbff, {}, [""]}, 0x1c}, 0x1, 0x0, 0x0, 0x8000}, 0x24044081) ioctl$SIOCAX25DELFWD(r1, 0x89eb, &(0x7f0000000040)={@null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}}) mount$bpf(0x20000000, 0x0, 0x0, 0x2001001, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$TIOCLINUX2(r2, 0x541c, 0x0) openat$cgroup_ro(r1, &(0x7f0000000480)='memory.current\x00', 0x0, 0x0) prctl$PR_SET_CHILD_SUBREAPER(0x24, 0x5) lsetxattr$security_smack_entry(0x0, 0x0, 0x0, 0x0, 0x0) ioctl$GIO_FONT(r1, 0x4b60, 0x0) socket$inet(0x2, 0x3, 0x2000000088) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x365f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_open_procfs(0x0, &(0x7f0000000080)='net/if_inet6\x00') ioctl$sock_inet_SIOCGIFADDR(r1, 0x8915, &(0x7f00000003c0)={'ifb0\x00', {0x2, 0x4e24, @loopback}}) ioctl$sock_SIOCETHTOOL(r0, 0x89f0, &(0x7f00000001c0)={'bridge0\x00', &(0x7f0000000000)=@ethtool_cmd={0xa, 0x0, 0xf00}}) setsockopt(r1, 0x849, 0xdbaa, &(0x7f00000004c0)="9da056d21a220a4f0d7793b24c8ec16fc192942e7ea9bdffe06fa81e8a7850e6d3861a68daa691ad12159a09271a18f0a0b09ff16781d4ef0f738dad1a2560d27cd644718ed85e495e9da8c4e3d6ac98f21aab05ac9d77e75e82b4f89a12da14b691f8761c8fe36e06b7b4c1a2f7dad4a75ca1808c78c673754b5275bfd90fbf45e5ecf7596ccc53c72c7c02aadccf8395c7fc8fe8c0037db1c15649af680a15c1db28252068da8da179bb0f", 0xac) [ 533.883878] strndup_user+0x62/0xf0 [ 533.883892] SyS_mount+0x6b/0x120 [ 533.883903] ? copy_mnt_ns+0x8c0/0x8c0 [ 533.906380] do_syscall_64+0x1e8/0x640 [ 533.910273] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 533.915123] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 533.920314] RIP: 0033:0x45c27a [ 533.923515] RSP: 002b:00007f4eb8d06a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 533.931566] RAX: ffffffffffffffda RBX: 00007f4eb8d06b40 RCX: 000000000045c27a [ 533.931573] RDX: 00007f4eb8d06ae0 RSI: 0000000020000100 RDI: 00007f4eb8d06b00 [ 533.931579] RBP: 0000000000000001 R08: 00007f4eb8d06b40 R09: 00007f4eb8d06ae0 [ 533.931584] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000006 [ 533.931589] R13: 00000000004c88e2 R14: 00000000004df6b0 R15: 0000000000000005 03:38:40 executing program 4 (fault-call:1 fault-nth:51): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f0000000380)="8da4363ac0ed0000000000000000004d01000000000000000000000000000013fff6f2a2299748aeb81e1b00920efd9a000001000000000001000000000000005f42485266535f4d860c1317278d451fd38e4071a1e91c0523b67fecca5b668ef40000000000000000e4bd9fa7c5fcb3aefd8d4a6c4952162a5a06316567de06abe647d21f253840c118ae9982c6c238e719ccfbd8f5ee215e30bf31f59401e921c6a9fca5349ebf4294d39b5931232929caf81701a7540962141efc672ae1459ef04de89c7a092e7f", 0xc9, 0x10000}], 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) 03:38:40 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") r1 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x8046) write(r1, &(0x7f0000000200)="b63db85e1e8d020000000000003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1acfbd6cbf87798a9b02de7ab87f2a77b19d7ff591a3cbdfa009cf75a7eadb2a00", 0x50) readv(r1, &(0x7f000085dff0)=[{&(0x7f0000000000)=""/62, 0x3e}], 0x1) [ 534.001525] sg_write: data in/out 167162/24 bytes for SCSI command 0xff-- guessing data in; [ 534.001525] program syz-executor.1 not setting count and/or reply_len properly [ 534.038611] FAULT_INJECTION: forcing a failure. [ 534.038611] name failslab, interval 1, probability 0, space 0, times 0 [ 534.050270] CPU: 1 PID: 19107 Comm: syz-executor.4 Not tainted 4.14.134 #30 [ 534.057493] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 534.066860] Call Trace: [ 534.069473] dump_stack+0x138/0x19c [ 534.073127] should_fail.cold+0x10f/0x159 [ 534.077320] should_failslab+0xdb/0x130 [ 534.087489] kmem_cache_alloc_trace+0x2e9/0x790 [ 534.092177] ? kasan_check_write+0x14/0x20 [ 534.096425] ? _copy_from_user+0x99/0x110 [ 534.100624] copy_mount_options+0x5c/0x2f0 [ 534.104878] SyS_mount+0x87/0x120 [ 534.108345] ? copy_mnt_ns+0x8c0/0x8c0 [ 534.112244] do_syscall_64+0x1e8/0x640 [ 534.116143] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 534.121003] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 534.126202] RIP: 0033:0x45c27a [ 534.129393] RSP: 002b:00007f4eb8d06a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 534.137121] RAX: ffffffffffffffda RBX: 00007f4eb8d06b40 RCX: 000000000045c27a [ 534.144404] RDX: 00007f4eb8d06ae0 RSI: 0000000020000100 RDI: 00007f4eb8d06b00 [ 534.151682] RBP: 0000000000000001 R08: 00007f4eb8d06b40 R09: 00007f4eb8d06ae0 [ 534.158961] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000006 [ 534.166235] R13: 00000000004c88e2 R14: 00000000004df6b0 R15: 0000000000000005 [ 534.196097] sg_write: data in/out 167162/32 bytes for SCSI command 0xff-- guessing data in; [ 534.196097] program syz-executor.1 not setting count and/or reply_len properly 03:38:41 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") llistxattr(&(0x7f0000000180)='./file0\x00', &(0x7f00000001c0), 0x0) r1 = openat$proc_capi20(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/capi/capi20\x00', 0x101600, 0x0) getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(r1, 0x6, 0x23, &(0x7f0000000200)={&(0x7f0000ffa000/0x4000)=nil, 0x4000}, &(0x7f0000000240)=0x10) r2 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x8046) write(r2, &(0x7f0000000100)="b63db85e1e8d020000000000003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1acfbd6cbf87798a9b02de7a91a3cbdfa009cf75a7eadb2a00", 0x48) readv(r2, &(0x7f000085dff0)=[{&(0x7f0000000000)=""/62, 0x3e}], 0x1) r3 = openat$selinux_avc_hash_stats(0xffffffffffffff9c, &(0x7f0000000080)='/selinux/avc/hash_stats\x00', 0x0, 0x0) prctl$PR_SET_MM(0x23, 0x0, &(0x7f0000ffc000/0x4000)=nil) ioctl$VIDIOC_ENUMAUDOUT(r3, 0xc0345642, &(0x7f00000000c0)={0x3, "6fbf0dec39ea864638ffd691f9bb3ea6665e22cb2d0cbfb5bb25dcf0ad38d601", 0x2, 0x1}) setxattr$trusted_overlay_opaque(&(0x7f0000000280)='./file0\x00', &(0x7f00000002c0)='trusted.overlay.opaque\x00', &(0x7f0000000300)='y\x00', 0x2, 0x2) [ 534.603324] sg_write: data in/out 167162/24 bytes for SCSI command 0xff-- guessing data in; [ 534.603324] program syz-executor.1 not setting count and/or reply_len properly [ 534.626979] sg_write: data in/out 167162/24 bytes for SCSI command 0xff-- guessing data in; [ 534.626979] program syz-executor.1 not setting count and/or reply_len properly [ 535.280135] net_ratelimit: 16 callbacks suppressed [ 535.280152] protocol 88fb is buggy, dev hsr_slave_0 [ 535.285151] protocol 88fb is buggy, dev hsr_slave_0 [ 535.290252] protocol 88fb is buggy, dev hsr_slave_1 [ 535.295240] protocol 88fb is buggy, dev hsr_slave_1 [ 535.305326] protocol 88fb is buggy, dev hsr_slave_0 [ 535.310401] protocol 88fb is buggy, dev hsr_slave_1 [ 535.370164] protocol 88fb is buggy, dev hsr_slave_1 [ 535.680109] protocol 88fb is buggy, dev hsr_slave_0 [ 535.685210] protocol 88fb is buggy, dev hsr_slave_1 03:38:43 executing program 2: socketpair$unix(0x1, 0x0, 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="2001000010db55000000000000649bdb382db60cdb35feaf0900000000000000000000000000201483d9b22701010000d08a38cd02fa9ed7d2"], 0x1}}, 0x0) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x38) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0xffffffffffffffff, &(0x7f0000000080)) ptrace$cont(0x9, r0, 0x0, 0x0) 03:38:43 executing program 0: r0 = epoll_create1(0x0) r1 = epoll_create1(0x0) close(r0) openat$rfkill(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/rfkill\x00', 0x0, 0x0) pipe2(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000002c0)={0xffffffffffffffff}, 0x2, 0x4}}, 0x20) write$RDMA_USER_CM_CMD_QUERY(r2, &(0x7f0000000340)={0x13, 0x10, 0xfa00, {&(0x7f00000000c0), r3, 0x3}}, 0x18) r4 = openat$proc_capi20(0xffffffffffffff9c, &(0x7f0000000380)='/proc/capi/capi20\x00', 0x20000, 0x0) dup3(r2, r4, 0x80000) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000040)) 03:38:43 executing program 4 (fault-call:1 fault-nth:52): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f0000000380)="8da4363ac0ed0000000000000000004d01000000000000000000000000000013fff6f2a2299748aeb81e1b00920efd9a000001000000000001000000000000005f42485266535f4d860c1317278d451fd38e4071a1e91c0523b67fecca5b668ef40000000000000000e4bd9fa7c5fcb3aefd8d4a6c4952162a5a06316567de06abe647d21f253840c118ae9982c6c238e719ccfbd8f5ee215e30bf31f59401e921c6a9fca5349ebf4294d39b5931232929caf81701a7540962141efc672ae1459ef04de89c7a092e7f", 0xc9, 0x10000}], 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) 03:38:43 executing program 3: openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) fcntl$setownex(0xffffffffffffffff, 0xf, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f00000001c0)='TIPCv2\x00') sendmsg$TIPC_NL_UDP_GET_REMOTEIP(0xffffffffffffffff, 0x0, 0x800) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000100)='./file0\x00', 0x0) epoll_create(0x0) ioctl$KDSETLED(0xffffffffffffffff, 0x4b32, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x400000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$TIPC_NL_BEARER_SET(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000300)={&(0x7f0000000400)=ANY=[@ANYBLOB="00022cbd7000fddbdf250500000024000900080002000100000008000200010001e5080001000100000008000200000000001400060004000200040008000100040000001800070008000200000000800c827aa4e1f04c18f42200040001040000000000003c000900080001000800000008000200db0c000008000200400008cb3b0000080001000600000008000100090000080800010008000000080001000400000028000600080001000700000004000200040002000400020008000100810000bf15bb2b8a13bdb0004400020004000400080001000200000008000200070000008be75a6f5afaffd541b044e00800010005000c000800020000000000080002000001000008000200faffffff838d52ec5036c9e7078a88b6091dc3a8fb6a2f7e3207aaf55e260def55819c5af92f1f6946c6b76b4ba728d09e66b3cfd26e4471a8a618a48a856858363f02c94da179e39dc434bc9553660905a1103503ba95f44f20d44d5c1aa84d28d358e700a19e6cfa207bff814e9c774291c89a2bd085d994dee3d943ffdc2083d413c26ca9865ac37dee69e574ccea362b4e23ad8ed6490ad9ad5c38ab5e59dca961e0de85be6605daae"], 0x1}, 0x1, 0x0, 0x0, 0x40}, 0x10) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xcd84}, 0x800000200000000, 0x2}, 0x0, 0x0, 0xffffffffffffff9c, 0x0) getsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0xcd, &(0x7f0000000200)=""/111, &(0x7f0000000180)=0x6f) getsockname(0xffffffffffffffff, &(0x7f0000000080)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000140)=0x80) mount(0x0, &(0x7f0000000280)='./file0\x00', &(0x7f00000003c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) clone(0x0, 0x0, 0x0, 0x0, 0x0) 03:38:43 executing program 5: syz_open_dev$sndpcmc(&(0x7f0000000000)='/dev/snd/pcmC#D#c\x00', 0x6, 0x10800) socketpair$unix(0x1, 0x0, 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = getpgid(0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000100)=0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = socket$inet6(0xa, 0xe4d5e13740364186, 0x6) setsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x23, &(0x7f0000000380)={{{@in6, @in6=@local, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x800000000005, 0x0, 0x1}, {{@in6=@empty, 0x0, 0x33}, 0x0, @in6=@local, 0x0, 0x0, 0x0, 0x6}}, 0xe8) keyctl$reject(0x13, 0x0, 0x1, 0x40, 0x0) connect$inet6(r1, &(0x7f0000000200)={0xa, 0x4e20, 0x0, @local, 0x1}, 0x1c) sendmmsg(r1, &(0x7f0000007e00), 0x400000000000058, 0x0) 03:38:43 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") r1 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x8046) write(r1, &(0x7f0000000100)="b63db85e1e8d020000000000003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1acfbd6cbf87798a9b02de7a91a3cbdfa009cf75a7eadb2a00", 0x48) readv(r1, &(0x7f000085dff0)=[{&(0x7f0000000000)=""/62, 0x3e}], 0x1) r2 = syz_open_procfs(0x0, &(0x7f0000000080)='net/mcfilter\x00') ioctl$VIDIOC_G_EXT_CTRLS(r2, 0xc0205647, &(0x7f00000001c0)={0xa30000, 0x7, 0x7, [], &(0x7f0000000180)={0x980906, 0x7, [], @ptr=0x3}}) fcntl$notify(r0, 0x402, 0x2) setsockopt$sock_attach_bpf(r0, 0x1, 0x32, &(0x7f00000000c0)=r2, 0x4) setsockopt$IP_VS_SO_SET_ADD(r2, 0x0, 0x482, &(0x7f0000000200)={0x3d, @rand_addr=0xc8a, 0x4e24, 0x2, 'nq\x00', 0xc, 0x7, 0x6}, 0x2c) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r1, 0x84, 0x6e, &(0x7f0000000240)=[@in={0x2, 0x4e22, @loopback}, @in={0x2, 0x4e22, @empty}, @in={0x2, 0x4e24, @remote}, @in6={0xa, 0x4e22, 0xffffffffffffa988, @mcast1, 0x4}, @in={0x2, 0x4e23, @broadcast}, @in6={0xa, 0x4e20, 0x1000, @mcast2, 0x1000}, @in6={0xa, 0x4e21, 0x101, @empty, 0xff}, @in6={0xa, 0x4e24, 0x3, @mcast1, 0x9}, @in6={0xa, 0x4e24, 0x80000000, @initdev={0xfe, 0x88, [], 0x1, 0x0}, 0x5}, @in6={0xa, 0x4e23, 0x80000000, @loopback, 0xc2}], 0xe8) [ 536.796836] kauditd_printk_skb: 29 callbacks suppressed [ 536.796845] audit: type=1400 audit(2000000323.189:2417): avc: denied { create } for pid=19131 comm="syz-executor.3" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=0 03:38:43 executing program 3: openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) fcntl$setownex(0xffffffffffffffff, 0xf, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f00000001c0)='TIPCv2\x00') sendmsg$TIPC_NL_UDP_GET_REMOTEIP(0xffffffffffffffff, 0x0, 0x800) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000100)='./file0\x00', 0x0) epoll_create(0x0) ioctl$KDSETLED(0xffffffffffffffff, 0x4b32, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x400000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$TIPC_NL_BEARER_SET(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000300)={&(0x7f0000000400)=ANY=[@ANYBLOB="00022cbd7000fddbdf250500000024000900080002000100000008000200010001e5080001000100000008000200000000001400060004000200040008000100040000001800070008000200000000800c827aa4e1f04c18f42200040001040000000000003c000900080001000800000008000200db0c000008000200400008cb3b0000080001000600000008000100090000080800010008000000080001000400000028000600080001000700000004000200040002000400020008000100810000bf15bb2b8a13bdb0004400020004000400080001000200000008000200070000008be75a6f5afaffd541b044e00800010005000c000800020000000000080002000001000008000200faffffff838d52ec5036c9e7078a88b6091dc3a8fb6a2f7e3207aaf55e260def55819c5af92f1f6946c6b76b4ba728d09e66b3cfd26e4471a8a618a48a856858363f02c94da179e39dc434bc9553660905a1103503ba95f44f20d44d5c1aa84d28d358e700a19e6cfa207bff814e9c774291c89a2bd085d994dee3d943ffdc2083d413c26ca9865ac37dee69e574ccea362b4e23ad8ed6490ad9ad5c38ab5e59dca961e0de85be6605daae"], 0x1}, 0x1, 0x0, 0x0, 0x40}, 0x10) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xcd84}, 0x800000200000000, 0x2}, 0x0, 0x0, 0xffffffffffffff9c, 0x0) getsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0xcd, &(0x7f0000000200)=""/111, &(0x7f0000000180)=0x6f) getsockname(0xffffffffffffffff, &(0x7f0000000080)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000140)=0x80) mount(0x0, &(0x7f0000000280)='./file0\x00', &(0x7f00000003c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) clone(0x0, 0x0, 0x0, 0x0, 0x0) 03:38:43 executing program 5: pipe(0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_inet_SIOCSIFPFLAGS(0xffffffffffffffff, 0x8934, &(0x7f0000000140)={'ip6gre0\x00', 0x1f}) setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, 0x0, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount$bpf(0x20000000, &(0x7f00000001c0)='./file0\x00', 0x0, 0x2001001, 0x0) sendmsg$TIPC_NL_UDP_GET_REMOTEIP(0xffffffffffffffff, 0x0, 0x40080) write$P9_RREMOVE(0xffffffffffffffff, &(0x7f0000000280)={0x7}, 0x7) syz_mount_image$ext4(0x0, &(0x7f0000000400)='./file0\x00', 0x5, 0xffffffffffffff4a, 0x0, 0x48001, 0x0) pivot_root(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000100)='./file0\x00') syz_genetlink_get_family_id$net_dm(0x0) symlink(0x0, &(0x7f0000000480)='./file0\x00') r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000200)='/dev/zero\x00', 0x2, 0x0) connect$unix(r0, &(0x7f00000006c0)=@file={0x1, './file0/file0\x00'}, 0x6e) r1 = syz_open_dev$vcsa(&(0x7f0000000180)='/dev/vcsa#\x00', 0x2a, 0x88100) syz_genetlink_get_family_id$net_dm(&(0x7f0000000440)='NET_DM\x00') ioctl$BINDER_GET_NODE_INFO_FOR_REF(r1, 0xc018620c, &(0x7f00000003c0)={0x3}) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000240)='TIPCv2\x00') sendmsg$TIPC_NL_NET_SET(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000580)=ANY=[@ANYBLOB="00adfcc08872e3ca5aa720ee4452e9c6ee25f4c2ca3ac91b9070cb9f10f14f5485b7c9bf115c618050252aeb8084e47422eecb70469b5bd861fe1e3598923caa7534c05e8b0db9ccf96306650a583c1cfe4e12617fffed474b25c0ea9a719ff379c0cb2bc695446e547f05d574038eda2d08af66320eca24adde9f14044d5b72e8e5bb65bb64770993e259f9870a93b1935f86604995e9726bce7e6287422e2da40bb38df76d50aaaa06813e7c95ef4e7de6a2c82448d9878ffda14a8bbdecfaf8c2c079be2c32f07fc41d93d099f22200439b24a5af4066650d37fdde04adfee8b74564941cab102cf0f70d26cc9496b8ee42b6c11fbcd9ee94ded6aa7640cfbf7c88bdc632e1e4550657e0cb69d21383e9700b9b486f77eda23b7aa3a5d5ea2e2c", @ANYRES16=r2], 0x2}, 0x1, 0x0, 0x0, 0x20000001}, 0x44001) getsockopt$inet6_tcp_TCP_REPAIR_WINDOW(0xffffffffffffffff, 0x6, 0x1d, &(0x7f0000000340), &(0x7f0000000380)=0x14) sendmsg(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f00000000c0)="240000001a0007041dfffd946f6105000a0000001f000000003f08000800030002000000", 0x24}], 0x1}, 0x0) 03:38:43 executing program 0: r0 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) setsockopt$inet6_MRT6_DEL_MFC(r0, 0x29, 0xcd, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, 0x0, 0x0) fstat(r0, &(0x7f0000000440)) ioctl$sock_ifreq(r0, 0x8926, &(0x7f0000000340)={'nr0\x00', @ifru_names='team_slave_1\x00'}) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r0, 0x84, 0x1d, &(0x7f00000003c0)=ANY=[@ANYBLOB="e22c98b2a226675ea32cdd8703f85759634ad2cdff51dc09386d5e677ea828858401ce7a3f7213eeec1c042d1f2ce166c9587637d1784f54c5a143bfc8ed1dd825f956bc97dfccaafcd794cdd9a0fedf65dc7c8236db3f02d2761f643f0455d621d338c340e4d9768f69b873fb0aed5dc1f8388a5f555cf009", @ANYRES32=0x0], &(0x7f0000000280)=0x8) setsockopt$inet_sctp_SCTP_DEFAULT_SNDINFO(r0, 0x84, 0x22, &(0x7f00000002c0)={0x0, 0x0, 0x2ef, 0x6, r1}, 0x10) unshare(0x2040400) perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) ioctl$VIDIOC_DBG_G_REGISTER(r0, 0xc0385650, &(0x7f0000000300)={{0x0, @name="ef032058675926e035490054101ec430388ee162ff1ca83c7aa57b75e3ffb96b"}, 0x8, 0xfff, 0x5}) setxattr$trusted_overlay_opaque(0x0, &(0x7f0000000180)='trusted.overlay.opaque\x00', &(0x7f00000001c0)='y\x00', 0x2, 0x2) ioctl$sock_ifreq(r2, 0x8937, &(0x7f0000000380)={'bcsh0\x00', @ifru_names='bond_slave_1\x00'}) getpeername$ax25(r0, &(0x7f0000000000)={{}, [@remote, @bcast, @null, @netrom, @default, @default, @rose, @rose]}, &(0x7f0000000080)=0x48) ioctl$sock_ifreq(r2, 0x8990, &(0x7f0000000240)={'bond0\x00\xe1\x03\n\x00!!\x00\x01\x00', @ifru_names='bond_slave_1\x00'}) sendmsg$can_raw(0xffffffffffffffff, 0x0, 0x400007f) syz_open_dev$sndpcmc(&(0x7f0000000140)='/dev/snd/pcmC#D#c\x00', 0x7, 0x10000) [ 536.859955] FAULT_INJECTION: forcing a failure. [ 536.859955] name failslab, interval 1, probability 0, space 0, times 0 [ 536.861859] sg_write: data in/out 167162/24 bytes for SCSI command 0xff-- guessing data in; [ 536.861859] program syz-executor.1 not setting count and/or reply_len properly [ 536.941940] audit: type=1400 audit(2000000323.319:2418): avc: denied { create } for pid=19155 comm="syz-executor.3" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=0 [ 536.959834] CPU: 0 PID: 19139 Comm: syz-executor.4 Not tainted 4.14.134 #30 [ 536.973563] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 536.982919] Call Trace: [ 536.985510] dump_stack+0x138/0x19c [ 536.989145] should_fail.cold+0x10f/0x159 [ 536.993305] should_failslab+0xdb/0x130 [ 536.997286] kmem_cache_alloc_trace+0x2e9/0x790 [ 537.001964] ? kasan_check_write+0x14/0x20 [ 537.006231] ? _copy_from_user+0x99/0x110 [ 537.010397] copy_mount_options+0x5c/0x2f0 [ 537.014669] SyS_mount+0x87/0x120 [ 537.018127] ? copy_mnt_ns+0x8c0/0x8c0 [ 537.022019] do_syscall_64+0x1e8/0x640 [ 537.025906] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 537.030759] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 537.035947] RIP: 0033:0x45c27a 03:38:43 executing program 2: socketpair$unix(0x1, 0x0, 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB="2001000010db55000000000000649bdb382db60cdb35feaf0900000000000000000000000000201483d9b22701010000d08a38cd02fa9ed7d27c91bfad8307"], 0x1}}, 0x0) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x38) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r0, 0x0, 0x0) 03:38:43 executing program 0: r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000000)="2e0000001c008104e00f80ecdb4cb9040ac804a012000000040090fb120001000e10da1b40d819a9060015000000", 0x2e}], 0x1}, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) recvfrom$inet6(r1, &(0x7f0000000100)=""/152, 0x98, 0x20, &(0x7f0000000040)={0xa, 0x4e22, 0x8, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x22}}, 0xe00000}, 0x1c) [ 537.039136] RSP: 002b:00007f4eb8d06a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 537.046850] RAX: ffffffffffffffda RBX: 00007f4eb8d06b40 RCX: 000000000045c27a [ 537.054127] RDX: 00007f4eb8d06ae0 RSI: 0000000020000100 RDI: 00007f4eb8d06b00 [ 537.061674] RBP: 0000000000000001 R08: 00007f4eb8d06b40 R09: 00007f4eb8d06ae0 [ 537.070631] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000006 [ 537.077938] R13: 00000000004c88e2 R14: 00000000004df6b0 R15: 0000000000000005 03:38:43 executing program 3: openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) fcntl$setownex(0xffffffffffffffff, 0xf, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f00000001c0)='TIPCv2\x00') sendmsg$TIPC_NL_UDP_GET_REMOTEIP(0xffffffffffffffff, 0x0, 0x800) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000100)='./file0\x00', 0x0) epoll_create(0x0) ioctl$KDSETLED(0xffffffffffffffff, 0x4b32, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x400000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$TIPC_NL_BEARER_SET(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000300)={&(0x7f0000000400)=ANY=[@ANYBLOB="00022cbd7000fddbdf250500000024000900080002000100000008000200010001e5080001000100000008000200000000001400060004000200040008000100040000001800070008000200000000800c827aa4e1f04c18f42200040001040000000000003c000900080001000800000008000200db0c000008000200400008cb3b0000080001000600000008000100090000080800010008000000080001000400000028000600080001000700000004000200040002000400020008000100810000bf15bb2b8a13bdb0004400020004000400080001000200000008000200070000008be75a6f5afaffd541b044e00800010005000c000800020000000000080002000001000008000200faffffff838d52ec5036c9e7078a88b6091dc3a8fb6a2f7e3207aaf55e260def55819c5af92f1f6946c6b76b4ba728d09e66b3cfd26e4471a8a618a48a856858363f02c94da179e39dc434bc9553660905a1103503ba95f44f20d44d5c1aa84d28d358e700a19e6cfa207bff814e9c774291c89a2bd085d994dee3d943ffdc2083d413c26ca9865ac37dee69e574ccea362b4e23ad8ed6490ad9ad5c38ab5e59dca961e0de85be6605daae"], 0x1}, 0x1, 0x0, 0x0, 0x40}, 0x10) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xcd84}, 0x800000200000000, 0x2}, 0x0, 0x0, 0xffffffffffffff9c, 0x0) getsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0xcd, &(0x7f0000000200)=""/111, &(0x7f0000000180)=0x6f) getsockname(0xffffffffffffffff, &(0x7f0000000080)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000140)=0x80) mount(0x0, &(0x7f0000000280)='./file0\x00', &(0x7f00000003c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) clone(0x0, 0x0, 0x0, 0x0, 0x0) [ 537.126756] audit: type=1400 audit(2000000323.329:2419): avc: denied { map } for pid=19150 comm="blkid" path="/sbin/blkid" dev="sda1" ino=16128 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=0 03:38:43 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") r1 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x8046) write(r1, &(0x7f0000000100)="b63db85e1e8d020000000000003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1acfbd6cbf87798a9b02de7a91a3cbdfa009cf75a7eadb2a00", 0x2c) readv(r1, &(0x7f000085dff0)=[{&(0x7f0000000000)=""/62, 0x3e}], 0x1) r2 = syz_open_dev$usb(&(0x7f0000000080)='/dev/bus/usb/00#/00#\x00', 0x0, 0x0) ioctl$KVM_S390_UCAS_UNMAP(r2, 0x4018ae51, &(0x7f0000000180)={0x200, 0x2400e797, 0xfffffffffffffff8}) ioctl$sock_inet6_tcp_SIOCOUTQNSD(r2, 0x894b, &(0x7f00000000c0)) [ 537.193111] audit: type=1400 audit(2000000323.339:2420): avc: denied { map } for pid=19152 comm="blkid" path="/sbin/blkid" dev="sda1" ino=16128 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=0 03:38:43 executing program 0: r0 = open(0x0, 0x100, 0x10) ioctl(0xffffffffffffffff, 0x0, &(0x7f0000000080)) r1 = openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$TIOCGPGRP(r0, 0x540f, &(0x7f0000000300)=0x0) getsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f0000000a80)={{{@in6=@loopback, @in=@broadcast, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@empty}, 0x0, @in6=@loopback}}, &(0x7f0000000340)=0xe8) r4 = geteuid() sendmsg$netlink(r0, &(0x7f0000000e40)={&(0x7f0000000080)=@kern={0x10, 0x0, 0x0, 0x4000800}, 0xc, &(0x7f0000000dc0)=[{&(0x7f0000000200)={0xfc, 0x1b, 0x2, 0x70bd26, 0x25dfdbfd, "", [@generic="cb2dd7d638677e20a5bb382d97c79722140da7d108e018781cfd4dd8f2b80abee79fa8f2c346ca4ce85ee7e9af068b1a881796eb1c5560792342b702b8e9cd56e2b095f2f6205d5f271ff6cf5c11f70fd45c224557e06c88c2c62abb2c1c9ba0f7e68408ef7d68de6561e1108e08f4d6c649a39f5a2bc73d03800a72d836b276e09ae3a1511520014559da29c22f7991f319b06377281073e8744ca50ad3c24f9ecabcc3e956ac8625499a51f8e95c7b2d2e5fe84c66cdc73a1f0f514c123a66f1f24290912d74a18532a153486cea4358165a86db7ede98260a30fc70ec6bb3717980b6dd07354bd2"]}, 0xfc}, {&(0x7f0000000500)={0x1e0, 0x26, 0x0, 0x70bd2c, 0x25dfdbfc, "", [@nested={0xd8, 0x95, [@generic="0037f51fa2a73ad30cc8554ff035bf4c23302b6b0e5d510cba6b3352af2e9144dfbc254bbe30960bd57630abcb11300a2b5acabcd35fc5cf961170a326dd55e6cc17496ff188bbe9c92bb0f324a786ff48adb583996549ca2313867fe5724762d5e5f8b6d63dcde08939138cf5a4408816b24917e442309f3621efe113ec176b5cf1a5dac1450421c8469b5572e7afb090302124e708b54eeda3ea399fcb20019803ec2922a589889ea7ce0a30b4f06f43c2c2f6377fae1b193eaad4339f7c5198ed813721ebf6dd0ee5da6d5304d07c66c059"]}, @nested={0xf0, 0x93, [@typed={0x14, 0x86, @ipv6=@mcast2}, @typed={0x14, 0x58, @ipv6=@dev={0xfe, 0x80, [], 0x1f}}, @typed={0x4, 0x48}, @generic="b51a19c8a5cc46c5a7f1cf745b6e6117c5bc1e0e7baa67a0de5c7d2d91d53cd95aacc63a1d62f34be5be1fe50edf078f880452ddb01d2e860aac693106596e53b52c1f34966914acc0e88190c3d207314f580729c52e9f96b322bcdc1d4467841b3a251cb0459e3424b68f90c42e150d3b2ba46b12c23b26fa3257", @generic="c4c48209627d4e0501e13bd37ed93eaa29ce0af407709da9e6ae32707a0a3e8b30865028f1156ccb8e83869a16a69ca5d079578fca6e8900f9b78a20f34ff120b4cd831da2"]}, @typed={0x8, 0x52, @u32=0x8}]}, 0x1e0}, {&(0x7f0000000700)={0x370, 0x16, 0x800, 0x70bd29, 0x25dfdbfb, "", [@nested={0xb4, 0x73, [@generic="3f94d3c543d3fabbc2cc7b248ad85e7bcf04b09a3803d53bf597a63ef250f5a362bbe00fe0db977b992543c77c74502498262f98da261f2f03c439f9167fd75352645e9a7f59a21c0e3457eb4b0e191a747700e0d34726b564145338114f7fccb0d6e0b308c77e73893395d48cf1a36d8df02ecd72f8c8faf74a686e763440f92dc03b8f40451766866f28e52201f59044c7c415231aaa4f21abed3f8dbcca05ff2f", @typed={0xc, 0x57, @u64}]}, @nested={0x244, 0x19, [@generic="6310d32a33914911026e4213866e422956c041e231050dcb39df0f4888cec8819c8f673b93d0540f1d456515b3b8d5ca222f5e2412d065a2a8bb637c50aaa23b9f1ae9434e7acf5c3e6097d4122ad88bd35be1e9690665c02592a843", @generic="81b66d60aa72049e097f3cfc4fc50633", @typed={0x14, 0x7b, @ipv6=@empty}, @typed={0x8, 0x6a, @pid=r2}, @generic="66d22b66725aebb1b64052aa8a41239139fda87395b1dfca58ee5b8961407d0ae099feb9404f400c4541cacd849c8204ddfd746a4e209b1fc56ba6cda58f3414ad5bb95bf35fdf3b9f431fc94a6a43378c566c2dad5ec14a213368d947c983b71502eb4da44c95c202d494a108d57c67ec93ccc2533432a145f1a719b20d42be2f6a772d12f3a19859499f853ca7da54d6c2943c5c", @generic="28f5c990d59b5d5d4d89af04541b68a5e5bd9f5e0425b602bf9a66083b9d3a9db04256b5cb9ad1cf48df2e29d5b6c185", @generic="27ec09cf21d40be162abc6abd20a1dd4e8dec840b6c78117d6a155abbe16d371533e73cbcc1ddadb76c5bad34446236399db128ede0d632823af64f05b54cfa0739bfef048ee438a6c09b1efbf77fa144c664c0e9eb6c4d606ee64b6906591f130c457d82448d3e9f35da30b211b251d61491dc2c5cc5a71c58ee646cab79f91c5fca8536e0dc3db91ae46c33dd61f9cc1e5599e9a22d865854721d6c22af47a8f8eabddd6f027516b19552275750a9c12149108123b78856f2fe025606fb8ea7013a958aa2ca59fb7263fb4dd27998fb6ebc316023af9c389cda076a5454b0f74e0f6474b9cda467a09534a3508376d6db1a6"]}, @typed={0xc, 0x44, @u64=0x6b00000000000000}, @generic="a9e0f4173230f5962e1c568f16353823eda9dcd818e80dc8ed11c8849002b36508903f8e6be38e99a3897f85f3a5fea524dfe514abc60c553f8f", @typed={0x14, 0x51, @ipv6=@ipv4={[], [], @multicast1}}, @typed={0xc, 0x64, @str='vfat\x00'}]}, 0x370}, {&(0x7f0000000b80)={0x204, 0x16, 0x120, 0x70bd28, 0x25dfdbfe, "", [@typed={0xc, 0xf, @u64=0x7}, @nested={0x1a4, 0x45, [@generic="3dba41392a4deb99f87a7d28c9270309ead898ca4cfa3727ec2fb0867edccf0cb5be70eee192ba5a6168b740d820af9696e50fb0e2d390caffeacb15868f0048bd0606e5009317067b53204762da212ffa", @typed={0x8, 0x88, @fd=r0}, @generic="3d64ae5d4d8828ebc69f154c0a9cd876432e0dce3e05911e149061e4b668c76c4c1d98b408897d4d86dc41393eb6b76d9c7083f318235391e7041ed1d2a1a8bea9254a5e52349457ceceae76fc2dc9e7b34fa5481aecfb", @generic="c18f276b6191a6260ed7beb6da747efe1e8f5fc94b18e8a353a60e54287a2573bda57599c499021fc45895529ce7e21f0c26fb0658d9e5388dc47806f2a223c1b496cf402a7db1577e3cd7009876c662fc737a3b80017c8b9a2bfdcca634feda596f7491742f7312a7a09d6fd13a5fedb751c0a2b64233a831fe925ae23e36c67b7c8dd4a2223e715c6240807571bad695b78a5ddb823754b7cbcae177afd9da435172bc084833bfca1d7bbd2c6e91bf50168c523db3021b3a9e859ef44141e9148b57a7afed084c414946c375c1ff39f0d09da0d9db15a5c7c45aa741a48d3a", @typed={0x8, 0x2b, @uid=r3}, @typed={0x8, 0x7, @uid=r4}]}, @typed={0x4, 0x7c}, @nested={0x40, 0x16, [@generic="c18fbfe14605f9e2bd438d4b68ce5095bd5ea78d8613e749e8980602f0735e9b91de94f17c6fb712b71d0498c602a7c942954c80bc", @generic="ed76c8d50e6d"]}]}, 0x204}, {&(0x7f0000000380)={0x28, 0x22, 0xc00, 0x70bd29, 0x25dfdbfe, "", [@generic="4c565b142303da455c7a6fc4d0ae8672590e2e736b"]}, 0x28}], 0x5, &(0x7f00000003c0)=[@rights={{0x20, 0x1, 0x1, [r0, r0, r1, r1]}}], 0x20, 0x400c000}, 0x20000000) ioctl$TUNSETSTEERINGEBPF(r0, 0x800454e0, 0x0) syz_open_dev$loop(0x0, 0x0, 0x0) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) setsockopt$IP_VS_SO_SET_TIMEOUT(0xffffffffffffffff, 0x0, 0x48a, &(0x7f00000001c0)={0x0, 0x0, 0x5}, 0xffffffffffffff1e) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000081, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) connect$tipc(r0, 0x0, 0x0) syz_init_net_socket$nfc_llcp(0x27, 0x3, 0x1) r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) fchdir(r5) ioctl$SNDRV_TIMER_IOCTL_GSTATUS(0xffffffffffffffff, 0xc0505405, &(0x7f0000000440)={{0xffffffffffffffff, 0x0, 0x9, 0x1, 0x4}, 0x3f, 0x0, 0x6}) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f00000004c0)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) umount2(&(0x7f0000000400)='./file0\x00', 0x4) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f00000000c0), &(0x7f0000000140)=0xc) [ 537.259061] audit: type=1400 audit(2000000323.399:2421): avc: denied { create } for pid=19159 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=0 [ 537.311898] audit: type=1400 audit(2000000323.429:2422): avc: denied { create } for pid=19159 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=0 [ 537.337744] audit: type=1400 audit(2000000323.459:2423): avc: denied { map } for pid=19158 comm="blkid" path="/sbin/blkid" dev="sda1" ino=16128 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=0 03:38:43 executing program 4 (fault-call:1 fault-nth:53): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f0000000380)="8da4363ac0ed0000000000000000004d01000000000000000000000000000013fff6f2a2299748aeb81e1b00920efd9a000001000000000001000000000000005f42485266535f4d860c1317278d451fd38e4071a1e91c0523b67fecca5b668ef40000000000000000e4bd9fa7c5fcb3aefd8d4a6c4952162a5a06316567de06abe647d21f253840c118ae9982c6c238e719ccfbd8f5ee215e30bf31f59401e921c6a9fca5349ebf4294d39b5931232929caf81701a7540962141efc672ae1459ef04de89c7a092e7f", 0xc9, 0x10000}], 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) 03:38:43 executing program 5: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f00000001c0)={0x2, 0x4e23, @broadcast}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x20000003, &(0x7f0000000100)={0x2, 0x1000004e23, @local}, 0x10) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = memfd_create(&(0x7f0000000200)='selinux/.bdev,\x00', 0x0) ftruncate(r2, 0x4000b) r3 = accept(r1, &(0x7f00000003c0)=@vsock={0x28, 0x0, 0x0, @reserved}, &(0x7f0000000040)=0x80) recvfrom$inet6(r3, &(0x7f0000000180)=""/15, 0xf, 0x20, &(0x7f0000000240)={0xa, 0x4e24, 0x5, @rand_addr="ce626947393bccca1efe6c4efafdca0a", 0x40}, 0x1c) r4 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dlm-monitor\x00', 0x82, 0x0) getsockopt$inet_pktinfo(r4, 0x0, 0x8, &(0x7f0000000440)={0x0, @dev, @loopback}, &(0x7f00000004c0)) recvfrom$packet(r4, &(0x7f00000002c0)=""/248, 0xf8, 0x40, &(0x7f0000000140)={0x11, 0xff, r5, 0x1, 0x197d}, 0x14) sendfile(r0, r2, 0x0, 0x2000000020011) 03:38:43 executing program 3: openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) fcntl$setownex(0xffffffffffffffff, 0xf, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f00000001c0)='TIPCv2\x00') sendmsg$TIPC_NL_UDP_GET_REMOTEIP(0xffffffffffffffff, 0x0, 0x800) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000100)='./file0\x00', 0x0) epoll_create(0x0) ioctl$KDSETLED(0xffffffffffffffff, 0x4b32, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x400000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$TIPC_NL_BEARER_SET(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000300)={&(0x7f0000000400)=ANY=[@ANYBLOB="00022cbd7000fddbdf250500000024000900080002000100000008000200010001e5080001000100000008000200000000001400060004000200040008000100040000001800070008000200000000800c827aa4e1f04c18f42200040001040000000000003c000900080001000800000008000200db0c000008000200400008cb3b0000080001000600000008000100090000080800010008000000080001000400000028000600080001000700000004000200040002000400020008000100810000bf15bb2b8a13bdb0004400020004000400080001000200000008000200070000008be75a6f5afaffd541b044e00800010005000c000800020000000000080002000001000008000200faffffff838d52ec5036c9e7078a88b6091dc3a8fb6a2f7e3207aaf55e260def55819c5af92f1f6946c6b76b4ba728d09e66b3cfd26e4471a8a618a48a856858363f02c94da179e39dc434bc9553660905a1103503ba95f44f20d44d5c1aa84d28d358e700a19e6cfa207bff814e9c774291c89a2bd085d994dee3d943ffdc2083d413c26ca9865ac37dee69e574ccea362b4e23ad8ed6490ad9ad5c38ab5e59dca961e0de85be6605daae"], 0x1}, 0x1, 0x0, 0x0, 0x40}, 0x10) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xcd84}, 0x800000200000000, 0x2}, 0x0, 0x0, 0xffffffffffffff9c, 0x0) getsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0xcd, &(0x7f0000000200)=""/111, &(0x7f0000000180)=0x6f) getsockname(0xffffffffffffffff, &(0x7f0000000080)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000140)=0x80) mount(0x0, &(0x7f0000000280)='./file0\x00', &(0x7f00000003c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) clone(0x0, 0x0, 0x0, 0x0, 0x0) [ 537.360115] protocol 88fb is buggy, dev hsr_slave_0 [ 537.371705] audit: type=1400 audit(2000000323.549:2424): avc: denied { map } for pid=19170 comm="blkid" path="/sbin/blkid" dev="sda1" ino=16128 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=0 [ 537.394125] audit: type=1400 audit(2000000323.559:2425): avc: denied { map } for pid=19171 comm="blkid" path="/sbin/blkid" dev="sda1" ino=16128 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=0 03:38:43 executing program 5: r0 = syz_open_dev$sndpcmc(&(0x7f0000000280)='/dev/snd/pcmC#D#c\x00', 0x7ffd, 0x440) mmap$binder(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x1, 0x11, r0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000000100)=0x1, 0xfb) setsockopt$inet_tcp_int(r1, 0x6, 0x14, &(0x7f0000788ffc)=0x100000001, 0x4) bind$inet(r1, &(0x7f0000000500)={0x2, 0x4e21, @dev}, 0x10) connect$inet(r1, &(0x7f0000000040)={0x2, 0x4e21}, 0x10) setsockopt$inet_tcp_int(r1, 0x6, 0xa, &(0x7f00000001c0)=0xffffffffffffffe1, 0x4) write$P9_RSTAT(r1, &(0x7f0000000140)=ANY=[@ANYBLOB="640000007d000000005d00000000000000000000000000000000000000000000000000000000000000000000000000000000000025006e6f64657624766d6e65743d9c102678ced967b86356307365637572697479bd6d643573756d2420657410c71ceb68310500776c616e300000"], 0x64) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r1, 0x6, 0x1d, &(0x7f0000000000)={0x0, 0x1000003ff, 0x80000000}, 0x14) shutdown(r1, 0x1) ioctl$PIO_UNIMAP(0xffffffffffffffff, 0x4b67, 0x0) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$P9_RREAD(r2, &(0x7f0000000200)=ANY=[], 0x5aa78d33) setsockopt$inet6_MRT6_ADD_MFC_PROXY(0xffffffffffffffff, 0x29, 0xd2, &(0x7f0000000000)={{0xa, 0x4e22, 0x0, @empty, 0x5b5}, {0xa, 0x400000000000000, 0x9, @local, 0x5}, 0x0, [0x9, 0xfcc, 0xffff, 0x0, 0x3, 0x7, 0xfffffffffffffff7, 0x3]}, 0x5c) r3 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_REM(r3, 0x84, 0x65, &(0x7f00000000c0), 0x2dd) fallocate(r2, 0x10, 0x0, 0x10fffe) 03:38:43 executing program 0: r0 = syz_open_procfs(0x0, &(0x7f00000003c0)='\x00\x00\x00\x00\x00egy\xc5\x8e\xcb\x1c\xf8\x8f\xca;\xa3?\xad\xae\x0f\xb5\x97ao3\xab\xcdY\x9a\xe3\xe5\xe1\xf4\x87\xac\xad\x80\xa3P\x8c\xea\x9c\xc7\x00\xeb\xf4X#\xe34\x80O]\x87\xdd\x894\xdal;w\xf8\xf8\v?v\xf0\xb8\xda=|\xa4\xba\xbbiq!\xd8g\xb7I\x12\x80') openat$cgroup_ro(r0, &(0x7f0000000480)='mem\x00\x01y7SwaS.\x06ur\x89\xc9B\xab\xe3\xfarent\x00\xaa\x1a\xfd\xae\v\xbf\xd8d\xbb\xaf9Q\xde\xfb\x1fY\xfb\x8do\xd1\x16\xce(\x82\xf1\xbf{5Z\x13\x15\x14\xd7\xb8\xce\xf20\x1e\xc0\xc2\xed0x0, 0x2, 0x30}, &(0x7f0000000d00)=0xc) setsockopt$inet_sctp_SCTP_CONTEXT(r3, 0x84, 0x11, &(0x7f0000000d40)={r4, 0x9}, 0x8) 03:38:43 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @dev, 0x8}, 0x1c) connect(r0, &(0x7f0000000040)=@in={0x2, 0x0, @loopback}, 0x80) r1 = socket$l2tp(0x18, 0x1, 0x1) connect$l2tp(r1, &(0x7f0000000340)=@pppol2tpv3={0x18, 0x1, {0x0, r0, {0x2, 0x0, @multicast2}, 0x4}}, 0x2e) sendmmsg(r1, &(0x7f0000005fc0), 0x800000000000059, 0x0) r2 = syz_open_dev$sndpcmp(&(0x7f0000000100)='/dev/snd/pcmC#D#p\x00', 0x154, 0x0) ioctl$BINDER_GET_NODE_INFO_FOR_REF(r2, 0xc018620c, &(0x7f0000000140)={0x1}) accept(r1, &(0x7f0000000180)=@rxrpc=@in6={0x21, 0x0, 0x2, 0x1c, {0xa, 0x0, 0x0, @dev}}, &(0x7f0000000200)=0x80) [ 537.476402] audit: type=1400 audit(2000000323.629:2426): avc: denied { create } for pid=19177 comm="syz-executor.3" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=0 03:38:44 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x803, 0x0) sendto(r0, &(0x7f0000cfefee)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) r1 = syz_init_net_socket$rose(0xb, 0x5, 0x0) connect(r1, 0x0, 0x0) recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0x80, &(0x7f0000000380)=[{&(0x7f0000000040)=""/95, 0x630}, {&(0x7f00000000c0)=""/85, 0xfb}, {&(0x7f0000000fc0)=""/4096, 0x3f}, {&(0x7f0000000400)=""/120, 0x78}, {&(0x7f0000000480)=""/60, 0xf0}, {&(0x7f0000000200)=""/77, 0x4d}, {&(0x7f0000000540)=""/154, 0x9a}, {&(0x7f0000000340)=""/22, 0x16}], 0xa4, &(0x7f0000002400)=""/191, 0xbf}}], 0x4000000000000f0, 0x0, &(0x7f0000003700)={0x77359400}) [ 537.612915] FAULT_INJECTION: forcing a failure. [ 537.612915] name failslab, interval 1, probability 0, space 0, times 0 [ 537.646409] CPU: 0 PID: 19201 Comm: syz-executor.4 Not tainted 4.14.134 #30 [ 537.653541] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 537.662899] Call Trace: [ 537.665499] dump_stack+0x138/0x19c [ 537.669137] should_fail.cold+0x10f/0x159 [ 537.673299] should_failslab+0xdb/0x130 [ 537.677282] kmem_cache_alloc+0x2d7/0x780 [ 537.681435] ? fs_reclaim_acquire+0x20/0x20 [ 537.685761] ? find_held_lock+0x35/0x130 [ 537.689837] getname_flags+0xcb/0x580 [ 537.693641] user_path_at_empty+0x2f/0x50 [ 537.697795] do_mount+0x12b/0x27d0 [ 537.701342] ? copy_mount_options+0x5c/0x2f0 [ 537.705758] ? rcu_read_lock_sched_held+0x110/0x130 [ 537.710781] ? copy_mount_string+0x40/0x40 [ 537.715017] ? _copy_from_user+0x99/0x110 [ 537.719173] ? copy_mount_options+0x1fe/0x2f0 [ 537.723677] SyS_mount+0xab/0x120 [ 537.727140] ? copy_mnt_ns+0x8c0/0x8c0 [ 537.731034] do_syscall_64+0x1e8/0x640 [ 537.734920] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 537.739774] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 537.744980] RIP: 0033:0x45c27a [ 537.748166] RSP: 002b:00007f4eb8d06a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 537.755881] RAX: ffffffffffffffda RBX: 00007f4eb8d06b40 RCX: 000000000045c27a [ 537.763157] RDX: 00007f4eb8d06ae0 RSI: 0000000020000100 RDI: 00007f4eb8d06b00 [ 537.770434] RBP: 0000000000000001 R08: 00007f4eb8d06b40 R09: 00007f4eb8d06ae0 [ 537.777712] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000006 [ 537.785005] R13: 00000000004c88e2 R14: 00000000004df6b0 R15: 0000000000000005 03:38:46 executing program 2: socketpair$unix(0x1, 0x0, 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="2001000010db55000000000000649bdb382db60cdb35feaf0900000000000000000000000000201483d9b22701010000d08a38cd02fa9ed7d2"], 0x1}}, 0x0) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x38) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) r1 = add_key$keyring(&(0x7f0000000180)='keyring\x00', &(0x7f00000001c0)={'syz', 0x2}, 0x0, 0x0, 0x0) add_key(&(0x7f0000000040)='logon\x00', &(0x7f0000000080)={'syz', 0x3}, &(0x7f0000000100)="5fcf74db33489bcabbd0de9919b3ed47da8f0c9d36e928cbd1d5d480abd522a367f8397446b3e9e3b09fa058206de7344948fe", 0x33, r1) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000200)) ptrace$cont(0x9, r0, 0x0, 0x0) 03:38:46 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x803, 0x0) sendto(r0, &(0x7f0000cfefee)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) r1 = syz_init_net_socket$rose(0xb, 0x5, 0x0) connect(r1, 0x0, 0x0) recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0x80, &(0x7f0000000380)=[{&(0x7f0000000040)=""/95, 0x630}, {&(0x7f00000000c0)=""/85, 0xfb}, {&(0x7f0000000fc0)=""/4096, 0x3f}, {&(0x7f0000000400)=""/120, 0x78}, {&(0x7f0000000480)=""/60, 0xf0}, {&(0x7f0000000200)=""/77, 0x4d}, {&(0x7f0000000540)=""/154, 0x9a}, {&(0x7f0000000340)=""/22, 0x16}], 0xa4, &(0x7f0000002400)=""/191, 0xbf}}], 0x4000000000000f0, 0x0, &(0x7f0000003700)={0x77359400}) 03:38:46 executing program 5: r0 = perf_event_open(&(0x7f00000004c0)={0x2, 0x70, 0x10000000070, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x0, 0x11, r0, 0x0) mount$bpf(0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)) r1 = syz_open_dev$admmidi(&(0x7f0000000000)='/dev/admmidi#\x00', 0x2, 0x10200) ioctl$CAPI_INSTALLED(r1, 0x80024322) ioctl$KVM_ENABLE_CAP(r1, 0x4068aea3, &(0x7f0000000040)={0x74, 0x0, [0x6, 0x8015, 0x1, 0x8000]}) 03:38:46 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setitimer(0x1, &(0x7f0000000080)={{0x0, 0x2710}, {0x0, 0x2710}}, 0x0) r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f0000000500)={'sit0\x00\x00\x00\x00\x00\x00\x00\xd6\x00'}) setsockopt$inet_tcp_TLS_RX(r0, 0x6, 0x2, &(0x7f0000000040)=@gcm_128={{0x304}, "7455d709025079d8", "d929b49e983ecbdc9e23ca83ad161b7e", "123bee4e", "ff8b02f23ecc3043"}, 0x28) syz_mount_image$reiserfs(&(0x7f0000000140)='reiserfs\x00', &(0x7f0000000180)='./file0\x00', 0x6, 0x5, &(0x7f00000003c0)=[{&(0x7f00000001c0)="1a474fe2dc3fa8b811c8ce72035dbb3603cbde6495951153ae35fa5c919fbd626c12e792631d419a39ab25c340a9bd356f7da84a0e4dfc6c45f157016ea00cc4ab292d3da241c953ee6b571ff9be34d1b90217514dd0afa2534d62b5f1b66c056fa4", 0x62, 0x7f}, {&(0x7f0000000240)="d0e10172d16f", 0x6, 0x6}, {&(0x7f0000000280)="c1a6682edb9f76af210a1533ee5a0096b97edb4d9d48d2899181", 0x1a, 0x7ff}, {&(0x7f00000002c0)="6f2802d45c63a3c55f524dbeb60173e82aece5abfb596a0318dbd2bcfbc4df639b22c83974ea4ad509aac86bfe581d2d0fc586e5edb33107d2faebbd", 0x3c, 0x6}, {&(0x7f0000000300)="abd22d1c9befd65497c564d754de3b01cfb7ca0d9eda1c0acfb0dfe1921e6bea3fef05dd08a6c762bf915bc40407f169b1e1ef66af1e3271fd06609e4ee15a4d45533c06bb52c33126f0e7a0b26914a357db6604d8ea392d60d6e7b96765fa469633fd458c16ede1e4a2869a25a58f7b92d9ee1a47c770c08df81f42a95c45dd2518cdfe8b86669a260bb776503dfa4e30dcc93f53ede7712d0d13d91473b615d979b457ad2b5e527c9ef6367add3dd4a46bdd8453e788b0", 0xb8, 0xc5d1}], 0x40098, &(0x7f0000000440)={[{@data_ordered='data=ordered'}], [{@rootcontext={'rootcontext', 0x3d, 'staff_u'}}, {@obj_user={'obj_user', 0x3d, 'sit0\x00\x00\xff\xff\xff\xff\xa0\x00Q\xfc\x03\x00'}}]}) ioctl$sock_inet_SIOCSIFFLAGS(0xffffffffffffffff, 0x8914, &(0x7f00000000c0)={'sit0\x00\x00\xff\xff\xff\xff\xa0\x00Q\xfc\x03\x00', 0x141}) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000007c40)={'rose0\x00'}) syz_open_dev$sg(&(0x7f0000000100)='/dev/sg#\x00', 0x7, 0x8000) epoll_ctl$EPOLL_CTL_DEL(0xffffffffffffffff, 0x2, 0xffffffffffffffff) syz_genetlink_get_family_id$fou(&(0x7f0000000000)='fou\x00') 03:38:46 executing program 4 (fault-call:1 fault-nth:54): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f0000000380)="8da4363ac0ed0000000000000000004d01000000000000000000000000000013fff6f2a2299748aeb81e1b00920efd9a000001000000000001000000000000005f42485266535f4d860c1317278d451fd38e4071a1e91c0523b67fecca5b668ef40000000000000000e4bd9fa7c5fcb3aefd8d4a6c4952162a5a06316567de06abe647d21f253840c118ae9982c6c238e719ccfbd8f5ee215e30bf31f59401e921c6a9fca5349ebf4294d39b5931232929caf81701a7540962141efc672ae1459ef04de89c7a092e7f", 0xc9, 0x10000}], 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) 03:38:46 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) pipe2(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x4800) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000480)={'hwsim0\x00', 0x0}) stat(&(0x7f00000004c0)='./file0\x00', &(0x7f0000000500)={0x0, 0x0, 0x0, 0x0, 0x0}) setsockopt$inet6_IPV6_IPSEC_POLICY(r2, 0x29, 0x22, &(0x7f0000000580)={{{@in=@multicast2, @in6=@remote, 0x74b, 0x1, 0x4e24, 0x4c, 0xa, 0x20, 0x80, 0x2c, r3, r4}, {0x1ff, 0x1000, 0x9, 0x8, 0x100000000, 0x6, 0x80000000, 0x5}, {0x6, 0x80, 0x1f, 0x7ff}, 0x67a2, 0x0, 0x1, 0x0, 0x1}, {{@in6=@rand_addr="db5d063ea9ef5bba2fd7201dc137b99f", 0x4d2, 0xff}, 0xa, @in=@initdev={0xac, 0x1e, 0x0, 0x0}, 0x3507, 0x7, 0x0, 0x9, 0x82a, 0x401, 0x6}}, 0xe8) ioctl$DRM_IOCTL_GET_MAP(r2, 0xc0286404, &(0x7f0000000200)={&(0x7f0000a00000/0x600000)=nil, 0x0, 0x3, 0x1, &(0x7f0000cb8000/0x2000)=nil, 0x5}) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") ioctl$SG_GET_KEEP_ORPHAN(r0, 0x2288, &(0x7f0000000180)) getsockopt$inet_sctp_SCTP_DEFAULT_SNDINFO(r2, 0x84, 0x22, &(0x7f0000000300)={0x8, 0x8200, 0x7f, 0x0, 0x0}, &(0x7f0000000340)=0x10) getsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r1, 0x84, 0x1f, &(0x7f0000000380)={r5, @in6={{0xa, 0x4e24, 0x50, @remote, 0x8}}, 0x7ff, 0x7}, &(0x7f0000000440)=0x90) ioctl$sock_inet_SIOCDELRT(r2, 0x890c, &(0x7f0000000280)={0x0, {0x2, 0x4e20, @initdev={0xac, 0x1e, 0x1, 0x0}}, {0x2, 0x4e24, @empty}, {0x2, 0x4e22, @rand_addr=0x4}, 0x80, 0x0, 0x0, 0x0, 0x8, &(0x7f0000000240)='bond_slave_1\x00', 0x4, 0x8, 0x54ac}) r6 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x8046) write(r6, &(0x7f0000000100)="b63db85e1e8d020000000000003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1acfbd6cbf87798a9b02de7a91a3cbdfa009cf75a7eadb2a00", 0x48) r7 = syz_open_dev$usb(&(0x7f0000000080)='/dev/bus/usb/00#/00#\x00', 0xfffffffffffffffd, 0x214002) ioctl$KDGKBMODE(r7, 0x4b44, &(0x7f00000000c0)) r8 = syz_genetlink_get_family_id$tipc(&(0x7f00000006c0)='TIPC\x00') sendmsg$TIPC_CMD_SHOW_PORTS(r1, &(0x7f0000000780)={&(0x7f0000000680)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000740)={&(0x7f0000000700)={0x1c, r8, 0x100, 0x70bd2b, 0x25dfdbff, {}, ["", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x20040040}, 0x20000000) ioctl$SCSI_IOCTL_DOORUNLOCK(r6, 0x5381) readv(r6, &(0x7f000085dff0)=[{&(0x7f0000000000)=""/62, 0x3e}], 0x1) [ 540.158190] sg_write: data in/out 167162/24 bytes for SCSI command 0xff-- guessing data in; [ 540.158190] program syz-executor.1 not setting count and/or reply_len properly [ 540.188879] FAULT_INJECTION: forcing a failure. [ 540.188879] name failslab, interval 1, probability 0, space 0, times 0 [ 540.256564] CPU: 1 PID: 19231 Comm: syz-executor.4 Not tainted 4.14.134 #30 [ 540.263714] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 540.273075] Call Trace: [ 540.275681] dump_stack+0x138/0x19c [ 540.279340] should_fail.cold+0x10f/0x159 [ 540.283498] should_failslab+0xdb/0x130 [ 540.287481] kmem_cache_alloc+0x2d7/0x780 [ 540.291275] sg_write: data in/out 167162/24 bytes for SCSI command 0xff-- guessing data in; [ 540.291275] program syz-executor.1 not setting count and/or reply_len properly [ 540.291640] ? fs_reclaim_acquire+0x20/0x20 [ 540.311918] ? find_held_lock+0x35/0x130 [ 540.315987] getname_flags+0xcb/0x580 [ 540.319796] user_path_at_empty+0x2f/0x50 [ 540.323968] do_mount+0x12b/0x27d0 [ 540.327511] ? copy_mount_options+0x5c/0x2f0 [ 540.331953] ? rcu_read_lock_sched_held+0x110/0x130 [ 540.336979] ? copy_mount_string+0x40/0x40 [ 540.341270] ? _copy_from_user+0x99/0x110 [ 540.345409] ? copy_mount_options+0x1fe/0x2f0 [ 540.349891] SyS_mount+0xab/0x120 [ 540.353345] ? copy_mnt_ns+0x8c0/0x8c0 [ 540.357219] do_syscall_64+0x1e8/0x640 [ 540.361095] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 540.365936] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 540.371124] RIP: 0033:0x45c27a [ 540.374295] RSP: 002b:00007f4eb8d06a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 540.382067] RAX: ffffffffffffffda RBX: 00007f4eb8d06b40 RCX: 000000000045c27a [ 540.389332] RDX: 00007f4eb8d06ae0 RSI: 0000000020000100 RDI: 00007f4eb8d06b00 [ 540.396594] RBP: 0000000000000001 R08: 00007f4eb8d06b40 R09: 00007f4eb8d06ae0 03:38:46 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x803, 0x0) sendto(r0, &(0x7f0000cfefee)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) r1 = syz_init_net_socket$rose(0xb, 0x5, 0x0) connect(r1, 0x0, 0x0) recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0x80, &(0x7f0000000380)=[{&(0x7f0000000040)=""/95, 0x630}, {&(0x7f00000000c0)=""/85, 0xfb}, {&(0x7f0000000fc0)=""/4096, 0x3f}, {&(0x7f0000000400)=""/120, 0x78}, {&(0x7f0000000480)=""/60, 0xf0}, {&(0x7f0000000200)=""/77, 0x4d}, {&(0x7f0000000540)=""/154, 0x9a}, {&(0x7f0000000340)=""/22, 0x16}], 0xa4, &(0x7f0000002400)=""/191, 0xbf}}], 0x4000000000000f0, 0x0, &(0x7f0000003700)={0x77359400}) 03:38:46 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") r1 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x8046) write(r1, &(0x7f0000000100)="b63db85e1e8d020000000000003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1acfbd6cbf87798a9b02de7a91a3cbdfa009cf75a7eadb2a00", 0x48) openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000080)='/selinux/avc/cache_stats\x00', 0x0, 0x0) readv(r0, &(0x7f000085dff0)=[{&(0x7f0000000000)=""/62, 0x3e}], 0x1) 03:38:46 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) stat(&(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0}) sendmsg$nl_generic(r0, &(0x7f0000000180)={&(0x7f0000000000), 0xc, &(0x7f0000000140)={&(0x7f0000000300)={0x284, 0x3d, 0x30, 0x70bd25, 0x25dfdbff, {0x8}, [@nested={0x264, 0x0, [@typed={0x78, 0x20, @binary="e578bca9f8a0fa77f4d4fed53b96fe3794e537d4ce673ef94d388db817ce00036fc2b664b736be55a96323b0511f5394cbc24412d85a3c1efa82b630e1d421e6a20ad9067c617d086204fdda60327df0035d1e4519b913ef7dc7618992ac9a2dddad203efc230618799fc0edb5acb9011329e3"}, @generic="1c78edd440b1d3e1dcb8b09deeb1d1b70b280c66b9389d541c744a48f75da2bc78", @generic="904d37e87e4a984f940bc2f5285103c2a7d2e5cab71ad2ea9d5946642cf5a323d86712a8abb7d9fedff487588790bd87408630d88acf0e4e70e53a17baebb2798693cddfd6bd9e959ec476e337971b322181348da138197c79179fe05948544ef57b110437643e8bb11b03abaa139ca98f8e6e6ed4ef6f3ee2c0c2d473b672b8b362715d5f37ac7e2f0cde792faaf8a655bbc8dc55e5f123f4be37b1227b5bf753f4f275d8ff66f9dfdf01aeafd3e45f590a0f1dd5f09d6d1878e1996b4cb941e6", @typed={0xf0, 0xf, @binary="e11bd280d98c669183164b0ecd13d05c2f95031fd93d0fce0ffaff54502f9fff27534368d574f21ae785339317a1c79c0be46bfef320219e989bb2a7488d8373909d5dfd445cb5f3c76411238769dbd232b6b6492304502e2aa7dd329fe928e0adff52005a9929a50cf6db93a23e32e26ecab59dd16155f9e7ee6348c3a61d10996a368aa8b001710ab37a287c19f1abfe930bd395f8f17b1a8dd2d25b729074e5e029d459abab705bd8c69fcc9ef182b4c9c4011b098716cbabb3c4039cd8c3ff6c2c979e57b799b94dd2cc5bc224ea74fea84d9e8e46142e6d40dd2b6dd5e4fe2f207a9a983029835700"}, @typed={0x8, 0x76, @uid=r1}, @typed={0xc, 0x59, @u64=0x9}]}, @generic="8d2ada690b0e92a334"]}, 0x284}, 0x1, 0x0, 0x0, 0x4000}, 0x8000) r2 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vhost-net\x00', 0x2, 0x0) write$vnet(r2, &(0x7f0000000280)={0x1, {0x0, 0x0, 0x0}}, 0x68) 03:38:46 executing program 5: r0 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xed6a, 0x64801) ioctl$TUNSETVNETHDRSZ(r0, 0x400454d8, &(0x7f00000000c0)=0x80000001) r1 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x365f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fcntl$getownex(r0, 0x10, &(0x7f00000016c0)={0x0, 0x0}) r3 = syz_open_procfs(r2, &(0x7f0000001700)='net/ip_vs_stats_percpu\x00') syz_open_dev$cec(&(0x7f0000000380)='/dev/cec#\x00', 0x1, 0x2) fchmod(r1, 0x100) readv(r3, &(0x7f00000003c0)=[{&(0x7f0000002380)=""/4096, 0xfffffffffffffe08}], 0x1) epoll_ctl$EPOLL_CTL_DEL(r3, 0x2, r3) getrandom(&(0x7f0000000100)=""/51, 0x25ab, 0x2) sendmsg$alg(r3, &(0x7f0000001600)={0x0, 0x0, &(0x7f0000001500)=[{&(0x7f0000000400)="f54036feb7b2293ba48592f9681cdb57bee421797c828a00b4223a10809dbc94804dbf8ddae0fef948e918a6e7287991da6c5f979dc111d77d17bc9a3acea797f8d061d44237515631c5dade51bc6933d24b95a428803ce7129721fed414b5d10680c11bc673194e3b548aafcf68dc21e1eb5ee0e893b4a6b7a2b180d500791f84287ca0a9b9bd6299d3930b22a4c859ca7f7805931effbb2d2d66d84ee510fcc6da219be6f75c45d62d4a73a734ecd41d8301528629767062889b7afcc003205796be2da470b06bc1d2a261c34cbdfce3af79cc9c44fdb7e21edae7759228b2d0bba4089d7a993732f38e672bcc63d3ac92e7fc2b7c68e2ded5821653cd6cb263e01eb619958e800e7b9ef08b6ce8473d823ea174254b9d35a04fdbd8f1879f54e156ac4d205fa7f4058ed65a7b14b0a5dbb3dd3dbaa2816cce7adc9a7d273e6bbfa58d0e6fbb0b226c4edc5dd91ca3e23b1e96ee88d260007ee7bd57156eec60dddec89befbc24bd5d3894efdd4b91ed162e36ca2e32650e65380bd56f5af7c61f876e0660628d0e6f0608a79881d0a7a510401c820274c177604111c2b954cea48783e65739f436ed1fd93b1c93b7b0b7beb96d501704081430f29693f76f28b8f3ea1fb4de20b8397e53d83c7a355414efb4b6b19beadf370cf9c6f942b44fe53726be05882e517b37988f0e866acbea0e95ba5380ba80dce05f666f1dadf79bc876e044898b811fd0929b9aa1d8a6d55e5b0faf48940ffa6ac54b30ec7d0cb8ee3405676c0392c03749352858fb0920b2062786e6043a5e6650e7d974842c2c53d831de07876e5612edc6587665ba4ed6f6f0fbb9bf2a70c40574042f12e31839d54918c376e5937850d9336d2dd082565b4b25f07047f76eb832ab72cbdfaca40916c9287a4e270b1f334f00356326b624301738dfa4cb0941d64f2f79a1097a53786ed834399b55b1fe7af58b9f6349b004223e4c8b58ecf3eef1ee9a3872d3852d879e525992c3ff5b73b5d85a8799db7ed35b96c36ab95354515bfe5dd0b4996d741434be73422f9d8e530c33c8eacb45bec1b65bb753857e9f0b4d44ed86f58c179957e8ca50879452433a31f9ed4e9f56b4ec141d9acd529fbaf86e650203cbbf1b0967b15b2e12082dd02c86848a79021e4f226da8addb5ddb29b6ad284f80c0be19f8c8c6911c4aac201613287e5499c1e65df16d65bb330ad945d905f08c7e7cc73bc86150725d4b6d9421baaefa94b6f917356e504260d2c10e272fa47baacde575d6cec833465b18a79289e1c4b94a9449c903a69d5b8e6cf408b4c594eb235b4cf3a7671af3f211b4bf9f69dc4aced9b32158adc76c6656697e2be5a0c047fba9c3ecdcd13983dbb067a99db35fecacb7919d996eb56a7cf7e2f59f3ce0616905c97260ecd52203a46e11d11b6fe8d5ac1eb454f157e221b1ba4bd0227fb2f8a47b918fa21257bc0403a6f445a41ca16b18bde61b8bc26bf325e40c037e776d2593707209ccd40e0d5e1ab9b466aafb4173ab222755bc7cb664ac4290013070cb590537bc62c8a713c443e3a2007b3ef5d8282c003af8a4bcde8a08c2de2442052e8308005c0bb1afa43415a0d4138bc2a58eac805fda57258256bf15679748ba4e7ea3799a5bdce1c12d562a62af0743db26b5a1a8ca8844fa6bbbbfcb41b9eb5bb7caff14c048bacbffa5c14daa4dcb10f81c6b4905d52aed94e8819fc1b46c2b7232e0359a37d8bfd9760b91308ff3187c1e88430562875570bf67dbda3bd4c3b1d1e96febcea3ae0626b775c005340f0a49b01b4fc30c1ec28a3ff4a3217001d0b2cee6e38284fa6b50f361cb3d50906e7f8190ac8f2fd888d47ce4f675332f18185ad0641df28c0162e05e143ad8dee7c4c464cb31dec1f7872dc89b696e84a349b07b61f044a02ff20052b88b281edf84d6c8b00c949ab9d0fa3c5764094560bc7e43752a9eaa2d2a5f77cb395fa0fbd5a7ba557a17b1a700d4bbde7b3d1ed3a1b5ad3007ddaa0dd0c134b7bab562fc5a0154c412890910ae17e97ba8d00a6c43004ec8e19c6c78c05480b29eab58c172fe0aee0622c0bb8c243d15e5162d616b79b6b69af7e49b8f7d3799d8e9db7cb493b3f6a95e07635421d876a665c2e1b064e45bacf511363579b2702404d7694f2d77dce0d757749a11dbd00cf8dc77243da22d0383ac879ed40dce5642c9af981f343c4c00b0e00b113b5c74013d6d3fb9046c5df7d8763c336991ae07d1c887cec54c5bffe82c3d4341c71a034b3fd39ae66870a0ef9313f7159d478723d894a0929c13aa90715271b34a5c06b9ae81962d84b50f3b8fff7417ddc37cc62c7c4840af684f82b731a8d6e4f1ccd01204a27cc962d8316a5b677fb71fefe840fbf6712ae66b8aed9dd2f2a48213bb9ab9bdc9fbd7d6cdecb3ae93287081f9366d7df9f285c026753b9f79c2b7cc2e61c1cf0abb9daa56d55c6138c9d78ba4dae2ca530edb1c4ea4b1f615805327687ef64fee8fd86a8b5e8eb7d1dfba828b7783582f6c9fa761ccf501ba6c5b7fbba26863edbf96abd7fc35e8bb289c1df1f8e26e437857f11895093e96c23a82b4fc90cdb96c150cda27eb9c41ca508d7e5cf583bf67f4b26898dd180ea46571b9a3b2f7b993ef0a050ee4b30447fb2a0e94f0eee9aa758e6279d2089b370e4958d6a67b8315210e15e065b33cf09bed75392f1143bdb38d980f0be36b8d11f295df864cac5da2f550e5978fbc11bdd0b395d6696eada824d0b9982402e826a39232f07658616f879b7ceeef8a7dcca1f24070816dd69072909de7ef06f731b6e2b6b5b0f223902fed50d4b36ab22157c704087c2584d34f5257aa173fb307f55f458f90fa5aeb86291e66e5aecf36b623c2804a130019e27a3a76783279b0c4eece77d12110090c20212175b35817b3412ea17351f4e25767632173fea13fca7f5c719925dd703c8da71240d76eab16ff698f44c463ca1d702f48c312e82f126e2ec1d9df6c5d05e99d118f8832a93ddb08d029d3996b477ea020bf831140d7a133d2921bed2e2116004ee0d6f27ad8f9f1f5dbb8d015d2ee21f1a010b1f2d85ab5f2347ea1b48c03d44374751994e3bb1cad4b99085c8a218e29d957d615080f862fbdd1de4e97b7e3b0aec24a70497c26d283136b0cfff9eeeda13ae684865073d79e0522e5cb019011fecdca73f8e25efef5605b7313e61ef9ab985b7ff26acba78545875d04baaebe29cf5fa2f0355a3c01bae1c67673c7f0588930e3f250dd7f4946ebd7e6ce2de909a0a3faaafa5c4c70c3a7d02f815cc09b386b25461403feab2eef9f382cc3c5593dd62ce3a46127c4a701fabee03e9e28c12b961394f5b87ed39ccd567bffe61aa3cc6aba8af187f1467e13bed2de9eccfce3b265df446bbee969454244b488dce8202f32cf84a1160b73df46b61f3fe5a211742fd489beaf47cddceff9d9bd336a603e70354f39b29c72541d24e0ed5119da8b4d876d1367df8913629906412e215200239dff751968476db0118aec4be5d093c81f22a15698357a22e05ea12a91d5d3fabf7f851a5bb9af7edb0c747c8bdfbd08d769abab530250c4f87eaeb5bc552b328740351632edac2dbd52d2c012f503342226d194622a6962f361b77ad656d2d532c15eed20d75d6883b61def00d25adc60af0c3f9454d6be80560f2a4e5ac2ec4b1d7f232f023ef190d7db050c44cb8b2934f1221f938724dc47234cf8f7e2b9d61540cb7fed7e4790f17718935391598901c3a8014f8b33dff45452241397f39380b7bdb3cbc1aca56527867d27eaae8e411dc6f47baf6ceec96017534d27749863cd821211ea4c1e419dcf1c9973ad9ff629181ef9783dba36707684c31767565897e6004ad09202b9c5c540612aa2566f929107966883b1606ac23d60a88db914fd5a26ae076843d2feb1db84ae2eafb2b404bc1045b3531f81e99620c3782584b544b4b08d72532257058cd25d3bb9b6fe06f5818563116e00940b823e7f5bf5a9e5ff6f2a6250e002f1615add2249095f640f05a35ef895b5eaba74ca3c3b5fa56d9a0867bcdd7901a786cd4c2db8f2a2c5ab8d06f8a04e01aa64ae3401e66535ac04e609faebcd9fad7ddbea3397565f87b657d44d7579fb18bc8efd8cb5d672864fd27f0d90a08f8dbd4a59acf7912ce6ad5204ed706bbe645caa0b8e10b606c5c7ee3990ab8cf22143e961bc6a50e1a11edf68664b055b409c8654fd9e26e7709731b74b1c59026c593628f7acc1168150458c15468b95aee56f93fa26f8869d04e6dc1fa3f0450dd4b28f7d1678c44527029e00420006681119f4e37ee8645076112d6a9340709bc3226e4ae638eb94cec7122678945079588df5fa3b2fd0664e623297edfdb9e6659f4b5ea2fd4b421a7a910ac0f10a94c735559ca2cf24bb1dbf847e6b6c1241ca777da2a6e60af96febcc603b8b2fbefcb100d36eed09d5b257bac44b720f139f67e35728b8fa98d76d49fc5ca34875044fb11cf4f5437f5e14bf58039369fbea166b5e3cc21507db2691ff639fcbdde78036a5ca76b55be8eb4494c54b70cba9283535c302d825584f1316d8cfd9ea1925a337d2ab1c608f9c27f858c31eef942edfdeff61cfe9bf2265973f70ac2780f12abb78647fc94c11f2327a6e1213d5cf1e223b43be7a19b453cae90308995bfc2727e0e4fbd657124fbd42dfd0220285c693daa7018249ee4ee8a004b6f45edb8ac4a27e1fecde9f5915e03d5a91db832f4c6acec0d7fcb7e6e3f858c0f7460e2c0572a05771f021e2d5ddbfa3e6187563054f56d3e1cc6372d79ded56a9618df0a2265b2bbfa9fd5d1f839391bb915aedb98a6cf4fe5738bacc324c071a96dee73e4cd29dfa0801cf99dd5e94aad0e171fa26545a53850173b8edb87e2370b553a6bde12fb00f43e36e79654651ab33adee986d3b60e9efe4e4e3c6f6d47ade2a1b9bf9afdc0c624affe4777d57c504593b8e3132d3b763e99d7253dbda7e92ba95b472e81fbc3f30f538cffd6971da9d214da44a2c1c51ff629d39d36fbde15e2fd9420886685345fe57db254b83bcb99178c28619b5bf799bc29e206da9568265bac21798b401396a42a271102b86d23686b9ff6f326bb4a0a176eb40006f7e5544f06bc5bdd9d789d43e6594aad58b437e37e57e748e2125d6e327b5000d59e2eeb4a64af2facd06170e8819cccfd8d7db12eff986bc23d5b4d40cea49865428e85ad2426089cfa8c9ec326db9e23c893b9714b874990b908be8f35bdf257e13ca4b0f77120980de2500f9489bed57f98dc8db9e9bdba41efaa8244303ab071bdca143eeb7a4b43057f2da963c5d3553d49591864a555ea6a22cec81a676214d30d1b090e777bced30db4fc6f1e9f0f657ca79c4454e3f949503ade5e9a77f68970300331860e6c4ae0d047c98f2162231b26761d67c691dcd31c63e7127f48b3c952215b6ddb8d15ee08db49c883482c789acd7ba1a9979dbeec9f10155424a9a05834c81249e2e0fb389c1101f91ba99036a857910a4c08cdcd8c090d1fd6c27790d3c91c44b6404a7062a3ac7a1348aef37f03841e26d0ace03e7f456947a55faffce99e0d204130e65e76d78d3bff6a931cff9466cc80089e4787be6e7af29930905d9566fe94f2fce0cd1432ace6a9e2cdcdb84e01dcb7ba95bd68b907e55b887849bf8fb27b18c64b59df0659187d09f9a267270e77c5f0d7074239c8125718f998719ef3c0437d6bd63187147a28a2535925a2faaa6aeffbf7b4590aed8867a890728bd", 0x1000}, {0xffffffffffffffff}, {&(0x7f0000001400)="18979617d5d363e923fd45c98ba5e27f5ac20eb21be08f74c3207b4d944a888b43ca6282bc6f68da79a07a2a253abb0c46561ee9f4b0a86916eb0fd149d9583acc9f7690efe5329f9d80873b68e22247a36e4e6bfca28ad3", 0x58}, {&(0x7f0000001480)="fb9cb1285b7d4963762ead93c3fb", 0xe}, {&(0x7f00000014c0)="022414af80bd2c5bf7a287ebf272", 0xe}], 0x5, &(0x7f0000001580)=[@assoc={0x18, 0x117, 0x4, 0x9}, @op={0x18}, @assoc={0x18, 0x117, 0x4, 0x3}, @assoc={0x18, 0x117, 0x4, 0x200}, @assoc={0x18, 0x117, 0x4, 0x8}], 0x78, 0x40000}, 0x8000) getsockopt$netrom_NETROM_N2(r0, 0x103, 0x3, &(0x7f0000000140)=0x81, &(0x7f0000000200)=0x4) open_by_handle_at(r3, &(0x7f0000001740)={0xfa, 0x3ff, "194dec5a130023f61a39d4aeccc752b0add8193a2a033393a97b25f892b6e2e22c3b93b102373e123955aaa0f79aacd33e1e77b4251665ab47b8611e1f580320b273b818c11b8dd82d9cbc653b1fdd9015e347ac67d9ca21c61e7a81cc2f02641893546c005052358dab057400acf6374d75b46d74eeb8557fa5d4f6be41e24b080e93ef194a00844536496c5fbb3ab991801d6403605042dcdc2c63f0998371d4a00b51c349a0b3dcbeee90d9b038b53ff4e5a47942058bec8714d96de084b011281fb7a1eb56d87c902704c05f85e8a5681a1ae8e8004d915c1ede26af604c7350dff34ba342e06080ecd2a11e96bb5fb0"}, 0x400800) accept4$vsock_stream(r3, &(0x7f0000000000)={0x28, 0x0, 0xffffffff, @hyper}, 0x10, 0x80800) readv(r3, &(0x7f0000000580), 0x3c1) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_REM(r3, 0x84, 0x65, &(0x7f0000000240)=[@in={0x2, 0x4e22, @initdev={0xac, 0x1e, 0x0, 0x0}}, @in={0x2, 0x4e23, @multicast1}, @in6={0xa, 0x7, 0x1, @empty}, @in={0x2, 0x4e21, @multicast2}], 0x4c) r4 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f00000002c0)='/selinux/avc/cache_stats\x00', 0x0, 0x0) r5 = syz_open_dev$usb(&(0x7f0000000080)='/dev/bus/usb/00#/00#\x00', 0x7, 0x101000) ioctl$LOOP_SET_DIRECT_IO(r5, 0x4c08, 0x5) getsockopt$packet_buf(r4, 0x107, 0x7, &(0x7f0000000300)=""/38, &(0x7f0000000340)=0x26) 03:38:46 executing program 2: socketpair$unix(0x1, 0x0, 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="2001000010db55000000000000649bdb382db60cdb35feaf0900000000000000000000000000201483d9b22701010000d08a38cd02fa9ed7d2"], 0x1}}, 0x0) fcntl$getown(0xffffffffffffffff, 0x9) getpid() getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000040)={0x0}, &(0x7f0000000080)=0xc) prctl$PR_SET_PTRACER(0x59616d61, r0) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x38) ptrace$cont(0x18, r1, 0x0, 0x0) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) r2 = dup2(0xffffffffffffffff, 0xffffffffffffffff) ioctl$VIDIOC_PREPARE_BUF(r2, 0xc058565d, &(0x7f0000000180)={0x7, 0xf, 0x4, 0x400, {}, {0x1, 0x8, 0x100000000, 0x1, 0x4, 0x9, "a93e760a"}, 0xbad, 0x7, @userptr=0x1, 0x4}) ptrace$cont(0x9, r1, 0x0, 0x0) [ 540.403851] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000006 [ 540.411108] R13: 00000000004c88e2 R14: 00000000004df6b0 R15: 0000000000000005 [ 540.439783] sg_write: data in/out 167162/24 bytes for SCSI command 0xff-- guessing data in; [ 540.439783] program syz-executor.1 not setting count and/or reply_len properly 03:38:46 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x803, 0x0) sendto(r0, &(0x7f0000cfefee)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) r1 = syz_init_net_socket$rose(0xb, 0x5, 0x0) connect(r1, 0x0, 0x0) recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0x80, &(0x7f0000000380)=[{&(0x7f0000000040)=""/95, 0x630}, {&(0x7f00000000c0)=""/85, 0xfb}, {&(0x7f0000000fc0)=""/4096, 0x3f}, {&(0x7f0000000400)=""/120, 0x78}, {&(0x7f0000000480)=""/60, 0xf0}, {&(0x7f0000000200)=""/77, 0x4d}, {&(0x7f0000000540)=""/154, 0x9a}, {&(0x7f0000000340)=""/22, 0x16}], 0xa4, &(0x7f0000002400)=""/191, 0xbf}}], 0x4000000000000f0, 0x0, &(0x7f0000003700)={0x77359400}) 03:38:46 executing program 0: r0 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000a40)='/dev/net/tun\x85', 0x241, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000480)='./cgroup.net/syz0\x00', 0x1ff) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) r1 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r1) socket$kcm(0x2, 0x3, 0x2) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x8914, &(0x7f0000000380)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iyn\ft:\xe1\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;<\xadH\x90+[-l\xfd\n\xbc\xf5\xd7\r\xf3\xfd5.\x8dD<\x88\xc6\x0f\xd7\x14\x0f\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4N') r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x802, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x802}) ioctl$TUNGETFILTER(r2, 0x801054db, 0x0) openat$cgroup(r0, 0x0, 0x200002, 0x0) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000580)={'yam0\x00'}) ioctl$TUNSETOFFLOAD(r2, 0x400454d0, 0x0) ioctl$TUNSETVNETBE(r2, 0x400454de, 0x0) setxattr$trusted_overlay_origin(&(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='trusted.overlay.origin\x00', &(0x7f00000002c0)='y\x00', 0x2, 0x2) openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x2, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x5, &(0x7f0000000140)='yam0\x00', 0xffffffffffffffff}, 0x30) recvmsg(0xffffffffffffffff, 0x0, 0x1) r3 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000340)='/dev/qat_adf_ctl\x00', 0x4840, 0x0) setsockopt$inet6_udp_int(r3, 0x11, 0xb, &(0x7f00000004c0)=0x4, 0x4) write$cgroup_int(r2, &(0x7f00000000c0), 0x12) perf_event_open(&(0x7f0000000000)={0x7, 0x70, 0x7, 0x3, 0x7, 0x6, 0x0, 0x9, 0x800, 0x1, 0x8000, 0x3, 0x3, 0x2, 0x1, 0x4266, 0x4, 0x8, 0xc49a, 0x0, 0xfffffffffffffffc, 0xd6a, 0x0, 0x0, 0x81, 0x9a, 0x7, 0x200, 0x7f, 0xd1, 0xfffffffffffffffa, 0x9, 0x1, 0x8, 0xfffffffffffff000, 0x3ff, 0x7, 0x3e, 0x0, 0x7, 0x2, @perf_config_ext={0x1, 0x10000}, 0x9000, 0x0, 0xe0, 0xd, 0x4, 0x3, 0x1f}, 0x0, 0x4, r1, 0xb) 03:38:46 executing program 2: socketpair$unix(0x1, 0x0, 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=ANY=[@ANYBLOB="1901000010db55000000000000649bdb382db60cdb35feaf0900000000000000000000000000201483d9b22701010000d08a38cd02fa9ed7d20bc16e451fce2e6d085e35b1950d7e585d33be57c920ee6163dadc74d297ce01e80415fd6d450ca96fee5ed3e65bd716569e52737fbc45473033e0926860b34621bc0770b20c4038022e570621421f310309545f1fd385e1b87fd364ed6ba939c8d7f2b15ecbd8758f9d074b60146a69967f840390af05ac5052e96f5ca8ae6aa443ad0a0e5fe5132901bc53ea59a89d9acf274c49461c904eecde3edd871168bdafdf036da940800bb3dc438cd7bfef022c642cc792ed96979a4181ef8750a7ccf9202577f25c6ea0d802000000f93445437d7189dd7718c679"], 0x1}}, 0x0) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x38) ptrace$cont(0x18, r0, 0x0, 0x0) openat$mixer(0xffffffffffffff9c, &(0x7f0000000040)='/dev/mixer\x00', 0x200, 0x0) ptrace$setregs(0x1000000d, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r0, 0x0, 0x0) [ 540.508779] ptrace attach of "/root/syz-executor.2"[19259] was attempted by "/root/syz-executor.2"[19260] 03:38:47 executing program 4 (fault-call:1 fault-nth:55): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f0000000380)="8da4363ac0ed0000000000000000004d01000000000000000000000000000013fff6f2a2299748aeb81e1b00920efd9a000001000000000001000000000000005f42485266535f4d860c1317278d451fd38e4071a1e91c0523b67fecca5b668ef40000000000000000e4bd9fa7c5fcb3aefd8d4a6c4952162a5a06316567de06abe647d21f253840c118ae9982c6c238e719ccfbd8f5ee215e30bf31f59401e921c6a9fca5349ebf4294d39b5931232929caf81701a7540962141efc672ae1459ef04de89c7a092e7f", 0xc9, 0x10000}], 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) 03:38:47 executing program 5: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0x16, 0x0, 0x6c2e, 0x1c, 0x20, 0x1, 0x7f, [], 0x0, 0xffffffffffffffff, 0x2, 0x2}, 0x3c) write$binfmt_elf32(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="7f454c4608060078e70f0000000000000300000005000000860200003800000090010000000000006769200001007f00080001010000000003000000090000003a0000006d030000a2230000080000000000000075500000a5f3940cde2612a45ea95059d95c0cd0c24d996f873fe00dc6fcd0f5276173650dd3dd16d2c581e247754fd6a046e67da0d4ffd5e849708fc31e8f202633a7c2df648747165d5966ca267b88a8e2d8890c7a81dd10ceb7bb7311af63b69d955658d7dfa8379458c8902860f0522b757fd97a819c3583c3e707221174af3f6b20b1e1a5e4d789d4519fe04f30a55dda000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001000"/479], 0x1e7) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x100) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f0000000100)={0x7b, 0x0, [0xc0000100, 0x0, 0x40000020], [0xc1]}) fchdir(r1) 03:38:47 executing program 2: socketpair$unix(0x1, 0x7, 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="2001000010db55000000000000649bdb382db60cdb35feaf0900000000000000000000000000201483d9b22701010000d08a38cd02fa9ed7d2"], 0x1}}, 0x0) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x38) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r0, 0x0, 0x0) [ 540.696017] FAULT_INJECTION: forcing a failure. [ 540.696017] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 540.707860] CPU: 0 PID: 19277 Comm: syz-executor.4 Not tainted 4.14.134 #30 [ 540.714958] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 540.724304] Call Trace: [ 540.726916] dump_stack+0x138/0x19c [ 540.730545] should_fail.cold+0x10f/0x159 [ 540.734690] __alloc_pages_nodemask+0x1d6/0x7a0 [ 540.739355] ? fs_reclaim_acquire+0x20/0x20 [ 540.743671] ? __alloc_pages_slowpath+0x2930/0x2930 [ 540.748690] cache_grow_begin+0x80/0x400 [ 540.752770] kmem_cache_alloc_trace+0x6b2/0x790 [ 540.757432] ? kasan_check_write+0x14/0x20 [ 540.761666] copy_mount_options+0x5c/0x2f0 [ 540.765895] SyS_mount+0x87/0x120 [ 540.769341] ? copy_mnt_ns+0x8c0/0x8c0 [ 540.773245] do_syscall_64+0x1e8/0x640 [ 540.777146] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 540.781990] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 540.787169] RIP: 0033:0x45c27a [ 540.790347] RSP: 002b:00007f4eb8d06a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 540.798049] RAX: ffffffffffffffda RBX: 00007f4eb8d06b40 RCX: 000000000045c27a [ 540.805307] RDX: 00007f4eb8d06ae0 RSI: 0000000020000100 RDI: 00007f4eb8d06b00 [ 540.812567] RBP: 0000000000000001 R08: 00007f4eb8d06b40 R09: 00007f4eb8d06ae0 [ 540.819836] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000006 [ 540.827098] R13: 00000000004c88e2 R14: 00000000004df6b0 R15: 0000000000000005 03:38:47 executing program 5: socket$inet(0x2, 0xe, 0x0) dup(0xffffffffffffffff) bind$bt_rfcomm(0xffffffffffffffff, &(0x7f0000000040)={0x1f, {0xffffffffffffffff, 0x2, 0x3}}, 0xa) lookup_dcookie(0x5, 0x0, 0x0) ioctl$TIOCSWINSZ(0xffffffffffffffff, 0x5414, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000081, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff}) setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, 0x0, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) fchdir(r1) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f00000004c0)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) getsockopt$inet_sctp_SCTP_ADAPTATION_LAYER(r0, 0x84, 0x7, &(0x7f0000000080), &(0x7f00000000c0)=0x4) umount2(&(0x7f0000000280)='./file0\x00', 0x0) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='\x00\xa5\xec') syz_mount_image$bfs(&(0x7f00000001c0)='bfs\x00', &(0x7f0000000200)='./file0\x00', 0x2, 0x4, &(0x7f0000000440)=[{&(0x7f00000002c0)="78c6e475f956925755cc53a1197cc5e6acba312c20aef685880ad4f0279c57c2b1155e51d205851d5f5571060d053e0283eb7591fee0bd15ce63cef2c1bc57fb8b60ddf37eb2b9d71bb7fbfbccd1aa7e8094f3ff8084e3596282f914adbb192615ffae43a16d4ce4755d427b5b4d0e206e", 0x71, 0x3}, {&(0x7f0000000340)="c2277f393221e3b55f56d51b11ad59d9efd02eeca9e43f1d9edddc8d95ef96e5a4400f73ecd5fb8e46bece2f5d9f9a216174aebcbf639f679dc3fb4d7f103e62c0c7be4eb583331dfe95df77c74c012fc20b8afff9fe6e00d5e9a8ded01ec51da0c47b5c13e454bcfb5872356c5ecdbba9c53074aa8c9f64d51fded30bc78e435cce818a9fb7785c46113f5b32232c65433697c3a0a1700050ac20e9a87547193e7bc8829896933bf4253b5b7bf7876fe965eccbca64e59c1082f18a3d8c83ce89", 0xc1, 0xfffffffffffff000}, {&(0x7f0000000240)="2a803244a3095f73431efda672d98c58878f", 0x12, 0x4}, {&(0x7f0000000500)="095cfebfdbb6f55f13ba05de9a64904b6aec28f73af972f88f053b21381867e76a1bf51d699d8037dd4c8a6b846426f2f079d084a4c2fbd69d32891cef4622bd919d784cfcc4f081ec3e40f0bf004cdf36396e6b15859fdcf6596f8f48c2e713c99340b5396245dd94f55f140206ae3cef8983090647056e3be6db2156f5b34cde5d85b61733430ea8", 0x89, 0x8}], 0x798bb69276e1b1f, 0x0) 03:38:47 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x803, 0x0) sendto(r0, &(0x7f0000cfefee)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) syz_init_net_socket$rose(0xb, 0x5, 0x0) recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0x80, &(0x7f0000000380)=[{&(0x7f0000000040)=""/95, 0x630}, {&(0x7f00000000c0)=""/85, 0xfb}, {&(0x7f0000000fc0)=""/4096, 0x3f}, {&(0x7f0000000400)=""/120, 0x78}, {&(0x7f0000000480)=""/60, 0xf0}, {&(0x7f0000000200)=""/77, 0x4d}, {&(0x7f0000000540)=""/154, 0x9a}, {&(0x7f0000000340)=""/22, 0x16}], 0xa4, &(0x7f0000002400)=""/191, 0xbf}}], 0x4000000000000f0, 0x0, &(0x7f0000003700)={0x77359400}) [ 540.894649] device nr0 entered promiscuous mode 03:38:47 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") r1 = syz_open_dev$sg(&(0x7f0000000180)='/dev/sg#\x00', 0x7, 0x8046) r2 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/dlm_plock\x00', 0x200, 0x0) ioctl$LOOP_CLR_FD(r2, 0x4c01) write(r1, &(0x7f0000000100)="b63db85e1e8d020000000000003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1acfbd6cbf87798a9b02de7a91a3cbdfa009cf75a7eadb2a00", 0x48) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000000)=""/62, 0x3e}], 0x1) 03:38:47 executing program 4 (fault-call:1 fault-nth:56): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f0000000380)="8da4363ac0ed0000000000000000004d01000000000000000000000000000013fff6f2a2299748aeb81e1b00920efd9a000001000000000001000000000000005f42485266535f4d860c1317278d451fd38e4071a1e91c0523b67fecca5b668ef40000000000000000e4bd9fa7c5fcb3aefd8d4a6c4952162a5a06316567de06abe647d21f253840c118ae9982c6c238e719ccfbd8f5ee215e30bf31f59401e921c6a9fca5349ebf4294d39b5931232929caf81701a7540962141efc672ae1459ef04de89c7a092e7f", 0xc9, 0x10000}], 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) 03:38:47 executing program 0: syz_init_net_socket$x25(0x9, 0x5, 0x0) creat(&(0x7f0000000240)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) pipe(&(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000380)={0x0, 0x0}) ioctl$DRM_IOCTL_ADD_CTX(0xffffffffffffffff, 0xc0086420, 0x0) pselect6(0xfffffffffffffdb6, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0) pipe(&(0x7f0000000040)) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) 03:38:47 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f0000000140)="b9800000c00f3235008000000f300f0051730f20d835200000000f22d80f2050670f20196667f30f2396660ff593020000008fc830cfdc87ea580000001c000f209d", 0x42}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_ENABLE_CAP_CPU(r2, 0x4068aea3, &(0x7f0000000380)={0x7b}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x40000004, 0x0, 0x0, 0x0, 0x4cb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4f]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_GET_IRQCHIP(r1, 0xc208ae62, &(0x7f0000000000)) ioctl$KVM_RUN(r2, 0xae80, 0x0) socket$bt_cmtp(0x1f, 0x3, 0x5) 03:38:47 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x803, 0x0) sendto(r0, &(0x7f0000cfefee)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0x80, &(0x7f0000000380)=[{&(0x7f0000000040)=""/95, 0x630}, {&(0x7f00000000c0)=""/85, 0xfb}, {&(0x7f0000000fc0)=""/4096, 0x3f}, {&(0x7f0000000400)=""/120, 0x78}, {&(0x7f0000000480)=""/60, 0xf0}, {&(0x7f0000000200)=""/77, 0x4d}, {&(0x7f0000000540)=""/154, 0x9a}, {&(0x7f0000000340)=""/22, 0x16}], 0xa4, &(0x7f0000002400)=""/191, 0xbf}}], 0x4000000000000f0, 0x0, &(0x7f0000003700)={0x77359400}) [ 541.241726] sg_write: data in/out 167162/24 bytes for SCSI command 0xff-- guessing data in; [ 541.241726] program syz-executor.1 not setting count and/or reply_len properly [ 541.311952] FAULT_INJECTION: forcing a failure. [ 541.311952] name failslab, interval 1, probability 0, space 0, times 0 [ 541.330697] CPU: 1 PID: 19319 Comm: syz-executor.4 Not tainted 4.14.134 #30 [ 541.337820] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 541.347175] Call Trace: [ 541.349774] dump_stack+0x138/0x19c [ 541.353412] should_fail.cold+0x10f/0x159 [ 541.357569] should_failslab+0xdb/0x130 03:38:47 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x803, 0x0) recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0x80, &(0x7f0000000380)=[{&(0x7f0000000040)=""/95, 0x630}, {&(0x7f00000000c0)=""/85, 0xfb}, {&(0x7f0000000fc0)=""/4096, 0x3f}, {&(0x7f0000000400)=""/120, 0x78}, {&(0x7f0000000480)=""/60, 0xf0}, {&(0x7f0000000200)=""/77, 0x4d}, {&(0x7f0000000540)=""/154, 0x9a}, {&(0x7f0000000340)=""/22, 0x16}], 0xa4, &(0x7f0000002400)=""/191, 0xbf}}], 0x4000000000000f0, 0x0, &(0x7f0000003700)={0x77359400}) 03:38:47 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x803, 0x0) recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0x80, &(0x7f0000000380)=[{&(0x7f0000000040)=""/95, 0x630}, {&(0x7f00000000c0)=""/85, 0xfb}, {&(0x7f0000000fc0)=""/4096, 0x3f}, {&(0x7f0000000400)=""/120, 0x78}, {&(0x7f0000000480)=""/60, 0xf0}, {&(0x7f0000000200)=""/77, 0x4d}, {&(0x7f0000000540)=""/154, 0x9a}, {&(0x7f0000000340)=""/22, 0x16}], 0xa4, &(0x7f0000002400)=""/191, 0xbf}}], 0x4000000000000f0, 0x0, &(0x7f0000003700)={0x77359400}) [ 541.361551] __kmalloc_track_caller+0x2ec/0x790 [ 541.366231] ? kstrdup_const+0x48/0x60 [ 541.370121] kstrdup+0x3a/0x70 [ 541.373318] kstrdup_const+0x48/0x60 [ 541.377042] alloc_vfsmnt+0xe5/0x7d0 [ 541.380757] vfs_kern_mount.part.0+0x2a/0x3d0 [ 541.385264] do_mount+0x417/0x27d0 [ 541.388807] ? copy_mount_options+0x5c/0x2f0 [ 541.393224] ? rcu_read_lock_sched_held+0x110/0x130 [ 541.398252] ? copy_mount_string+0x40/0x40 [ 541.402499] ? copy_mount_options+0x1fe/0x2f0 [ 541.407000] SyS_mount+0xab/0x120 03:38:47 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x803, 0x0) recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0x80, &(0x7f0000000380)=[{&(0x7f0000000040)=""/95, 0x630}, {&(0x7f00000000c0)=""/85, 0xfb}, {&(0x7f0000000fc0)=""/4096, 0x3f}, {&(0x7f0000000400)=""/120, 0x78}, {&(0x7f0000000480)=""/60, 0xf0}, {&(0x7f0000000200)=""/77, 0x4d}, {&(0x7f0000000540)=""/154, 0x9a}, {&(0x7f0000000340)=""/22, 0x16}], 0xa4, &(0x7f0000002400)=""/191, 0xbf}}], 0x4000000000000f0, 0x0, &(0x7f0000003700)={0x77359400}) [ 541.410457] ? copy_mnt_ns+0x8c0/0x8c0 [ 541.414363] do_syscall_64+0x1e8/0x640 [ 541.418259] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 541.423113] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 541.428295] RIP: 0033:0x45c27a [ 541.431490] RSP: 002b:00007f4eb8d06a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 541.439202] RAX: ffffffffffffffda RBX: 00007f4eb8d06b40 RCX: 000000000045c27a [ 541.446476] RDX: 00007f4eb8d06ae0 RSI: 0000000020000100 RDI: 00007f4eb8d06b00 [ 541.453746] RBP: 0000000000000001 R08: 00007f4eb8d06b40 R09: 00007f4eb8d06ae0 03:38:47 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendto(0xffffffffffffffff, &(0x7f0000cfefee)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0x80, &(0x7f0000000380)=[{&(0x7f0000000040)=""/95, 0x630}, {&(0x7f00000000c0)=""/85, 0xfb}, {&(0x7f0000000fc0)=""/4096, 0x3f}, {&(0x7f0000000400)=""/120, 0x78}, {&(0x7f0000000480)=""/60, 0xf0}, {&(0x7f0000000200)=""/77, 0x4d}, {&(0x7f0000000540)=""/154, 0x9a}, {&(0x7f0000000340)=""/22, 0x16}], 0xa4, &(0x7f0000002400)=""/191, 0xbf}}], 0x4000000000000f0, 0x0, &(0x7f0000003700)={0x77359400}) [ 541.461004] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000006 [ 541.468276] R13: 00000000004c88e2 R14: 00000000004df6b0 R15: 0000000000000005 [ 541.520192] net_ratelimit: 17 callbacks suppressed [ 541.520198] protocol 88fb is buggy, dev hsr_slave_0 [ 541.520605] protocol 88fb is buggy, dev hsr_slave_0 [ 541.525256] protocol 88fb is buggy, dev hsr_slave_1 [ 541.530504] protocol 88fb is buggy, dev hsr_slave_1 [ 541.546225] protocol 88fb is buggy, dev hsr_slave_0 [ 541.551664] protocol 88fb is buggy, dev hsr_slave_1 [ 541.600574] protocol 88fb is buggy, dev hsr_slave_1 [ 541.920142] protocol 88fb is buggy, dev hsr_slave_0 [ 541.925304] protocol 88fb is buggy, dev hsr_slave_1 [ 542.217562] kauditd_printk_skb: 40 callbacks suppressed [ 542.217571] audit: type=1400 audit(2000000328.609:2467): avc: denied { map } for pid=19342 comm="blkid" path="/sbin/blkid" dev="sda1" ino=16128 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=0 [ 543.600131] protocol 88fb is buggy, dev hsr_slave_0 03:38:50 executing program 2: socketpair$unix(0x1, 0x0, 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="2001000010db55000000000000649bdb382db60cdb35feaf0900000000000000000000000000201483d9b22701010000d08a38cd02119fd7d2"], 0x1}}, 0x0) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x38) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r0, 0x0, 0x0) wait4(r0, &(0x7f0000000040), 0x8, &(0x7f0000000180)) 03:38:50 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x803, 0x0) sendto(r0, &(0x7f0000cfefee)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) syz_init_net_socket$rose(0xb, 0x5, 0x0) recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0x80, &(0x7f0000000380)=[{&(0x7f0000000040)=""/95, 0x630}, {&(0x7f00000000c0)=""/85, 0xfb}, {&(0x7f0000000fc0)=""/4096, 0x3f}, {&(0x7f0000000400)=""/120, 0x78}, {&(0x7f0000000480)=""/60, 0xf0}, {&(0x7f0000000200)=""/77, 0x4d}, {&(0x7f0000000540)=""/154, 0x9a}, {&(0x7f0000000340)=""/22, 0x16}], 0xa4, &(0x7f0000002400)=""/191, 0xbf}}], 0x4000000000000f0, 0x0, &(0x7f0000003700)={0x77359400}) 03:38:50 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") r1 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x8046) fdatasync(r1) ioctl$EXT4_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000080)=0xaf73620df39e3201) write(r1, &(0x7f0000000180)="b63db85e1e8d020000000000003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1acfbd6cbf87798a9b02de7a91a3cbdfa009cf75a7eadb2a00", 0xfffffdaf) readv(r1, &(0x7f000085dff0)=[{&(0x7f0000000000)=""/62, 0x3e}], 0x1) 03:38:50 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendto(0xffffffffffffffff, &(0x7f0000cfefee)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0x80, &(0x7f0000000380)=[{&(0x7f0000000040)=""/95, 0x630}, {&(0x7f00000000c0)=""/85, 0xfb}, {&(0x7f0000000fc0)=""/4096, 0x3f}, {&(0x7f0000000400)=""/120, 0x78}, {&(0x7f0000000480)=""/60, 0xf0}, {&(0x7f0000000200)=""/77, 0x4d}, {&(0x7f0000000540)=""/154, 0x9a}, {&(0x7f0000000340)=""/22, 0x16}], 0xa4, &(0x7f0000002400)=""/191, 0xbf}}], 0x4000000000000f0, 0x0, &(0x7f0000003700)={0x77359400}) 03:38:50 executing program 4 (fault-call:1 fault-nth:57): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f0000000380)="8da4363ac0ed0000000000000000004d01000000000000000000000000000013fff6f2a2299748aeb81e1b00920efd9a000001000000000001000000000000005f42485266535f4d860c1317278d451fd38e4071a1e91c0523b67fecca5b668ef40000000000000000e4bd9fa7c5fcb3aefd8d4a6c4952162a5a06316567de06abe647d21f253840c118ae9982c6c238e719ccfbd8f5ee215e30bf31f59401e921c6a9fca5349ebf4294d39b5931232929caf81701a7540962141efc672ae1459ef04de89c7a092e7f", 0xc9, 0x10000}], 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) 03:38:50 executing program 0: socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) pipe2(0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) clone(0x3fd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$RFKILL_IOCTL_NOINPUT(0xffffffffffffffff, 0x5201) request_key(&(0x7f00000000c0)='asymmetric\x00', &(0x7f0000001ffb)={'\x00\x00\x06', 0xffffffffffffffff, 0x6c00}, &(0x7f0000001fee)='R\trusB\xe3cusgrVex:1e', 0x0) clock_adjtime(0x3, 0x0) r2 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/enforce\x00', 0x80400, 0x0) ioctl$ASHMEM_GET_SIZE(r2, 0x7704, 0x0) ioctl$sock_bt_hidp_HIDPCONNADD(r2, 0x400448c8, &(0x7f0000000240)={r1, r0, 0x80000001, 0xcb, &(0x7f0000000100)="9608631066ffa5989565f4f4dbdde6d666ca4af7a65404b1a39413bfe258ad979b214e04e37da852f8705ab475c8561fa32e4aea9f68815bcb369a2ddfaed3609bdd618739e22fe8b7f295671bdd1b1b86050d27876229af5a54aeac6c4b09072fddf48207049524ddd951b929226f8cb442cd58fb0bf2f50d30816622719ea7de89eccb55a317d76868ac4a107bcfeb61005a072fc65cd9b6bb49fefeb451fa2468055896c5ac67fedac9f387859e78b1bf51217b7e855579a362c2640f8654faf0faffe7c8429d1b3d1a", 0x9, 0x5, 0x80d7, 0x3, 0x7c93, 0x2, 0x7ea, 'syz1\x00'}) [ 543.871805] sg_write: data in/out 167162/2147479504 bytes for SCSI command 0xff-- guessing data in; [ 543.871805] program syz-executor.1 not setting count and/or reply_len properly [ 543.888796] audit: type=1400 audit(2000000330.269:2468): avc: denied { map } for pid=19347 comm="blkid" path="/sbin/blkid" dev="sda1" ino=16128 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=0 [ 543.890131] FAULT_INJECTION: forcing a failure. [ 543.890131] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 543.922741] CPU: 0 PID: 19353 Comm: syz-executor.4 Not tainted 4.14.134 #30 [ 543.929847] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 543.939206] Call Trace: [ 543.941801] dump_stack+0x138/0x19c [ 543.945445] should_fail.cold+0x10f/0x159 [ 543.949597] __alloc_pages_nodemask+0x1d6/0x7a0 [ 543.954266] ? fs_reclaim_acquire+0x20/0x20 [ 543.958595] ? __alloc_pages_slowpath+0x2930/0x2930 [ 543.963640] cache_grow_begin+0x80/0x400 [ 543.967714] kmem_cache_alloc+0x6a6/0x780 [ 543.971869] ? _raw_spin_unlock_irq+0x5e/0x90 [ 543.976375] getname_flags+0xcb/0x580 [ 543.980184] ? trace_hardirqs_on_caller+0x400/0x590 [ 543.982986] audit: type=1400 audit(2000000330.379:2469): avc: denied { create } for pid=19364 comm="syz-executor.5" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=0 [ 543.985203] user_path_at_empty+0x2f/0x50 [ 543.985218] do_mount+0x12b/0x27d0 [ 543.985229] ? retint_kernel+0x2d/0x2d [ 543.985244] ? copy_mount_string+0x40/0x40 [ 543.985255] ? copy_mount_options+0x18f/0x2f0 [ 543.985267] ? copy_mount_options+0x199/0x2f0 [ 544.036853] audit: type=1400 audit(2000000330.409:2470): avc: denied { create } for pid=19364 comm="syz-executor.5" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=0 [ 544.039352] ? copy_mount_options+0x1fe/0x2f0 [ 544.039368] SyS_mount+0xab/0x120 03:38:50 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = socket(0x1, 0x6, 0x1e11) getsockopt$bt_l2cap_L2CAP_OPTIONS(r1, 0x6, 0x1, &(0x7f0000000040), &(0x7f00000000c0)=0xc) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca50d5e0bcfe47bf070") setsockopt$TIPC_MCAST_REPLICAST(r1, 0x10f, 0x86) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$fou(&(0x7f0000000080)='fou\x00') sendmsg$FOU_CMD_ADD(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB="64bddddeceef125c055c8fde307a5a7e1ab809d506d616fa3c647ea381bcccf49de9060f71cac01d535d82089c6f1e39bd0251dd22f60fdccaf17605cf42aa7a0ce2150d0a408de96e54b8e7c1afd90c984a44fe15229a76aa1e75eca81e7809df2e7e189b6258cf5257e7ae48745be481b5", @ANYRES16=r3, @ANYBLOB="010000000000000000000100000004000500"], 0x18}}, 0x0) 03:38:50 executing program 5: bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000100)={0x0, 0xffffffffffffff9c, 0x0, 0x20, &(0x7f00000000c0)='em1]systemself]cgroup#*em1ppp0,\x00', 0xffffffffffffffff}, 0x30) add_key(&(0x7f00000002c0)='trusted\x00', &(0x7f00000007c0)={'syz'}, 0x0, 0x0, 0xfffffffffffffffb) add_key(&(0x7f0000000880)='big_key\x00', &(0x7f00000008c0)={'syz'}, 0x0, 0x0, 0xffffffffffffffff) getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffff9c, 0x0, 0x10, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$vbi(0x0, 0x0, 0x2) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x10}]}}}]}, 0x3c}}, 0x0) syz_open_dev$loop(0x0, 0x0, 0x0) msgget$private(0x0, 0x0) msgget$private(0x0, 0x19) msgctl$IPC_RMID(0x0, 0x0) r2 = syz_open_dev$mouse(0x0, 0x100000001, 0x0) getsockopt$inet6_dccp_int(r2, 0x21, 0x0, 0x0, 0x0) getsockopt$inet_sctp_SCTP_PEER_ADDR_THLDS(r0, 0x84, 0x1f, &(0x7f0000000140)={0x0, @in6={{0xa, 0x4e22, 0xfffffffffffffffb, @initdev={0xfe, 0x88, [], 0x1, 0x0}, 0x3}}, 0x2, 0x4}, &(0x7f0000000000)=0x90) getsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(r0, 0x84, 0x72, &(0x7f0000000200)={r3, 0x7fffffff}, &(0x7f0000000240)=0xc) [ 544.039378] ? copy_mnt_ns+0x8c0/0x8c0 [ 544.039391] do_syscall_64+0x1e8/0x640 [ 544.039405] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 544.084547] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 544.089740] RIP: 0033:0x45c27a [ 544.092926] RSP: 002b:00007f4eb8d06a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 544.100639] RAX: ffffffffffffffda RBX: 00007f4eb8d06b40 RCX: 000000000045c27a 03:38:50 executing program 2: socketpair$unix(0x1, 0x0, 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="2001000010db55000000000000649bdb382db60cdb35feaf0900000000000000000000000000201483d9b22701010000d08a38cd02fa9ed7d2"], 0x1}}, 0x0) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setxattr$security_ima(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='security.ima\x00', &(0x7f0000000100)=@md5={0x1, "335cb75fe9c7e6b6ec6a58b669e2f481"}, 0x11, 0x2) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x38) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r0, 0x0, 0x0) 03:38:50 executing program 0: ioctl$DRM_IOCTL_INFO_BUFS(0xffffffffffffffff, 0xc0106418, &(0x7f0000000040)={0xffff, 0x3, 0x3}) r0 = syz_open_dev$dri(&(0x7f0000000080)='/dev/dri/card#\x00', 0x0, 0x0) ioctl(r0, 0x80000000000200, &(0x7f00000000c0)="1f167c4cf3e3918be11b1ce953e1e890f17029a8149b902ae9db3962ad41b23c87b0229df12c816442a08631fc5916b11cce12c144a997e8dd58cc19b4c89ed96fa217bfec06234ff8649835f8afed4367d078ae853cbe6d155bc5705ff3aa07514755932324b9b9bf652b2afd2f3c9a419091617b93ef7388ace6248da6af30b980917921c2e9f09201514ca241d8377935d2c5d9e0d4846773a9ea4cac1a44d3fb0b00e311244f24767c4b93d3f45695e49a24d6dc6799908c4e4aacdbf20771fd9c1f1b5f0a3c9c878a26b5886958735986bb1699b6ab51a8a093d2bc302e10c2d673bcaa56c067b62a4d30976781d119a3b75110a8719deab08b7399306ae9bfb317b10a44867b7f08e9e631caa36756f0025fa9ee5795fd69e8f64a6adf2b1feccf24adba80de78") 03:38:50 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendto(0xffffffffffffffff, &(0x7f0000cfefee)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0x80, &(0x7f0000000380)=[{&(0x7f0000000040)=""/95, 0x630}, {&(0x7f00000000c0)=""/85, 0xfb}, {&(0x7f0000000fc0)=""/4096, 0x3f}, {&(0x7f0000000400)=""/120, 0x78}, {&(0x7f0000000480)=""/60, 0xf0}, {&(0x7f0000000200)=""/77, 0x4d}, {&(0x7f0000000540)=""/154, 0x9a}, {&(0x7f0000000340)=""/22, 0x16}], 0xa4, &(0x7f0000002400)=""/191, 0xbf}}], 0x4000000000000f0, 0x0, &(0x7f0000003700)={0x77359400}) [ 544.102062] audit: type=1400 audit(2000000330.409:2471): avc: denied { create } for pid=19364 comm="syz-executor.5" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=0 [ 544.107912] RDX: 00007f4eb8d06ae0 RSI: 0000000020000100 RDI: 00007f4eb8d06b00 [ 544.107919] RBP: 0000000000000001 R08: 00007f4eb8d06b40 R09: 00007f4eb8d06ae0 [ 544.107924] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000006 [ 544.107931] R13: 00000000004c88e2 R14: 00000000004df6b0 R15: 0000000000000005 03:38:50 executing program 3: r0 = socket(0x10, 0x803, 0x0) sendto(r0, &(0x7f0000cfefee)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0x80, &(0x7f0000000380)=[{&(0x7f0000000040)=""/95, 0x630}, {&(0x7f00000000c0)=""/85, 0xfb}, {&(0x7f0000000fc0)=""/4096, 0x3f}, {&(0x7f0000000400)=""/120, 0x78}, {&(0x7f0000000480)=""/60, 0xf0}, {&(0x7f0000000200)=""/77, 0x4d}, {&(0x7f0000000540)=""/154, 0x9a}, {&(0x7f0000000340)=""/22, 0x16}], 0xa4, &(0x7f0000002400)=""/191, 0xbf}}], 0x4000000000000f0, 0x0, &(0x7f0000003700)={0x77359400}) 03:38:50 executing program 0: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000200)='/dev/net/tun\x00', 0x0, 0x0) socketpair$unix(0x1, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = memfd_create(&(0x7f00000001c0)='-B\xd5NI\xc5j\xbappp\xf0\b\x84\xa2m\x00:)\x00\xbb\x8d\xac\xacva}knh#\xcb)\x0f\xc8\xc0:\x9cc\x10d\xee\xa9\x8bCc\xad\x89\x9ck\xde\xc5\xe96\xddU\xa9=\xcdJx\xaa\x8f~\xb90a\xa9\xb2\x04K\x98\x93?\x88Q\xf7\xd6\x1d\xa1\xce\x8b\x19\xea\xef\xe3\xab\xb6\xa5$4\xd6\xfe7\x0f\xe7\xd9$\xce \xabN\xae\xc9\xbd\xd3g@\xe1\'s\x0e\x90\xf2\xcdr\xb8(', 0x0) pwrite64(r1, &(0x7f000003bfff)='/', 0x1, 0x0) mmap(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x6, 0x11, r1, 0x200) lseek(r0, 0x0, 0x7) sendfile(r1, r1, &(0x7f0000000440), 0x20) sendfile(r1, r1, &(0x7f0000000100), 0x7f8) symlink(&(0x7f0000001000)='./file0\x00', &(0x7f0000000080)='./file0\x00') pivot_root(&(0x7f0000000140)='./file2\x00', &(0x7f0000000380)='./file0\x00') r2 = dup3(r0, 0xffffffffffffffff, 0x80000) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r3, &(0x7f0000000100)={0xa, 0x0, 0x0, @dev, 0x5}, 0x1c) r4 = syz_open_procfs(0x0, &(0x7f0000000040)='net/protocols\x00') write$UHID_CREATE2(r2, &(0x7f0000000840)=ANY=[@ANYPTR64], 0x1) fcntl$getownex(r1, 0x10, &(0x7f0000000300)={0x0, 0x0}) fcntl$setown(r4, 0x8, r5) sendfile(r3, r4, 0x0, 0x8000) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount$bpf(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000019c0)='bpf\x00', 0x0, 0x0) mkdir(&(0x7f00000000c0)='./file0/file0\x00', 0x0) mount$bpf(0x20000000, &(0x7f0000000240)='./file0/file0\x00', 0x0, 0x5004, 0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000000180)='TIPC\x00') ioctl$sock_SIOCDELDLCI(r3, 0x8981, 0x0) mount$bpf(0x20000000, &(0x7f0000000280)='./file0/file0/file0\x00', 0x0, 0x588e, 0x0) mount$bpf(0x0, &(0x7f00000005c0)='./file1\x00', &(0x7f00000002c0)='bpf\x00', 0x10000001910823, 0x0) umount2(&(0x7f0000000800)='./file0\x00', 0x0) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='loginuid\x00') [ 544.193375] audit: type=1400 audit(2000000330.409:2472): avc: denied { create } for pid=19364 comm="syz-executor.5" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=0 [ 544.254659] audit: type=1400 audit(2000000330.569:2473): avc: denied { map } for pid=19375 comm="blkid" path="/sbin/blkid" dev="sda1" ino=16128 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=0 [ 544.283095] audit: type=1400 audit(2000000330.619:2474): avc: denied { map } for pid=19384 comm="blkid" path="/sbin/blkid" dev="sda1" ino=16128 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=0 [ 544.306722] audit: type=1400 audit(2000000330.629:2475): avc: denied { map } for pid=19385 comm="blkid" path="/sbin/blkid" dev="sda1" ino=16128 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=0 [ 544.330066] audit: type=1400 audit(2000000330.639:2476): avc: denied { map } for pid=19389 comm="blkid" path="/sbin/blkid" dev="sda1" ino=16128 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=0 03:38:50 executing program 2: sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=ANY=[@ANYBLOB="2001001de9bc28530010db55000000000000649bdb382db60cdb35feaf0900000000000000000040000000201483d9b2270101d08a38cd02fa9ed7d2"], 0x1}}, 0x0) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000040)=0x0) prctl$PR_SET_PTRACER(0x59616d61, r0) clone(0x810180, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) r2 = syz_open_dev$sndpcmp(&(0x7f00000000c0)='/dev/snd/pcmC#D#p\x00', 0xff, 0x171000) lstat(&(0x7f0000000300)='./file0\x00', &(0x7f0000000340)={0x0, 0x0, 0x0, 0x0, 0x0}) r4 = geteuid() fstat(0xffffffffffffffff, &(0x7f0000000680)={0x0, 0x0, 0x0, 0x0, 0x0}) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000700)={0x0, 0x0}, &(0x7f0000000740)=0xc) stat(&(0x7f0000000780)='./file0\x00', &(0x7f00000007c0)={0x0, 0x0, 0x0, 0x0, 0x0}) lstat(&(0x7f0000000f80)='./file0\x00', &(0x7f0000000fc0)={0x0, 0x0, 0x0, 0x0, 0x0}) lstat(&(0x7f0000001040)='./file0\x00', &(0x7f0000001080)={0x0, 0x0, 0x0, 0x0, 0x0}) r10 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0xfffffffffffffffe) r11 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r12 = accept4$netrom(0xffffffffffffffff, &(0x7f00000039c0)={{}, [@default, @default, @remote, @netrom, @remote, @remote, @rose, @null]}, &(0x7f0000003a40)=0x48, 0x800) r13 = socket$nl_generic(0x10, 0x3, 0x10) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000003ac0)={r1, 0xffffffffffffffff, 0x0, 0x4, &(0x7f0000003a80)='em0\x00'}, 0x30) r15 = socket$isdn(0x22, 0x3, 0x22) r16 = socket$inet6_tcp(0xa, 0x1, 0x0) r17 = openat$smack_thread_current(0xffffffffffffff9c, &(0x7f0000003b00)='/proc/thread-self/attr/current\x00', 0x2, 0x0) r18 = fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) r19 = openat$uhid(0xffffffffffffff9c, &(0x7f0000003bc0)='/dev/uhid\x00', 0x0, 0x0) r20 = socket$inet_udplite(0x2, 0x2, 0x88) r21 = openat$vimc0(0xffffffffffffff9c, &(0x7f0000003c00)='/dev/video0\x00', 0x2, 0x0) r22 = socket$alg(0x26, 0x5, 0x0) r23 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000003c40)='rdma.current\x00', 0x0, 0x0) r24 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000003c80)='/dev/video35\x00', 0x2, 0x0) r25 = openat$uhid(0xffffffffffffff9c, &(0x7f0000003cc0)='/dev/uhid\x00', 0x8d21a9b73ef7aea7, 0x0) r26 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000003d00)='/selinux/enforce\x00', 0x200000, 0x0) r27 = epoll_create1(0x80000) r28 = syz_open_procfs(r1, &(0x7f0000003d40)='net/packet\x00') r29 = syz_open_dev$vcsn(&(0x7f0000003d80)='/dev/vcs#\x00', 0x4, 0x4000) r30 = socket$inet_sctp(0x2, 0x5, 0x84) r31 = bpf$MAP_CREATE(0x0, &(0x7f0000003dc0)={0x0, 0x8, 0x7fffffff, 0x8, 0x20, 0xffffffffffffffff, 0x10001, [], 0x0, 0xffffffffffffffff, 0x3, 0x1}, 0x3c) r32 = geteuid() stat(&(0x7f0000003e00)='./file0\x00', &(0x7f0000003e40)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r34 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r35 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000003ec0)='/dev/video35\x00', 0x2, 0x0) r36 = openat$selinux_access(0xffffffffffffff9c, &(0x7f0000003f00)='/selinux/access\x00', 0x2, 0x0) r37 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000003f40)='/proc/self\x00', 0x0, 0x0) r38 = socket$inet6(0xa, 0x4, 0xead) r39 = socket$inet6_dccp(0xa, 0x6, 0x0) r40 = signalfd4(0xffffffffffffffff, &(0x7f0000003f80)={0x3cb3c367}, 0x8, 0x800) sendmsg$netlink(r2, &(0x7f00000040c0)={&(0x7f00000001c0)=@kern={0x10, 0x0, 0x0, 0x1004}, 0xc, &(0x7f0000003940)=[{&(0x7f0000000200)={0xf0, 0x25, 0x202, 0x70bd28, 0x25dfdbfd, "", [@generic="a14bdc26673ff7f6ac13c653487749d85a5674d1d5aa51bfb809d49315dec4f4cbfd7fb8f653be4aa0094b76604cdf4552b674df40b1720f273a26487899a2d30405dd16b88a71758cd2a86e0a4cb136312af7b1cdd34e856689aedf8e3800116926c9851412254809d171733c920365688d8e62fbd5e24474e3c776f2836d7bddb39102a9ffc750007c526acdd0a178dea5df8582d52cf99baa1775a0170572b3707bc04a91e5066509", @typed={0x14, 0x6c, @ipv6=@ipv4={[], [], @rand_addr=0x6}}, @typed={0x8, 0x22, @pid=r1}, @nested={0x18, 0x9, [@typed={0x14, 0xe, @ipv6=@mcast1}]}]}, 0xf0}, {&(0x7f00000003c0)={0x2a4, 0x12, 0x8, 0x70bd26, 0x25dfdbfd, "", [@nested={0x6c, 0x7b, [@generic="e22ef3e4f380f226c720fb1b18dd8aee1fbd6503df57bd6fab888d376eeb54f70b5f3a6de71d2cdb0e2227b9e3d8be55befd7c1a21bc14d2e51ac667d844902c057edb3977fa14b799172a52dbfaa39c044a7c6e7cd864f25f52afc4f19e4861", @typed={0x8, 0x80, @ipv4=@empty}]}, @nested={0x224, 0x3a, [@generic="7eff72b365f480fcb6c44a60fac8618d2e0ce9740642ae31d40780ec602fd75b6618dc1e3e68bde00fff1fc0a593d039865073344620526058b557cc0e132fad4bce9e7d08674e1d53a982fdd3f170effc2d2ce4ab3892824b57a24cd8bd7e0224ea8b7f788bded689f3186920e225036d1d622acf9015a565aaf8336c", @generic="bf130f4ac7331b7fe8c1b38d419643116bcb6ecabfdf33c9ed7d0c45df8f74569478fc42fd6e13105ae01824f7f91dbadeacf05f375398e3e00e26b2b8fbff4d040859f6cd14e0e439ee72523b2e0b30d434d8d56bb8633f0699a7f715ed8bc667cd419d36d397859cef792ab2bb65738477b9b29b270eca", @generic="279f87778cf705d00ce0e15cb660b5f00be503fa4b1d874ae913b2d3c64e6d382aa1ab3a71b4683231eda0e48136d9e596a5eaa14ce839c04b288b19f3123af7d18d79e2559f0fff52c37e2163c97f7fdde1213978b61c3f11b99b6ab486e138e5f8a9d3b464dff5a3d62ea50e5fffe9a4f5d885ce03a13cf64c482d57b52fd29decf50e1f9e1835d7cae6958858d526b97efe76dbddc86265e5dac40e14795dc9052df4b049777f8fe58c349435ef3dc507743e2cba6452bc16837ea6d6ff848c704d1f868144d94e9af882b806b5ccc202513c9c67", @typed={0x8, 0x36, @uid=r3}, @generic="0b522ca0e8c89bdc096e7dec2fed3db84fb12174bcacde2e911323e22fff46e90a1263c104fe119586a5a3670627f7c5c4ba1b0c1eb26c2506c00f1e03a21151ecf663f253ec146319a54f"]}, @typed={0x4, 0x1e}]}, 0x2a4}, {&(0x7f0000000840)={0x704, 0x22, 0x200, 0x70bd2d, 0x25dfdbfb, "", [@nested={0x160, 0x4b, [@generic="7728d0a50639972178d04232ae5a3601c04d53fbe585607915e0ec49d4cc34ebe6dfbf7b5e09293c56d4ef7831bc2f9570114c7bf81d46ed3eb0a235ccadabc1aa7c456acc34f818b8977630bb751df0dd755b2ac8770e80ecd73b15838677631646e3ca48f45a089aee68a56e95508ca3e36fa8dfb09ee762ffe93852d8cafcb07611ef96d1b6d8ccc48b8cedbd78e35f48f795ae7fd440a9ac2ea72a505f02f6e871ebaccc5f0b028ce0a3d84c4bf2cfd38f379a82ed", @typed={0x8, 0x4b, @ipv4=@multicast1}, @typed={0x8, 0x1c, @uid=r4}, @generic="43f7d80dcab52cfdfd9a4b0101eedf0d1c6aebb6301b4e37779865d61d6a95477df9fa27961fe322012b90a35c6ee6b0e32025bce3483c738ec4275232142ebc3ec211e458da00e58eb1fbe3dde8cbea6af37e409bca069653fb77913475191c25a72be80677fd3b774ea57df21311cfa56f6410fa19800f6cbd8d8356062661dee98eff0637e87efaf07c6fda8e2a81cfd21832"]}, @typed={0x14, 0x10, @str='/dev/input/mice\x00'}, @typed={0x8, 0x66, @ipv4=@dev={0xac, 0x14, 0x14, 0xb}}, @nested={0x268, 0x36, [@typed={0xc, 0x3d, @u64=0x81}, @generic="22e3130a30e672351b687d1a6749a5886f2b73360a871850f1f7d2cc37a9222a301c3af4a93daaba0949313b71d223b12bfcb1baf153d6ea5412c411c119c624181de1cde5c535280b706ccb3d0aa7a406e13cc2f323779468308e78777d3fe432a982a527003c252901124db60a18ea819e63489141304c59f3234cbfe0d363d14f3ef2397ac55efc8337f338ea500209355225d1775c7cb3f77b5963b1173b012fd952a47b239dd7aaf162e880714f950df3542bdaeca666f6bd9d8aae8f95389d58614f3c232ac91090ebce23cefdb7bae79b4e6c1f50fd22f43b", @generic="9a3a3cb2a3e326e6bd11ca122401f155b356d46277a75fbe8515e28a5e240b7da82cc2749762c9594905d6d24b37b609a054316300e16bfcf5bc93cc94604b13ed7dc9330e24732c87e6428476afa65101dace049df39276fc92d345e1b283c2ba83e2d57d7e7ce0c4a8cdf5235ab8af74a3ed5e8a7a136c60796b7263b4aef6547166ed3f4ed3c74fe1b3235d4b06b4d9671f9df48ddeb748bafdabbd0eb30025912a916dc7022ecc7d9187664397ed9d18fe4c3b8c857cc74ddb91545d24a1801d576cc9bd374e7ae6493ff852", @generic="5be552da7d341f7f0bbd5ad4830d3c5598d1818119532d1fba94b2fb5f9c92e76f3983e7124a20011394fbfade4d6469c7be503b96c5fe53c6173e19e385acd411377829f189a3d8d02399b89465014fccd7e4cf3534e3158b3b436848b30a83e015406e88de3833d73058a11e50e9630eda9fe3d65e9ceafe110dd0e89d7c2762c9d86a7bb1c8c7049b31294f6ae0e07614c5c227acfaadc5477a0bf38e7b8c1562ac27a60d0c99a6168e5001"]}, @typed={0x8, 0x2f, @uid=r5}, @nested={0x198, 0x6a, [@generic="b3805a076d31e5f6a21346313798c092eb391c9032652b2142e483c19eed83de41a2498009bb06bbf9cb3101c2ad8737baa7ce5f05c9a7625a1960ed34cbb6ab74c1b67591420b", @typed={0x8, 0x4d, @uid=r6}, @typed={0x8, 0x22, @u32=0x7fff}, @generic="8834e42e4f6d9e1ae422b2f342b24b4171a2cbfac1ae04eb891da515267b83c285823805b5975dbf2c10a921db4a0b49d9ce17d7484320387690aaab090144681c26c4ec4ea01df675ee50", @typed={0x8, 0x87, @pid=r1}, @generic="6cbc91626ed99217c0321ba51d36b5d88b6d21e5", @generic="50a59f167137a74e8afa0ff0005612707862c6070bd4e903bbb7d9f96de2051c958be625c046b42eb2f2c16bf3ed0afbcc2a3000596f0bb3fb4007d9a8342b93d8cdec9f53ece80ef6bf6300a1639550d464fd01307e5ff4198346456e2226f2aa1d5c7d565a3a0d4f9a6834b484ac6aced20dbd2a6ba92bf5d11858920215472bdc19c4dfc189e78568e115f1161d", @generic="2409cad1176283e8b841dd9ff6f816a0e65886af6dc40be3a159016e29fb8a3ac300a5a81d9357c60751c4943238de96098f755a4d68de414563d64096debd45396aaabf"]}, @nested={0x170, 0x8, [@generic="fa732856165e6e310cb44e4975b14b0c2fed418b49eedc3e5e45353a3ffd2ccf54981df4ea0e99a8c0a205fabe4cd2b9ee5221f418bd8ff883ee28342e43c81a8116f06ee2c4a39f8e379658e11629667383a2e7a97d061d6e7234baf2a62cf67a9a", @generic="1f79bd67b4d455f9720ee3c17b1bdf024bbb1e65700d3a0aacdf2466309702d616eca7f5338ff7eb1c7784c9b6b4bbd91eaa4760ce586dcc60ea29da7bee0f624b3f3b034ff153940080486d4c290be2cbcc0829800375f55fbbe2c52dc5d18c102db5ea7bef65d7b0a0e400eb212d11c8de6cd0d625b71a9ebc41af5542b1fffa1fd1a1c0ac0e155144ef75a587334d4982f1048f035d5374bf2f216c6a0ef764a861816183e731691e734729c396f4304290e4fff60094b722edd82aafef903478fae3736cb0bd0182ae08594db452aa3aaa51e27d4f060725a1d0c69a651551331fa32e", @typed={0x8, 0x75, @ipv4=@multicast2}, @generic, @typed={0x8, 0x5f, @uid=r7}, @typed={0x14, 0x93, @ipv6=@empty}]}]}, 0x704}, {&(0x7f0000001100)={0x10fc, 0x1e, 0x300, 0x70bd27, 0x25dfdbfb, "", [@typed={0x8, 0x1e, @u32=0xffffffffffffff80}, @typed={0xa0, 0x2a, @binary="8b1b2933eafac35d8b4715ac841ce66dce6de8c0391219d98a2f08cbe399c6c9c4b8e4f5ab24c5a59474fb589d155781cefc6256465b3b606246a0855bd221e871caffdac1ecdcf4cc372933c3c155412d5eb45566101bd2b26407f5a62076edb9e339ec3d81717b4d61a25f0179e0470904cccdd9315a0013e4eae56e1ffb1ff1e6ed7dd2cc82e7fb7f4ba8079fe99b988b3d7eb39b1d30eb"}, @nested={0x1044, 0x86, [@typed={0xc, 0x75, @u64=0x5}, @generic="c47aeff90b46463e", @typed={0x8, 0x6b, @uid=r8}, @typed={0x4, 0x23}, @typed={0x14, 0xe, @ipv6=@mcast1}, @typed={0x8, 0x66, @uid=r9}, @typed={0x1004, 0x75, @binary="a6e5f1a97fdde70eaf09958f05b60a6cd01a3c1af2fbe9017e8ff5518fe8039f3b5dd4f7f0a01606ed46a6ee2ae97cf8823bb14d8aa78a4f8932cf0698b217121f7ae6a8c315f9f327330c114b45ede923371c30d0871b8658c2d6899aaade6049dbe7dbdce50b6b9b8031cf7e10ffbdca929f3038dc91c4d92a812c09f0eefbeaf9396de4bb109d88beb860a03b302fd1c7a2b89c40f7b71cf12d8b0e31c4b101e5a022ef1011867688edf36ecb768a7db68a1af21e7d560c7ede2b4084259eb9aa328af0453d3f6113059eb9bd2f2b4538c022dfba7594c8218e27e21344e3664d6032b84e06344dad5758d4cd9a813b1bb3dd29f7b062128bc3627cfd20ac6bc17f3a21e0e46820cb0fcee1459ba6be64cfb4584fbef55bb96ff4a1256e215b8fc622f93fe3cee5c8a8a34bc19bc6cdc8a39e06566636b170544b1a9ceefdfe140a77efecbe20620ada2db122b07ffcab8b515b17d25c5cc0be273b7e2fe8ad80c363457c0b386dc59043725ae3f07a236617e4a7c8a4316444e9b474bc24837027132c907aa71b5bf87d8f603649364b5c7f0d6a16e3bf712f825f7bfc1c0bc694d9e2cf03b90c5d1e8b406398d4ccd4970429e5b631fc6342d02d5a09f7fbf804ebbd5120f7375388e3f80d5d57f9b9be1674d6b45d3b8104eb8b368ffbae2d33406e88c2157d64b91a6460c7e0019739e140e1721a6211fab6644f53ec63f58d70d897d2c522ca841ec584c19a9c64cdc58160ad404ad1aca34d1dfa9feee76017bd3c5ade01d49329ebd0391147e4f632abde8689ff9ccbafa368e766478c4e6c563ef05b99250de408367cd643a746667426a8b5cc9ff0f50efe945665ee550a2f43258166f250c4dd45eb0003e99bb65f2f7d89c862161f2c75fa1f4e4e1b56b8faadb6ebd7526ed3316c3f6034beb1bbb7e003d9eb619030a67255c41df31f95065e3e16cc827ac74d65205427f66461fe565c7be3e7b9361ec4e1b0b4b073ea345052b22d33c1e12d18d48a9a293cc84f16f921b88092d3e60947503226a3d284733c1bf3e1a527bc6561c350e5cf81663fde06aaf0c74b2911c8c5a1b928f25168e8a350056882dad9d1a3ed107f8f55eede4301f6c4a2ea237a45ceeebd0bbe9f0f53506f65617d483fd8ae0940d133d123ff8ffb753d2fb4a05fa817ae81b112d43656f59f7d3ee92382fb6a776406a003e65d878ae128e3e797c2e26847598fc981dc6ed23aaaa453ba35a3ae5aed38803bd6e6f1e94c66468fc90c95f542fd6351700662e0c73cc8e8f1ed21ad1e305f273f236d0bc12e6a546aacad9e79d7420db31912b3e0256f014f6e4e366763bafed5f3bef8f73512a1178a3ce16d36c3210b275914190f3e0416cc941bb2d982b6f617e8359e519b44b2ad55cd42f632541a360ff209304092acb2340de86832ad4a76412024d871275729c89f851f4c3c2536302ae3fede9d5da6e30ea983644be52132c38bd2d5c9a8d9cdd1af4d2532cce4efd2ff411c3403e56393bf1cda90583bfb9cf179f66c0cef78c894494f88b8a95fd50410b53898895790f3cc75e5300d59efd12b4d190f6b420e36ccc3ce6b7b4c0fa3c37f4c648763c8f599d99a2d7fbbf0354a923a1a4c61ebb4cb3a54ceffd1c1235eae2a85fcb7737ccbfc001d20aacac82e8354375e44609d7aca8435232ba3879772129ad121d4472fa3e2fea9281148378b5e575a9d915ce9c9ad4f99d103e4f739fb3cceea6b5ff6fe26372b53cf0e395d8d1f6d848fc869c4590964ea19a2ddb2d00264690cad45cf1db5ab67b5655ff45d86cb473a6c267efe30c43e8e85442d991ebc8bc7f6e19b3023de6c4eeec5ae934dd190185efb35927fa70360db5f5c6ff3e5a11de7a86fddb35eb8d5db47924f5ba7b7e807fb37ce72fe63b802523c4652dc71df087250fa787ff488e7cdd656f2c07ba9f8db6fc5ea998f33c9a2ce3b298ffb98fd1510c5c42f1d37321e094d3b2292226704ed290a93e13938752241445b1e95bcd8cac94f433d0175c4bd5641347d6986510253f5bc9ee8b4ecb07ebeaec24b01a161270cbf0554866e2f34f402187a6310b18050d0e3d2b59bf1c00105b48bcadc249f9340831e6a2b860208d1c42c68c3486f2d9a0c1b0cd7224f7b411aa3c02791047c766fac480d321c7caf03e2e4f0538337c85e48dbd46144cbd402ae9d272554f2eebd35c497e645245a9ef8fdb902a6577df3865e2dcac460e2ec43f2e0b22caa67dca1b276a40f1d48b2e31419fc8a14c250c1061cda3e018fb49f503aa88144b31e8890737a94701b7bf6ff55af7630a8aad886c66a33fdd5cf242d5d2755e71d5c1b059e6b7714f760aae52247dcaab4021d794e530d339eb6523e42954665062fd2b22fe22e30bc24b2de0c608372af1941122afc55df99c47035fb3633604eab6f130106c0ea00bdf817c56fcca359cfa91805bb94bc57cb0d143cabdfff0cc0191d48d50c0d63f169560431f39f6501a77c18550cfec04441f865c36590d764d44a902b59adbfa2b81e8aacc628a81af744ba1fcced9e834a1288d3512c5fdaa67f6733b89e69665e9867d474edc4f2a12dfd9322130ec6feeffce03ad2ab4d01c0bcbaea32e572b5adb73abc9195807f7f6447a67387556029e337b2357b78b521fb79600a49ca21c6cf38d9468241a4cdbe0c9951fbe271d79a85d3549df7999d3559b8048dee2d2063f0a7fdea7e387b620e5e5cb61447535500fa3a6289de650c9daeb4ea87bd4d75100744c8be3125ee76350aa29c2c252f06d8036738000ee881ee165b43bd4ca5c121cdf0827411e23d2f4fe699ba0e288a34fcc09101c82153f6b74f7a33120266b572e145f98e3f8919672cf8ad4121cd8136dc67766b3a6e97407c29ca92fab8b8222ec019c1fa0fea076f0ba3597fb2b8862efda06674ef13cf0618e65ac308232210328f41712835be53f4313bbc0767b471e25cccb4009cf4d73a2ec1376b0dd4dec759d8e20b352b4c8832dd3ebcb7320041c98cb180c45676693a517c676e7b94c3548a823f45350df86848ec232bc703b8063cb30331f4f0f4e02bda41dd51472355c667faba9bf0d1e10ed28f9a0ed98b30af1f712ca70f99296150df14bd8b248ffa404b9f3e698ad8f7f6f754ba63514fa5a083e65086989b82d5a53681ad3fbfc7791b7fc4e57f701a74fba83f290b87137d5a5227af907fdd560434e8ffde0a4f1b2e87956da1b875a748cbbca1b3f729706ebad68bded7b9a2a44030501e79a1678f4e3105ed5fc6c92e1907cd9ed41bc7bbf9ebc5682369c94c551155d715a62109ac6b9b142d2305a20830e3294fd7177e3598afbc4b366cafa7cdb6185f7522c0ff5c38183393849dfce539b211e9043bb9f5ce05a7bd8905e45f4df88683ac7e6e62dac07bc224ce94cd553a43bbbe3bdeae9c6b90cf1c6011efb9a5e603d0d5163fbaeee3dc0c1513899e49e31281512c9f0da67e98498e202f8f590b94f6c6e5b3fd6fc30c980314903641458a74a056e8088a51a730cf3dd7fc081e0db239d5e233f8703508a8fad37847dcf42032200db213a0d40b1bf892bd6287ea21dcb6083cf7e4d4dd513f9772de4417edc9e3711d2aef2d85af8d947ad3d9e69fa5795c72b80406c07ba7a769512d612356a6a974c23a0587eafb0a8942afb658f70ae0847f774bf3fd4916a2579f37fa17c0fbe5ce262f89bb15e976ddb88f6131e561905dfe6c04ede684342c8499e3ba017b8603ab2e4c3cc02ba552740cf8ee432801725e266f428c125ded5efa73c04e747bc01b3fca48f0a4ffe57cb4e4f3f931a3cda64dd7841583d216729a036cc9ee7ae8af1b481ae9f150f722c51db77d79283f83bd5400c1217158e6bd15ba1d5c1c37c03f74067ea8548accc8cab9d663e171d23dcb5b9741900244d110e32dc5d614234a76e6f942f7ce0e44eedbcd11de93227263a52ad21eee11a75b4d83c5a2655934b3f20ecabb02d984628d074cfcf522e625da69f0e5ca78796a86f600f40d3bd9acf6fc55e62818a67da21a8c29e5ddaf002f2a251511552d10aa1eba71035ccd5028e648f5ada7ba6681ad2d9d9e44ce785577b69d6e0628fd1b0771406717a011441e37a2adceeb2931ec0668e5ca745c66448dc9796e3bc7f2d9089124db2873c554e2ea72947f041f2be989a8e420e1d378d4ce4fbd9432198ba8edee0413fc7e51cb9c328b955b02c80207ad7c33b845ff23a462e12601d6ad4b7ecffd0cc239600e19f8dc923c831cf71d98f9e50e08d4d4e397468a03a86772ce7141ee9edc4b51e7760615a62722e7b3baf130608a6f978bdae08f961b7adbb75c2c6b0084d5ba2b2982076d410081356572f137c882450c018d4d25b87610d64d9d52b662b266f803d72ab23f692af865434381a6ca749dc31c39d89dafcca0c9b9e8cbf9c1e8879dfb7609c7b25ab155d83a1e8fbf582639c4958449f3ca588dcbc97d05eaf28a7654a5ce77787a2a446ed71bb9ec8788cf0ff242cfdb60c8a3eb515f5870cdd07930c632d1d25e88086fce25bcdcf7398aaa8e97c41b11b8b0d86edcf6bcefb186de1ec5187b1c06eb5a0800e30286f820cb6f505c7e4e06b2dbc9707870a576186fda1544ffaebdddf66c4f4e4cbdfc78f250528af898b838d8c42dfeadd4b9604c2a7dfdd90b4075be1872b35f1e675a10098170169cd062d5394a497bc08faea0fe471394a21a3a19816cc1a5461312e797c28b9d1db8f6a5e6f8b671d7cfd8c95706fb1b5782a88a68ae4da442683dd4e80ddf04403e1cafba2a7be8c143ab070b14a6af8d60c23b1d8ef5cbe0d6984457c48d8d54c00b8a8b2c2d5a7b5affbe27228c95efbf7b74f1a4e7f6cfbd03efbf2cc5776d87661e1acd170fd2afa1768c945c5c0446a652ec81897d86de25a64171518c4361e5d6c0f70b05d1a4e045101044f2b9affc7e51c354ad5a5db7afdc3acc8abc841d8c6c4d1f1ba533c70cf5a03c62e734d026372fb406391fe45436cdef4d91d298056932a330373091f7f7707e7481409c59ba97a6d27b2376f47f4409a6c7f94488bb97c47ffb50f3f06c0c4a721e494c968e7e4a6d202370d5a1d5f55f12711747dcbaccd0bf3ef0a4231bdf82bab6b1dbb3efcc8a556f1563cd006e6eeac9c3972844fa9f8bb86e527b1030c7b8fa2f4c0f449a12749b233b9d268f8166ea8c2e3ca163b0f70959a0b198c50ec2ba32fcc254af72677ce74de3df999d6b3d5ccd2a53574eeed3942da2fe95ef6fd2cbaa9fc1988cac96ccdb4f2a4428fcce008f1de543720523d99cb00923ac3d99391ff450b7642c0a6975ca5a030f4b477bc6fc57ad4638d1b25d7e53b246b501f2f4a72539a6a37542b94ec57c9d2b8a202286909f82d7b34faa87089f4dd59a42672a260e9a6ac2da1f8fbb8b902c31190b35b1549684020194b998c025acb3544c899f994a771c1c6240c88b9979d125160707eeefe338924beae6d4a31cef6784962a0689cc373140f7ad13773bf38e7609b29ca144b5bb40e0cad979ae5f88db09dca41806e6c978d4eb27cc971ad0699659bf5aa2223c2282b1ba319ca1040d9afe47aac309f1f1623d36e3c6b95f19f578c687413f463f53defbf11f14c8c57c78f899b72ba87d3b8102d52d8b8285d41aa959cf579dd8eff5d9d289bf091d1d13b123499e6731613d96786c4823c54c21ab33bf2cc8919856eff3cfc6bb6c6ae44d7d043bc0718a43ca1fce1b1f0dc2bf340b5645ebcf4eaa2181e3d2dc0ca30f0d2661fd59911bd894"}]}]}, 0x10fc}, {&(0x7f0000002200)={0x1438, 0x1c, 0x21, 0x70bd25, 0x25dfdbff, "", [@generic="a9ca3fc099a8ba3f7e3e2811037d2a72ce4af85d45bb0e280ec78dc818da346676b5f4d1b6395b3eb95e2f28b0752295b8d84c490db08517c4baa93b84ea71a172f3e84472ce5ba069fad635851e5e4516e4b15ee7e1c7e07e13f8def77710cda3b4e8e0c866ce06e8b3ae140c42bff09978941308c1031bf657a213", @typed={0xc, 0x43, @u64=0x7}, @generic="248e6b49bad05dd892c96e2d1ef5f3923bfe7e773fbc15ed46bf81c3a92ca33e19c9264c59329e45e51afc9312afa679ac7032f45b302c94e6c0c1323b519969626f1f323af199c5bece5a4be0a123203bf992d31d4fe461faf2e68212493a9a0a9a3f85d27ce9da6453179a58eaa9c0d24534e3f98cbbefadc27cd09780", @generic="3181cdd87d9cbee6e6d34f5eb4c1f876d67f1a56fcee6c7eede53ee5dc5e7214d1b8280a00b91d1ff7c5d4c500947e", @nested={0x12c, 0x5f, [@generic="1ac64f63d345101d54", @typed={0x4, 0x4a}, @generic="3bfab866d6d0ab18105ee2c4cc1b2dbd0a387f0bcff09b", @generic="a5c220b9fbe428ee9ec5a46347d0b19883de193bfb4543beb5cdaf8f1e6a1c9e520fb638e0d5a0c66fec89c9d041311515edb9b013e1c1238744062b86b31d94a156ff09131292b83a5ee083d551f5e6cd8a6c231370f9f1105eb85be967f916a4e472f560c5731f99d978b31b383ffb1031d2645cdc59017f0da409cbb1b06bfb4730b8f11ba0af2686fe4a5984b33a58293528b2bf48275a920ff9d4d240162372fba09cf49caa81a51adea6a49f904621f700fe28d9fb108efa0b9fe336ef8eed659bd7c570bc7d5623a41310087fae9292824577773db10c59113945cba41ee9f6c1bae79487da1a9e4b9712e5975f932983", @generic="983f7474ffdf72a6d976bdf93291e3"]}, @generic="b8670daaf96d43a51be4b572d33072fc4f4abc28017aed1d6e4fbaaeee2e883183284ff818405124706efc4ec487feae50b36947e3390f0d8dfd8753c8c9a1ecee130d133a6132a0e316f0a38ba7a5c0fc61fb792df409258fd751def61be9fb86763cad0fe61da5102d2dc5bd9e06e8080796a80fcb7bfa8fa8112172ca9fc000d04d366eefc935229489eb906186ca221910f900fe5fab8a1d9159de532ee81cc44b4b6d3ca38643a5359235ba5b78dbf1fb80c9c4db89d8f4154fe28ad3edf6100d54da7d408ace733818c19fd50f94f17c8fbcd0dbc5e2758b0f006725ff2eddf091dfdefbd69fb7cf3f56a67a", @generic="fdff580a5c6edeae7f7f758f8d8525b25adb3de5bbaa2ee503324b00d2d3b48c2d0e3e772b27e221337c44b6b26c5e9554d6ee51ddc0627e6d0f762ea06c3d9cfb0c7e755650342846138abf3f6485215e8257411bd4d9a92b445d0048adbbdfaf4b2e2f07f4c09d11d4", @typed={0x8, 0x60, @pid=r1}, @generic="b4d1b6aa1595a6caae382d5b480e0265840df272d1d7d7da25e168b33fbcf2e29651", @nested={0x1044, 0x35, [@generic="a79c7d489be4aaa5ef62efe6cbea17ae300152cf638da077aeb34584e088f83805fb06555335f18f0d34c0c5", @typed={0x8, 0x52, @fd=r10}, @typed={0x1004, 0x7b, @binary="0b274b5728c1b70e28b2c3d2f5026ed14053c3dc012720898b11a19fe8507d65dfaca859709f1b8030523d112d73a910cabcc8a3077e28f759a03d16be26beb96467abf48168bfc56fcf99a2936fc7b7233855a3fe09bb0a89340df215d4ea79b7af692223ffb4d98400d12831b8d9cd0b3b0ef73af00114c989a9b971d523d97610e4053e7694b52187ab4518e2e637f97ac2c5aae555dffa0eaee61cd2a99c5896d38a64325ea5db18bb10e9326e663a9284bc848240f7d43f926386a3753625d0324323099846a61f1c57f90c5bc2688c271d3ccbea03dd25be99632af0b625fdc2990c3d5c3d87381cff3cbf64b56d5fc3bc48a409b1df374baecf7b9b1c4572f5b53f3be8751fd84cffa2a2b4218b64059e8510dd7c5a732000757b451307d2897e387a0312850cdb667a7129727b2f8f322d5d962b8e852cba51b8421c49e37e677817121a74e85d0ef2830933457368121980969cb600ae779e690f7e87638ffb1e6cb62508898c184e83b398f83724f8afa8246733603eb6e3dce7bed13e860fc90ea58e41d8c821e598b7450df2549bb8abd52a09f876fc23d94464a509f0f1651623f2da068c233d6c07d2e36b2192c9c9b77f045e70fd2cbd0b18917ff08505323e1fa71f6dc26b7b641347fa9dad888e6ef8ef724ae2cfe14b269600afdbeef375009984ef6dd1908639c4286347a7feb02d155f1241e0a472a47160415a0e2d6b3408e18b4e3fefb1c7c3e1ef3d5024e58d6481c833ca8db962528db6d50212b1552b0db8a5e0fd747d1802d8ded26e6b931fb9cda03b87cc67c46dd8733b0eef96084c8b7333d973c9819d9cef2dd425f065752b5437f67e145a90cb91d4d08fbf4e7ad3a47a0c3b4fd14b3f90233ff54237aa297468cce99345a1919497cb2955b971716c2a8cecb17a99e28e8df105fe2f7fee8647a3521cadb8e6d604777144faa39b0a6cea91689dfaaceefa2021ad26e8f8a2f828e5bf814c8e44927da23c7fd587a1b5058a17539f762a76074708a950d9de978e55da232c00db231d43907f9bb863c5b51945a158c559c144d26f0e486b0b3f7b2ddecf98b2c87905a48c45d070fc734f0bad36f61cc6dd4e253f749b4412f2b526d798f6241247e96a8bad81d8c13f254f22ef79aaf2a0ed168f7ae9a71bcfd1b4997bdb9ce41c2eabf3cc3bb80960a03c3ac68729211845c0cfcd53fb5aeecff6b83b7652db2a154945c9b174cdf6ec180a78602f50a2b14dea326e7a4820bf2042215ac9770a27517a4e1310a3e6923f65c2d5d3bff22df7b7dae52cc3246da93694f9015aa59f0b79e78c8de10a51d6979016cb00569b132745a81b39747b6818cb2cf5cb5ab0462937b2004726acc0def7a5453eedb6e4d69cbe8c6a7d9dc45b56daaf40381b9689e07171be764fd462cd77c8b887f8484d89f697db3c0a1abe4e91492a6fe536ad769b6ba878474d104af12a7c913184a8eab6cd9db97f679c2d277b22f91b6ecc5fe15daf8e57c86ed135a3ada1b5e15afdf764a8a28a4ce6229e5599e515edb0136a5678ac560a78c2df2243e3cc5bc053df7c99add344ad9a08e2374e837ac8b059a13b4aa097b99a2ab4a2ff0fa3adc691e43e5ab04e6b972f353163540678f7eb135b46953d3945fa389be576bb71331cb34c2bb3f903d29b480fcde2c4ff046558609d97362ad331e82f2ecb9071ef12e0c5d7896531285ba79fd1e65a62a2184d9546afca39630bbd190a50f27dd3602769130f3f067f883add09160b9e470e2ab7f76a4e3ef538683c323e19c508cff8b962c96b811bb34dcc30f83d42f0240003c5ce72b7b8fb80444a91935c956f3d64d15d06ce5dd835bcf9336d047e715783a34396bb3ca452f1294023171d39bff43ee332eb9bd210c7cbe44561f5b55b295ebcd0ed3ee7f817ddb885fcf87e7696f3d934da1075a79c488758a191c3dbf0e8b9817ba3b6cebf8673c3ee64f46b94f070772fb0be3dfb8c6a9b512f9f532464aad23ee44221d51e79e381629e07e32dfa2fb915e2df54c9916987acec2514ec67edbf8bfcbc61558db1925200c0472f935071a0250c12457810592363e0d7b1ef93de9157ab49511ed08dd11d616e5466f2ec942c82c8405cca4190e4040efb527401db52472d0a00cee68473d24e24a1a0e338f6920edb3eb8015196b0030a3961fb97e6b3a468441f83eb0b5e747f2ee63ee4aec7daf590baca0f96b66410913bfd74a2172273de090ac20bdcd520679fec95ebe48b0cbfc904888ef736431245ff62638a98bf1332ce578d919833787a1e7f881267fc1365fb976427eede41ea7fcc3bf138cdcd3042575e61946f4f55aea31fd9c7dbf44022cfc1a4faebb8df4964536cdeb06dc599499347f6afb190f4dd3adc07eb0c29f6ebb917b4393873f1983725c2212551bc672985d3e7311487c76d340be4cf5661ebf43b0be7c64dea9c55c80c22e825d7eb08a13b87005a2b0dc7890f9d5796c879e479a70391a037e7cdc8683efccdfe5d44312fc1f556479c2462150fcf00d24cddd370e55bcb74152026c1da6cafa713325c878c706a8a563e85848bc2a6c29b38a0a4244a684a49a2c7d12be80e8e2a3700ca744f98ba86af7f20397f7c5019ecc3d4406fa69524fd2816ca2685d2d380485a00af9360b3b030ba90fd5523f358915666a630321affcd5df89070fb6ad5c8f84be40f475801f8eb6c3bd1afb3afe104d8050a9253f6100208fe0b5d5b8fb5e2dd1da37a1b751a37c3f6cebb4fa4bda5b27f9ecfdcd551b9bf7008227562500b8d6e12836640d46e4a79c6e38042196d8c68adb83e962cba7ea7bebb5657882b7c5ff5fda9d9515477bd3a55773e2c06e5593e3f6d2f9ca88881d9f96780c8a6a2324ab51ac62191faa8837aeb83591e96aeb5e1445985b7a3c06152d20d24020436cc6c9921326b39ebc6d20af3090d771f4efce10288d7a35b5077e0fda7f50b1636fc76cc6a082df6299f732e45fb1de951740dcedc8a21076600c4eb3be875e153de8cb70b03548327d7698383529361aa2b47665598feb080402f51cd10854ce414e0e1dac2edb35a7f92213ad98a87e284e96f246bc9754694bb9085026c78f2a07e37811dc2d20394ec53c5f9f4231c06dea50dda4af6c52649e03cf11e2c9e1e58ee3d4ecd256ca0869d502e4c78eddebf5778a23c7bbb1e41e1d788bde11650d8175e07afbfca8d7cfa5174e35ba8595116b802c13d5683e9be34dbb7764e1b7a4a3788b4b278c5b27e3401de1524e3ed3f8942b64b64eaa37056404fab357d4e78646a87fa224c460e180cc9512068c2622e55545fc2b1daac2e900dd24b5cc36b11262e3a24c95c59a5aa87ac4e1dc93f35a904fbf487e4a45d06f17330ee9870e4eb5921dab2de975c2043405568feb279e570042b3b09c50b10c3feeb016acdebe05ba5721c78d0f6f15aed962eb7a8b305aafc4284b692ecae292242683369905eeb46c65f817f64c571120d169da64e4b4448a4d61534aec5a88884cfb60e609dd89f19b87eda37a3984e5fb81d254b36de3d20d7764f959c135cbf46e0b743e5dd0e2a6fce23e6b08ec8746a46e91a6606bb1c261c32dc2e9287d5c3cf6c4d7cf890f9a527a664e75b56462bf0cb03f7f8bdd5ed27028ac270f1998a23c1aed3bc7d2ee52dbddee2a8fc6474137b33e31145b578a4cf39946bbe4fca4213b6a6128eb539f007b314ea4c12b98c60139aa707338b49250047ddd26168e4ebd02f518875df0b3dc2f4b5a65474481e2787abbb74adc0029a605710adef8a311db3d136d6352f13d2833011facd04f3a48f3cac1d521920c5020891ea0dfa21b0e1fbd49cb5b3fc8e09977a9650370ff3b26651478a4bbc67d9a6c5f199cea9aaa2cf6c1f0d5a9987412753b3cb360ca75f4d58df48094cebbcf07d633f9af8e739e939bdb2f8b0282024f5e0a9b505230c5a23a2e600532653288068f2a1c806dd3909500879e22bd152ae8eb369dc479772bdb6428664988213fa749f1a2d1ad11c655e5b8a7731d63a5ed058e29c63eb4e789c70c705469cc4bf4d3c8b7282e3a2dcd23272f5441def1418a0e0fa1578e369119ef825e36a8b38678c03c4e8c84d20cce50a7e26df5d01b54ea86d2e877bb6731850617d11a0eb23a3edac88ae82ce08bbbbd80f63b178786f51b886711393e8b1e25da3e0557b6ebe381619d2c9607579acbecb4dae57afb44c2fcbb5dcf05c805911027f7cc7692fc01bfb4dd340042522a7ddab1afb2df04b478f1aa7faa729d266a94a3f12541d9822ec0304c0755819003e45aa87ab1ae84dfd92362bbe7444e45e5143665e141246630e53218323656418976636970698f0144b25dde0653d28a8d459d67e45c2c9791f378c76351cbd0730d172b392c46664f90e3c3cd5aa20144433faa4b010258141f979e86a94adb5d46538299425a5d9899ebf02ef644f24d6a5c5d7e80c2e770d09dc0f38455c0c3fc0d263585807bbe185220df4e8944197d0f78cd90f5741eb04aa9ba0d62e43260e045f371e209099f33846ac8af56c7b220142ba82085e99ffc8cdd9b995728e2d6734fb1e4bb1c1dafcecbf9eac06a81f10bf93a01d5e1d3d51cf67be1b05b826d13cb14de8a2a70848eec428bc0734bbc8eab72269fa60517e30d63ca5e9d95c3ae059103cb128af21138e78df0246d79495a63c992ef966d3e17170d2eef6ccdab6952406f8c95f9baccfe0cc3ebe5d57cf65af4293e3b745eb3bfec569cf270ca1b5516928c77817d580810879f8ad34b24d8aaca04d32cbef3485d240383914a359b53332dc649c60e8bdba00de55ce2bcb5c2c821293efc87cd290207685337940c453c6e9cbbf1f959ddddf203935717e8672d8d746e47e986c196b7bf5a04f6f7673429063a01a62a51ccb08e65c40eaa9a1043376c66ab9a2cf135c8f3ba123b5978142031166c6fe9c00fec694f338bf0714ffe1a7e2f63dc58b63aad55e6800cfa4dad3b16a20c83c2da5a34a752a5ed59625751103aa9c3820b9ac33373c70a8db0ef3392f1234e0863e54cbf8186f2a0f7b89249bbf4d432cb19d8648e1d5084e0be9c3543a8273526bbd350977b01f53cb0a63c1ce76bd7858ba8a481bad3e5d3add5f6ebda1a810a9e27c2a39d83d6d2d87ed70ee80bf4d237f584f9a9b883fd679f0403419e424849f9828b59f194286fde8bfc54cd6526614edd4c4bb7077a8ef745406a47a64794d04783b0a3e73fd7541f43c53a50eb093ecc836e4ea6ce61482b928b9805e9f7599516095f7b43b094b0aaf105bf030410ff06690822ba2f278b6ce09c6a5b8226723ae512ca58a1e124aac220bdbc1d02aed4b3f7ae89922ef9ccb8b7e5c5c5a37ae6ebf42baa9846f51404f0c633caa0281934bee6f8a5dbcbd8e9f09b442baefeeba44ce42dbd6c113e9a8a76eb3a689c6176421ecea7775e33a6c54ec4bc15d1ae9ff34258c5cb92a1256882b783cfae7575f53c75c13f928e98b7ef23321a5426a85a89eaeb80d36ab638a816ce4c3d53a768a661c4e9a7ce8cd830624b814fe8c34ca81a6a95b62b00608daf05e552e4dbc98e3a222aab7a0928b94afbee45284074e532feddaaf53cb0d4a8c86eeb9c9a53205ec144ac17644cd9dbbe5463a53e384389fb203b73ffbf9b998b319f30794c8d319d76a33c869113946fe6cdb4c921394be92bbf4885f293d2aeb9ba7e702171671493da8e789022c14f642a874be17512e7ea08708e5f7fa51fdaaa725e101d21d4a9ed2f75c1a144998eaed2b"}, @typed={0x8, 0x92, @u32=0x8}]}]}, 0x1438}, {&(0x7f0000003640)={0x2c4, 0x23, 0x400, 0x70bd28, 0x25dfdbfc, "", [@nested={0x2b4, 0x71, [@typed={0x4, 0x61}, @generic="3c6d17a3c422ab389e6758e1b21360b692e8e7206b8be9c9d637dcdb45658505ef40ea5aca2cf934a4ab01f6d49482d56a69fd95e4245973982667ccdf6d1063ee06e3792e5d0ae44f3a060000c26488308e5c9850fbdbb72d08b028920712608cda8538423691f11c1435e1d5db225ab28ff237d1241f7e58", @generic="9320d64fd101972f809ebb784d33d33096bc0abb8432e6c19803c4a38a2e64d7b22675148bb33e79fc8d98b3bf01bf788d5f2bfe65b137c94089439670eb4e0b3c1c953ddb68554de3534d4b555889517ead60f2145e07967e26026b88aba10a63d0f84f2f5836e9aa1d6169766035e501ff061242bd2d25f8a05c5412ced08e855d724d92698f0728ffb2c0d8d1444570349c80d6f82ba543ced6eef38e55132581553b8c54fbd1c812fa9d6f5ffef34066516f7d652424c61e1945f601c5eaf509ba0f32239410ec6d4fd2b0930e", @generic="346d77e72ecd04ac503e05f47c7085a96112403ec507fcdb7c489bf0deeb9e1c6d2fae27566d06c53cb6a93113c2159f5cc804", @typed={0x8, 0x33, @ipv4=@initdev={0xac, 0x1e, 0x0, 0x0}}, @typed={0x8, 0x67, @fd=r11}, @typed={0xc, 0x93, @u64=0x32}, @generic="bdc92a5399053b125c1197cab0696977c53a42db4a89de559f05f0ae15459c1db7f48c944ac234d5e391421e84cf5290f6a8642d572453890c7ae769996d011e73ac4a7660b909aaa418513590e345360af09bae51bd75f570862f8f98313b87644314fb59c3bf6f7abf5682d19e6e8b02f7351b6d4fa0fa65eb919b28c9db0d5671b82fe509218311b9862001d7d24624bed6b06616c7e0a29918b34df9fd875f709b1e9462b853eb22ac71db8e8bf3efb0e5efa5", @typed={0xc, 0x7d, @u64=0x6}, @generic="8078cc245123225d6f9981219afff9e162aa27e8579874c73102a3d6c7974c9836447b3e969b8ff27f54f5e795ccef82a53d31871a9c6e41c805f83335685e7b59daa17b359045b83bae0fb7eb4fba4768cfe6"]}]}, 0x2c4}], 0x6, &(0x7f0000003fc0)=[@rights={{0x2c, 0x1, 0x1, [r12, r13, r14, r15, r16, r17, r18]}}, @rights={{0x2c, 0x1, 0x1, [r19, r20, r21, r22, r23, r24, r25]}}, @rights={{0x28, 0x1, 0x1, [r26, r27, r28, r29, r30, r31]}}, @cred={{0x1c, 0x1, 0x2, {r0, r32, r33}}}, @rights={{0x2c, 0x1, 0x1, [r34, r35, r36, r37, r38, r39, r40]}}], 0xd8, 0x40}, 0x800) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x37) ptrace$cont(0x18, r1, 0x0, 0x0) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) r41 = syz_open_dev$mice(&(0x7f0000000080)='/dev/input/mice\x00', 0x0, 0x400) ioctl$DRM_IOCTL_RM_MAP(r41, 0x4028641b, &(0x7f0000000100)={&(0x7f0000feb000/0x12000)=nil, 0xffff, 0x6, 0x8, &(0x7f0000fee000/0x3000)=nil, 0x9}) ptrace$cont(0x9, r1, 0x0, 0x0) [ 544.697622] sg_write: data in/out 167162/2147479504 bytes for SCSI command 0xff-- guessing data in; [ 544.697622] program syz-executor.1 not setting count and/or reply_len properly 03:38:51 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") r1 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x8046) write(r1, &(0x7f0000000080)="b63db85e1e8d020000000000003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1acfbd6cbf87798a9b02de7a91a3cbdfa009cf75a7eadb2a00", 0x48) readv(r1, &(0x7f000085dff0)=[{&(0x7f0000000000)=""/62, 0x3e}], 0x1) r2 = openat$zero(0xffffffffffffff9c, &(0x7f0000000100)='/dev/zero\x00', 0x200, 0x0) ioctl$MON_IOCH_MFLUSH(r2, 0x9208, 0x7f2) 03:38:51 executing program 4 (fault-call:1 fault-nth:58): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f0000000380)="8da4363ac0ed0000000000000000004d01000000000000000000000000000013fff6f2a2299748aeb81e1b00920efd9a000001000000000001000000000000005f42485266535f4d860c1317278d451fd38e4071a1e91c0523b67fecca5b668ef40000000000000000e4bd9fa7c5fcb3aefd8d4a6c4952162a5a06316567de06abe647d21f253840c118ae9982c6c238e719ccfbd8f5ee215e30bf31f59401e921c6a9fca5349ebf4294d39b5931232929caf81701a7540962141efc672ae1459ef04de89c7a092e7f", 0xc9, 0x10000}], 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) 03:38:51 executing program 2: socketpair$unix(0x1, 0x0, 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="2001000010db55000000000000649bdb382db60cdb35feaf0900000000000000000000000000201483d9b22701010000d08a38cd02fa9ed7d2"], 0x1}}, 0x0) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket(0x2, 0x803, 0x1) bind$inet(r2, &(0x7f0000000040)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0xd}}, 0x10) connect$inet(r2, &(0x7f0000390000)={0x2, 0x0, @multicast2}, 0x10) bind$rds(r2, &(0x7f0000000100)={0x2, 0x4e20, @local}, 0x10) r3 = open(&(0x7f0000074000)='./file0\x00', 0x141046, 0x0) ftruncate(r3, 0x8007ffc) write$P9_RSTATFS(r3, &(0x7f0000000080)={0x27}, 0xd) sendfile(r2, r3, 0x0, 0x72439a6b) tkill(r0, 0x38) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0x9, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r0, 0x0, 0x0) 03:38:51 executing program 3: r0 = socket(0x10, 0x803, 0x0) sendto(r0, &(0x7f0000cfefee)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0x80, &(0x7f0000000380)=[{&(0x7f0000000040)=""/95, 0x630}, {&(0x7f00000000c0)=""/85, 0xfb}, {&(0x7f0000000fc0)=""/4096, 0x3f}, {&(0x7f0000000400)=""/120, 0x78}, {&(0x7f0000000480)=""/60, 0xf0}, {&(0x7f0000000200)=""/77, 0x4d}, {&(0x7f0000000540)=""/154, 0x9a}, {&(0x7f0000000340)=""/22, 0x16}], 0xa4, &(0x7f0000002400)=""/191, 0xbf}}], 0x4000000000000f0, 0x0, &(0x7f0000003700)={0x77359400}) [ 544.878627] FAULT_INJECTION: forcing a failure. [ 544.878627] name failslab, interval 1, probability 0, space 0, times 0 [ 544.897792] ptrace attach of "/root/syz-executor.2"[19417] was attempted by "/root/syz-executor.2"[19419] [ 544.917557] sg_write: data in/out 167162/24 bytes for SCSI command 0xff-- guessing data in; [ 544.917557] program syz-executor.1 not setting count and/or reply_len properly [ 544.931305] CPU: 1 PID: 19415 Comm: syz-executor.4 Not tainted 4.14.134 #30 [ 544.940636] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 544.940641] Call Trace: [ 544.940657] dump_stack+0x138/0x19c [ 544.940675] should_fail.cold+0x10f/0x159 [ 544.940690] should_failslab+0xdb/0x130 [ 544.940704] __kmalloc_track_caller+0x2ec/0x790 [ 544.940718] ? unwind_get_return_address+0x61/0xa0 [ 544.952630] ? __save_stack_trace+0x7b/0xd0 [ 544.952644] ? btrfs_parse_early_options+0xa3/0x310 [ 544.952658] kstrdup+0x3a/0x70 [ 544.952671] btrfs_parse_early_options+0xa3/0x310 [ 544.952685] ? btrfs_freeze+0xc0/0xc0 [ 544.960431] ? find_next_bit+0x28/0x30 [ 544.960442] ? pcpu_alloc+0xcf0/0x1050 [ 544.960454] ? find_held_lock+0x35/0x130 [ 544.960464] ? pcpu_alloc+0xcf0/0x1050 [ 544.960481] btrfs_mount+0x11d/0x2b14 [ 544.960491] ? lock_downgrade+0x6e0/0x6e0 [ 544.960499] ? find_held_lock+0x35/0x130 [ 544.960508] ? pcpu_alloc+0x3af/0x1050 [ 544.960522] ? _find_next_bit+0xee/0x120 [ 544.969147] ? check_preemption_disabled+0x3c/0x250 [ 544.969161] ? btrfs_remount+0x11f0/0x11f0 [ 544.969180] ? rcu_read_lock_sched_held+0x110/0x130 [ 544.969200] ? __lockdep_init_map+0x10c/0x570 [ 544.978463] ? __lockdep_init_map+0x10c/0x570 [ 544.978480] mount_fs+0x97/0x2a1 [ 544.978497] vfs_kern_mount.part.0+0x5e/0x3d0 [ 544.978512] do_mount+0x417/0x27d0 [ 544.978521] ? copy_mount_options+0x5c/0x2f0 [ 544.978533] ? rcu_read_lock_sched_held+0x110/0x130 [ 544.978545] ? copy_mount_string+0x40/0x40 [ 544.986821] ? copy_mount_options+0x1fe/0x2f0 [ 544.986835] SyS_mount+0xab/0x120 [ 544.986845] ? copy_mnt_ns+0x8c0/0x8c0 [ 544.986860] do_syscall_64+0x1e8/0x640 [ 544.986870] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 544.986887] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 544.986897] RIP: 0033:0x45c27a [ 544.995502] RSP: 002b:00007f4eb8d06a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 544.995515] RAX: ffffffffffffffda RBX: 00007f4eb8d06b40 RCX: 000000000045c27a 03:38:51 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") r1 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x8046) write(r1, &(0x7f0000000100)="b63db85e1e8d020000000000003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1acfbd6cbf87798a9b02de7a91a3cbdfa009cf75a7eadb2a00", 0x48) r2 = openat$full(0xffffffffffffff9c, &(0x7f0000000080)='/dev/full\x00', 0x101000, 0x0) openat$usbmon(0xffffffffffffff9c, &(0x7f0000000180)='/dev/usbmon0\x00', 0x351300, 0x0) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r2, 0xc0305302, &(0x7f00000000c0)={0xffffffff, 0x80000000, 0x3b69, 0x7, 0x2da}) readv(r1, &(0x7f000085dff0)=[{&(0x7f0000000000)=""/62, 0x3e}], 0x1) [ 544.995522] RDX: 00007f4eb8d06ae0 RSI: 0000000020000100 RDI: 00007f4eb8d06b00 [ 544.995529] RBP: 0000000000000001 R08: 00007f4eb8d06b40 R09: 00007f4eb8d06ae0 [ 544.995535] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000006 [ 544.995541] R13: 00000000004c88e2 R14: 00000000004df6b0 R15: 0000000000000005 03:38:51 executing program 5: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x0, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000040)={0xaa, 0x400000000000000}) r2 = creat(&(0x7f0000000400)='./bus\x00', 0x0) fcntl$setstatus(r2, 0x4, 0x44000) fallocate(r2, 0x0, 0x0, 0x0) io_setup(0x5, &(0x7f0000000140)=0x0) io_submit(r3, 0x653, &(0x7f0000000540)=[&(0x7f00000000c0)={0x804000000000000, 0x0, 0x8, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7, 0xc00}]) close(r1) msgget$private(0x0, 0x0) connect$inet6(0xffffffffffffffff, 0x0, 0x0) getpeername$packet(0xffffffffffffffff, 0x0, &(0x7f0000005b40)) 03:38:51 executing program 3: r0 = socket(0x10, 0x803, 0x0) sendto(r0, &(0x7f0000cfefee)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0x80, &(0x7f0000000380)=[{&(0x7f0000000040)=""/95, 0x630}, {&(0x7f00000000c0)=""/85, 0xfb}, {&(0x7f0000000fc0)=""/4096, 0x3f}, {&(0x7f0000000400)=""/120, 0x78}, {&(0x7f0000000480)=""/60, 0xf0}, {&(0x7f0000000200)=""/77, 0x4d}, {&(0x7f0000000540)=""/154, 0x9a}, {&(0x7f0000000340)=""/22, 0x16}], 0xa4, &(0x7f0000002400)=""/191, 0xbf}}], 0x4000000000000f0, 0x0, &(0x7f0000003700)={0x77359400}) 03:38:51 executing program 2: socketpair$unix(0x1, 0x0, 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES16, @ANYPTR64, @ANYRES16, @ANYRESOCT=0x0, @ANYPTR64=&(0x7f0000000080)=ANY=[@ANYRESHEX, @ANYRES32], @ANYBLOB="f6c3200c14ebf46bc08ada567a9c36f7eeea6cdd0cc46587c6b1c7a97f400df71f534be51d274ba1cb1ffce5e1058e76de2048ea0d25e4ad15f32931937fa65c1a2fcf63518a342458a92456428dc8046fa63d1b97779c6c5c763e16f805616d4aee65fd9a4ae94d55c6433c29b4a81b8220c034220369a969aa2d09742a4d840df7859591daa0c37361c26119ffe2e1abf7464c9eb6e2d1a10dd484315226d8070d21756ca0a6eaca3462d84a5152abc346000bbf7cb79ed206002d5ec8b9b0dd46e6b9f659c4c34a"], 0x7}}, 0x0) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x7, 0x0) fadvise64(r0, 0x0, 0xfffffffffffffbff, 0x2) r1 = gettid() wait4(r1, 0x0, 0x40000000, 0x0) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x38) wait4(r1, &(0x7f0000000040), 0x2, &(0x7f0000000180)) ptrace$cont(0x18, r1, 0x0, 0x0) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r1, 0x0, 0x0) [ 545.221261] sg_write: data in/out 167162/24 bytes for SCSI command 0xff-- guessing data in; [ 545.221261] program syz-executor.1 not setting count and/or reply_len properly 03:38:51 executing program 2: sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="2001000010db55000000000000649bdb382db60cdb35feaf0900000000000000000000000000201483d9b22701010000d08a38cd02fa9ed7d2"], 0x1}}, 0x0) r0 = getpgid(0xffffffffffffffff) wait4(r0, &(0x7f0000000040), 0x80000008, &(0x7f0000000180)) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x38) tkill(r1, 0x29) ptrace$cont(0x18, r1, 0x0, 0x0) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r1, 0x0, 0x0) 03:38:51 executing program 0: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount$bpf(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000019c0)='bpf\x00', 0x0, 0x0) mkdir(&(0x7f0000000140)='./file0/file0\x00', 0x0) mount$bpf(0x0, &(0x7f00000002c0)='./file0\x00', 0x0, 0x100000, 0x0) mount$bpf(0x20000000, &(0x7f0000000680)='./file0/file0\x00', 0x0, 0x2001001, 0x0) geteuid() mount(0x0, &(0x7f0000000240)='./file0\x00', &(0x7f0000000300)='ramfs\x00', 0x0, 0x0) openat$selinux_avc_hash_stats(0xffffffffffffff9c, &(0x7f00000000c0)='/selinux/avc/hash_stats\x00', 0x0, 0x0) lsetxattr$security_evm(&(0x7f0000000180)='./file0/file0\x00', &(0x7f0000000280)='security.evm\x00', &(0x7f0000000340)=@ng={0x4, 0x75d, "c78fe376daeb44127f56533dd825498e3e55"}, 0x14, 0x3) write$P9_RFLUSH(0xffffffffffffffff, 0x0, 0x0) mkdir(&(0x7f0000000040)='./file0/file0\x00', 0x0) mount(&(0x7f0000000100)=@filename='./file0/file0\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x201000, 0x0) setsockopt$inet_sctp_SCTP_FRAGMENT_INTERLEAVE(0xffffffffffffffff, 0x84, 0x12, 0x0, 0x0) getsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, 0x0, &(0x7f0000000380)) setsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) socket$inet_smc(0x2b, 0x1, 0x0) mount(0x0, &(0x7f0000000080)='.', 0x0, 0x0, 0x0) mount(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, 0x7080, 0x0) mount(&(0x7f0000000080), &(0x7f0000000200)='./file0\x00', 0x0, 0x5010, 0x0) 03:38:51 executing program 3: r0 = socket(0x0, 0x803, 0x0) sendto(r0, &(0x7f0000cfefee)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0x80, &(0x7f0000000380)=[{&(0x7f0000000040)=""/95, 0x630}, {&(0x7f00000000c0)=""/85, 0xfb}, {&(0x7f0000000fc0)=""/4096, 0x3f}, {&(0x7f0000000400)=""/120, 0x78}, {&(0x7f0000000480)=""/60, 0xf0}, {&(0x7f0000000200)=""/77, 0x4d}, {&(0x7f0000000540)=""/154, 0x9a}, {&(0x7f0000000340)=""/22, 0x16}], 0xa4, &(0x7f0000002400)=""/191, 0xbf}}], 0x4000000000000f0, 0x0, &(0x7f0000003700)={0x77359400}) 03:38:51 executing program 4 (fault-call:1 fault-nth:59): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f0000000380)="8da4363ac0ed0000000000000000004d01000000000000000000000000000013fff6f2a2299748aeb81e1b00920efd9a000001000000000001000000000000005f42485266535f4d860c1317278d451fd38e4071a1e91c0523b67fecca5b668ef40000000000000000e4bd9fa7c5fcb3aefd8d4a6c4952162a5a06316567de06abe647d21f253840c118ae9982c6c238e719ccfbd8f5ee215e30bf31f59401e921c6a9fca5349ebf4294d39b5931232929caf81701a7540962141efc672ae1459ef04de89c7a092e7f", 0xc9, 0x10000}], 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) 03:38:51 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") r1 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x8046) write(r1, &(0x7f0000000100)="b63db85e1e8d020000000000003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1acfbd6cbf87798a9b02de7a91a3cbdfa009cf75a7eadb2a00", 0x48) readv(r1, &(0x7f000085dff0)=[{&(0x7f0000000000)=""/62, 0x3e}], 0x1) r2 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000080)='/dev/cachefiles\x00', 0x20000, 0x0) ioctl$DRM_IOCTL_FREE_BUFS(r2, 0x4010641a, &(0x7f0000000180)={0x7, &(0x7f00000000c0)=[0x7b, 0x0, 0xe4, 0x6, 0xfff, 0x7, 0x3]}) [ 545.338804] sg_write: data in/out 167162/24 bytes for SCSI command 0xff-- guessing data in; [ 545.338804] program syz-executor.1 not setting count and/or reply_len properly 03:38:51 executing program 2: socketpair$unix(0x1, 0x0, 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="2001000010db55000000000000649bdb382db60cdb35feaf0900000000000000000000000000201483d9b22701010000d08a38cd02fa9ed7d2"], 0x1}}, 0x0) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4209, r0, 0x0, 0x0) tkill(r0, 0x38) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r0, 0x0, 0x0) 03:38:51 executing program 5: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x36b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, 0x0, 0x0) ioctl$PERF_EVENT_IOC_RESET(r0, 0x2403, 0x9) setsockopt$inet6_int(r1, 0x29, 0x2, &(0x7f0000000100)=0x403, 0x4) bind$inet6(r1, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r1, &(0x7f00000000c0), 0x0, 0x44000102, 0x0) ioctl$EVIOCGMASK(r1, 0x80104592, &(0x7f0000000000)={0x1f, 0x1000, &(0x7f0000000140)="a7abc7243c348ba54c8a0d980a37d0b6685e0d947a29f2d53a1f1ccc5ebf5cfe2388d181e3aca52cc8fd4972b2b16e1c0aaeb15d3f6cb8429675e554bb4ee83d084518436881f431744c4b8dfcf7afd54fd82a0bae320703037fe6c3469a7dddbc5846856376fd5372a85e56f51e4ca962e43bf9a83b86627431592e57e3a55bb20049a6b2af12144173faa96a77e88475ac173e309c3edab42dc348cf30318f78f0c53cd2e7328b34cdae2b21226b51744ced16b898eef590c78307a13e7eb0e07d834e86daec60eb61f93c99984f808e61492a9c6ce9da4060f6354c7e845a0843a64adcfce13314478787c631baf20353f8f8e3e0bc2a7d2a1f6e316fceb35a5c705eddeb91996b8b7f6bcd749a4ccc30348b9dfbcfe190147fcb8b739b8d93462cfda7d62f4f65184f9727ddda1507f98fa897dee90aab6b7f053ea64f57221a1f7b1e5cbf15c59e125573f40cea8fe5670f52444be6a87a1b8e38760492eb5de26a9897a15cbbeb41959d5332c822ba6d681fda201cc85f507ccffefe7b287b809d52788edd4a2279ce893c655bd53b58544c869a5403d0b016a34a67adf47b7cafe2a35453d4507c22cc3af5fad0c2320421be7270ce95a563db4a4d7240e388a538f41b2ed5ee9ac2ea011ae1c7fd124219785fcebd1c8075602d8c10598ca026692a41e0631ac512e13c1a7ec6d58645ba801de54ffeb37090d2c871eab9f68fe02a34942301c257a5dce01051cdc1f5558a891435226e01880bf4539e5d7fdaf1d935c74a602f3186d54e35b6cff2b6977f63a9558196e5e7a13ac8dad85dd9dc7d5bb00fe1885d091dda49734c56f6891510d513e917af153f4fb395560aa344dee99870b51326c5082c6cf0f9f25d948b6cdc7bd8b8a055f9525550f33b5115c506e91912d1032e3e1b0829d9d8bf090aba25533077341d727a6da0ee7fc0d541b80ea04f5dac0e5320b6861f872ae2e9a657d3bb14c3bc4918b1521647967b1f12e4192cec9b8228f3b0567bdd31e1bf568f602f1cf2a68f5dcde110a3c5f12c8da142b7c6ebec49b102bc70cbd0c2a705f60e2663954312cc926e8c12582ced0c51b2fd2ad593fc243dbed8d0ae28cf20c55ca7086496248cc18ed41c48d042ea75762f5e0799d88c82b4e7881c46dab3762841957caf0a3057785d1aceb378b377f1dd085d16a1943d1cd2d041ba98a7d8db2e50baccd7d034a5e4aa34e11aae7c609354e523af8c1be4cae2a89e13bf7aacf0819e9a6195c0b31cf69933c4dad1f5cb6fdf7d2f0f594ee09bd32ffecfb254991710aa7d953d224954f71cc82080c46585eb29295c095308fdd20421276189bcdd962212e50b13698a20c2844662421550b117ef113b6cbf7f66719b3bdb446aa8bc9980a31b2bd6192fa9709ca1b1d9fea62f0beb32083a64ef4b8c809171f2cd6a3554f7a67e3820ad7417fbda468b4930d0380c9c55a19034179e5ddae758610620e06e6421467d08a243fef6b3f76af266b00553bea11736c13010a792f6a4be3526e8e50f550ef14787bb1791ed5376b8c989f62dfea3d54fd15d0276a54d982fdf137ef71262b16cef2dcbd99e85f696ade8220167da00be6b2ee49fcf94ddf018022a7863a4d381d4db09dadb210774e9964c8fa6d38e19976e30538cb05781b7f8e932acb977518baede94ddf6212d84c60989793fdd0c2c9e3469db159a2a78ddf25f5eac41b0eeb998169ce2a39e4f7fd60505c61eab2f60c13afbb5a6ab6945622ea811942c788455ed156dd6fab588cdf40496223a6495efd1290e1c18a9798b2187fa3a31049b21e0cf9edcbd560a7dc5056303971a6ecf955b4f0679e8ea5fb29c380b5329837706d4f3e32e1390c5e0fe785ec7f9d25e26d0e91082c37ee764626609624fd1525f59e19108e728a456da26d0994c7eca3ef4839788845cf8833f57cfc25c231000a17ae095531dd157c7c08a818cb48a72e1021c1a236e76f61db0aa42a9e0a413fdd62eb57c9ab712017feaae354b034b6f57d012a4400faaaa758706cc0e5f0d5be9c7f916f514bc03ed7410f863890de597c3f8feb96ced34ad20f7bba9ffc7bec03949b794c1bc41064b556f686588983a7d04340f33f3fb9ffae28601568caada33d6bac39442ca7c4192fc2ad9ef0526185490f2ab1649fbb2eb5be459555614374575b2cd941f5aff5b586524debe65c1efa3621ee650252687dd7cb1e4e60c66f68b24571e3203a9a78f04c7e1af908d63d22fbc9cf92e21ce649b84372477191c6df68621c952b295e2e043452dc317e5ff8ea6dd76889ae79526c555872453cf9521b19914736f6e20370a6861a79ac104b83f18d4cf63cd7f836881ddd369cd20772c180e5371db5251739bb8bc0c549d61a90d20f2c672694ddcf19fe6109a9c9b6e0e4d7fc55864cf84045bf418a60c95ec271eb55a633ec33c2792db2e70e021bad4c8346c8b269f48ce5c9bb1514ce20d256115882031794341a9a0ae669b809fdac68ab89151b654e23d015cebcfa3f540fc42cdcc41dbbeb7e526549c1a997c24552608df898f4e356bf13fb02368122b40610aee15f07cc0c06104106f796724ad6ed155e89fb7ad9a8db7d03bee520030c62f212ce5f2dd4e868b42ec9f23c0331c688663546cad454190c296f9170e1c0483b73004c112e309816ef07c53ab41791fb55664bc20a48e9e3cbaf4d34dd220c799f2973edf5b45d6ae51c9983d9033975da0dda9386bed552c4b07dc8e7e17b5c0aca5b0cc7d49c4f37d42b88433f18b13f0348bd174366f95f6941fad661d41217b74cf257f3b896cc4deecb3e8a836e617c8361d2aaef652df5718d8847376166ccbb346a58a502dec04f40ea54cc3be6b35c4b29979b353a7aa2b494f4e90859fb0c4afcb04fa72e0e460f92e7153c62fcae8a34fa81e53568787b1d2761ec38988570df6a43bf644e52554328bb779577a7815fa3e663820a26c63c4a75157563e2c6187ce637293cf311d7c71582b4c06d4f70467da1b3597b66cbce507c46abdaac3c27d870574638d36681c5fdb1d54e28078a4f824d00f63a3d16801fd310849a32c0b842a60111305517cc8579eb978ed70e8a9a8dd0e66916cb201fbf82415ceaf840ac322d129a6e131ad98a1efeadd90942fc482231f2f0cced9203ab58a13f6c70604b6a82e3321d58c625886dd31cd1afc8d2403f7c0834c75b56a7f4a13f1947b16ca0b6f262bf54ec967df676b02b1dfee8f961115006bbe2d0c47276499aa144fef15b878c814a6f55424b51fa4e4ab0707cc0b7eae88d4918a6bf27b7f7e19ff74105b50e53e024463d157b4a8a7f688d8510a8669bbabe8f39abc22b5a9a401b9bf7c33ed7c38a20eab216963e4b93216890f2e604a3d9a070bbeb91d5804f5b5b1bc0b93c4c59153b9f215b4012daa6e868fcd97730b74cc9915a3e27db5679d38331112a2bdea9ce9b5e430e4dbbf18b31143cc809df43c9097c774fb2a954801ce99aed539654f65d25b0f3f46a0bc3ae046aa64e8de9d6302cde611032041d5cf61a82c832f85f7d52ea19404c0f98af60053e96e7ef997653977a3c84e57bc4188f31aaa169314b8b60147c0c71ea79aee3ee1b6fa6e18ace4b5c7a55c30471a45078c7faf6197199b9b083f0be40ec31f950a35226a244a345b2d5070e6f47ff426e46fec5ac1891d2a76d1f8568ce8e0c35b546e101618fc3ef9d4e28ccd5fafd22d79171eb84d569c69fd4bace408cb817e02d853d35aec6e5d57991676823d9fb3116c65efaf0d623cac5a7c3d628e82b1884e1aabc6e8baf0f8718f93dbc1594fec62ef44af0fe148b5d50a0a9bf7b864fa1429c84a3db293576e8f4ad08eb425aceafb10879b2e4e17602dfe6e8b7fb699a422fa2994d89645bb034a704962093f05337fe37a72df36d42fa479a1c9aa29b538ce9a023a25bf64d20c90477c1b400c387284d621204ca65cbe4ead3bf516a23aa9e2683b0b0be398474d7b1fec7a58e958f53c79e48b278050762713e0acb965ebab0f63a20df5b31241e5f4216c8ea94755174f58bb7573ddb502409c9ad96ba5d47bb1a68c9b04c5b314d51124bc4d77821bad1ee764789ee25f1b915a855e451ce600b0b9ec61645dd1e0287357fc08f2ffd01a655f6622f431c573459bd8586a2f8b7b3b206ad88d48cd84f6ec1f715f6f90b078d0c2991a447d0437dffcac6765b986496f94863d8974f10709c04a31ad226bc66df89f7830d9f1bfb3f5b9caa4f43343cd11e90a01504448ed5d150fde960641b342931708bc6d7e0b9f4822c6f72746d40c63b58c448794c59eeeb2cbe715e5d817e4505cc71a107c9ccf39f9d14cb694a72b57fd83745a66080c04f2a782acc71d798df7e008ca17bbeb26dc4e7c05ccfd4fb11f53971031b03a1a4ca46763067fa91295ce62a066250f80ccba17a71332b566a91deab22eed245cd6c2726dab429eb4f1f68c0c93d4fa5b37e2537b17ac93e4e9ec9a40bc1d78e1b8ee3fbb9dfa2583f3dc164bde7b463d4e2d218a4c53e6161b15345fa05d627694a55c7392ad53b851a422f20602386d9e686592049d2249ed72f71b56984a0203ceb6d2f5549d52bf0777c95bdc1a36a00b7905dce47adc17e4ea5e24a2a5c72de1a08dc00a74788cb3d992629923fec9ce8e78d0471d557057a9d06e504f58040eadfd51dea85a6ef13e9cbe8de92b655f3e847522e772048174040c8d246a6847e9ace39216b7d7b31c187d6031a1dd89ed3db0118ec3f0011f0efd969f6699bc8450347177f17bca7c4c48004b3d557263cb351310f18fb00e6fd8d8aae5a2ed06bd04d18063a19e338dedd7d08c97e2cd5506f2901ad3dd70e4f6ebca36d41c6e7bfb6723baf8ca9854a6a8c887445afc356faf3c0a781548a4f426d15e8ca7e896fe2a08e956b8b00ecb4631dd273a31f8775760688e63c9de407d85531bbd50c90ba38082647ecd7d7a9bb43002b387a3335ab16f33e77bcec563cf1907ba71d86cffd9aba28b2986367c0dd453a91cc0f89898bd4510a9c5b2d4f8928e79465f3b6a6162d2758f89cc1ab7b4128a571d91d71c31cf5ff8485c08bf974dd125ab7c149b184bf64127fac658c95e9b8bb6becd9c17071bfb0a75926f0f37e4caa180432997805e802bae46b9655ec003585c97270435035f41eb37b316246a583ce319636cb9aac18b0ba712a3b6efa39b652f297ee615f99995f9dcc234198e95737f8087fbdca888a0e212a68451213b784b19420e8fdaca04e0c3152bacbd02b519c2d1d8dab5aeca03a79e18a44efcc8b390b106416bdefbefa208a09aa7dd3b160c515f1a6f5cb23ad9bc356f3867769e876a6effbf899af27c6c1f416f259d59dea44b49335a490ca11e462944bd2c5215f4c1d7eacae398f2a279b01cae6d4b51ea616703afc8ea4297fbf30c4afd5db44ed4c991e621161cba83c95c4d712f2adb3946285424773f5fa3c7d60290f7f1b2fd365466c99f8d86aaff294cc1334628cbe0ad5ea3999039ddc65c9be89d989aee292eee7cfd9ebe740cbe543705f295f5749f1dcfd562187562eecd5eca8c68ee2dafcd182f127aeb9f9c872d7be70131032e76fac79aba4b21573ea7014370891aeaa51f4048ab6209a155acf03c950d8adc23cb4f1e18888f78f216c50a5282e7498d8675e8498b1f6252ce491731503ace58b5cb7b39ea6ef0adcfcb31e02fcfff65487c71aed8a4ea33cf99597f35065365326379c1c61b77ded4d96356b994ee27801b6a2dc52fbf43e8343b6c"}) sendto$inet6(r1, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x18) [ 545.411893] sg_write: data in/out 167162/24 bytes for SCSI command 0xff-- guessing data in; [ 545.411893] program syz-executor.1 not setting count and/or reply_len properly [ 545.446549] FAULT_INJECTION: forcing a failure. [ 545.446549] name failslab, interval 1, probability 0, space 0, times 0 [ 545.491542] CPU: 0 PID: 19460 Comm: syz-executor.4 Not tainted 4.14.134 #30 [ 545.498681] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 545.508040] Call Trace: [ 545.510642] dump_stack+0x138/0x19c [ 545.514279] should_fail.cold+0x10f/0x159 [ 545.518433] should_failslab+0xdb/0x130 [ 545.522418] __kmalloc_track_caller+0x2ec/0x790 [ 545.527089] ? unwind_get_return_address+0x61/0xa0 [ 545.532023] ? __save_stack_trace+0x7b/0xd0 [ 545.536348] ? btrfs_parse_early_options+0xa3/0x310 [ 545.541365] kstrdup+0x3a/0x70 [ 545.544550] btrfs_parse_early_options+0xa3/0x310 [ 545.549379] ? btrfs_freeze+0xc0/0xc0 [ 545.553163] ? find_next_bit+0x28/0x30 [ 545.557040] ? pcpu_alloc+0xcf0/0x1050 [ 545.560920] ? find_held_lock+0x35/0x130 [ 545.564969] ? pcpu_alloc+0xcf0/0x1050 [ 545.568849] btrfs_mount+0x11d/0x2b14 [ 545.572630] ? lock_downgrade+0x6e0/0x6e0 [ 545.576755] ? find_held_lock+0x35/0x130 [ 545.580801] ? pcpu_alloc+0x3af/0x1050 [ 545.584697] ? _find_next_bit+0xee/0x120 [ 545.588756] ? check_preemption_disabled+0x3c/0x250 [ 545.593757] ? btrfs_remount+0x11f0/0x11f0 [ 545.597984] ? rcu_read_lock_sched_held+0x110/0x130 [ 545.602985] ? __lockdep_init_map+0x10c/0x570 [ 545.607477] ? __lockdep_init_map+0x10c/0x570 [ 545.611955] mount_fs+0x97/0x2a1 [ 545.615303] vfs_kern_mount.part.0+0x5e/0x3d0 [ 545.619780] do_mount+0x417/0x27d0 [ 545.623299] ? copy_mount_options+0x5c/0x2f0 [ 545.627685] ? rcu_read_lock_sched_held+0x110/0x130 [ 545.632681] ? copy_mount_string+0x40/0x40 [ 545.636906] ? copy_mount_options+0x1fe/0x2f0 [ 545.641390] SyS_mount+0xab/0x120 [ 545.644835] ? copy_mnt_ns+0x8c0/0x8c0 [ 545.648702] do_syscall_64+0x1e8/0x640 [ 545.652572] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 545.657429] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 545.662610] RIP: 0033:0x45c27a [ 545.665786] RSP: 002b:00007f4eb8d06a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 545.673475] RAX: ffffffffffffffda RBX: 00007f4eb8d06b40 RCX: 000000000045c27a [ 545.680734] RDX: 00007f4eb8d06ae0 RSI: 0000000020000100 RDI: 00007f4eb8d06b00 03:38:52 executing program 3: r0 = socket(0x0, 0x803, 0x0) sendto(r0, &(0x7f0000cfefee)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0x80, &(0x7f0000000380)=[{&(0x7f0000000040)=""/95, 0x630}, {&(0x7f00000000c0)=""/85, 0xfb}, {&(0x7f0000000fc0)=""/4096, 0x3f}, {&(0x7f0000000400)=""/120, 0x78}, {&(0x7f0000000480)=""/60, 0xf0}, {&(0x7f0000000200)=""/77, 0x4d}, {&(0x7f0000000540)=""/154, 0x9a}, {&(0x7f0000000340)=""/22, 0x16}], 0xa4, &(0x7f0000002400)=""/191, 0xbf}}], 0x4000000000000f0, 0x0, &(0x7f0000003700)={0x77359400}) 03:38:52 executing program 5: umount2(&(0x7f0000000000)='./file0\x00', 0x6) getresuid(&(0x7f00000000c0)=0x0, &(0x7f0000000100)=0x0, &(0x7f0000000140)) r2 = getgid() r3 = getgid() r4 = getgid() r5 = getgid() getresgid(&(0x7f0000000180), &(0x7f00000001c0)=0x0, &(0x7f0000000200)) setxattr$system_posix_acl(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='system.posix_acl_access\x00', &(0x7f0000000240)={{}, {0x1, 0x5}, [{0x2, 0x6, r1}], {0x4, 0x5}, [{0x8, 0x1, r2}, {0x8, 0x5, r3}, {0x8, 0x2, r4}, {0x8, 0x5, r5}, {0x8, 0x2, r6}], {0x10, 0x6}, {0x20, 0x2}}, 0x54, 0x3) r7 = syz_open_dev$media(&(0x7f00000002c0)='/dev/media#\x00', 0x7, 0x800) ioctl$BLKPG(r7, 0x1269, &(0x7f0000000400)={0x6e98c4db, 0x8001, 0xed, &(0x7f0000000300)="d4f471986cccc85a7e664282e0cb5b0c7932c3fc4372553598189f392fbbc782f8c7fd4749d46452928eb0537903632d4f532cbcd758a0475a23f6fffadf637ee9dc670e0fd15846f578a56e831e2cf797ab3c316f42b82b27b983d2132c88f778e641ad1850e1a5b21d16b58488e4ab132013fabc87f87e060972cd8cb333b675e84d188d2be1fefe436660dd300aea86c6eaa7f60f5ffa5912d8705ed2cb95165d656b29f1a023d679ed914b762d6d364452f43c246e4a74332813c06e22f4ba98d433a164d41125ef3579a5199a7f562f70081e42e17464ed0f77c09d9e63d2ace00eb3961e4921f7a2703f"}) syz_mount_image$ext4(&(0x7f0000000440)='ext3\x00', &(0x7f0000000480)='./file0\x00', 0x8, 0x2, &(0x7f0000000640)=[{&(0x7f00000004c0)="ab741a6b87ecfcf7c3968a961ab32aba9904e06aeae538899c9dbd96dba571ae2a2698e121f0ab118b854813043fd5b6e94369f9f90175c0ce2bed4cd9d1abb8ab6470c0dc47a77d77e0900686ffa14f8c53ba7ee9f2eb339ca8640e0135e77634f102ea2d247bfcc92d137145a23466fbd10eaa367c7c7005ad21ec0884a53258b0dcf34fe3fa22d075f0b4e217b7c083cd10f41e546cf25d4478bf0982d8bc05e44ddd807e951e8f7a6487d7082fa1ba", 0xb1, 0x3f}, {&(0x7f0000000580)="99f056983ae07dfc2116917d3a8051bb87d28773d0d85da0d4d366767aade6ab59445d41e636c1bd1eb4f2251e0cfad505ab072417039e070666ea07cb3e79f5bd02266a3060a8727f262dd3752abd4d6ab956d8bd91b7f574847b069ff800f7493bdfe5dd7be6ed3ba25fd9a234ae2a096d8075b3dd8f240a7040514555a5fc7dba2a7a95300bb3d65815260e19c93802bfeaf094823a7cfd338fe68e406950863772ec62a03d60482c1655bfb38d1a0ea791e10042", 0xb6, 0x2}], 0x200000, &(0x7f0000000680)={[{@jqfmt_vfsold='jqfmt=vfsold'}, {@bsdgroups='bsdgroups'}, {@bh='bh'}], [{@smackfsroot={'smackfsroot'}}, {@smackfsroot={'smackfsroot'}}, {@obj_role={'obj_role', 0x3d, '/dev/media#\x00'}}]}) ioctl$PIO_FONTRESET(r7, 0x4b6d, 0x0) ioctl$BLKRRPART(r7, 0x125f, 0x0) ioctl$EVIOCGSND(r7, 0x8040451a, &(0x7f0000000700)=""/169) syz_mount_image$ext4(&(0x7f00000007c0)='ext2\x00', &(0x7f0000000800)='./file0\x00', 0x2d, 0x5, &(0x7f0000000b00)=[{&(0x7f0000000840)="c14d49b733e759eb34b89833e7123123273385b3d3b0a5da211f8b901c35104e0532ff58c5fa9f1427048ed28922ebf3a15babe4eec0a53b71f0204884085be9357d0653e7dd1c65f6e398b5656cd213f86c624f6eab9472e05ecddeb6d21a69f7e374328092cc1647e086718e49b81c6b740925e77eb585ff78fa3c1cabaa7d1c83a8131819e54112524062d1eb7ff4e8639ec6f4202b693dadbfa5a73527e0b1bf5763dbb757e5a13ff754e784208cde51d7f3e6a0eb9da6fca41dca33124ede5b504bb1e94d028f2b691b8f44b6918122567b764af2802a473f52ed920c67401e0cb0e415a3eb3a336cd068e050", 0xef, 0x6}, {&(0x7f0000000940)="e6552c826ef9ea926bef60c36c9e61be531504d5f5b687bcae8bec8a7b5c", 0x1e, 0x7}, {&(0x7f0000000980)="a6dd1e8ead942ce1a7a0dc344b0d79cf68836b180b71d6a8ef0ca71157d4aad29fc7a87657e6ff9f24a4f8437df777d46e250486f007c4f76adabfe64c06b1e36938704324f3fa22fc40c543cf525d5aeff4484f54ea489ffc0508059ceea4815a45f4bf32c9511f636944bf9bbbc03519f10fd1c9891759aebf1f3dfc44b15a47c9bbf24b3361585c", 0x89, 0x7}, {&(0x7f0000000a40)}, {&(0x7f0000000a80)="0cc11c328f157758356cd8638ac084de49202fc686c8188ce9dfbf2a0db4838d865ab8325f00e01f4f748cd096fbe7261ed435a0c587b036fb16aa03b91b800a570f6fcf05386d74af6a04f7c6df970d030232a40b48f66ae2b62601e72aa2eedd7a46f2a054588783197c6d2d455c", 0x6f, 0x8}], 0x100000, &(0x7f0000000b80)={[{@grpquota='grpquota'}, {@dioread_nolock='dioread_nolock'}, {@bsddf='bsddf'}, {@noblock_validity='noblock_validity'}, {@auto_da_alloc='auto_da_alloc'}, {@abort='abort'}], [{@fsuuid={'fsuuid', 0x3d, {[0x0, 0x32, 0x72, 0x34, 0x33, 0x77], 0x2d, [0x0, 0x34, 0x77, 0x62], 0x2d, [0x62, 0x33, 0x38, 0x36], 0x2d, [0x65, 0x37, 0x37, 0x64], 0x2d, [0x77, 0x37, 0x31, 0x3a, 0x31, 0x35, 0x0, 0x77]}}}, {@euid_gt={'euid>', r0}}, {@defcontext={'defcontext', 0x3d, 'root'}}, {@smackfsfloor={'smackfsfloor', 0x3d, 'bdev'}}]}) r8 = geteuid() r9 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000c40)='/dev/mixer\x00', 0x401, 0x0) ioctl$FS_IOC_SETFLAGS(r7, 0x40086602, &(0x7f0000000c80)=0x78) ioctl$UI_END_FF_ERASE(r9, 0x400c55cb, &(0x7f0000000cc0)={0xf, 0x100000001, 0x37a}) fchown(r9, r8, r5) ioctl$IMSETDEVNAME(r7, 0x80184947, &(0x7f0000000d00)={0x800, 'syz1\x00'}) ioctl$VIDIOC_QUERYCTRL(r9, 0xc0445624, &(0x7f0000000d40)={0x1f, 0xb, "7fc2a2135e32ffaf67b29a630c0153182fc88d10b6bf37dffe9b08a9331ccb99", 0x6945, 0x3, 0x84e8, 0xff}) ioctl$SG_GET_LOW_DMA(r9, 0x227a, &(0x7f0000000dc0)) syz_mount_image$ntfs(&(0x7f0000000e00)='ntfs\x00', &(0x7f0000000e40)='./file0\x00', 0x5, 0x2, &(0x7f0000000f00)=[{&(0x7f0000000e80)="1728973a1f4ed2e131ac", 0xa, 0x9}, {&(0x7f0000000ec0)="082c30d9ad0c08fcf1d7731c3eb3f488", 0x10, 0x7}], 0x100000, &(0x7f0000000f40)={[{@dmask={'dmask', 0x3d, 0x9}}], [{@smackfsroot={'smackfsroot', 0x3d, 'smackfsfloor'}}, {@euid_eq={'euid', 0x3d, r1}}, {@uid_lt={'uid<', r8}}]}) r10 = add_key(&(0x7f0000000fc0)='id_legacy\x00', &(0x7f0000001000)={'syz', 0x2}, &(0x7f0000001040)="207ba7965985387c77590fb774c4494754f16d755f800846762cba155c33314091da61beb09ab724ad684bdd5157f7e0b7e2b72d7fbdd4e954aea876546feddae8998a6656dd2c00", 0x48, 0xfffffffffffffffb) keyctl$KEYCTL_PKEY_ENCRYPT(0x19, &(0x7f00000010c0)={r10, 0x1000, 0x1000}, &(0x7f0000001100)={'enc=', 'raw', ' hash=', {'md5-generic\x00'}}, &(0x7f0000001180)="7a47d7f7ecd3540d4df2c1c394d64fcf362ee3f52ee6d68686d004d189044e2ade38136fdab8e955aa78783854390d9e2a41807aa121430a2409d86a060d1a6d963302f6ad5d253e0305a7bbe941113d91de094eed1cffc07bbd7892c44a386eb1f89287eaa67f5c57982e319d8519ff91b8a47592b6e32e70af6e90116e05edef340a8991a5eeb38bdcae8b4b0d23bdc54463b2f17c51476a4c7aac8d2c2bca8ec20ac360183b93d03fd92cb01dbeb68cadbdb5b6c412e885724cb38627b6f382d6409fd552bf7e62157cf5900ce44f304e070d627ac2acd2663d43e47a958b6c1ce6ac3d0f8d927fea15bbea786dad2bbe90b454f06d7c75ed72b02ed32aca718733796f1a9586aa2e15fcb0286e063405b27f2024fff5acc0903436e7f7d2f0953aa8738d6dc3997b310ed5be742acd2a0af6dab6905788713f2de0cd9ed6351966041ed28f45f4c7271b1b4ba8a21a806b51bc33515ece68989deb6903b451ef1009fd55cf9a2488bfccabf412c57f67b7ca66e84187058ab5f9ca8c455688447b2dab9ad8ba62d06d86419b4d12eefdb6c5bff12ead69a772971605848458e5ec2393c436ffec0f283ba9d8ba718d77cd21ebf7525ae2a3210bd98fdb06276febcebde2f4eb96917b49a45e9bd33136cac96e36815959687c086d396c2f7deef7450d2db8bcf2d3d865cfca3ddb2b9c13a66f23ea20840c36439bb38ef566491fccdd9c11e9240b47f8e8aa4a83da28fcf7c3b76f87f41f8d9504f79f9bc14962e6b161b6da566a712bec5a95601dcde7929f54454f7bc7faefe3be1323d3437e7ae4b59e29e1efc71d59e07a70772f924b0ca14c1e75a5f20e76597923e9f277582511409f518f2c2c733b3939e334e43ff0d3dc556a285a49d1f91ff0fd93d79282503eec007ec30933d82b6f9809be1d4fefa5fcc33a3a73935b09e445f0f36322e53032b210625cd8284215626233da3f9284b2bd64a1ed86e1476c6920ffb8c76b54a9f310d5be90f28e6cbfcbe47e84a110659b05228cb7a94b8a073bbf5b6f5cea0c3508f4c71590f63273e0a1e8c25e7422096c7f6691fa95cc9e356074beaab6ba605e39e6605a6a1ba223ffd590ef85965b71bfcd1f9f9dcd591bc8d24a8335d29c70151da1e946cfeac957c460730d884094ae55a581e5017c047a24a22de6c53a9082e568506b3ee263f8d26b52321417549ff5f083aaebf8aaa90266a228f74c8ba2a237e560ae299c72987d2406ec60e2c462146b0d29cf1ddd58cd5d9775d19c372f084624ec1b088ab14812a7c65d3faca4d7d2ae6189fe0eddf0df3499c4ea5656be3cfe2464b042b0977444fe9a4aae4ec5dcdc9305736b312f0f2ca83a7c314ce198a7c6d420eb66a009f35934a80aa04bd54917b13af990185d5b7235088b632805bc3a88be007f4d9d0a53b3a89f0bcc9a154e175f0334acf95e603232a7293e4c6c22436c574b6c1105985e816912763c60928a8ef2bcb785db1b28d7bb632bbb73ce0323e53608cbdc8e3b187982560e18c3bee20f65f21930ff5c19f97d20e35d119e90aae9478c4e6bd170d41d99f746d188012fd56e7c3b56205e4c88a03a068514f4a26db9d5291d17da21a799d68021f78b8223f933ff5d57d10db1bca9cb2bf7b6b07dac12ac123dcc8c1bed1c69f73099826f67e73c89b6255d0584514226911b4a1a7f3cfdaa3eb6f9cdaf375fe816dc0967c1d813958dc6772289fe15bfc8eab35b050b6497d194c602460089a559abb36db6def5f3d8f8b23d787745e2217058497fbd591ead707b1ebf31e9012a7c2223647dcfbc64160477330faf78b14b3943c731ac1bc5d4202d0b86b9d54342251fb6c0bbf9a93340fa0505a91f5d6f0c775ec8ea76204a64720d77457b0ac27f5493f2d712972fe08e134d408ca460cbd1c4663c3a6bdb808b78b5affc46fe046994fe47aec90a5735780313e9f587d6c0c5f41297c8df2b6c273d0860a0ddc6ecf0efa8c68e2cf7c290dfa66bea4f50e29707bb40f20527b332a1ab482f71db53aa92d7e6a3bfb1f56b595b4b5a286cedc199fb53dd551b4d892f3d3bd13b1eb0bca8344a35e05830b20fe688848974868cc8c5737852288c8d9728e5dda54280b89c81363309c4ce486aeda4ade45dfb805ea55233849c890f26d9cee02f4d4828b4561d0903c63a5abd564eb26d2cba97a87b69071264ca530fa2b5ec1c7d6952f4dae697f72001c6b24d8df62ea8c528a91af0a1b4d38cd04e1c5a5a57ff24d4b93a1f7fabae8c78cab1ce390b42ccf19d468bba363bac29289c58eca79477cb22c76e6c1305bfd8e4d8f3699e4a707b9a97a530321dcd71d8959e77e8448e45a00f3a6e834357279b0c0b838613cfb7cc7ee3df07af4ed1a9a3654df9b442fcc8071759eb83479790b24ad8da5b23dff9fea95678dd4aecb22be34c89fedb6afcf01cb12addbb8890b4523073a8d786e6c54b255688f2073331de1406ac6eb98b261d448503e43559c31f9c8d23ef9265afbf02c024b1ebb1611d3e2f53c4e2bce75b78908a20db524c6aea2b4acd85265e95d402d17672baa56d2bbbd5ed93aa3e092f7f35eec869ce6b9f9f778275b78bab7b5ef967025057a638a99c5fa41d9df2e853f14b0315303ecbb2a07fe12dd8e88ffbca6dbe62cbdc4a5c2fa649c159aaa1beae6ebbd8a04da425eb5ba9773d8d428c41104591ba1c368ebd0031369340d8712d22d21bf8f30d835fa35630172f85d3f651cf6d1616ce02daa7c28fde1513bf96c29c123647c518cb78a9380273f3da77fcfc468df948dd44f02126a8c7b4adad564eff9b216b234ac4cf7d93b8fbdd9605f890f0552ff75f98c62eac53771d1918d1ae9e1b2d64e9447675cb18236c393686e1a2f29177e0cd826a4c537fb4b5900b46fdbb45aa1d145dde10c4b193dd134f198e1da508db0775b97094762c33838658422af69f4162b6581eb65b580bc386f14fab11e21f301ff7edbfb5402d42d1eff4048a95a51cbd4a70d07785dd0172dce4116e18fbc933384be1ec5635252b14b07e4a7616c64fc42b61bd0688027d5e8e8c69218f3e4f835ed584638e08c2921eb04bdf54e5aa4b2635f4acfdfd70ef76524b0da8335c914f96db33606e1b813b502210cfcc44081b994b4e6bbfeb386a22ef5990969b71a66f86f8994fe0d53af697934ebf8ab9ccd8fad17b1f2ee39e1309b0b19064deb8023c3f35bea0049c74db43c6176544118b5b266bebc27513eb15e1a6e50c7d8d2503a6b3d0c7392b7bcded9bc0c78014a3cc5cfea242362a4945448588104dfac1ee8e4f65a3046bbe914de062ed3b0596ebfe1f3ab6b7365630a30efbeedc75623c5f3d411c4911eb3934d2b295cfb6f07fd9f118f3330c3234de5987d9a4a6e86001a6b854bf47cf3cb8e681ef92ce20e3bdcca7dfd182db391f64aa718dce5ae0f2f5516c4cca2d2ce1a304f5db2fda337eca91581a39575ae73ef902473e0f89e6f80113a12d4105ec8c8a613579df92a5a11ed0e75d86ac51b7188d9eb2bd58f9bc27988b850f48dab5390dd8fee8fcc809dee09bf1708454937ff51efaa54a27f34d3b27d6ab97685308c07b0e3dd53290042bb61b6b76b5ea88a7445a244af1e907fdf8bcd803e05a4f1e0ef081ff7ba2b0175433745811ddbde76f47c8507ab34ca2de58966c90085405a406f69f859347f693599ab5f1e6a790998e7cb30517f0e954d263bb1ae78470baf498ce7596c322be3ba3631a02541de12235a43469fd5ef1ef52dd52f2b765e969587c3e15f6d1e3ddedd818bf5b3b6026454d174052ff22fb787b7b811a028f4329b3ebb57b43bbf8db104c11c3fbe39ae41a60c09c804d1fc4ecff03fc437318b59466e86bdef7b29b5a01b5bfc3ad166535c7cbcc338165a8fdc31806ddb8006fc3e0fb3a862618ef30d71805bd6cad834c8ad1cb71ff4c3c4fd9393ecb1c53ef514724643cb17a21b8409cb0991012ea7135a1ac8567063d7b45822f91c2dda573b6b0d440681aab329477f5c1c47d777998ca8385514aca07a7d16776b3484299cc9ae23040f261461e206d32bda74235d443344c920734de7c084beca224e9a31ef0d966fc40e84561fff301fddff83f82465dfd4e3a0990fedbc9d53184ee92a3d7ac34883a359762da03045fab57e6cba4b8fa3da16e3bb87aad9640f612446c52f70935782c1b8a766ff778f27f89f02dd1c454a63210e2ffa692b2d319be0c78b4d08d8054a24687dda0ea5c78b73a1f3d2a25c7ef544083a45192cdfa23016faa9eb55d9ec7616d8993ab13e061b8326786505445d0d4dc0ee0ec46e101161b29e6aa56a6238ed23c86092bdcd54a48370569f2800d45cafde512efa48f12547293e3edb38f335e10ce447f359f2fde4860c5786285e7cd85cebfad79408277ab1e76c1cf1f9b26c786705892698d19d50906ec89ca9a26e1e841fb7c75c6d96eea68fd7eeac905af8f46c76fda8c26eed122d444c8a0b11d01f27edf73e2335db230c2931b6dbbc2381df9d56845f0798a8c1ea7c5a0b6e0a70a564add7a139a4c53d8575f21600b4625bda9185c5d3b4cdc993446020ee629eb11c1f520b44f9000f70a4c12371c88b5e7784e2709d7a5bfe05da694fdecc60942d8b7cc31f12008129f07139bbe0478d81a1163546ecc992ed919497c7019d7d5c7cc173376237e2b6591e198d8f17bd16042c2b39c76056e43a6278a16b09ebfbf43beb5262fb8054c81c2048eabfc78256c5adf88f4f88ceb77a7393bc8cfb343169b69646e78b4a93a9eed8bf17c43f904114ee8ab6bb311a859daf2e3d95faada8ef156868328a4c9674bbff1fb2b6cb216725fd6f1a579c46cf996726cec3a268b616757eccd06d8409572e27f69f8783e66b9aefdfbca3aecd53276815f93a1022720b97cee65c6e60de99d4e4c8b1f20ae5f2d5488b6d3686c4cad6b0f60c80935c3378cc4de9546f510e409e451443b7db29eca09880928dc0d4e0ca37a1b25d33d5fe0f577bf8197014c716129a45b842b2ec2774d5882c132fffa8b1c86635b5ea445c5496390b973e80c575eb7fae9f8cacab03b4890882a8ac5948f6cbb768329f65911892d042a000c1776fa62fcdf4cf7a7598c0466562078f69c27db057d3e5197544ce531cde7dcaf15fc4903f0b4c3be847d16accd77375d4410203a35930111d69f7a9661fb0eb535f423c6f7c0790336ea946430d2e19fbb7f07880543c3a534ad237dc7daf2a28b6a04d3c12ccf4f53eea6c5633290f9a97bf0ea843070cc1b6661b35ba2cf13c921bbd83127a506b9ffedc8f62a99cbc251f98f99c72bd3737fd818fc9375dbeaedeff707e50bd18d7f4764f70262e95733779830e2615d24f5c5ea142a48e20cc00c9e5eca7e88ba1775613f0ca2bb3ea3b7f6d17f0619d76fb88d0758bca3a378e49fa73a3e790c4c7276e35fface4c7e6c497af8c2d4fd4e7fad10df723de3b775921c43095300a58619cb3443e4cf422b531de85e96af6d28c36bcff89308007b4ad1176c2bb19dc9554aa5bca37c2d30bf266fe0284f6615ef9e484997a006c4bcb13b0144b7fe299046ffbacef8f4a94af5b0c5c585f9ee22102d4b070b165e907dfdcfae1cdce65f46968e35b926d468423ae17889f2db31b6df758afdbacad895f0e3817574405397350279ee5813115eb4504ad0204aadbaf155067ed8c458658b6da598e0796e8a697faf01754e564ff3b312a9cd14ba46776b5b61969930472dde2b9811caf761968adc830fe82c58dbb9e34e", &(0x7f0000002180)=""/4096) write$FUSE_INIT(r7, &(0x7f0000003180)={0x50, 0x0, 0x1, {0x7, 0x1f, 0x800, 0x100804, 0x3, 0x8, 0xfa7, 0xffffffffffffff80}}, 0x50) sendmsg$inet6(r7, &(0x7f0000003300)={&(0x7f0000003200)={0xa, 0x4e20, 0x7, @rand_addr="196b5bd9ef17dcb68e41573d3e57fc1b", 0x2}, 0x1c, &(0x7f00000032c0)=[{&(0x7f0000003240)="dfef407964ddd8045b7d48e6a89413cde5035491521730c95bf08996ed571f52895f44438823e72ee71bdccece9523fb010db4462246a331022ac41d05f866f6a09fa9a9ee3dba9a1df5ff6b9601ba20f00ba14ea6eb376e111e0ad1d7b8863464857b7f9c9111858561c99c2930a252", 0x70}], 0x1}, 0x0) ioctl$SNDRV_RAWMIDI_IOCTL_INFO(r7, 0x810c5701, &(0x7f0000003340)) ioctl$SIOCRSSL2CALL(r7, 0x89e2, &(0x7f0000003480)=@bcast) 03:38:52 executing program 2: socketpair$unix(0x1, 0x0, 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="2001000010db55000000000000649bdb382db60cdb35feaf0900000000000000000000000000201483d9b22701010000d08a38cd02fa9ed7d2"], 0x1}}, 0x0) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(r0, 0x0, 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x38) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r0, 0x0, 0x0) 03:38:52 executing program 0: mkdir(&(0x7f00000000c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000180)='./file0\x00', 0x4) mount$overlay(0x400000, &(0x7f0000000000)='./file0\x00', &(0x7f0000000300)='overlay\x00', 0x0, &(0x7f0000000c40)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=./file1,workdir=./file1']) chdir(&(0x7f0000000280)='./file0\x00') mknod$loop(&(0x7f0000000040)='./file0\x00', 0x0, 0x1) r0 = open$dir(&(0x7f0000000080)='.\x00', 0x0, 0x0) mkdirat(r0, &(0x7f0000000140)='./file1\x00', 0x0) r1 = socket$inet6(0xa, 0x7, 0x10001) setsockopt$IP6T_SO_SET_REPLACE(r1, 0x29, 0x40, &(0x7f0000000340)=@raw={'raw\x00', 0x9, 0x3, 0x310, 0x0, 0x0, 0x0, 0x110, 0x0, 0x240, 0x240, 0x240, 0x240, 0x240, 0x3, &(0x7f0000000100), {[{{@uncond, 0x0, 0xc8, 0x110}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x1, 0x7, 0x8, 0x8, '\x00', 0x80000001}}}, {{@ipv6={@empty, @ipv4={[], [], @broadcast}, [0xffffff00, 0xffffffff, 0xffffffff, 0xff], [0x0, 0xff, 0xffffffff, 0xffffffff], 'bridge_slave_1\x00', 'bond0\x00', {0xff}, {0xff}, 0x62, 0x10001, 0x0, 0x4}, 0x0, 0xf0, 0x130, 0x0, {}, [@inet=@rpfilter={0x28, 'rpfilter\x00', 0x0, {0x1}}]}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz1\x00', 0x8, 0x6, 0x5e0363ab}}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x370) mkdir(&(0x7f00000000c0)='./file1/file0\x00', 0x0) renameat2(r0, &(0x7f0000000000)='./file1/file0\x00', r0, &(0x7f00000001c0)='./file0\x00', 0x2) [ 545.687997] RBP: 0000000000000001 R08: 00007f4eb8d06b40 R09: 00007f4eb8d06ae0 [ 545.695248] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000006 [ 545.702502] R13: 00000000004c88e2 R14: 00000000004df6b0 R15: 0000000000000005 [ 545.716747] sg_write: data in/out 167162/24 bytes for SCSI command 0xff-- guessing data in; [ 545.716747] program syz-executor.1 not setting count and/or reply_len properly 03:38:52 executing program 4 (fault-call:1 fault-nth:60): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f0000000380)="8da4363ac0ed0000000000000000004d01000000000000000000000000000013fff6f2a2299748aeb81e1b00920efd9a000001000000000001000000000000005f42485266535f4d860c1317278d451fd38e4071a1e91c0523b67fecca5b668ef40000000000000000e4bd9fa7c5fcb3aefd8d4a6c4952162a5a06316567de06abe647d21f253840c118ae9982c6c238e719ccfbd8f5ee215e30bf31f59401e921c6a9fca5349ebf4294d39b5931232929caf81701a7540962141efc672ae1459ef04de89c7a092e7f", 0xc9, 0x10000}], 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) 03:38:52 executing program 3: r0 = socket(0x0, 0x803, 0x0) sendto(r0, &(0x7f0000cfefee)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0x80, &(0x7f0000000380)=[{&(0x7f0000000040)=""/95, 0x630}, {&(0x7f00000000c0)=""/85, 0xfb}, {&(0x7f0000000fc0)=""/4096, 0x3f}, {&(0x7f0000000400)=""/120, 0x78}, {&(0x7f0000000480)=""/60, 0xf0}, {&(0x7f0000000200)=""/77, 0x4d}, {&(0x7f0000000540)=""/154, 0x9a}, {&(0x7f0000000340)=""/22, 0x16}], 0xa4, &(0x7f0000002400)=""/191, 0xbf}}], 0x4000000000000f0, 0x0, &(0x7f0000003700)={0x77359400}) 03:38:52 executing program 2: socketpair$unix(0x1, 0x0, 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="20315e278fdda238b012e64aa101000010db55000000000000649bdb00000000000000201483f1b22701"], 0x1}}, 0x0) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x38) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r0, 0xfffffffffffffffe, 0x0) 03:38:52 executing program 5: r0 = openat$audio(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/audio\x00', 0x0, 0x0) read(r0, &(0x7f0000000340)=""/4096, 0x1000) ioctl$int_in(r0, 0x800000c0045009, &(0x7f0000000300)) syncfs(r0) openat$hwrng(0xffffffffffffff9c, &(0x7f0000000040)='/dev/hwrng\x00', 0x0, 0x0) readv(r0, &(0x7f0000000000)=[{&(0x7f0000001340)=""/4096, 0x1000}], 0x1) 03:38:52 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000080)="11dca50d5e0bcfe47bf070") r1 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x8046) write(r1, &(0x7f0000000100)="b63db85e1e8d020000000000003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1acfbd6cbf87798a9b02de7a91a3cbdfa009cf75a7eadb2a00", 0x48) readv(r1, &(0x7f000085dff0)=[{&(0x7f0000000000)=""/62, 0x3e}], 0x1) [ 545.860668] FAULT_INJECTION: forcing a failure. [ 545.860668] name failslab, interval 1, probability 0, space 0, times 0 [ 545.898216] sg_write: data in/out 167162/24 bytes for SCSI command 0xff-- guessing data in; 03:38:52 executing program 3: r0 = socket(0x10, 0x0, 0x0) sendto(r0, &(0x7f0000cfefee)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0x80, &(0x7f0000000380)=[{&(0x7f0000000040)=""/95, 0x630}, {&(0x7f00000000c0)=""/85, 0xfb}, {&(0x7f0000000fc0)=""/4096, 0x3f}, {&(0x7f0000000400)=""/120, 0x78}, {&(0x7f0000000480)=""/60, 0xf0}, {&(0x7f0000000200)=""/77, 0x4d}, {&(0x7f0000000540)=""/154, 0x9a}, {&(0x7f0000000340)=""/22, 0x16}], 0xa4, &(0x7f0000002400)=""/191, 0xbf}}], 0x4000000000000f0, 0x0, &(0x7f0000003700)={0x77359400}) [ 545.898216] program syz-executor.1 not setting count and/or reply_len properly [ 545.916209] CPU: 0 PID: 19495 Comm: syz-executor.4 Not tainted 4.14.134 #30 [ 545.923339] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 545.932690] Call Trace: [ 545.935279] dump_stack+0x138/0x19c [ 545.938921] should_fail.cold+0x10f/0x159 [ 545.943081] should_failslab+0xdb/0x130 [ 545.947059] __kmalloc+0x2f0/0x7a0 [ 545.950697] ? find_held_lock+0x35/0x130 [ 545.954760] ? pcpu_alloc+0xcf0/0x1050 03:38:52 executing program 3: r0 = socket(0x10, 0x0, 0x0) sendto(r0, &(0x7f0000cfefee)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0x80, &(0x7f0000000380)=[{&(0x7f0000000040)=""/95, 0x630}, {&(0x7f00000000c0)=""/85, 0xfb}, {&(0x7f0000000fc0)=""/4096, 0x3f}, {&(0x7f0000000400)=""/120, 0x78}, {&(0x7f0000000480)=""/60, 0xf0}, {&(0x7f0000000200)=""/77, 0x4d}, {&(0x7f0000000540)=""/154, 0x9a}, {&(0x7f0000000340)=""/22, 0x16}], 0xa4, &(0x7f0000002400)=""/191, 0xbf}}], 0x4000000000000f0, 0x0, &(0x7f0000003700)={0x77359400}) 03:38:52 executing program 3: r0 = socket(0x10, 0x0, 0x0) sendto(r0, &(0x7f0000cfefee)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0x80, &(0x7f0000000380)=[{&(0x7f0000000040)=""/95, 0x630}, {&(0x7f00000000c0)=""/85, 0xfb}, {&(0x7f0000000fc0)=""/4096, 0x3f}, {&(0x7f0000000400)=""/120, 0x78}, {&(0x7f0000000480)=""/60, 0xf0}, {&(0x7f0000000200)=""/77, 0x4d}, {&(0x7f0000000540)=""/154, 0x9a}, {&(0x7f0000000340)=""/22, 0x16}], 0xa4, &(0x7f0000002400)=""/191, 0xbf}}], 0x4000000000000f0, 0x0, &(0x7f0000003700)={0x77359400}) [ 545.958648] ? btrfs_mount+0x19a/0x2b14 [ 545.962626] btrfs_mount+0x19a/0x2b14 [ 545.966430] ? lock_downgrade+0x6e0/0x6e0 [ 545.970609] ? find_held_lock+0x35/0x130 [ 545.974674] ? pcpu_alloc+0x3af/0x1050 [ 545.978576] ? btrfs_remount+0x11f0/0x11f0 [ 545.982855] ? rcu_read_lock_sched_held+0x110/0x130 [ 545.987908] ? __lockdep_init_map+0x10c/0x570 [ 545.992412] ? __lockdep_init_map+0x10c/0x570 [ 545.996916] mount_fs+0x97/0x2a1 [ 546.000294] vfs_kern_mount.part.0+0x5e/0x3d0 [ 546.004796] do_mount+0x417/0x27d0 03:38:52 executing program 3: r0 = socket(0x10, 0x803, 0x0) sendto(0xffffffffffffffff, &(0x7f0000cfefee)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0x80, &(0x7f0000000380)=[{&(0x7f0000000040)=""/95, 0x630}, {&(0x7f00000000c0)=""/85, 0xfb}, {&(0x7f0000000fc0)=""/4096, 0x3f}, {&(0x7f0000000400)=""/120, 0x78}, {&(0x7f0000000480)=""/60, 0xf0}, {&(0x7f0000000200)=""/77, 0x4d}, {&(0x7f0000000540)=""/154, 0x9a}, {&(0x7f0000000340)=""/22, 0x16}], 0xa4, &(0x7f0000002400)=""/191, 0xbf}}], 0x4000000000000f0, 0x0, &(0x7f0000003700)={0x77359400}) 03:38:52 executing program 3: r0 = socket(0x10, 0x803, 0x0) sendto(0xffffffffffffffff, &(0x7f0000cfefee)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0x80, &(0x7f0000000380)=[{&(0x7f0000000040)=""/95, 0x630}, {&(0x7f00000000c0)=""/85, 0xfb}, {&(0x7f0000000fc0)=""/4096, 0x3f}, {&(0x7f0000000400)=""/120, 0x78}, {&(0x7f0000000480)=""/60, 0xf0}, {&(0x7f0000000200)=""/77, 0x4d}, {&(0x7f0000000540)=""/154, 0x9a}, {&(0x7f0000000340)=""/22, 0x16}], 0xa4, &(0x7f0000002400)=""/191, 0xbf}}], 0x4000000000000f0, 0x0, &(0x7f0000003700)={0x77359400}) [ 546.008350] ? copy_mount_options+0x5c/0x2f0 [ 546.012765] ? rcu_read_lock_sched_held+0x110/0x130 [ 546.017783] ? copy_mount_string+0x40/0x40 [ 546.022028] ? copy_mount_options+0x1fe/0x2f0 [ 546.026533] SyS_mount+0xab/0x120 [ 546.029991] ? copy_mnt_ns+0x8c0/0x8c0 [ 546.033884] do_syscall_64+0x1e8/0x640 [ 546.037780] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 546.042633] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 546.047819] RIP: 0033:0x45c27a [ 546.051016] RSP: 002b:00007f4eb8d06a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 03:38:52 executing program 3: r0 = socket(0x10, 0x803, 0x0) sendto(0xffffffffffffffff, &(0x7f0000cfefee)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0x80, &(0x7f0000000380)=[{&(0x7f0000000040)=""/95, 0x630}, {&(0x7f00000000c0)=""/85, 0xfb}, {&(0x7f0000000fc0)=""/4096, 0x3f}, {&(0x7f0000000400)=""/120, 0x78}, {&(0x7f0000000480)=""/60, 0xf0}, {&(0x7f0000000200)=""/77, 0x4d}, {&(0x7f0000000540)=""/154, 0x9a}, {&(0x7f0000000340)=""/22, 0x16}], 0xa4, &(0x7f0000002400)=""/191, 0xbf}}], 0x4000000000000f0, 0x0, &(0x7f0000003700)={0x77359400}) 03:38:52 executing program 0: mkdir(&(0x7f00000000c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000180)='./file0\x00', 0x4) mount$overlay(0x400000, &(0x7f0000000000)='./file0\x00', &(0x7f0000000300)='overlay\x00', 0x0, &(0x7f0000000c40)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=./file1,workdir=./file1']) chdir(&(0x7f0000000280)='./file0\x00') mknod$loop(&(0x7f0000000040)='./file0\x00', 0x0, 0x1) r0 = open$dir(&(0x7f0000000080)='.\x00', 0x0, 0x0) mkdirat(r0, &(0x7f0000000140)='./file1\x00', 0x0) r1 = socket$inet6(0xa, 0x7, 0x10001) setsockopt$IP6T_SO_SET_REPLACE(r1, 0x29, 0x40, &(0x7f0000000340)=@raw={'raw\x00', 0x9, 0x3, 0x310, 0x0, 0x0, 0x0, 0x110, 0x0, 0x240, 0x240, 0x240, 0x240, 0x240, 0x3, &(0x7f0000000100), {[{{@uncond, 0x0, 0xc8, 0x110}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x1, 0x7, 0x8, 0x8, '\x00', 0x80000001}}}, {{@ipv6={@empty, @ipv4={[], [], @broadcast}, [0xffffff00, 0xffffffff, 0xffffffff, 0xff], [0x0, 0xff, 0xffffffff, 0xffffffff], 'bridge_slave_1\x00', 'bond0\x00', {0xff}, {0xff}, 0x62, 0x10001, 0x0, 0x4}, 0x0, 0xf0, 0x130, 0x0, {}, [@inet=@rpfilter={0x28, 'rpfilter\x00', 0x0, {0x1}}]}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz1\x00', 0x8, 0x6, 0x5e0363ab}}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x370) mkdir(&(0x7f00000000c0)='./file1/file0\x00', 0x0) renameat2(r0, &(0x7f0000000000)='./file1/file0\x00', r0, &(0x7f00000001c0)='./file0\x00', 0x2) [ 546.058734] RAX: ffffffffffffffda RBX: 00007f4eb8d06b40 RCX: 000000000045c27a [ 546.066011] RDX: 00007f4eb8d06ae0 RSI: 0000000020000100 RDI: 00007f4eb8d06b00 [ 546.073290] RBP: 0000000000000001 R08: 00007f4eb8d06b40 R09: 00007f4eb8d06ae0 [ 546.087739] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000006 [ 546.095025] R13: 00000000004c88e2 R14: 00000000004df6b0 R15: 0000000000000005 [ 546.114960] sg_write: data in/out 167162/24 bytes for SCSI command 0xff-- guessing data in; [ 546.114960] program syz-executor.1 not setting count and/or reply_len properly 03:38:52 executing program 4 (fault-call:1 fault-nth:61): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f0000000380)="8da4363ac0ed0000000000000000004d01000000000000000000000000000013fff6f2a2299748aeb81e1b00920efd9a000001000000000001000000000000005f42485266535f4d860c1317278d451fd38e4071a1e91c0523b67fecca5b668ef40000000000000000e4bd9fa7c5fcb3aefd8d4a6c4952162a5a06316567de06abe647d21f253840c118ae9982c6c238e719ccfbd8f5ee215e30bf31f59401e921c6a9fca5349ebf4294d39b5931232929caf81701a7540962141efc672ae1459ef04de89c7a092e7f", 0xc9, 0x10000}], 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) 03:38:52 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000000040)='TIPC\x00') r0 = shmat(0xffffffffffffffff, &(0x7f0000ffb000/0x3000)=nil, 0x1000) shmdt(r0) mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x0, 0xffffffffffffffff) clone(0x6100001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(&(0x7f0000000140)=@md0='/dev/md0\x00', &(0x7f0000000100)='./file0\x00', &(0x7f0000000180)='gfs2\x00', 0x0, 0x0) [ 546.226501] FAULT_INJECTION: forcing a failure. [ 546.226501] name failslab, interval 1, probability 0, space 0, times 0 [ 546.239197] CPU: 1 PID: 19535 Comm: syz-executor.4 Not tainted 4.14.134 #30 [ 546.246338] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 546.255713] Call Trace: [ 546.258479] dump_stack+0x138/0x19c [ 546.262128] should_fail.cold+0x10f/0x159 [ 546.266297] should_failslab+0xdb/0x130 [ 546.270299] __kmalloc_track_caller+0x2ec/0x790 [ 546.275095] ? kstrdup_const+0x48/0x60 [ 546.279036] kstrdup+0x3a/0x70 [ 546.282262] kstrdup_const+0x48/0x60 [ 546.285969] alloc_vfsmnt+0xe5/0x7d0 [ 546.289681] vfs_kern_mount.part.0+0x2a/0x3d0 [ 546.294173] ? find_held_lock+0x35/0x130 [ 546.298229] vfs_kern_mount+0x40/0x60 [ 546.302108] btrfs_mount+0x3ce/0x2b14 [ 546.306660] ? lock_downgrade+0x6e0/0x6e0 [ 546.310805] ? find_held_lock+0x35/0x130 [ 546.314869] ? pcpu_alloc+0x3af/0x1050 [ 546.318899] ? btrfs_remount+0x11f0/0x11f0 [ 546.323135] ? rcu_read_lock_sched_held+0x110/0x130 [ 546.328153] ? __lockdep_init_map+0x10c/0x570 [ 546.332821] ? __lockdep_init_map+0x10c/0x570 [ 546.337393] mount_fs+0x97/0x2a1 [ 546.340808] vfs_kern_mount.part.0+0x5e/0x3d0 [ 546.345303] do_mount+0x417/0x27d0 [ 546.348942] ? copy_mount_options+0x5c/0x2f0 [ 546.353363] ? rcu_read_lock_sched_held+0x110/0x130 [ 546.359264] ? copy_mount_string+0x40/0x40 [ 546.363499] ? copy_mount_options+0x1fe/0x2f0 [ 546.368112] SyS_mount+0xab/0x120 [ 546.371564] ? copy_mnt_ns+0x8c0/0x8c0 [ 546.375448] do_syscall_64+0x1e8/0x640 [ 546.379359] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 546.384260] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 546.389590] RIP: 0033:0x45c27a [ 546.392853] RSP: 002b:00007f4eb8d06a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 546.400733] RAX: ffffffffffffffda RBX: 00007f4eb8d06b40 RCX: 000000000045c27a [ 546.408004] RDX: 00007f4eb8d06ae0 RSI: 0000000020000100 RDI: 00007f4eb8d06b00 [ 546.415472] RBP: 0000000000000001 R08: 00007f4eb8d06b40 R09: 00007f4eb8d06ae0 [ 546.423115] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000006 [ 546.430562] R13: 00000000004c88e2 R14: 00000000004df6b0 R15: 0000000000000005 [ 547.760199] net_ratelimit: 17 callbacks suppressed [ 547.760205] protocol 88fb is buggy, dev hsr_slave_0 [ 547.760208] protocol 88fb is buggy, dev hsr_slave_0 [ 547.760262] protocol 88fb is buggy, dev hsr_slave_1 [ 547.765543] protocol 88fb is buggy, dev hsr_slave_1 [ 547.786459] protocol 88fb is buggy, dev hsr_slave_0 [ 547.791569] protocol 88fb is buggy, dev hsr_slave_1 [ 547.840558] protocol 88fb is buggy, dev hsr_slave_1 [ 548.240158] protocol 88fb is buggy, dev hsr_slave_0 [ 548.245518] protocol 88fb is buggy, dev hsr_slave_1 03:38:55 executing program 2: socketpair$unix(0x1, 0x0, 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="2001000010db55000000000000649bdb382db60cdb35feaf0900000000000000000000000000201483d9b22701010000d08a38cd02fa9ed7d2"], 0x1}}, 0x0) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) r1 = syz_open_dev$sndpcmc(&(0x7f0000000040)='/dev/snd/pcmC#D#c\x00', 0x1fc6d43b, 0x200200) ioctl$UI_SET_SNDBIT(r1, 0x4004556a, 0x1) tkill(r0, 0x38) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r0, 0x0, 0x0) 03:38:55 executing program 3: r0 = socket(0x10, 0x803, 0x0) sendto(r0, 0x0, 0x0, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0x80, &(0x7f0000000380)=[{&(0x7f0000000040)=""/95, 0x630}, {&(0x7f00000000c0)=""/85, 0xfb}, {&(0x7f0000000fc0)=""/4096, 0x3f}, {&(0x7f0000000400)=""/120, 0x78}, {&(0x7f0000000480)=""/60, 0xf0}, {&(0x7f0000000200)=""/77, 0x4d}, {&(0x7f0000000540)=""/154, 0x9a}, {&(0x7f0000000340)=""/22, 0x16}], 0xa4, &(0x7f0000002400)=""/191, 0xbf}}], 0x4000000000000f0, 0x0, &(0x7f0000003700)={0x77359400}) 03:38:55 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") r1 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x8046) write(r1, &(0x7f0000000100)="b63db85e1e8d020000000000003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1acfbd6cbf87798a9b02de7a91a3cbdfa009cf75a7eadb2a00", 0x48) readv(r0, &(0x7f00000000c0)=[{&(0x7f0000000000)=""/62, 0x3e}], 0x100000000000003c) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x12000, 0x0) ioctl$VIDIOC_SUBDEV_G_FRAME_INTERVAL(r0, 0xc0305615, &(0x7f0000000180)={0x0, {0x61047221, 0x2}}) 03:38:55 executing program 5: r0 = syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1) r1 = syz_open_dev$cec(&(0x7f0000000000)='/dev/cec#\x00', 0x1, 0x2) ioctl$SNDRV_TIMER_IOCTL_TREAD(r1, 0x40045402, &(0x7f0000000040)=0x1) sendmmsg$sock(r0, &(0x7f0000006d40)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) ioctl$sock_rose_SIOCADDRT(r1, 0x890b, &(0x7f0000000080)={@dev={0xbb, 0xbb, 0xbb, 0x1, 0x0}, 0x5, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @netrom={'nr', 0x0}, 0x6, [@netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}]}) 03:38:55 executing program 0: mkdir(&(0x7f00000000c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000180)='./file0\x00', 0x4) mount$overlay(0x400000, &(0x7f0000000000)='./file0\x00', &(0x7f0000000300)='overlay\x00', 0x0, &(0x7f0000000c40)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=./file1,workdir=./file1']) chdir(&(0x7f0000000280)='./file0\x00') mknod$loop(&(0x7f0000000040)='./file0\x00', 0x0, 0x1) r0 = open$dir(&(0x7f0000000080)='.\x00', 0x0, 0x0) mkdirat(r0, &(0x7f0000000140)='./file1\x00', 0x0) r1 = socket$inet6(0xa, 0x7, 0x10001) setsockopt$IP6T_SO_SET_REPLACE(r1, 0x29, 0x40, &(0x7f0000000340)=@raw={'raw\x00', 0x9, 0x3, 0x310, 0x0, 0x0, 0x0, 0x110, 0x0, 0x240, 0x240, 0x240, 0x240, 0x240, 0x3, &(0x7f0000000100), {[{{@uncond, 0x0, 0xc8, 0x110}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x1, 0x7, 0x8, 0x8, '\x00', 0x80000001}}}, {{@ipv6={@empty, @ipv4={[], [], @broadcast}, [0xffffff00, 0xffffffff, 0xffffffff, 0xff], [0x0, 0xff, 0xffffffff, 0xffffffff], 'bridge_slave_1\x00', 'bond0\x00', {0xff}, {0xff}, 0x62, 0x10001, 0x0, 0x4}, 0x0, 0xf0, 0x130, 0x0, {}, [@inet=@rpfilter={0x28, 'rpfilter\x00', 0x0, {0x1}}]}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz1\x00', 0x8, 0x6, 0x5e0363ab}}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x370) mkdir(&(0x7f00000000c0)='./file1/file0\x00', 0x0) renameat2(r0, &(0x7f0000000000)='./file1/file0\x00', r0, &(0x7f00000001c0)='./file0\x00', 0x2) 03:38:55 executing program 4 (fault-call:1 fault-nth:62): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f0000000380)="8da4363ac0ed0000000000000000004d01000000000000000000000000000013fff6f2a2299748aeb81e1b00920efd9a000001000000000001000000000000005f42485266535f4d860c1317278d451fd38e4071a1e91c0523b67fecca5b668ef40000000000000000e4bd9fa7c5fcb3aefd8d4a6c4952162a5a06316567de06abe647d21f253840c118ae9982c6c238e719ccfbd8f5ee215e30bf31f59401e921c6a9fca5349ebf4294d39b5931232929caf81701a7540962141efc672ae1459ef04de89c7a092e7f", 0xc9, 0x10000}], 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) [ 548.868378] kauditd_printk_skb: 46 callbacks suppressed [ 548.868386] audit: type=1400 audit(2000000335.259:2523): avc: denied { map } for pid=19553 comm="blkid" path="/sbin/blkid" dev="sda1" ino=16128 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=0 [ 548.909949] sg_write: data in/out 167162/24 bytes for SCSI command 0xff-- guessing data in; 03:38:55 executing program 3: r0 = socket(0x10, 0x803, 0x0) sendto(r0, 0x0, 0x0, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0x80, &(0x7f0000000380)=[{&(0x7f0000000040)=""/95, 0x630}, {&(0x7f00000000c0)=""/85, 0xfb}, {&(0x7f0000000fc0)=""/4096, 0x3f}, {&(0x7f0000000400)=""/120, 0x78}, {&(0x7f0000000480)=""/60, 0xf0}, {&(0x7f0000000200)=""/77, 0x4d}, {&(0x7f0000000540)=""/154, 0x9a}, {&(0x7f0000000340)=""/22, 0x16}], 0xa4, &(0x7f0000002400)=""/191, 0xbf}}], 0x4000000000000f0, 0x0, &(0x7f0000003700)={0x77359400}) 03:38:55 executing program 5: r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='net\x00') exit(0x0) fstat(r0, &(0x7f0000000340)) vmsplice(r0, &(0x7f0000000280)=[{&(0x7f0000000100)="a2c19079ee998cf0fc95b954fece89d537e673f5ae0d72f584078d7a4dca133c1b2be7aa31edf33bfa46c1c556575903c6c3d062c15034fd2e47cc0c8f3df2f286dec15fdaa63a6ddbb9b84a8151a10975e42b185b14ba979d3d7f238795a8cba39c27e415dec76bd74c7e381aa3d8d7b2c531ed6e8b4a6497ccf9dc80495862616ed0a12a150e443a6f6ed24c5c5b9caa98ac105046cea448b2932ee8230cdf9fd7f3442c53774cf4915bb633e241176050c758b0f3a940f4ae5bb111fdb1f019373118bb685ae0753b390b9a71d5431f839f959200c53754d395bde8e10aed37d335635744bede45e576f7", 0xec}, {&(0x7f0000000000)="1a9b74aa3da5e137144ba03b44831326e08438d097e6a9d52497a343957d881da2d9fbca1b2de095c4710f16f6dc650b2042c0113a4d30edd1a27339bbd50f306e51359743842004d0f18987180395af551f223ae78a4b4154199e27bc4c09a1d0cb8a393ea7c14fcf80a99ebc9e12a4b9393f3f1ba2f10112b6efc7df68ca1eccb3d28342c0e4ad5c8fd34e8bed60c61e7be4c75bb28b9142ca8d6d98852937961cfb8cc5a096ac10fe", 0xaa}, {&(0x7f0000000200)="739a0346d318a9cb1b221e862a7d1619aa68c09df1255d550ec87ca7ee464cb8f77c604d22795610683312ec47f5feee29fdd42206f089b2361c2155d90734fe3135a27f971dc287aee7fea7aa380ffed8727a6409b7a7234f3594b75a81a9ced046acf96ca5cf4ff332c43ca1e7f7f27e08d1fc7c03c2f1c4", 0x79}], 0x3, 0x4) 03:38:55 executing program 0: mkdir(&(0x7f00000000c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000180)='./file0\x00', 0x4) mount$overlay(0x400000, &(0x7f0000000000)='./file0\x00', &(0x7f0000000300)='overlay\x00', 0x0, &(0x7f0000000c40)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=./file1,workdir=./file1']) chdir(&(0x7f0000000280)='./file0\x00') mknod$loop(&(0x7f0000000040)='./file0\x00', 0x0, 0x1) r0 = open$dir(&(0x7f0000000080)='.\x00', 0x0, 0x0) mkdirat(r0, &(0x7f0000000140)='./file1\x00', 0x0) r1 = socket$inet6(0xa, 0x7, 0x10001) setsockopt$IP6T_SO_SET_REPLACE(r1, 0x29, 0x40, &(0x7f0000000340)=@raw={'raw\x00', 0x9, 0x3, 0x310, 0x0, 0x0, 0x0, 0x110, 0x0, 0x240, 0x240, 0x240, 0x240, 0x240, 0x3, &(0x7f0000000100), {[{{@uncond, 0x0, 0xc8, 0x110}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x1, 0x7, 0x8, 0x8, '\x00', 0x80000001}}}, {{@ipv6={@empty, @ipv4={[], [], @broadcast}, [0xffffff00, 0xffffffff, 0xffffffff, 0xff], [0x0, 0xff, 0xffffffff, 0xffffffff], 'bridge_slave_1\x00', 'bond0\x00', {0xff}, {0xff}, 0x62, 0x10001, 0x0, 0x4}, 0x0, 0xf0, 0x130, 0x0, {}, [@inet=@rpfilter={0x28, 'rpfilter\x00', 0x0, {0x1}}]}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz1\x00', 0x8, 0x6, 0x5e0363ab}}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x370) mkdir(&(0x7f00000000c0)='./file1/file0\x00', 0x0) renameat2(r0, &(0x7f0000000000)='./file1/file0\x00', r0, &(0x7f00000001c0)='./file0\x00', 0x2) [ 548.909949] program syz-executor.1 not setting count and/or reply_len properly [ 548.951869] FAULT_INJECTION: forcing a failure. [ 548.951869] name failslab, interval 1, probability 0, space 0, times 0 [ 548.977069] audit: type=1400 audit(2000000335.299:2524): avc: denied { associate } for pid=19552 comm="syz-executor.0" name="file0" scontext=unconfined_u:object_r:unlabeled_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=filesystem permissive=0 [ 548.981568] CPU: 0 PID: 19557 Comm: syz-executor.4 Not tainted 4.14.134 #30 03:38:55 executing program 3: r0 = socket(0x10, 0x803, 0x0) sendto(r0, 0x0, 0x0, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0x80, &(0x7f0000000380)=[{&(0x7f0000000040)=""/95, 0x630}, {&(0x7f00000000c0)=""/85, 0xfb}, {&(0x7f0000000fc0)=""/4096, 0x3f}, {&(0x7f0000000400)=""/120, 0x78}, {&(0x7f0000000480)=""/60, 0xf0}, {&(0x7f0000000200)=""/77, 0x4d}, {&(0x7f0000000540)=""/154, 0x9a}, {&(0x7f0000000340)=""/22, 0x16}], 0xa4, &(0x7f0000002400)=""/191, 0xbf}}], 0x4000000000000f0, 0x0, &(0x7f0000003700)={0x77359400}) 03:38:55 executing program 3: r0 = socket(0x10, 0x803, 0x0) sendto(r0, &(0x7f0000cfefee), 0x0, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0x80, &(0x7f0000000380)=[{&(0x7f0000000040)=""/95, 0x630}, {&(0x7f00000000c0)=""/85, 0xfb}, {&(0x7f0000000fc0)=""/4096, 0x3f}, {&(0x7f0000000400)=""/120, 0x78}, {&(0x7f0000000480)=""/60, 0xf0}, {&(0x7f0000000200)=""/77, 0x4d}, {&(0x7f0000000540)=""/154, 0x9a}, {&(0x7f0000000340)=""/22, 0x16}], 0xa4, &(0x7f0000002400)=""/191, 0xbf}}], 0x4000000000000f0, 0x0, &(0x7f0000003700)={0x77359400}) [ 549.005814] audit: type=1400 audit(2000000335.299:2525): avc: denied { associate } for pid=19552 comm="syz-executor.0" name="file1" scontext=unconfined_u:object_r:unlabeled_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=filesystem permissive=0 [ 549.007333] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 549.007338] Call Trace: [ 549.007355] dump_stack+0x138/0x19c [ 549.007371] should_fail.cold+0x10f/0x159 [ 549.032589] audit: type=1400 audit(2000000335.369:2526): avc: denied { map } for pid=19570 comm="blkid" path="/sbin/blkid" dev="sda1" ino=16128 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=0 [ 549.039566] should_failslab+0xdb/0x130 03:38:55 executing program 3: r0 = socket(0x10, 0x803, 0x0) sendto(r0, &(0x7f0000cfefee), 0x0, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0x80, &(0x7f0000000380)=[{&(0x7f0000000040)=""/95, 0x630}, {&(0x7f00000000c0)=""/85, 0xfb}, {&(0x7f0000000fc0)=""/4096, 0x3f}, {&(0x7f0000000400)=""/120, 0x78}, {&(0x7f0000000480)=""/60, 0xf0}, {&(0x7f0000000200)=""/77, 0x4d}, {&(0x7f0000000540)=""/154, 0x9a}, {&(0x7f0000000340)=""/22, 0x16}], 0xa4, &(0x7f0000002400)=""/191, 0xbf}}], 0x4000000000000f0, 0x0, &(0x7f0000003700)={0x77359400}) [ 549.039581] __kmalloc_track_caller+0x2ec/0x790 [ 549.039592] ? unwind_get_return_address+0x61/0xa0 [ 549.039604] ? __save_stack_trace+0x7b/0xd0 [ 549.091869] ? btrfs_parse_early_options+0xa3/0x310 [ 549.097174] kstrdup+0x3a/0x70 [ 549.100481] btrfs_parse_early_options+0xa3/0x310 [ 549.105629] ? save_trace+0x290/0x290 [ 549.109451] ? btrfs_freeze+0xc0/0xc0 [ 549.113396] ? find_next_bit+0x28/0x30 [ 549.117283] ? pcpu_alloc+0xcf0/0x1050 [ 549.121305] ? find_held_lock+0x35/0x130 [ 549.125531] ? pcpu_alloc+0xcf0/0x1050 [ 549.129765] btrfs_mount+0x11d/0x2b14 [ 549.133583] ? lock_downgrade+0x6e0/0x6e0 [ 549.137828] ? find_held_lock+0x35/0x130 [ 549.141899] ? pcpu_alloc+0x3af/0x1050 [ 549.145985] ? _find_next_bit+0xee/0x120 [ 549.150320] ? check_preemption_disabled+0x3c/0x250 [ 549.155436] ? btrfs_remount+0x11f0/0x11f0 [ 549.159932] ? rcu_read_lock_sched_held+0x110/0x130 [ 549.165469] ? __lockdep_init_map+0x10c/0x570 [ 549.170248] ? __lockdep_init_map+0x10c/0x570 [ 549.174759] mount_fs+0x97/0x2a1 [ 549.178319] vfs_kern_mount.part.0+0x5e/0x3d0 [ 549.182916] ? find_held_lock+0x35/0x130 [ 549.187000] vfs_kern_mount+0x40/0x60 [ 549.190810] btrfs_mount+0x3ce/0x2b14 [ 549.194802] ? lock_downgrade+0x6e0/0x6e0 [ 549.199358] ? find_held_lock+0x35/0x130 [ 549.203948] ? pcpu_alloc+0x3af/0x1050 [ 549.207850] ? btrfs_remount+0x11f0/0x11f0 [ 549.212114] ? rcu_read_lock_sched_held+0x110/0x130 [ 549.217589] ? __lockdep_init_map+0x10c/0x570 [ 549.222340] ? __lockdep_init_map+0x10c/0x570 [ 549.226857] mount_fs+0x97/0x2a1 [ 549.230396] vfs_kern_mount.part.0+0x5e/0x3d0 [ 549.235038] do_mount+0x417/0x27d0 [ 549.238669] ? copy_mount_options+0x5c/0x2f0 [ 549.243243] ? rcu_read_lock_sched_held+0x110/0x130 [ 549.248424] ? copy_mount_string+0x40/0x40 [ 549.252779] ? copy_mount_options+0x1fe/0x2f0 [ 549.257822] SyS_mount+0xab/0x120 [ 549.261459] ? copy_mnt_ns+0x8c0/0x8c0 [ 549.265522] do_syscall_64+0x1e8/0x640 [ 549.269449] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 549.274300] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 549.279695] RIP: 0033:0x45c27a [ 549.283316] RSP: 002b:00007f4eb8d06a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 549.291143] RAX: ffffffffffffffda RBX: 00007f4eb8d06b40 RCX: 000000000045c27a [ 549.298422] RDX: 00007f4eb8d06ae0 RSI: 0000000020000100 RDI: 00007f4eb8d06b00 [ 549.305854] RBP: 0000000000000001 R08: 00007f4eb8d06b40 R09: 00007f4eb8d06ae0 [ 549.313246] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000006 [ 549.321177] R13: 00000000004c88e2 R14: 00000000004df6b0 R15: 0000000000000005 [ 549.338482] sg_write: data in/out 167162/24 bytes for SCSI command 0xff-- guessing data in; [ 549.338482] program syz-executor.1 not setting count and/or reply_len properly [ 549.379648] audit: type=1400 audit(2000000335.769:2527): avc: denied { map } for pid=19582 comm="blkid" path="/sbin/blkid" dev="sda1" ino=16128 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=0 [ 549.411450] audit: type=1400 audit(2000000335.769:2528): avc: denied { map } for pid=19584 comm="blkid" path="/sbin/blkid" dev="sda1" ino=16128 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=0 [ 549.444446] audit: type=1400 audit(2000000335.769:2529): avc: denied { map } for pid=19585 comm="blkid" path="/sbin/blkid" dev="sda1" ino=16128 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=0 [ 549.471054] audit: type=1400 audit(2000000335.809:2530): avc: denied { map } for pid=19586 comm="blkid" path="/sbin/blkid" dev="sda1" ino=16128 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=0 [ 549.493698] audit: type=1400 audit(2000000335.809:2531): avc: denied { associate } for pid=19583 comm="syz-executor.0" name="file0" scontext=unconfined_u:object_r:unlabeled_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=filesystem permissive=0 [ 549.517059] audit: type=1400 audit(2000000335.809:2532): avc: denied { associate } for pid=19583 comm="syz-executor.0" name="file1" scontext=unconfined_u:object_r:unlabeled_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=filesystem permissive=0 [ 549.840218] protocol 88fb is buggy, dev hsr_slave_0 03:38:58 executing program 2: socketpair$unix(0x1, 0x0, 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="2001000010db55000000000000649bdb382db60cdb35feaf0900000000000000000000000000201483d9b22701010000d08a38cd02fa9ed7d2"], 0x1}}, 0x0) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x38) r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/net/pfkey\x00', 0x0, 0x0) setsockopt$inet_int(r1, 0x0, 0x14, &(0x7f0000000080)=0x7, 0x4) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r0, 0x0, 0x0) 03:38:58 executing program 3: r0 = socket(0x10, 0x803, 0x0) sendto(r0, &(0x7f0000cfefee), 0x0, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0x80, &(0x7f0000000380)=[{&(0x7f0000000040)=""/95, 0x630}, {&(0x7f00000000c0)=""/85, 0xfb}, {&(0x7f0000000fc0)=""/4096, 0x3f}, {&(0x7f0000000400)=""/120, 0x78}, {&(0x7f0000000480)=""/60, 0xf0}, {&(0x7f0000000200)=""/77, 0x4d}, {&(0x7f0000000540)=""/154, 0x9a}, {&(0x7f0000000340)=""/22, 0x16}], 0xa4, &(0x7f0000002400)=""/191, 0xbf}}], 0x4000000000000f0, 0x0, &(0x7f0000003700)={0x77359400}) 03:38:58 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") r1 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x8046) readv(r1, &(0x7f000085dff0)=[{&(0x7f0000000000)=""/62, 0x3e}], 0x1) 03:38:58 executing program 4 (fault-call:1 fault-nth:63): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f0000000380)="8da4363ac0ed0000000000000000004d01000000000000000000000000000013fff6f2a2299748aeb81e1b00920efd9a000001000000000001000000000000005f42485266535f4d860c1317278d451fd38e4071a1e91c0523b67fecca5b668ef40000000000000000e4bd9fa7c5fcb3aefd8d4a6c4952162a5a06316567de06abe647d21f253840c118ae9982c6c238e719ccfbd8f5ee215e30bf31f59401e921c6a9fca5349ebf4294d39b5931232929caf81701a7540962141efc672ae1459ef04de89c7a092e7f", 0xc9, 0x10000}], 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) 03:38:58 executing program 0: mkdir(&(0x7f00000000c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000180)='./file0\x00', 0x4) mount$overlay(0x400000, &(0x7f0000000000)='./file0\x00', &(0x7f0000000300)='overlay\x00', 0x0, &(0x7f0000000c40)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=./file1,workdir=./file1']) chdir(&(0x7f0000000280)='./file0\x00') mknod$loop(&(0x7f0000000040)='./file0\x00', 0x0, 0x1) r0 = open$dir(&(0x7f0000000080)='.\x00', 0x0, 0x0) mkdirat(r0, &(0x7f0000000140)='./file1\x00', 0x0) r1 = socket$inet6(0xa, 0x7, 0x10001) setsockopt$IP6T_SO_SET_REPLACE(r1, 0x29, 0x40, &(0x7f0000000340)=@raw={'raw\x00', 0x9, 0x3, 0x310, 0x0, 0x0, 0x0, 0x110, 0x0, 0x240, 0x240, 0x240, 0x240, 0x240, 0x3, &(0x7f0000000100), {[{{@uncond, 0x0, 0xc8, 0x110}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x1, 0x7, 0x8, 0x8, '\x00', 0x80000001}}}, {{@ipv6={@empty, @ipv4={[], [], @broadcast}, [0xffffff00, 0xffffffff, 0xffffffff, 0xff], [0x0, 0xff, 0xffffffff, 0xffffffff], 'bridge_slave_1\x00', 'bond0\x00', {0xff}, {0xff}, 0x62, 0x10001, 0x0, 0x4}, 0x0, 0xf0, 0x130, 0x0, {}, [@inet=@rpfilter={0x28, 'rpfilter\x00', 0x0, {0x1}}]}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz1\x00', 0x8, 0x6, 0x5e0363ab}}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x370) mkdir(&(0x7f00000000c0)='./file1/file0\x00', 0x0) 03:38:58 executing program 5: openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) write$binfmt_aout(0xffffffffffffffff, &(0x7f0000000180)=ANY=[], 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000002740)={0xa, 0x0, 0x0, @local, 0x4}, 0x1c) sendmmsg(r0, &(0x7f0000007e00), 0x136a88c8311572c, 0x11) r1 = dup2(r0, r0) ioctl$VIDIOC_S_JPEGCOMP(r1, 0x408c563e, &(0x7f0000000000)={0x200, 0x0, 0x14, "a246994d95b9f38a3f52a0ced49eb9eafb77ac980672848eb4bc6bf643915b0427d733b14b6439fe9d8a28e8dca0ac34ed2914e7851a436a15aa7c06", 0xf, "e347648ce24c4689ace688bf8a9799fcd6781cbe74dd5b676cdb0388c9b7a5e1cb15a4782aff3004dfd5babcc4aaa09dae5334633918097234d63454", 0x40}) ioctl$DRM_IOCTL_RES_CTX(0xffffffffffffffff, 0xc0106426, 0x0) mremap(&(0x7f0000002000/0x3000)=nil, 0x3000, 0x2000, 0x3, &(0x7f000000d000/0x2000)=nil) 03:38:58 executing program 3: r0 = socket(0x10, 0x803, 0x0) sendto(r0, &(0x7f0000cfefee)="120000001200e7ef00", 0x9, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0x80, &(0x7f0000000380)=[{&(0x7f0000000040)=""/95, 0x630}, {&(0x7f00000000c0)=""/85, 0xfb}, {&(0x7f0000000fc0)=""/4096, 0x3f}, {&(0x7f0000000400)=""/120, 0x78}, {&(0x7f0000000480)=""/60, 0xf0}, {&(0x7f0000000200)=""/77, 0x4d}, {&(0x7f0000000540)=""/154, 0x9a}, {&(0x7f0000000340)=""/22, 0x16}], 0xa4, &(0x7f0000002400)=""/191, 0xbf}}], 0x4000000000000f0, 0x0, &(0x7f0000003700)={0x77359400}) 03:38:58 executing program 0: mkdir(&(0x7f00000000c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000180)='./file0\x00', 0x4) mount$overlay(0x400000, &(0x7f0000000000)='./file0\x00', &(0x7f0000000300)='overlay\x00', 0x0, &(0x7f0000000c40)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=./file1,workdir=./file1']) chdir(&(0x7f0000000280)='./file0\x00') mknod$loop(&(0x7f0000000040)='./file0\x00', 0x0, 0x1) r0 = open$dir(&(0x7f0000000080)='.\x00', 0x0, 0x0) mkdirat(r0, &(0x7f0000000140)='./file1\x00', 0x0) r1 = socket$inet6(0xa, 0x7, 0x10001) setsockopt$IP6T_SO_SET_REPLACE(r1, 0x29, 0x40, &(0x7f0000000340)=@raw={'raw\x00', 0x9, 0x3, 0x310, 0x0, 0x0, 0x0, 0x110, 0x0, 0x240, 0x240, 0x240, 0x240, 0x240, 0x3, &(0x7f0000000100), {[{{@uncond, 0x0, 0xc8, 0x110}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x1, 0x7, 0x8, 0x8, '\x00', 0x80000001}}}, {{@ipv6={@empty, @ipv4={[], [], @broadcast}, [0xffffff00, 0xffffffff, 0xffffffff, 0xff], [0x0, 0xff, 0xffffffff, 0xffffffff], 'bridge_slave_1\x00', 'bond0\x00', {0xff}, {0xff}, 0x62, 0x10001, 0x0, 0x4}, 0x0, 0xf0, 0x130, 0x0, {}, [@inet=@rpfilter={0x28, 'rpfilter\x00', 0x0, {0x1}}]}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz1\x00', 0x8, 0x6, 0x5e0363ab}}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x370) [ 551.911642] FAULT_INJECTION: forcing a failure. [ 551.911642] name failslab, interval 1, probability 0, space 0, times 0 03:38:58 executing program 3: r0 = socket(0x10, 0x803, 0x0) sendto(r0, &(0x7f0000cfefee)="120000001200e7ef00", 0x9, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0x80, &(0x7f0000000380)=[{&(0x7f0000000040)=""/95, 0x630}, {&(0x7f00000000c0)=""/85, 0xfb}, {&(0x7f0000000fc0)=""/4096, 0x3f}, {&(0x7f0000000400)=""/120, 0x78}, {&(0x7f0000000480)=""/60, 0xf0}, {&(0x7f0000000200)=""/77, 0x4d}, {&(0x7f0000000540)=""/154, 0x9a}, {&(0x7f0000000340)=""/22, 0x16}], 0xa4, &(0x7f0000002400)=""/191, 0xbf}}], 0x4000000000000f0, 0x0, &(0x7f0000003700)={0x77359400}) [ 551.971619] CPU: 0 PID: 19600 Comm: syz-executor.4 Not tainted 4.14.134 #30 [ 551.978768] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 551.988125] Call Trace: [ 551.990718] dump_stack+0x138/0x19c [ 551.994358] should_fail.cold+0x10f/0x159 [ 551.998520] should_failslab+0xdb/0x130 [ 552.002502] __kmalloc+0x2f0/0x7a0 [ 552.006043] ? match_token+0x22b/0x480 [ 552.009933] ? match_strdup+0x5f/0xa0 [ 552.013744] match_strdup+0x5f/0xa0 03:38:58 executing program 3: r0 = socket(0x10, 0x803, 0x0) sendto(r0, &(0x7f0000cfefee)="120000001200e7ef00", 0x9, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0x80, &(0x7f0000000380)=[{&(0x7f0000000040)=""/95, 0x630}, {&(0x7f00000000c0)=""/85, 0xfb}, {&(0x7f0000000fc0)=""/4096, 0x3f}, {&(0x7f0000000400)=""/120, 0x78}, {&(0x7f0000000480)=""/60, 0xf0}, {&(0x7f0000000200)=""/77, 0x4d}, {&(0x7f0000000540)=""/154, 0x9a}, {&(0x7f0000000340)=""/22, 0x16}], 0xa4, &(0x7f0000002400)=""/191, 0xbf}}], 0x4000000000000f0, 0x0, &(0x7f0000003700)={0x77359400}) 03:38:58 executing program 3: r0 = socket(0x10, 0x803, 0x0) sendto(r0, &(0x7f0000cfefee)="120000001200e7ef007b00000000", 0xe, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0x80, &(0x7f0000000380)=[{&(0x7f0000000040)=""/95, 0x630}, {&(0x7f00000000c0)=""/85, 0xfb}, {&(0x7f0000000fc0)=""/4096, 0x3f}, {&(0x7f0000000400)=""/120, 0x78}, {&(0x7f0000000480)=""/60, 0xf0}, {&(0x7f0000000200)=""/77, 0x4d}, {&(0x7f0000000540)=""/154, 0x9a}, {&(0x7f0000000340)=""/22, 0x16}], 0xa4, &(0x7f0000002400)=""/191, 0xbf}}], 0x4000000000000f0, 0x0, &(0x7f0000003700)={0x77359400}) [ 552.017382] btrfs_parse_early_options+0x241/0x310 [ 552.022319] ? btrfs_freeze+0xc0/0xc0 [ 552.026113] ? find_next_bit+0x28/0x30 [ 552.030002] ? pcpu_alloc+0xcf0/0x1050 [ 552.033895] ? pcpu_alloc+0xcf0/0x1050 [ 552.037795] btrfs_mount+0x11d/0x2b14 [ 552.041605] ? lock_downgrade+0x6e0/0x6e0 [ 552.045758] ? find_held_lock+0x35/0x130 [ 552.049824] ? pcpu_alloc+0x3af/0x1050 [ 552.053717] ? _find_next_bit+0xee/0x120 [ 552.057777] ? check_preemption_disabled+0x3c/0x250 [ 552.062803] ? btrfs_remount+0x11f0/0x11f0 [ 552.067054] ? rcu_read_lock_sched_held+0x110/0x130 03:38:58 executing program 3: r0 = socket(0x10, 0x803, 0x0) sendto(r0, &(0x7f0000cfefee)="120000001200e7ef007b00000000", 0xe, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0x80, &(0x7f0000000380)=[{&(0x7f0000000040)=""/95, 0x630}, {&(0x7f00000000c0)=""/85, 0xfb}, {&(0x7f0000000fc0)=""/4096, 0x3f}, {&(0x7f0000000400)=""/120, 0x78}, {&(0x7f0000000480)=""/60, 0xf0}, {&(0x7f0000000200)=""/77, 0x4d}, {&(0x7f0000000540)=""/154, 0x9a}, {&(0x7f0000000340)=""/22, 0x16}], 0xa4, &(0x7f0000002400)=""/191, 0xbf}}], 0x4000000000000f0, 0x0, &(0x7f0000003700)={0x77359400}) [ 552.072095] ? __lockdep_init_map+0x10c/0x570 [ 552.076594] ? __lockdep_init_map+0x10c/0x570 [ 552.081094] mount_fs+0x97/0x2a1 [ 552.084475] vfs_kern_mount.part.0+0x5e/0x3d0 [ 552.088972] ? find_held_lock+0x35/0x130 [ 552.093044] vfs_kern_mount+0x40/0x60 [ 552.096860] btrfs_mount+0x3ce/0x2b14 [ 552.102144] ? lock_downgrade+0x6e0/0x6e0 [ 552.108370] ? find_held_lock+0x35/0x130 [ 552.115027] ? pcpu_alloc+0x3af/0x1050 [ 552.118901] ? btrfs_remount+0x11f0/0x11f0 [ 552.123142] ? rcu_read_lock_sched_held+0x110/0x130 [ 552.128147] ? __lockdep_init_map+0x10c/0x570 [ 552.132624] ? __lockdep_init_map+0x10c/0x570 [ 552.137105] mount_fs+0x97/0x2a1 [ 552.140474] vfs_kern_mount.part.0+0x5e/0x3d0 [ 552.144966] do_mount+0x417/0x27d0 [ 552.148488] ? retint_kernel+0x2d/0x2d [ 552.152362] ? copy_mount_string+0x40/0x40 [ 552.156576] ? copy_mount_options+0x162/0x2f0 [ 552.161096] ? copy_mount_options+0x1fe/0x2f0 [ 552.165576] SyS_mount+0xab/0x120 [ 552.169011] ? copy_mnt_ns+0x8c0/0x8c0 [ 552.172883] do_syscall_64+0x1e8/0x640 [ 552.176751] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 552.181579] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 552.186751] RIP: 0033:0x45c27a [ 552.189921] RSP: 002b:00007f4eb8d06a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 552.198297] RAX: ffffffffffffffda RBX: 00007f4eb8d06b40 RCX: 000000000045c27a [ 552.205571] RDX: 00007f4eb8d06ae0 RSI: 0000000020000100 RDI: 00007f4eb8d06b00 [ 552.212859] RBP: 0000000000000001 R08: 00007f4eb8d06b40 R09: 00007f4eb8d06ae0 [ 552.220126] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000006 [ 552.227399] R13: 00000000004c88e2 R14: 00000000004df6b0 R15: 0000000000000005 [ 554.000160] net_ratelimit: 17 callbacks suppressed [ 554.000508] protocol 88fb is buggy, dev hsr_slave_0 [ 554.005156] protocol 88fb is buggy, dev hsr_slave_0 [ 554.010230] protocol 88fb is buggy, dev hsr_slave_1 [ 554.015242] protocol 88fb is buggy, dev hsr_slave_1 [ 554.020315] protocol 88fb is buggy, dev hsr_slave_0 [ 554.030315] protocol 88fb is buggy, dev hsr_slave_1 [ 554.080425] protocol 88fb is buggy, dev hsr_slave_1 [ 554.480110] protocol 88fb is buggy, dev hsr_slave_0 [ 554.485209] protocol 88fb is buggy, dev hsr_slave_1 03:39:01 executing program 5: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) shutdown(r0, 0x0) ioctl$TIOCGPKT(r0, 0x80045438, &(0x7f0000000000)) shutdown(r0, 0x0) 03:39:01 executing program 3: r0 = socket(0x10, 0x803, 0x0) sendto(r0, &(0x7f0000cfefee)="120000001200e7ef007b00000000", 0xe, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0x80, &(0x7f0000000380)=[{&(0x7f0000000040)=""/95, 0x630}, {&(0x7f00000000c0)=""/85, 0xfb}, {&(0x7f0000000fc0)=""/4096, 0x3f}, {&(0x7f0000000400)=""/120, 0x78}, {&(0x7f0000000480)=""/60, 0xf0}, {&(0x7f0000000200)=""/77, 0x4d}, {&(0x7f0000000540)=""/154, 0x9a}, {&(0x7f0000000340)=""/22, 0x16}], 0xa4, &(0x7f0000002400)=""/191, 0xbf}}], 0x4000000000000f0, 0x0, &(0x7f0000003700)={0x77359400}) 03:39:01 executing program 2: socketpair$unix(0x1, 0x0, 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="2001000010db55000000000000649bdb382db60cdb35feaf0900000000000000000000000000201483d9b22701010000d08a38cd02fa9ed7d2"], 0x1}}, 0x0) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x38) r1 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/autofs\x00', 0x10800, 0x0) ioctl$PPPIOCSFLAGS(r1, 0x40047459, &(0x7f0000000080)=0x4000000) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r0, 0x0, 0x0) 03:39:01 executing program 4 (fault-call:1 fault-nth:64): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f0000000380)="8da4363ac0ed0000000000000000004d01000000000000000000000000000013fff6f2a2299748aeb81e1b00920efd9a000001000000000001000000000000005f42485266535f4d860c1317278d451fd38e4071a1e91c0523b67fecca5b668ef40000000000000000e4bd9fa7c5fcb3aefd8d4a6c4952162a5a06316567de06abe647d21f253840c118ae9982c6c238e719ccfbd8f5ee215e30bf31f59401e921c6a9fca5349ebf4294d39b5931232929caf81701a7540962141efc672ae1459ef04de89c7a092e7f", 0xc9, 0x10000}], 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) 03:39:01 executing program 0: mkdir(&(0x7f00000000c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000180)='./file0\x00', 0x4) mount$overlay(0x400000, &(0x7f0000000000)='./file0\x00', &(0x7f0000000300)='overlay\x00', 0x0, &(0x7f0000000c40)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=./file1,workdir=./file1']) chdir(&(0x7f0000000280)='./file0\x00') mknod$loop(&(0x7f0000000040)='./file0\x00', 0x0, 0x1) r0 = open$dir(&(0x7f0000000080)='.\x00', 0x0, 0x0) mkdirat(r0, &(0x7f0000000140)='./file1\x00', 0x0) socket$inet6(0xa, 0x7, 0x10001) 03:39:01 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") r1 = syz_open_dev$sg(&(0x7f0000000100)='/dev/sg#\x00', 0x0, 0x8046) write(r0, &(0x7f0000000200)="b63db85e1e8d020000000000003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1faea009cf75a7eadb2a00", 0xffffff90) readv(r1, &(0x7f000085dff0)=[{&(0x7f0000000000)=""/62, 0x3e}], 0x1) r2 = syz_open_dev$swradio(&(0x7f0000000080)='/dev/swradio#\x00', 0x1, 0x2) ioctl$TIOCSPTLCK(r2, 0x40045431, &(0x7f00000000c0)=0x1) 03:39:01 executing program 3: r0 = socket(0x10, 0x803, 0x0) sendto(r0, &(0x7f0000cfefee)="120000001200e7ef007b000000000000", 0x10, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0x80, &(0x7f0000000380)=[{&(0x7f0000000040)=""/95, 0x630}, {&(0x7f00000000c0)=""/85, 0xfb}, {&(0x7f0000000fc0)=""/4096, 0x3f}, {&(0x7f0000000400)=""/120, 0x78}, {&(0x7f0000000480)=""/60, 0xf0}, {&(0x7f0000000200)=""/77, 0x4d}, {&(0x7f0000000540)=""/154, 0x9a}, {&(0x7f0000000340)=""/22, 0x16}], 0xa4, &(0x7f0000002400)=""/191, 0xbf}}], 0x4000000000000f0, 0x0, &(0x7f0000003700)={0x77359400}) [ 554.942953] FAULT_INJECTION: forcing a failure. [ 554.942953] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 554.955058] kauditd_printk_skb: 14 callbacks suppressed [ 554.955066] audit: type=1400 audit(2000000341.339:2547): avc: denied { map } for pid=19641 comm="blkid" path="/sbin/blkid" dev="sda1" ino=16128 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=0 [ 554.986249] CPU: 0 PID: 19638 Comm: syz-executor.4 Not tainted 4.14.134 #30 [ 554.993373] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 555.002724] Call Trace: [ 555.005309] dump_stack+0x138/0x19c [ 555.008940] should_fail.cold+0x10f/0x159 [ 555.013081] ? __might_sleep+0x93/0xb0 [ 555.016972] __alloc_pages_nodemask+0x1d6/0x7a0 [ 555.021637] ? trace_hardirqs_on+0xd/0x10 [ 555.025777] ? __alloc_pages_slowpath+0x2930/0x2930 [ 555.030784] ? btrfs_parse_early_options+0x1a2/0x310 [ 555.035892] alloc_pages_current+0xec/0x1e0 [ 555.040212] __get_free_pages+0xf/0x40 [ 555.044265] get_zeroed_page+0x11/0x20 [ 555.048143] parse_security_options+0x1f/0xa0 [ 555.052630] btrfs_mount+0x2bb/0x2b14 [ 555.056423] ? lock_downgrade+0x6e0/0x6e0 [ 555.060562] ? find_held_lock+0x35/0x130 [ 555.064617] ? pcpu_alloc+0x3af/0x1050 [ 555.069967] ? btrfs_remount+0x11f0/0x11f0 [ 555.074203] ? rcu_read_lock_sched_held+0x110/0x130 [ 555.079221] ? __lockdep_init_map+0x10c/0x570 [ 555.083732] mount_fs+0x97/0x2a1 [ 555.087095] vfs_kern_mount.part.0+0x5e/0x3d0 [ 555.091581] ? find_held_lock+0x35/0x130 [ 555.095635] vfs_kern_mount+0x40/0x60 [ 555.099431] btrfs_mount+0x3ce/0x2b14 [ 555.103225] ? lock_downgrade+0x6e0/0x6e0 [ 555.107362] ? find_held_lock+0x35/0x130 [ 555.111414] ? pcpu_alloc+0x3af/0x1050 [ 555.115302] ? btrfs_remount+0x11f0/0x11f0 [ 555.119571] ? rcu_read_lock_sched_held+0x110/0x130 [ 555.124603] ? __lockdep_init_map+0x10c/0x570 [ 555.129103] ? __lockdep_init_map+0x10c/0x570 [ 555.133608] mount_fs+0x97/0x2a1 [ 555.136984] vfs_kern_mount.part.0+0x5e/0x3d0 [ 555.141490] do_mount+0x417/0x27d0 [ 555.145032] ? copy_mount_options+0x5c/0x2f0 [ 555.149439] ? rcu_read_lock_sched_held+0x110/0x130 [ 555.154451] ? copy_mount_string+0x40/0x40 [ 555.158681] ? copy_mount_options+0x1fe/0x2f0 [ 555.163171] SyS_mount+0xab/0x120 [ 555.166617] ? copy_mnt_ns+0x8c0/0x8c0 [ 555.170504] do_syscall_64+0x1e8/0x640 [ 555.174385] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 555.179224] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 555.184402] RIP: 0033:0x45c27a 03:39:01 executing program 0: mkdir(&(0x7f00000000c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000180)='./file0\x00', 0x4) mount$overlay(0x400000, &(0x7f0000000000)='./file0\x00', &(0x7f0000000300)='overlay\x00', 0x0, &(0x7f0000000c40)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=./file1,workdir=./file1']) chdir(&(0x7f0000000280)='./file0\x00') mknod$loop(&(0x7f0000000040)='./file0\x00', 0x0, 0x1) r0 = open$dir(&(0x7f0000000080)='.\x00', 0x0, 0x0) mkdirat(r0, &(0x7f0000000140)='./file1\x00', 0x0) 03:39:01 executing program 5: r0 = syz_open_dev$sndseq(&(0x7f0000000140)='/dev/snd/seq\x00', 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000040)='/dev/snapshot\x00', 0x2800, 0x0) ioctl$SIOCX25SFACILITIES(r2, 0x89e3, &(0x7f0000000080)={0x55, 0x8, 0xc, 0xa, 0x800, 0x81}) ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(r0, 0x80045300, 0x0) [ 555.187578] RSP: 002b:00007f4eb8d06a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 555.195281] RAX: ffffffffffffffda RBX: 00007f4eb8d06b40 RCX: 000000000045c27a [ 555.202538] RDX: 00007f4eb8d06ae0 RSI: 0000000020000100 RDI: 00007f4eb8d06b00 [ 555.209800] RBP: 0000000000000001 R08: 00007f4eb8d06b40 R09: 00007f4eb8d06ae0 [ 555.217060] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000006 [ 555.224321] R13: 00000000004c88e2 R14: 00000000004df6b0 R15: 0000000000000005 03:39:01 executing program 3: r0 = socket(0x10, 0x803, 0x0) sendto(r0, &(0x7f0000cfefee)="120000001200e7ef007b000000000000", 0x10, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0x80, &(0x7f0000000380)=[{&(0x7f0000000040)=""/95, 0x630}, {&(0x7f00000000c0)=""/85, 0xfb}, {&(0x7f0000000fc0)=""/4096, 0x3f}, {&(0x7f0000000400)=""/120, 0x78}, {&(0x7f0000000480)=""/60, 0xf0}, {&(0x7f0000000200)=""/77, 0x4d}, {&(0x7f0000000540)=""/154, 0x9a}, {&(0x7f0000000340)=""/22, 0x16}], 0xa4, &(0x7f0000002400)=""/191, 0xbf}}], 0x4000000000000f0, 0x0, &(0x7f0000003700)={0x77359400}) 03:39:01 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = add_key$keyring(&(0x7f0000000000)='keyring\x00', &(0x7f0000000040)={'syz'}, 0x0, 0x0, 0xfffffffffffffffc) r1 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000180)='/dev/dlm_plock\x00', 0x400000, 0x0) ioctl$DRM_IOCTL_AGP_RELEASE(r1, 0x6431) r2 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/autofs\x00', 0x0, 0x0) ioctl$EVIOCGPROP(r2, 0x80404509, &(0x7f0000000140)=""/27) r3 = add_key$keyring(&(0x7f0000000100)='keyring\x00', &(0x7f00000000c0)={'syz'}, 0x0, 0x0, r0) keyctl$unlink(0x16, r0, r3) [ 555.259680] audit: type=1400 audit(2000000341.359:2548): avc: denied { associate } for pid=19631 comm="syz-executor.0" name="file0" scontext=unconfined_u:object_r:unlabeled_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=filesystem permissive=0 03:39:01 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = add_key$keyring(&(0x7f0000000000)='keyring\x00', &(0x7f0000000040)={'syz'}, 0x0, 0x0, 0xfffffffffffffffc) r1 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000180)='/dev/dlm_plock\x00', 0x400000, 0x0) ioctl$DRM_IOCTL_AGP_RELEASE(r1, 0x6431) r2 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/autofs\x00', 0x0, 0x0) ioctl$EVIOCGPROP(r2, 0x80404509, &(0x7f0000000140)=""/27) r3 = add_key$keyring(&(0x7f0000000100)='keyring\x00', &(0x7f00000000c0)={'syz'}, 0x0, 0x0, r0) keyctl$unlink(0x16, r0, r3) 03:39:01 executing program 3: r0 = socket(0x10, 0x803, 0x0) sendto(r0, &(0x7f0000cfefee)="120000001200e7ef007b000000000000", 0x10, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0x80, &(0x7f0000000380)=[{&(0x7f0000000040)=""/95, 0x630}, {&(0x7f00000000c0)=""/85, 0xfb}, {&(0x7f0000000fc0)=""/4096, 0x3f}, {&(0x7f0000000400)=""/120, 0x78}, {&(0x7f0000000480)=""/60, 0xf0}, {&(0x7f0000000200)=""/77, 0x4d}, {&(0x7f0000000540)=""/154, 0x9a}, {&(0x7f0000000340)=""/22, 0x16}], 0xa4, &(0x7f0000002400)=""/191, 0xbf}}], 0x4000000000000f0, 0x0, &(0x7f0000003700)={0x77359400}) [ 555.298043] audit: type=1400 audit(2000000341.359:2549): avc: denied { associate } for pid=19631 comm="syz-executor.0" name="file1" scontext=unconfined_u:object_r:unlabeled_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=filesystem permissive=0 [ 555.329492] audit: type=1400 audit(2000000341.639:2550): avc: denied { map } for pid=19648 comm="blkid" path="/sbin/blkid" dev="sda1" ino=16128 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=0 03:39:01 executing program 4 (fault-call:1 fault-nth:65): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f0000000380)="8da4363ac0ed0000000000000000004d01000000000000000000000000000013fff6f2a2299748aeb81e1b00920efd9a000001000000000001000000000000005f42485266535f4d860c1317278d451fd38e4071a1e91c0523b67fecca5b668ef40000000000000000e4bd9fa7c5fcb3aefd8d4a6c4952162a5a06316567de06abe647d21f253840c118ae9982c6c238e719ccfbd8f5ee215e30bf31f59401e921c6a9fca5349ebf4294d39b5931232929caf81701a7540962141efc672ae1459ef04de89c7a092e7f", 0xc9, 0x10000}], 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) [ 555.426554] audit: type=1400 audit(2000000341.789:2551): avc: denied { map } for pid=19663 comm="blkid" path="/sbin/blkid" dev="sda1" ino=16128 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=0 [ 555.459984] FAULT_INJECTION: forcing a failure. [ 555.459984] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 555.471815] CPU: 0 PID: 19670 Comm: syz-executor.4 Not tainted 4.14.134 #30 [ 555.477092] audit: type=1400 audit(2000000341.809:2552): avc: denied { associate } for pid=19666 comm="syz-executor.0" name="file0" scontext=unconfined_u:object_r:unlabeled_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=filesystem permissive=0 [ 555.478921] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 555.478927] Call Trace: [ 555.478946] dump_stack+0x138/0x19c [ 555.478966] should_fail.cold+0x10f/0x159 [ 555.478988] __alloc_pages_nodemask+0x1d6/0x7a0 [ 555.501777] audit: type=1400 audit(2000000341.809:2553): avc: denied { associate } for pid=19666 comm="syz-executor.0" name="file1" scontext=unconfined_u:object_r:unlabeled_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=filesystem permissive=0 [ 555.510937] ? fs_reclaim_acquire+0x20/0x20 [ 555.510953] ? __alloc_pages_slowpath+0x2930/0x2930 [ 555.510977] cache_grow_begin+0x80/0x400 [ 555.510990] kmem_cache_alloc+0x6a6/0x780 [ 555.511006] getname_flags+0xcb/0x580 [ 555.511016] ? fallback_alloc+0x222/0x2c0 [ 555.511028] user_path_at_empty+0x2f/0x50 [ 555.513756] audit: type=1400 audit(2000000341.809:2554): avc: denied { map } for pid=19664 comm="blkid" path="/sbin/blkid" dev="sda1" ino=16128 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=0 [ 555.517226] do_mount+0x12b/0x27d0 [ 555.517237] ? copy_mount_options+0x5c/0x2f0 [ 555.517250] ? rcu_read_lock_sched_held+0x110/0x130 [ 555.517263] ? copy_mount_string+0x40/0x40 [ 555.517278] ? copy_mount_options+0x1fe/0x2f0 [ 555.521560] audit: type=1400 audit(2000000341.819:2555): avc: denied { map } for pid=19671 comm="blkid" path="/sbin/blkid" dev="sda1" ino=16128 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=0 [ 555.526062] SyS_mount+0xab/0x120 [ 555.526073] ? copy_mnt_ns+0x8c0/0x8c0 [ 555.526087] do_syscall_64+0x1e8/0x640 [ 555.526096] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 555.526115] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 555.548870] audit: type=1400 audit(2000000341.849:2556): avc: denied { map } for pid=19673 comm="blkid" path="/sbin/blkid" dev="sda1" ino=16128 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=0 [ 555.552970] RIP: 0033:0x45c27a [ 555.552976] RSP: 002b:00007f4eb8d06a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 555.552985] RAX: ffffffffffffffda RBX: 00007f4eb8d06b40 RCX: 000000000045c27a [ 555.552992] RDX: 00007f4eb8d06ae0 RSI: 0000000020000100 RDI: 00007f4eb8d06b00 [ 555.552998] RBP: 0000000000000001 R08: 00007f4eb8d06b40 R09: 00007f4eb8d06ae0 [ 555.553004] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000006 [ 555.553009] R13: 00000000004c88e2 R14: 00000000004df6b0 R15: 0000000000000005 [ 556.080168] protocol 88fb is buggy, dev hsr_slave_0 03:39:04 executing program 2: socketpair$unix(0x1, 0x0, 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="2001000010db55000000000000649bdb382db60cdb35feaf0900000000000000000000000000201483d9b22701010000d08a38cd02fa9ed7d2"], 0x1}}, 0x0) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x38) ptrace$cont(0x18, r0, 0x0, 0x0) timer_create(0x7, &(0x7f0000000040)={0x0, 0x1c, 0x0, @tid=r0}, &(0x7f0000000080)) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r0, 0x0, 0x0) 03:39:04 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x8000000004) writev(r0, &(0x7f0000000080)=[{&(0x7f0000000140)="580000001400192340834b80040d8c560a067fffffff81004e220000000058000b4824ca945f64009400050028925aa8000000000000008000f0fffeffe809000000fff5dd00000010000100070aa804000400000000fcff", 0x58}], 0x1) r1 = syz_open_dev$cec(&(0x7f0000000000)='/dev/cec#\x00', 0x3, 0x2) ioctl$KDENABIO(r1, 0x4b36) 03:39:04 executing program 0: mkdir(&(0x7f00000000c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000180)='./file0\x00', 0x4) mount$overlay(0x400000, &(0x7f0000000000)='./file0\x00', &(0x7f0000000300)='overlay\x00', 0x0, &(0x7f0000000c40)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=./file1,workdir=./file1']) chdir(&(0x7f0000000280)='./file0\x00') mknod$loop(&(0x7f0000000040)='./file0\x00', 0x0, 0x1) open$dir(&(0x7f0000000080)='.\x00', 0x0, 0x0) 03:39:04 executing program 3: r0 = socket(0x10, 0x803, 0x0) sendto(r0, &(0x7f0000cfefee)="120000001200e7ef007b00000000000000", 0x11, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0x80, &(0x7f0000000380)=[{&(0x7f0000000040)=""/95, 0x630}, {&(0x7f00000000c0)=""/85, 0xfb}, {&(0x7f0000000fc0)=""/4096, 0x3f}, {&(0x7f0000000400)=""/120, 0x78}, {&(0x7f0000000480)=""/60, 0xf0}, {&(0x7f0000000200)=""/77, 0x4d}, {&(0x7f0000000540)=""/154, 0x9a}, {&(0x7f0000000340)=""/22, 0x16}], 0xa4, &(0x7f0000002400)=""/191, 0xbf}}], 0x4000000000000f0, 0x0, &(0x7f0000003700)={0x77359400}) 03:39:04 executing program 4 (fault-call:1 fault-nth:66): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f0000000380)="8da4363ac0ed0000000000000000004d01000000000000000000000000000013fff6f2a2299748aeb81e1b00920efd9a000001000000000001000000000000005f42485266535f4d860c1317278d451fd38e4071a1e91c0523b67fecca5b668ef40000000000000000e4bd9fa7c5fcb3aefd8d4a6c4952162a5a06316567de06abe647d21f253840c118ae9982c6c238e719ccfbd8f5ee215e30bf31f59401e921c6a9fca5349ebf4294d39b5931232929caf81701a7540962141efc672ae1459ef04de89c7a092e7f", 0xc9, 0x10000}], 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) 03:39:04 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") r1 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x8046) write(r1, &(0x7f0000000100)="b63db85e1e8d020000000000003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1acfbd6cbf87798a9b02de7a91a3cbdfa009cf75a7eadb2a00", 0x48) readv(r1, &(0x7f000085dff0)=[{&(0x7f0000000000)=""/62, 0x3e}], 0x1) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000180)={0x0}, &(0x7f00000001c0)=0xc) r4 = getpid() r5 = getuid() r6 = fcntl$getown(r1, 0x9) getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, &(0x7f0000001d40)={{{@in, @in6=@mcast1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@dev}, 0x0, @in6=@remote}}, &(0x7f0000001e40)=0xe8) getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, &(0x7f0000002200)={{{@in6=@ipv4={[], [], @initdev}, @in6=@mcast1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@remote}, 0x0, @in=@dev}}, &(0x7f0000002300)=0xe8) r9 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000002600)='/dev/dlm-monitor\x00', 0x101880, 0x0) r10 = getpid() getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, &(0x7f0000002640)={{{@in6=@loopback, @in=@empty, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@mcast2}, 0x0, @in=@initdev}}, &(0x7f0000002740)=0xe8) lstat(&(0x7f0000002780)='./file0\x00', &(0x7f00000027c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$sock_FIOGETOWN(r0, 0x8903, &(0x7f0000002840)=0x0) getsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f0000002880)={{{@in6=@mcast1, @in, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@mcast2}}}, &(0x7f0000002980)=0xe8) getgroups(0x1, &(0x7f00000029c0)=[0xee00]) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000002a00)=0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000002a40)={0x0, 0x0}, &(0x7f0000002a80)=0xc) r18 = getegid() r19 = getpgid(0x0) lstat(&(0x7f0000002ac0)='./file0\x00', &(0x7f0000002b00)={0x0, 0x0, 0x0, 0x0, 0x0}) r21 = getegid() r22 = getpid() getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000002b80)={0x0, 0x0}, &(0x7f0000002bc0)=0xc) stat(&(0x7f0000002c00)='./file0\x00', &(0x7f0000002c40)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000002cc0)=0x0) r26 = geteuid() getgroups(0x3, &(0x7f0000002d00)=[0xee00, 0x0, 0xee00]) sendmsg$netlink(r2, &(0x7f0000002e80)={&(0x7f00000000c0)=@proc={0x10, 0x0, 0x25dfdbfc, 0x4000}, 0xc, &(0x7f0000002580)=[{&(0x7f0000000200)={0x328, 0x21, 0xe10, 0x70bd25, 0x25dfdbfb, "", [@nested={0x198, 0x1b, [@typed={0x8, 0x0, @ipv4=@remote}, @typed={0x8, 0xb, @pid=r3}, @generic="38ece7948ed74457ad82b1e1d82f7f7299c373d086031d7d15a733742455ce8882080b9e0b0a15c8f6adf8b208d0712d62f0108e7800e95fafcf59b8c3234af0c125f145573efc9fe0c0fc83b8a1c671a24ecf8396ab58488b21b1e81354a117d0f11e6feba846606d36c93d65cf2d554fe2080a601d2932c5693673b4c091d6615d565d4c05", @generic="de5246fffdeb3db2a02a7068b8ac0e1ce22b24715ce1b82044b3a5693ece6967957c54460c6f9161f54f15f11097c034b4df875c7e831d086e585c98e3877f6705a6e0fd4515e17133bda6d25fc1e45639ec99cfa3de0cf71e50cff2bee3abeb78f8a04759d839c2f057c1ce87bb3c62265c26db3caf98916adcb9cddf270f272a431bdb95e7978fc6915c005b6ff9aa857bec9e802b5f3b151542d8732880ca523c9bd0b8dbe088b726066612dbf029ce70ea5586116447448420935566c7df5efb67972b8d15acba6dcce4e944af68aee9adeea7e17dd9114de3e6fe596b635a4c0d3cc142be17bacbf585131d778a33ce4bc1ccf6e903fd084cb7ec3a"]}, @typed={0x8, 0x73, @u32=0x1}, @generic="5e63985155773370910561a103f09c89bfb65ca9e508025acf39d9ef6f3419e5c1dd98a38cc811f9f8092d4a6a8bedd8e11c609a6ecc67add2ee8e49ceeac94dc75e247e66134287fd157e8b0000f1818ef3dfc72314057b772a494ff595c7dc47b46d7b09f3710d46cbe63ed4b5038f82c5c20091ca976269668cd9e2c882e81cfd3cceecbd02fb4a555193d91ba71819dedb98df031df49d125ccadc0fa59027e72bdd7f70d5bd8f66fafbb5a0906d5de3b720fd6e4af1988e8df7f4ae1e59a1bb1f1fe8052ab1b1c601944e", @typed={0x4, 0x79}, @nested={0xa4, 0xd, [@typed={0x4}, @generic="dc142482e5d61b32fa59da148b804da14cea3c7789435d238d298bac81c12d746c3e2394d40d19f9e234543025999cf5d14ad80e91f95da3719f2af75e5bdc5f462e1361e0f2973f4e48ec3655caa9160aa785970d238df983344ce4a61befe4ccc53c76c565112ec4afb5a9fb68b99d90aad60aeb9571e634986ffdf55ed49545ae49e9d04fffe19fa7c13654c5c59a50b779a287ed481b8071"]}]}, 0x328}, {&(0x7f0000000540)={0x370, 0x22, 0x410, 0x70bd2a, 0x25dfdbfb, "", [@typed={0x8, 0x50, @u32}, @nested={0x1f8, 0x56, [@generic="d9aaf98929f969b1c18d4669c9e6633bc49a1248418d93f04e581322ec77ad062e4208cd568f558eba470f8447c04f339f293eebd27cee29bfe9dc8b05e3956d3a5d2d97429e5e", @generic="b3682c4938de206eeb3839e3f97866ab7224d5ed0d41c3b5fa77bb45a1130c98f56035a4251bcebb9f62895af5ede46efad7d161e2aca1bf8e285246f5830cb7e383287805d1e6c0f45f3e6fb6d31fe84e48641692eef8d6a3332551b89998f27854ec53bb13eeef401f0d87df320e449572dd51d6b2e148f8ebcdf12bc2419ea6b7b151e86eee9a1a090ebba3cf00c872698c0369f6f171002d5c47890f2b2d095cdc373bdc372a1e264be4264260ab153da88e6917efd51079dc8f2a06c013aa116bc09bdedf3c14601603db3133a9aa43a698d321", @typed={0x8, 0x1b, @pid=r4}, @typed={0xc, 0x8a, @u64=0x2ef}, @generic="085cb9a4e6cd328eba2d46bf4226e003b72cf5bb2439920d5378786f874c313d08d120b13acd32f51d8fed6456ef7ecf1e31cf74b7072675fa10146374cc73967ed906642aadb3cced7f4b0efb5347b8c8d4b9e70366d175d0ad03cdc0a001492f094d1eebeaf1770193558c6cf9eb9f07f2b8d787567651358dc4c22dfae5b5719161e04a05e63b0e6e8bc4863f32c84a219741d70347f66b57a94e3c485f0bfce81e4e55f362bebfe59438a603c8ce071f36b0e30643f2c9c9bdb333e723d0"]}, @generic="b79548da8516f6f1c387925eb917d074b73b12e3f0cc5b63618b0d478926fabc8634fb3a55dd3e112f458947bd24569ca1f0a80f11290064e10ac5b706581f25754bd6b93c32bd858256d3a2068ab6530afb378ab6b605d606c9566dbaae", @typed={0x14, 0x4, @ipv6=@empty}, @generic="87f5d81a19623ecdbe814e30b1d9dc04f5ad1126ff25040d96e1bd09955b23c3ff13c0bdc5d8e018d773b5c90a50f190c08115f56cfb85629bf04c84153016f87e22b81a428701e563572374b72b7a793baf540169741c286982ea2beef9675316b47011f4eb3a40f2cbaa08455c2668ebd487d849ea87cd8754ad4fdbd2c6421a46cbf1485cbe0cc681a70d2df94f38f1c1a5aa525c029ba0dbe4411eaa07eefb11c08e3e6c3f757be8c9ac69ce155d4540020fbb41a966d4258f731214b3737c36244104cb42d8cb3b1d50a79d32ae80382f2584f8e879b83a3f335d411846a2ee307745705a72191ae7"]}, 0x370}, {&(0x7f00000008c0)={0x1458, 0x1a, 0x720, 0x70bd2a, 0x25dfdbfb, "", [@nested={0x448, 0x58, [@generic="bf23af5e33b619d1f14028457072ca2c2cff4580638408707962aba612a691a0fb884d76d29477ae0bb19035186fef69c4f39d7c483687f4d9cb7d5533db80e710d80e1af94859e12376217b439e6393fe8e62c6dbea958e76751e99ee0ce04af51740af6d21b4a841c04d5159425701b11d9b72c88c4950190f3347af84c814fd9a99f23bd7f8b35e82d9b278edd569a8044ba4eda46ca3226e887126b089575570ef0e48268f6199519345f05d407c38c14f5d137e781e42905abea4968b21b1894da0fb7d885765d667fe2b6b8103fce690293c17ef0d8f2fdbb934f73010d80b81c16e790163", @generic="427d160ba62dc2a2500eee5b46b34945c85de59d5c0f74221220e6311b515e725b46b6a6564da12d75163a0f38f6678cfeffada487b1ae5619226a0ebec3835de331c95d97770152a3e48d4329642b661e206c0a884b054989043e0fa20e3b094a13b429b199eab51310", @generic="e0487a2e11245b6d295ab226c6efaa52534f56377162c1a9554609d170ef37aa153d46b0ec498edb17e13494f1ea446492a01019aa07a73ccc2815132eea2cfa1dd29e021cfbd70058a26c9fbaa2147e980da9c864f15a929cb19658f91cae68ab84d960cc440a8f580a889278594a6a669f4e6684263e994faad98592bc23", @generic="d8039e0750c322a6ee7f254dd77e4cfb6e50341dc1dc79a720df06af7b111e91fbd117a2a57eb8427615cd44129d4a7e8b1d939903ed03aca7d193591656a04a47ec1381f5d9b48fb97317056a877e66c1fe181994eb82e0bf1503b546a9edf31e82227c93beaebac8b7d83084063a314ef6de3f6a5066d4df7296c9f3cc24c172aec7699de8d44949e8c929784bc0088eeba0dc51886c6fda15abce6024b4fff669de0203bd32a2bddc65e89d435ba5735e1fdbb353cfb55e7ccb79de1d2f10f644", @generic="b815da430e5b87cb4f703e4ee2a0808fd68fba6848894f308bf4b7a798d5443c4faadd610379adc5f028f8d532a32446bcacf37d501ec1aa64799ae6feea4d3b3c33e99d145d8a7081b5837451f17470f8c86e4bdc2392f0f9ecd46d9400bd75164d69b5680696101562b2d7ec2e571fde4007a089944663552da43c30b41ebab577514da24f1bb07b2d074973589585f2c045b8f68a0712fab6591ff6f5482a6df704a22d8e051896fb58359b992d22c081500bd6a53477375080f9acdc7b9c79c589e70059c7e5442b971cb9646dc0eb8902be5f22d8626eb24c078d9845630236c288fd80b98c23a811e327323b", @generic="8546a169a911026ec2c394cb2a64fe59193f62bada1bec59395a09f91ddc88a2caed53b5b507ac98eb6c5f07fcedb93141e12e3733a283db4aee18fa97ee9295b3afd1f2b157da2d6ea8c17c32005e9ee1886e3a62253d058ab391069189076449fccbff89858e545386914dc975c89a340d067e38108807969dd2855a5012c7e3c2af85b4febb993c13a43139e778e8c89a18e3dfb0caf47c0ac156f3b7095f50d6df5f724e5a3e050be87aa858a799afc4de4362865ef524aa5314b724a4"]}, @generic="a9dd0a173728f72a4d3e3facdb03f766d81ab8d1c1b5db9e8d45df699f266c5a7a5a701e858f7384303a5a47747a4376d6648d5fe1d5744b1fa62d31e6e3f5d88cb2c6637a16c69405a4c5f94935873c1ed2edaf4b34bcb9a2d3357acad3388cd52cada740aecbe822739706b1d1ebb2b77c2e00c7b426d70d3c58845a280b578cfd97585683d1b4cc1bfe552134528f15b990f4b37fa0cdc89d2f85d014fc5d53e71980554dfbcea7bdf5499ee2a8585753cbd9f5cca2362712dc9f0583037c9656aec4043faf2e7317c2aafaef29e73c5d4aa426b46e6eb6c878f5946c6618b8da8d432964db7af50e912febf2fd64336ad0f403deb256fc5deba12015e48be870345c723363b8ab1189cd710dcb80ea3fed1f7ae900e458a55e1dede3a381fa1e7e0dff66f20c53abff94e0f0740faa960aec4b8dd8e6dcc5bf4c07ba333901de7687163bf56b4167d19b28ea85236791cb5c5fd34c622e33c7867a9a415ee2534924ffcc2d69951d6faf3f54ba39e69c11f2d3d8ca854d90348290b3904ad590df9cb314bcb370539f5bbb1db009d74689bb006866f9e607b67914a67af4f8becb936276433599f2022edee9535f182e0306d98fa805c8c5997eec68d0fb0e0c5a7772e139023d23ff95d0466431b4c9f8329f4f2ec7290a065440ad9ffadaedb525d2955d30ebe8c9d69375f4d4531a00ca49b4186d808798999434eec864bdef5e49576544a4c5d3b33c5522ea0a2180bd6409d1353e05629b9555d07b059e3da9b8b6fca415928cd606b57dbc64dace48027b71b362466309f430c7546f1de4652a5198c161841e66e5b67f117d6364d57d3ae5487ff88c75b140ce2e0071a9028556fd99a16de0a28a720019799b250bdadb6abaae75860fd5acae359356bb9781465cfbbfa7d7a8fcd32967ae63f0c072275fdb5a9e84853eb1f63cbc9ea904d2c7fc6c9dac01ffaf9ce399c6e66d16c71f2fe508ce6ccd011776288cc6d544b4a577ca795fcb4a50d71b87783c0d222c98b8473e95a85abddc9ef12f4c224fb57103fae3275f2788923db4b46ae169a4736325ce1b6e99ea90d348bc6d9b55174482bf2a76d1367b3c8d461b2f96e52beb8d8c568065d8373fd1b841b9e685fd1337444d00b05c8bbe3c0cd85043645d2725b36d8d8721436ccd3596f21df8acddf666c2f4764efcf295fbbe3f11e844dca8941e4c253e7bca426881b1c0d708e1f3905a08c5fe837dc1b86eee9123ec853a563f008bcd852df3fb37f7a82471cce7bd66ae0a67004abc59cb9e4206245a2d38c17ff3de63300d2a4625eb06fb6792a1432b39ad70c4d55ecd87fb08d81f292aa065337b99f0fac6ed0f0a6de2f488c503787dac21bc515cc59eb9a91d7f2ac45aade15bfee022f11858d8c037e84c299adef064786ee67537b90722b71c6bea0299a074ce038736727ffe44dfe8a8fc18d0494d823ef0ec77c07374e4bf4a4b84c4f4bd9f4c389b5376a708c764eecab05616361f9c71868239eb86d42bdb604e5354f00a2ab916f98e7515fabb58109b36641a963741215096bd66acc44b77ed5a8d0a83ebbbf9b8ae9e5b3fa9214c5af10061939db54d89026f24e0da163196bca45a5353f8c657ab974ad9e82950e8cbd7928303ea58d5063faba0e37f4a04c9b8ff98c79e2b76b0046c57bc1b8ebddfe5d995e2418b8eabfa6940e1b01299d0a1ebed3ef2d5d0778a805fd5b9cb988107bdee9a097361121ae4484daf373a8a875359d0f1e5b280353aef797bea6b3256de2f2748d05508184be897c4a7c71f642f156eaaa214e1bddae9b388099603984f10b19d4d1ce096c5640eceb1cb859d4b64f8667cb24d04281a5c8ac3aa500f4495bbd3b0d76099d3a180ab2d6058b0d413bd8da0d3a488a1f8d726be87ae7add8347df6e81dbf71a895de0262b0acf4fab6a80fd8eebebd4ab2f8475edbf9109471031d6294f94c946cd3677cdc0ca37a16556f60670876c38181e633246192f19905fd1179a10f572fe9b97dd6fed1afe5138804af3feec899749413f7a18b4f12dc25d6b88984949005139dae31e61a3d84ac33d4f83034a34720a1a5ece2468aef760c4619a76069a2cf8cb234e8debe195416a0a378cb0300b15e645f1879d1529bc84f48759951db23c695f11b90e3d528ff6400e14b27a3808d301ccd4f3eacc782a0fea95f913de286ec97f323f0b788b5d274e79b9edd3d2294831bf07b6552b1a6cf621a84420e5718bab0d25b7adec08b020d0bbeea9460b50bd2842f933c459dac73fbd63c22958282249e10a7d52ed7f20d603315af8f77557528d9b56f7bd0260d094f67a093ae17c31557fab844dd0585b2e3597e6cde3f7e9d312ecd82ff2f75b9814796db78636235ad3a7595f8cb00ab0ca0f37cd428a8451407289160859aab1d40e379ccd859b9fac277b0b09e3d8f26a4cac2bda44b2ff5825d4c5ac7463dd616508c7bfb9227761754e0c5bac735e2fea14c3a2b5d190d5396b47aab5d86f307b0fdf9e44894f3c40a06d8861df16b0ab6f1c4f38a69b4fc8e13af1a94ff6638cd1d874ecba13e6c09cefb4904a6bb2de76a975866dcd497eda9d780b96c669240e5cb09c8a8ff99b07ac4fa6e69b232f8c17c76ada356d8802f421fb0867809571656f80d297ec9c47a617b5b1f3466c582cf17833fb7f589a32844485e4d1e2257e94c0bc4bf3170944c22b7a2c1fba2459492511ec293082e4e6a4f9dbda62f73f7eb80aa660b2bf7db893ef33bed2011b3164ba6b3941293456a73a6890f03b429c9135eed13d017502dd05d9354afbf62dd6cdacd18351caa0d32aa528e2196df511e618554e2b444c18ac7cfbc5974fe0eed3b3d6328de91c501e72fac7c784b1bcb422c955845e46963f6fb972ba8af75236b71299ab2805d1aadf68ea85533bb0db7fe5130531bdf4f383686ea730a79955690b4684fe892a96e497aaa99af802724f638ae9e4d504bcc7d17e0a544d383a9fb8b61ffc34a93c034e5f98eb2881781788fc7e430336ae83a0886972324473bd6365c65790adaec4d26fda22ac24b73e730ab5c180fdfe72b8a30b6eaf53c872a01f32753ae4d3bf4d042bb005564ac99a15393305b660e885206e48fca7fa04da250c9a44f85152f6e72b293e7b46c4e88b2fa8552caa6bc289e7b099ef1fd145c9fb04d5d271fb543f84dc735e2b4d5856d12122fb02603d0fb0fd65dee5f8042e7d1d3ba8b0c0f5697c1e850349a65a2f911a9a2701e88232940a0e350ef495526b8cb8f147137df10e870f93f2e3de8da5b50cdec4152b14156098edaf33a4b9d8b2a521d255e9703566e9ca10b6df5953e0aafd89c6ceac6e4c4fca934789ced2939aad73ec42e05ea999d78876e05923a85e14c0ecaebe7ce724cf1dc8e069376fed532c11107161de5fed58597e00547ae7db1960a349194fa91af101bd4da82dcd17c46897c700bc0a3ae3c10da8cc811c2080f6eed91cf31adf8bb8519d0a5a2e0e1ee07ef686dec8cf3ee7a021cb244ff5eb97be4e141ca17176c51c83beb3edda117c4ee7087c71553a13e84f0dbe304fff91b67899cd01854b557edb3bb7c61cd7dcc2354e2eb56f8545abc3ab36b12bdc6f93f684ae823f6f82e78364e8c1d48f92d9bd74319b4423e03297c76d69becb7d5d78e73b5edd3fc3672f5745893783edf745820b727e050582d0fe25cb519dcd1a80bf1655bc7de7e96d427031c870838d96301f0804ed5c9d0d2c192ad91c2d5ffd6b55fbcf8e9a108c81297908f328d73411b798ff4f02dbe69af464e1d7947fb7a10977b55763a003fedda57dbfb00b4de311521b69548ca7327d3289df95e6a21b4df545da9c772da5002b5824ce5686c5457593f714b4d0e00d91dc91be69e769b8223c8da14c66795cd1fdbabe069971c14059b0e9d0d2443fb0ec4cca205a55b7d039c7da321ac448a2030f4d95e1299e244c4ee66ab70e406e26055cfd307e4ad5b0745f6bb75df02e037dd257be20c329c904580e162cba156c40511bc16d0d20ba1669a92d9b9c40dbba1fbce1555b9a8a2a971a38517a408b97c1fca842e7ea57760a33ffee3ace7b129337969f451a9e63d7177a87dd9732b0f2b621a03f5416f882ae089ae40a71ec9a1e6d857be9eeb36d27b5418e073e1e1f3ded94a9a54733f3bcb39840163636c005b51e8bd4886c36bdf3e4a8db2e438d5c799933dce663f2225e3bcc2aa5762276454bb4247dbbbbf59bd50315eb45d38cd36ee914925bd77dec3fcd60bdeea12fcbc5c8a67b950ba1a0e16037ea5e5e071fe81adb315a6d37780011577454e49220175ff2b3fbd582ff9ce16822fafd27b2d5437db004a08374123c4e8c078353830e47191497148137dbade61a9a3c216bdbc1349f8e21dbcdc91a9427e98e38233ddf635bcdfeb8b6ebcbec406d709856af57e0e6dfa87355f01897186859f64bd7f7576f9d21cddf36a065aaeba689bb44228589214a5b7c6349b126c48aaf2a533b8378f72a19767604a2d5ee4a1306a9e35828b21a9d7ffacbc58b2c1664bff80727ab4db5c4bbd96391b3045041c4cb7347516f55a3006315704bb2d0238d99a137c94200004f7865a647d2d51fe19a4784b317cc4777c44f0c08131c079e8b06e9639537bd18e1a4ae38516d59d1d53d7efdde350f9f7e86ddf79b6aabea313b364586e61569f5329b360a3b86ad6e0ca4cd4f73022800c83a8df15184ecf74ad774c4b9706382a319e04b706bbc3b3183a7b5e47bfa94adaba1d8a1d5922c1b1be4895ff31f0d7a07e1f109e98ddb0e182b3500197dfe8ecffb8d0352c1f4d3a32fcc4a6081965e3e9c75658a7495aca7cbcf08d92bd064a3e27d4264a97f6deb8ae13061873678b5f178e04b1d3873f699e2a058b512b7e05cf5ab2c6861436d83c0cc52eefa3b575c4c29bea7a6e35e9eb581b5b2f6a7dfa4463be6e10ae512ab2987d02bddfa48213e68f1c3cceeb8304cf1099b3482d693e2f143a45c843537203f818805cb8d2a28510a9c47304e1c5752ea5559f7dae5f85622775ca9c5ea349c29f3475ab42084f8e3441e0d219a38a945503620d811588181d26293896088450ed82b15b47f607e24f2d60cdc324c42a5b031e36008817b3c3085e1ad18b357845c5acc980affdfc1bead084d7552c0d7f33164ef5bc5842a00edcec21401b800b65f67b0c9f9b4b527057283a8cf4fbf72bee4eb451fc8e899bbafc03fe0513fb5d8b67e3d1f9eae3f6bb30d7aabbcfd2ba2ca9f9e80b00489fc9ccec4989b574481fff74dcd8d01dbbf42294d2b342142069154bfb64374959ffe52fbbf8360eb525b52ca4ad0f72b03906e34f5850433748e210cabed9345ff5066af5b66677fa0d758c4ddf5f7ec88b5ade851bdbf7c54ca57ba408d1002a36fdb9bd21b0dc4b9ebabde353a1bedeba4fb353fd89c8c09b8a667f0a8857de656d7649a39f8bdb5dd68abe778631b1ae746a12dcfbcd227371ec89c671caff8bf6f7169095b8754e01bb275da4c116e03df8c4ec2f603e338c33374aacaf3f9e44ed35c682acd25cc9bfa974c32990d929c128703e0007f99f5a11a7da1ac72dce747613fb34116d8c436b68a8524cb3e5676235b4cd462845756dff431db5b869896d99fdc0aa6a9ac91a86a3ee09715c704c4b21856d250fb84501f4ff5ae6372f6978cb5b7a1452ec92540b7094246c9220499ae304ff53ecf0daf7a7699ee1a5064570d3aac298099edf70bccb9f5e94950b41c7a3781344d700a5e582ff6386eb4a4acb9b8"]}, 0x1458}, {&(0x7f0000001e80)={0x260, 0x31, 0x12, 0x70bd26, 0x25dfdbfd, "", [@typed={0x8, 0x1e, @uid=r5}, @generic="704a9c2a1dbfa04f1e66e1ae58c19eb5614619a60464df46dcc7c4545fb47e2ec514099852a9ba33ed132877b63e5e9858482c58efe8001b7e867ca2b860edfedef47b181f942c97f3245795dc0b153319551f3f6f77b84f0f338907f0e42477e046b2f3bb0a06785709cda8b8a7a0fa8e5736a0b2dfe3a9fceb57b0930e6f95057115d26a2caf5929c8bdc4", @nested={0x18, 0x28, [@typed={0x14, 0x6f, @ipv6=@local}]}, @nested={0xa0, 0x96, [@generic="444e87e7ce335d6ebbefe62aa668c60d6282af054bc8014af280076888b982e4a7f89d792ece01db71e51d9b594364a2d6e7b34b0c6bdce75794d3b538fecd147d72205fbe63dac211471eb6423245aac0427708a95e86d263276aa2d24ee28abc23750398514e409316a6754d387024a02bac8b", @typed={0x8, 0x2d, @fd=r1}, @typed={0x20, 0x93, @str='cgroup\'&proccpuset{,$em1\x00'}]}, @generic="1368034334fbb6bd3cee673728c1793ce48e44c540295621ff04290de504a6ccc4ac9cdf642e02020093acc4317d5953817db9da0b909cbe476b78bf4b6cb1cc9ec5e811b3253571dab2b9314f796c81f998154c61c341d81632a5b21079a906c018b10b3f251251a0964a6cc23d4265e96c2858b1dd706b88d2181c2f8c7e35fdfdcaee75b31f202a6694810d50dbf0578e88f879d5901d9f61d71a7f5b0267c3aec2169e8e71893d87e10dd092969cb7fbefa189424b7ddd2fe1608c1b9e96a6365bf637e6c1589eeb469cadbbed14d059e357b29952a108e08faae14dfe36b1d585b12e1c26176a4a593b9ddb253cef3d8b11", @typed={0x8, 0x28, @pid=r6}, @typed={0x8, 0x12, @uid=r7}]}, 0x260}, {&(0x7f0000002100)={0xf4, 0x32, 0x300, 0x70bd2b, 0x25dfdbfc, "", [@typed={0xe4, 0x4, @binary="dc980fb370c346a8aada1b2b084574e0526b084182037471debd8c2ca875359420381d0a1a4751be67b9ac99965bb303807af469ad94f2f9f7dcbe5d23f343d6b5817245f84a429e75bc4e0969ed25677fcec68c4f9632efcb2b1483c7669ef7121bdaa029cf46b64b959049fbfc2c7823b18776969ff81f66003a6a8a8c3dfee497691a0eff468e44b08ac538c2323dbc87a0e0115dc3fb83a4efc38e80aa36dc96c8a8af617ba9d135431509de385f89009c6de285e67f6745347057bb3253c6a612c2a78691e10aa5394cfce0d807301322c10afebafaf960fc2846"}]}, 0xf4}, {&(0x7f0000002340)={0x238, 0x29, 0x300, 0x70bd29, 0x25dfdbfd, "", [@typed={0x8, 0x72, @str='[%\x00'}, @typed={0x4, 0x29}, @typed={0x8, 0x5d, @u32=0x2}, @generic="feb682c97439be2e1e22b0e70cfd5a471ddb9c985c46b044ac71c2011570b2d2e74efae23aaf4f74cddef6c4e80886876f733edac8d821b11e40f9d08fcb04188cd8c5a07dd19cc52b544a2f905f6756d4b65c4d9dc3c39074c4b8fc896548beb218daf615101601c7f59844fc445932253de559ed99d13d94f0bc02b552837c1ec553ab1f0b0df61524ab1624296be8d3d186921cbf4097d12e047f3de16e08cf77bb", @typed={0x4, 0x4e}, @generic="c34eccc1ddae1fcf13de5112957be8571e961556d78ff9832d6c656752a69d0ea2ceed9350eb64d32ead55cdf702adf813703bee691c190d11fc75ce61a570f688bf9ff2e562a3b1acb56592892b3e872231f79f834e895b810f282e53e9713c1df81b2a164ece6a0f088f7fc937f68946db7786646cbe0df8db698be65aaf", @typed={0x8, 0x8f, @uid=r8}, @generic="bacf469b9beef71814f0", @generic="511d3db8f92259abf58041071bd60b", @generic="928946bf40dbe27200a73b8f2b0ac06c6898c9e386eef1807d9800e52cf2a33226e7973ef3f2cc70bffc31ceceb20b3f71c70d67cefd9fa3e2a9725904f9d37df99d41412da7cc7179c6c715e240933b4beeadd23a721b53b8ce14a116251e34b55fbe06380aa25562b07a7031defc98a36a5a76d6d2e33a74e2c524b33501beba83fe95f0aefa18b636c2cb427d78269ce161fde31c9eaa0cb28ed9d86945f297bc876256a6700fb946a8b4f740e5ee136de152fb3fefae0b17c200654526506f48bfe3dddb1987189d"]}, 0x238}], 0x6, &(0x7f0000002d40)=ANY=[@ANYBLOB="30000000000000000100000001000000", @ANYRES32=r0, @ANYRES32=r0, @ANYRES32=r1, @ANYRES32=r1, @ANYRES32=r1, @ANYRES32=r9, @ANYRES32=r1, @ANYRES32=r0, @ANYBLOB="1c000000000000000100000002000000", @ANYRES32=r10, @ANYRES32=r11, @ANYRES32=r12, @ANYBLOB="000000001c000000000000000100000001000000", @ANYRES32=r1, @ANYRES32=r0, @ANYRES32=r0, @ANYBLOB="000000001c000000000000000100000002000000", @ANYRES32=r13, @ANYRES32=r14, @ANYRES32=r15, @ANYBLOB="000000001c00e3ffffff00002100000002000000", @ANYRES32=r16, @ANYRES32=r17, @ANYRES32=r18, @ANYBLOB="000000001c000000000000000100000002000000", @ANYRES32=r19, @ANYRES32=r20, @ANYRES32=r21, @ANYBLOB="000000001c000000000000000100000002000000", @ANYRES32=r22, @ANYRES32=r23, @ANYRES32=r24, @ANYBLOB="000000001c000000000000000100000002000000", @ANYRES32=r25, @ANYRES32=r26, @ANYRES32=r27, @ANYBLOB='\x00\x00\x00\x00'], 0x110, 0x4000000}, 0x10) 03:39:04 executing program 3: r0 = socket(0x10, 0x803, 0x0) sendto(r0, &(0x7f0000cfefee)="120000001200e7ef007b00000000000000", 0x11, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0x80, &(0x7f0000000380)=[{&(0x7f0000000040)=""/95, 0x630}, {&(0x7f00000000c0)=""/85, 0xfb}, {&(0x7f0000000fc0)=""/4096, 0x3f}, {&(0x7f0000000400)=""/120, 0x78}, {&(0x7f0000000480)=""/60, 0xf0}, {&(0x7f0000000200)=""/77, 0x4d}, {&(0x7f0000000540)=""/154, 0x9a}, {&(0x7f0000000340)=""/22, 0x16}], 0xa4, &(0x7f0000002400)=""/191, 0xbf}}], 0x4000000000000f0, 0x0, &(0x7f0000003700)={0x77359400}) 03:39:04 executing program 0: mkdir(&(0x7f00000000c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000180)='./file0\x00', 0x4) mount$overlay(0x400000, &(0x7f0000000000)='./file0\x00', &(0x7f0000000300)='overlay\x00', 0x0, &(0x7f0000000c40)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=./file1,workdir=./file1']) chdir(&(0x7f0000000280)='./file0\x00') mknod$loop(&(0x7f0000000040)='./file0\x00', 0x0, 0x1) [ 557.990996] sg_write: data in/out 167162/24 bytes for SCSI command 0xff-- guessing data in; [ 557.990996] program syz-executor.1 not setting count and/or reply_len properly 03:39:04 executing program 5: mkdir(&(0x7f0000fd5ff8)='./file0\x00', 0x0) r0 = openat$selinux_commit_pending_bools(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/commit_pending_bools\x00', 0x1, 0x0) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f0000000040)={0xe, @vbi={0x100, 0x1, 0x5, 0x57317376, [0x6, 0x1], [0x7, 0xffffffffffffff71], 0x13a}}) mount(0x0, &(0x7f0000026ff8)='./file0\x00', &(0x7f000000c000)='ramfs\x00', 0x0, 0x0) mount(0x0, &(0x7f0000000200)='./file0\x00', 0x0, 0x100000, 0x0) mount(0x0, &(0x7f00000003c0)='./file0\x00', &(0x7f0000000400)='sysfs\x00', 0x8001, 0x0) [ 558.046190] FAULT_INJECTION: forcing a failure. [ 558.046190] name failslab, interval 1, probability 0, space 0, times 0 [ 558.051841] sg_write: data in/out 167162/24 bytes for SCSI command 0xff-- guessing data in; [ 558.051841] program syz-executor.1 not setting count and/or reply_len properly [ 558.077146] CPU: 0 PID: 19689 Comm: syz-executor.4 Not tainted 4.14.134 #30 [ 558.084268] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 558.093639] Call Trace: [ 558.096228] dump_stack+0x138/0x19c [ 558.099876] should_fail.cold+0x10f/0x159 [ 558.104021] should_failslab+0xdb/0x130 [ 558.107989] __kmalloc_track_caller+0x2ec/0x790 [ 558.112655] ? kstrdup_const+0x48/0x60 [ 558.116568] kstrdup+0x3a/0x70 [ 558.119751] kstrdup_const+0x48/0x60 [ 558.123461] alloc_vfsmnt+0xe5/0x7d0 [ 558.127189] vfs_kern_mount.part.0+0x2a/0x3d0 [ 558.131678] do_mount+0x417/0x27d0 [ 558.135207] ? copy_mount_options+0x5c/0x2f0 [ 558.139611] ? rcu_read_lock_sched_held+0x110/0x130 [ 558.144627] ? copy_mount_string+0x40/0x40 [ 558.148862] ? copy_mount_options+0x1fe/0x2f0 [ 558.153356] SyS_mount+0xab/0x120 [ 558.156799] ? copy_mnt_ns+0x8c0/0x8c0 [ 558.160681] do_syscall_64+0x1e8/0x640 [ 558.164559] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 558.169399] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 558.174593] RIP: 0033:0x45c27a [ 558.177769] RSP: 002b:00007f4eb8d06a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 558.185468] RAX: ffffffffffffffda RBX: 00007f4eb8d06b40 RCX: 000000000045c27a 03:39:04 executing program 3: r0 = socket(0x10, 0x803, 0x0) sendto(r0, &(0x7f0000cfefee)="120000001200e7ef007b00000000000000", 0x11, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0x80, &(0x7f0000000380)=[{&(0x7f0000000040)=""/95, 0x630}, {&(0x7f00000000c0)=""/85, 0xfb}, {&(0x7f0000000fc0)=""/4096, 0x3f}, {&(0x7f0000000400)=""/120, 0x78}, {&(0x7f0000000480)=""/60, 0xf0}, {&(0x7f0000000200)=""/77, 0x4d}, {&(0x7f0000000540)=""/154, 0x9a}, {&(0x7f0000000340)=""/22, 0x16}], 0xa4, &(0x7f0000002400)=""/191, 0xbf}}], 0x4000000000000f0, 0x0, &(0x7f0000003700)={0x77359400}) 03:39:04 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) mkdir(&(0x7f00000001c0)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) shmctl$SHM_UNLOCK(0x0, 0xc) syz_open_dev$evdev(0x0, 0x7fff, 0x0) ioctl$TCFLSH(0xffffffffffffffff, 0x540b, 0x0) socketpair$unix(0x1, 0x0, 0x0, 0x0) close(0xffffffffffffffff) socket$unix(0x1, 0x1, 0x0) r1 = openat$fuse(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000000240)={{'fd', 0x3d, r1}, 0x2c, {'rootmode', 0x3d, 0x4004}, 0x2c, {'user_id'}, 0x2c, {'group_id'}}) syz_genetlink_get_family_id$net_dm(0x0) sendmsg$NET_DM_CMD_START(0xffffffffffffffff, &(0x7f0000000b00)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x1000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x40000}, 0x0) syz_genetlink_get_family_id$tipc2(0x0) umount2(&(0x7f0000000340)='./file0\x00', 0x100000000000009) chdir(&(0x7f00000001c0)='./file0\x00') r2 = syz_open_dev$sndpcmc(&(0x7f0000000000)='/dev/snd/pcmC#D#c\x00', 0x9, 0x80) ioctl$VIDIOC_SUBDEV_G_DV_TIMINGS(0xffffffffffffffff, 0xc0845658, &(0x7f00000000c0)={0x0, @reserved}) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") r3 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x8046) write(r3, &(0x7f0000000100)="b63db85e1e8d020000000000003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1acfbd6cbf87798a9b02de7a91a3cbdfa009cf75a7eadb2a00", 0x48) readv(r3, &(0x7f000085dff0)=[{&(0x7f0000000000)=""/62, 0x3e}], 0x1) ioctl$VIDIOC_DECODER_CMD(r2, 0xc0485660, &(0x7f0000000380)={0x4, 0x2, @stop_pts=0x7}) 03:39:04 executing program 3: r0 = socket(0x10, 0x803, 0x0) sendto(r0, &(0x7f0000cfefee)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0x80, &(0x7f0000000380)=[{&(0x7f0000000040)=""/95, 0x630}, {&(0x7f00000000c0)=""/85, 0xfb}, {&(0x7f0000000fc0)=""/4096, 0x3f}, {&(0x7f0000000400)=""/120, 0x78}, {&(0x7f0000000480)=""/60, 0xf0}, {&(0x7f0000000200)=""/77, 0x4d}, {&(0x7f0000000540)=""/154, 0x9a}, {&(0x7f0000000340)=""/22, 0x16}], 0xa4, &(0x7f0000002400)=""/191, 0xbf}}], 0x4000000000000f0, 0x0, &(0x7f0000003700)={0x77359400}) [ 558.192818] RDX: 00007f4eb8d06ae0 RSI: 0000000020000100 RDI: 00007f4eb8d06b00 [ 558.200831] RBP: 0000000000000001 R08: 00007f4eb8d06b40 R09: 00007f4eb8d06ae0 [ 558.208104] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000006 [ 558.215362] R13: 00000000004c88e2 R14: 00000000004df6b0 R15: 0000000000000005 [ 558.413450] sg_write: data in/out 167162/24 bytes for SCSI command 0xff-- guessing data in; [ 558.413450] program syz-executor.1 not setting count and/or reply_len properly [ 560.240130] net_ratelimit: 16 callbacks suppressed [ 560.240174] protocol 88fb is buggy, dev hsr_slave_1 [ 560.245130] protocol 88fb is buggy, dev hsr_slave_0 [ 560.255234] protocol 88fb is buggy, dev hsr_slave_1 [ 560.260404] protocol 88fb is buggy, dev hsr_slave_0 [ 560.265439] protocol 88fb is buggy, dev hsr_slave_1 [ 560.320094] protocol 88fb is buggy, dev hsr_slave_1 [ 560.720095] protocol 88fb is buggy, dev hsr_slave_0 [ 560.725174] protocol 88fb is buggy, dev hsr_slave_1 03:39:07 executing program 2: socketpair$unix(0x1, 0x0, 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB="2001000010db55000000000000649bdb382db60cdb35feaf0900000000000000000000000000201483d9b22701010000d08a38cd02fa9ed7d24b2c52b5553bed361ee702f3280b028930fc1023d2fc126de72271a3d6899f3957cb2756b7ef2dc7c0"], 0x1}}, 0x0) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, 0x0, 0x0, 0x0) tkill(0x0, 0x38) ptrace$cont(0x18, 0x0, 0x0, 0x0) ptrace$setregs(0xd, 0x0, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, 0x0, 0x0, 0x0) r0 = openat$selinux_mls(0xffffffffffffff9c, &(0x7f00000000c0)='/selinux/mls\x00', 0x0, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000280)={0x0}, &(0x7f00000002c0)=0xc) getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f0000000300)={{{@in=@empty, @in, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6}, 0x0, @in6=@empty}}, &(0x7f0000000400)=0xe8) r3 = getgid() r4 = openat$selinux_member(0xffffffffffffff9c, &(0x7f0000000440)='/selinux/member\x00', 0x2, 0x0) r5 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000480)='/dev/autofs\x00', 0x0, 0x0) r6 = openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f00000004c0)='/proc/self/attr/current\x00', 0x2, 0x0) r7 = openat$userio(0xffffffffffffff9c, &(0x7f0000000500)='/dev/userio\x00', 0x80, 0x0) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000540)={0x0, 0x0}) getresuid(&(0x7f0000000580), &(0x7f00000005c0)=0x0, &(0x7f0000000600)) getresgid(&(0x7f0000000640), &(0x7f0000000680)=0x0, &(0x7f00000006c0)) r11 = getpid() lstat(&(0x7f0000000700)='./file0\x00', &(0x7f0000000740)={0x0, 0x0, 0x0, 0x0, 0x0}) getresgid(&(0x7f00000007c0), &(0x7f0000000800), &(0x7f0000000840)=0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000880)={0x0}, &(0x7f00000008c0)=0xc) lstat(&(0x7f0000000900)='./file0\x00', &(0x7f0000000940)={0x0, 0x0, 0x0, 0x0, 0x0}) r16 = getgid() bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000a00)={0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x1e, &(0x7f00000009c0)='nodevbdevselfGPLvboxnet0lo5\xb8]\x00', 0xffffffffffffffff}, 0x30) r18 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000a40)='/proc/self/net/pfkey\x00', 0x8080, 0x0) r19 = socket$inet6(0xa, 0x3, 0xde92) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, &(0x7f0000000a80)=0x0) r21 = getuid() r22 = getegid() r23 = gettid() getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000000ac0)={{{@in6=@remote, @in=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@empty}, 0x0, @in6=@initdev}}, &(0x7f0000000bc0)=0xe8) fstat(0xffffffffffffffff, &(0x7f0000000c00)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) sendmsg$unix(r0, &(0x7f0000000d80)={&(0x7f0000000180)=@abs={0x1, 0x0, 0x4e23}, 0x6e, &(0x7f0000000100)=[{&(0x7f0000000200)="3d5efd5975e4fcd4ab97e0a5475150c07021de0c2c161a0484e41812df6d4ed15ed25983157c4adc622a8d8aefb2741d6f74f229d3c58627904a692f1645c03d230d6373fd9061ce4f46e9b39c85cf2b1426374cf38438f19ed21c4f43bb618dc90ab2e718", 0x65}], 0x1, &(0x7f0000000c80)=[@cred={{0x1c, 0x1, 0x2, {r1, r2, r3}}}, @rights={{0x20, 0x1, 0x1, [r4, r5, r6, r7]}}, @cred={{0x1c, 0x1, 0x2, {r8, r9, r10}}}, @cred={{0x1c, 0x1, 0x2, {r11, r12, r13}}}, @cred={{0x1c, 0x1, 0x2, {r14, r15, r16}}}, @rights={{0x1c, 0x1, 0x1, [r17, r18, r19]}}, @cred={{0x1c, 0x1, 0x2, {r20, r21, r22}}}, @cred={{0x1c, 0x1, 0x2, {r23, r24, r25}}}], 0x100, 0x40}, 0x4000) 03:39:07 executing program 4 (fault-call:1 fault-nth:67): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f0000000380)="8da4363ac0ed0000000000000000004d01000000000000000000000000000013fff6f2a2299748aeb81e1b00920efd9a000001000000000001000000000000005f42485266535f4d860c1317278d451fd38e4071a1e91c0523b67fecca5b668ef40000000000000000e4bd9fa7c5fcb3aefd8d4a6c4952162a5a06316567de06abe647d21f253840c118ae9982c6c238e719ccfbd8f5ee215e30bf31f59401e921c6a9fca5349ebf4294d39b5931232929caf81701a7540962141efc672ae1459ef04de89c7a092e7f", 0xc9, 0x10000}], 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) 03:39:07 executing program 3: r0 = socket(0x10, 0x803, 0x0) sendto(r0, &(0x7f0000cfefee)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0x80, &(0x7f0000000380)=[{&(0x7f0000000040)=""/95, 0x630}, {&(0x7f00000000c0)=""/85, 0xfb}, {&(0x7f0000000fc0)=""/4096, 0x3f}, {&(0x7f0000000400)=""/120, 0x78}, {&(0x7f0000000480)=""/60, 0xf0}, {&(0x7f0000000200)=""/77, 0x4d}, {&(0x7f0000000540)=""/154, 0x9a}, {&(0x7f0000000340)=""/22, 0x16}], 0xa4, &(0x7f0000002400)=""/191, 0xbf}}], 0x4000000000000f0, 0x0, &(0x7f0000003700)={0x77359400}) 03:39:07 executing program 5: r0 = syz_open_dev$sndctrl(&(0x7f0000000080)='/dev/snd/controlC#\x00', 0xffffffffffffffff, 0x4) ioctl$SNDRV_CTL_IOCTL_PCM_INFO(r0, 0xc1205531, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, [], [], [], 0x0, 0x0, 0x0, 0x0, "08ec11224ff8247d3adb9ed6383de39b"}) 03:39:07 executing program 0: mkdir(&(0x7f00000000c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000180)='./file0\x00', 0x4) mount$overlay(0x400000, &(0x7f0000000000)='./file0\x00', &(0x7f0000000300)='overlay\x00', 0x0, &(0x7f0000000c40)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=./file1,workdir=./file1']) mknod$loop(&(0x7f0000000040)='./file0\x00', 0x0, 0x1) 03:39:07 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x0, &(0x7f0000000180)="11dca50d5e0bcfe47bf070") r1 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x8046) write(r1, &(0x7f0000000100)="b63db85e1e8d020000000000003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1acfbd6cbf87798a9b02de7a91a3cbdfa009cf75a7eadb2a00", 0x48) r2 = syz_open_dev$vcsa(&(0x7f0000000080)='/dev/vcsa#\x00', 0x2, 0x400400) r3 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/ubi_ctrl\x00', 0x8200, 0x0) setsockopt$SO_RDS_TRANSPORT(r3, 0x114, 0x8, &(0x7f0000000200)=0xffffffffffffffff, 0x4) ioctl$PPPIOCGFLAGS1(r2, 0x8004745a, &(0x7f00000000c0)) readv(r1, &(0x7f000085dff0)=[{&(0x7f0000000000)=""/62, 0x3e}], 0x1) 03:39:07 executing program 3: r0 = socket(0x10, 0x803, 0x0) sendto(r0, &(0x7f0000cfefee)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0x80, &(0x7f0000000380)=[{&(0x7f0000000040)=""/95, 0x630}, {&(0x7f00000000c0)=""/85, 0xfb}, {&(0x7f0000000fc0)=""/4096, 0x3f}, {&(0x7f0000000400)=""/120, 0x78}, {&(0x7f0000000480)=""/60, 0xf0}, {&(0x7f0000000200)=""/77, 0x4d}, {&(0x7f0000000540)=""/154, 0x9a}, {&(0x7f0000000340)=""/22, 0x16}], 0xa4, &(0x7f0000002400)=""/191, 0xbf}}], 0x4000000000000f0, 0x0, &(0x7f0000003700)={0x77359400}) [ 561.053441] kauditd_printk_skb: 18 callbacks suppressed [ 561.053450] audit: type=1400 audit(2000000347.449:2575): avc: denied { map } for pid=19729 comm="blkid" path="/sbin/blkid" dev="sda1" ino=16128 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=0 [ 561.063438] sg_write: data in/out 167162/24 bytes for SCSI command 0xff-- guessing data in; [ 561.063438] program syz-executor.1 not setting count and/or reply_len properly 03:39:07 executing program 0: mkdir(&(0x7f00000000c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000180)='./file0\x00', 0x4) mount$overlay(0x400000, &(0x7f0000000000)='./file0\x00', &(0x7f0000000300)='overlay\x00', 0x0, &(0x7f0000000c40)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=./file1,workdir=./file1']) mknod$loop(&(0x7f0000000040)='./file0\x00', 0x0, 0x1) [ 561.121112] audit: type=1400 audit(2000000347.519:2576): avc: denied { map } for pid=19748 comm="blkid" path="/sbin/blkid" dev="sda1" ino=16128 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=0 [ 561.151128] sg_write: data in/out 167162/24 bytes for SCSI command 0xff-- guessing data in; [ 561.151128] program syz-executor.1 not setting count and/or reply_len properly 03:39:07 executing program 5: perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x800000000000012, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_open_dev$loop(0x0, 0x0, 0x0) openat$cachefiles(0xffffffffffffff9c, 0x0, 0x0, 0x0) pipe(&(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r1, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c) sendto$inet6(r1, 0x0, 0x0, 0x20000001, &(0x7f0000b63fe4)={0xa, 0x2}, 0x1c) splice(r1, 0x0, r0, 0x0, 0x1000000000000003, 0x0) r2 = gettid() openat$selinux_status(0xffffffffffffff9c, &(0x7f0000000080)='/selinux/status\x00', 0x0, 0x0) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, 0x0) socketpair$unix(0x1, 0x1000000005, 0x0, &(0x7f000087fff8)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$int_in(r3, 0x5452, &(0x7f0000008ff8)=0x3f) bind$packet(0xffffffffffffffff, 0x0, 0x0) fcntl$setsig(r3, 0xa, 0x12) fcntl$setownex(r3, 0xf, &(0x7f0000000040)={0x0, r2}) recvmsg(r4, &(0x7f0000172fc8)={0x0, 0x0, 0x0}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) getegid() dup2(r3, r4) r6 = gettid() tkill(r6, 0x16) sendto$packet(r1, &(0x7f0000000300)='\x00', 0x1, 0x3ffffff, 0x0, 0x0) [ 561.176542] FAULT_INJECTION: forcing a failure. [ 561.176542] name failslab, interval 1, probability 0, space 0, times 0 [ 561.206493] CPU: 0 PID: 19744 Comm: syz-executor.4 Not tainted 4.14.134 #30 [ 561.213638] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 561.222996] Call Trace: [ 561.225587] dump_stack+0x138/0x19c [ 561.229214] should_fail.cold+0x10f/0x159 [ 561.233367] should_failslab+0xdb/0x130 [ 561.237371] kmem_cache_alloc_node_trace+0x280/0x770 [ 561.242493] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 561.247958] __kmalloc_node_track_caller+0x3d/0x80 [ 561.252914] __kmalloc_reserve.isra.0+0x40/0xe0 [ 561.257587] __alloc_skb+0xcf/0x500 [ 561.261207] ? skb_scrub_packet+0x4b0/0x4b0 [ 561.265534] ? netlink_has_listeners+0x20a/0x330 [ 561.270287] kobject_uevent_env+0x781/0xc23 [ 561.274722] kobject_uevent+0x20/0x26 [ 561.278565] loop_clr_fd+0x4a7/0xae0 [ 561.282277] lo_ioctl+0x8ea/0x1ce0 [ 561.285837] ? SyS_mount+0xcf/0x120 [ 561.289467] ? loop_probe+0x160/0x160 [ 561.293262] blkdev_ioctl+0x96b/0x1860 [ 561.297171] ? blkpg_ioctl+0x980/0x980 [ 561.301061] ? __might_sleep+0x93/0xb0 [ 561.304946] ? __fget+0x210/0x370 [ 561.308544] block_ioctl+0xde/0x120 [ 561.312166] ? blkdev_fallocate+0x3b0/0x3b0 [ 561.316480] do_vfs_ioctl+0x7ae/0x1060 [ 561.320362] ? selinux_file_mprotect+0x5d0/0x5d0 [ 561.325123] ? lock_downgrade+0x6e0/0x6e0 [ 561.329362] ? ioctl_preallocate+0x1c0/0x1c0 [ 561.333764] ? __fget+0x237/0x370 [ 561.337307] ? security_file_ioctl+0x89/0xb0 [ 561.341712] SyS_ioctl+0x8f/0xc0 [ 561.345074] ? do_vfs_ioctl+0x1060/0x1060 [ 561.349220] do_syscall_64+0x1e8/0x640 [ 561.353131] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 561.358072] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 561.363987] RIP: 0033:0x459697 [ 561.367177] RSP: 002b:00007f4eb8ce5a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 03:39:07 executing program 3: r0 = socket(0x10, 0x803, 0x0) sendto(r0, &(0x7f0000cfefee)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r0, 0x0, 0x0, 0x0, &(0x7f0000003700)={0x77359400}) [ 561.374883] RAX: ffffffffffffffda RBX: 00007f4eb8ce5b40 RCX: 0000000000459697 [ 561.382150] RDX: 0000000000000000 RSI: 0000000000004c01 RDI: 0000000000000005 [ 561.389455] RBP: 0000000000000001 R08: 00007f4eb8ce5b40 R09: 00007f4eb8ce5ae0 [ 561.396721] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 [ 561.404002] R13: 00000000004c88e2 R14: 00000000004df6b0 R15: 0000000000000003 03:39:07 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") r1 = syz_open_dev$sg(&(0x7f0000000080)='/dev/sg#\x00', 0x3, 0x400000) r2 = syz_open_dev$media(&(0x7f0000000280)='/dev/media#\x00', 0x100000001, 0x204002) getsockopt$inet6_mreq(r2, 0x29, 0x14, &(0x7f00000002c0)={@local}, &(0x7f0000000300)=0x14) write(r1, &(0x7f0000000100)="b63db85e1e8d020000000000003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1acfbd6cbf87798a9b02de7a91a3cbdfa009cf75a7eadb2a00", 0x48) syz_open_dev$vbi(&(0x7f0000000240)='/dev/vbi#\x00', 0x2, 0x2) ioctl(r1, 0x1, &(0x7f0000000340)="af1c12198af3a18af703a34cbfb141edf470693bd85f1c263dfd31540dec544d17b7f30483a8b1e8a7cb67c5c9f5d1711e28f39bef4a3a6a3e46c3b99abf656ca9de247938cb2b7194b87f95dcea63f4604fcd6a23623f83680b3db8c43f250c442ab4fdfebd8748a0f097cacea53d81f5ad15f6d548c57f17a5bba138440333f36eea9db0842b548d012cce459423133a3b23fddc0304fd99d1965be759982399115ac9d506777c12bc094ca996436a1e3060a94fa476fbae1f9488befd21bb2adc5cf5910240bfbf7e192bbc03ee7785b849526702b50af3c5328f028d1809eb18766c940905e946d7d5c0df770e94600c8f07be2f1229560e6d6c0ff19318cb8bcdfbb89513a853ec4d26da49f70e92e503ffcaeac7be012f1c37a290d2042fba63c7fbe77cce57b9f8519c16ad84d5f2bfe2979a058cbb8440875e1846d754d3049959bd0109d9dc499bc7606cc3c4406a812a15c8165eaab565944c65adc1bac52ea22d0193a80a8a5034a911eb698c26fa5841f442f61f11d8a4fede776122bb0d3500965d37b97d79a05ec891e824e7d2eb46fe5bbb85120adef65a9b7051b68a9ae67ef6ba60dd4143ba87bf32bf1d6bf0f2366e025543e78b6757fdb2ec2928412721d27719674c87839b8e44dd6325fd76749998636e989788700c5b222c0fd23cb81da7e09111bd324347452e15b92ffb62cb5a880fa57d9fd2fffdb71f5110368cfdf74a19dd715fa5a1a6db8f0ad720f2a95fe9e603c439c4c5d923b82b2eaaf2664cf22dfde0dca18501bc7004f8f569b4d440040812fb468ee8132d85d763bb04bcf212301829459475dbf23ab6ee5c9b13bb5c11998a5b1bdfd659f574cb9fbf1902f77517d639591d2bf69e8ebe533e90da5f973c88f628a35d91a9a20a299b0e5de4dbcd7570fda055bdab57706bd4a4fb72183806ca726f0c9d209d17b893143a1aeef442eabbea3dbbdaedda69e601f718a28069c6cbe9e6bd1c29783bd65f991f118dc8e94daac8e3ff7107a7397732ba9f918bb68ffd2e7a14a929cb019ac431b32cba9cab477f1f0812d73952ef3d3b786b5656dd59a0f8ebbfa677748864d5b83cc009f02f5e606ff586313a1c8cd2d8db921acf7d02d1210d18e0b1277815a206b2b04a7e2275202ee3b4e62b7f81308bf9e58d9d7828050efddeb08ca901e37f218fa69a771aecb5e98d12132a5e2122ab42112043d7aacfca96af8760e2375b9098ee00e2d624df3b8aa1ef363a9a05e9da691481f2f1850a8dabf8892bfcaeea0ccc1b623f2944a796e5204ee542f4144dc5d0a5ef1768587a44b0ed963a78a5c98fb2da8ec835662d173dc9a0ae3b5aefac75b06c5e07ef6d11f18b474c4b915430580fe0155d1dbb32f67071c4106b404b6f65d519000765def2f4ac5bfe5a1c9fb4e400655ba8848686adcf10a987560cfcfe0abaee90cef4b2cc7e7f32f315889d760be8def61579cacb4c612093bebbdd5987a2961758a95384d95a5b77205eade127cf9881b178149510ac2b77be0c6dab31485de6015bc6bd913e63ce402bbcb332570070c939399c4f7f8351208d5db9c92a2241e7855c2d08cf81c74de8ecaf4eaecbc173f5996e63a6701f567212b90e05ced1a2d7941d341a76a76edb258586ebe6efbe61ebfd913ef7f478f5df49e8168d00ac53d7337ffe6c39a8c2a0c2dfa605c4f48d000dff2fc4d4c1a9660ccf0394d5264619343fb78474b40cd86c4efa1c5b2efeec502384d442b9f78de9b9831f86b9c990da4c3f398068e1a02d112d8a6cdc09da650de561c9cd8cab51059e7d133b98c1a19cc4529442414ab8d8f7955877cfebca6efee8f9bffe6f5a92356119cd7413e9dcd9290ae06984c159f8aa3d50cfdc0e246be512061e8d27f6d1f863834c3d46493d67c722068b8db344209738f0980236fc95b9ac9acbb49ff2fe78e4519d0f558b408c4250ecbe29bfb1547b04122e05e3619b97cbeabed15bc6ab739b6daf116a58216ad49487da3ce983b7ce56154dbf145b350c544e8a94e8c5a04b0bede1115f879a126cfa359d001a12bf7d3555a1aaae4ac806786daf709b747bede2455ac05dc2c28b3c31af3e1e77157d53cf44a05fdec98eca5ed405a9062688174dd16ee10ed45acc13fd2ab66cda17751d4053864538869044798604b08df771a0868b2a587f673a1a3a04aa2b7962614fd71f4141b8f1b716dfe6036a685b3317b9903c29180e4f6ff0521c4bc3e585aeed446a5650cf59da5aff0f1c43c4886923c501b2ba028e8d527a7dea0af90c56f3c4bdd41e049547a2d4ee8bebbd168168f0aa424911d79d7de813f2ae1ce970761efe4820aa7361bfd609fdcf88eb88615a82fa44ac128d69dd782487307e5c3ce1172ed77fc6d03823eade7d8be754b18e5486f1c086a58b05b2ffdae75a6c64638014f8cc352558dee7a06eec8505d669f796377854263871e3900eea5189b67a16cfd47c9a410081e1f60b32b16e45eb0f3b044e14b545c4c30bf223195544c5e7d6ee1d42e3a0fdd709440e9774897afb49e6fb6536493d7a91b19af6a1655a4dd3be8c363dae0f2af144aea118d44cd34e192440b2333b140256b97fb7ecfb4a34b702c8d38f770ce5dc9e31c4e86dac4bf77de08764c6dc18f6a9d16ecbec928e5e0c082c0a66b615acab95d1a88806fe1fd6dd8dddfa4cbe77b52c156a62afa9b1a3a40cfe97b6880598f9c39980ff67cce1036c0bfd27d9d9ddad576d7461a0876ca3e485cd60c462cd7abbc404031dba64330af0cf5bdb767fc1e4e96b3aef52a65f78a403ea039de93ce5acf1a6d101b6f6f4d6ac5aecb29cf269667201c281f64ab0ede4e47efebdfbbbe2d8e4eb645c57d62a8338b04c20807082a1201c8f52d9a99e0b650f16df052bb5cc60fa43e853dfe3ba0f96867a63381e38c4c4505e6815a6e4b2f67f94e05061c31d0f5ffbbee67ccd87406e987de6b9332a9ddce48315b7dc413b8a6d065026cd0a1f8e8315c5fd46e3e7fd51bb72176fb3e5d287c1590d69766910674958f9f54512f598264231b59130780dfb6cf0e9c9bff0d6edbd74e164b419aacde6a6a68cc8b80113945f1ae3796d8a47e70703d64f3626bc5d6c1a196a9e6147d01d6f261ba315faf55f03b76abe6f236d8081d9222250acd6dfde5a47998d012ad493ad84012943dd60b7f599208759b204ab3ac67b7418b5cbdfa929749e2553c3e96c466f9483b38d66096baf7d1a389cfa06bb6b2a2d8ff91562b63b347432fed72812dc15f864ae500a3ff6714b698e36e158c7790eabbecb5b7e830c7f3aa215cefc3da485a1868a75c0e0d01d96ca7892f28cfa3dbe675dc392721f07c3d2c96f2eebf09ac8d97be8335fa4c34b160da4f93dd066b5c3d44f28f594c645ec12b89ae038bd0b9787fa27040609aeb246c9049f2cd5d5525ca6d5df1926cfb9c437e2e3318920f889e3ba6e9862b9e2f0da43ca80d4a30b6b00bf179f4e2f55b44fcecd17ae21234833101470cf12bcb0fd8428ab42055b151964165440cbf68780f8f9ffdd89d12b9dd1fcc5a36b8d843d5e27a5364174173ffb321a4af333041207a87ee023b2f2b9820721f692c7248af4b212790981ee2b6b392939de3da017c01f9e341e5f55f0d936fd185e9d39c77ab83c8e9c689954a7283256f85b3407e20fbd6de45718b70e1a7575e6aca3d750f2875473866a09747ddb8b006fae64f74fe4d06842a00d0fb3f3908a64f3e5fe80c49a38d43e8afe1364cf79177708e7e290b04a70d26bd6a259cde47db1d708f8494d64f0497d79bbe4566a71d05629ff5d1251a2d99c146e5d00df03e36113c6674640fd39c46e2874e98887ec0f68c7df45d2e9ef53fd10d311659e089922558f70bb8a9ab143785dc8c90802c2f21c4eee73baec46917111c131b5bf4671cfe6bc526b35e0b67ccaab49121a4cf5603b39955c5790ad86790151f70a54492d65dc4c3ecc5d57e44ef11302ed402d0aad07d80d3959e9db5d97b95f16c33a10cb7413fcb99c8a663828edf24bbdc8a4fc19ef535e32752e82e55ba395fb8257277339c401422cac3fc839cf19e947e5763be2d98fd6b8f1971328fa756acf217c73ca7da456494327258e628c05c21479294989de7e806f5ece5daff8cfcf60f03c6e15cb50eee221936ffa4cae15ad7eead4ee65095e49d97b21e304c2e2233d1c79ae666b0e347620d2a972124c0460301fbbe56d2312ecc000962be64c392e9409a638174991d618fd7856a37a5a139a074385c2b54a810c7a0fd206621ef12440cf60c225ab97e07af5eca22aa25906b5db4ff04e4fde838e39ed5e177634df45015c16a84cd4a8560546d82160dc87009572dd72c8b461aec3ff7268d94cb263ee269d6f3d1b298e40e00fbc39ee55463f9a8b994f09a3b5722fa9e56dda3e8e069359648f79751860b69ca401374a262c7e84494da3d2905e590d9c595e80bcd005fb10e22a7550c91136896e569ad3206e7d8d475c86c2c82907beffa21591e2de86a6b3c6572992b6dbdf8dced49486cdd96b6358084013d29ca09d02f1703ef7da8739d5d9ead047fc11c6f4a55f19bc761f01c40085c58e7193119f99045e46e48088e165d7779e12c8dde97904dc120fb9a25ebb96ae505f9cc3a7778a51c1ff7e9aa0ec7e4b65fb06c03142c7196b753182ab77e45d56006891e89903eea0bd19c339660a7a495625f6bc06c8345459277c5d3a465f9f682eb0d197129a46b555cf907d6ab086f28eb7c7c06c5034b70e80fe4cde4d8652dfa2f640c07c1f500763fb53b5cfbf250921a76f9ae59640dfdd91ca6c22b4ffca0add8489f38ad568983fb6d57e9f87174a61368df629eed66d7ae4d5678c4c4654e36a978cbcf8e4c56f49780d85f2abba189169ef1454b5299922fabe8e38320600079995c8f986ab2c91d759fd198217d9e4cb0015b0cb1e4dfed3603a171d8e3abe22037006ba4626536312ca51850c3be823e3dcc754df563f14d0476e73b81a578fd02d01f1db36ceb5e25c650d1aad7c66f05a1f495716c2d0830d481e43ddaaf12d857aa9a7a37d205770a305c9c10855e95cc3d0058339fd3561968f548bc5ad014c9debfe945bb29d0219c3414bd9db975dfcffd7dc0b8d3cb6e8117fdc0790cd125963a6617942cbefb0f438a9ab1b0f6c6da0e5e6898da22dd69b3e00ec70f7fb3f8cb486e8d0b3fbd560a692dd19fbd0fc9d1df9ed79d5f0076064fcc525b393992cf2960824b677488634a929a931185648ee6825bca7b76b6086f8a697fc4979e42e9eb182b05b33396a51273417191247297ebdf031679a72e09896b5d1fc2592f6949ec7e596c48574280dde9181fd4d16cce91b8c1a88502821cdca0169837a1b3680d2cbab26fb418daede5caa986549e377e2877ffd030f0c1eba5dcae1591e310193187f1f0f12e83cc3aea3a47c6ea72842afc803b5a462c6679bcddc4cb26b5bb09b48297479cd90a1bf1005404ab92a0a03fd9edc6bb9d52a9c97db97a0c35a56f337bda942c2a321fc4343dc0e1e45d799cc5842ddd2ad9abbcd8631da4cf104d6f853cd5744c921c55023bbeaeecc476f1c2986323ea47860b025cc2e9b649effc87ebf27246915596ba1192b3f7556ab0856eb7c746aa5c88220b944411ef57bcdc18c07f5928c2e3d295675f80ad436b0253d17eeda1abeed82aa86e0533b8fb97fe4d417268cdfc0d2920dda6a065331dc1969dec09a9b8965c2bc6045f7a07fc54369b98abdde561ead133d313f6103de2cfc") getsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(0xffffffffffffffff, 0x84, 0x13, &(0x7f00000000c0)={0x0, 0xfffffffffffffffc}, &(0x7f0000000180)=0x8) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r0, 0x84, 0x10, &(0x7f00000001c0)=@sack_info={r3, 0xfffffffffffffc01, 0x9}, &(0x7f0000000200)=0xc) readv(r1, &(0x7f000085dff0)=[{&(0x7f0000000000)=""/62, 0x3e}], 0x1) syncfs(0xffffffffffffffff) 03:39:07 executing program 3: r0 = socket(0x10, 0x803, 0x0) sendto(r0, &(0x7f0000cfefee)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r0, 0x0, 0x0, 0x0, &(0x7f0000003700)={0x77359400}) 03:39:07 executing program 2: socketpair$unix(0x1, 0x0, 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=ANY=[@ANYBLOB="2001000010db55000000000000649bdb382db60cdb35feaf0900000000000000000000000000201483d9b22701010000d08a38cd02fa9ed7d2e078bed8a61e47b088f4da5892192fa9de381369d00d78225ad8ee472cc0849a11d395da78e27b29f90cbda83a4a5b450d5f9be937c015d8dace9756d8612f3ae45a272b6676e3102d8e73665dfff4d1"], 0x1}}, 0x0) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x38) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r0, 0x0, 0x0) r1 = openat$selinux_avc_hash_stats(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/avc/hash_stats\x00', 0x0, 0x0) ioctl$TIOCGPGRP(r1, 0x540f, &(0x7f0000000080)) [ 561.416200] audit: type=1400 audit(2000000347.809:2577): avc: denied { map } for pid=19751 comm="blkid" path="/sbin/blkid" dev="sda1" ino=16128 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=0 03:39:07 executing program 4 (fault-call:1 fault-nth:68): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f0000000380)="8da4363ac0ed0000000000000000004d01000000000000000000000000000013fff6f2a2299748aeb81e1b00920efd9a000001000000000001000000000000005f42485266535f4d860c1317278d451fd38e4071a1e91c0523b67fecca5b668ef40000000000000000e4bd9fa7c5fcb3aefd8d4a6c4952162a5a06316567de06abe647d21f253840c118ae9982c6c238e719ccfbd8f5ee215e30bf31f59401e921c6a9fca5349ebf4294d39b5931232929caf81701a7540962141efc672ae1459ef04de89c7a092e7f", 0xc9, 0x10000}], 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) 03:39:07 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") r1 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x8046) write(r1, &(0x7f0000000100)="b63db85e1e8d020000000000003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1acfbd6cbf87798a9b02de7a91a3cbdfa009cf75a7eadb2a00", 0x48) readv(r0, &(0x7f000085dff0)=[{&(0x7f0000000000)=""/62, 0x3e}], 0x1) [ 561.487938] audit: type=1400 audit(2000000347.879:2578): avc: denied { map } for pid=19762 comm="blkid" path="/sbin/blkid" dev="sda1" ino=16128 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=0 03:39:07 executing program 3: r0 = socket(0x10, 0x803, 0x0) sendto(r0, &(0x7f0000cfefee)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r0, 0x0, 0x0, 0x0, &(0x7f0000003700)={0x77359400}) 03:39:08 executing program 0: mkdir(&(0x7f00000000c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000180)='./file0\x00', 0x4) mount$overlay(0x400000, &(0x7f0000000000)='./file0\x00', &(0x7f0000000300)='overlay\x00', 0x0, &(0x7f0000000c40)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=./file1,workdir=./file1']) mknod$loop(&(0x7f0000000040)='./file0\x00', 0x0, 0x1) [ 561.557574] audit: type=1400 audit(2000000347.909:2579): avc: denied { map } for pid=19763 comm="blkid" path="/sbin/blkid" dev="sda1" ino=16128 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=0 [ 561.593493] sg_write: data in/out 167162/24 bytes for SCSI command 0xff-- guessing data in; [ 561.593493] program syz-executor.1 not setting count and/or reply_len properly [ 561.611829] audit: type=1400 audit(2000000347.939:2580): avc: denied { map } for pid=19772 comm="blkid" path="/sbin/blkid" dev="sda1" ino=16128 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=0 03:39:08 executing program 3: r0 = socket(0x10, 0x803, 0x0) sendto(r0, &(0x7f0000cfefee)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f00000037c0), 0x0, 0x0, &(0x7f0000003700)={0x77359400}) [ 561.637517] audit: type=1400 audit(2000000347.969:2581): avc: denied { map } for pid=19775 comm="blkid" path="/sbin/blkid" dev="sda1" ino=16128 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=0 [ 561.647045] FAULT_INJECTION: forcing a failure. [ 561.647045] name failslab, interval 1, probability 0, space 0, times 0 [ 561.672621] audit: type=1400 audit(2000000347.979:2582): avc: denied { map } for pid=19774 comm="blkid" path="/sbin/blkid" dev="sda1" ino=16128 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=0 [ 561.710492] CPU: 1 PID: 19781 Comm: syz-executor.4 Not tainted 4.14.134 #30 [ 561.714761] audit: type=1400 audit(2000000348.099:2583): avc: denied { map } for pid=19786 comm="blkid" path="/sbin/blkid" dev="sda1" ino=16128 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=0 [ 561.717626] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 561.717631] Call Trace: [ 561.717648] dump_stack+0x138/0x19c [ 561.717664] should_fail.cold+0x10f/0x159 03:39:08 executing program 0: mkdir(&(0x7f00000000c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000180)='./file0\x00', 0x4) chdir(&(0x7f0000000280)='./file0\x00') mknod$loop(&(0x7f0000000040)='./file0\x00', 0x0, 0x1) [ 561.717681] should_failslab+0xdb/0x130 [ 561.763407] __kmalloc+0x2f0/0x7a0 [ 561.766951] ? match_token+0x22b/0x480 [ 561.770844] ? match_strdup+0x5f/0xa0 [ 561.770857] match_strdup+0x5f/0xa0 [ 561.770870] btrfs_parse_early_options+0x241/0x310 [ 561.770885] ? btrfs_freeze+0xc0/0xc0 [ 561.770896] ? find_next_bit+0x28/0x30 [ 561.778317] ? pcpu_alloc+0xcf0/0x1050 [ 561.778330] ? pcpu_alloc+0xcf0/0x1050 [ 561.778348] btrfs_mount+0x11d/0x2b14 [ 561.778367] ? lock_downgrade+0x6e0/0x6e0 [ 561.778378] ? find_held_lock+0x35/0x130 [ 561.791925] audit: type=1400 audit(2000000348.109:2584): avc: denied { map } for pid=19791 comm="blkid" path="/sbin/blkid" dev="sda1" ino=16128 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=0 [ 561.794836] ? pcpu_alloc+0x3af/0x1050 [ 561.794852] ? _find_next_bit+0xee/0x120 [ 561.794863] ? check_preemption_disabled+0x3c/0x250 [ 561.794876] ? btrfs_remount+0x11f0/0x11f0 [ 561.794893] ? rcu_read_lock_sched_held+0x110/0x130 [ 561.854837] ? __lockdep_init_map+0x10c/0x570 [ 561.859316] ? __lockdep_init_map+0x10c/0x570 [ 561.863795] mount_fs+0x97/0x2a1 [ 561.867144] vfs_kern_mount.part.0+0x5e/0x3d0 [ 561.871618] ? find_held_lock+0x35/0x130 [ 561.875674] vfs_kern_mount+0x40/0x60 [ 561.879469] btrfs_mount+0x3ce/0x2b14 [ 561.883252] ? lock_downgrade+0x6e0/0x6e0 [ 561.887483] ? find_held_lock+0x35/0x130 [ 561.891526] ? pcpu_alloc+0x3af/0x1050 [ 561.895397] ? btrfs_remount+0x11f0/0x11f0 [ 561.899617] ? rcu_read_lock_sched_held+0x110/0x130 [ 561.904624] ? __lockdep_init_map+0x10c/0x570 [ 561.909100] ? __lockdep_init_map+0x10c/0x570 [ 561.913578] mount_fs+0x97/0x2a1 [ 561.916934] vfs_kern_mount.part.0+0x5e/0x3d0 [ 561.921415] do_mount+0x417/0x27d0 [ 561.924966] ? copy_mount_options+0x5c/0x2f0 [ 561.929363] ? rcu_read_lock_sched_held+0x110/0x130 [ 561.934374] ? copy_mount_string+0x40/0x40 [ 561.938590] ? copy_mount_options+0x1fe/0x2f0 [ 561.943067] SyS_mount+0xab/0x120 [ 561.946503] ? copy_mnt_ns+0x8c0/0x8c0 [ 561.950379] do_syscall_64+0x1e8/0x640 [ 561.954247] ? trace_hardirqs_off_thunk+0x1a/0x1c 03:39:08 executing program 3: r0 = socket(0x10, 0x803, 0x0) sendto(r0, &(0x7f0000cfefee)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f00000037c0), 0x0, 0x0, &(0x7f0000003700)={0x77359400}) [ 561.959104] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 561.964284] RIP: 0033:0x45c27a [ 561.967451] RSP: 002b:00007f4eb8d06a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 561.975141] RAX: ffffffffffffffda RBX: 00007f4eb8d06b40 RCX: 000000000045c27a [ 561.982393] RDX: 00007f4eb8d06ae0 RSI: 0000000020000100 RDI: 00007f4eb8d06b00 [ 561.989644] RBP: 0000000000000001 R08: 00007f4eb8d06b40 R09: 00007f4eb8d06ae0 [ 561.996909] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000006 [ 562.004159] R13: 00000000004c88e2 R14: 00000000004df6b0 R15: 0000000000000005 [ 562.320133] protocol 88fb is buggy, dev hsr_slave_0 [ 562.320137] protocol 88fb is buggy, dev hsr_slave_0 03:39:10 executing program 5: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$rtc(0xffffffffffffff9c, 0x0, 0x0, 0x0) getpeername$netlink(0xffffffffffffffff, 0x0, 0x0) r0 = socket$inet6(0xa, 0x0, 0x0) listen(r0, 0x0) syz_emit_ethernet(0x0, 0x0, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(r1, 0x40086602, 0x400007) sendmmsg$inet6(r0, &(0x7f0000005c80)=[{{&(0x7f0000000000)={0xa, 0x4e24, 0xfffffffffffffffb, @mcast1, 0x1}, 0x1c, &(0x7f0000000580)=[{&(0x7f0000000200)="187c311e9c324974555eb624c14d1c5ed4a464c10f4835ed03b6c470571060e281433f98520a9df36f71cf946e2f5911608185a04566b3558abaafe9eac206c55200dabd60529a7a74a26ee884141668291009635accdb70728eddfd4ca0f455e3685e7e4e068d0b475d7f754d8611", 0x6f}, {&(0x7f0000000b80)="cf7c66110a48ba4f802de7b5172476fd55d05f16ba96c41d08f10bee4209f74158a1cd7cdd5987b12ef374a44c71993e7d9ce3b9a5d6fcee47154df2c7b3135638a332249a23ca3d04bb6abb3d08673b3d9918aa7d6df3ae27ed670f51fdbbd9434cd5f337da060fbe2f05fe6cdc4b6e8aec5844e7de6602b416a134846e061783b1728b7e7789d614c1e8dcb32bafd01b3e635c00d9ed80f9d023b0d0c52d8c5a8d85080d4cfc1e165b068c62c0d7fea495c5ef1eefa9c860640e06639546bb5c480b86e1d14764de4efbcbfead2473d5ed65e1194bff43fb8169224466fbe3d66b702897fbd539ea4869e0a2e8b441553676294967b7cccc44f56f85476f1e655a52c5ce0f949013b752fe986fade043cdfca9ae7d01a54c1935d8e5100eaaac704eb93582fe78a2ebd2d198bbf5971475954047c1fe75fef7754f23ab186f6934f45b4aa8d3c86cfce0428f6addc16d567bb7a247bc00333cc9bd34be5a74aa8e6bbdf74e9e9e6440f9a5e960cdfb35ba7edd612ffe618bee0a0894b406e820716e765bcd676056b455c60f6fc776a761b248c00388ba007d5e226f50ae5eee4e1039493c7c4c334db62a2818ad763a7690aec4b8d12e87899ffafc319d8f69bf68bcd007605554ea6d76d3837d7b79b7136368149570a7d8bbc2edec7c1c4d8507b5100fae3669d5d912925de32d01739dba9dec5a8c5eab95853e768c1802647fac164c1d7b3c23545652068aaeb7b765efb83d80632482e6ac10f8f033808833b0fe3937b18f36db3b9d3711e9670cc2e934aa246d6027ffe939c2ccfffb6f4170b0ba4fdc734b976aa5061376edb73b81679205523dba83f1e32579ac3dd46786ff5c973c2d1bf2e0e1abbcb0440aa42554bc6ba68f6f2f3cafe0a2259c03375c37e8e12c55ff93567a2df28485042a144c58bbae76a3a71d7a22c5ff19da864c6b8b418d756a389c2bd78cecf706f98ea73deaa3399a5c0827e4f2f0c21069c788cac88f5d8d880cd648a0287cc103509a3709156bf61ff2e5da9b002deb4292daf1eaaa328fb56fee9cbd975bb1e1088efe8fa7078d86a9d7bfea3dba877bab069a0b70e76438f845167530aec8549e9bbf157ee04b29b8eb98c2e6f7c33e46c100a15fb21f4de459346bc620e56a4dfcfd7c3232f85920a2991be855d83559e40ae30eb5c907a1d1ed03213571988ad768861b2068ba1db1142579d0407c0a91fb2219098fb81b619005bc7a3a7d16040102e35662f3d8f1f055682193c3daa752340e916140c8f8a578b69b31437e1d365edf23cb4eb602929d5bb9795f75bd1f2028ab56e5368757e3335695912894278b74ca3e276d5a854b367a63c3f0dd45db4fe4323f4669f5df28ab41eecaf7862c537e68961cc0dc30c099eb375f1d02975fcac0bc2e61ac504262e033039562abeb2790b124c09cfbabe56cea2b450a4ac2f5bdb7afc2853525b34a354064d8c892f9875e342ae2a6def0178424a5fc1569694dc1fc3c68133b9e0a26a65a577048376ee23bd0d551b94b289b7a5caa34e6080b0beb7d85c61c5bf392d3463e9642ba4b4e46185e060686b51daed7f5e4c33f75be0c233cc3dc3135303547115f479bef3cc81351c38545aeeb7c4f3bb2911a329e910f02dabd75e37cf784ccc09535914b7a8ac4a47325dca2f4396d12d12bbb35f3bd16098b12f5fbc607c3725ee22e47c85b01042107bd1c91852b64b88fbc1f0918173690401f8818ac48eb6abf136fee270b1b7b2ce29d26b3d8b3825311bf104ab261b6c4c4ff83b8d9b10d0371dd365127ac6a1ce82d9f8ed6f020555f2ddcfb4c88f3b1defa92682fae835d52c6df93b576f8351d12bd0b2d67261f8194347dca0b229ff3671f5baf128060883fa7d6d7694127e09c00984401a2d7ecddd0d88d6dad6b2d312a78ec523b748eb5e2ab67c380a4d79e996d51ae7ea7f244935c8d8fb5ceda54b96eec73c40e682eaaa5e623bb9f6f7bf135e9711167e8d495fd7f18e36baffbe87acc6ee58a7352412a2bea2f95aa3d610267db765e3c331c678ee6dae5bd667a5dbf89323ae5d8e608e28fd9cb8fff8cc22adc7bee9b4aa85960bd7e5c85d42092870eba1b829410f96e7f572304f9306ae1577dcc00db67939fc1b6ad6f61bb5c12b8d74da2c8c1a3e70e1b302339bda3d8015d64e9a7658e345a03ffad11c1c7194aba5f7dcd87624783035675cfd7d7447e92b69d982fd473de213924e809443780e68eb59e5411ae8ba40dd6538422f30fdc411cb6a1542719cb215be33263432f283389119e6dd339521956587635c3af47f92b3e7868e18d77cbd917027135e4a80605276f76036b7fcc53fff9b58356dd12d0656a12b921c1c5c516d648a632a9804924a56b4f39640c062a5893aeb277f0955fd0c7f0484522287d84a098aa95c2ad834b7b6e946d8f026c3d6f4183c8a8f9f2fc23ccbec00ffbc4479e2171776b2a635efa1ce6032c4801235c451829edba14a412d32bf43ba0fc7dfd2b768c0e187a662c3713e7924f649a286ee4e392839685d8ac7221102bea41801537e48cacb10266925662c11c3e96ed2bd2da777e86e59e98d7c322df8d7c20c3af3ea6258bbf3bf0ef0a04d64a9be1f7b9d4f74ec6e807736450690d590b5dd301124d1f5307c8019136b44efa71085364858861660deaf6c6eb3114e8c1a5e3460c99bf0ad12eded9c394dd97222fd95b032a9a3aa43a81250a7334735aa9c704b66552783c417cfa49a162c5ae1a4a490a965d1afc33d8fca4923d30a344e5e92606a6780a388a71ec1cc1c1ebd54f1651880641dfd80a236347e4bcdb2ae3069131d6a397e346875e308bedfa310f33d86040c061dd130051b227307bf0ca2aa39c3ffc3ecffd03c19f7902fee5d8a1d5c94135e1f41311f8a5f9c9c15ab2a11ec86b6a9e6768863db010b7ac6b5d91257fd6540b632411b3e7953cd11dfce6ee5d0b8f80531ef0fbc71b10f85d78407b3e828d1f5ffca69c7a6692a6ae99ce0776c0106acf158e9474a2cbfce45f3166fbf584e13c220491e4c510c18b530dc30355e8c9546df91c6000ecc0062476fda932efdf450c0013e77ce6db59b0bfeab9c8ee4c52c52633e0c6b8954eb8a445d31cf3cc635b471ca4859428f24a727d93a7fb87cf6c2b16fbebb36566f42de252441ee0ebc5013dc534c43320b9f81c57af76b7e2438aefb746de725f80c019629641b65004074d23476135a163b8b32285e52bb017770c58dd80c329a2411b38fc10c32f174226e91dfda2968f6e63834c8db0508980a1fb11373903dd7b4918ba688d6a26289639755856cddcd5fc50e3344f274a273dfbe9b999173625d3a971b0a1547f132b9cc3990d23d4054f93b8e8b95773e439ebdf00ba15937d618a0c46e81641369fc05ee44c121b43bd12adf8eb739385c5ad225cfded5d2d84428a3b87622c311cfbee7c0c83b5621c2335f22acf341604ea3218c8d31385b73980b0f6c0b7158f413ad2166950cbf2642624bbcdf492fb6a9ff79d7c56d0fbdefab5e67e95575c2ae3ac5949ad01c7a25d164cbfc588961a5d56f40c7cbd22b79154b039084efd232aa187396337266bdad283324a4ea9afe9f67c80ea6d4f113c811803acbc094a8980c4a912c947c1b006484ea1035fe7aa08d3f2ade0f66ac42c65bb73ecc785b7ed611c096fac20bb524bd3f2845921266f896501b5363c10441262289cda652b64a96442d9c213a5b07f9f5840b2a49ec27ee5c5a9ce91c89addcd696b8932b5a05a6db6b146ccf4abad509d7fe7b0780a4fa9a341c39467b95c0f85466c5aeaf479f9d44c8b90d10a8fa65228f8380be7da85c431a19eb055512776d0916a7cd9c662a21bfb7749ea800b4f4c89320c37b6769ab6c7e7e90861ded18576c17b6182f1891ad350c7c30a5477b1b85d16a4b27ebfababf9913c5b59bfd870120138b0a5cc6777eba5dea775603c2ec4dcc0f040dea90a435fa736df7966f32f4412e8c6f26701f70cc450842fc2b7f4feefe7b9d6f51c8ce091f20e50dec993abde298deaca38a5e17c0fa94562a40e63294ce2dc23d2436171a250da3fa8a0825b11ec1eb4d7bb223bf42ada34f4b7e5ef8e4ca65d11be2369df97e17e29cfa241580d54292d1b1e79ea664d0a679b69eea438e800c901358116d47933b85c08ced82c7ea091a6c9b6e0a637c2425614830bb01fa8f5fc40735f0eb97ec5bcd1190bae8a13c459876aacc50bb0bc706b37ef59df03a507be3100c242ee0ce8165849d2ba58c875dfd47cf5639732991d784fe01f0e5d5d8b4f25378594ada7da232768e1dbcee0ecbc0c8f70c4c2a32ac90cc42a83a0f79c9b9e5e8bef7d6996f329400cd00d31681b752a7175d19226e28e3f97ed46fbacf342e6dc8bed9ba1583895ba9e9779a22d50b896e7f826eaa0eaa64b0c81c9fa91b618f74286ceb0eb63b019038fad16e5a3ed9e84ef9197fedcfb5a6dc5143c3a3fa0e6e47f7d38aa98a116ee1fc2c56cb8809b4165d4d8753306ee4a94f14883345d5315901f88cb0aaea79421855380550859d354decc9133dae1b5dca1eadc19084212286ebabde74d89e1bb9badc012b74f6b22647e4fffd15858a48df46437153094e27111c6a4a50b25d09ab26b829e422a9e84f36602ec137dec2f2e3be4013cd0f11d8d9672232daa9f2e681bf578607eccb98eb4a8ec99827a7e353ee48360012f3f7df12caedf25fbe9e11ca7edab14228aa04c6ac4f7d3b7f739cafa47b0e7364df4a9d318596a3e0dbfb647ba9894e9033f54d6f740659729b6fd860f9107f9f95f9a45b70dc2f727a8a10616542607638ea02b41592446ee544cc41d5491b334a47fc5ce635b64d2d98dbf6e639dd97d6c20636f96327a0053b87a095e64d411b201021dd026f0756d572d7ac0f723f448d4ade7d179d883f6f5d030470174d73add7e528fb970ffdcde06f43d36ca0e5e490a8dab9ba0df058c58f436793bc4a5d75d53fa8574c307dfcb8420982f4c60b5fe8ca6d526051cc840fcd1fa87a653cc92818ca423b5e60fe21cc37e2706a0994692cb23a7e0a2c829aef6253b9ed29a6332ff5edc01e9e203ef331c729a766c4a0bb2852db91be2deeadcb8fc38e3e91e241cbf4997cbb5bf5edee38153c6438af227b6c8ca5ce5eecc4e453bc32767bcb8d20e4683e5c38df7d354aa24c36b5e6f3baeba93c347009105d18f9d57b8e037126656af0aca7735922624d91632be5cbca95711c61b749bfa50397ad5a5b51d0e2dac1c2da47011f0578bbfb29da74d2a51f0ea06236f24bd47c6d3dfac84c7eb6026ef689ae36fb437930bd516d9d8c055cead391b7fecd9bdb402b8f7ea207bcb5d664bbd0df3359c4e133ad9dd4c9d8f77bc463b3c1f9ab0b7b8186b63a621c75a798671d199cf26d9533887a6743669450e910018242eecede2c488e7d07487be54a1b580791a1989baedd16bbc8ba4ebd16521f73484168e83611a125631821fdf259e8021147b3cef9fe5d631a109ef78d3b0b6fb2fd0000eea3866b79dc6e531e5515d4e4b1bffc978d053553b4d8d7bc2c946edf802932715ef1a3e9537989bb06b34aba6275c2fe9c17cd70bca5d8f790411271dc8731883ea4b18c7fbb716c80dd50c2fe35478cfac9cf683a556621ab4b30218ea51ea59f755b5102279998c0d3ac34ac4aa54740aeedeec324f7b3b2cb73700676b378a9be53c332427a73bf98ae389b23a21231c668053f6cbb11ec5c76c580aae01153cf6ae738e05e51473b5fd16bda4", 0x1000}, {&(0x7f0000001b80)="523520fa4b516f56a1199b43fd1431b6d9352ea76822ed98f5555bf8fa4b2bce15926b1466c3e1f9aab6f255de2f914b2565420067f3b030a517ccb463ef3860a6b82c58883ca8669a521b9b2290bb316663d6c5bfd687b5cc7a7a56d6a1a830cb32da44a688fa0f00547486b9d263dc0353b4184e775ec5b9790a6b9d099460fbccc3c2f1b37e8f551163a3603f1908e59897556229453862ef0b9e1b395b0ddc72cf90c513fbb6da24526ba77be08c656f05c9293c26a7ab8756c30e1456b8679063cab63ce08c9f3f95da61010c5542004442e15945b362495d2440816a49f8a2e68a36edc2af948433c22d10c6d83a74ae0012f9558fd6b7c3e4c9609fbd8a210063790c0884987244dd9184ac118d3e9547e9b3eb52c556502e4fd32b0b8e998afd54a23e6c84ce1310fbb34215ef915dc97ab181efeddf52406918086f97c3f5b9bdae2eed4f3fc8836d7b5a9c06c88086d10eae7aff6a78f5ef5a1762a69dcc1cd351d79fdafb6668389a298f013fb99999473d7a881a6dfd40a7a3cf988ef8a0e9b39855f93e8f98eefe23a6b72c4fe3a21752ffb06a8ca093ff25f03a87a187cd35dafb3491c00bad0572c1c57938b4c2aa65580525405135204b33e2a0bc9345ec066c94a48ae9eb240470f6fcc7fb6666a715384667f1094bc2892d4ecba2d25a5e57db7f12d03cc36cb561c09d9da1fefb98bbc468873bfcbd63cfbd1a04632cad0991efa215ce2357f4729a4379fd05194348e236ef32068e9bf07a70e4c324e0a38ac6bdbb65d96e1147c2beb2a4909cc84f0e814d311ecfa9964387287a9977495c46ea00417e55fe1e0a51fa9ed122e4ea66fd6d83fa41add127c2ccd8416550939aae75092110f097d444353ec0e9cdf535f461b363693f226c531f5d7a41e7307a704c2cd2f2c935da8f609399e43e6dc5f3f288275fca5fe384d8204b7dec51cc06ae304f318b53104c605e54eba776afe897ac55363df39fbede3dbcb965ad79acf92399fc4e8796b90a0aa3b1c0e69f0f28f27f84ff3db9beb8afe4f5fd269ceac8312353a822c4a32dcc1792c046e61e2e0a98d14827315163b19cb5d5bd0d300f031b8922d2d487444089d35990e7b2b02925dbbe84d665f9b5dd92b982ddbd98f13f5bd19c35bd513e08d742ede7ebfd3dd02367b32e4df4a0673f314d83d1ae5ef8f70a1e44439a21d0284e01202ab460e03ce01f1e6eca06a756ba572f438ff1300ccfeb676eab7fc4942ba6e3c9fd48352c9f8a22d198d87d2d6d9b0845ef14f67958d07f36ced1df6a2fc783bbd9653542898c2a944c0fc187347e3649606ee2c36593e06a56e7cec57d56c9c1f60848b1d729202d20b135f4c6a2dd172032d6e5387cad3957267a3642801a77eca1c76894dd7f36a2bea3f8aafe7537fe2716263b2c8c9d60cf01e3a667b33d7dc856148d2fc34c7063a613c75207f2cc347c5a96c260e6130e16f5bafbfd5f652f4f4f6bc38f67cc3047f568fe1bd09ed42e95d2bb4cd1cb5f5df2cbffeacfc7e3b4c8881f67d78fab9c5fb3c2ffb828c1a985852751cbeef39b00fbf5b50a0cab1b5bc7c83949a6c6cfd9ba3da335f9d8b8d4ae7b63976bd020ea9e9d8d1f769580cbfc495b4b32d05f671ef2639f2fd7b746746148d5762874457d7b1c56770ee49f0f9b58a8b1684928c675b283fd58ba336094dd25321e31a6719b7ca3cd5aaf8f958d55ac42984c1e5818053fcb18193849ac6d566be19b02eafb963ecb849b1507a4d0cc96d2676267bcf067a4bf93909d6f6ddfc93ca3e16670f268bf2586e0851eb165bdab4dee34726e616eccf9e2679e7c24aac54f4d89763b9e9f226bb94d36813f23cfc77ca233a7f683fe2c9ed6017c99726fe207db070d43c31d592ed38c790581af555a1967e9b300ea365cea4dc394a4a73e5da699e12ec2c093f2adb678b57c8ba871bd0826c40e28343d2e9b4f7e8a2f9a296aa1f0535f1eb4775984e05c4d4962d96d7b5a2610b5f051673106ac893aa8a15406dd61ddfffa1efaa3af3d75de68a592004ccbb46f06eebe54dff2ca81909729e6a067e4de949b537e02a82bd974ecfda1df0b94fd667e7afcfc012b062c78c53be102870145b8c26c7e062ee90e089ef3418652c1fdf4e687da9f9e753d962aea78c9ccd9011d1dc703b9ee8bc3d75f9cb953d7a2e9ec736588084c8b70ca45fe34646ab67ed10b88cb9cd6e0ba15f0668e5bd07507a336fb6fd8659e0609fcbdab94974a66c17c56381f5815688c06513f0c6ad943945a6029dad58293fbc2cca4677b57fec48cae9a34f84bba06b0ae8cad623e1a29b50d9c8bc39380626cba688bf45d779f01bd031bafd125022785728e288db48632a556abbcab3c2dd9584b2109c47d7971cf089658269a5b6454be052387857f464c6f9e3011de639b480b5976d0cbcdb6f79d85b99a5b4ad5cd1b9a3f9cb24316b7166e784cc412898bc055a115c962c8d5482ed18b6d4b6a28db10d93f47ba1a0b41f42fa22f8b84bb49b99536610d903e2f8c07e79e030cdc6e7522870d61b1faec36d820313573db4087ad86317f79c912cba098aac9e24a3dff7c83eec87e78de377d71e2a51186a459df6c8a0f4706c706abcd006ec6ec244f532bdb0330e935025bfbf6cefdf8baff31f0bac9b30cc5e7862271c86d302e12347539666209d344fa4798437ceb4c2bcfcdf86860364dbf5b8b0f239614b1eb8920fb4ea17d56758b91d8000a35c935ac81bb8812abaad85b12055595c30b4c0c402167c73563ad3d968341f4458281c6b6793335be01eb29d8829b6cc10c1982ab0ef969067527b553c3c6ecc5217ab9f4140cc8f61364b8da25318ee4b1d00a92673194cf82d169792cc251478ab810d35d425dc948b6d29747c28bd186fe299b251f626f31fa0d987ec8eaad445253b62260dfb4a218104c0c2fd652e7d5851405ab7b75ca3dd1cd106f05c44cc500c23cb134fc7f0c208c7a8198520df71add60709622a6667be8642a583eb6f1285448f9cb34a3248d1fd3566bb74b91a11bdc2e2f3c141173f6ecb6c6a29598c9b34645ee2ea5a924b45c89aa0b461da1d7702e63cf0fb25d62950ce141a84936f0e277a4d99caf8bf31edf524941340ff01615e83c867f5aef0dc8223a2a87a40b05ae1561695bf8f79c33ef81f2e4c0e0df2e41d14ac47faa3bef56d44c0176fa4b0fb66c2124f9da56ea4c5e5449086e7a46b21ea2d00ff408ff89d906bb95870bd8009d65daf803d59016104dad3f9552a38ecc6779c8b1fae30a962afdcef469dc16fff5ea9469e25395064783ef06f93818f5231b64d45f96ba96a788ea4e77ce81c3a49cc83f187b98e0d42504487c57bc76f1aeaf4f17fe3ce20ca22e7cebf0afc6aead4d1aec7007c7b4d87835b6faf3b86b7b45bf544632ab3ef918d39a56f74107b4aa1dc0cf0003a1121cb77bc5becd65231b07596d104f6426892ce7b8352bd5ba7f5ed05bf80690fc7412f41360dadbf8ab82c21bd70d487324c9baca21ad230ca2cbb77bf8504d5ffcde7167b7e8a563a2913b191e3cacc2b2b8493f658e91a64f8fcdd20407c0d6227248ed8c0de2acb5d1db6020159401cbc3f68df25df6fee215499dc3952613fbb6efd20e644aa2717b45cad699921363b9c888628fb891514a4c67a417afada8dceed2e28b27aa3e582fcf19b68000780312c12f2b5adbf68a06ed7b6c67b21a51800b9d04950d16f5016ac22298e4f9628ad920052cc445f711a3cfc2e0353e539b4d60e0c0bc45cce2d61d4b19078e9a9695af96d17bc751ef2b991981c30e1d7f15ccc27ed981ba8dc5934dc8a2d45969b0c13dd986af9688f2c01d467f04ea9d7ddbdb9151a3e489299aaff7b951bd0bc04703ff69187fd82ed2239eea8e01f7e90736bf97038f827e1d8de91612432360965d92ca18ff1ae524655a4e9a22e7ac0f7440ee08e49baf14ad50f7c604e9ecc629bd6da0d3b02eaa6149a4f1e2d9deca78dc51edefdd6bd7ee1cca1e0065053477bf429a0eaf354bc87d52f442e80a59ac54373b8d3aa23cf11826a7f4eca43f03b0208595437b2e6d00896ef249c5e0d1fb69cffe8a8fc78127fc39262a80a803de8d11ec86187a10cfd87a4c0619a5887ef47540da1b39fabfaf2aa82fb14d55cb5525282077dd65cf080d88d2ae8bd2b1364f27e8a9c140a16b1286ec00d9705f47199a3626a56873cdeb50b02626b2eb89d5c794c4d4cdc074fbf0db4c448a89df6b905490f04e876fee07b7ff78b37f44296cc50ada101db6bd2857ef2a0fea69b4c35e8381bf9f06cd8e08e22dfc80aed2716d2a34898ce47a81db1cd8e52fc04dd94094b5a5a9c509bb184ac6a22268ef62ef883bf3d56e6eabacfb8cee847f1da46bd5bc244d18a890681cedd9da62d4d528ce71f88a2f0b3d824d98ea52a3c6095f3faafdc73b98efe178b221b065f260f66390c26fcc4c64803c22d7cfdd7e199c4d25ed9423b329f938e4f3a64f0956b65cb10c23329143d468a95e19d03fc1a87e32e9a8688c187a123d740009ad54f7392e5d65470c204a02dae5aea7c05614641629f2bcbd929289046f7d763d1b04f8493e4d6c2f7529d12b53763180e76a6487b402ffc8963d3b2d0547cfac4e6772dc0a561609849d67954a2e479618985e245bd42cd43c3e24b2a9e86c244288f2d04a62745f373eca1f078230445a632e487b0891ce17ffb6f86a37d2a4d602db43ac5efb82157b604ec50c3ae7c891c1acd9de63706594b3314b85870ea0228963a63a5f5cccf1ff7980a4f362efbb4c33cc462452f2ea92c1d9d95b8862b874ecfaf48e4081dca8a26f8f5039a38fa0c5da6760ae26434ab4ff29bdcd5b85743b41b8b324182e2db0a436405eb88c01252f5f1875794d2d15fd95555d7a64e4704b0f4f5c78bdba15ed94859ef0cf25a72fe7d43a55e52ad3d54f7ea64be5dbe63e252ce2e7123a8de3fc8f62c4347f091816c8b8358ecf59aa48eb725a02a35f47642ca7f8488a90f85a6cf7ccc544d7ac13649edc33283a47807e6e7ec2599fc5c6e6b2c13d179411f002065a692e5a44174dc40f5d647c0b9057f8d91f37fb09f00381a96443408249a363f967f32aca1b4d023a14f413cd0a35a6add36bd2ca909b8cc855bfc21cb43a4b6d23a44803ac08ee64ae1efbfa2f7664cf19f0d6c0b0c0a62d0fc277f09a2734c8f66d1996bffd4a58cca34bc4d87fb3282cca949a48d50c5b21d038397e466239314199895a60438c351c068b060a168686fdfab05f6a55f8c6e61868a15c5ebdb90ee13787a73f3ef16fdcc65387e6945460e816fc3339ba910702a3b3cd9742980bc97b61d856db20f72e333305e61821e58b2c4ba70b8d9e372e737a88ad1ad9358d08b0f044220a85ff900208c1ef06f4a23df31f84e8de0d0ee8ef41d482e3d88292828378444a428612872e1d0b53b26ca8b047c2eee188b8f33d103f623ea7ecfd08b899bfe491488751f5f1ca6c44fd80e125d29fa1aa3e4114a04e3f0cf7c6a6f665d8caec0768ab88d87dd35ff4efaa770c3f2c2ece267d2b73d1c8fe626bde527ed8a5e4082daec33efe37a43a1a77914212c5b81a6957febf4744ead8a472fdb83ba10f531bbdc08ce684c295e7d4e9b62c348baf9cab7e69f9d2d3baca40d5b25d408a88bff2c329bf1631a609d5c6c7291ce694df6b178d2a7535193a5077aa597c0546062b6081291cb7d44c822e85f18408d09b647491be721a4615eb44c12159bab335c4c8d80212fe49819c570c6901dc2073", 0x1000}, {&(0x7f0000002b80)="f99115ae2489112e756a13b2e35d66968cba5ec916a8bf646b8b7fd82583a1e9f2518a5ccb8270697c51be3a3200dfaf6b42069eee512aafb1e14a758aa3f449c2b60e44f011e47f0205c8dbf2bebf821f1099acbd8c8ca92615e2801958ad8f33e601ba3807f73b1b9d91abdab6d5234df100f96b5ce1d4283ce8258a77512638652ace0536c4937c27b9cbe8738da56d1bb0bca3350d89809060d16fd0f80cf90a290a9894dcd71bdb5386a9cb21e33913c2a97b7a007bdf6d0301785919f7f2b6834a3cc8d3101ff6bf3158b7ebcbb55640c9b4832583067b4d3e7f8571c2ba5b5e505da7e2721226a00f5ca26e8a17447014f774569ab9e73fd31bd6212695bc20e0810844974b5b71b8e7c71bfd364ef2fec520bc4ae807721556962bfed925c52844788115408c82ad0b5889870213371688172a7bf61a89ecaead888dc9447793a69f426ed1bc6749068cacb639c8abb081e4306968e112d6c4e100940502e91b3e3f1005ee71576992a187cb9a86986e62e94eba2afd26499f17c714858b98edf773147b930dcd31addc6d43f0a4aa284ee65b96331ed1f80dfc13dbe4791276629a9ae6546c98c87df8a975df59fe18b510a01c034aa97904d53ff3ab37752e87cdf9d820c47530b03c98172e97f09dc2cd0be6d6d810288857773310a02fe43cb13c602515ce68fb401158477cf04624475e0fa69ed53dbbda0b685debfe3a54cc26b3da446fffc5df00e03cc76229b648d06eb331ef5024fe5445726c672d4e3ccb16c7ee4d7940b718551b90fa12aa72fd7299495d1d127fea47f91c5a4c01cdd84bd5b1cebfb076858b9fc88ef930feacab70addcdbdd1c2ea6474f77cf3a9212a5d37c94f5342b788c4e64cb00c4fea47c906e497ded348b7a1c24e264f1d253ca0ce837594a7fc732568c2a873e2123c65dde8258d5a1262ff9ffe89a3933655e9cfbfac3b7cd7f32ec7d25d003ef43c1fb36edb2212b87dc5be113361fad4cbcba95f68330d9f88ce4ab31e18a69a1211509e900a70262d17d5965f5d38760870d90a3f99b16fce44ec05cd2194a3bbdf185e73d39f44c0b62718789db011e79ebfa247f09dcbd447b1f9479b455470621de46e859dfd6f396c0119ef28958ef64726247080fc90a9cb2351bb074c0d191142cccfeb27ad2b079e058b98de40f993a59b9bf810a028c6a3051c1576892331585e996d19d1a48c0a910017495f706e166c4a2f91a64f4394d3ceff6ddfbac4691ea8c602951b2148d0f784513e508121c54d676bb8d8e543b6b7b1b4e4ae595d5e606d30c9177ce1fd0268090f482c52789e582585ff8a5b06a7f699cce3faed2bea5b7618535d699630f14f5323253a08053a8f62262f450751f6e6776b9e0df959bf8ed7e187d9828559fe5352fe33b96dd154553752781b3db2f1e94a6df88b1f6aff2e15d6136bf6cb430902a894d6435e3692c64618a3d997b1e22c49473295449d0697bf14e1b47ae2e68ca960ef724f2f7058a865ed46cfe702fc8759beb9e7f43d9aacb9771cdedd4e6e75f7d280d100bc14fa1c0049f179d8bad6f781493cae967ed8ba4841ee70b43d6a3154ac896b2dae1abea5f58d1e34828f5328bc2f63f8cd05c679c79ba0da4e9fabfd2a1a4b544e1ac26378176b8ad2e65302ed4c0beb5a9e8a03c39546724fbb354865c8b5eac5a06c74fced22c01a25fa005a613289faf6f74eafc910f704ad3a407ea1d44b0ea00d75d62b49085a17cd08db4de221347445941487338735ff1392914622a440a4305d74a78654213b13b113803443f525ec2bae6418eba8fa0a33f7e75e2de5e823139aeb0752bc7173c6e90bdbfc40d7897aaeae537d8b7ba18a4024dd6b414acd3d985e9cf4372b497b6f987c3745eef7c325bcd857ebf6c6e36019b639199069db0bb09aac66bce9db61c591b6e33d72b9b05bd918885d2ef81f1510e6587820559da65ee2c211d8b6e2a9f8a489af349dde9b1c147bb8b3d3a9b8c00db3f067718103a8c9eb815c7be851b7766bec104dfc5668652e7881fefafdfc34b1fda3a6194a1e79b39819cea57f9a6a76c0316c9c464ca33e3092342fec0771cd9fcab64e1d98dbcb6dcbe3067146ef6c477104fa375999998bdd1a604706bb06782b0d45d97bd1d0934d73ffc21f4a2122a132c58db6de8083b3a209391633de503c841248310cd68625f48f7dffb17b5f8e6404da3e2a87f67978f1786df22b95deeb718525cf1b89650b39cf0ccee31add529786a1efe26ad4b75cb3fda399ce0a3576179612b5d471d64e6f47cc0f2d0c60a64ec9ad450b833d399858580cfbd14c41623df551df9fc43cac1ba8a57d59d4c0708ceb9c33014b06021a515cff9c7b6db59e08abd5777dcb9de66aba6d6784505e42073fe353ed4ce91ddc6087ec6a4f662f134c15f9db3ba9946b1d6c45f5849a0e5be3e4ecb658109d3885256626e9ba7adf2291594e5393d4c48784198251fee7e76b676af5fd51d5850a3eaae92c65c22c8ffc8eca667c225159908bee929c5bbb9d15ebb34cb5bcd4ea8d97ae2ff84dc1047a840e033bc3113ac5aedc5d334f45aa10d6949663b8fe5188c5648f5de2983244ff44c6d399a2667129f362a51c6bbe2f1bf6516c734d731368520a1dead31b061bf8479107f2d985f9b8a99f033f1cc01879bdac8d2db43230a74bad91761ec8c27c390594a93f86767ffaa4efb9710359efe91a076cf372aaf2335d64b406d5be60e37239604054b2b238361d89ff62b8e79781d7000b24487344fafab8b419cec5a2deaff109d331acc6187eb7707b0e18e04c9fece33db1d39be37cc06dbcabcf6050c526e7b9c344c1f5cef697e66502f723a198c4ff059a95fab8d368c7d34357b4c841712a8ca74f84dae0a501eb79c852b0e45efd369538b1060f43a6e49132e71033951bfa23f46c9b7c0196aeb3fa1abd90b0f58bece9f60f0ab375f3ed15dd532545c28dcf9be8e77c141f6f6f8bcd9ea01a917e7fccee76ecff0b931bc860a6a46014563ddfb0fc7b56ceb825215dd4d643060a1bf0ea9bd9c532b497e7bd5df87d32a6457189d8297c8841b3e4a707b03f1e71e7f51063fb42d60e93aee5d8fa77d0c53288d53d572eeb9d0b24d115c33e4a9a38d9ce48d36e71390746df4dd62d0784feb20e984fb44756f86dfb36acfcdb2f830ef41dd087103f4ac50be5356a4d02824418cf19037ef7a1d18aa21216743520fa600e7acc0f5430a0dd8e5c063c7365e8d7f1f8c6cca5202c658138c95d84cc1d7ea81706aedd17135cbdce4094e2cb3f370ce9f4306d3cb1c01fa5590b42d3de6f3bbe0d5ae50247cedf4524ca87ddebc1dd7a721e7bf13efb625d63f0bbaa256e15676892d9c5ebbe2ee8309670010c189a1402eabedfc18535913207c286261d81f0e5dadccb50f46f0f9be1e2674f302045fa9bd74b0ba0abbf714297359364220a7e7bcd08978e496e315901e49d017c122a5edc600022234c1de022cf5063a8586d4ad3d49c2cd3ff5927f333c7dcfd559376faf6a3c40d02186daed09c5384a71876b38ffdf2a46633635b1a27febd8ed3e0f01864cc68d8b8053f45dfb8dcd5feb1dfeb141aeaf276c9266d6717e9fddd74e6ebb277ed99704eafb860e390b612858257fecc669b0c0b0a4ae49c26288204b7bd53b34990fc02687eaebc077aa6900fcd9d86f7076f1c4004d9ad55c3a4726ddc25e957a4343a551dc8a49546325561c3a5f73cd377e097fb3ef04eba69541c92189c928dd5773bb8b21217ddbae78be1b6e1b8daad2c2bb6e2b1998397848ec6d61e851ff527decc6d4e4ad3cbee78ed285ec5f1720f02331e8ad03619ddeb58c6263e63ffafd8dec313fe7b2dcd6aa4c0b6c69360741df2805cdf0f271560053260f317055333f41e53b6c298481ed2a401cc7a34beb3205a647cf13f5a3aa836f5b2d384a55b502a8bf9f064e2849f0e3dc6e0b97d47b81b1d1ffbb18bcd04cc39ee193d00f2003bafeb587f168c2dbb005e0a90f54d61c6f93344fd697de043357953763b8e194ef26cbd38c15f7cc948e8a3de0e84bc977dc50ae9ae31d1483f990d8b944d4a74d81821c2f8b30eb9b4355de0a7903df5ca9d6c02e7758e3937200630fcbca569d7174569366b2ffed66ae312b8426aefcefc0c1e18143db1d68701e5f0000a262e7fa6ee7c96d685b553a9da8cf5ca9e3ac8cce237efb7e88abc29e23da9279123e248d8f393c706f50e6efa7fb0d4e75d280155dc9d3c2a0647f89b32fa4410025dc4da03e0b0f991709f08e7ca83343ea9a16e6f931a735fb14dccdbf456848c7eeb6d0c52c2367063e43c9689e861a6ae145f315294c13189d4d0dc4ca82bc3757d3695606921903937413044c9dd39057ecf6a0d2ff1b80266784fc5d9c54ba04bbbb0f97be2f79bbcc6c145b607fc8140ae28e9b449222190b91d4464656443b3ccc98955ec33221fd6a201a4625ed5f5a6b9d46586974db5ac806001218670afe1953f645aafc23c113b4791319fff995a10f3cee3487756e58b36e116e739a2ac1dd5a1b4b8ede62e3604d9b78bf214294c58ccbfed6987d42f9ace6f3380fb12540b85bf155e241a8a28d827dfee5b9ce595bc63a972e3e6363872e70f3ad2e8d1ce541dd2e0f514c6e9dcf5b995e55968cab6df7eb165b6e7a427d17f12659fd75cbb694941334ccf0f02d164c298c9585528e864d4638405655d0c6011cbd1c9d6234b87c4fa58fededcf50ac2ac92a69a92da24b73e9a8534532d83fb9dc6de3ca121be3247253b70204e424cdf95e669207195cb20521211703201fce62332c7e7f20002db1e00c56f717560053f99ce458fda4c6f10d8b23d544db7450c22d79f65d4a1eeaae9f236fa54db7e195f8582a9d3f33867af448693ae5d386ab99dcd17cbec55557a47ce5eebf21340ddff2de15dc6697a7b8079b1dfadb50cdc5b1270f54b4a3f746d90990c9f93e287e244bcef2b9f20c73f92bf3f25479208158492de8c95ac28a11831e31b48fb0d1f803a94e4c6e524d1100b65507461e03f507c23188bf2bca232629a3c049d7f9f353615733360e5f69036c3ad9b8c6d1f6c1df6d3dee344ea4caa246177a87ef600298370602d4332eedf42cfaca0735794344ab3b01655086891c7255a0d59e8bff0e2fbff131981f4acbd3db9ebe8b89f90d57a07b6ebfa7316e0165c2775c789298be4e3b76aa8f122e6f2a6aa9ff2efd5b9019daf55a28f6659cc76af0942d957784b2a3e70c3b772aa90973f02db687a3580b9f9bd555c8314ef0b51447de6ef496ca562a9dead32a29fbeecda33eb51137d9d1b8c1fe2d887d5447ee131d1b9ceaae7daaf759f2709bc713921fc3ce48f1b3cca68687132bed88f6895d6f8cd0a257220d319c80f7b85b756c0bed439287b12fce9fe889bfd7979b0caacff4dd5bafcbb9d8b1165f3955e58a8f54e5a94498dbd99ce1e70151f4a712219831590eaba151bb7c15bd5074a4966d313d31a78952717202898753819156b3a3712e5b07a97ca8ce9e7a43cb5315a155209322638ce222c63696f55f7023111a0f475490e1d1c38f6e328abf8160d991300fe763dd28637adfbf583854d4532dd148cf79c12d3b8c01361f79354ebaa748789bf7055ae9101f9cf8a368d98334d0e4565e2dc1b2d975e700b123e293c6fe6f2148ab638094022a2b7cf58ab1fb3b5ad828e75cdb974208fccd1675680a7a65bbd55d1ccd67fe3f287c5d0bea49610e7b782dc1efefc1f9fe733390652eec4b95f8ae", 0x1000}, {&(0x7f0000000080)="8a3f18ed69555fe9021ff81f58e7d53b06839b286461bd", 0x17}, {&(0x7f0000000280)="91ffa61292e141df58777e63aedb22d76237a54ed3c7d4da55ca15296a6ac61a22686e2b623f9b4672df24768e71da8c7d16db9f8272b9df8e9aa0954bba65a3b71a33749fcff742", 0x48}, {&(0x7f0000000300)="4c09f4b777c65872eb4b25327170ae25421ad3fa7c8442c42f768e32b449044771c0dc2a6815ea371057516f0cb923408a4d96717d84d0df12b4c4a8738bbf4fd3dab9b678388d299e7a34dcf3779662f3627c422785d1cdec69e447764dc228805a255fbdbd5cbf56f292c371559526f4b9af57cb73b21e4185d2fddfcf67beaba2fd82ff175ebc69584591a8489b6c8ac272edb91a1b140216b7200fe9b4887a6e", 0xa2}, {&(0x7f00000004c0)="16ec224cb05d42b33b07ba0c9314fb39f9c9d81ae602c383d8e217787ed86fc9f60ea99d6b8552dca76b0a9d267d24148a2fde2bd5e7f3c2624c537298f73b687144759fc7e33653a1e84c2f63d203623dade47b880b3191772aa64b643f98c15283d30b25b62e30971f1732a0ee9efc10a2320ecc3327836518c047db4b2c08272694", 0x83}, {&(0x7f0000003b80)="4b8328ee9ab5a2fe0dd2f2685ba913e1d8c28d4a79f42ebec4cd842e4c87e0523feb3fdfd5f029fa4dd8dbc46f4b64b0cbd152e8ba730d71c496b866a3907cd716d136ce2302118b3446219b8522d0d1521caaaa6979228af8264435e05acd86081c5804b67853eb761df61db9a67978e18a4bb074efbf9357431747ddc7dc8b9f20c10d961b416d4344cbc14fa2e1b2876d3030916b08ce6ed362e026b3b1280bc051ef577f83f93e2b9f542b76046ac47a580477f4e7888b9f8db7f0cd1a97e0f23596dcb8a08443d161200affb652224f410a3dab1966f1fb829595bab68f8fccb9db8b641e438829c0f89566ec679686a81682c60ec3c50033b6f005d6a10e7c4d7a412bb2a1654e709651f7bf48d2bd624d6429267d8a8be8cd07dd1cccc0665d2edfc5af94617ce7b8a3ec56d8957a78e22bdee5e17214314db0bb7196213b7f782bd44607ed49d97c961a1faf8b60d57d40e3df3bf44a3059acdc733fdd0b3fea34b71093077cf72448941f76fa93dca7d891320963aeaa1fbb33db566b5920ada4d66c01badc15e53447ab2302ece3ea8ef140a02a01a18a184135a424dd0356254a1b5f99e2868122ab85ae07db280f9af97c05f8568a5bbd83bb96120d16c58f3a67d541a5bba1ba07853ba7caa6bd114a8cc30759bd836cbb5cf9055d56fb17d0c015a0eac55ab07bbd791267aed054093d8e0c7f38699601eb3e433df2b2b3a94332d74f2f12e1c6ecc96371c9a1ecd922ee0ad792e63519daf59b73a5af7dc8fb29e0c839cc4990e94d5d3790037a44054755b3ffbbc3c8a385092d999015cccc83de83b6635c7cee981a87533fc00620720f156f6dfc42a56a32b44f7033e3e2ed0de6b38c02bfbd4c026b56b9de6375d4608cab44ab28e75e623972b197028b80e13f73196b1fe3a627be42da21b14831987342b976b01fc1f539bb06ec9f7d75e74b9d26ade81387c1ce876cd047d51386de1766dbf0318ecb60dfde88ede5f222ef73430237fc9d205ebd8bb54ecdbe1959ed99689692245b68d83dd952b7d007d31b0d264d6de466358ee7661f9e2ee902cbec0e61a4c83a64570650d7027bb9abd363e09a6bb0b99c4169a79b32ced2640720e0fc5ecdbc9907a5598d5e65bf6bf89de5ec6bfd45dd7ee35b972eed25635dcf86ff1f781917131c6798878d7016ac9422b030390bb1431c56238f92841239a768331efd156801956a73a786c180abc165bc8b78289501b49a59616d78f5b3ba691f8c7eb35f9a357e8df7d75048444e3002007dd8db1c9e907ce4fe94128d23d4dcb604e2a7366daf67b9357a71efd9d39560ab22cbb7fbeacbdb71c018a449032128f19301b8bc23e0dbdd907d025ffbfa672b22a707b86fbaf748a1cd0e2f76dd8d67f7410b6162224f889a2e3e21e013ba95113f52662f1af3e2d2a85e334f5cf292c1698cb332817f38106f84ee979410aca36273f100ccdcfbd1430791e79c317ebdcf61d1a30f7073748d05c22765370598625718efe65066bf7cee655842e5715b9bd896b31baccfd8ebbe0e4b437932e0c8e86725a426940ca98042950def7376fe64f7c6995566e2b4241b6e55fc826ede09ee6e8d61b25e5466e1da3fb127ecce457e7c96834235b2c2fd4b536ceab54463147984d44c8b50030817d4870aaa726b316a5d00c2814b76e9a0c374d18b35e7f773d0dac94beadfec1c7900925f713ceadfccb8e85773a4a709c06d2a5ce9ba971f99b53c693bc2ae88e359ca6595599fbbfb3ad88715e77a4f5984b526391c2c13aa53e7fbdde7b4d2ffd5afcecc453f05ac90da2d70cf0b1c62e4b46048d65cfa0895051627d660dfc922dc0c8341fbdfe5bfffea45860ac8e33951dc7b5a171f71ce89cd61276e58ba8a936d70a0316ba7b7583ada8915b3c6274ca7e9833eb5514995d2a4d7cc70f00cb49637ce383e2820e040e00d60dd01bea810b8670c92f86727cbead40418cc23b91c7583637ccdf3201d56f14cce463cf6046ab1a015ab83a8a6938149fc6bcb8501c960cbac0111456337e425b9470d93bbee8ec254faef84d4bbf3de1cbfc08a398dca526a1b569b49f7ab45a8a7f129286125d643403931de0b2e0ec6953e208af61f392516710684ae89f2b0896032a58133e91b9ffacfeb1439bc56055e665c5ca6cb94cde0ce59eab6bb4a32aaf87a86c8300ae11d50f2d2b9d22c445377b61905fa3dd6e525831987d15b46f54484143cb1b6d62d61ccf974fce8564b3193e7ddbd396ef969b80c820782124f9bd3c0d6cf4b5e898a01980ed871a658e9b5339cb6c034895a0456936f61819caf160a29ce051a24f2234871f4fd0f7f7b7871890b1c036cdcb5d1acfb6a50d1bb1c748e734acd34b29d0cbb498fb4b79892dc0064bbc27a5c9464a1cd8c769eab4dea308670d3951eefe37a7a33a8ba849120e5555baa61d238f8d7613419422f68437c39dfcbcdb4f0b0d985845aceddf76de0a26cc6836fe3a1087a61337ff464ed0b99bdfa63fc5688b7a1c638930ba411b39e461c617b1b61feda7fcbd6ea9c43541a9c6e962bb839d7d2344ac50a69b670a7fdc3ca75c4977ac2939a6fb06171b02493f2124f6145c710b4b4105bd9ddb3f7acf1afb477b373c3566c0b716aaf14f1678d56f446a0c1550757c21e6719ffdc7bdb38b7fad0a42a3b555ab8328c9097be563aa082dbb67239835da932580608b3c5190e37aa5239d837615bf7d389a97cea8c393ddd3f04b6f4e33f2cbca5f91a02256e8c27216f0fb6015e81151bb6b605574c006c3111bd992a35e31c226faf90b4d6fefc44587cf151cb3df92d774ec3d22cbc0dfdef2d58d25ea5eca6f907d2ebeb0be1fda8cbc150d248a90df54df06f290265ea05e52db881bdc5b9b89bcf40c6343bae70e8d4cc4ff933d3089836a036370e401a99405510786695be36f20ae023637e7f792573ed6b8f8db4e837f5a980f3a54158d1bbfaa781aad53a05f896feea38789915e6b6dd0dc7cf96a6c19ac9b06fc9c9b4d267ce117ba8be485bb0dffd5b0b87b14f3ca430490abd992c2b8ab3a2d16e8fcc10d13786cd6da47bbdb909ac11b92ec8e1be6e09bcdfe027e607aca73a8f2468f443d490c21875534446c0e4c1170690b7ff028cf057a48c26079bff921567a0b7921ecbdcea405f5ca293db92925948403f0cea2889d383d71e6ff14167fb6dc93cc705497bba9f88fd6809683fff14eed2335ff1c63b8488f7c72b8c5c8359e3ae490ec9b8c74d048da332777b83d9066bee4b298c31ed2fa9aeb5e219a3585e70de882eb2f908d92f0e6f7534db70be53f5a0748a04a7fa90fce903d948026b5a4b31fa7a6ca6d94a896d0774d7c620e8b21a68cf9d014e1fb68bffb12d208bc790ab0debf822dcfcc78aef95a09f6eaa222c1717547414e9b6d08f564cbcb9f314d746ce880ff0c20476366bde3f2e81815b1ac080f3dc03801961c6ca89a2bf7166b6ae8e959e9a7b70fda79b95d3a357c5f84f6e6a9ae40715ec19d924f8d0fedf07cc905b86f7abc53be86f20d24323b68a3224e0e13759061416f0037b9946159deea3e2bb8271a9c978c856649dc670813307f4dd653c6cbf5d233e40ab782c7af3ecaa11af19363a435ee2dbf8c9ffc5ce0f144d70bfb5ef10a5b8bc228e5dfaba4007ec2ced0731d46a6e96579d56d6f28426c4e62dfd9dcd073a15aafaeea74775efb3dc8ea4b5c42a1a4b1468417eebea95a83f348e52342d5884e5a16ab5380f643589cd2674d37d7c19be9b9844448c2e5aea3ce22430eab117d540e1620a2234977867364ab4c93a274980c8c07dc33190e36745ce0727d8e6af2c57961fb816f2c73bf9b377ad8066af8641fd5d6f295e4f0a443ab2790264e51f008340ab1e4a9740139d9d6916c92819089da1f8bbe53a9a7d34cab580f109c9f1242eaee299ebe46bbf43ded1c1eaa202f47e1589ea6729ab39eee1bd9a392d8888f7874c3a9e4afe84c5edda3e423768831e8013b1acafab4ba2e31575f9c4a5ea052e6cb7e14c51484959e6f8c90db6e7ce3d18255b1d2f6e2d4133ab5d5de6d191910d232cef953c9de1f60d480aecb5e3ccfee77a071a01391e0dc8942331f94638ef234c72ac09d60d33c47231caf6e6253f0de43fb040172cdbecf747ca4a3e4c665e685ab21700a0a8040c76b46b66b11dc593616a1092b73494727a7a432c239c7b19516ebaa6ce47c099ca952734200736a8533baae0973848f65b942cf5804b2526daf9dada51e8ad87113617d8b4bf080068cf69ea592309de0060d725b0e97deab1d0e81209e3027365e3b1a4228be61a05463289cc8091335159b18213b42465d82653d483b460f1fe26d8f762213142b336175deae5aa3d223f341379060a5d72eb93bbc3b65898af4ed80fe610a410e76068384dd57f3edeaba48bb0f89a9604e7a73784a6d171cedf1ad9856f726099aef260dc22a1857484dfa18ddeae00b1425e5f1bf9069294e800095a855fe20261bdaf8ec95652d02c8437ee116bfbeb7184aa85c233894e1ebccf64104c8b66f87f1e3ab653fffb1efce15664f95338172f3aac0249fcb4f9652ec1ccdcb0a8a3a3e7ff532d610380cd3798569004cfc70f275db0f7e38f9fd8b924da366209fe2ac48b69beed687340390c4b377036b2843324816c8aa7c0dd9a5641cce52f80d810ebf0932fcbfb0369bb14532213b9bedf09332f18744eb620ac72032eaa12d9cdd6e89980f182668316acb9715551d38173b30dc446bfe02dcf5f41a4daa6b5483cb4bf2289d37d86f180fc897ca6a3460a0ebf2241d329ba159a5fc3423ed588f41edffefa56d6a125c00dbc5f1d74e03a1a64d8edf8a25fb53f8a5eacfce5417490f3ca387eee2e761267ab344aab169687936408b7fac14f136d882a5a9ec6de302090701fb04edc883d3c20a395611447fe5debb001c8e03ddf016e39504e4875976d2eae3f9e1ee5194e5cb27ab01ac3c55e2cfa67f376a63ad0b40fdf3b0349a83faddade241f8242901420ffcb6d907634a2d4daf256d1df99db46453b67b9f4e605ebed0137d15a1e54ea27a657ac895dc4f2302370f1bda65dbe9a5518522a8aaca143366cd199dd2884ed2bb5846faab6095a1b431ead2141bf3b2da47d920d251de491164c49f375c3b9bf2c3e2825063a78a012d89a02d0ae2f70c79b41107bf2563d6e39ff38ea9612593d550fde24d24e39c35702c1f2767b5ec5e5578717220c1c66bf9cfd4a40b8a8f8cc29a219108dd43f1a234e0c9c82f8eb15c5710fad42aab9e9aa726fd291226cafa2ee6f8bf835bd4fe9d6eb13037183b5cc73e1cb528fa68f3d9043cc996c474f082b552eb79a237dc81cb01961097a7116968ab0325505e1a2264139ba64fe36d3f65e6aa942356c0ea988943e3a81c09071539eb53056502518b00a81f23eb1b5a8e06b1aafce138202c1f7d126f9850d8ddd9229c97a01f58c6e6ce5f7061036b92a855a6811a233a2dc524879957471d81ef74266667a8ee4d4c5f260af100739ce02b73ad2e33179734dd3a5afbf6ef32109a433b465faaebb8e8e39a4f7b3b55f321302b07167a94ac363e941d7d501608b5664e57cc95812c6f8ef12d3aa9d46f84fdb7ca86477a4ff89f45db7efb27697977f543ba49ff5b0e38c07ab3806453867574419acedb0455b86414cae9c45462d1ef6ca0b48f45ff33e8be88eba6c842b07cf31eeea8d290e0dfd3a1a40a9445d2dad8a29fc665b30f7900dd61e4e85728169726acd80e0ff98951fc7", 0x1000}, {&(0x7f0000000100)="b886cb72a82e4c1ef55382801e7c", 0xe}], 0xa, &(0x7f0000000640)=[@hoplimit={{0x14, 0x29, 0x34, 0x2}}, @hopopts={{0x80, 0x29, 0x36, {0x29, 0xd, [], [@hao={0xc9, 0x10, @mcast1}, @generic={0x10001, 0x3c, "a7eceabfe43a8845859f6fb4d2aa9c4da8e940af50e49308aa7aeb543347c2db1eb6090ba913acf8e999384613692b19015a19a3f70c25bb04ef0c2d"}, @pad1, @hao={0xc9, 0x10, @initdev={0xfe, 0x88, [], 0x1, 0x0}}, @pad1]}}}, @dontfrag={{0x14, 0x29, 0x3e, 0x3}}], 0xb0}}, {{&(0x7f00000003c0)={0xa, 0x4e20, 0x3, @empty, 0x81}, 0x1c, &(0x7f00000007c0)=[{&(0x7f0000000400)="baa69a82939e0a184ef4", 0xa}, {&(0x7f0000000700)="e1cfbb2b8a6628c59bd93a5ebfb53385ddf5edef37a957ef3d744e2521ab2848bcb3f99b75d69044529783c29e99db502ad36f9380f076f98bfebf70beb824e370a6dd79a192c66b2f382a45d106da26dd335137189c48d0d93699e9541c0d557ee5cc902f2c6a14e5da9f12036c48380d37cf0f4475d6b44993414f8f79084ff3ff4774e40d25abc6955feb6ea019700174120eba2cb65c0412f91645215d00566febba", 0xa4}], 0x2, &(0x7f0000000800)=[@rthdr={{0x98, 0x29, 0x39, {0x2d, 0x10, 0x0, 0x2, 0x0, [@initdev={0xfe, 0x88, [], 0x0, 0x0}, @initdev={0xfe, 0x88, [], 0x1, 0x0}, @dev={0xfe, 0x80, [], 0x1a}, @ipv4={[], [], @rand_addr=0xc394}, @remote, @mcast1, @remote, @initdev={0xfe, 0x88, [], 0x0, 0x0}]}}}, @flowinfo={{0x14, 0x29, 0xb, 0x3}}, @hopopts_2292={{0x1f0, 0x29, 0x36, {0x8, 0x3a, [], [@hao={0xc9, 0x10, @initdev={0xfe, 0x88, [], 0x0, 0x0}}, @generic={0x8, 0xa3, "ad74deafd272665d495a3f0f260e036e75a179fefe9122ec0e529df903dc5ec5a2dbfe1be60c9d2547f8ee9d5be7acdf70b1528a5ec6f7656d3f519ec5b760d08cce81b69f2c551d3a2be3d338b3392fbec9d954cae8b66cd8ed6fcee67d765cc7455cc31d34e874461702951ffb9944b8f7d4537dfd2e3b40e2fc3ef2358d1b6297095f84737bb33f139653bf6ef96bdb33b0abb86f3c68b7e0596b6d290ed52f331f"}, @jumbo={0xc2, 0x4, 0xffffffff80000000}, @jumbo={0xc2, 0x4, 0xfffffffffffffffa}, @enc_lim={0x4, 0x1, 0x20}, @padn={0x1, 0x4, [0x0, 0x0, 0x0, 0x0]}, @generic={0xb82, 0x9f, "5118f896763cf1b1c5cd7773162ab3a3f78177ffbc646de5ff2520acae94994e404bae8a5ce9c59bc76c3b8d9a08a61bb58f2bf7ce554faf07002dba8f36f135996de65a54287aa28cd165c847a481036bd762728a4ae0a3aa1b3955a791d55f502ba6475e1aa90a4ee783ea93253b55be4e8b716f96871cd54a001990f23d5c45056079f80c4969ecb953cd756d9e3ce129927de3d6041e31f7696db59bbf"}, @hao={0xc9, 0x10, @initdev={0xfe, 0x88, [], 0x0, 0x0}}, @generic={0x1, 0x55, "5f930a79b898af8658be947495e2ca43e6fdeda434cce0bbafb0eeb1ffd23de6d92505421f6e4bc0989074d492b96701e2d00c85389116f354c2451b2aad19eb35238aa618e2c77f6ef84f3880d31e28cc037c99cb"}]}}}], 0x2a0}}, {{&(0x7f0000000ac0)={0xa, 0x4e20, 0x3, @empty, 0x519}, 0x1c, &(0x7f0000005c40)=[{&(0x7f0000004b80)="b2ad2e5bc07666fb44477eac04048408dad6309d37fda9f17a135ba140b7f458016f11f0cb112bb01da1a4540d33a397c2aed1b8b3edef4f98117197937bf942d6aa6501bb0e5ed86b09eab46d8c9a6e6bd2bc625c946e5d9bd23bad1bd22106cac8ad795bc16a9386ce8df71992c1a96612758a707f19749b5d0042531d70af4787dcd823e52b2c3565de0f2e99bd5865eea160f90f659b53cdcb79a39fdf61fcb95272a7360a6d049d0426e86c290ade", 0xb1}, {&(0x7f0000004c40)="866aa5720f817a808189dc132e43406e03418374d2c0339e6b0e32ea993de572a860fd70ca1e0d61867137201e98d1be1b78e77a073d072f54269c25fa3ebd7cc8db149f2686aef4f17419d190ea6631d88f90c0969f4ac394c35835ee1a650eb52be490091976b2cca8f8e244dfd31d7c93f28ce1c2d942fafd75fb1c18c19f1914ebfd04b5c13a6aac85bc9059240da965b3bdc60c279c4a37737abad566c96fa00d83f817b77f4ebccce61df62fa527f85cdb98286d43533687b031c19602c80ac96bc0415ec4e94f2b2f90c1669d05120bead963a4a5c356894711ba1127b8c69046668a0c70e48de9e9fead4cbb0a045e4d1e3e61f0b5f95d2eec6e28e8f9c30b546d1d2ef76444b22e6a575c672df0575fc6ddf6e81ebd6b06a6ab26167321737ade3f75ce5d3251347ca899fcd46654059968c3915adbd1ca2a98516a6da1d0a50f7cd3e9f9980d9a139e72895c838bc48dd8858132d84d3fd6d309d47d992821346a32042b96a629427352f724a880a6d6254424cbb7de1c6debf8b6e4fb02ebdb1942ad6122c97878b6e35ec083ac5649629cd5cfc8c1bbe2ae9b61dffb02e72b56f0403b10e92528e8312740d59b52ca77c4bb83d3c4a7bc4d9366a3d0ead7eef4caadfb478e891f43b26213f4bbe60c65956bf78de7eddd6179198bf461a4fc4bfa3821bd995ff276bbcc35179efb4f513f7afd7ffb54bcbb0fa9507861f9205aeb7cc3d6ff27f799e784aa64569123fa15488926ee1840e0e2cce64664f2bcc71f4a058f6db28d828349fc9e4da8e0bc4fa4681a8ab7221d08930c3a01a7d364e267303a3dcd837c0af8a0770ed44214a3bb5622a3ebfd6e82f9f402f69b460858060a0feb7b8217410d16010efbe268099e125d813f6628e6fb5721184ac5e386cb9503d8fcb43ea9132ecb760928e34897d4fd48c4b73532ab3ad523d3dcf7568e49e99951a549df74f170bb9886761a85039446d7408ef7e6532566a56c402a90647cb60986906b0ff9955dcb99c837c4aa7043aba1e1e2cb76fff1bf9bcda000187c497746026f237f3eb127b124e7456f9437543459402a6d429a971307d08e36c965194beb6137a1ad53fa218d9e3eb34a8731e98e9bb08e73cf17d281bfff97b5557fdaa77ee7dff2313e55606ce3a18ed77f6d9fa93c0f8ce5b433ed2d3332520489656ed913976a8820e5345598608e69293cac6504bbabcc7bf2710b070008500d435ad5b0e94b61bd783df077c475159227a82eb42e8a7ced3a573666d06391fee80025bb62ac27b2b38874e1a767cd029405a917b4ff708686fccc4230e1985b6329bf8e2fc599b0ab6278896696287024af1d5c0e1991f003b97a451caabd894b93851b8ed3cc3ccab164f648429823f47e464f0bfc8038e5dc7598e774e9bb618540a34f23553a2238a370c9d9382c25e2634e1f8125dd7ea264235658ba603d668081000895650ed8c25461fb712166de5104088b8442efeb3b998642d4a6749bf0afa44959db7c68edb68c7ea233e053c109dc40972d8950988ea03aeec9f5296cdf53ae88350573672ab22ea7c04474172a8cf964a87bd0b0186f5fb660c323300f68123def7608b9952dee2191ed2527bcf64e3d1d849787f5063128a314abf22b537c335ca989fc9f815b1bb31cf09331f66354fa1796efa51ce434517f9efd498fc3d4b39a2ab82365d3cd96c9e522b3912660e0b9046882985112aa8865bc345d1d1474580d578ca29dea24b2318edd3da71e911f517cfaf9203f4c629e92751b8205a91b2e7449962f39a0f193317a7872f6323179c6ed59632add75045754beda1aac53982767b79d2ffaee344cd4a667ae01a6396826d01705f8b2d2ee4b9965561e0a26b0e609c9ed7588576667af9509f5a91d680533d5f6e935507740478d67485171950722d78e23233653d922ee459c3cd6019ef41747f2aba5acb8d7e0f48536190f6363f6919fef5fd3bf8337290f713507504a836dfc386b0d06ae288c937ef17a2884ddb09543bee702b83930664ad7bd2ef185e48021f5042b9b7e843a2e6d2e5033850e71fee4a3b9f55b3ec725a631b82cb5e110f09f950cfef2e3d91da97b2df8aee43953b61aebbeda0a4fcb8f7328f0339bd224d7edf08a6559d21a94332462c723d4510cb547758c088ca5e870a52b2f8a9ccab12260401223a194aa022c8481d44f8d9361656d50cb1e65cdde431274277b8d7450dba872a379b20b2fb169683bf977f821fa471a9e3cfb80bf975af3854efbc8fbb58a04cf2b2d4d8d32de6b011bcb989f96c16c6ae6eab594ec5fdc37cb89a4b754e2b7535474ff2b629a6539aed0fda9b5435c22e37171b295a5379d053ae00e7709dd13a6775eec93cfecb74e4ff974e946455616e3167f1b6373a7a6beaf9d3bb0406e36d9b1016f5c984529f5382090240027ff0bdf859eafeae6d1942ff40bcb324bb5cfde3b5fa74e46cf36185b8c5a3c0f6871a49e815f2051f9e445e26d67f136b4d9c82ff5830be6b7c2b708e354de5f71680a394f089618a2734f55440a4940a3b65d0cd578f8c55382ed64b386a0f3dca5fd2d9a7e962c5cb449c7bf8282c4232bbc5a80e0fc99d9ad1b518d82c703c3cb2f0629d2a8b59e97096e3d7c4dc3ba6a6fca56c6949377e22c437327803701a5f43ae6950949772022ed5d70db18be7e121d4c898fd72600d5785dbb91b9fa8ddd26fb7a9f5deb80be48431b9a7b2d0a2157bc5f93ad255da147bd0d12d2bdc3e0632069c5d6ec9fc639bc77ae8ea888791ea2f3f296cadc1289bf2af5ddab0cda50f687a38af1cea1f1f77018855e191a43e9944089d53068ee7843f441bcebd62f85e3154a7f3b431e09b5e7cf8d59eccd235f10b694b7cc479aa69757808b96f6207a688c08adc7e2a461d9188ede975a6dd41608178616094ba04910654ae816388b5a08b6f218f963a66a7a1085212b254963cf7f13ce3485998dd290b39ee44ab47ccebdb09a0cdbf3dc991e57fe5368f0f57c07aa4d50e3c985da69a3da14f58550305d28058c83864b22ccaba721be686a58d60a82885bae3cf97d8c5c562fc1b00a649a50b021cf5f0a6b05bd8e8f64b698d4e4a2b8905eb9d676aec9b9b2afe5e2a8ee5857d1c2dd3e000a5013428b6be1a1853e5dfa28e194795e1c657e7f2abd1f6e94676c777e4a52aa373dea5bc1525aee7857355493fcf7cfccb0e9213246c4b53fe0f755579ab91bd76afe729a639a78b02d654f0bfeb2a4d907309607b775445507f8db15ce31328d0653b8c0928141cd5707a489d9246e64360a57bbe89c467b21d47debfee0438648bd87d2293ece4ea4539fb6d2ebb524a38a469a5cb4c5f53c9c76d041ab58e29468569b349175b97d61ba524d0228914d5cff0997f05600915a2d092991c7afb08ded4aa4b24a8db913247927c8c9d842a05594c60d20d1410add735f253ae6dd372c5a8ab780ebdd33e8d322d59b0be66038195430de53df35dd217440e6781f7f46435cc4d431cc7f52fadee4f54536a84cd5e202c4729bced641a0138b7b69ef0d5651bdf5e7f123fd3078d72fd133b789b9add21937bc72cfcfc1061927880f7ccf58a366fcfded0a28145d9a7ff7d3c448870361b16ca414ddb4862bc27bfa222dd29488cd1532edb8c1da0c83838ef743b1602332c5c8202ae7f23eb14eca4ae191190535f365c9bfa8e9b6720c2bd2d1516582ec575a3b6e442cd78247039afd2f13800d8fe334ce50cc424f030ed1e2a3e158585edf3ad3e12c9a83fe227307201e065f4b31a33e6e7479dde83ce7f60097ca44f05f7e9e8aace9f5fe8b032414dadc5556db97af0413c41f3192b3fa173b518cc7d11082f279d3ef74d756b520ff7d2e37a8bbb88b171bfa6da5d077a185c961b452ca74c68a8b17049f13a5acec844ccd4a0ad0be2c70e2ab2aa018baeb0da608c182089c7d95be60976d228e9174d2c71a2ba6456fd0d2d938f45e7846fbbdcebfca49291faeadc2833ea6ea0c41beac9486a85712a39140fa25e04d4128ef398cb0370a6c12496ddf50499e9fd97a67195c1c21b6beee9b6ffd91a64658e52c49bc6378c4c121717ec6366cca15b052a7663921e805deb3de0a5272736988056bf802ff835a49a2bbce6363e4afb05f026813f74f90d08d56dd5ba367992834c81da21eb2fac29b6f0e1135cfe56f98901550893fd18d7f44265fd8dad018f2cdabd95b5df65888872de78b8df4cfee82245d851a0a214b73e0eda577ff0f8964b2e54953c6cc885bf0742aec128375d8ccf13d9063ceb75934dab3ccbec657abbd6af5f9124e19d7842acf3ad7ebd9f195a4dd37897c1f99b1c2536ce55307a53c9fe72be8f052207c51234c78c83c20baa92d1f64e5560f5820a8ae7fdd8c82d526bce38e0c814e50769e42281a1237bc280f3a3d4501f799fd1bb7d695ec37e91d233ade47fe173f55340d4355d33771d0c11343b8f435c74d39cd7b815466851abf4dab81d9d60bdce6fa417fbaf323b9dd0c06ded799ff80c4871774787f2d4f063501df9bd7386e74a99c8c8dfd88c68bd52506ee6e416076b7bc3ccad3fe597c60c219901a41557359e860fb269bfca69dacf966596ad1c9e3e552ae2855058a1f9d0943be7a010cacd74a412da32159c330ae087051f10bf53003e2f377569e27856159bb7d49b4902215a2ef5ac27db91944e0cdd29c6521c79fbce973871eb126fd53754fd2c1d19b1cfcc35dc7b70226559522971dd6edae2d1b07958033b936688469b4040d2dfa4d27965294522cc5393622660b61ace931db953f59a6a5f99edd6f1a278f908a9eaf18dd2f8df30db87ff376b79c30ca11159e819bf070c0053c33dbb25a7a8b2716db0fdc2c62deec7bfeb6581d0eea7b0b6a2b2e26ef5574bd28e39d209e017e8ed49c4f06c4249c4e9868dfb5cc8ec8d54961018a4cf69685b4a5ad2a8c670ee4300c2041813f75f79a6cb4c9dde1edcbf4289b7f00e64fb535bdcdb678944455173c4c551bf02a60211a1e68a5d40c135fcfc1d45385cc1e168186c0f165c893f744009670b404a67f1b562384a914e24dc8b51f7411a1cb0eb45d295af0b621e147f8a229d371713463f44ac0e02481aea8a61a7dcfafb18597c209e9702406e7f9d2109787eec1b84368d1cbf451f8e500478e657bde11bb4c36463998c222713a1d90302118378f316d9474e39243ebb8c45b75e35fd8fc449a0414f80732cf47afba5455171494548460da5817aaec01cbbfba6f603acc74559b4628fcb3c8933b696335576b5625fe55f733edb578f2bf89e40b23b48eee9decf9226200471a2314cd05ebcc4c02de7aa50dbc74694acc6ded02184b037752ae0b5c9ce1efae05a886debee9b4b68255cded0cc48266428256fa8c02988f8ec7043261099c255b96f959743a5f77f83e7c2e2f9c9251c0615989441fe8d58fb00be4a53a7e4a6e53cb6d78fa35df7e410fad9fde76e6d21840331630eb356fa0210b225225d0016a4b2cd71f0277a3b739ec52177d3e98f995f8e1aa3f01f8f8f4e1964153a77e01a7a95bace357b2570ed855ac95f859cfb62e758e8761f23e2f91e055a0b36fc782ca788170191b87b341130ec7507b68f1bdd980c99961b15b277faefd8154f885f4a582a1d7d60184780492f2213ae0620213c6857eb48edf95e30593a77fb2979d8b162b458aceb70a380082e20a93d5d3411ea8ff5d5906cd24978345772f4cd97e16025c9461988768070c1dd4f5fdfa9ce6cc52d620564b7ce160", 0x1000}, {&(0x7f0000000b00)="a7f349256b7844", 0x7}], 0x3}}], 0x3, 0x4000000) ioctl$sock_TIOCOUTQ(0xffffffffffffffff, 0x5411, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r1, &(0x7f0000000100)=ANY=[], 0xff4a) write$cgroup_subtree(r2, &(0x7f0000000000)=ANY=[], 0x20032600) geteuid() fstat(0xffffffffffffffff, &(0x7f0000000440)) getgid() lstat(&(0x7f0000000b40)='./file0\x00', 0x0) ioctl$EXT4_IOC_MIGRATE(r2, 0x6609) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x2000022, &(0x7f00000000c0)={[{@lazytime='lazytime'}]}) 03:39:10 executing program 0: mkdir(&(0x7f00000000c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000180)='./file0\x00', 0x4) chdir(&(0x7f0000000280)='./file0\x00') mknod$loop(&(0x7f0000000040)='./file0\x00', 0x0, 0x1) 03:39:10 executing program 3: r0 = socket(0x10, 0x803, 0x0) sendto(r0, &(0x7f0000cfefee)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f00000037c0), 0x0, 0x0, &(0x7f0000003700)={0x77359400}) 03:39:10 executing program 4 (fault-call:1 fault-nth:69): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f0000000380)="8da4363ac0ed0000000000000000004d01000000000000000000000000000013fff6f2a2299748aeb81e1b00920efd9a000001000000000001000000000000005f42485266535f4d860c1317278d451fd38e4071a1e91c0523b67fecca5b668ef40000000000000000e4bd9fa7c5fcb3aefd8d4a6c4952162a5a06316567de06abe647d21f253840c118ae9982c6c238e719ccfbd8f5ee215e30bf31f59401e921c6a9fca5349ebf4294d39b5931232929caf81701a7540962141efc672ae1459ef04de89c7a092e7f", 0xc9, 0x10000}], 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) 03:39:10 executing program 2: socketpair$unix(0x1, 0x0, 0x0, 0x0) r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000100)='/dev/sequencer2\x00', 0x2, 0x0) ioctl$SNDRV_CTL_IOCTL_TLV_COMMAND(r0, 0xc008551c, &(0x7f0000000180)={0x9, 0x24, [0x9, 0xde49, 0x100000000, 0x88de, 0x2, 0x8, 0x82, 0xf4d, 0x6]}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="2001000010db55000000000000649bdb382db60cdb35feaf0900000000000000000000000000201483d9b22701010000d08a38cd02fa9ed7d2"], 0x1}}, 0x0) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000040)) fcntl$getown(0xffffffffffffffff, 0x9) openat$selinux_load(0xffffffffffffff9c, &(0x7f00000001c0)='/selinux/load\x00', 0x2, 0x0) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000080)=0x0) prctl$PR_SET_PTRACER(0x59616d61, r1) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) tkill(r2, 0x38) ptrace$setregs(0xd, r2, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r2, 0x0, 0x0) 03:39:10 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000180)="11dca50d5e0bcfe47bf0700d67690ab98ae71fc684bce033ae6393dd643b560086edb3d0a776ece221046d88a8581cf1ca6d633c215045a16a4a88df6bd10b1a3cd65db0fca83928a055e8d9fe9b2fb53727b3ce487aa48140455cfd8f9528907a12362305a0cdcec1235168ff8cf4668a886dcadedd5dc9bdd00c11cccff508d5eaba8b9fa47459282b9619e3e1993cda1f78ecc429") r1 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x8046) write(r1, &(0x7f0000000100)="b63db85e1e8d020000000000003ef0011dcc606aed69d2bc7037c6bc9bc2f6ffffffff85ffffe22c9b160096aa1fae1acfbd6cbf87798a9b02de7a91a3cbdfa009cf75a7eadb2a00", 0x48) readv(r1, &(0x7f000085dff0)=[{&(0x7f0000000000)=""/62, 0x3e}], 0x1) r2 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000080)='/selinux/policy\x00', 0x0, 0x0) ioctl$FS_IOC_GET_ENCRYPTION_POLICY(r0, 0x400c6615, &(0x7f00000002c0)) ioctl$VFIO_IOMMU_GET_INFO(r2, 0x3b70, &(0x7f00000000c0)={0x10}) 03:39:10 executing program 3: r0 = socket(0x10, 0x803, 0x0) sendto(r0, &(0x7f0000cfefee)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f00000037c0)=[{{0x0, 0x0, &(0x7f0000000380)=[{&(0x7f0000000040)=""/95, 0x5f}, {&(0x7f00000000c0)=""/85, 0x55}, {&(0x7f0000000fc0)=""/4096, 0x1000}, {&(0x7f0000000400)=""/120, 0x78}, {&(0x7f0000000480)=""/60, 0x3c}, {&(0x7f0000000200)=""/77, 0x4d}, {&(0x7f0000000540)=""/154, 0x9a}, {&(0x7f0000000340)=""/22, 0x16}], 0x8, &(0x7f0000002400)=""/191, 0xbf}}], 0x1, 0x0, &(0x7f0000003700)={0x77359400}) [ 564.500912] FAULT_INJECTION: forcing a failure. [ 564.500912] name failslab, interval 1, probability 0, space 0, times 0 [ 564.528445] sg_write: data in/out 167162/24 bytes for SCSI command 0xff-- guessing data in; [ 564.528445] program syz-executor.1 not setting count and/or reply_len properly [ 564.539139] CPU: 1 PID: 19806 Comm: syz-executor.4 Not tainted 4.14.134 #30 [ 564.551562] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 564.560925] Call Trace: [ 564.563517] dump_stack+0x138/0x19c [ 564.567151] should_fail.cold+0x10f/0x159 [ 564.569065] sg_write: data in/out 167162/24 bytes for SCSI command 0xff-- guessing data in; [ 564.569065] program syz-executor.1 not setting count and/or reply_len properly [ 564.571303] should_failslab+0xdb/0x130 [ 564.571318] __kmalloc_track_caller+0x2ec/0x790 [ 564.571332] ? kstrdup_const+0x48/0x60 [ 564.571344] kstrdup+0x3a/0x70 [ 564.571354] kstrdup_const+0x48/0x60 [ 564.571372] alloc_vfsmnt+0xe5/0x7d0 [ 564.571390] vfs_kern_mount.part.0+0x2a/0x3d0 [ 564.602339] ptrace attach of "/root/syz-executor.2"[19823] was attempted by "/root/syz-executor.2"[19824] [ 564.603053] ? find_held_lock+0x35/0x130 [ 564.603070] vfs_kern_mount+0x40/0x60 [ 564.603084] btrfs_mount+0x3ce/0x2b14 [ 564.636487] ? lock_downgrade+0x6e0/0x6e0 [ 564.640642] ? find_held_lock+0x35/0x130 [ 564.644706] ? pcpu_alloc+0x3af/0x1050 [ 564.648615] ? btrfs_remount+0x11f0/0x11f0 [ 564.652862] ? rcu_read_lock_sched_held+0x110/0x130 [ 564.657895] ? __lockdep_init_map+0x10c/0x570 [ 564.657907] ? __lockdep_init_map+0x10c/0x570 [ 564.666897] mount_fs+0x97/0x2a1 [ 564.670275] vfs_kern_mount.part.0+0x5e/0x3d0 [ 564.674780] do_mount+0x417/0x27d0 [ 564.678327] ? copy_mount_options+0x5c/0x2f0 [ 564.682746] ? rcu_read_lock_sched_held+0x110/0x130 [ 564.682761] ? copy_mount_string+0x40/0x40 [ 564.682777] ? copy_mount_options+0x1fe/0x2f0 [ 564.682792] SyS_mount+0xab/0x120 [ 564.682802] ? copy_mnt_ns+0x8c0/0x8c0 [ 564.682815] do_syscall_64+0x1e8/0x640 [ 564.682825] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 564.682842] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 564.717830] RIP: 0033:0x45c27a [ 564.721019] RSP: 002b:00007f4eb8d06a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 564.728734] RAX: ffffffffffffffda RBX: 00007f4eb8d06b40 RCX: 000000000045c27a [ 564.736014] RDX: 00007f4eb8d06ae0 RSI: 0000000020000100 RDI: 00007f4eb8d06b00 [ 564.743289] RBP: 0000000000000001 R08: 00007f4eb8d06b40 R09: 00007f4eb8d06ae0 03:39:11 executing program 0: mkdir(&(0x7f00000000c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000180)='./file0\x00', 0x4) chdir(&(0x7f0000000280)='./file0\x00') mknod$loop(&(0x7f0000000040)='./file0\x00', 0x0, 0x1) 03:39:11 executing program 0: mkdir(&(0x7f00000000c0)='./file1\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000000)='./file0\x00', &(0x7f0000000300)='overlay\x00', 0x0, &(0x7f0000000c40)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=./file1,workdir=./file1']) chdir(&(0x7f0000000280)='./file0\x00') mknod$loop(&(0x7f0000000040)='./file0\x00', 0x0, 0x1) 03:39:11 executing program 1: r0 = syz_open_dev$audion(&(0x7f0000000200)='/dev/audio#\x00', 0xa91, 0x101000) ioctl$TIOCLINUX7(r0, 0x541c, &(0x7f0000000240)={0x7, 0x9}) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") ioctl$SG_GET_SCSI_ID(r0, 0x2276, &(0x7f0000000400)) r2 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x8046) prctl$PR_SET_NAME(0xf, &(0x7f0000000080)='uservboxnet0wlan0@+]#eth0selfvmnet0$.nodevsecurity\x00') write(r2, &(0x7f0000000100)="b63db85e1e8d020000000000003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1acfbd6cbf87798a9b02de7a91a3cbdfa009cf75a7eadb2a00", 0x48) fsetxattr(r2, &(0x7f00000000c0)=@random={'osx.', 'NET_DM\x00'}, &(0x7f00000004c0)='\\$.\x00', 0x4, 0x3) ioctl$TIOCGETD(r1, 0x5424, &(0x7f00000001c0)) r3 = syz_open_dev$mice(&(0x7f0000000280)='/dev/input/mice\x00', 0x0, 0x1) getsockname$packet(r3, &(0x7f0000000480)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000000180)=0x10) r4 = syz_genetlink_get_family_id$net_dm(&(0x7f0000000340)='NET_DM\x00') sendmsg$NET_DM_CMD_STOP(r3, &(0x7f0000000440)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)={0x14, r4, 0x100, 0x70bd2d, 0x25dfdbfc, {}, ["", "", "", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x20040000}, 0x90) readv(r2, &(0x7f000085dff0)=[{&(0x7f0000000000)=""/62, 0x3e}], 0x1) syz_open_dev$radio(&(0x7f0000000300)='/dev/radio#\x00', 0x3, 0x2) prctl$PR_SET_PDEATHSIG(0x1, 0x6) 03:39:11 executing program 2: r0 = dup(0xffffffffffffffff) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(r0, 0x40605346, &(0x7f0000000100)={0xfff, 0x3, {0xffffffffffffffff, 0x1, 0x26, 0x2, 0x5}}) socketpair$unix(0x1, 0x0, 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0xffffffffffffff67, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="2001000010db55000000000000649bdb382db60cdb35feaf0900000000000000000000000000201483d9b22701010000d08a38cd02fa9ed7d2"], 0x1}}, 0x10) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x38) ptrace$cont(0x18, r1, 0x0, 0x0) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r1, 0x0, 0x0) [ 564.750565] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000006 [ 564.757833] R13: 00000000004c88e2 R14: 00000000004df6b0 R15: 0000000000000005 03:39:11 executing program 3: r0 = socket(0x10, 0x803, 0x0) sendto(r0, &(0x7f0000cfefee)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f00000037c0)=[{{0x0, 0x0, &(0x7f0000000380)=[{&(0x7f0000000040)=""/95, 0x5f}, {&(0x7f00000000c0)=""/85, 0x55}, {&(0x7f0000000fc0)=""/4096, 0x1000}, {&(0x7f0000000400)=""/120, 0x78}, {&(0x7f0000000480)=""/60, 0x3c}, {&(0x7f0000000200)=""/77, 0x4d}, {&(0x7f0000000540)=""/154, 0x9a}, {&(0x7f0000000340)=""/22, 0x16}], 0x8, &(0x7f0000002400)=""/191, 0xbf}}], 0x1, 0x0, &(0x7f0000003700)={0x77359400}) [ 564.797204] sg_write: data in/out 167162/24 bytes for SCSI command 0xff-- guessing data in; [ 564.797204] program uservboxnet0wla not setting count and/or reply_len properly [ 564.859515] sg_write: data in/out 167162/24 bytes for SCSI command 0xff-- guessing data in; [ 564.859515] program uservboxnet0wla not setting count and/or reply_len properly 03:39:11 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f00000002c0)=0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000000c0)={r1, 0xffffffffffffffff, 0x0, 0x5, &(0x7f0000000000)='bond\x00', 0xffffffffffffffff}, 0x30) ptrace$getregset(0x4204, r2, 0x203, &(0x7f0000000100)={&(0x7f0000000200)=""/184, 0xb8}) ioctl(r0, 0x4000001000008912, &(0x7f00000001c0)="c0dca5055e0bcfec7be070") sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x16}]}}}]}, 0x3c}}, 0x0) openat$null(0xffffffffffffff9c, &(0x7f0000000180)='/dev/null\x00', 0x10000, 0x0) 03:39:11 executing program 0: mkdir(&(0x7f00000000c0)='./file1\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000000)='./file0\x00', &(0x7f0000000300)='overlay\x00', 0x0, &(0x7f0000000c40)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=./file1,workdir=./file1']) chdir(&(0x7f0000000280)='./file0\x00') mknod$loop(&(0x7f0000000040)='./file0\x00', 0x0, 0x1) 03:39:11 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") r1 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x8046) write(r1, &(0x7f0000000100)="b63db85e1e8d020000000000003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1acfbd6cbf87798a9b02de7a91a3cbdfa009cf75a7eadb2a00", 0x48) r2 = syz_open_dev$adsp(&(0x7f0000000080)='/dev/adsp#\x00', 0x0, 0x101000) recvfrom$rose(r2, &(0x7f00000000c0)=""/39, 0x27, 0x12002, &(0x7f0000000180)=@full={0xb, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, 0x4, [@rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]}, 0x40) readv(r1, &(0x7f000085dff0)=[{&(0x7f0000000000)=""/62, 0x3e}], 0x1) 03:39:11 executing program 3: r0 = socket(0x10, 0x803, 0x0) sendto(r0, &(0x7f0000cfefee)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f00000037c0)=[{{0x0, 0x0, &(0x7f0000000380)=[{&(0x7f0000000040)=""/95, 0x5f}, {&(0x7f00000000c0)=""/85, 0x55}, {&(0x7f0000000fc0)=""/4096, 0x1000}, {&(0x7f0000000400)=""/120, 0x78}, {&(0x7f0000000480)=""/60, 0x3c}, {&(0x7f0000000200)=""/77, 0x4d}, {&(0x7f0000000540)=""/154, 0x9a}, {&(0x7f0000000340)=""/22, 0x16}], 0x8, &(0x7f0000002400)=""/191, 0xbf}}], 0x1, 0x0, &(0x7f0000003700)={0x77359400}) 03:39:11 executing program 4 (fault-call:1 fault-nth:70): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f0000000380)="8da4363ac0ed0000000000000000004d01000000000000000000000000000013fff6f2a2299748aeb81e1b00920efd9a000001000000000001000000000000005f42485266535f4d860c1317278d451fd38e4071a1e91c0523b67fecca5b668ef40000000000000000e4bd9fa7c5fcb3aefd8d4a6c4952162a5a06316567de06abe647d21f253840c118ae9982c6c238e719ccfbd8f5ee215e30bf31f59401e921c6a9fca5349ebf4294d39b5931232929caf81701a7540962141efc672ae1459ef04de89c7a092e7f", 0xc9, 0x10000}], 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) 03:39:11 executing program 3: r0 = socket(0x10, 0x803, 0x0) sendto(r0, &(0x7f0000cfefee)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0x80, 0x0, 0x0, &(0x7f0000002400)=""/191, 0xbf}}], 0x1, 0x0, &(0x7f0000003700)={0x77359400}) [ 565.420247] sg_write: data in/out 167162/24 bytes for SCSI command 0xff-- guessing data in; [ 565.420247] program syz-executor.1 not setting count and/or reply_len properly [ 565.440891] FAULT_INJECTION: forcing a failure. [ 565.440891] name failslab, interval 1, probability 0, space 0, times 0 [ 565.457534] CPU: 0 PID: 19861 Comm: syz-executor.4 Not tainted 4.14.134 #30 [ 565.464646] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 565.474001] Call Trace: [ 565.476598] dump_stack+0x138/0x19c [ 565.480243] should_fail.cold+0x10f/0x159 [ 565.484405] should_failslab+0xdb/0x130 [ 565.488472] kmem_cache_alloc+0x2d7/0x780 [ 565.488496] ? delete_node+0x1fb/0x690 [ 565.488508] ? save_trace+0x290/0x290 [ 565.488523] alloc_buffer_head+0x24/0xe0 [ 565.488537] alloc_page_buffers+0xb7/0x200 [ 565.496567] create_empty_buffers+0x39/0x480 [ 565.496578] ? __lock_is_held+0xb6/0x140 [ 565.496590] ? check_preemption_disabled+0x3c/0x250 [ 565.496603] create_page_buffers+0x153/0x1c0 [ 565.496613] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 565.496626] block_read_full_page+0xcd/0x960 [ 565.504468] ? set_init_blocksize+0x220/0x220 [ 565.504479] ? __lru_cache_add+0x18a/0x250 [ 565.504494] ? __bread_gfp+0x290/0x290 [ 565.504507] ? add_to_page_cache_lru+0x159/0x310 [ 565.504519] ? add_to_page_cache_locked+0x40/0x40 [ 565.504531] blkdev_readpage+0x1d/0x30 [ 565.513148] do_read_cache_page+0x671/0xfc0 03:39:11 executing program 0: mkdir(&(0x7f00000000c0)='./file1\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000000)='./file0\x00', &(0x7f0000000300)='overlay\x00', 0x0, &(0x7f0000000c40)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=./file1,workdir=./file1']) chdir(&(0x7f0000000280)='./file0\x00') mknod$loop(&(0x7f0000000040)='./file0\x00', 0x0, 0x1) [ 565.513158] ? blkdev_writepages+0xd0/0xd0 [ 565.513175] ? find_get_pages_contig+0xaa0/0xaa0 [ 565.513185] ? blkdev_get+0xb0/0x8e0 [ 565.513195] ? dput.part.0+0x170/0x750 [ 565.513206] ? bd_may_claim+0xd0/0xd0 [ 565.513217] ? path_put+0x50/0x70 [ 565.513225] ? lookup_bdev.part.0+0xe1/0x160 [ 565.513237] read_cache_page_gfp+0x6e/0x90 [ 565.513252] btrfs_read_disk_super+0xdd/0x440 [ 565.522304] btrfs_scan_one_device+0xc6/0x400 [ 565.522319] ? device_list_add+0x8d0/0x8d0 [ 565.522331] ? __free_pages+0x54/0x90 03:39:12 executing program 0: mkdir(&(0x7f0000000180)='./file0\x00', 0x4) mount$overlay(0x400000, &(0x7f0000000000)='./file0\x00', &(0x7f0000000300)='overlay\x00', 0x0, &(0x7f0000000c40)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=./file1,workdir=./file1']) chdir(&(0x7f0000000280)='./file0\x00') mknod$loop(&(0x7f0000000040)='./file0\x00', 0x0, 0x1) [ 565.522341] ? free_pages+0x46/0x50 [ 565.522355] btrfs_mount+0x2e3/0x2b14 [ 565.522365] ? lock_downgrade+0x6e0/0x6e0 [ 565.522373] ? find_held_lock+0x35/0x130 [ 565.522383] ? pcpu_alloc+0x3af/0x1050 [ 565.522400] ? btrfs_remount+0x11f0/0x11f0 [ 565.532239] ? rcu_read_lock_sched_held+0x110/0x130 [ 565.532263] ? __lockdep_init_map+0x10c/0x570 [ 565.532282] mount_fs+0x97/0x2a1 [ 565.532296] vfs_kern_mount.part.0+0x5e/0x3d0 [ 565.532305] ? find_held_lock+0x35/0x130 [ 565.532318] vfs_kern_mount+0x40/0x60 [ 565.532333] btrfs_mount+0x3ce/0x2b14 [ 565.541212] ? lock_downgrade+0x6e0/0x6e0 [ 565.541221] ? find_held_lock+0x35/0x130 [ 565.541231] ? pcpu_alloc+0x3af/0x1050 [ 565.541250] ? btrfs_remount+0x11f0/0x11f0 [ 565.541267] ? rcu_read_lock_sched_held+0x110/0x130 [ 565.541286] ? __lockdep_init_map+0x10c/0x570 [ 565.541298] ? __lockdep_init_map+0x10c/0x570 [ 565.541312] mount_fs+0x97/0x2a1 [ 565.549407] vfs_kern_mount.part.0+0x5e/0x3d0 [ 565.549423] do_mount+0x417/0x27d0 [ 565.549434] ? retint_kernel+0x2d/0x2d [ 565.549450] ? copy_mount_string+0x40/0x40 [ 565.549462] ? copy_mount_options+0x185/0x2f0 [ 565.549474] ? copy_mount_options+0x1fe/0x2f0 [ 565.549487] SyS_mount+0xab/0x120 [ 565.559062] ? copy_mnt_ns+0x8c0/0x8c0 [ 565.559077] do_syscall_64+0x1e8/0x640 [ 565.559086] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 565.559104] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 565.559113] RIP: 0033:0x45c27a [ 565.559118] RSP: 002b:00007f4eb8d06a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 565.559129] RAX: ffffffffffffffda RBX: 00007f4eb8d06b40 RCX: 000000000045c27a 03:39:12 executing program 0: mkdir(&(0x7f0000000180)='./file0\x00', 0x4) mount$overlay(0x400000, &(0x7f0000000000)='./file0\x00', &(0x7f0000000300)='overlay\x00', 0x0, &(0x7f0000000c40)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=./file1,workdir=./file1']) chdir(&(0x7f0000000280)='./file0\x00') mknod$loop(&(0x7f0000000040)='./file0\x00', 0x0, 0x1) [ 565.559135] RDX: 00007f4eb8d06ae0 RSI: 0000000020000100 RDI: 00007f4eb8d06b00 [ 565.559144] RBP: 0000000000000001 R08: 00007f4eb8d06b40 R09: 00007f4eb8d06ae0 [ 565.567318] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000006 [ 565.567324] R13: 00000000004c88e2 R14: 00000000004df6b0 R15: 0000000000000005 [ 565.604264] sg_write: data in/out 167162/24 bytes for SCSI command 0xff-- guessing data in; [ 565.604264] program syz-executor.1 not setting count and/or reply_len properly 03:39:12 executing program 0: mkdir(&(0x7f0000000180)='./file0\x00', 0x4) mount$overlay(0x400000, &(0x7f0000000000)='./file0\x00', &(0x7f0000000300)='overlay\x00', 0x0, &(0x7f0000000c40)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=./file1,workdir=./file1']) chdir(&(0x7f0000000280)='./file0\x00') mknod$loop(&(0x7f0000000040)='./file0\x00', 0x0, 0x1) [ 565.679353] overlayfs: failed to resolve './file1': -2 [ 565.785878] overlayfs: failed to resolve './file1': -2 [ 565.884832] overlayfs: failed to resolve './file1': -2 [ 566.480146] net_ratelimit: 16 callbacks suppressed [ 566.480192] protocol 88fb is buggy, dev hsr_slave_1 [ 566.485172] protocol 88fb is buggy, dev hsr_slave_0 [ 566.495327] protocol 88fb is buggy, dev hsr_slave_1 [ 566.500593] protocol 88fb is buggy, dev hsr_slave_0 [ 566.505689] protocol 88fb is buggy, dev hsr_slave_1 [ 566.560155] protocol 88fb is buggy, dev hsr_slave_1 [ 566.960135] protocol 88fb is buggy, dev hsr_slave_0 [ 566.965239] protocol 88fb is buggy, dev hsr_slave_1 03:39:14 executing program 2: socketpair$unix(0x1, 0x0, 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="2001000010db55000000000000649bdb382db60cdb35feaf0900000000000000000000000000201483d9b22701010000d08a38cd02fa9ed7d2"], 0x1}}, 0x0) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(r0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x38) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r0, 0x0, 0x0) 03:39:14 executing program 3: r0 = socket(0x10, 0x803, 0x0) sendto(r0, &(0x7f0000cfefee)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0x80, 0x0, 0x0, &(0x7f0000002400)=""/191, 0xbf}}], 0x1, 0x0, &(0x7f0000003700)={0x77359400}) 03:39:14 executing program 0: mkdir(0x0, 0x0) mkdir(&(0x7f0000000180)='./file0\x00', 0x4) mount$overlay(0x400000, &(0x7f0000000000)='./file0\x00', &(0x7f0000000300)='overlay\x00', 0x0, &(0x7f0000000c40)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=./file1,workdir=./file1']) chdir(&(0x7f0000000280)='./file0\x00') mknod$loop(&(0x7f0000000040)='./file0\x00', 0x0, 0x1) 03:39:14 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") r1 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x8046) write(r0, &(0x7f0000000100)="b63db85e1e8d020000000000003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1acfbd6cbf87798a9b02de7a91a3cbdfa009cf75a7eadb2a00", 0x48) r2 = openat$selinux_commit_pending_bools(0xffffffffffffff9c, &(0x7f0000000080)='/selinux/commit_pending_bools\x00', 0x1, 0x0) ioctl$sock_SIOCGPGRP(r2, 0x8904, &(0x7f00000000c0)=0x0) getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000000180)={0x0}, &(0x7f00000001c0)=0xc) kcmp(r3, r4, 0x3, r0, r1) setsockopt$inet6_tcp_int(r2, 0x6, 0x1b, &(0x7f0000000200)=0x5a, 0xfffffffffffffec7) readv(r1, &(0x7f000085dff0)=[{&(0x7f0000000000)=""/62, 0x3e}], 0x1) ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f0000000240)=0x7) 03:39:14 executing program 4 (fault-call:1 fault-nth:71): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f0000000380)="8da4363ac0ed0000000000000000004d01000000000000000000000000000013fff6f2a2299748aeb81e1b00920efd9a000001000000000001000000000000005f42485266535f4d860c1317278d451fd38e4071a1e91c0523b67fecca5b668ef40000000000000000e4bd9fa7c5fcb3aefd8d4a6c4952162a5a06316567de06abe647d21f253840c118ae9982c6c238e719ccfbd8f5ee215e30bf31f59401e921c6a9fca5349ebf4294d39b5931232929caf81701a7540962141efc672ae1459ef04de89c7a092e7f", 0xc9, 0x10000}], 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) 03:39:14 executing program 5: syz_open_procfs(0x0, &(0x7f0000000080)='net/snmp6\x00') 03:39:14 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0xc000, 0x0) r1 = dup2(r0, r0) ioctl$SIOCX25SCUDMATCHLEN(r1, 0x89e7, &(0x7f0000000000)={0x2}) ioctl$KVM_CHECK_EXTENSION(r0, 0xae03, 0x38) ioctl$FS_IOC_FSSETXATTR(r0, 0x401c5820, &(0x7f0000000040)={0x3, 0x20, 0x3, 0x4, 0x7}) 03:39:14 executing program 0: mkdir(0x0, 0x0) mkdir(&(0x7f0000000180)='./file0\x00', 0x4) mount$overlay(0x400000, &(0x7f0000000000)='./file0\x00', &(0x7f0000000300)='overlay\x00', 0x0, &(0x7f0000000c40)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=./file1,workdir=./file1']) chdir(&(0x7f0000000280)='./file0\x00') mknod$loop(&(0x7f0000000040)='./file0\x00', 0x0, 0x1) [ 567.811655] overlayfs: failed to resolve './file1': -2 [ 567.827973] kauditd_printk_skb: 28 callbacks suppressed [ 567.827981] audit: type=1400 audit(2000000354.219:2613): avc: denied { map } for pid=19901 comm="blkid" path="/sbin/blkid" dev="sda1" ino=16128 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=0 03:39:14 executing program 2: socketpair$unix(0x1, 0x0, 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB="2001000010db55000000000000649bdb38db35feaf17000000001000007029ca29bb6d000000000000201483d9b22701010000d08a38f0775d9f472832a16010093a83bf9e1961ddb36111c5f09bbe78922f2855ceca126694dc0b7b66959767"], 0x1}}, 0x0) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x38) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r0, 0x0, 0x0) [ 567.879116] FAULT_INJECTION: forcing a failure. [ 567.879116] name failslab, interval 1, probability 0, space 0, times 0 [ 567.893753] audit: type=1400 audit(2000000354.269:2614): avc: denied { map } for pid=19906 comm="blkid" path="/sbin/blkid" dev="sda1" ino=16128 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=0 [ 567.903399] overlayfs: failed to resolve './file1': -2 [ 567.944107] CPU: 1 PID: 19903 Comm: syz-executor.4 Not tainted 4.14.134 #30 [ 567.951253] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 567.956280] audit: type=1400 audit(2000000354.319:2615): avc: denied { map } for pid=19911 comm="blkid" path="/sbin/blkid" dev="sda1" ino=16128 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=0 [ 567.960606] Call Trace: [ 567.960628] dump_stack+0x138/0x19c [ 567.960647] should_fail.cold+0x10f/0x159 03:39:14 executing program 3: r0 = socket(0x10, 0x803, 0x0) sendto(r0, &(0x7f0000cfefee)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0x80, 0x0, 0x0, &(0x7f0000002400)=""/191, 0xbf}}], 0x1, 0x0, &(0x7f0000003700)={0x77359400}) 03:39:14 executing program 3: r0 = socket(0x10, 0x803, 0x0) sendto(r0, &(0x7f0000cfefee)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0x80, &(0x7f0000000380)=[{&(0x7f0000000040)=""/95, 0x5f}, {&(0x7f00000000c0)=""/85, 0x55}, {&(0x7f0000000fc0)=""/4096, 0x1000}, {&(0x7f0000000400)=""/120, 0x78}, {&(0x7f0000000480)=""/60, 0x3c}, {&(0x7f0000000200)=""/77, 0x4d}, {&(0x7f0000000540)=""/154, 0x9a}], 0x7, &(0x7f0000002400)=""/191, 0xbf}}], 0x1, 0x0, &(0x7f0000003700)={0x77359400}) [ 567.960659] ? __lock_is_held+0xb6/0x140 [ 567.960674] ? mempool_free+0x1d0/0x1d0 [ 567.960691] should_failslab+0xdb/0x130 [ 567.983145] audit: type=1400 audit(2000000354.329:2616): avc: denied { map } for pid=19917 comm="blkid" path="/sbin/blkid" dev="sda1" ino=16128 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=0 [ 567.985506] kmem_cache_alloc+0x47/0x780 [ 567.985525] ? mempool_free+0x1d0/0x1d0 [ 567.985536] mempool_alloc_slab+0x47/0x60 [ 568.039451] mempool_alloc+0x138/0x300 03:39:14 executing program 3: r0 = socket(0x10, 0x803, 0x0) sendto(r0, &(0x7f0000cfefee)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0x80, &(0x7f0000000380)=[{&(0x7f0000000040)=""/95, 0x5f}, {&(0x7f00000000c0)=""/85, 0x55}, {&(0x7f0000000fc0)=""/4096, 0x1000}, {&(0x7f0000000400)=""/120, 0x78}, {&(0x7f0000000480)=""/60, 0x3c}, {&(0x7f0000000200)=""/77, 0x4d}, {&(0x7f0000000540)=""/154, 0x9a}], 0x7, &(0x7f0000002400)=""/191, 0xbf}}], 0x1, 0x0, &(0x7f0000003700)={0x77359400}) 03:39:14 executing program 3: r0 = socket(0x10, 0x803, 0x0) sendto(r0, &(0x7f0000cfefee)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0x80, &(0x7f0000000380)=[{&(0x7f0000000040)=""/95, 0x5f}, {&(0x7f00000000c0)=""/85, 0x55}, {&(0x7f0000000fc0)=""/4096, 0x1000}, {&(0x7f0000000400)=""/120, 0x78}, {&(0x7f0000000480)=""/60, 0x3c}, {&(0x7f0000000200)=""/77, 0x4d}, {&(0x7f0000000540)=""/154, 0x9a}], 0x7, &(0x7f0000002400)=""/191, 0xbf}}], 0x1, 0x0, &(0x7f0000003700)={0x77359400}) [ 568.043365] ? remove_element.isra.0+0x1b0/0x1b0 [ 568.048193] ? find_held_lock+0x35/0x130 [ 568.052260] ? create_empty_buffers+0x2d3/0x480 [ 568.056929] ? save_trace+0x290/0x290 [ 568.060793] bio_alloc_bioset+0x368/0x680 [ 568.064953] ? bvec_alloc+0x2e0/0x2e0 [ 568.068769] submit_bh_wbc+0xf6/0x720 [ 568.072580] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 568.078040] block_read_full_page+0x7a2/0x960 [ 568.082547] ? set_init_blocksize+0x220/0x220 [ 568.087090] ? __bread_gfp+0x290/0x290 03:39:14 executing program 3: r0 = socket(0x10, 0x803, 0x0) sendto(r0, &(0x7f0000cfefee)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0x80, &(0x7f0000000380)=[{&(0x7f0000000040)=""/95, 0x5f}, {&(0x7f00000000c0)=""/85, 0x55}, {&(0x7f0000000fc0)=""/4096, 0x1000}, {&(0x7f0000000400)=""/120, 0x78}, {&(0x7f0000000480)=""/60, 0x3c}, {&(0x7f0000000200)=""/77, 0x4d}, {&(0x7f0000000540)=""/154, 0x9a}, {0x0}], 0x8, &(0x7f0000002400)=""/191, 0xbf}}], 0x1, 0x0, &(0x7f0000003700)={0x77359400}) [ 568.091020] ? add_to_page_cache_lru+0x159/0x310 [ 568.095787] ? add_to_page_cache_locked+0x40/0x40 [ 568.100634] blkdev_readpage+0x1d/0x30 [ 568.104586] do_read_cache_page+0x671/0xfc0 [ 568.108914] ? blkdev_writepages+0xd0/0xd0 [ 568.113160] ? find_get_pages_contig+0xaa0/0xaa0 [ 568.117932] ? blkdev_get+0xb0/0x8e0 [ 568.121664] ? dput.part.0+0x170/0x750 [ 568.125557] ? bd_may_claim+0xd0/0xd0 [ 568.129358] ? path_put+0x50/0x70 [ 568.132820] ? lookup_bdev.part.0+0xe1/0x160 [ 568.137228] read_cache_page_gfp+0x6e/0x90 [ 568.141449] btrfs_read_disk_super+0xdd/0x440 [ 568.145928] btrfs_scan_one_device+0xc6/0x400 [ 568.150495] ? device_list_add+0x8d0/0x8d0 [ 568.154714] ? __free_pages+0x54/0x90 [ 568.158498] ? free_pages+0x46/0x50 [ 568.162110] btrfs_mount+0x2e3/0x2b14 [ 568.165893] ? lock_downgrade+0x6e0/0x6e0 [ 568.170030] ? find_held_lock+0x35/0x130 [ 568.174102] ? pcpu_alloc+0x3af/0x1050 [ 568.177995] ? btrfs_remount+0x11f0/0x11f0 [ 568.182218] ? rcu_read_lock_sched_held+0x110/0x130 [ 568.187220] ? __lockdep_init_map+0x10c/0x570 [ 568.191697] mount_fs+0x97/0x2a1 [ 568.195049] vfs_kern_mount.part.0+0x5e/0x3d0 [ 568.199566] ? find_held_lock+0x35/0x130 [ 568.203612] vfs_kern_mount+0x40/0x60 [ 568.207413] btrfs_mount+0x3ce/0x2b14 [ 568.211208] ? lock_downgrade+0x6e0/0x6e0 [ 568.215346] ? find_held_lock+0x35/0x130 [ 568.219389] ? pcpu_alloc+0x3af/0x1050 [ 568.223260] ? btrfs_remount+0x11f0/0x11f0 [ 568.227569] ? rcu_read_lock_sched_held+0x110/0x130 [ 568.232588] ? __lockdep_init_map+0x10c/0x570 [ 568.237063] ? __lockdep_init_map+0x10c/0x570 [ 568.241539] mount_fs+0x97/0x2a1 [ 568.244892] vfs_kern_mount.part.0+0x5e/0x3d0 [ 568.249374] do_mount+0x417/0x27d0 [ 568.252898] ? copy_mount_options+0x5c/0x2f0 [ 568.257286] ? rcu_read_lock_sched_held+0x110/0x130 [ 568.262287] ? copy_mount_string+0x40/0x40 [ 568.266503] ? copy_mount_options+0x1fe/0x2f0 [ 568.270980] SyS_mount+0xab/0x120 [ 568.274412] ? copy_mnt_ns+0x8c0/0x8c0 [ 568.278282] do_syscall_64+0x1e8/0x640 [ 568.282257] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 568.287092] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 568.292261] RIP: 0033:0x45c27a [ 568.295429] RSP: 002b:00007f4eb8d06a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 568.303118] RAX: ffffffffffffffda RBX: 00007f4eb8d06b40 RCX: 000000000045c27a [ 568.310379] RDX: 00007f4eb8d06ae0 RSI: 0000000020000100 RDI: 00007f4eb8d06b00 [ 568.317636] RBP: 0000000000000001 R08: 00007f4eb8d06b40 R09: 00007f4eb8d06ae0 [ 568.324914] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000006 [ 568.332167] R13: 00000000004c88e2 R14: 00000000004df6b0 R15: 0000000000000005 [ 568.368825] audit: type=1400 audit(2000000354.759:2617): avc: denied { map } for pid=19935 comm="blkid" path="/sbin/blkid" dev="sda1" ino=16128 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=0 [ 568.448205] audit: type=1400 audit(2000000354.839:2618): avc: denied { map } for pid=19936 comm="blkid" path="/sbin/blkid" dev="sda1" ino=16128 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=0 [ 568.470664] audit: type=1400 audit(2000000354.839:2619): avc: denied { map } for pid=19937 comm="blkid" path="/sbin/blkid" dev="sda1" ino=16128 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=0 03:39:15 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") r1 = syz_open_dev$sg(&(0x7f0000000180)='/dev/sg#\x00', 0x0, 0x101002) syz_open_dev$swradio(&(0x7f00000000c0)='/dev/swradio#\x00', 0x1, 0x2) write(r1, &(0x7f0000000100)="b63db85e1e8d020000000000003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1acfbd6cbf87798a9b02de7a91a3cbdfa009cf75a7eadb2a00", 0x48) readv(r1, &(0x7f000085dff0)=[{&(0x7f0000000000)=""/62, 0x3e}], 0x1) fcntl$F_GET_FILE_RW_HINT(r1, 0x40d, &(0x7f0000000080)) 03:39:15 executing program 3: r0 = socket(0x10, 0x803, 0x0) sendto(r0, &(0x7f0000cfefee)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0x80, &(0x7f0000000380)=[{&(0x7f0000000040)=""/95, 0x5f}, {&(0x7f00000000c0)=""/85, 0x55}, {&(0x7f0000000fc0)=""/4096, 0x1000}, {&(0x7f0000000400)=""/120, 0x78}, {&(0x7f0000000480)=""/60, 0x3c}, {&(0x7f0000000200)=""/77, 0x4d}, {&(0x7f0000000540)=""/154, 0x9a}, {0x0}], 0x8, &(0x7f0000002400)=""/191, 0xbf}}], 0x1, 0x0, &(0x7f0000003700)={0x77359400}) 03:39:15 executing program 5: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0x15, &(0x7f00000000c0)=ANY=[@ANYBLOB="b702000008000000bfa3000000000000b703000000feffff7a0af0fff8fffff279a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404e2ff01007d60b7030000000000006a0a00fe000000008500000000000000000002f495f676875bc54a9ec7be3d0759319d5fc6ece8d6722c5f37b11d7811994e05329eac144b8b57f8db89953a319a4787382b5566f30ccaa7ce534301f4d300"/175], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x6, 0x10, &(0x7f0000000180)={0x0, 0x1, 0x2}, 0xfffffffffffffdd5}, 0x70) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r0, 0x0, 0xe, 0xfffffffffffffd72, &(0x7f0000000040)="b2c1d7100c6168ba765fc9db0878", 0x0, 0x3f}, 0x24) 03:39:15 executing program 0: mkdir(0x0, 0x0) mkdir(&(0x7f0000000180)='./file0\x00', 0x4) mount$overlay(0x400000, &(0x7f0000000000)='./file0\x00', &(0x7f0000000300)='overlay\x00', 0x0, &(0x7f0000000c40)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=./file1,workdir=./file1']) chdir(&(0x7f0000000280)='./file0\x00') mknod$loop(&(0x7f0000000040)='./file0\x00', 0x0, 0x1) 03:39:15 executing program 4 (fault-call:1 fault-nth:72): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f0000000380)="8da4363ac0ed0000000000000000004d01000000000000000000000000000013fff6f2a2299748aeb81e1b00920efd9a000001000000000001000000000000005f42485266535f4d860c1317278d451fd38e4071a1e91c0523b67fecca5b668ef40000000000000000e4bd9fa7c5fcb3aefd8d4a6c4952162a5a06316567de06abe647d21f253840c118ae9982c6c238e719ccfbd8f5ee215e30bf31f59401e921c6a9fca5349ebf4294d39b5931232929caf81701a7540962141efc672ae1459ef04de89c7a092e7f", 0xc9, 0x10000}], 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) [ 568.560121] protocol 88fb is buggy, dev hsr_slave_0 [ 568.560125] protocol 88fb is buggy, dev hsr_slave_0 03:39:15 executing program 3: r0 = socket(0x10, 0x803, 0x0) sendto(r0, &(0x7f0000cfefee)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0x80, &(0x7f0000000380)=[{&(0x7f0000000040)=""/95, 0x5f}, {&(0x7f00000000c0)=""/85, 0x55}, {&(0x7f0000000fc0)=""/4096, 0x1000}, {&(0x7f0000000400)=""/120, 0x78}, {&(0x7f0000000480)=""/60, 0x3c}, {&(0x7f0000000200)=""/77, 0x4d}, {&(0x7f0000000540)=""/154, 0x9a}, {0x0}], 0x8, &(0x7f0000002400)=""/191, 0xbf}}], 0x1, 0x0, &(0x7f0000003700)={0x77359400}) [ 568.639891] audit: type=1400 audit(2000000355.029:2620): avc: denied { map } for pid=19943 comm="blkid" path="/sbin/blkid" dev="sda1" ino=16128 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=0 [ 568.645888] sg_write: data in/out 167162/24 bytes for SCSI command 0xff-- guessing data in; [ 568.645888] program syz-executor.1 not setting count and/or reply_len properly [ 568.688014] overlayfs: failed to resolve './file1': -2 [ 568.704141] FAULT_INJECTION: forcing a failure. [ 568.704141] name failslab, interval 1, probability 0, space 0, times 0 [ 568.718016] audit: type=1400 audit(2000000355.109:2621): avc: denied { map } for pid=19954 comm="blkid" path="/sbin/blkid" dev="sda1" ino=16128 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=0 [ 568.723849] CPU: 0 PID: 19949 Comm: syz-executor.4 Not tainted 4.14.134 #30 [ 568.747203] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 568.756558] Call Trace: [ 568.759143] dump_stack+0x138/0x19c [ 568.762768] should_fail.cold+0x10f/0x159 [ 568.766913] should_failslab+0xdb/0x130 [ 568.770889] kmem_cache_alloc_trace+0x2e9/0x790 [ 568.775553] ? __kmalloc_node+0x51/0x80 [ 568.779555] btrfs_mount+0x1001/0x2b14 [ 568.783462] ? lock_downgrade+0x6e0/0x6e0 [ 568.787607] ? find_held_lock+0x35/0x130 [ 568.791666] ? pcpu_alloc+0x3af/0x1050 [ 568.795556] ? btrfs_remount+0x11f0/0x11f0 [ 568.799794] ? rcu_read_lock_sched_held+0x110/0x130 [ 568.804841] ? __lockdep_init_map+0x10c/0x570 [ 568.809345] mount_fs+0x97/0x2a1 [ 568.812719] vfs_kern_mount.part.0+0x5e/0x3d0 [ 568.817203] ? find_held_lock+0x35/0x130 [ 568.821263] vfs_kern_mount+0x40/0x60 [ 568.825058] btrfs_mount+0x3ce/0x2b14 [ 568.828848] ? lock_downgrade+0x6e0/0x6e0 [ 568.832991] ? find_held_lock+0x35/0x130 [ 568.837066] ? pcpu_alloc+0x3af/0x1050 [ 568.840953] ? btrfs_remount+0x11f0/0x11f0 [ 568.845189] ? rcu_read_lock_sched_held+0x110/0x130 [ 568.850213] ? __lockdep_init_map+0x10c/0x570 [ 568.854701] ? __lockdep_init_map+0x10c/0x570 [ 568.859193] mount_fs+0x97/0x2a1 [ 568.862560] vfs_kern_mount.part.0+0x5e/0x3d0 [ 568.867049] do_mount+0x417/0x27d0 [ 568.870582] ? copy_mount_options+0x5c/0x2f0 [ 568.874985] ? rcu_read_lock_sched_held+0x110/0x130 [ 568.879997] ? copy_mount_string+0x40/0x40 [ 568.884235] ? copy_mount_options+0x1fe/0x2f0 [ 568.888725] SyS_mount+0xab/0x120 [ 568.892167] ? copy_mnt_ns+0x8c0/0x8c0 [ 568.896050] do_syscall_64+0x1e8/0x640 [ 568.899931] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 568.904771] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 568.910037] RIP: 0033:0x45c27a [ 568.913220] RSP: 002b:00007f4eb8ce5a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 568.920922] RAX: ffffffffffffffda RBX: 00007f4eb8ce5b40 RCX: 000000000045c27a [ 568.928181] RDX: 00007f4eb8ce5ae0 RSI: 0000000020000100 RDI: 00007f4eb8ce5b00 [ 568.935440] RBP: 0000000000000001 R08: 00007f4eb8ce5b40 R09: 00007f4eb8ce5ae0 [ 568.942700] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000004 [ 568.949963] R13: 00000000004c88e2 R14: 00000000004df6b0 R15: 0000000000000003 [ 568.970338] sg_write: data in/out 167162/24 bytes for SCSI command 0xff-- guessing data in; [ 568.970338] program syz-executor.1 not setting count and/or reply_len properly [ 569.009163] audit: type=1400 audit(2000000355.399:2622): avc: denied { map } for pid=19956 comm="blkid" path="/sbin/blkid" dev="sda1" ino=16128 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=0 03:39:17 executing program 2: socketpair$unix(0x1, 0x0, 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="2001000010db55000000000000649bdb382db60cdb35feaf0900000000000000000000000000201483d9b22701010000d08a38cd02fa9ed7d2"], 0x1}}, 0x0) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/avc/cache_stats\x00', 0x0, 0x0) ioctl$KVM_GET_REGS(r0, 0x8090ae81, &(0x7f0000000180)) r1 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x38) ptrace$cont(0x18, r1, 0x0, 0x0) tkill(r1, 0x2f) r2 = semget(0x3, 0x3, 0x10) r3 = geteuid() fstat(r0, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) getresuid(&(0x7f0000000080), &(0x7f0000000100)=0x0, &(0x7f00000002c0)) r6 = getegid() semctl$IPC_SET(r2, 0x0, 0x1, &(0x7f0000000300)={{0xe3, r3, r4, r5, r6, 0xc312bd1feacc86d2, 0x9}, 0x20, 0x5, 0x3}) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r1, 0x0, 0x0) 03:39:17 executing program 5: futex(&(0x7f000000cffc)=0x1, 0x8f, 0x1, 0x0, &(0x7f0000000040), 0x3) futex(&(0x7f000000cffc), 0x8c, 0x1, 0x0, &(0x7f0000048000), 0x0) r0 = syz_open_dev$vcsn(&(0x7f0000000000)='/dev/vcs#\x00', 0x7f, 0x10000) ioctl$UI_SET_SWBIT(r0, 0x4004556d, 0x4) 03:39:17 executing program 3: r0 = socket(0x10, 0x803, 0x0) sendto(r0, &(0x7f0000cfefee)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0x80, &(0x7f0000000380)=[{&(0x7f0000000040)=""/95, 0x5f}, {&(0x7f00000000c0)=""/85, 0x55}, {&(0x7f0000000fc0)=""/4096, 0x1000}, {&(0x7f0000000400)=""/120, 0x78}, {&(0x7f0000000480)=""/60, 0x3c}, {&(0x7f0000000200)=""/77, 0x4d}, {&(0x7f0000000340)=""/22, 0x16}], 0x7, &(0x7f0000002400)=""/191, 0xbf}}], 0x1, 0x0, &(0x7f0000003700)={0x77359400}) 03:39:17 executing program 0: mkdir(&(0x7f00000000c0)='./file1\x00', 0x0) mkdir(0x0, 0x4) mount$overlay(0x400000, &(0x7f0000000000)='./file0\x00', &(0x7f0000000300)='overlay\x00', 0x0, &(0x7f0000000c40)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=./file1,workdir=./file1']) chdir(&(0x7f0000000280)='./file0\x00') mknod$loop(&(0x7f0000000040)='./file0\x00', 0x0, 0x1) 03:39:17 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000180)='/dev/hwrng\x00', 0x80000, 0x0) setsockopt$inet_sctp_SCTP_ADAPTATION_LAYER(r1, 0x84, 0x7, &(0x7f0000000280)={0x2}, 0x4) ioctl(r0, 0x1, &(0x7f00000001c0)="11dc174f9f204c111f8570") r2 = syz_open_dev$sg(&(0x7f0000000080)='/dev/sg#\x00', 0x400000, 0x8046) write(r2, &(0x7f0000000100)="b63db85e1e8d020000000000003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1acfbd6cbf87798a9b02de7a91a3cbdfa009cf75a7eadb2a00", 0x48) readv(r2, &(0x7f000085dff0)=[{&(0x7f0000000000)=""/62, 0x3e}], 0x1) ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f0000000040)=0x0) sched_getscheduler(r3) 03:39:17 executing program 4 (fault-call:1 fault-nth:73): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f0000000380)="8da4363ac0ed0000000000000000004d01000000000000000000000000000013fff6f2a2299748aeb81e1b00920efd9a000001000000000001000000000000005f42485266535f4d860c1317278d451fd38e4071a1e91c0523b67fecca5b668ef40000000000000000e4bd9fa7c5fcb3aefd8d4a6c4952162a5a06316567de06abe647d21f253840c118ae9982c6c238e719ccfbd8f5ee215e30bf31f59401e921c6a9fca5349ebf4294d39b5931232929caf81701a7540962141efc672ae1459ef04de89c7a092e7f", 0xc9, 0x10000}], 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) [ 571.045105] FAULT_INJECTION: forcing a failure. [ 571.045105] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 571.056946] CPU: 0 PID: 19965 Comm: syz-executor.4 Not tainted 4.14.134 #30 [ 571.064047] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 571.074937] Call Trace: [ 571.077540] dump_stack+0x138/0x19c [ 571.081183] should_fail.cold+0x10f/0x159 [ 571.085343] __alloc_pages_nodemask+0x1d6/0x7a0 [ 571.090010] ? fs_reclaim_acquire+0x20/0x20 [ 571.094331] ? __alloc_pages_slowpath+0x2930/0x2930 [ 571.100345] cache_grow_begin+0x80/0x400 [ 571.104671] kmem_cache_alloc_node_trace+0x697/0x770 [ 571.109856] ? mutex_unlock+0xd/0x10 [ 571.113567] ? btrfs_scan_one_device+0xeb/0x400 [ 571.118232] __kmalloc_node+0x3d/0x80 [ 571.122030] kvmalloc_node+0x93/0xe0 [ 571.125738] btrfs_mount+0xf88/0x2b14 [ 571.129529] ? lock_downgrade+0x6e0/0x6e0 [ 571.133668] ? find_held_lock+0x35/0x130 [ 571.137722] ? pcpu_alloc+0x3af/0x1050 [ 571.141608] ? btrfs_remount+0x11f0/0x11f0 [ 571.145843] ? rcu_read_lock_sched_held+0x110/0x130 [ 571.151634] ? __lockdep_init_map+0x10c/0x570 [ 571.156132] mount_fs+0x97/0x2a1 [ 571.159492] vfs_kern_mount.part.0+0x5e/0x3d0 [ 571.163978] ? find_held_lock+0x35/0x130 [ 571.168041] vfs_kern_mount+0x40/0x60 [ 571.171843] btrfs_mount+0x3ce/0x2b14 [ 571.175638] ? lock_downgrade+0x6e0/0x6e0 [ 571.179806] ? find_held_lock+0x35/0x130 [ 571.183880] ? pcpu_alloc+0x3af/0x1050 [ 571.187771] ? btrfs_remount+0x11f0/0x11f0 [ 571.192005] ? rcu_read_lock_sched_held+0x110/0x130 [ 571.197028] ? __lockdep_init_map+0x10c/0x570 [ 571.201514] ? __lockdep_init_map+0x10c/0x570 [ 571.206008] mount_fs+0x97/0x2a1 [ 571.209371] vfs_kern_mount.part.0+0x5e/0x3d0 [ 571.213862] do_mount+0x417/0x27d0 [ 571.217398] ? copy_mount_options+0x5c/0x2f0 [ 571.221795] ? rcu_read_lock_sched_held+0x110/0x130 [ 571.226833] ? copy_mount_string+0x40/0x40 [ 571.231066] ? copy_mount_options+0x1fe/0x2f0 [ 571.235563] SyS_mount+0xab/0x120 [ 571.239006] ? copy_mnt_ns+0x8c0/0x8c0 [ 571.242894] do_syscall_64+0x1e8/0x640 [ 571.246775] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 571.251617] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 571.256796] RIP: 0033:0x45c27a [ 571.259973] RSP: 002b:00007f4eb8d06a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 571.267673] RAX: ffffffffffffffda RBX: 00007f4eb8d06b40 RCX: 000000000045c27a [ 571.274945] RDX: 00007f4eb8d06ae0 RSI: 0000000020000100 RDI: 00007f4eb8d06b00 [ 571.282202] RBP: 0000000000000001 R08: 00007f4eb8d06b40 R09: 00007f4eb8d06ae0 03:39:17 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x40000000000003, &(0x7f0000000080)="11dca50d5e0bcfe47bf07048ee") r1 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x8046) r2 = syz_open_dev$cec(&(0x7f00000000c0)='/dev/cec#\x00', 0x1, 0x2) ioctl$RTC_PLL_GET(r2, 0x80207011, &(0x7f0000000180)) write(r1, &(0x7f0000000100)="b63db85e1e8d020000000000003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1acfbd6cbf87798a9b02de7a91a3cbdfa009cf75a7eadb2a00", 0x48) readv(r1, &(0x7f000085dff0)=[{&(0x7f0000000000)=""/62, 0x3e}], 0x1) [ 571.289459] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000006 [ 571.296721] R13: 00000000004c88e2 R14: 00000000004df6b0 R15: 0000000000000005 03:39:17 executing program 0: mkdir(&(0x7f00000000c0)='./file1\x00', 0x0) mkdir(0x0, 0x4) mount$overlay(0x400000, &(0x7f0000000000)='./file0\x00', &(0x7f0000000300)='overlay\x00', 0x0, &(0x7f0000000c40)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=./file1,workdir=./file1']) chdir(&(0x7f0000000280)='./file0\x00') mknod$loop(&(0x7f0000000040)='./file0\x00', 0x0, 0x1) 03:39:17 executing program 3: r0 = socket(0x10, 0x803, 0x0) sendto(r0, &(0x7f0000cfefee)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0x80, &(0x7f0000000380)=[{&(0x7f0000000040)=""/95, 0x5f}, {&(0x7f00000000c0)=""/85, 0x55}, {&(0x7f0000000fc0)=""/4096, 0x1000}, {&(0x7f0000000400)=""/120, 0x78}, {&(0x7f0000000480)=""/60, 0x3c}, {&(0x7f0000000200)=""/77, 0x4d}, {&(0x7f0000000340)=""/22, 0x16}], 0x7, &(0x7f0000002400)=""/191, 0xbf}}], 0x1, 0x0, &(0x7f0000003700)={0x77359400}) 03:39:17 executing program 5: r0 = perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setresuid(0x0, 0xfffe, 0xffffffffffffffff) r1 = syz_open_procfs(0x0, &(0x7f00000004c0)='\x00\a\x00\x00\x00\x00\x00\x00\x00G\xe3U:Q<\x16%\x98\xff\xf2\xda\xeb\x88i\x16\x02\xb5\x83\x19\xf3w\x18\xc7\x96\x05\x00y\x93\xd3W\xc4-l\xcf\xa5\xed\xc8RF\xf2.Ihm\xe2\x86\xd2\xf1\xd6\xb6\xff<\xa4}\xcb\x99\x9fq\x1dF\xe0\x05Y\xfex\x0f\x17\xf7s\xd51\xdf\xeb\x87tT&|i\xc9\xa8\x95\\\xf2\xb5\ay\xc8\xc8R\x92\xf1#\x9bsm\xf6F\x83\xd7\x13L\x94\xf8}\xc7m>\xe4]\xde\xfa=d\xc5\xf7\x115\xd7\xf3\xbc\x0f\xe3V\x9d\xf8\x8b|1\r\xd4X\xae\\\xd5\x9a4J\n\xac\xd1\x9f\a\xa0\xf6\x97zr\x0f\x04\x00\x00\x00\x1f\xe0\f,\x9e\x13\xdf\xf4\xc3)mzB\xe0Y\xc3n|M\xc5\xf7\xd0\x94\xfb\x19\x9b\xefS\xf8zi0\xb5v\xde\xed\xccl\xe9\x0e-\xef\x9dN&%\x80A\xacn\x8c~7\x18\x94\x94\xd9\x8f\xd1\xe13\xd9\xa6\xb3\xa7\xf3\xcf\xb3,\x9b\xd8x\x94\xb7\x8f\xcf?\xda\v\xe7\xd2!\x8c\xa8\xe3F\x81\xee\x1c\x1c\xa7\xbcnU!R\xbc\x9fJ\xc1Z\xeeu\'\x7f\xc1\x1c\xcb\x04\xf34F[\xf7\xc8VK\xad\x90\x00'/307) getdents64(r1, &(0x7f00000001c0)=""/255, 0xff) ioctl$DRM_IOCTL_AGP_BIND(r1, 0x40106436, &(0x7f0000000040)={0x0, 0x7}) getdents(r1, &(0x7f0000000ea9)=""/407, 0x197) r2 = shmget(0x2, 0x4000, 0x54000000, &(0x7f0000ff9000/0x4000)=nil) stat(&(0x7f0000000000)='./file0\x00', &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0}) r4 = getgid() getsockopt$inet_IP_IPSEC_POLICY(r1, 0x0, 0x10, &(0x7f00000002c0)={{{@in6=@remote, @in6=@mcast2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@loopback}, 0x0, @in6=@local}}, &(0x7f0000000100)=0xe8) getresgid(&(0x7f0000000140), &(0x7f0000000180), &(0x7f00000003c0)=0x0) r7 = getpid() r8 = fcntl$getown(r0, 0x9) shmctl$IPC_SET(r2, 0x1, &(0x7f0000000400)={{0xfffffffffffffe01, r3, r4, r5, r6, 0x4, 0x3}, 0x5, 0x100000000, 0x3, 0x1fec98e, r7, r8, 0x7}) [ 571.341928] sg_write: data in/out 167162/24 bytes for SCSI command 0xff-- guessing data in; [ 571.341928] program syz-executor.1 not setting count and/or reply_len properly 03:39:17 executing program 0: mkdir(&(0x7f00000000c0)='./file1\x00', 0x0) mkdir(0x0, 0x4) mount$overlay(0x400000, &(0x7f0000000000)='./file0\x00', &(0x7f0000000300)='overlay\x00', 0x0, &(0x7f0000000c40)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=./file1,workdir=./file1']) chdir(&(0x7f0000000280)='./file0\x00') mknod$loop(&(0x7f0000000040)='./file0\x00', 0x0, 0x1) 03:39:17 executing program 3: r0 = socket(0x10, 0x803, 0x0) sendto(r0, &(0x7f0000cfefee)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0x80, &(0x7f0000000380)=[{&(0x7f0000000040)=""/95, 0x5f}, {&(0x7f00000000c0)=""/85, 0x55}, {&(0x7f0000000fc0)=""/4096, 0x1000}, {&(0x7f0000000400)=""/120, 0x78}, {&(0x7f0000000480)=""/60, 0x3c}, {&(0x7f0000000200)=""/77, 0x4d}, {&(0x7f0000000340)=""/22, 0x16}], 0x7, &(0x7f0000002400)=""/191, 0xbf}}], 0x1, 0x0, &(0x7f0000003700)={0x77359400}) [ 571.397240] sg_write: data in/out 167162/24 bytes for SCSI command 0xff-- guessing data in; [ 571.397240] program syz-executor.1 not setting count and/or reply_len properly [ 572.720145] net_ratelimit: 15 callbacks suppressed [ 572.720151] protocol 88fb is buggy, dev hsr_slave_0 [ 572.720188] protocol 88fb is buggy, dev hsr_slave_1 [ 572.725192] protocol 88fb is buggy, dev hsr_slave_1 [ 572.740403] protocol 88fb is buggy, dev hsr_slave_0 [ 572.745462] protocol 88fb is buggy, dev hsr_slave_1 [ 572.800105] protocol 88fb is buggy, dev hsr_slave_1 [ 573.360137] protocol 88fb is buggy, dev hsr_slave_0 [ 573.365267] protocol 88fb is buggy, dev hsr_slave_1 03:39:20 executing program 2: socketpair$unix(0x1, 0x0, 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB="2001000010db55000000000000649bdb382db60cdb35feaf0900000000000000000000000000201483d7d2f800000000000000000000000000a76e1249b2e0c8648fb166bc1dccc6aa1aebdbf2"], 0x1}}, 0x0) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x38) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r0, 0x0, 0x0) 03:39:20 executing program 5: r0 = socket$nl_generic(0x10, 0x3, 0x10) bind$netlink(r0, &(0x7f0000000000)={0x10, 0x0, 0x0, 0x400000088000}, 0xc) signalfd4(r0, &(0x7f0000000040)={0x100000000}, 0x8, 0x80800) getsockname(r0, 0x0, &(0x7f0000000380)) ioctl$void(r0, 0xc0045878) 03:39:20 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") r1 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x8046) write(r1, &(0x7f0000000100)="b63db85e1e8d020000000000003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1acfbd6cbf87798a9b02de7a91a3cbdfa009cf75a7eadb2a00", 0x48) pipe(&(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$RTC_PLL_SET(r2, 0x40207012, &(0x7f00000001c0)={0xff, 0x7, 0x0, 0x3ff, 0x438e, 0x2, 0x100000001}) ioctl$VFIO_GET_API_VERSION(r1, 0x3b64) r3 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000080)='/proc/capi/capi20ncci\x00', 0x800, 0x0) ioctl$TIOCGETD(r3, 0x5424, &(0x7f00000000c0)) readv(r1, &(0x7f000085dff0)=[{&(0x7f0000000000)=""/62, 0x3e}], 0x1) 03:39:20 executing program 3: r0 = socket(0x10, 0x803, 0x0) sendto(r0, &(0x7f0000cfefee)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0x80, &(0x7f0000000380)=[{&(0x7f0000000040)=""/95, 0x5f}, {&(0x7f00000000c0)=""/85, 0x55}, {&(0x7f0000000fc0)=""/4096, 0x1000}, {&(0x7f0000000400)=""/120, 0x78}, {&(0x7f0000000480)=""/60, 0x3c}, {&(0x7f0000000200)=""/77, 0x4d}, {0x0}, {&(0x7f0000000340)=""/22, 0x16}], 0x8, &(0x7f0000002400)=""/191, 0xbf}}], 0x1, 0x0, &(0x7f0000003700)={0x77359400}) 03:39:20 executing program 0: mkdir(&(0x7f00000000c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000180)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000000)='./file0\x00', &(0x7f0000000300)='overlay\x00', 0x0, &(0x7f0000000c40)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=./file1,workdir=./file1']) chdir(&(0x7f0000000280)='./file0\x00') mknod$loop(&(0x7f0000000040)='./file0\x00', 0x0, 0x1) 03:39:20 executing program 4 (fault-call:1 fault-nth:74): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f0000000380)="8da4363ac0ed0000000000000000004d01000000000000000000000000000013fff6f2a2299748aeb81e1b00920efd9a000001000000000001000000000000005f42485266535f4d860c1317278d451fd38e4071a1e91c0523b67fecca5b668ef40000000000000000e4bd9fa7c5fcb3aefd8d4a6c4952162a5a06316567de06abe647d21f253840c118ae9982c6c238e719ccfbd8f5ee215e30bf31f59401e921c6a9fca5349ebf4294d39b5931232929caf81701a7540962141efc672ae1459ef04de89c7a092e7f", 0xc9, 0x10000}], 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) [ 574.059726] sg_write: data in/out 167162/24 bytes for SCSI command 0xff-- guessing data in; [ 574.059726] program syz-executor.1 not setting count and/or reply_len properly [ 574.085611] FAULT_INJECTION: forcing a failure. [ 574.085611] name failslab, interval 1, probability 0, space 0, times 0 [ 574.097811] kauditd_printk_skb: 12 callbacks suppressed 03:39:20 executing program 5: r0 = creat(&(0x7f0000000300)='./file0\x00', 0x0) syncfs(r0) sendto$unix(r0, &(0x7f0000000040)="3b5aafaf60c379578b65ed8530bad9a50c3427705081a25955240b2d8c8d33b8071c6f3fd4ab47c52e5f", 0x2a, 0x10, 0x0, 0x0) openat$dsp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x800, 0x0) 03:39:20 executing program 3: r0 = socket(0x10, 0x803, 0x0) sendto(r0, &(0x7f0000cfefee)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0x80, &(0x7f0000000380)=[{&(0x7f0000000040)=""/95, 0x5f}, {&(0x7f00000000c0)=""/85, 0x55}, {&(0x7f0000000fc0)=""/4096, 0x1000}, {&(0x7f0000000400)=""/120, 0x78}, {&(0x7f0000000480)=""/60, 0x3c}, {&(0x7f0000000200)=""/77, 0x4d}, {0x0}, {&(0x7f0000000340)=""/22, 0x16}], 0x8, &(0x7f0000002400)=""/191, 0xbf}}], 0x1, 0x0, &(0x7f0000003700)={0x77359400}) [ 574.097819] audit: type=1400 audit(2000000360.479:2635): avc: denied { create } for pid=20005 comm="syz-executor.5" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=0 [ 574.151618] CPU: 1 PID: 20007 Comm: syz-executor.4 Not tainted 4.14.134 #30 [ 574.158757] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 574.168118] Call Trace: [ 574.170713] dump_stack+0x138/0x19c [ 574.174341] should_fail.cold+0x10f/0x159 [ 574.178496] should_failslab+0xdb/0x130 [ 574.182471] kmem_cache_alloc_trace+0x2e9/0x790 [ 574.187144] ? __kmalloc_node+0x51/0x80 [ 574.191119] btrfs_mount+0x1069/0x2b14 [ 574.195002] ? lock_downgrade+0x6e0/0x6e0 [ 574.200617] ? find_held_lock+0x35/0x130 [ 574.204697] ? pcpu_alloc+0x3af/0x1050 [ 574.208586] ? btrfs_remount+0x11f0/0x11f0 [ 574.212838] ? rcu_read_lock_sched_held+0x110/0x130 [ 574.217858] ? __lockdep_init_map+0x10c/0x570 [ 574.222356] mount_fs+0x97/0x2a1 [ 574.225723] vfs_kern_mount.part.0+0x5e/0x3d0 [ 574.230209] ? find_held_lock+0x35/0x130 [ 574.234262] vfs_kern_mount+0x40/0x60 [ 574.238057] btrfs_mount+0x3ce/0x2b14 [ 574.241850] ? lock_downgrade+0x6e0/0x6e0 [ 574.245989] ? find_held_lock+0x35/0x130 [ 574.250050] ? pcpu_alloc+0x3af/0x1050 [ 574.253937] ? btrfs_remount+0x11f0/0x11f0 [ 574.258171] ? rcu_read_lock_sched_held+0x110/0x130 [ 574.263192] ? __lockdep_init_map+0x10c/0x570 [ 574.267677] ? __lockdep_init_map+0x10c/0x570 [ 574.272177] mount_fs+0x97/0x2a1 [ 574.275541] vfs_kern_mount.part.0+0x5e/0x3d0 [ 574.280030] do_mount+0x417/0x27d0 [ 574.283566] ? copy_mount_options+0x5c/0x2f0 [ 574.287965] ? rcu_read_lock_sched_held+0x110/0x130 [ 574.292979] ? copy_mount_string+0x40/0x40 [ 574.297218] ? copy_mount_options+0x1fe/0x2f0 [ 574.301707] SyS_mount+0xab/0x120 [ 574.305153] ? copy_mnt_ns+0x8c0/0x8c0 [ 574.309033] do_syscall_64+0x1e8/0x640 [ 574.312925] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 574.317765] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 574.322945] RIP: 0033:0x45c27a [ 574.326125] RSP: 002b:00007f4eb8d06a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 574.333826] RAX: ffffffffffffffda RBX: 00007f4eb8d06b40 RCX: 000000000045c27a [ 574.341092] RDX: 00007f4eb8d06ae0 RSI: 0000000020000100 RDI: 00007f4eb8d06b00 03:39:20 executing program 0: mkdir(&(0x7f00000000c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000180)='./file0\x00', 0x0) mount$overlay(0x400000, 0x0, &(0x7f0000000300)='overlay\x00', 0x0, &(0x7f0000000c40)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=./file1,workdir=./file1']) chdir(&(0x7f0000000280)='./file0\x00') mknod$loop(&(0x7f0000000040)='./file0\x00', 0x0, 0x1) [ 574.348361] RBP: 0000000000000001 R08: 00007f4eb8d06b40 R09: 00007f4eb8d06ae0 [ 574.355635] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000006 [ 574.362901] R13: 00000000004c88e2 R14: 00000000004df6b0 R15: 0000000000000005 [ 574.374275] sg_write: data in/out 167162/24 bytes for SCSI command 0xff-- guessing data in; [ 574.374275] program syz-executor.1 not setting count and/or reply_len properly 03:39:20 executing program 2: socketpair$unix(0x1, 0x0, 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="2001000010db550000000000006499db382db60cdb35ecaf0900000000000000000000000000201483d9b22701010000d08a38cd02fa9ed7d2"], 0x1}}, 0x0) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$bt_BT_RCVMTU(r1, 0x112, 0xd, &(0x7f0000000240)=0x3, 0x2) r2 = syz_open_dev$cec(&(0x7f0000000040)='/dev/cec#\x00', 0x0, 0x2) ioctl$UI_SET_ABSBIT(r2, 0x40045567, 0x5) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x38) accept4$inet6(r2, &(0x7f0000000080)={0xa, 0x0, 0x0, @mcast1}, &(0x7f0000000100)=0x1c, 0x80000) ptrace$cont(0xffffffffffffffff, r0, 0xfffffffffffffffc, 0x1) syz_open_dev$amidi(&(0x7f0000000280)='/dev/amidi#\x00', 0xff, 0x400000) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r0, 0x0, 0x0) ioctl$sock_inet_SIOCSARP(r2, 0x8955, &(0x7f0000000180)={{0x2, 0x4e24, @initdev={0xac, 0x1e, 0x1, 0x0}}, {0x307, @dev={[], 0x20}}, 0x4, {0x2, 0x4e24, @loopback}, 'syzkaller0\x00'}) 03:39:20 executing program 3: r0 = socket(0x10, 0x803, 0x0) sendto(r0, &(0x7f0000cfefee)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0x80, &(0x7f0000000380)=[{&(0x7f0000000040)=""/95, 0x5f}, {&(0x7f00000000c0)=""/85, 0x55}, {&(0x7f0000000fc0)=""/4096, 0x1000}, {&(0x7f0000000400)=""/120, 0x78}, {&(0x7f0000000480)=""/60, 0x3c}, {&(0x7f0000000200)=""/77, 0x4d}, {0x0}, {&(0x7f0000000340)=""/22, 0x16}], 0x8, &(0x7f0000002400)=""/191, 0xbf}}], 0x1, 0x0, &(0x7f0000003700)={0x77359400}) [ 574.400011] audit: type=1400 audit(2000000360.479:2636): avc: denied { create } for pid=20005 comm="syz-executor.5" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=0 03:39:20 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") r1 = openat$selinux_checkreqprot(0xffffffffffffff9c, &(0x7f0000000080)='/selinux/checkreqprot\x00', 0x0, 0x0) write$USERIO_CMD_REGISTER(r1, &(0x7f00000000c0)={0x0, 0x8}, 0x2) ioctl$SNDRV_CTL_IOCTL_RAWMIDI_PREFER_SUBDEVICE(r1, 0x40045542, &(0x7f0000000180)=0x7) r2 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x8046) write(r2, &(0x7f0000000100)="b63db85e1e8d020000000000003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1acfbd6cbf87798a9b02de7a91a3cbdfa009cf75a7eadb2a00", 0x48) readv(r2, &(0x7f000085dff0)=[{&(0x7f0000000000)=""/62, 0x3e}], 0x1) [ 574.451882] audit: type=1400 audit(2000000360.509:2637): avc: denied { associate } for pid=20010 comm="syz-executor.0" name="file0" scontext=unconfined_u:object_r:unlabeled_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=filesystem permissive=0 [ 574.478303] audit: type=1400 audit(2000000360.539:2638): avc: denied { map } for pid=20012 comm="blkid" path="/sbin/blkid" dev="sda1" ino=16128 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=0 03:39:20 executing program 3: r0 = socket(0x10, 0x803, 0x0) sendto(r0, &(0x7f0000cfefee)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0x80, &(0x7f0000000380)=[{&(0x7f0000000040)=""/95, 0x5f}, {&(0x7f00000000c0)=""/85, 0x55}, {&(0x7f0000000fc0)=""/4096, 0x1000}, {&(0x7f0000000400)=""/120, 0x78}, {&(0x7f0000000480)=""/60, 0x3c}, {&(0x7f0000000540)=""/154, 0x9a}, {&(0x7f0000000340)=""/22, 0x16}], 0x7, &(0x7f0000002400)=""/191, 0xbf}}], 0x1, 0x0, &(0x7f0000003700)={0x77359400}) [ 574.505318] sg_write: data in/out 167162/24 bytes for SCSI command 0xff-- guessing data in; [ 574.505318] program syz-executor.1 not setting count and/or reply_len properly [ 574.523860] audit: type=1400 audit(2000000360.539:2639): avc: denied { map } for pid=20016 comm="blkid" path="/sbin/blkid" dev="sda1" ino=16128 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=0 03:39:21 executing program 3: r0 = socket(0x10, 0x803, 0x0) sendto(r0, &(0x7f0000cfefee)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0x80, &(0x7f0000000380)=[{&(0x7f0000000040)=""/95, 0x5f}, {&(0x7f00000000c0)=""/85, 0x55}, {&(0x7f0000000fc0)=""/4096, 0x1000}, {&(0x7f0000000400)=""/120, 0x78}, {&(0x7f0000000480)=""/60, 0x3c}, {&(0x7f0000000540)=""/154, 0x9a}, {&(0x7f0000000340)=""/22, 0x16}], 0x7, &(0x7f0000002400)=""/191, 0xbf}}], 0x1, 0x0, &(0x7f0000003700)={0x77359400}) 03:39:21 executing program 0: mkdir(&(0x7f00000000c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000180)='./file0\x00', 0x0) mount$overlay(0x400000, 0x0, &(0x7f0000000300)='overlay\x00', 0x0, &(0x7f0000000c40)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=./file1,workdir=./file1']) chdir(&(0x7f0000000280)='./file0\x00') mknod$loop(&(0x7f0000000040)='./file0\x00', 0x0, 0x1) 03:39:21 executing program 5: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000480)='devpts\x00vh\xd2p!s\n@ha.\xc1\x88\x05\x89\x1d\b\xb3Xd\x92Y\x1b\x8c\xc0\xd0\xf4\x952\x8c!JC\xd1]Ul\xa2\x80\x19\x88 \xd4b\x0f\x87\x89P\xb4M\xf7]w\xa9\xb6\xc3}\x16\f\x87ueg$\xd9,\x8c\x9b\xbb*\xfe\x95\xb8\xa1\x9aVA\xb73w\xdf/\xa9\xc5\x8e\xe1\xef\xc5\x8d\x168\xba\"\x83\x8b\xe2\xf7*\xfa\xd20a\x94\xc7yiF\a\v\x14\xd2\xc1z\x94\x9d\x9d\a*\xab\xea\xd9Ee\xac\xa28p\xa2\xa1\x9a;\xb4o\xa0\xf1\xd7&[2\xf2\x82\xbc\xc2tu\xfb\xf5\xb1Y\xd6\xa9\x1b\xbec\xdeA\x8d\x94W)\x93,\xac\x02\x86\xd1\r\x00\xefZ\xf3Y\x84\xdbF\xf2u\xa1\x8b_\x9fe\xfe[q\xb1\\\xcen\bC \x81', 0x0, 0x0) mount$bpf(0x0, &(0x7f00000000c0)='./file0\x00', 0x0, 0x848020, &(0x7f0000000140)=ANY=[@ANYBLOB="6d6e64000000000000000030303030303030303030300400000000000000c81f0353a132645df108ad50065f71954b420fa84191aa334f55b939cb68d220f87bd31e5affd939712b3a8f77f0e125e8be09a882913822fb3db09e5096cfe1c4c05119b7b63b0d901ac47b45d528d6d59eb8d58b6d9b5531e3db0284687e967abaa2a8bbee2da4fe8d4171f3c4ee03f43d05402a6474e213de83ebccf83c0606ed"]) 03:39:21 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000280)="11dca50d5e0b77946b9271") r1 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x8046) write(r1, &(0x7f0000000100)="b63db85e1e8d020000000000003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1acfbd6cbf87798a9b02de7a91a3cbdfa009cf75a7eadb2a00", 0x48) readv(r1, &(0x7f000085dff0)=[{&(0x7f0000000000)=""/62, 0x3e}], 0x1) [ 574.607902] audit: type=1400 audit(2000000360.969:2640): avc: denied { map } for pid=20042 comm="blkid" path="/sbin/blkid" dev="sda1" ino=16128 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=0 [ 574.654131] audit: type=1400 audit(2000000360.999:2641): avc: denied { map } for pid=20048 comm="blkid" path="/sbin/blkid" dev="sda1" ino=16128 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=0 [ 574.681670] audit: type=1400 audit(2000000361.029:2642): avc: denied { map } for pid=20047 comm="blkid" path="/sbin/blkid" dev="sda1" ino=16128 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=0 [ 574.705860] sg_write: data in/out 167162/24 bytes for SCSI command 0xff-- guessing data in; [ 574.705860] program syz-executor.1 not setting count and/or reply_len properly [ 574.713742] devpts: called with bogus options [ 574.739020] sg_write: data in/out 167162/24 bytes for SCSI command 0xff-- guessing data in; [ 574.739020] program syz-executor.1 not setting count and/or reply_len properly [ 574.756266] audit: type=1400 audit(2000000361.149:2643): avc: denied { map } for pid=20057 comm="blkid" path="/sbin/blkid" dev="sda1" ino=16128 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=0 03:39:21 executing program 4 (fault-call:1 fault-nth:75): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f0000000380)="8da4363ac0ed0000000000000000004d01000000000000000000000000000013fff6f2a2299748aeb81e1b00920efd9a000001000000000001000000000000005f42485266535f4d860c1317278d451fd38e4071a1e91c0523b67fecca5b668ef40000000000000000e4bd9fa7c5fcb3aefd8d4a6c4952162a5a06316567de06abe647d21f253840c118ae9982c6c238e719ccfbd8f5ee215e30bf31f59401e921c6a9fca5349ebf4294d39b5931232929caf81701a7540962141efc672ae1459ef04de89c7a092e7f", 0xc9, 0x10000}], 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) 03:39:21 executing program 0: mkdir(&(0x7f00000000c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000180)='./file0\x00', 0x0) mount$overlay(0x400000, 0x0, &(0x7f0000000300)='overlay\x00', 0x0, &(0x7f0000000c40)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=./file1,workdir=./file1']) chdir(&(0x7f0000000280)='./file0\x00') mknod$loop(&(0x7f0000000040)='./file0\x00', 0x0, 0x1) 03:39:21 executing program 3: r0 = socket(0x10, 0x803, 0x0) sendto(r0, &(0x7f0000cfefee)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0x80, &(0x7f0000000380)=[{&(0x7f0000000040)=""/95, 0x5f}, {&(0x7f00000000c0)=""/85, 0x55}, {&(0x7f0000000fc0)=""/4096, 0x1000}, {&(0x7f0000000400)=""/120, 0x78}, {&(0x7f0000000480)=""/60, 0x3c}, {&(0x7f0000000540)=""/154, 0x9a}, {&(0x7f0000000340)=""/22, 0x16}], 0x7, &(0x7f0000002400)=""/191, 0xbf}}], 0x1, 0x0, &(0x7f0000003700)={0x77359400}) 03:39:21 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = fcntl$dupfd(r0, 0x0, r0) setsockopt$packet_buf(r1, 0x107, 0x5, &(0x7f00000001c0)="f4d3b2e069f878829f987e57806d6879170d98f6ff1af3026657d932921b9d76e3af0a8d7a60d8e926b1ea2250f07a4889c4acb4c3fdb426819f93aaec0b451e52b7d09a7469c60b253a7c48bfb50e4c27e05bd2966c95e94386855dc47b31ac5109b8974af52b7612dee49d3e8e02e3746832d10a47edfa586a66dd1a2fc174c4d987e734173f2b7d10a97e3be37aabc7c0aa236e5905d79cfe881c1820cd1fdf47e71e06c57223f5951153f7aa85d4ee7e4369a2b8cf763bf0cc9969b1684e31104b3f29ff59be7893ec957f7e202063452adc91535b51fda5ffa842ac74810010852e47c56315f794e98f1c6f7f157abd3b8afe179d50fb8293067a4bcc1d435706f4378cbed9b65c7f4d0929d6bffb3cf2425123c76ebe468caa694d9262e68d3973918fba4452001f4f0b35b1610de91050d9a2e91eb7db155bfe899cb31b79a14ba1187a6705083ba92e63737675a09a700e3586cd82b9a50fba11ed7162908a822d6fb8e3273604857fb0f747e21d84f7e681d18ab434f15c74ee1bedd452a7eb696fe0d5556e9462d6e33e0b37121263160a1f4bd244a798994375f96bb25b1f86b9f59614e6472b26c0e8ca549b0ee68ef30a1f8513512583f2b4be45508c497daba16da3781facb5dcb1e2b4b5557f8fbf518cb2ed085f07479167d9b380b4ca26142326d2d0bbde7cf5a4af75611223fb01e57c5d5a32cef0ba7328186b15c8069c3eed82a0a812bf103f7fb9828d66e7f4e74ec2365a4c4de43983d6c69361da5b561c34f17c910818818216d6425fd8b6c89b9509e01b8d4870e25a3755fe507f6e6585e483236ccf51d9daf94200a5b4e73edcc51032f305684a2781036887b826650011267c228b057ffb87899d20711e3b006896a01d26daf6edaaff58bf6af73c9e57424cef36a5b280076be81d966175e819816e1c0190c308ad87ccdc1545864e8d664ea88f9cd9c685f28b1ca2391d99430ca7576c3ad40d3259dbb9691dfd69b190b386d62826782296916aa6fad7095539dc765076bc3c9d8a96cfebcf9c5b6c434281f2592883d7ef0ed0feb021aeefe9dbab9cd5eb979468d7961ef77a8eb152dc53c4a8f16b820dcd987cd82fb91b0a5a7b0e4250caf8ac8dc0a66d7a3b57b5d96d6d477eaeb257e6bc2b59fc1bdc3429068a189208451d07c3eeae5d8525254f9aa2c32e1de5366c9ca17bf1f98b5fcef08a13a9e0ce31cfbe7e6a43bd29cf3909b200a43c6ad32730f5766cf1ab7b730e847293b86e18195764c41f5a5074cc527e34c4063e84a141dd21d252fa56cce8a2521e54cca88362849b69b09147e4e19277315d78bcbc53a998ff2b5d48783b19f22d6449b2614400ca6f211fc3bc9e9f4f57580519dbac441e52eec6257ecf74aa7ace638c067140fb686b6c2b1d1b828889cf9fb394b61abd1444f30587b87b5e0b83a25da90467129669da15a9c475f170fa7d225be1b5a30bccb3344491110af97eb500b96f0520504e66d1e60c5dc2f8a54a876cdf4c585b839a5efc6ad446fbff627d7efbe0522bccd6bab11fab398ef31b681908a86b0cb8b8f315090dcbdb9932ae3c08da8ffd92a29d1fdf3009cc2b6e3418c4a6cd2d7a18751c1e4335d76bd0cbae828611aa5e6e3d838b90078969facdf1cf1f005a283b6c0114c3608ffb5b3cd420b043a7b7d51ec39c3a7c2c1796cc4e374ac3772fc1c43aea4adc9fb361e143757a0e991052d96b044198eeb4eee6d3d3623bcad8b8c0e0e379963c02575dd945a381bda9301215b575262b82394caa9cd2b5e381ecda471fab459136566c8faafba10ba2aa41ae1754552590762e7a4b3e84acda76816d16fe49fea35358dbc5ffb20dbc5c67ba1bba38821c15466a5f69dc29a588434737821aff9530e15657aee9b3c7c7dde0efc3fccad2ef714e7cab02011ab5b2664ef496d0225cf2ff370023f9bd0a9547dab2ff375ea70046b9e00a49199dfc182d2180d4c4d8fbf5be312009842ff1e38a65c1e38ac2b688dadc822d879397430da42210ce870290e07e7c867f4d8a06a4d7f17e7431c8d8769ca23c3216a40e4dafe35cfb48668bcca28e80a1fefbceedeaee190a86881139ebe600448bc5e8f076d4515ccd073d389881961b4c84125f183d9c7a86f89fb76776d3b700fdfab808937af82abdaf2e373c6675c9d1bcda96dda309f313c03942facc69ea227dc80982ba6e42d8727b15aea6cb9d32200d6656a204bd2f0420e451a1d3e2db372ec53506e6a81bb8ab5bd24895d1a55ecac00bea9f48c5987114c22da7cd4e955c4dce806c309876b58f416bdb305f76dc3f65914d44b8d4b4db0befadf14f2758e4ac7dec5e616f4bd93159afea830976f019261f4c44da41168ca3a4e32b5bb7d160c1460741b1682c074f044244b6ee4732162b37a00a394b8a353e7363941470b38bb1236ed0b3059934ded036833f577b0eca30612a319acf0899171b191122c259e9d6340b984b96456e810f5178f8003e4c2abed75d39f2aad1874e99d5c0a738f8b75b194ffa0f2da9d5c399343435ab11c478f5f9f1af6c273a04bb06b6359004eb36883a48db0b1f435527bf60f736a85516abd4b6e0875e8b7e1699a3a359fa619775a8a1a1fad2e6f790ac55f1b7403252b78b603f53346f18c409105142400bd76f94132064d8e97b66eab1725ff69aaae4b43a3b1be15d9e7675263e09e5a6207ed367e9c74c15ac6ae19067c89333c9c1d92802d6e1f232bb8c91efae5600a39c892bca546a82c31b1fb49b33b0b856be5d6a2d2205b6a893aa851855721e36d80b5c45473fd4ba3d4614a71233b16928b1bd4eb2d2dbe864a5bf2c40e7c6251f5b52a454388afaa57fd3064c1ca05e0ee71b781dd806c51df59a08cec64ebb9e55dabf71f75c8ef371c73e1c6ac090d1b5f23641444ee31148189130f4775045978872516a2209f1a6f5d040168cfd6f7321482097e42b469d94b25404af934e44564dfcd4e39ede2ed6401ee0f3014edd1e7558fbcfe1af983fd0eae2fde281efc7c6b51d062bf25be7b35b3554cc11b28fdf8a4ffb67436f6c6be1a1cf0d25fa62e007b9147dabdccbc843c614aa40622509bda9274cda3016974e71aeeb741cab7098a88750fc7c977b8ef61b9915b14b587221b9181f68ee340863492e0b4d9fd60953642d85d3101666992af3ebb4164cf2388efb1222f39294709421b502e316fe9c56e45f54bee64b8d2ba16736e8f5483764e6b276e0954d545e52c73bef6a7c601dbcb46428b134066659f4eadf0ffee45af0a2632553ef3fd99143d74f2714127bd22368c3275c6055a281e067910b68853b1a14684fb9164b9795bb0a66b7a2a636a43e9ed3fe7ec387f08736001e84227c739ed60f38d53b0d5148ec4c1f2ebe6815e4cdebe1af5af3db739f33edef21c232a99177b7466cdc06598d9afecda52227a467a31436b87ae1dcdaea3f93382b164f7f25c3a55d8953e2041fdca3a0b7f92f22ced881c46676d45bffa507c14c5a0ccddabc9ace8b2d28d1b0315c9d1f02d1db4d2ba30e2de24689bab866f1dba3ab1219fc0cbaa8c7539ddd9808e4f9dda38abc25c83955fadd04b9f8f0ce1170f1446d3c4c30c72a92013c60cbfb7f066612134505aa1caf316811703308b167397c7d23523d3f64512f264fd39f9837b60b3786a1a90142002501f9f0fbdf77e295040e228575fdd384bbc996632bbaee1ab56c59745a7eb133273fbd67c32c3f476d994c3a62dccb47a8f87b1216ed3bddf37af8650dc2437f2e916d12d0b12e75fedf59ffa08b64e6f09e10f813682779d18e4343dc5027a2ae31e3f8ebc0bb57bca8c3c906bf382ad7be2231165aed8f9e05b6a6ab6671575d1bab84505039000cb0d66346553e9a111cac33b3a741c0280f1066e03dbc085bff2cc3e18f6f3dbceffab0342745279174cde39db76f7455e010b7fb0bec5c5b86bf55bf29f33bd82dd3b3ad71a54e9d627f41cb8d086cd36458e5467875eb735e1ae31be7f49b1a768f33b6694e087264d4618d847750e3174e4629f37a9d225fdeceb1ba2a49a0a71ac35f032617239e4fd45a3336c9e09139c3ecace6c9cdf32d7d15a19a836809caac3b956d1cb0875d7a1b2854f07b73ffa52f4cbbdb468c536bb57a138ecd33538aa8e4126a93400c4035387555d15e35fb8180f2f5f159244c1327d17633e7d9dbd9975a8e5950d81a9d2a5e8e553b6b4aba8ef539495be19ea5b531fcc77341c3f7f453be768bda149a341e24e2bb0ac93fb9f47288003e6e655d38b9776f7ced6d39cb560729a44eeb86f71351f2a7759211022f6624adf8faec379437fa3d9a0add0f0c38ff27764eef4bc21459f23a2a82cda5f4a523cb9bd85be2296d33e3126f4a261cd0fc39e6edc241c7bd85bc16fdf309c0d856af043996914cefd1f70d7c9157352a44d7ab5544e66e68e16fbe3d08df0f146d60454b78a4062dc201ed7fad232a99eeac837cb4aec96db3e65b6dfe7f8ce4900ee255a5d214ceb13f09807be22a192ceca26c854a156fdd55cda90a1363843becb718ce7963f4e4aaf95405aebe88bc4f06014286e28d5c335a8acb82ce17b89c46dc71cb28a275cd2785d59d32c46ef78ce1922476c0d94e863b73814fe49daac6c8a91c043bbaab54a39fe51199f951d78dd70a47bbb3583e95dc7988eb21900ea6ddb3bb15bbad34ca3bd9ed8856c352e77cd599eea0e9017c346c27e48478c788ef5872eabc388f681ddec1a0d9d773dd9884f23ad41321cf77a6254894ddc9562a7f31c26eb9e45c24847d8dbbf46773adeb715da6cd02f9d9ecdef48003009f911c14421c8ee0648ba6428e5538ee4db84b085e13087a636a2182447c0a947718ce2458a16a50aa7570e461451e9259a588e96214da32841e9d4208e7dda6cdb526f12f323c59f3c02db2b2589620eee1af0b9db7d157e01ed3a1ec05d2f1a184aa8fad3998c9c8a77c0a2b91d3c49bccec3f2747a51ae3601b2a862f23719f705f57ca4a823398a507c15c24d2e33b1d7b7b39373b2b4798913e35e50d78a8040af121978cf0992336c96005bfba6c3533ee2760763c2a048435cf27fc7983e34349dab298de543aabf801f91eace6acd1137db4fbf184dba5dfff0f3e34ac9610f36e27414dec267fcfca967f64c06a7b71d83800cae68c8ba92b86b5e19f07e5e6aff8b1aa120512eb066bcff34c61a576067c4610ae097f4b655af0104930e1b93c422578c58986f17e7e63f757b9e08caa15b86743b336483b104a5729ebf278bb592156c3dc53c886df9333ebb3238ed29ef07962d3d0411f139de19892e7dccd9ea5500403496c9099884fa54f4e1743939505c84733609a397329696de0baf067512595c58b345672d28ff7ea85ce341f172b3dac088bfd48dceab1b4816f60e4319030f5571afa84eb0fbb2fe7984e55f117bb1cf14d81fd4c9b2b385dd564f587fb11c83648a3c6b4dd0ba85a04222938d351d58a9095acbfe75603b10dce28099f9169ec3ed950e6cc0cb6decca6c766d62a65ae6af15aa525417326912d866dcb05c07a1300eed99c5d75a1d38698f92ddf7e2df76f7e3357e2a5d490323f0caf2e8cca20243ccdcea9ce221b8d5063f5ef6bafcf855c47b922d7eaa3fb63f9148bc831c4042f78be05155c501f885c1b30b0ba48488ae032c507c865aa617f550408155e975701eb9ae39b46efd61909bb26868ee89b2e00687474a6b9ade3407b382c94a6b9cbcdcff25743cfca99d5443308931c34189f451edcb4", 0x1000) r2 = syz_open_dev$sg(&(0x7f0000000180)='/dev/sg#\x00', 0x7, 0x101200) write(r2, &(0x7f0000000100)="b63db85e1e8d020000000000003ef0011dcc606aed69d2bc7037cebc9bc2feffffff7fffffffe22c9b160096aa1eae1acfbd6cbf3a798a9b02de7a91a3cb1b08917fc0ea9adfa009cf75a7eadb2a00", 0x4f) r3 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer\x00', 0x1e400, 0x0) ioctl$TCSETAW(r3, 0x5407, &(0x7f00000000c0)={0x8000, 0xff, 0x9, 0x1, 0x12, 0x7, 0x5, 0xcc, 0x9, 0x9}) readv(r2, &(0x7f000085dff0)=[{&(0x7f0000000000)=""/62, 0x3e}], 0x1) [ 574.800138] protocol 88fb is buggy, dev hsr_slave_0 [ 574.800142] protocol 88fb is buggy, dev hsr_slave_0 [ 574.806075] devpts: called with bogus options [ 574.847415] audit: type=1400 audit(2000000361.209:2644): avc: denied { map } for pid=20058 comm="blkid" path="/sbin/blkid" dev="sda1" ino=16128 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=0 [ 574.924631] FAULT_INJECTION: forcing a failure. [ 574.924631] name failslab, interval 1, probability 0, space 0, times 0 [ 574.936282] CPU: 1 PID: 20073 Comm: syz-executor.4 Not tainted 4.14.134 #30 [ 574.943389] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 574.952727] Call Trace: [ 574.955299] dump_stack+0x138/0x19c [ 574.958930] should_fail.cold+0x10f/0x159 [ 574.963063] should_failslab+0xdb/0x130 [ 574.967031] kmem_cache_alloc+0x47/0x780 [ 574.971097] radix_tree_node_alloc.constprop.0+0x1c7/0x310 [ 574.976716] __radix_tree_create+0x337/0x4d0 [ 574.981129] page_cache_tree_insert+0xa7/0x2d0 [ 574.985705] ? file_check_and_advance_wb_err+0x380/0x380 [ 574.991279] ? debug_smp_processor_id+0x1c/0x20 [ 574.995956] __add_to_page_cache_locked+0x2ab/0x7e0 [ 575.000971] ? find_lock_entry+0x3f0/0x3f0 [ 575.005203] ? lock_downgrade+0x6e0/0x6e0 [ 575.009348] add_to_page_cache_lru+0xf4/0x310 [ 575.013929] ? add_to_page_cache_locked+0x40/0x40 [ 575.021729] ? __page_cache_alloc+0xdd/0x3e0 [ 575.026139] pagecache_get_page+0x1f5/0x750 [ 575.030459] __getblk_gfp+0x24b/0x710 [ 575.034255] ? lru_add_drain_all+0x18/0x20 [ 575.038500] __bread_gfp+0x2e/0x290 [ 575.042124] btrfs_read_dev_one_super+0x9f/0x270 [ 575.046877] btrfs_read_dev_super+0x5d/0xb0 [ 575.051204] ? btrfs_read_dev_one_super+0x270/0x270 [ 575.056221] btrfs_get_bdev_and_sb+0xdc/0x2e0 [ 575.060731] __btrfs_open_devices+0x194/0xab0 [ 575.065220] ? check_preemption_disabled+0x3c/0x250 [ 575.071128] ? find_device+0x100/0x100 [ 575.075010] ? btrfs_mount+0x1069/0x2b14 [ 575.079067] ? rcu_read_lock_sched_held+0x110/0x130 [ 575.084083] btrfs_open_devices+0xa4/0xb0 [ 575.088230] btrfs_mount+0x11b4/0x2b14 [ 575.092113] ? lock_downgrade+0x6e0/0x6e0 [ 575.096284] ? find_held_lock+0x35/0x130 [ 575.100338] ? pcpu_alloc+0x3af/0x1050 [ 575.104232] ? btrfs_remount+0x11f0/0x11f0 [ 575.108470] ? rcu_read_lock_sched_held+0x110/0x130 [ 575.113497] ? __lockdep_init_map+0x10c/0x570 [ 575.117995] mount_fs+0x97/0x2a1 [ 575.121357] vfs_kern_mount.part.0+0x5e/0x3d0 [ 575.125846] ? find_held_lock+0x35/0x130 [ 575.129906] vfs_kern_mount+0x40/0x60 [ 575.133702] btrfs_mount+0x3ce/0x2b14 [ 575.137491] ? lock_downgrade+0x6e0/0x6e0 [ 575.141632] ? find_held_lock+0x35/0x130 [ 575.145685] ? pcpu_alloc+0x3af/0x1050 [ 575.149593] ? btrfs_remount+0x11f0/0x11f0 [ 575.153828] ? rcu_read_lock_sched_held+0x110/0x130 [ 575.158850] ? __lockdep_init_map+0x10c/0x570 [ 575.163344] ? __lockdep_init_map+0x10c/0x570 [ 575.167857] mount_fs+0x97/0x2a1 [ 575.171240] vfs_kern_mount.part.0+0x5e/0x3d0 [ 575.175731] do_mount+0x417/0x27d0 [ 575.179260] ? copy_mount_options+0x5c/0x2f0 [ 575.183660] ? rcu_read_lock_sched_held+0x110/0x130 [ 575.188672] ? copy_mount_string+0x40/0x40 [ 575.192906] ? copy_mount_options+0x1fe/0x2f0 [ 575.197873] SyS_mount+0xab/0x120 [ 575.201316] ? copy_mnt_ns+0x8c0/0x8c0 [ 575.205200] do_syscall_64+0x1e8/0x640 [ 575.209075] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 575.213918] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 575.219113] RIP: 0033:0x45c27a [ 575.222302] RSP: 002b:00007f4eb8d06a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 575.230004] RAX: ffffffffffffffda RBX: 00007f4eb8d06b40 RCX: 000000000045c27a [ 575.237268] RDX: 00007f4eb8d06ae0 RSI: 0000000020000100 RDI: 00007f4eb8d06b00 [ 575.244534] RBP: 0000000000000001 R08: 00007f4eb8d06b40 R09: 00007f4eb8d06ae0 [ 575.251795] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000006 [ 575.259052] R13: 00000000004c88e2 R14: 00000000004df6b0 R15: 0000000000000005 03:39:23 executing program 2: socketpair$unix(0x1, 0x0, 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="2001000010db550000030031c9cb618d00000000649bdb382db60cdb35feaf0900000000000000000000000000201483d9b227ffff0000d08a"], 0x1}}, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, &(0x7f0000000040)) getpid() ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f0000000080)) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x2b, &(0x7f0000000100)='trustedeth1em0vmnet0#(\'GPLbdevuser.selinux\x00', 0xffffffffffffffff}, 0x30) getpgid(0xffffffffffffffff) ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f00000001c0)) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000200), &(0x7f0000000240)=0xc) gettid() r0 = getpgid(0xffffffffffffffff) prctl$PR_SET_PTRACER(0x59616d61, r0) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x38) ptrace$cont(0x18, r1, 0x0, 0x0) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r1, 0x0, 0x0) 03:39:23 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000280)="11dca50d5e0b77946b9271") r1 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x8046) write(r1, &(0x7f0000000100)="b63db85e1e8d020000000000003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1acfbd6cbf87798a9b02de7a91a3cbdfa009cf75a7eadb2a00", 0x48) readv(r1, &(0x7f000085dff0)=[{&(0x7f0000000000)=""/62, 0x3e}], 0x1) 03:39:23 executing program 3: r0 = socket(0x10, 0x803, 0x0) sendto(r0, &(0x7f0000cfefee)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0x80, &(0x7f0000000380)=[{&(0x7f0000000040)=""/95, 0x5f}, {&(0x7f00000000c0)=""/85, 0x55}, {&(0x7f0000000fc0)=""/4096, 0x1000}, {&(0x7f0000000400)=""/120, 0x78}, {&(0x7f0000000480)=""/60, 0x3c}, {0x0}, {&(0x7f0000000540)=""/154, 0x9a}, {&(0x7f0000000340)=""/22, 0x16}], 0x8, &(0x7f0000002400)=""/191, 0xbf}}], 0x1, 0x0, &(0x7f0000003700)={0x77359400}) 03:39:23 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") r1 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x8046) write(r0, &(0x7f0000000100)="b63db85e1e8d020000000000003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1acfbd6cbf87798a9b02de7a91a3cbdfa009cf75a7eadb2a00", 0xfffffef5) readv(r1, &(0x7f0000001480)=[{&(0x7f0000000000)=""/62, 0x234}], 0x3de) r2 = openat$zero(0xffffffffffffff9c, &(0x7f00000014c0)='/dev/zero\x00', 0x20000, 0x0) ioctl$TIOCSBRK(r2, 0x5427) readv(r0, &(0x7f0000001400)=[{&(0x7f0000000180)=""/4096, 0x1000}, {&(0x7f0000000080)=""/117, 0x75}, {&(0x7f0000001180)=""/101, 0x65}, {&(0x7f0000001200)=""/209, 0xd1}, {&(0x7f0000001300)=""/185, 0xb9}, {&(0x7f00000013c0)=""/38, 0x26}], 0x6) 03:39:23 executing program 0: mkdir(&(0x7f00000000c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000180)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000000)='./file0\x00', 0x0, 0x0, &(0x7f0000000c40)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=./file1,workdir=./file1']) chdir(&(0x7f0000000280)='./file0\x00') mknod$loop(&(0x7f0000000040)='./file0\x00', 0x0, 0x1) 03:39:23 executing program 4 (fault-call:1 fault-nth:76): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f0000000380)="8da4363ac0ed0000000000000000004d01000000000000000000000000000013fff6f2a2299748aeb81e1b00920efd9a000001000000000001000000000000005f42485266535f4d860c1317278d451fd38e4071a1e91c0523b67fecca5b668ef40000000000000000e4bd9fa7c5fcb3aefd8d4a6c4952162a5a06316567de06abe647d21f253840c118ae9982c6c238e719ccfbd8f5ee215e30bf31f59401e921c6a9fca5349ebf4294d39b5931232929caf81701a7540962141efc672ae1459ef04de89c7a092e7f", 0xc9, 0x10000}], 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) [ 577.477808] FAULT_INJECTION: forcing a failure. [ 577.477808] name failslab, interval 1, probability 0, space 0, times 0 [ 577.516741] CPU: 0 PID: 20086 Comm: syz-executor.4 Not tainted 4.14.134 #30 [ 577.523878] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 577.533235] Call Trace: [ 577.535823] dump_stack+0x138/0x19c [ 577.539449] should_fail.cold+0x10f/0x159 [ 577.543593] should_failslab+0xdb/0x130 [ 577.547564] kmem_cache_alloc_trace+0x2e9/0x790 [ 577.552227] ? __kmalloc_node+0x51/0x80 [ 577.556199] btrfs_mount+0x1001/0x2b14 [ 577.560079] ? lock_downgrade+0x6e0/0x6e0 [ 577.564218] ? find_held_lock+0x35/0x130 [ 577.568275] ? pcpu_alloc+0x3af/0x1050 [ 577.572164] ? btrfs_remount+0x11f0/0x11f0 [ 577.576393] ? rcu_read_lock_sched_held+0x110/0x130 [ 577.581413] ? __lockdep_init_map+0x10c/0x570 [ 577.585911] mount_fs+0x97/0x2a1 [ 577.589278] vfs_kern_mount.part.0+0x5e/0x3d0 [ 577.593763] ? find_held_lock+0x35/0x130 [ 577.597844] vfs_kern_mount+0x40/0x60 [ 577.601639] btrfs_mount+0x3ce/0x2b14 [ 577.605439] ? lock_downgrade+0x6e0/0x6e0 [ 577.609577] ? find_held_lock+0x35/0x130 [ 577.613627] ? pcpu_alloc+0x3af/0x1050 [ 577.617512] ? btrfs_remount+0x11f0/0x11f0 [ 577.621742] ? rcu_read_lock_sched_held+0x110/0x130 [ 577.626760] ? __lockdep_init_map+0x10c/0x570 [ 577.631251] ? __lockdep_init_map+0x10c/0x570 [ 577.635742] mount_fs+0x97/0x2a1 [ 577.639105] vfs_kern_mount.part.0+0x5e/0x3d0 [ 577.643605] do_mount+0x417/0x27d0 [ 577.647137] ? copy_mount_options+0x5c/0x2f0 [ 577.651539] ? rcu_read_lock_sched_held+0x110/0x130 [ 577.656557] ? copy_mount_string+0x40/0x40 [ 577.660791] ? copy_mount_options+0x1fe/0x2f0 [ 577.665287] SyS_mount+0xab/0x120 [ 577.668734] ? copy_mnt_ns+0x8c0/0x8c0 [ 577.672617] do_syscall_64+0x1e8/0x640 [ 577.676581] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 577.681420] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 577.686602] RIP: 0033:0x45c27a [ 577.689778] RSP: 002b:00007f4eb8d06a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 577.697480] RAX: ffffffffffffffda RBX: 00007f4eb8d06b40 RCX: 000000000045c27a [ 577.704744] RDX: 00007f4eb8d06ae0 RSI: 0000000020000100 RDI: 00007f4eb8d06b00 [ 577.712021] RBP: 0000000000000001 R08: 00007f4eb8d06b40 R09: 00007f4eb8d06ae0 [ 577.719304] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000006 03:39:23 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000280)="11dca50d5e0b77946b9271") r1 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x8046) write(r1, &(0x7f0000000100)="b63db85e1e8d020000000000003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1acfbd6cbf87798a9b02de7a91a3cbdfa009cf75a7eadb2a00", 0x48) readv(r1, &(0x7f000085dff0)=[{&(0x7f0000000000)=""/62, 0x3e}], 0x1) 03:39:24 executing program 0: mkdir(&(0x7f00000000c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000180)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000000)='./file0\x00', 0x0, 0x0, &(0x7f0000000c40)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=./file1,workdir=./file1']) chdir(&(0x7f0000000280)='./file0\x00') mknod$loop(&(0x7f0000000040)='./file0\x00', 0x0, 0x1) 03:39:24 executing program 3: r0 = socket(0x10, 0x803, 0x0) sendto(r0, &(0x7f0000cfefee)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0x80, &(0x7f0000000380)=[{&(0x7f0000000040)=""/95, 0x5f}, {&(0x7f00000000c0)=""/85, 0x55}, {&(0x7f0000000fc0)=""/4096, 0x1000}, {&(0x7f0000000400)=""/120, 0x78}, {&(0x7f0000000480)=""/60, 0x3c}, {0x0}, {&(0x7f0000000540)=""/154, 0x9a}, {&(0x7f0000000340)=""/22, 0x16}], 0x8, &(0x7f0000002400)=""/191, 0xbf}}], 0x1, 0x0, &(0x7f0000003700)={0x77359400}) 03:39:24 executing program 2: socketpair$unix(0x1, 0x2, 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="2001000010db55000000000000649bdb382db60cdb35feaf0900000000000000000000000000201483d9b22701010000d08a38cd02fa9ed7d2"], 0x1}}, 0x0) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) getsockopt$inet_sctp6_SCTP_PEER_AUTH_CHUNKS(0xffffffffffffffff, 0x84, 0x1a, &(0x7f0000000180)={0x0, 0xb3, "5a703e981fac9435c826abd46e3601aa52815706619935375ba386af2155a67da6d654c8806b26e8c12f70a40f499d0c2036390926f037a213a633391df3016f321742c488d75b26caaa6a18bb537643dbf05d62d2a09e8d2dd96fb221284044b54bca540a272e29ba205749aab957018c32e8985450f060536575a6e83091456a366281f637637050d3bf5757c295c2245e99466ca6812e74812be32202f878bd90399c79e901366de5962d13d33721d2f7b0"}, &(0x7f0000000080)=0xbb) wait4(r0, &(0x7f0000000300), 0x80000000, 0x0) setsockopt$inet_sctp_SCTP_ADD_STREAMS(r2, 0x84, 0x79, &(0x7f0000000100)={r3, 0x8, 0x8}, 0x8) setsockopt$inet6_int(r1, 0x29, 0xc9, &(0x7f0000000240)=0x5, 0x4) setsockopt$inet_sctp_SCTP_MAXSEG(r2, 0x84, 0xd, &(0x7f0000000280)=@assoc_value={r3, 0x3ef0}, 0x8) wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) ioctl$VT_GETMODE(r2, 0x5601, &(0x7f00000002c0)) tkill(r0, 0x38) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r0, 0x0, 0x0) [ 577.726567] R13: 00000000004c88e2 R14: 00000000004df6b0 R15: 0000000000000005 [ 577.734107] net_ratelimit: 13 callbacks suppressed [ 577.734112] protocol 88fb is buggy, dev hsr_slave_0 [ 577.744171] protocol 88fb is buggy, dev hsr_slave_1 03:39:24 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000280)="11dca50d5e0b77946b9271") r1 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x8046) write(r1, &(0x7f0000000100)="b63db85e1e8d020000000000003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1acfbd6cbf87798a9b02de7a91a3cbdfa009cf75a7eadb2a00", 0x48) readv(r1, &(0x7f000085dff0)=[{&(0x7f0000000000)=""/62, 0x3e}], 0x1) 03:39:24 executing program 3: r0 = socket(0x10, 0x803, 0x0) sendto(r0, &(0x7f0000cfefee)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0x80, &(0x7f0000000380)=[{&(0x7f0000000040)=""/95, 0x5f}, {&(0x7f00000000c0)=""/85, 0x55}, {&(0x7f0000000fc0)=""/4096, 0x1000}, {&(0x7f0000000400)=""/120, 0x78}, {&(0x7f0000000480)=""/60, 0x3c}, {0x0}, {&(0x7f0000000540)=""/154, 0x9a}, {&(0x7f0000000340)=""/22, 0x16}], 0x8, &(0x7f0000002400)=""/191, 0xbf}}], 0x1, 0x0, &(0x7f0000003700)={0x77359400}) 03:39:24 executing program 4 (fault-call:1 fault-nth:77): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f0000000380)="8da4363ac0ed0000000000000000004d01000000000000000000000000000013fff6f2a2299748aeb81e1b00920efd9a000001000000000001000000000000005f42485266535f4d860c1317278d451fd38e4071a1e91c0523b67fecca5b668ef40000000000000000e4bd9fa7c5fcb3aefd8d4a6c4952162a5a06316567de06abe647d21f253840c118ae9982c6c238e719ccfbd8f5ee215e30bf31f59401e921c6a9fca5349ebf4294d39b5931232929caf81701a7540962141efc672ae1459ef04de89c7a092e7f", 0xc9, 0x10000}], 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) 03:39:24 executing program 0: mkdir(&(0x7f00000000c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000180)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000000)='./file0\x00', 0x0, 0x0, &(0x7f0000000c40)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=./file1,workdir=./file1']) chdir(&(0x7f0000000280)='./file0\x00') mknod$loop(&(0x7f0000000040)='./file0\x00', 0x0, 0x1) 03:39:24 executing program 5: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) readahead(r0, 0x6, 0x7) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000240)={0x0}, &(0x7f0000000280)=0xc) prctl$PR_SET_PTRACER(0x59616d61, r1) clone(0x802102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) tkill(r2, 0x38) ptrace$cont(0x18, r2, 0x0, 0x81) r3 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/policy\x00', 0x0, 0x0) ioctl$TIOCSPGRP(r3, 0x5410, &(0x7f0000000040)=r1) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x0, 0x135}) ptrace$setsig(0x4203, r1, 0x4, &(0x7f0000000140)={0xc, 0x8, 0xcfc7}) ptrace$setregs(0xd, r2, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r2, 0x0, 0x0) [ 577.906635] FAULT_INJECTION: forcing a failure. [ 577.906635] name failslab, interval 1, probability 0, space 0, times 0 [ 577.919257] CPU: 0 PID: 20123 Comm: syz-executor.4 Not tainted 4.14.134 #30 [ 577.926372] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 577.935762] Call Trace: [ 577.938361] dump_stack+0x138/0x19c [ 577.941990] should_fail.cold+0x10f/0x159 [ 577.946136] should_failslab+0xdb/0x130 [ 577.950111] kmem_cache_alloc+0x2d7/0x780 [ 577.954261] ? save_stack_trace+0x16/0x20 [ 577.958406] ? save_stack+0x45/0xd0 [ 577.962033] ? kasan_kmalloc+0xce/0xf0 [ 577.965924] ? kmem_cache_alloc_trace+0x152/0x790 [ 577.970765] ? btrfs_mount+0x1069/0x2b14 [ 577.974830] ? mount_fs+0x97/0x2a1 [ 577.978354] getname_kernel+0x53/0x350 [ 577.982223] kern_path+0x20/0x40 [ 577.985590] lookup_bdev.part.0+0x63/0x160 [ 577.989805] ? blkdev_open+0x260/0x260 [ 577.993675] ? btrfs_open_devices+0x27/0xb0 [ 577.997978] blkdev_get_by_path+0x76/0xf0 [ 578.002107] btrfs_get_bdev_and_sb+0x38/0x2e0 [ 578.006583] __btrfs_open_devices+0x194/0xab0 [ 578.011059] ? check_preemption_disabled+0x3c/0x250 [ 578.016074] ? find_device+0x100/0x100 [ 578.019946] ? btrfs_mount+0x1069/0x2b14 [ 578.023990] ? rcu_read_lock_sched_held+0x110/0x130 [ 578.028991] btrfs_open_devices+0xa4/0xb0 [ 578.033120] btrfs_mount+0x11b4/0x2b14 [ 578.036987] ? lock_downgrade+0x6e0/0x6e0 [ 578.041113] ? find_held_lock+0x35/0x130 [ 578.045179] ? pcpu_alloc+0x3af/0x1050 [ 578.049069] ? btrfs_remount+0x11f0/0x11f0 [ 578.053291] ? rcu_read_lock_sched_held+0x110/0x130 [ 578.058301] ? __lockdep_init_map+0x10c/0x570 [ 578.062782] mount_fs+0x97/0x2a1 [ 578.066149] vfs_kern_mount.part.0+0x5e/0x3d0 [ 578.070655] ? find_held_lock+0x35/0x130 [ 578.074701] vfs_kern_mount+0x40/0x60 [ 578.078482] btrfs_mount+0x3ce/0x2b14 [ 578.082264] ? lock_downgrade+0x6e0/0x6e0 [ 578.086399] ? find_held_lock+0x35/0x130 [ 578.090451] ? pcpu_alloc+0x3af/0x1050 [ 578.094587] ? btrfs_remount+0x11f0/0x11f0 [ 578.098812] ? rcu_read_lock_sched_held+0x110/0x130 [ 578.103831] ? __lockdep_init_map+0x10c/0x570 [ 578.108308] ? __lockdep_init_map+0x10c/0x570 [ 578.112796] mount_fs+0x97/0x2a1 [ 578.116159] vfs_kern_mount.part.0+0x5e/0x3d0 [ 578.120636] do_mount+0x417/0x27d0 [ 578.124155] ? copy_mount_options+0x5c/0x2f0 [ 578.128547] ? rcu_read_lock_sched_held+0x110/0x130 [ 578.133546] ? copy_mount_string+0x40/0x40 [ 578.137762] ? copy_mount_options+0x1fe/0x2f0 [ 578.142239] SyS_mount+0xab/0x120 [ 578.145671] ? copy_mnt_ns+0x8c0/0x8c0 [ 578.149545] do_syscall_64+0x1e8/0x640 [ 578.153414] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 578.158241] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 578.163415] RIP: 0033:0x45c27a [ 578.166586] RSP: 002b:00007f4eb8d06a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 578.174288] RAX: ffffffffffffffda RBX: 00007f4eb8d06b40 RCX: 000000000045c27a [ 578.181555] RDX: 00007f4eb8d06ae0 RSI: 0000000020000100 RDI: 00007f4eb8d06b00 [ 578.188808] RBP: 0000000000000001 R08: 00007f4eb8d06b40 R09: 00007f4eb8d06ae0 [ 578.196080] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000006 [ 578.203335] R13: 00000000004c88e2 R14: 00000000004df6b0 R15: 0000000000000005 03:39:24 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") syz_mount_image$ceph(&(0x7f0000000400)='ceph\x00', &(0x7f0000000440)='./file0\x00', 0x5, 0x2, &(0x7f00000005c0)=[{&(0x7f0000000480)="cf779b8546903da2a60ff585beb7aff654554a731cecaeb10cbc4c404ab94ac742789fd45f06d2990ff0d97305dba5e1a5bef2c823f11a0cdbb076811cb5c2877a4ecec2fa7712451b152f7d3042856759aaa6c8b5c9d92dd40b2a027b4a2f764a48c733a01b2a724b23576d8d67be82a441fd12ed4e390b40e76e60d269fcb10eeea0a0bb29a577b6875611193e972a28ec0a3e4a42119d615406b45da4ebfb82b486a0ef267686961daf16091512899cf90b520d6ce0441853e32d0b1bce5710d347efe3f31b43d6d06d0fe4f9f92c64d6d53d669c8759c30ba8848f5188", 0xdf, 0xff}, {&(0x7f0000000580)="7a21214e1eac8ca232864473d8387a7f7d47ea9c4d1a873ba5be72bd04dd3dc928985b1fa16fa567100a894b89ded45d6f1c9d89ea7e4c81dc730f09aa42", 0x3e, 0xcf}], 0x800, &(0x7f0000000600)='vmnet0/\x00') fcntl$F_GET_RW_HINT(r0, 0x40b, &(0x7f0000000180)) r1 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x8046) r2 = openat$full(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/full\x00', 0x40, 0x0) r3 = getpgrp(0xffffffffffffffff) ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r2, 0xc1105517, &(0x7f0000000240)={{0x3, 0x1, 0x2, 0x73, 'syz1\x00', 0x1}, 0x0, 0x1000000b, 0xffffffffffffffff, r3, 0x5, 0x0, 'syz1\x00', &(0x7f0000000200)=['/dev/full\x00', '#selinux(user[\x00', '/dev/sg#\x00', 'vmnet0/\x00', '/dev/full\x00'], 0x34, [], [0xffff, 0x0, 0x15be, 0x29]}) r4 = openat$full(0xffffffffffffff9c, &(0x7f0000000080)='/dev/full\x00', 0x20000, 0x0) setsockopt$l2tp_PPPOL2TP_SO_RECVSEQ(r2, 0x111, 0x2, 0x0, 0x4) ioctl$sock_kcm_SIOCKCMCLONE(r4, 0x89e2, &(0x7f00000000c0)={r0}) sendto$netrom(r4, &(0x7f0000000640)="906b", 0x2, 0x4000, 0x0, 0x0) write(r1, &(0x7f0000000100)="b63db85e1e8d020000000000003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1acfbd6cbf87798a9b02de7a91a3cbdfa009cf75a7eadb2a00", 0x48) r5 = semget$private(0x0, 0x7, 0x40) semctl$SEM_INFO(r5, 0x0, 0x13, &(0x7f0000000380)=""/86) readv(r1, &(0x7f000085dff0)=[{&(0x7f0000000000)=""/62, 0x3e}], 0x1) 03:39:24 executing program 3: r0 = socket(0x10, 0x803, 0x0) sendto(r0, &(0x7f0000cfefee)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0x80, &(0x7f0000000380)=[{&(0x7f0000000040)=""/95, 0x5f}, {&(0x7f00000000c0)=""/85, 0x55}, {&(0x7f0000000fc0)=""/4096, 0x1000}, {&(0x7f0000000400)=""/120, 0x78}, {&(0x7f0000000200)=""/77, 0x4d}, {&(0x7f0000000540)=""/154, 0x9a}, {&(0x7f0000000340)=""/22, 0x16}], 0x7, &(0x7f0000002400)=""/191, 0xbf}}], 0x1, 0x0, &(0x7f0000003700)={0x77359400}) 03:39:24 executing program 0: mkdir(&(0x7f00000000c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000180)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000000)='./file0\x00', &(0x7f0000000300)='overlay\x00', 0x0, 0x0) chdir(&(0x7f0000000280)='./file0\x00') mknod$loop(&(0x7f0000000040)='./file0\x00', 0x0, 0x1) 03:39:24 executing program 5: r0 = socket$netlink(0x10, 0x3, 0xf) recvmmsg(r0, &(0x7f0000002d80)=[{{&(0x7f0000000000)=@alg, 0x80, &(0x7f0000000100)=[{&(0x7f0000001480)=""/4096, 0xffffffba}, {&(0x7f0000000240)=""/147, 0x93}], 0x2, &(0x7f0000002740)=""/218, 0xda}}], 0x1, 0x0, &(0x7f0000002e40)={0x77359400}) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000001080)={'veth1_to_hsr\x00', 0x0}) lstat(&(0x7f00000010c0)='./file0\x00', &(0x7f0000001100)={0x0, 0x0, 0x0, 0x0, 0x0}) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000001180)={{{@in6=@dev={0xfe, 0x80, [], 0x1f}, @in=@multicast1, 0x4e22, 0x7fffffff, 0x4e23, 0x1, 0x2, 0x20, 0x20, 0x3f, r1, r2}, {0x10000, 0x80, 0x572b, 0x4, 0x2, 0x8, 0x1, 0xfffffffffffffffa}, {0xd4, 0x122, 0x8}, 0x6, 0x0, 0x0, 0x1, 0x3, 0x3}, {{@in6=@remote, 0x4d2, 0xff}, 0xa, @in6=@empty, 0x3503, 0x0, 0x0, 0x3, 0x3ff, 0x7, 0x5}}, 0xe8) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000780)=ANY=[@ANYBLOB="14000000420005010000000000000000000000003394a9579408bff65fef290887108aa94b29bea838be5c2864647528d1702ff5c494067880f3ae626869360cf9b3931865e9b7d13ca807a6cf00008c93aac26b877df9133a92b0cb4659dbfce68b05aeaebb19658367f39430aea28c843ed17a4f520a23868a29fe08540fe08c680fdfcb085943c5ca2561118e33848368a1dd8c66cb5cb908ae72dd214f7e0efa88b71975ebf948a1ef60332a638064d4bd6a81af6a52a2404daf425705c1e3d6c693686851ad9a12e6f3cf5edb8b20e04c7196e22b97381f7f5cb4b9c1b3b57fba0bfa76e5a3a45b6ce232790718d4fffc1b620954ffd1531223e77aa143e9cd313a50270d34c146755cdc630b8be440f205ad24325f38b7938de75f45f5e884cc914f68f188efef12dc61c8cb9aa2af13ff0fb82f80a94d6e3e828fbd8f20614a479400fcda717edb93b8ebec4aed145fdce7e5f1fd96d6c7aa788b2eae11c009729b9db2bb700c6ca16fed6670736878a65adb5fd1a639ea1b182e04699fa6abebbd48b2f4474ff310b4ebf436bc7068c124b75b617855d0ee923badaf958b438edc90a8971274650a2437c6bb407ce84c5953f87339dce1c52032c1986a0b56740e84a05c7cb7eea7251c2ab8d6b7e3d460b47bf351dcd593efa4284ef8a4bb967aa6235b77cddc35ed924af4bdb0ad5910d42f41c048b3752069713daf0281d1f8bebc"], 0x14}}, 0x0) r3 = openat$selinux_checkreqprot(0xffffffffffffff9c, &(0x7f0000000080)='/selinux/checkreqprot\x00', 0x10000, 0x0) r4 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ubi_ctrl\x00', 0x1, 0x0) ioctl$VIDIOC_PREPARE_BUF(r3, 0xc058565d, &(0x7f0000000180)={0x400, 0xb, 0x4, 0x0, {0x0, 0x7530}, {0x4, 0xa, 0xc0a, 0x9, 0xfffffffffffff001, 0x3, "8476db4d"}, 0x1, 0x3, @planes=&(0x7f0000000140)={0x0, 0x0, @fd=r4, 0x52}, 0x4}) 03:39:24 executing program 4 (fault-call:1 fault-nth:78): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f0000000380)="8da4363ac0ed0000000000000000004d01000000000000000000000000000013fff6f2a2299748aeb81e1b00920efd9a000001000000000001000000000000005f42485266535f4d860c1317278d451fd38e4071a1e91c0523b67fecca5b668ef40000000000000000e4bd9fa7c5fcb3aefd8d4a6c4952162a5a06316567de06abe647d21f253840c118ae9982c6c238e719ccfbd8f5ee215e30bf31f59401e921c6a9fca5349ebf4294d39b5931232929caf81701a7540962141efc672ae1459ef04de89c7a092e7f", 0xc9, 0x10000}], 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) [ 578.308540] FAULT_INJECTION: forcing a failure. [ 578.308540] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 578.320500] CPU: 0 PID: 20139 Comm: syz-executor.4 Not tainted 4.14.134 #30 [ 578.327602] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 578.336951] Call Trace: [ 578.339547] dump_stack+0x138/0x19c [ 578.339568] should_fail.cold+0x10f/0x159 [ 578.339586] __alloc_pages_nodemask+0x1d6/0x7a0 [ 578.339606] ? __alloc_pages_slowpath+0x2930/0x2930 [ 578.344702] sg_write: data in/out 167162/24 bytes for SCSI command 0xff-- guessing data in; [ 578.344702] program syz-executor.1 not setting count and/or reply_len properly [ 578.347378] cache_grow_begin+0x80/0x400 [ 578.347394] kmem_cache_alloc+0x6a6/0x780 [ 578.347404] ? save_stack_trace+0x16/0x20 [ 578.347411] ? save_stack+0x45/0xd0 [ 578.347422] ? kmem_cache_alloc_trace+0x152/0x790 [ 578.347435] getname_kernel+0x53/0x350 [ 578.357124] kern_path+0x20/0x40 [ 578.357136] lookup_bdev.part.0+0x63/0x160 [ 578.357146] ? blkdev_open+0x260/0x260 03:39:24 executing program 0: mkdir(&(0x7f00000000c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000180)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000000)='./file0\x00', &(0x7f0000000300)='overlay\x00', 0x0, 0x0) chdir(&(0x7f0000000280)='./file0\x00') mknod$loop(&(0x7f0000000040)='./file0\x00', 0x0, 0x1) [ 578.357159] ? btrfs_open_devices+0x27/0xb0 [ 578.357172] blkdev_get_by_path+0x76/0xf0 [ 578.357184] btrfs_get_bdev_and_sb+0x38/0x2e0 [ 578.357198] __btrfs_open_devices+0x194/0xab0 [ 578.357215] ? check_preemption_disabled+0x3c/0x250 [ 578.407003] overlayfs: missing 'lowerdir' [ 578.409262] ? find_device+0x100/0x100 [ 578.409274] ? btrfs_mount+0x1069/0x2b14 [ 578.409287] ? rcu_read_lock_sched_held+0x110/0x130 [ 578.409304] btrfs_open_devices+0xa4/0xb0 [ 578.409317] btrfs_mount+0x11b4/0x2b14 [ 578.409331] ? lock_downgrade+0x6e0/0x6e0 [ 578.435971] ? find_held_lock+0x35/0x130 [ 578.435984] ? pcpu_alloc+0x3af/0x1050 [ 578.436002] ? btrfs_remount+0x11f0/0x11f0 [ 578.436018] ? rcu_read_lock_sched_held+0x110/0x130 [ 578.443957] ? __lockdep_init_map+0x10c/0x570 [ 578.443978] mount_fs+0x97/0x2a1 [ 578.443993] vfs_kern_mount.part.0+0x5e/0x3d0 [ 578.444002] ? find_held_lock+0x35/0x130 [ 578.444015] vfs_kern_mount+0x40/0x60 [ 578.466658] overlayfs: missing 'lowerdir' [ 578.469090] btrfs_mount+0x3ce/0x2b14 [ 578.469104] ? lock_downgrade+0x6e0/0x6e0 [ 578.469113] ? find_held_lock+0x35/0x130 [ 578.469123] ? pcpu_alloc+0x3af/0x1050 [ 578.469141] ? btrfs_remount+0x11f0/0x11f0 [ 578.469157] ? rcu_read_lock_sched_held+0x110/0x130 [ 578.469177] ? __lockdep_init_map+0x10c/0x570 [ 578.532227] ? __lockdep_init_map+0x10c/0x570 [ 578.536709] mount_fs+0x97/0x2a1 [ 578.540069] vfs_kern_mount.part.0+0x5e/0x3d0 [ 578.544547] do_mount+0x417/0x27d0 [ 578.548067] ? copy_mount_options+0x5c/0x2f0 [ 578.552459] ? rcu_read_lock_sched_held+0x110/0x130 [ 578.557467] ? copy_mount_string+0x40/0x40 [ 578.561702] ? copy_mount_options+0x1fe/0x2f0 [ 578.566196] SyS_mount+0xab/0x120 [ 578.569629] ? copy_mnt_ns+0x8c0/0x8c0 [ 578.573518] do_syscall_64+0x1e8/0x640 [ 578.577392] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 578.582231] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 578.587413] RIP: 0033:0x45c27a [ 578.590581] RSP: 002b:00007f4eb8d06a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 578.598269] RAX: ffffffffffffffda RBX: 00007f4eb8d06b40 RCX: 000000000045c27a [ 578.605526] RDX: 00007f4eb8d06ae0 RSI: 0000000020000100 RDI: 00007f4eb8d06b00 [ 578.612789] RBP: 0000000000000001 R08: 00007f4eb8d06b40 R09: 00007f4eb8d06ae0 [ 578.620048] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000006 [ 578.627309] R13: 00000000004c88e2 R14: 00000000004df6b0 R15: 0000000000000005 [ 578.655530] sg_write: data in/out 167162/24 bytes for SCSI command 0xff-- guessing data in; [ 578.655530] program syz-executor.1 not setting count and/or reply_len properly [ 578.960137] protocol 88fb is buggy, dev hsr_slave_0 [ 578.960141] protocol 88fb is buggy, dev hsr_slave_0 [ 578.960196] protocol 88fb is buggy, dev hsr_slave_1 [ 578.965244] protocol 88fb is buggy, dev hsr_slave_1 [ 578.980361] protocol 88fb is buggy, dev hsr_slave_0 [ 578.985488] protocol 88fb is buggy, dev hsr_slave_1 [ 579.040140] protocol 88fb is buggy, dev hsr_slave_1 [ 579.760167] protocol 88fb is buggy, dev hsr_slave_0 03:39:27 executing program 2: socketpair$unix(0x1, 0x0, 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="2001000010db55000000000000649bdb382db60cdb35feaf0900000000000000000000000000201483d9b22701010000d08a38cd02fa9ed7d2"], 0x1}}, 0x0) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() r1 = openat$audio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/audio\x00', 0x101000, 0x0) write$P9_RGETLOCK(r1, &(0x7f0000000080)={0x20, 0x37, 0x1, {0x3, 0x3, 0x9, r0, 0x2, 'lo'}}, 0x20) wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x38) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r0, 0x0, 0x0) 03:39:27 executing program 0: mkdir(&(0x7f00000000c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000180)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000000)='./file0\x00', &(0x7f0000000300)='overlay\x00', 0x0, 0x0) chdir(&(0x7f0000000280)='./file0\x00') mknod$loop(&(0x7f0000000040)='./file0\x00', 0x0, 0x1) 03:39:27 executing program 3: r0 = socket(0x10, 0x803, 0x0) sendto(r0, &(0x7f0000cfefee)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0x80, &(0x7f0000000380)=[{&(0x7f0000000040)=""/95, 0x5f}, {&(0x7f00000000c0)=""/85, 0x55}, {&(0x7f0000000fc0)=""/4096, 0x1000}, {&(0x7f0000000400)=""/120, 0x78}, {&(0x7f0000000200)=""/77, 0x4d}, {&(0x7f0000000540)=""/154, 0x9a}, {&(0x7f0000000340)=""/22, 0x16}], 0x7, &(0x7f0000002400)=""/191, 0xbf}}], 0x1, 0x0, &(0x7f0000003700)={0x77359400}) 03:39:27 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") r1 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x8046) write(r1, &(0x7f0000000100)="b63db85e1e8d020000000000003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1acfbd6cbf87798a9b02de7a91a3cbdfa009cf75a7eadb2a00", 0x48) r2 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000080)='/proc/self/net/pfkey\x00', 0x80000, 0x0) setsockopt$bt_l2cap_L2CAP_LM(r2, 0x6, 0x3, &(0x7f00000000c0)=0x8, 0x4) readv(r1, &(0x7f000085dff0)=[{&(0x7f0000000000)=""/62, 0x3e}], 0x1) 03:39:27 executing program 4 (fault-call:1 fault-nth:79): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f0000000380)="8da4363ac0ed0000000000000000004d01000000000000000000000000000013fff6f2a2299748aeb81e1b00920efd9a000001000000000001000000000000005f42485266535f4d860c1317278d451fd38e4071a1e91c0523b67fecca5b668ef40000000000000000e4bd9fa7c5fcb3aefd8d4a6c4952162a5a06316567de06abe647d21f253840c118ae9982c6c238e719ccfbd8f5ee215e30bf31f59401e921c6a9fca5349ebf4294d39b5931232929caf81701a7540962141efc672ae1459ef04de89c7a092e7f", 0xc9, 0x10000}], 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) 03:39:27 executing program 5: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) r1 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000280)='/dev/mixer\x00', 0x10c00, 0x0) ioctl$CAPI_CLR_FLAGS(r1, 0x80044325, &(0x7f00000002c0)) getsockopt$bt_BT_POWER(r0, 0x112, 0x4, 0x0, &(0x7f0000000040)) r2 = openat$null(0xffffffffffffff9c, &(0x7f0000000000)='/dev/null\x00', 0x800, 0x0) getsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f0000000080)={{{@in=@local, @in6=@remote, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@mcast1}, 0x0, @in6=@dev}}, &(0x7f0000000180)=0xe8) r4 = getgid() write$FUSE_CREATE_OPEN(r2, &(0x7f00000001c0)={0xa0, 0x0, 0x1, {{0x4, 0x1, 0x9e, 0x4, 0xffff, 0x7, {0x6, 0x8, 0x0, 0x80000000, 0x8, 0x100000000, 0x9, 0x4, 0xb0, 0x3, 0xa8d, r3, r4, 0x9, 0x6e79}}, {0x0, 0x1c}}}, 0xa0) 03:39:27 executing program 5: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000280)='cpuacct.u{age_pEo\xfa\xa8\xd8.\a\x00\x00\x00\x00\x00\x00\x00\x92X\x9a\x18`', 0x0, 0x0) openat$cgroup(0xffffffffffffffff, 0x0, 0x200002, 0x0) getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(0xffffffffffffffff, 0x84, 0x6d, 0x0, 0x0) r1 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x2, 0x2) pread64(r1, &(0x7f0000000080)=""/235, 0xeb, 0x1600000000000000) syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) pwrite64(r0, &(0x7f00000004c0), 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) [ 580.820418] overlayfs: missing 'lowerdir' [ 580.824877] sg_write: data in/out 167162/24 bytes for SCSI command 0xff-- guessing data in; [ 580.824877] program syz-executor.1 not setting count and/or reply_len properly [ 580.855659] kauditd_printk_skb: 27 callbacks suppressed 03:39:27 executing program 0: mkdir(&(0x7f00000000c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000180)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000000)='./file0\x00', &(0x7f0000000300)='overlay\x00', 0x0, &(0x7f0000000c40)=ANY=[]) chdir(&(0x7f0000000280)='./file0\x00') mknod$loop(&(0x7f0000000040)='./file0\x00', 0x0, 0x1) 03:39:27 executing program 1: r0 = openat$proc_capi20(0xffffffffffffff9c, &(0x7f0000000080)='/proc/capi/capi20\x00', 0x80, 0x0) ioctl$sock_inet_SIOCSIFNETMASK(r0, 0x891c, &(0x7f00000000c0)={'rose0\x00', {0x2, 0x4e24, @empty}}) r1 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$TIPC_GROUP_JOIN(r0, 0x10f, 0x87, &(0x7f0000000180)={0x43, 0x4, 0x2}, 0x10) ioctl(r1, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") r2 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x8046) socket$nl_route(0x10, 0x3, 0x0) write(r2, &(0x7f0000000100)="b63db85e1e8d020000000000003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1acfbd6cbf87798a9b02de7a91a3cbdfa009cf75a7eadb2a00", 0x48) readv(r2, &(0x7f000085dff0)=[{&(0x7f0000000000)=""/62, 0x3e}], 0x1) 03:39:27 executing program 3: r0 = socket(0x10, 0x803, 0x0) sendto(r0, &(0x7f0000cfefee)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0x80, &(0x7f0000000380)=[{&(0x7f0000000040)=""/95, 0x5f}, {&(0x7f00000000c0)=""/85, 0x55}, {&(0x7f0000000fc0)=""/4096, 0x1000}, {&(0x7f0000000400)=""/120, 0x78}, {&(0x7f0000000200)=""/77, 0x4d}, {&(0x7f0000000540)=""/154, 0x9a}, {&(0x7f0000000340)=""/22, 0x16}], 0x7, &(0x7f0000002400)=""/191, 0xbf}}], 0x1, 0x0, &(0x7f0000003700)={0x77359400}) [ 580.855667] audit: type=1400 audit(2000000367.249:2672): avc: denied { map } for pid=20169 comm="blkid" path="/sbin/blkid" dev="sda1" ino=16128 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=0 [ 580.888019] FAULT_INJECTION: forcing a failure. [ 580.888019] name failslab, interval 1, probability 0, space 0, times 0 [ 580.929702] CPU: 1 PID: 20175 Comm: syz-executor.4 Not tainted 4.14.134 #30 [ 580.932095] audit: type=1400 audit(2000000367.259:2673): avc: denied { map } for pid=20182 comm="blkid" path="/sbin/blkid" dev="sda1" ino=16128 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=0 [ 580.936845] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 580.936851] Call Trace: [ 580.936870] dump_stack+0x138/0x19c [ 580.936890] should_fail.cold+0x10f/0x159 [ 580.936908] should_failslab+0xdb/0x130 [ 580.959163] audit: type=1400 audit(2000000367.319:2674): avc: denied { map } for pid=20186 comm="blkid" path="/sbin/blkid" dev="sda1" ino=16128 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=0 [ 580.968292] kmem_cache_alloc+0x2d7/0x780 [ 580.968305] ? add_to_page_cache_lru+0x159/0x310 [ 580.968317] ? add_to_page_cache_locked+0x40/0x40 [ 580.968332] alloc_buffer_head+0x24/0xe0 [ 580.968343] alloc_page_buffers+0xb7/0x200 [ 580.968356] __getblk_gfp+0x342/0x710 03:39:27 executing program 3: r0 = socket(0x10, 0x803, 0x0) sendto(r0, &(0x7f0000cfefee)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0x80, &(0x7f0000000380)=[{&(0x7f0000000040)=""/95, 0x5f}, {&(0x7f00000000c0)=""/85, 0x55}, {&(0x7f0000000fc0)=""/4096, 0x1000}, {&(0x7f0000000400)=""/120, 0x78}, {0x0}, {&(0x7f0000000200)=""/77, 0x4d}, {&(0x7f0000000540)=""/154, 0x9a}, {&(0x7f0000000340)=""/22, 0x16}], 0x8, &(0x7f0000002400)=""/191, 0xbf}}], 0x1, 0x0, &(0x7f0000003700)={0x77359400}) 03:39:27 executing program 0: mkdir(&(0x7f00000000c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000180)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000000)='./file0\x00', &(0x7f0000000300)='overlay\x00', 0x0, &(0x7f0000000c40)=ANY=[]) chdir(&(0x7f0000000280)='./file0\x00') mknod$loop(&(0x7f0000000040)='./file0\x00', 0x0, 0x1) [ 580.968367] ? lru_add_drain_all+0x18/0x20 [ 580.968384] __bread_gfp+0x2e/0x290 [ 580.968405] btrfs_read_dev_one_super+0x9f/0x270 [ 580.973399] audit: type=1400 audit(2000000367.319:2675): avc: denied { map } for pid=20188 comm="blkid" path="/sbin/blkid" dev="sda1" ino=16128 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=0 [ 580.974590] btrfs_read_dev_super+0x5d/0xb0 [ 580.974603] ? btrfs_read_dev_one_super+0x270/0x270 [ 580.974619] btrfs_get_bdev_and_sb+0xdc/0x2e0 [ 580.974632] __btrfs_open_devices+0x194/0xab0 [ 580.974645] ? check_preemption_disabled+0x3c/0x250 [ 580.974659] ? find_device+0x100/0x100 [ 581.008227] overlayfs: missing 'lowerdir' [ 581.008912] ? btrfs_mount+0x1069/0x2b14 [ 581.008926] ? rcu_read_lock_sched_held+0x110/0x130 [ 581.008943] btrfs_open_devices+0xa4/0xb0 [ 581.030569] btrfs_mount+0x11b4/0x2b14 [ 581.030582] ? lock_downgrade+0x6e0/0x6e0 [ 581.030590] ? find_held_lock+0x35/0x130 [ 581.030600] ? pcpu_alloc+0x3af/0x1050 [ 581.030619] ? btrfs_remount+0x11f0/0x11f0 [ 581.030635] ? rcu_read_lock_sched_held+0x110/0x130 [ 581.030656] ? __lockdep_init_map+0x10c/0x570 [ 581.030673] mount_fs+0x97/0x2a1 [ 581.038528] vfs_kern_mount.part.0+0x5e/0x3d0 [ 581.038542] ? find_held_lock+0x35/0x130 [ 581.071911] audit: type=1400 audit(2000000367.469:2676): avc: denied { map } for pid=20197 comm="blkid" path="/sbin/blkid" dev="sda1" ino=16128 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=0 [ 581.075349] vfs_kern_mount+0x40/0x60 [ 581.075366] btrfs_mount+0x3ce/0x2b14 [ 581.075378] ? lock_downgrade+0x6e0/0x6e0 [ 581.075404] ? btrfs_remount+0x11f0/0x11f0 [ 581.087014] overlayfs: missing 'lowerdir' [ 581.089416] ? rcu_read_lock_sched_held+0x110/0x130 [ 581.089440] ? __lockdep_init_map+0x10c/0x570 [ 581.089453] ? __lockdep_init_map+0x10c/0x570 [ 581.118664] mount_fs+0x97/0x2a1 [ 581.126593] vfs_kern_mount.part.0+0x5e/0x3d0 [ 581.150614] audit: type=1400 audit(2000000367.549:2677): avc: denied { map } for pid=20200 comm="blkid" path="/sbin/blkid" dev="sda1" ino=16128 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=0 [ 581.152169] do_mount+0x417/0x27d0 [ 581.152181] ? copy_mount_options+0x5c/0x2f0 [ 581.152193] ? rcu_read_lock_sched_held+0x110/0x130 [ 581.152206] ? copy_mount_string+0x40/0x40 [ 581.206966] sg_write: data in/out 167162/24 bytes for SCSI command 0xff-- guessing data in; [ 581.206966] program syz-executor.1 not setting count and/or reply_len properly [ 581.208782] ? copy_mount_options+0x1fe/0x2f0 [ 581.208801] SyS_mount+0xab/0x120 [ 581.216927] sg_write: data in/out 167162/24 bytes for SCSI command 0xff-- guessing data in; [ 581.216927] program syz-executor.1 not setting count and/or reply_len properly [ 581.243033] ? copy_mnt_ns+0x8c0/0x8c0 [ 581.243049] do_syscall_64+0x1e8/0x640 [ 581.243059] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 581.243074] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 581.243082] RIP: 0033:0x45c27a [ 581.243087] RSP: 002b:00007f4eb8d06a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 581.243097] RAX: ffffffffffffffda RBX: 00007f4eb8d06b40 RCX: 000000000045c27a [ 581.243103] RDX: 00007f4eb8d06ae0 RSI: 0000000020000100 RDI: 00007f4eb8d06b00 [ 581.243109] RBP: 0000000000000001 R08: 00007f4eb8d06b40 R09: 00007f4eb8d06ae0 [ 581.243114] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000006 [ 581.243119] R13: 00000000004c88e2 R14: 00000000004df6b0 R15: 0000000000000005 [ 581.386167] audit: type=1400 audit(2000000367.779:2678): avc: denied { map } for pid=20204 comm="blkid" path="/sbin/blkid" dev="sda1" ino=16128 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=0 [ 581.455056] audit: type=1400 audit(2000000367.849:2679): avc: denied { map } for pid=20205 comm="blkid" path="/sbin/blkid" dev="sda1" ino=16128 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=0 [ 581.477267] audit: type=1400 audit(2000000367.849:2680): avc: denied { map } for pid=20206 comm="blkid" path="/sbin/blkid" dev="sda1" ino=16128 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=0 [ 583.120168] net_ratelimit: 10 callbacks suppressed [ 583.125158] protocol 88fb is buggy, dev hsr_slave_0 [ 583.130263] protocol 88fb is buggy, dev hsr_slave_1 [ 583.280116] protocol 88fb is buggy, dev hsr_slave_1 [ 583.285231] protocol 88fb is buggy, dev hsr_slave_0 [ 583.290286] protocol 88fb is buggy, dev hsr_slave_1 [ 583.295359] protocol 88fb is buggy, dev hsr_slave_0 [ 583.300410] protocol 88fb is buggy, dev hsr_slave_1 03:39:30 executing program 2: socketpair$unix(0x1, 0x0, 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="2001000010db55000000000000649bdb382db60cdb35feaf0900000000000000000000000000201483d9b22701010000d08a38cd02fa9ed7d2"], 0x1}}, 0x0) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0xffffffffffffffff) tkill(r0, 0x38) ptrace$cont(0x218, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r0, 0x0, 0x0) 03:39:30 executing program 0: mkdir(&(0x7f00000000c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000180)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000000)='./file0\x00', &(0x7f0000000300)='overlay\x00', 0x0, &(0x7f0000000c40)=ANY=[]) chdir(&(0x7f0000000280)='./file0\x00') mknod$loop(&(0x7f0000000040)='./file0\x00', 0x0, 0x1) 03:39:30 executing program 3: r0 = socket(0x10, 0x803, 0x0) sendto(r0, &(0x7f0000cfefee)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0x80, &(0x7f0000000380)=[{&(0x7f0000000040)=""/95, 0x5f}, {&(0x7f00000000c0)=""/85, 0x55}, {&(0x7f0000000fc0)=""/4096, 0x1000}, {&(0x7f0000000400)=""/120, 0x78}, {0x0}, {&(0x7f0000000200)=""/77, 0x4d}, {&(0x7f0000000540)=""/154, 0x9a}, {&(0x7f0000000340)=""/22, 0x16}], 0x8, &(0x7f0000002400)=""/191, 0xbf}}], 0x1, 0x0, &(0x7f0000003700)={0x77359400}) 03:39:30 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000480)=0x100000001, 0x4) connect$inet6(r0, &(0x7f0000000040), 0x1c) r1 = dup2(r0, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000000440), 0x2000021c) sendmsg$unix(r1, &(0x7f0000000b80)={&(0x7f0000000100)=@abs, 0x6e, 0x0}, 0x20008004) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) read(r2, &(0x7f0000000ac0)=""/11, 0x1) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000200)) clone(0x3502001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @mcast2}, 0x1c) r3 = dup2(r2, r0) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0) ioctl$sock_ifreq(r3, 0x0, 0x0) 03:39:30 executing program 1: r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) ioctl$EXT4_IOC_SWAP_BOOT(r0, 0x6611) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") ioctl$sock_proto_private(r0, 0x89e6, &(0x7f0000000080)="8201a673366dd5cb3e1c898b81d18242b2b568807fa194a5569162cc8f7043a8c6329b1aa0952b2f8b16da1088c0299254e3f50cd4c7ee2fe64a3d05fac9da2e9099507ab05c0b4b9d") r2 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x8046) write(r2, &(0x7f0000000100)="b63db85e1e8d020000000000003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1acfbd6cbf87798a9b02de7a91a3cbdfa009cf75a7eadb2a00", 0x48) readv(r2, &(0x7f000085dff0)=[{&(0x7f0000000000)=""/62, 0x3e}], 0x1) 03:39:30 executing program 4 (fault-call:1 fault-nth:80): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f0000000380)="8da4363ac0ed0000000000000000004d01000000000000000000000000000013fff6f2a2299748aeb81e1b00920efd9a000001000000000001000000000000005f42485266535f4d860c1317278d451fd38e4071a1e91c0523b67fecca5b668ef40000000000000000e4bd9fa7c5fcb3aefd8d4a6c4952162a5a06316567de06abe647d21f253840c118ae9982c6c238e719ccfbd8f5ee215e30bf31f59401e921c6a9fca5349ebf4294d39b5931232929caf81701a7540962141efc672ae1459ef04de89c7a092e7f", 0xc9, 0x10000}], 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) 03:39:30 executing program 3: r0 = socket(0x10, 0x803, 0x0) sendto(r0, &(0x7f0000cfefee)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0x80, &(0x7f0000000380)=[{&(0x7f0000000040)=""/95, 0x5f}, {&(0x7f00000000c0)=""/85, 0x55}, {&(0x7f0000000fc0)=""/4096, 0x1000}, {&(0x7f0000000400)=""/120, 0x78}, {0x0}, {&(0x7f0000000200)=""/77, 0x4d}, {&(0x7f0000000540)=""/154, 0x9a}, {&(0x7f0000000340)=""/22, 0x16}], 0x8, &(0x7f0000002400)=""/191, 0xbf}}], 0x1, 0x0, &(0x7f0000003700)={0x77359400}) [ 583.846072] audit: type=1400 audit(2000000370.239:2681): avc: denied { map } for pid=20213 comm="blkid" path="/sbin/blkid" dev="sda1" ino=16128 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=0 [ 583.855587] sg_write: data in/out 167162/24 bytes for SCSI command 0xff-- guessing data in; [ 583.855587] program syz-executor.1 not setting count and/or reply_len properly 03:39:30 executing program 2: socketpair$unix(0x1, 0x0, 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="2001000010db55000000000000649bdb382db60cdb35feaf0900000000000000000000000000201483d9b22701010000d08a38cd02fa9ed7d2"], 0x1}}, 0x0) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x38) ptrace$cont(0x18, r0, 0x0, 0xa23) r1 = syz_open_dev$mouse(&(0x7f0000000180)='/dev/input/mouse#\x00', 0x1, 0x1) ioctl$SIOCAX25GETINFO(r1, 0x89ed, &(0x7f00000001c0)) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) r2 = syz_open_dev$radio(&(0x7f0000000080)='/dev/radio#\x00', 0x2, 0x2) write$P9_RMKNOD(r2, &(0x7f0000000100)={0x14, 0x13, 0x2, {0xc1, 0x1, 0x3}}, 0x14) r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) fcntl$getownex(r3, 0x10, &(0x7f0000000040)) ptrace$cont(0x9, r0, 0x0, 0x0) [ 583.895621] overlayfs: missing 'lowerdir' 03:39:30 executing program 0: mkdir(&(0x7f00000000c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000180)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000000)='./file0\x00', &(0x7f0000000300)='overlay\x00', 0x0, &(0x7f0000000c40)=ANY=[@ANYBLOB]) chdir(&(0x7f0000000280)='./file0\x00') mknod$loop(&(0x7f0000000040)='./file0\x00', 0x0, 0x1) [ 583.920139] protocol 88fb is buggy, dev hsr_slave_0 [ 583.925295] protocol 88fb is buggy, dev hsr_slave_1 [ 583.937677] FAULT_INJECTION: forcing a failure. [ 583.937677] name failslab, interval 1, probability 0, space 0, times 0 [ 583.948887] CPU: 0 PID: 20216 Comm: syz-executor.4 Not tainted 4.14.134 #30 [ 583.955983] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 583.965327] Call Trace: [ 583.967924] dump_stack+0x138/0x19c [ 583.971549] should_fail.cold+0x10f/0x159 [ 583.975695] should_failslab+0xdb/0x130 [ 583.979664] kmem_cache_alloc+0x47/0x780 [ 583.983725] radix_tree_node_alloc.constprop.0+0x1c7/0x310 [ 583.989345] __radix_tree_create+0x337/0x4d0 [ 583.993750] page_cache_tree_insert+0xa7/0x2d0 [ 583.998325] ? file_check_and_advance_wb_err+0x380/0x380 [ 584.003769] ? debug_smp_processor_id+0x1c/0x20 [ 584.008435] __add_to_page_cache_locked+0x2ab/0x7e0 [ 584.013444] ? find_lock_entry+0x3f0/0x3f0 [ 584.017674] ? lock_downgrade+0x6e0/0x6e0 [ 584.021816] add_to_page_cache_lru+0xf4/0x310 [ 584.026304] ? add_to_page_cache_locked+0x40/0x40 [ 584.031134] ? __page_cache_alloc+0xdd/0x3e0 [ 584.035536] pagecache_get_page+0x1f5/0x750 [ 584.039859] __getblk_gfp+0x24b/0x710 [ 584.043667] ? lru_add_drain_all+0x18/0x20 [ 584.047904] __bread_gfp+0x2e/0x290 [ 584.051525] btrfs_read_dev_one_super+0x9f/0x270 [ 584.056276] btrfs_read_dev_super+0x5d/0xb0 [ 584.060589] ? btrfs_read_dev_one_super+0x270/0x270 [ 584.065938] btrfs_get_bdev_and_sb+0xdc/0x2e0 [ 584.070434] __btrfs_open_devices+0x194/0xab0 [ 584.074923] ? check_preemption_disabled+0x3c/0x250 [ 584.079936] ? find_device+0x100/0x100 [ 584.083814] ? btrfs_mount+0x1069/0x2b14 [ 584.087865] ? rcu_read_lock_sched_held+0x110/0x130 [ 584.092882] btrfs_open_devices+0xa4/0xb0 [ 584.097027] btrfs_mount+0x11b4/0x2b14 [ 584.100913] ? lock_downgrade+0x6e0/0x6e0 [ 584.105049] ? find_held_lock+0x35/0x130 [ 584.109099] ? pcpu_alloc+0x3af/0x1050 [ 584.112995] ? btrfs_remount+0x11f0/0x11f0 [ 584.117229] ? rcu_read_lock_sched_held+0x110/0x130 [ 584.122250] ? __lockdep_init_map+0x10c/0x570 [ 584.126746] mount_fs+0x97/0x2a1 [ 584.130109] vfs_kern_mount.part.0+0x5e/0x3d0 [ 584.134593] ? find_held_lock+0x35/0x130 [ 584.138649] vfs_kern_mount+0x40/0x60 [ 584.142443] btrfs_mount+0x3ce/0x2b14 [ 584.146236] ? lock_downgrade+0x6e0/0x6e0 [ 584.150376] ? find_held_lock+0x35/0x130 [ 584.154425] ? pcpu_alloc+0x3af/0x1050 [ 584.158310] ? btrfs_remount+0x11f0/0x11f0 [ 584.162542] ? rcu_read_lock_sched_held+0x110/0x130 [ 584.167562] ? __lockdep_init_map+0x10c/0x570 [ 584.172054] ? __lockdep_init_map+0x10c/0x570 [ 584.176543] mount_fs+0x97/0x2a1 [ 584.179914] vfs_kern_mount.part.0+0x5e/0x3d0 [ 584.184407] do_mount+0x417/0x27d0 [ 584.187938] ? copy_mount_options+0x5c/0x2f0 [ 584.192357] ? rcu_read_lock_sched_held+0x110/0x130 [ 584.197369] ? copy_mount_string+0x40/0x40 [ 584.202362] ? copy_mount_options+0x1fe/0x2f0 [ 584.206856] SyS_mount+0xab/0x120 [ 584.210304] ? copy_mnt_ns+0x8c0/0x8c0 [ 584.214188] do_syscall_64+0x1e8/0x640 [ 584.218070] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 584.222931] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 584.228119] RIP: 0033:0x45c27a [ 584.231299] RSP: 002b:00007f4eb8d06a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 584.239005] RAX: ffffffffffffffda RBX: 00007f4eb8d06b40 RCX: 000000000045c27a [ 584.246269] RDX: 00007f4eb8d06ae0 RSI: 0000000020000100 RDI: 00007f4eb8d06b00 [ 584.253528] RBP: 0000000000000001 R08: 00007f4eb8d06b40 R09: 00007f4eb8d06ae0 [ 584.260800] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000006 03:39:30 executing program 2: socketpair$unix(0x1, 0x0, 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="2001000010db55000000000000649bdb382db60cdb35feaf0980000000000000000002000000000000d210ee55b2270100000000000000"], 0x1}}, 0x0) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x38) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x1) [ 584.268058] R13: 00000000004c88e2 R14: 00000000004df6b0 R15: 0000000000000005 03:39:30 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") r1 = syz_open_dev$sg(&(0x7f0000000080)='/dev/sg#\x00', 0x0, 0x8046) write(r1, &(0x7f0000000100)="b63db85e1e8d020000000000003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1acfbd6cbf87798a9b02de7a91a3cbdfa009cf75a7eadb2a00", 0x48) readv(r1, &(0x7f000085dff0)=[{&(0x7f0000000000)=""/62, 0x3e}], 0x1) 03:39:30 executing program 3: r0 = socket(0x10, 0x803, 0x0) sendto(r0, &(0x7f0000cfefee)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0x80, &(0x7f0000000380)=[{&(0x7f0000000040)=""/95, 0x5f}, {&(0x7f00000000c0)=""/85, 0x55}, {&(0x7f0000000fc0)=""/4096, 0x1000}, {&(0x7f0000000480)=""/60, 0x3c}, {&(0x7f0000000200)=""/77, 0x4d}, {&(0x7f0000000540)=""/154, 0x9a}, {&(0x7f0000000340)=""/22, 0x16}], 0x7, &(0x7f0000002400)=""/191, 0xbf}}], 0x1, 0x0, &(0x7f0000003700)={0x77359400}) 03:39:30 executing program 0: mkdir(&(0x7f00000000c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000180)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000000)='./file0\x00', &(0x7f0000000300)='overlay\x00', 0x0, &(0x7f0000000c40)=ANY=[@ANYBLOB]) chdir(&(0x7f0000000280)='./file0\x00') mknod$loop(&(0x7f0000000040)='./file0\x00', 0x0, 0x1) [ 584.341977] overlayfs: missing 'lowerdir' 03:39:30 executing program 3: r0 = socket(0x10, 0x803, 0x0) sendto(r0, &(0x7f0000cfefee)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0x80, &(0x7f0000000380)=[{&(0x7f0000000040)=""/95, 0x5f}, {&(0x7f00000000c0)=""/85, 0x55}, {&(0x7f0000000fc0)=""/4096, 0x1000}, {&(0x7f0000000480)=""/60, 0x3c}, {&(0x7f0000000200)=""/77, 0x4d}, {&(0x7f0000000540)=""/154, 0x9a}, {&(0x7f0000000340)=""/22, 0x16}], 0x7, &(0x7f0000002400)=""/191, 0xbf}}], 0x1, 0x0, &(0x7f0000003700)={0x77359400}) 03:39:30 executing program 0: mkdir(&(0x7f00000000c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000180)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000000)='./file0\x00', &(0x7f0000000300)='overlay\x00', 0x0, &(0x7f0000000c40)=ANY=[@ANYBLOB]) chdir(&(0x7f0000000280)='./file0\x00') mknod$loop(&(0x7f0000000040)='./file0\x00', 0x0, 0x1) [ 584.383989] sg_write: data in/out 167162/24 bytes for SCSI command 0xff-- guessing data in; [ 584.383989] program syz-executor.1 not setting count and/or reply_len properly [ 584.388827] overlayfs: missing 'lowerdir' [ 584.417832] sg_write: data in/out 167162/24 bytes for SCSI command 0xff-- guessing data in; [ 584.417832] program syz-executor.1 not setting count and/or reply_len properly [ 584.490509] overlayfs: missing 'lowerdir' 03:39:31 executing program 5: seccomp(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0xffffff7f7fffffff}]}) seccomp(0x1, 0x5, &(0x7f0000000040)={0x1, &(0x7f00000000c0)=[{0x6, 0x0, 0x0, 0x50000}]}) 03:39:31 executing program 1: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) fcntl$setlease(r0, 0x400, 0x2) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") r2 = syz_open_dev$admmidi(&(0x7f0000000500)='/dev/admmidi#\x00', 0xbfb, 0xc1436022b7cf44a7) ioctl$BLKFRASET(r2, 0x1264, &(0x7f0000000480)=0x2) r3 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x8046) write(r3, &(0x7f0000000100)="b63db85e1e8d020000000000003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1acfbd6cbf87798a9b02de7a91a3cbdfa009cf75a7eadb2a00", 0x48) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f00000003c0)={'vcan0\x00', 0x0}) ioctl$sock_inet6_SIOCDIFADDR(r0, 0x8936, &(0x7f0000000400)={@loopback, 0x55, r4}) r5 = syz_open_dev$adsp(&(0x7f0000000080)='/dev/adsp#\x00', 0x51c, 0x1) r6 = syz_genetlink_get_family_id$tipc(&(0x7f0000000440)='TIPC\x00') sendmsg$TIPC_CMD_DISABLE_BEARER(r5, &(0x7f0000000380)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x400008}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x34, r6, 0x300, 0x70bd2c, 0x25dfdbfd, {{}, 0x0, 0x4102, 0x0, {0x18, 0x13, @l2={'eth', 0x3a, 'veth1_to_team\x00'}}}, [""]}, 0x34}, 0x1, 0x0, 0x0, 0x80}, 0x800) readv(r3, &(0x7f000085dff0)=[{&(0x7f0000000000)=""/62, 0x3e}], 0x1) close(r3) setsockopt$inet6_group_source_req(r0, 0x29, 0x2c, &(0x7f0000000180)={0x6, {{0xa, 0x4e20, 0x9, @dev={0xfe, 0x80, [], 0x11}, 0x5}}, {{0xa, 0x4e23, 0xfffffffffffff000, @ipv4={[], [], @multicast2}, 0x9f2f}}}, 0x108) 03:39:31 executing program 4 (fault-call:1 fault-nth:81): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f0000000380)="8da4363ac0ed0000000000000000004d01000000000000000000000000000013fff6f2a2299748aeb81e1b00920efd9a000001000000000001000000000000005f42485266535f4d860c1317278d451fd38e4071a1e91c0523b67fecca5b668ef40000000000000000e4bd9fa7c5fcb3aefd8d4a6c4952162a5a06316567de06abe647d21f253840c118ae9982c6c238e719ccfbd8f5ee215e30bf31f59401e921c6a9fca5349ebf4294d39b5931232929caf81701a7540962141efc672ae1459ef04de89c7a092e7f", 0xc9, 0x10000}], 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) 03:39:31 executing program 3: r0 = socket(0x10, 0x803, 0x0) sendto(r0, &(0x7f0000cfefee)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0x80, &(0x7f0000000380)=[{&(0x7f0000000040)=""/95, 0x5f}, {&(0x7f00000000c0)=""/85, 0x55}, {&(0x7f0000000fc0)=""/4096, 0x1000}, {&(0x7f0000000480)=""/60, 0x3c}, {&(0x7f0000000200)=""/77, 0x4d}, {&(0x7f0000000540)=""/154, 0x9a}, {&(0x7f0000000340)=""/22, 0x16}], 0x7, &(0x7f0000002400)=""/191, 0xbf}}], 0x1, 0x0, &(0x7f0000003700)={0x77359400}) 03:39:31 executing program 0: mkdir(&(0x7f00000000c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000180)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000000)='./file0\x00', &(0x7f0000000300)='overlay\x00', 0x0, &(0x7f0000000c40)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir']) chdir(&(0x7f0000000280)='./file0\x00') mknod$loop(&(0x7f0000000040)='./file0\x00', 0x0, 0x1) 03:39:31 executing program 3: r0 = socket(0x10, 0x803, 0x0) sendto(r0, &(0x7f0000cfefee)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0x80, &(0x7f0000000380)=[{&(0x7f0000000040)=""/95, 0x5f}, {&(0x7f00000000c0)=""/85, 0x55}, {&(0x7f0000000fc0)=""/4096, 0x1000}, {0x0}, {&(0x7f0000000480)=""/60, 0x3c}, {&(0x7f0000000200)=""/77, 0x4d}, {&(0x7f0000000540)=""/154, 0x9a}, {&(0x7f0000000340)=""/22, 0x16}], 0x8, &(0x7f0000002400)=""/191, 0xbf}}], 0x1, 0x0, &(0x7f0000003700)={0x77359400}) [ 584.678302] sg_write: data in/out 167162/24 bytes for SCSI command 0xff-- guessing data in; [ 584.678302] program syz-executor.1 not setting count and/or reply_len properly [ 584.692990] overlayfs: unrecognized mount option "lowerdir" or missing value [ 584.710567] FAULT_INJECTION: forcing a failure. [ 584.710567] name failslab, interval 1, probability 0, space 0, times 0 [ 584.739145] CPU: 0 PID: 20273 Comm: syz-executor.4 Not tainted 4.14.134 #30 [ 584.746277] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 584.755633] Call Trace: [ 584.758222] dump_stack+0x138/0x19c [ 584.761850] should_fail.cold+0x10f/0x159 [ 584.765999] should_failslab+0xdb/0x130 [ 584.769967] kmem_cache_alloc+0x2d7/0x780 [ 584.774105] ? save_stack_trace+0x16/0x20 [ 584.778245] ? save_stack+0x45/0xd0 [ 584.781864] ? kasan_kmalloc+0xce/0xf0 [ 584.785758] ? kmem_cache_alloc_trace+0x152/0x790 [ 584.790592] ? btrfs_mount+0x1069/0x2b14 [ 584.794639] ? mount_fs+0x97/0x2a1 [ 584.798174] getname_kernel+0x53/0x350 [ 584.802071] kern_path+0x20/0x40 [ 584.805429] lookup_bdev.part.0+0x63/0x160 [ 584.809670] ? blkdev_open+0x260/0x260 [ 584.813551] ? btrfs_open_devices+0x27/0xb0 [ 584.817867] blkdev_get_by_path+0x76/0xf0 [ 584.822025] btrfs_get_bdev_and_sb+0x38/0x2e0 [ 584.826513] __btrfs_open_devices+0x194/0xab0 [ 584.831004] ? check_preemption_disabled+0x3c/0x250 [ 584.836016] ? find_device+0x100/0x100 [ 584.839906] ? btrfs_mount+0x1069/0x2b14 [ 584.843964] ? rcu_read_lock_sched_held+0x110/0x130 [ 584.848977] btrfs_open_devices+0xa4/0xb0 [ 584.853121] btrfs_mount+0x11b4/0x2b14 [ 584.857019] ? lock_downgrade+0x6e0/0x6e0 [ 584.861158] ? find_held_lock+0x35/0x130 [ 584.865213] ? pcpu_alloc+0x3af/0x1050 [ 584.869097] ? btrfs_remount+0x11f0/0x11f0 [ 584.873343] ? rcu_read_lock_sched_held+0x110/0x130 [ 584.878365] ? __lockdep_init_map+0x10c/0x570 [ 584.882862] mount_fs+0x97/0x2a1 [ 584.886229] vfs_kern_mount.part.0+0x5e/0x3d0 [ 584.890715] ? find_held_lock+0x35/0x130 [ 584.894772] vfs_kern_mount+0x40/0x60 [ 584.898567] btrfs_mount+0x3ce/0x2b14 [ 584.902357] ? lock_downgrade+0x6e0/0x6e0 [ 584.906493] ? find_held_lock+0x35/0x130 [ 584.910546] ? pcpu_alloc+0x3af/0x1050 [ 584.914433] ? btrfs_remount+0x11f0/0x11f0 [ 584.918662] ? rcu_read_lock_sched_held+0x110/0x130 [ 584.923677] ? __lockdep_init_map+0x10c/0x570 [ 584.928161] ? __lockdep_init_map+0x10c/0x570 [ 584.932653] mount_fs+0x97/0x2a1 [ 584.936029] vfs_kern_mount.part.0+0x5e/0x3d0 [ 584.940518] do_mount+0x417/0x27d0 [ 584.944063] ? copy_mount_options+0x5c/0x2f0 [ 584.948462] ? rcu_read_lock_sched_held+0x110/0x130 [ 584.953469] ? copy_mount_string+0x40/0x40 [ 584.957712] ? copy_mount_options+0x1fe/0x2f0 [ 584.962204] SyS_mount+0xab/0x120 [ 584.965646] ? copy_mnt_ns+0x8c0/0x8c0 [ 584.969528] do_syscall_64+0x1e8/0x640 [ 584.973408] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 584.978251] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 584.983431] RIP: 0033:0x45c27a [ 584.986613] RSP: 002b:00007f4eb8d06a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 584.994317] RAX: ffffffffffffffda RBX: 00007f4eb8d06b40 RCX: 000000000045c27a [ 585.001583] RDX: 00007f4eb8d06ae0 RSI: 0000000020000100 RDI: 00007f4eb8d06b00 [ 585.008843] RBP: 0000000000000001 R08: 00007f4eb8d06b40 R09: 00007f4eb8d06ae0 [ 585.016463] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000006 [ 585.029977] R13: 00000000004c88e2 R14: 00000000004df6b0 R15: 0000000000000005 [ 585.055304] sg_write: data in/out 167162/24 bytes for SCSI command 0xff-- guessing data in; [ 585.055304] program syz-executor.1 not setting count and/or reply_len properly [ 585.200161] protocol 88fb is buggy, dev hsr_slave_0 03:39:33 executing program 2: socketpair$unix(0x1, 0x0, 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="2001000010db55000000000000649bdb382db60cdb35feaf0900000000000000000000000000201483d9b22701010000d08a33cf02fa9ed7d2"], 0x1}}, 0x0) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x38) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r0, 0x0, 0x0) 03:39:33 executing program 0: mkdir(&(0x7f00000000c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000180)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000000)='./file0\x00', &(0x7f0000000300)='overlay\x00', 0x0, &(0x7f0000000c40)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir']) chdir(&(0x7f0000000280)='./file0\x00') mknod$loop(&(0x7f0000000040)='./file0\x00', 0x0, 0x1) 03:39:33 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") r1 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x8046) write(r1, &(0x7f0000000100)="b63db85e1e8d020000000000003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1acfbd6cbf87798a9b02de7a91a3cbdfa009cf75a7eadb2a00", 0x48) 03:39:33 executing program 3: r0 = socket(0x10, 0x803, 0x0) sendto(r0, &(0x7f0000cfefee)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0x80, &(0x7f0000000380)=[{&(0x7f0000000040)=""/95, 0x5f}, {&(0x7f00000000c0)=""/85, 0x55}, {&(0x7f0000000fc0)=""/4096, 0x1000}, {0x0}, {&(0x7f0000000480)=""/60, 0x3c}, {&(0x7f0000000200)=""/77, 0x4d}, {&(0x7f0000000540)=""/154, 0x9a}, {&(0x7f0000000340)=""/22, 0x16}], 0x8, &(0x7f0000002400)=""/191, 0xbf}}], 0x1, 0x0, &(0x7f0000003700)={0x77359400}) 03:39:33 executing program 5: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_MCAST_JOIN_GROUP(r0, 0x0, 0x2a, &(0x7f0000000280)={0x0, {{0x2, 0x0, @multicast2}}}, 0x356) 03:39:33 executing program 4 (fault-call:1 fault-nth:82): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f0000000380)="8da4363ac0ed0000000000000000004d01000000000000000000000000000013fff6f2a2299748aeb81e1b00920efd9a000001000000000001000000000000005f42485266535f4d860c1317278d451fd38e4071a1e91c0523b67fecca5b668ef40000000000000000e4bd9fa7c5fcb3aefd8d4a6c4952162a5a06316567de06abe647d21f253840c118ae9982c6c238e719ccfbd8f5ee215e30bf31f59401e921c6a9fca5349ebf4294d39b5931232929caf81701a7540962141efc672ae1459ef04de89c7a092e7f", 0xc9, 0x10000}], 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) [ 587.337388] kauditd_printk_skb: 18 callbacks suppressed [ 587.337406] audit: type=1400 audit(2000000373.729:2700): avc: denied { map } for pid=20294 comm="blkid" path="/sbin/blkid" dev="sda1" ino=16128 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=0 [ 587.338412] overlayfs: unrecognized mount option "lowerdir" or missing value [ 587.378383] sg_write: data in/out 167162/24 bytes for SCSI command 0xff-- guessing data in; 03:39:33 executing program 3: r0 = socket(0x10, 0x803, 0x0) sendto(r0, &(0x7f0000cfefee)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0x80, &(0x7f0000000380)=[{&(0x7f0000000040)=""/95, 0x5f}, {&(0x7f00000000c0)=""/85, 0x55}, {&(0x7f0000000fc0)=""/4096, 0x1000}, {0x0}, {&(0x7f0000000480)=""/60, 0x3c}, {&(0x7f0000000200)=""/77, 0x4d}, {&(0x7f0000000540)=""/154, 0x9a}, {&(0x7f0000000340)=""/22, 0x16}], 0x8, &(0x7f0000002400)=""/191, 0xbf}}], 0x1, 0x0, &(0x7f0000003700)={0x77359400}) 03:39:33 executing program 5: accept$inet(0xffffffffffffffff, 0x0, &(0x7f00000010c0)) poll(&(0x7f0000000000), 0x3, 0x8000000000049) r0 = socket$inet_udplite(0x2, 0x2, 0x88) recvfrom$inet(r0, 0x0, 0x4e, 0x0, 0x0, 0x800e004de) r1 = dup(r0) readv(r1, &(0x7f0000000600)=[{&(0x7f0000000140)=""/106, 0x6a}, {0x0}, {0x0}, {0x0}, {0x0}], 0x5) shutdown(r1, 0x0) [ 587.378383] program syz-executor.1 not setting count and/or reply_len properly [ 587.406133] FAULT_INJECTION: forcing a failure. [ 587.406133] name failslab, interval 1, probability 0, space 0, times 0 [ 587.425070] audit: type=1400 audit(2000000373.819:2701): avc: denied { map } for pid=20307 comm="blkid" path="/sbin/blkid" dev="sda1" ino=16128 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=0 [ 587.435635] CPU: 0 PID: 20298 Comm: syz-executor.4 Not tainted 4.14.134 #30 [ 587.454236] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 587.463597] Call Trace: [ 587.466189] dump_stack+0x138/0x19c [ 587.469833] should_fail.cold+0x10f/0x159 [ 587.473993] should_failslab+0xdb/0x130 [ 587.477972] kmem_cache_alloc+0x2d7/0x780 [ 587.482122] ? out_of_line_wait_on_bit+0xba/0xd0 [ 587.486888] ? __wait_on_bit+0x130/0x130 [ 587.490971] getname_kernel+0x53/0x350 [ 587.494865] kern_path+0x20/0x40 [ 587.498238] lookup_bdev.part.0+0x63/0x160 [ 587.498248] ? blkdev_open+0x260/0x260 [ 587.498261] ? btrfs_read_dev_super+0x77/0xb0 [ 587.498273] blkdev_get_by_path+0x76/0xf0 [ 587.506376] btrfs_get_bdev_and_sb+0x38/0x2e0 [ 587.506391] __btrfs_open_devices+0x194/0xab0 [ 587.506408] ? find_device+0x100/0x100 [ 587.506418] ? btrfs_mount+0x1069/0x2b14 [ 587.506431] ? rcu_read_lock_sched_held+0x110/0x130 [ 587.536942] btrfs_open_devices+0xa4/0xb0 [ 587.541099] btrfs_mount+0x11b4/0x2b14 [ 587.544995] ? lock_downgrade+0x6e0/0x6e0 [ 587.545307] audit: type=1400 audit(2000000373.939:2702): avc: denied { map } for pid=20314 comm="blkid" path="/sbin/blkid" dev="sda1" ino=16128 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=0 [ 587.549135] ? find_held_lock+0x35/0x130 [ 587.549147] ? pcpu_alloc+0x3af/0x1050 [ 587.549166] ? btrfs_remount+0x11f0/0x11f0 [ 587.549184] ? rcu_read_lock_sched_held+0x110/0x130 [ 587.549205] ? __lockdep_init_map+0x10c/0x570 [ 587.592876] mount_fs+0x97/0x2a1 [ 587.594971] overlayfs: unrecognized mount option "lowerdir" or missing value [ 587.596250] vfs_kern_mount.part.0+0x5e/0x3d0 [ 587.596262] ? find_held_lock+0x35/0x130 [ 587.596276] vfs_kern_mount+0x40/0x60 [ 587.596291] btrfs_mount+0x3ce/0x2b14 [ 587.596301] ? lock_downgrade+0x6e0/0x6e0 [ 587.596313] ? find_held_lock+0x35/0x130 [ 587.627775] ? pcpu_alloc+0x3af/0x1050 [ 587.627796] ? btrfs_remount+0x11f0/0x11f0 [ 587.635909] ? rcu_read_lock_sched_held+0x110/0x130 [ 587.640949] ? __lockdep_init_map+0x10c/0x570 [ 587.645445] ? __lockdep_init_map+0x10c/0x570 [ 587.645463] mount_fs+0x97/0x2a1 [ 587.645479] vfs_kern_mount.part.0+0x5e/0x3d0 [ 587.645497] do_mount+0x417/0x27d0 [ 587.661353] ? copy_mount_options+0x5c/0x2f0 [ 587.665771] ? rcu_read_lock_sched_held+0x110/0x130 [ 587.670794] ? copy_mount_string+0x40/0x40 [ 587.675033] ? copy_mount_options+0x1fe/0x2f0 [ 587.675482] overlayfs: unrecognized mount option "wor" or missing value [ 587.679530] SyS_mount+0xab/0x120 [ 587.679540] ? copy_mnt_ns+0x8c0/0x8c0 [ 587.679554] do_syscall_64+0x1e8/0x640 [ 587.679564] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 587.679582] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 587.679591] RIP: 0033:0x45c27a [ 587.679599] RSP: 002b:00007f4eb8d06a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 587.718413] RAX: ffffffffffffffda RBX: 00007f4eb8d06b40 RCX: 000000000045c27a [ 587.725684] RDX: 00007f4eb8d06ae0 RSI: 0000000020000100 RDI: 00007f4eb8d06b00 03:39:33 executing program 3: r0 = socket(0x10, 0x803, 0x0) sendto(r0, &(0x7f0000cfefee)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0x80, &(0x7f0000000380)=[{&(0x7f0000000040)=""/95, 0x5f}, {&(0x7f00000000c0)=""/85, 0x55}, {&(0x7f0000000400)=""/120, 0x78}, {&(0x7f0000000480)=""/60, 0x3c}, {&(0x7f0000000200)=""/77, 0x4d}, {&(0x7f0000000540)=""/154, 0x9a}, {&(0x7f0000000340)=""/22, 0x16}], 0x7, &(0x7f0000002400)=""/191, 0xbf}}], 0x1, 0x0, &(0x7f0000003700)={0x77359400}) 03:39:33 executing program 0: mkdir(&(0x7f00000000c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000180)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000000)='./file0\x00', &(0x7f0000000300)='overlay\x00', 0x0, &(0x7f0000000c40)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir']) chdir(&(0x7f0000000280)='./file0\x00') mknod$loop(&(0x7f0000000040)='./file0\x00', 0x0, 0x1) 03:39:34 executing program 0: mkdir(&(0x7f00000000c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000180)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000000)='./file0\x00', &(0x7f0000000300)='overlay\x00', 0x0, &(0x7f0000000c40)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=./file1,wor']) chdir(&(0x7f0000000280)='./file0\x00') mknod$loop(&(0x7f0000000040)='./file0\x00', 0x0, 0x1) 03:39:34 executing program 0: mkdir(&(0x7f00000000c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000180)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000000)='./file0\x00', &(0x7f0000000300)='overlay\x00', 0x0, &(0x7f0000000c40)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=./file1,wor']) chdir(&(0x7f0000000280)='./file0\x00') mknod$loop(&(0x7f0000000040)='./file0\x00', 0x0, 0x1) [ 587.732952] RBP: 0000000000000001 R08: 00007f4eb8d06b40 R09: 00007f4eb8d06ae0 [ 587.740219] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000006 [ 587.747489] R13: 00000000004c88e2 R14: 00000000004df6b0 R15: 0000000000000005 [ 587.748428] overlayfs: unrecognized mount option "wor" or missing value [ 587.780313] audit: type=1400 audit(2000000374.169:2703): avc: denied { map } for pid=20319 comm="blkid" path="/sbin/blkid" dev="sda1" ino=16128 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=0 [ 587.816631] audit: type=1400 audit(2000000374.209:2704): avc: denied { map } for pid=20328 comm="blkid" path="/sbin/blkid" dev="sda1" ino=16128 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=0 [ 587.851907] audit: type=1400 audit(2000000374.249:2705): avc: denied { map } for pid=20329 comm="blkid" path="/sbin/blkid" dev="sda1" ino=16128 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=0 [ 587.885735] audit: type=1400 audit(2000000374.279:2706): avc: denied { map } for pid=20330 comm="blkid" path="/sbin/blkid" dev="sda1" ino=16128 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=0 [ 587.919699] audit: type=1400 audit(2000000374.309:2707): avc: denied { map } for pid=20331 comm="blkid" path="/sbin/blkid" dev="sda1" ino=16128 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=0 [ 587.942465] audit: type=1400 audit(2000000374.309:2708): avc: denied { map } for pid=20332 comm="blkid" path="/sbin/blkid" dev="sda1" ino=16128 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=0 [ 589.360136] net_ratelimit: 17 callbacks suppressed [ 589.360140] protocol 88fb is buggy, dev hsr_slave_0 [ 589.370192] protocol 88fb is buggy, dev hsr_slave_1 [ 589.520146] protocol 88fb is buggy, dev hsr_slave_0 [ 589.525223] protocol 88fb is buggy, dev hsr_slave_1 [ 589.530343] protocol 88fb is buggy, dev hsr_slave_0 [ 589.535390] protocol 88fb is buggy, dev hsr_slave_1 [ 589.540538] protocol 88fb is buggy, dev hsr_slave_1 [ 590.160141] protocol 88fb is buggy, dev hsr_slave_0 [ 590.165254] protocol 88fb is buggy, dev hsr_slave_1 03:39:36 executing program 2: socketpair$unix(0x1, 0x0, 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="2001000010db55000000000000649bdb382db60cdb35e0af0900000000000000000000000000201483d9b22701010000d08a38cd22fa9ed7d2"], 0x1}}, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000080)='net/rt_acct\x00') ioctl$TIOCGPGRP(r0, 0x540f, &(0x7f0000000100)=0x0) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000040)=0x0) ptrace$peekuser(0x3, r2, 0xfff) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$BLKTRACESETUP(r0, 0xc0481273, &(0x7f0000000180)={[], 0x1, 0xed6b, 0x74a, 0xcd, 0x9b, r1}) r3 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r3, 0x0, 0x0) setsockopt$inet_sctp_SCTP_FRAGMENT_INTERLEAVE(r0, 0x84, 0x12, &(0x7f0000000200)=0x7fff, 0x4) tkill(r3, 0x38) ptrace$cont(0x18, r3, 0x0, 0x0) ptrace$setregs(0xd, r3, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r3, 0x0, 0x0) 03:39:36 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) read(r0, &(0x7f0000000000)=""/117, 0x75) r1 = socket$inet_udplite(0x2, 0x2, 0x88) recvfrom$inet(r1, 0x0, 0xc8f4, 0x0, 0x0, 0x800e00519) shutdown(r0, 0x0) dup2(r1, r0) r2 = dup(r0) recvmsg(r2, &(0x7f0000001740)={0x0, 0x0, &(0x7f0000001600)=[{&(0x7f0000000080)=""/157, 0x9d}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}], 0x9}, 0x2) shutdown(r0, 0x0) 03:39:36 executing program 3: r0 = socket(0x10, 0x803, 0x0) sendto(r0, &(0x7f0000cfefee)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0x80, &(0x7f0000000380)=[{&(0x7f0000000040)=""/95, 0x5f}, {&(0x7f00000000c0)=""/85, 0x55}, {&(0x7f0000000400)=""/120, 0x78}, {&(0x7f0000000480)=""/60, 0x3c}, {&(0x7f0000000200)=""/77, 0x4d}, {&(0x7f0000000540)=""/154, 0x9a}, {&(0x7f0000000340)=""/22, 0x16}], 0x7, &(0x7f0000002400)=""/191, 0xbf}}], 0x1, 0x0, &(0x7f0000003700)={0x77359400}) 03:39:36 executing program 0: mkdir(&(0x7f00000000c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000180)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000000)='./file0\x00', &(0x7f0000000300)='overlay\x00', 0x0, &(0x7f0000000c40)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=./file1,wor']) chdir(&(0x7f0000000280)='./file0\x00') mknod$loop(&(0x7f0000000040)='./file0\x00', 0x0, 0x1) 03:39:36 executing program 4 (fault-call:1 fault-nth:83): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f0000000380)="8da4363ac0ed0000000000000000004d01000000000000000000000000000013fff6f2a2299748aeb81e1b00920efd9a000001000000000001000000000000005f42485266535f4d860c1317278d451fd38e4071a1e91c0523b67fecca5b668ef40000000000000000e4bd9fa7c5fcb3aefd8d4a6c4952162a5a06316567de06abe647d21f253840c118ae9982c6c238e719ccfbd8f5ee215e30bf31f59401e921c6a9fca5349ebf4294d39b5931232929caf81701a7540962141efc672ae1459ef04de89c7a092e7f", 0xc9, 0x10000}], 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) 03:39:36 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) fsetxattr$trusted_overlay_opaque(r0, &(0x7f0000000080)='trusted.overlay.opaque\x00', &(0x7f00000000c0)='y\x00', 0x2, 0x2) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") r1 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x8046) ioctl$SCSI_IOCTL_DOORUNLOCK(r1, 0x5381) write(r1, &(0x7f0000000100)="b63db85e1e8d020000000000003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1acfbd6cbf87798a9b02de7a91a3cbdfa009cf75a7eadb2a00", 0x48) readv(r1, &(0x7f000085dff0)=[{&(0x7f0000000000)=""/62, 0x3e}], 0x1) socket$isdn_base(0x22, 0x3, 0x0) [ 590.376593] audit: type=1400 audit(2000000376.769:2709): avc: denied { map } for pid=20340 comm="blkid" path="/sbin/blkid" dev="sda1" ino=16128 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=0 [ 590.406021] overlayfs: unrecognized mount option "wor" or missing value [ 590.416377] FAULT_INJECTION: forcing a failure. 03:39:36 executing program 3: r0 = socket(0x10, 0x803, 0x0) sendto(r0, &(0x7f0000cfefee)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0x80, &(0x7f0000000380)=[{&(0x7f0000000040)=""/95, 0x5f}, {&(0x7f00000000c0)=""/85, 0x55}, {&(0x7f0000000400)=""/120, 0x78}, {&(0x7f0000000480)=""/60, 0x3c}, {&(0x7f0000000200)=""/77, 0x4d}, {&(0x7f0000000540)=""/154, 0x9a}, {&(0x7f0000000340)=""/22, 0x16}], 0x7, &(0x7f0000002400)=""/191, 0xbf}}], 0x1, 0x0, &(0x7f0000003700)={0x77359400}) [ 590.416377] name failslab, interval 1, probability 0, space 0, times 0 [ 590.438813] sg_write: data in/out 167162/24 bytes for SCSI command 0xff-- guessing data in; [ 590.438813] program syz-executor.1 not setting count and/or reply_len properly [ 590.455385] CPU: 0 PID: 20343 Comm: syz-executor.4 Not tainted 4.14.134 #30 [ 590.462498] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 590.471849] Call Trace: 03:39:36 executing program 3: r0 = socket(0x10, 0x803, 0x0) sendto(r0, &(0x7f0000cfefee)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0x80, &(0x7f0000000380)=[{&(0x7f0000000040)=""/95, 0x5f}, {&(0x7f00000000c0)=""/85, 0x55}, {0x0}, {&(0x7f0000000400)=""/120, 0x78}, {&(0x7f0000000480)=""/60, 0x3c}, {&(0x7f0000000200)=""/77, 0x4d}, {&(0x7f0000000540)=""/154, 0x9a}, {&(0x7f0000000340)=""/22, 0x16}], 0x8, &(0x7f0000002400)=""/191, 0xbf}}], 0x1, 0x0, &(0x7f0000003700)={0x77359400}) 03:39:36 executing program 3: r0 = socket(0x10, 0x803, 0x0) sendto(r0, &(0x7f0000cfefee)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0x80, &(0x7f0000000380)=[{&(0x7f0000000040)=""/95, 0x5f}, {&(0x7f00000000c0)=""/85, 0x55}, {0x0}, {&(0x7f0000000400)=""/120, 0x78}, {&(0x7f0000000480)=""/60, 0x3c}, {&(0x7f0000000200)=""/77, 0x4d}, {&(0x7f0000000540)=""/154, 0x9a}, {&(0x7f0000000340)=""/22, 0x16}], 0x8, &(0x7f0000002400)=""/191, 0xbf}}], 0x1, 0x0, &(0x7f0000003700)={0x77359400}) [ 590.474442] dump_stack+0x138/0x19c [ 590.478073] should_fail.cold+0x10f/0x159 [ 590.482224] ? __lock_is_held+0xb6/0x140 [ 590.486288] ? mempool_free+0x1d0/0x1d0 [ 590.490269] should_failslab+0xdb/0x130 [ 590.494248] kmem_cache_alloc+0x47/0x780 [ 590.498315] ? mempool_free+0x1d0/0x1d0 [ 590.502294] mempool_alloc_slab+0x47/0x60 [ 590.506448] mempool_alloc+0x138/0x300 [ 590.510341] ? __find_get_block+0x5c4/0xb10 [ 590.514667] ? remove_element.isra.0+0x1b0/0x1b0 [ 590.519429] ? mark_held_locks+0xb1/0x100 [ 590.523580] ? save_trace+0x290/0x290 03:39:36 executing program 3: r0 = socket(0x10, 0x803, 0x0) sendto(r0, &(0x7f0000cfefee)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0x80, &(0x7f0000000380)=[{&(0x7f0000000040)=""/95, 0x5f}, {&(0x7f00000000c0)=""/85, 0x55}, {0x0}, {&(0x7f0000000400)=""/120, 0x78}, {&(0x7f0000000480)=""/60, 0x3c}, {&(0x7f0000000200)=""/77, 0x4d}, {&(0x7f0000000540)=""/154, 0x9a}, {&(0x7f0000000340)=""/22, 0x16}], 0x8, &(0x7f0000002400)=""/191, 0xbf}}], 0x1, 0x0, &(0x7f0000003700)={0x77359400}) 03:39:36 executing program 3: r0 = socket(0x10, 0x803, 0x0) sendto(r0, &(0x7f0000cfefee)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0x80, &(0x7f0000000380)=[{&(0x7f0000000040)=""/95, 0x5f}, {&(0x7f0000000fc0)=""/4096, 0x1000}, {&(0x7f0000000400)=""/120, 0x78}, {&(0x7f0000000480)=""/60, 0x3c}, {&(0x7f0000000200)=""/77, 0x4d}, {&(0x7f0000000540)=""/154, 0x9a}, {&(0x7f0000000340)=""/22, 0x16}], 0x7, &(0x7f0000002400)=""/191, 0xbf}}], 0x1, 0x0, &(0x7f0000003700)={0x77359400}) [ 590.527378] ? trace_hardirqs_on_caller+0x400/0x590 [ 590.532400] bio_alloc_bioset+0x368/0x680 [ 590.536557] ? bvec_alloc+0x2e0/0x2e0 [ 590.540364] ? __getblk_gfp+0x5c/0x710 [ 590.544258] submit_bh_wbc+0xf6/0x720 [ 590.548085] __bread_gfp+0x106/0x290 [ 590.551808] btrfs_read_dev_one_super+0x9f/0x270 [ 590.556568] btrfs_read_dev_super+0x5d/0xb0 [ 590.560895] ? btrfs_read_dev_one_super+0x270/0x270 [ 590.565932] btrfs_get_bdev_and_sb+0xdc/0x2e0 [ 590.570433] __btrfs_open_devices+0x194/0xab0 03:39:37 executing program 3: r0 = socket(0x10, 0x803, 0x0) sendto(r0, &(0x7f0000cfefee)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0x80, &(0x7f0000000380)=[{&(0x7f0000000040)=""/95, 0x5f}, {&(0x7f0000000fc0)=""/4096, 0x1000}, {&(0x7f0000000400)=""/120, 0x78}, {&(0x7f0000000480)=""/60, 0x3c}, {&(0x7f0000000200)=""/77, 0x4d}, {&(0x7f0000000540)=""/154, 0x9a}, {&(0x7f0000000340)=""/22, 0x16}], 0x7, &(0x7f0000002400)=""/191, 0xbf}}], 0x1, 0x0, &(0x7f0000003700)={0x77359400}) [ 590.574940] ? check_preemption_disabled+0x3c/0x250 [ 590.579970] ? find_device+0x100/0x100 [ 590.583861] ? btrfs_mount+0x1069/0x2b14 [ 590.587932] ? rcu_read_lock_sched_held+0x110/0x130 [ 590.592954] btrfs_open_devices+0xa4/0xb0 [ 590.597108] btrfs_mount+0x11b4/0x2b14 [ 590.601016] ? lock_downgrade+0x6e0/0x6e0 [ 590.605170] ? find_held_lock+0x35/0x130 [ 590.609231] ? pcpu_alloc+0x3af/0x1050 [ 590.613129] ? btrfs_remount+0x11f0/0x11f0 [ 590.617372] ? rcu_read_lock_sched_held+0x110/0x130 [ 590.622401] ? __lockdep_init_map+0x10c/0x570 [ 590.626901] mount_fs+0x97/0x2a1 [ 590.630307] vfs_kern_mount.part.0+0x5e/0x3d0 [ 590.634808] ? find_held_lock+0x35/0x130 [ 590.638864] vfs_kern_mount+0x40/0x60 [ 590.642657] btrfs_mount+0x3ce/0x2b14 [ 590.646449] ? lock_downgrade+0x6e0/0x6e0 [ 590.650583] ? find_held_lock+0x35/0x130 [ 590.654654] ? pcpu_alloc+0x3af/0x1050 [ 590.658537] ? btrfs_remount+0x11f0/0x11f0 [ 590.662769] ? rcu_read_lock_sched_held+0x110/0x130 [ 590.667780] ? __lockdep_init_map+0x10c/0x570 [ 590.672257] ? __lockdep_init_map+0x10c/0x570 [ 590.676737] mount_fs+0x97/0x2a1 [ 590.680101] vfs_kern_mount.part.0+0x5e/0x3d0 [ 590.684588] do_mount+0x417/0x27d0 [ 590.688110] ? copy_mount_options+0x5c/0x2f0 [ 590.692502] ? rcu_read_lock_sched_held+0x110/0x130 [ 590.697498] ? copy_mount_string+0x40/0x40 [ 590.701726] ? copy_mount_options+0x1fe/0x2f0 [ 590.706215] SyS_mount+0xab/0x120 [ 590.709657] ? copy_mnt_ns+0x8c0/0x8c0 [ 590.713538] do_syscall_64+0x1e8/0x640 [ 590.717412] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 590.722272] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 590.727855] RIP: 0033:0x45c27a [ 590.731027] RSP: 002b:00007f4eb8d06a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 590.738715] RAX: ffffffffffffffda RBX: 00007f4eb8d06b40 RCX: 000000000045c27a [ 590.745970] RDX: 00007f4eb8d06ae0 RSI: 0000000020000100 RDI: 00007f4eb8d06b00 [ 590.753232] RBP: 0000000000000001 R08: 00007f4eb8d06b40 R09: 00007f4eb8d06ae0 [ 590.760510] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000006 [ 590.767798] R13: 00000000004c88e2 R14: 00000000004df6b0 R15: 0000000000000005 03:39:37 executing program 2: socketpair$unix(0x1, 0x0, 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="2001000010db55000000000000649bdb382db60cdb35feaf0900000000000000000000000000201483d9b22701010000d08a38cd02fa9ed7d2"], 0x1}}, 0x0) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x22000000, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(r0, 0x0, 0x4000000b, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x38) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r0, 0x0, 0x0) [ 590.778606] sg_write: data in/out 167162/24 bytes for SCSI command 0xff-- guessing data in; [ 590.778606] program syz-executor.1 not setting count and/or reply_len properly 03:39:37 executing program 5: prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000080)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x50000}]}) mount$9p_rdma(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x3, 0x0) 03:39:37 executing program 3: r0 = socket(0x10, 0x803, 0x0) sendto(r0, &(0x7f0000cfefee)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0x80, &(0x7f0000000380)=[{&(0x7f0000000040)=""/95, 0x5f}, {&(0x7f0000000fc0)=""/4096, 0x1000}, {&(0x7f0000000400)=""/120, 0x78}, {&(0x7f0000000480)=""/60, 0x3c}, {&(0x7f0000000200)=""/77, 0x4d}, {&(0x7f0000000540)=""/154, 0x9a}, {&(0x7f0000000340)=""/22, 0x16}], 0x7, &(0x7f0000002400)=""/191, 0xbf}}], 0x1, 0x0, &(0x7f0000003700)={0x77359400}) 03:39:37 executing program 0: mkdir(&(0x7f00000000c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000180)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000000)='./file0\x00', &(0x7f0000000300)='overlay\x00', 0x0, &(0x7f0000000c40)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=./file1,workdir=.']) chdir(&(0x7f0000000280)='./file0\x00') mknod$loop(&(0x7f0000000040)='./file0\x00', 0x0, 0x1) 03:39:37 executing program 4 (fault-call:1 fault-nth:84): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f0000000380)="8da4363ac0ed0000000000000000004d01000000000000000000000000000013fff6f2a2299748aeb81e1b00920efd9a000001000000000001000000000000005f42485266535f4d860c1317278d451fd38e4071a1e91c0523b67fecca5b668ef40000000000000000e4bd9fa7c5fcb3aefd8d4a6c4952162a5a06316567de06abe647d21f253840c118ae9982c6c238e719ccfbd8f5ee215e30bf31f59401e921c6a9fca5349ebf4294d39b5931232929caf81701a7540962141efc672ae1459ef04de89c7a092e7f", 0xc9, 0x10000}], 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) 03:39:37 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") r1 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x8046) r2 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/mixer\x00', 0x101000, 0x0) ioctl$SNDRV_SEQ_IOCTL_DELETE_PORT(r2, 0x40a85321, &(0x7f0000000180)={{0x0, 0x8}, 'port1\x00', 0x8, 0x120800, 0x6, 0x8000, 0xffffffffffff8001, 0xfffffffffffffffb, 0x100000000, 0x0, 0x1, 0x4}) write(r1, &(0x7f0000000100)="b63db85e1e8d020000000000003ef0011dcc606aed69d2bc7037cebc9bc2feffffffffffffffe22c9b160096aa1fae1acfbd6cbf87798a9b02de7a91a3cbdfa009cf75a7eadb2a00", 0xa38cad3775f257bb) readv(r1, &(0x7f000085dff0)=[{&(0x7f00000000c0)=""/62, 0x3e}], 0x1) 03:39:37 executing program 2: socketpair$unix(0x1, 0x0, 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="2001000010db55000000000000649bdb382db60cdb35feaf0900000000000000000000000000201483d9b22701010000d08a38cd02fa9ed7d2"], 0x1}}, 0x0) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x1000004, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x38) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$PTRACE_SECCOMP_GET_FILTER(0x420c, r0, 0x8001, &(0x7f0000000180)=""/247) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r0, 0x0, 0x0) 03:39:37 executing program 3: r0 = socket(0x10, 0x803, 0x0) sendto(r0, &(0x7f0000cfefee)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0x80, &(0x7f0000000380)=[{&(0x7f0000000040)=""/95, 0x5f}, {0x0}, {&(0x7f0000000fc0)=""/4096, 0x1000}, {&(0x7f0000000400)=""/120, 0x78}, {&(0x7f0000000480)=""/60, 0x3c}, {&(0x7f0000000200)=""/77, 0x4d}, {&(0x7f0000000540)=""/154, 0x9a}, {&(0x7f0000000340)=""/22, 0x16}], 0x8, &(0x7f0000002400)=""/191, 0xbf}}], 0x1, 0x0, &(0x7f0000003700)={0x77359400}) 03:39:37 executing program 2: socketpair$unix(0x1, 0x0, 0x0, 0x0) socketpair(0x11, 0x1, 0x1, &(0x7f0000000080)) r0 = dup2(0xffffffffffffffff, 0xffffffffffffffff) sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0xfffffffffffffd53, &(0x7f0000000180)={&(0x7f00000000c0)=ANY=[], 0x1}}, 0x1) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r1, 0x0, 0x0) ioctl$sock_inet_SIOCSIFPFLAGS(r0, 0x8934, &(0x7f0000000000)={'syzkaller0\x00', 0x20}) tkill(r1, 0x38) ptrace$cont(0x18, r1, 0x0, 0x0) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r1, 0x0, 0x0) [ 590.935497] overlayfs: workdir and upperdir must be separate subtrees 03:39:37 executing program 0: mkdir(&(0x7f00000000c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000180)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000000)='./file0\x00', &(0x7f0000000300)='overlay\x00', 0x0, &(0x7f0000000c40)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=./file1,workdir=.']) chdir(&(0x7f0000000280)='./file0\x00') mknod$loop(&(0x7f0000000040)='./file0\x00', 0x0, 0x1) [ 590.981356] FAULT_INJECTION: forcing a failure. [ 590.981356] name failslab, interval 1, probability 0, space 0, times 0 [ 591.022574] CPU: 0 PID: 20390 Comm: syz-executor.4 Not tainted 4.14.134 #30 [ 591.029716] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 591.039073] Call Trace: [ 591.041670] dump_stack+0x138/0x19c [ 591.045334] should_fail.cold+0x10f/0x159 [ 591.049546] should_failslab+0xdb/0x130 [ 591.053536] __kmalloc+0x2f0/0x7a0 [ 591.056882] overlayfs: workdir and upperdir must be separate subtrees [ 591.057080] ? __lock_is_held+0xb6/0x140 03:39:37 executing program 0: mkdir(&(0x7f00000000c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000180)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000000)='./file0\x00', &(0x7f0000000300)='overlay\x00', 0x0, &(0x7f0000000c40)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=./file1,workdir=.']) chdir(&(0x7f0000000280)='./file0\x00') mknod$loop(&(0x7f0000000040)='./file0\x00', 0x0, 0x1) [ 591.069255] ? check_preemption_disabled+0x3c/0x250 [ 591.074278] ? bio_alloc_bioset+0x3ae/0x680 [ 591.078603] bio_alloc_bioset+0x3ae/0x680 [ 591.082752] ? btrfs_alloc_device+0xa4/0x6a0 [ 591.087169] ? rcu_read_lock_sched_held+0x110/0x130 [ 591.092193] ? bvec_alloc+0x2e0/0x2e0 [ 591.096091] btrfs_alloc_device+0xc3/0x6a0 [ 591.100337] ? btrfs_find_device_by_devspec+0xf0/0xf0 [ 591.105539] __btrfs_close_devices+0x2c6/0xa90 [ 591.110129] ? __mutex_unlock_slowpath+0x71/0x800 [ 591.114978] ? btrfs_alloc_device+0x6a0/0x6a0 [ 591.119489] btrfs_close_devices+0x29/0x140 [ 591.123820] btrfs_mount+0x1fc5/0x2b14 [ 591.127719] ? lock_downgrade+0x6e0/0x6e0 [ 591.131877] ? find_held_lock+0x35/0x130 [ 591.133561] overlayfs: workdir and upperdir must be separate subtrees [ 591.135945] ? pcpu_alloc+0x3af/0x1050 [ 591.135965] ? btrfs_remount+0x11f0/0x11f0 [ 591.135983] ? rcu_read_lock_sched_held+0x110/0x130 [ 591.136003] ? __lockdep_init_map+0x10c/0x570 [ 591.136021] mount_fs+0x97/0x2a1 [ 591.172933] vfs_kern_mount.part.0+0x5e/0x3d0 [ 591.177436] ? find_held_lock+0x35/0x130 [ 591.181492] vfs_kern_mount+0x40/0x60 [ 591.185287] btrfs_mount+0x3ce/0x2b14 [ 591.189081] ? lock_downgrade+0x6e0/0x6e0 [ 591.193253] ? find_held_lock+0x35/0x130 [ 591.197304] ? pcpu_alloc+0x3af/0x1050 [ 591.201191] ? btrfs_remount+0x11f0/0x11f0 [ 591.205428] ? rcu_read_lock_sched_held+0x110/0x130 [ 591.210445] ? __lockdep_init_map+0x10c/0x570 [ 591.214931] ? __lockdep_init_map+0x10c/0x570 [ 591.219419] mount_fs+0x97/0x2a1 [ 591.222802] vfs_kern_mount.part.0+0x5e/0x3d0 [ 591.227292] do_mount+0x417/0x27d0 [ 591.230827] ? copy_mount_string+0x40/0x40 [ 591.235051] ? __sanitizer_cov_trace_pc+0x2a/0x60 [ 591.239897] ? copy_mount_options+0x1fe/0x2f0 [ 591.244391] SyS_mount+0xab/0x120 [ 591.247833] ? copy_mnt_ns+0x8c0/0x8c0 [ 591.251714] do_syscall_64+0x1e8/0x640 [ 591.255588] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 591.260435] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 591.265615] RIP: 0033:0x45c27a 03:39:37 executing program 2: socketpair$unix(0x1, 0x0, 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="2001000010db55000000000000649bdb382db60cdb35feaf0900000000000000000000000000201483d9b22701010000d08a38cd02fa9ed7d2"], 0x1}}, 0x0) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x38) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) lsetxattr$security_selinux(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='security.selinux\x00', &(0x7f0000000100)='system_u:object_r:restorecond_var_run_t:s0\x00', 0x2b, 0x2) ptrace$cont(0x9, r0, 0x0, 0x0) 03:39:37 executing program 0: mkdir(&(0x7f00000000c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000180)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000000)='./file0\x00', &(0x7f0000000300)='overlay\x00', 0x0, &(0x7f0000000c40)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=./file1,workdir=./fi']) chdir(&(0x7f0000000280)='./file0\x00') mknod$loop(&(0x7f0000000040)='./file0\x00', 0x0, 0x1) 03:39:37 executing program 5: syz_open_dev$midi(&(0x7f00000002c0)='/dev/midi#\x00', 0x0, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_genetlink_get_family_id$tipc2(&(0x7f0000000300)='TIPCv2\x00') sendmsg$TIPC_NL_NET_SET(0xffffffffffffffff, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000780)=ANY=[@ANYBLOB="d8000000a307b29dea454467168b77ed1baffde32fdb944561107d1eba318c0601563a2b7a26abd662c7828b1f2d951d7d67c1ecafe4e6cb536aac6ed4c201a96aff2d31a91595b8ae734791ac0e3acf8ba5576e7fc7d03a0dc5cec661321a5c3927a055f891b0fbd4cea5e00f8bd30d75404a1a58fd0ff14e53009d856bb9e260c068ea590fff011d0fe491b8d48806ffd58ad40f92f1c096492616b0cc2280bed7054ad7e6d57efc54619950b357035c78a53cda6866927dc1dc88ba392c98acd27a0369b4f108b08218ad71616fd836d20669081c04d3812c8ddf32ad2ff942956ec6c80162a3adc51dd71bfb08c019b19a1c39fbd3fb78a725fe4a83383f585aad08cdc3b4c05cd7e0c6fd3034366204c6d483a5c267249f4092ca", @ANYRES16, @ANYBLOB="000000000000fbdbdf250f000000080002000400040008000600040002001c000200080001000000000004000400080002000000000004000400700004000c00070008000300000000003c00070008000400040000000800010000000000080001000000000008000100000000000800010004000000080002000000000008000400040000000c00010073797a31000000000c00010073797a30000000000c00010073797a3000000000280007000c00030000000000000000000c00040000000000000000000c0004000000000000000000"], 0xd8}, 0x1, 0x0, 0x0, 0x40}, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000)='/dev/hwrng\x00', 0x0, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r2, 0xae80, 0x0) 03:39:37 executing program 3: r0 = socket(0x10, 0x803, 0x0) sendto(r0, &(0x7f0000cfefee)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0x80, &(0x7f0000000380)=[{&(0x7f0000000040)=""/95, 0x5f}, {0x0}, {&(0x7f0000000fc0)=""/4096, 0x1000}, {&(0x7f0000000400)=""/120, 0x78}, {&(0x7f0000000480)=""/60, 0x3c}, {&(0x7f0000000200)=""/77, 0x4d}, {&(0x7f0000000540)=""/154, 0x9a}, {&(0x7f0000000340)=""/22, 0x16}], 0x8, &(0x7f0000002400)=""/191, 0xbf}}], 0x1, 0x0, &(0x7f0000003700)={0x77359400}) [ 591.268793] RSP: 002b:00007f4eb8d06a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 591.276492] RAX: ffffffffffffffda RBX: 00007f4eb8d06b40 RCX: 000000000045c27a [ 591.283777] RDX: 00007f4eb8d06ae0 RSI: 0000000020000100 RDI: 00007f4eb8d06b00 [ 591.291045] RBP: 0000000000000001 R08: 00007f4eb8d06b40 R09: 00007f4eb8d06ae0 [ 591.298306] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000006 [ 591.305825] R13: 00000000004c88e2 R14: 00000000004df6b0 R15: 0000000000000005 03:39:37 executing program 0: mkdir(&(0x7f00000000c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000180)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000000)='./file0\x00', &(0x7f0000000300)='overlay\x00', 0x0, &(0x7f0000000c40)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=./file1,workdir=./fi']) chdir(&(0x7f0000000280)='./file0\x00') mknod$loop(&(0x7f0000000040)='./file0\x00', 0x0, 0x1) [ 591.365413] ------------[ cut here ]------------ [ 591.368339] overlayfs: failed to resolve './fi': -2 [ 591.370201] kernel BUG at fs/btrfs/volumes.c:890! [ 591.377160] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 591.385562] Modules linked in: [ 591.388756] CPU: 0 PID: 20390 Comm: syz-executor.4 Not tainted 4.14.134 #30 [ 591.395846] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 591.405203] task: ffff888088114400 task.stack: ffff88808a770000 [ 591.411356] RIP: 0010:__btrfs_close_devices+0x7d8/0xa90 [ 591.413023] overlayfs: failed to resolve './fi': -2 [ 591.416710] RSP: 0018:ffff88808a777700 EFLAGS: 00010246 [ 591.416719] RAX: 0000000000040000 RBX: ffff888088b60940 RCX: ffffc9000784a000 [ 591.416725] RDX: 0000000000040000 RSI: ffffffff82656118 RDI: 0000000000000282 [ 591.416731] RBP: ffff88808a7777c8 R08: ffff888088114400 R09: ffff888088114cc8 [ 591.416736] R10: 0000000000000000 R11: 0000000000000000 R12: ffff8880a6986a80 [ 591.416741] R13: ffff888088b60a08 R14: fffffffffffffff4 R15: dffffc0000000000 [ 591.416748] FS: 00007f4eb8d07700(0000) GS:ffff8880aee00000(0000) knlGS:0000000000000000 [ 591.416758] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 591.438173] kobject: 'loop0' (ffff8880a49bc6e0): kobject_uevent_env [ 591.441667] CR2: 0000000020cfefee CR3: 000000005556e000 CR4: 00000000001426f0 [ 591.441676] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 591.441681] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 591.441684] Call Trace: [ 591.441701] ? __mutex_unlock_slowpath+0x71/0x800 [ 591.441715] ? btrfs_alloc_device+0x6a0/0x6a0 [ 591.441727] btrfs_close_devices+0x29/0x140 [ 591.441739] btrfs_mount+0x1fc5/0x2b14 [ 591.449136] kobject: 'loop0' (ffff8880a49bc6e0): fill_kobj_path: path = '/devices/virtual/block/loop0' [ 591.456276] ? lock_downgrade+0x6e0/0x6e0 [ 591.456284] ? find_held_lock+0x35/0x130 [ 591.456291] ? pcpu_alloc+0x3af/0x1050 [ 591.456305] ? btrfs_remount+0x11f0/0x11f0 [ 591.456318] ? rcu_read_lock_sched_held+0x110/0x130 [ 591.456330] ? __lockdep_init_map+0x10c/0x570 [ 591.456342] mount_fs+0x97/0x2a1 [ 591.456354] vfs_kern_mount.part.0+0x5e/0x3d0 [ 591.456365] ? find_held_lock+0x35/0x130 [ 591.572795] vfs_kern_mount+0x40/0x60 [ 591.576578] btrfs_mount+0x3ce/0x2b14 [ 591.580372] ? lock_downgrade+0x6e0/0x6e0 [ 591.584497] ? find_held_lock+0x35/0x130 [ 591.588537] ? pcpu_alloc+0x3af/0x1050 [ 591.592408] ? btrfs_remount+0x11f0/0x11f0 [ 591.596630] ? rcu_read_lock_sched_held+0x110/0x130 [ 591.600167] protocol 88fb is buggy, dev hsr_slave_1 [ 591.601638] ? __lockdep_init_map+0x10c/0x570 [ 591.601649] ? __lockdep_init_map+0x10c/0x570 [ 591.615605] mount_fs+0x97/0x2a1 [ 591.618964] vfs_kern_mount.part.0+0x5e/0x3d0 [ 591.623449] do_mount+0x417/0x27d0 [ 591.626973] ? copy_mount_string+0x40/0x40 [ 591.631188] ? __sanitizer_cov_trace_pc+0x2a/0x60 [ 591.636014] ? copy_mount_options+0x1fe/0x2f0 [ 591.640498] SyS_mount+0xab/0x120 [ 591.643953] ? copy_mnt_ns+0x8c0/0x8c0 [ 591.647823] do_syscall_64+0x1e8/0x640 [ 591.651701] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 591.656524] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 591.661690] RIP: 0033:0x45c27a [ 591.664854] RSP: 002b:00007f4eb8d06a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 591.672537] RAX: ffffffffffffffda RBX: 00007f4eb8d06b40 RCX: 000000000045c27a [ 591.679792] RDX: 00007f4eb8d06ae0 RSI: 0000000020000100 RDI: 00007f4eb8d06b00 [ 591.687047] RBP: 0000000000000001 R08: 00007f4eb8d06b40 R09: 00007f4eb8d06ae0 [ 591.694295] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000006 [ 591.701543] R13: 00000000004c88e2 R14: 00000000004df6b0 R15: 0000000000000005 [ 591.708800] Code: c1 ea 03 0f b6 04 02 84 c0 74 08 3c 03 0f 8e 59 02 00 00 48 8b 45 80 c7 80 10 01 00 00 00 00 00 00 e9 e2 f8 ff ff e8 e8 45 f7 fe <0f> 0b e8 e1 45 f7 fe 0f 0b 48 89 f7 e8 87 e7 20 ff e9 ad f8 ff [ 591.727896] RIP: __btrfs_close_devices+0x7d8/0xa90 RSP: ffff88808a777700 [ 591.738035] kobject: 'loop4' (ffff8880a4acc220): kobject_uevent_env [ 591.739466] ---[ end trace 88f9149ab32a600e ]--- [ 591.749106] kobject: 'loop4' (ffff8880a4acc220): fill_kobj_path: path = '/devices/virtual/block/loop4' [ 591.749557] Kernel panic - not syncing: Fatal exception [ 591.765172] Kernel Offset: disabled [ 591.768788] Rebooting in 86400 seconds..