x02\xaa|\xdd\xd0az\xc8,)\xedf\x89x>\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffe000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) 03:36:12 executing program 1: r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000040)=[@in={0x2, 0x0, @local}], 0x10) getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(r0, 0x84, 0x6d, &(0x7f00000001c0), &(0x7f0000000140)=0x8) 03:36:12 executing program 0: clone(0x1000000210007fb, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setreuid(0x0, 0xee00) r0 = openat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x2, 0xd4) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f00000002c0)=ANY=[@ANYBLOB="0400000000000000070000000000000001000000cd0e0000070000000000000006000000000000000900000000000000060000000000000000000000000000000000000000000000000200000000000000000000000000002500000000000000fcffffffffffffff020000000000000000000000000000000000000000000000051000000000000000000000000000000300000000000000030000000000000004000000000000000000000000000000000000000000000008030000000000000000000000000000060000000000000064000000210000005d5900000000000000000000d70799fa388a43df0000000000100000000000000000000000000000090000000000000000000000000000000300fffd0000000000000000000000000000000000000000001000000068a6b9b1000000000000000000000000000000330c000000008000090000000000e7ffffff1b00000000000000000000000000f57d0b9d0000000000000000000000000600e609d67a946a91b14b537d7f926d50000000000000a8000000000000000800000000000000000000000000000000000000000000000800"/439]) r1 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv4/vs/lblcr_expiration\x00', 0x2, 0x0) fanotify_mark(r0, 0x42, 0x8000010, r1, &(0x7f0000000080)='./file0\x00') clone(0x2000000, 0x0, 0x0, 0x0, 0x0) [ 533.350695] protocol 88fb is buggy, dev hsr_slave_0 [ 533.356494] protocol 88fb is buggy, dev hsr_slave_1 [ 533.357519] FAULT_INJECTION: forcing a failure. [ 533.357519] name failslab, interval 1, probability 0, space 0, times 0 [ 533.418285] CPU: 0 PID: 21514 Comm: syz-executor.2 Not tainted 4.14.138 #34 [ 533.425468] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 533.434821] Call Trace: [ 533.437411] dump_stack+0x138/0x19c [ 533.441133] should_fail.cold+0x10f/0x159 [ 533.445284] should_failslab+0xdb/0x130 [ 533.449258] __kmalloc+0x2f0/0x7a0 [ 533.452797] ? selinux_cred_prepare+0x85/0xb0 [ 533.457298] ? security_prepare_creds+0x89/0xb0 [ 533.461971] ? ovl_alloc_entry+0x25/0x70 [ 533.466031] ovl_alloc_entry+0x25/0x70 [ 533.469921] ovl_fill_super+0x1598/0x2660 [ 533.474077] ? ovl_put_super+0x4b0/0x4b0 [ 533.478134] ? sget_userns+0x76b/0xc30 [ 533.482019] ? get_anon_bdev+0x1c0/0x1c0 [ 533.486085] ? get_anon_bdev+0x1c0/0x1c0 [ 533.490142] ? sget+0xde/0x120 [ 533.493367] ? selinux_sb_copy_data+0x21e/0x390 [ 533.498035] ? ovl_put_super+0x4b0/0x4b0 [ 533.502095] mount_nodev+0x52/0xf0 [ 533.505636] ovl_mount+0x2d/0x40 [ 533.508999] mount_fs+0x97/0x2a1 [ 533.512378] vfs_kern_mount.part.0+0x5e/0x3d0 03:36:12 executing program 5: syz_open_dev$sndtimer(&(0x7f0000000100)='/dev/snd/timer\x00', 0x0, 0x0) r0 = memfd_create(&(0x7f0000000040)='\x00\xac=\x9d\xd2\xdb\xe6\xbf\xb4\b\xedcJ\x8e\x84\xd4N\x12\x9b\x1f\t\xbd\x11+\x86T\x16\xa3\xb3\xae0\x9f9?\xefo\xa4k\x012>\xa1\x9c\x86x\x1c\x9f\x84\x195\xde\x97_\t~\xf3Y\x12\"p^\xc1\x0f', 0x0) pipe2(&(0x7f00000001c0)={0xffffffffffffffff}, 0x80000) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000240)='TIPCv2\x00') sendmsg$TIPC_NL_PUBL_GET(r1, &(0x7f00000004c0)={&(0x7f0000000200), 0xc, &(0x7f0000000400)={&(0x7f0000000700)=ANY=[@ANYBLOB="f800b900ee6059aa5bf14ff6a69df6cf78598587885cc2979be4d33804ce45cf25a023e9d85b90b16d1c4f676e9d8d20b58f8357894ddc76b8621dbea8fcf60e000000000000beb107743e7f8356bb1b4c0de66bec6f53d13682abef3e61e52e81ef49b7430113f3811d3f04cf033549732f89d78a64aad3db174f0fa25aae831eb197865d", @ANYRES16=r2, @ANYBLOB="00012abd7000fedbdf25070000002400020008000100a400000008000100800000000800010000000000080001000600000068000100080003000000000008000300ff000000380004001400010002004e20e00000020000000000000000200002000a00000000000005ff010000000000000000000000000001060000000c00020008000300f7e50000100001007564703a73797a3100000000140009000800010002000000080002005f03000020000200080002003200000004000400080001000500000008000100fdffffff24000900080001000400000008000200348bffff08000100020000000800010000000100d38e0166af14aef0fed3fe37ccb98b8e1d618758710bcc343515620b7485b2e5d34afd97798864139f9bd4a82584dd5fa513b207b6aed55e6fa9e1a400b4c5cfda809f61fa901ac4e4a13376e03f6d591f4663839b5b00066e998ace"], 0xf8}, 0x1, 0x0, 0x0, 0x40000}, 0x20004010) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='Cpuacct.stE\xae\x00', 0x275a, 0x0) r3 = creat(&(0x7f0000000080)='./bus\x00', 0x0) fallocate(r3, 0x0, 0x0, 0x1) read$eventfd(r3, &(0x7f00000003c0), 0x8) fallocate(r0, 0xe, 0x6, 0xffffffffffff5a11) r4 = creat(&(0x7f0000000280)='./bus\x00', 0x80) r5 = socket$inet6(0xa, 0x400000000001, 0x0) r6 = fcntl$getown(r4, 0x9) capget(&(0x7f00000000c0)={0x20080522, r6}, &(0x7f0000000140)={0x1, 0x8000, 0x81, 0x40, 0xfffffffff0520d4f, 0x5}) r7 = dup(r5) ioctl$FICLONE(0xffffffffffffffff, 0x40049409, r5) setsockopt$inet6_tcp_int(r7, 0x6, 0x12, &(0x7f0000000000)=0x7f, 0x4) bind$inet6(r5, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r5, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$SO_BINDTODEVICE(r5, 0x1, 0x19, &(0x7f0000000180)='syz_tun\x00', 0x10) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x400}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r8 = open(&(0x7f0000000440)='./bus\x00', 0x141042, 0x0) ftruncate(r4, 0x800fe) sendfile(r7, r8, 0x0, 0x8000fffffffe) [ 533.516947] do_mount+0x417/0x27d0 [ 533.520484] ? copy_mount_options+0x5c/0x2f0 [ 533.520496] ? rcu_read_lock_sched_held+0x110/0x130 [ 533.520509] ? copy_mount_string+0x40/0x40 [ 533.520524] ? copy_mount_options+0x1fe/0x2f0 [ 533.520538] SyS_mount+0xab/0x120 [ 533.520547] ? copy_mnt_ns+0x8c0/0x8c0 [ 533.520561] do_syscall_64+0x1e8/0x640 [ 533.520570] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 533.520590] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 533.559919] RIP: 0033:0x459829 03:36:12 executing program 1: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000200)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f0000000000)='./file0\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x1000000000) mremap(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1000, 0x0, &(0x7f0000ffb000/0x1000)=nil) statfs(&(0x7f0000000240)='./file0/file0\x00', &(0x7f0000000280)=""/115) [ 533.563111] RSP: 002b:00007fba3cf61c78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 533.570822] RAX: ffffffffffffffda RBX: 00007fba3cf61c90 RCX: 0000000000459829 [ 533.578088] RDX: 00000000200000c0 RSI: 0000000020000000 RDI: 000000000040000a [ 533.585365] RBP: 000000000075bf20 R08: 0000000020000100 R09: 0000000000000000 [ 533.592636] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fba3cf626d4 [ 533.599907] R13: 00000000004c5e44 R14: 00000000004da948 R15: 0000000000000004 03:36:12 executing program 2 (fault-call:4 fault-nth:83): r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca50d5e0bcfe47bf070") mkdir(&(0x7f00000001c0)='./file0\x00', 0x0) mkdir(&(0x7f0000000040)='./file1\x00', 0x0) mount$overlay(0x40000a, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='overlay\x00', 0x0, &(0x7f0000000100)={[{@upperdir={'upperdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './file1'}, 0x5c}], [], 0xf603000000000000}) [ 533.670113] protocol 88fb is buggy, dev hsr_slave_0 [ 533.675299] protocol 88fb is buggy, dev hsr_slave_1 [ 533.732572] FAULT_INJECTION: forcing a failure. [ 533.732572] name failslab, interval 1, probability 0, space 0, times 0 [ 533.744734] CPU: 0 PID: 21546 Comm: syz-executor.2 Not tainted 4.14.138 #34 [ 533.751839] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 533.761185] Call Trace: [ 533.763774] dump_stack+0x138/0x19c [ 533.767404] should_fail.cold+0x10f/0x159 [ 533.771572] should_failslab+0xdb/0x130 [ 533.775555] kmem_cache_alloc_trace+0x2e9/0x790 [ 533.780225] ? trace_hardirqs_on+0x10/0x10 [ 533.784459] ? __lock_is_held+0xb6/0x140 [ 533.788524] ext4_readdir+0x18d9/0x2a40 [ 533.792508] ? __ext4_check_dir_entry+0x310/0x310 [ 533.797354] ? iterate_dir+0xc3/0x5f0 [ 533.801161] iterate_dir+0x1a2/0x5f0 [ 533.804870] ovl_indexdir_cleanup+0x19d/0x4b8 [ 533.809359] ? ovl_workdir_cleanup_recurse+0x4d0/0x4d0 [ 533.814619] ? mark_held_locks+0xb1/0x100 [ 533.818751] ? kfree+0x183/0x270 [ 533.822106] ? ovl_cache_entry_find_link.constprop.0+0x1b0/0x1b0 [ 533.828236] ? ovl_verify_origin+0x6b/0x130 [ 533.832552] ovl_fill_super+0x1e42/0x2660 [ 533.836691] ? ovl_put_super+0x4b0/0x4b0 [ 533.840730] ? sget_userns+0x76b/0xc30 [ 533.844596] ? get_anon_bdev+0x1c0/0x1c0 [ 533.848646] ? get_anon_bdev+0x1c0/0x1c0 [ 533.852696] ? sget+0xde/0x120 [ 533.855878] ? selinux_sb_copy_data+0x21e/0x390 [ 533.860527] ? ovl_put_super+0x4b0/0x4b0 [ 533.864569] mount_nodev+0x52/0xf0 [ 533.868089] ovl_mount+0x2d/0x40 [ 533.871447] mount_fs+0x97/0x2a1 [ 533.874807] vfs_kern_mount.part.0+0x5e/0x3d0 [ 533.879287] do_mount+0x417/0x27d0 [ 533.882829] ? copy_mount_options+0x5c/0x2f0 [ 533.887221] ? rcu_read_lock_sched_held+0x110/0x130 [ 533.892227] ? copy_mount_string+0x40/0x40 [ 533.896470] ? copy_mount_options+0x1fe/0x2f0 [ 533.900968] SyS_mount+0xab/0x120 [ 533.904413] ? copy_mnt_ns+0x8c0/0x8c0 [ 533.908284] do_syscall_64+0x1e8/0x640 [ 533.912156] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 533.916992] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 533.922247] RIP: 0033:0x459829 [ 533.925419] RSP: 002b:00007fba3cf61c78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 533.933203] RAX: ffffffffffffffda RBX: 00007fba3cf61c90 RCX: 0000000000459829 [ 533.940464] RDX: 00000000200000c0 RSI: 0000000020000000 RDI: 000000000040000a [ 533.947710] RBP: 000000000075bf20 R08: 0000000020000100 R09: 0000000000000000 [ 533.954968] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fba3cf626d4 [ 533.962215] R13: 00000000004c5e44 R14: 00000000004da948 R15: 0000000000000004 [ 533.969677] protocol 88fb is buggy, dev hsr_slave_0 [ 533.974789] protocol 88fb is buggy, dev hsr_slave_1 [ 533.996298] overlayfs: failed index dir cleanup (-12) [ 534.001759] overlayfs: try deleting index dir or mounting with '-o index=off' to disable inodes index. 03:36:15 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x822102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg$netlink(0xffffffffffffffff, &(0x7f0000001dc0)={0x0, 0x0, &(0x7f00000000c0)=[{0x0, 0xfffffffffffffce2}, {0x0, 0x15e}, {0x0, 0x2c3}, {&(0x7f0000000000)=ANY=[@ANYBLOB="b803010000000020000000000000000000"], 0x9c}], 0x4}, 0x0) r0 = gettid() wait4(0x0, 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x4) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 03:36:15 executing program 3: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, 0x0, &(0x7f0000000200)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000003c0)='./file0\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffe000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) 03:36:15 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)={0xfffffffffffffffc, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000000040, 0x0, 0x0, 0x3}) r1 = syz_open_pts(r0, 0x0) r2 = openat$selinux_avc_cache_threshold(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/avc/cache_threshold\x00', 0x2, 0x0) ioctl$SG_GET_PACK_ID(r2, 0x227c, &(0x7f00000000c0)) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000000)=0x2) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000380)) 03:36:15 executing program 5: syz_open_dev$sndtimer(&(0x7f0000000100)='/dev/snd/timer\x00', 0x0, 0xc2) r0 = memfd_create(0x0, 0x0) pipe2(&(0x7f00000001c0)={0xffffffffffffffff}, 0x80000) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000240)='TIPCv2\x00') sendmsg$TIPC_NL_PUBL_GET(r1, &(0x7f00000004c0)={&(0x7f0000000200), 0xc, &(0x7f0000000400)={&(0x7f0000000700)=ANY=[@ANYBLOB="f800b900ee6059aa5bf14ff6a69df6cf78598587885cc2979be4d33804ce45cf25a023e9d85b90b16d1c4f676e9d8d20b58f8357894ddc76b8621dbea8fcf60e000000000000beb107743e7f8356bb1b4c0de66bec6f53d13682abef3e61e52e81ef49b7430113f3811d3f04cf033549732f89d78a64aad3db174f0fa25aae831eb197865d", @ANYRES16=r2, @ANYBLOB="00012abd7000fedbdf25070000002400020008000100a400000008000100800000000800010000000000080001000600000068000100080003000000000008000300ff000000380004001400010002004e20e00000020000000000000000200002000a00000000000005ff010000000000000000000000000001060000000c00020008000300f7e50000100001007564703a73797a3100000000140009000800010002000000080002005f03000020000200080002003200000004000400080001000500000008000100fdffffff24000900080001000400000008000200348bffff08000100020000000800010000000100d38e0166af14aef0fed3fe37ccb98b8e1d618758710bcc343515620b7485b2e5d34afd97798864139f9bd4a82584dd5fa513b207b6aed55e6fa9e1a400b4c5cfda809f61fa901ac4e4a13376e03f6d591f4663839b5b00066e998ace"], 0xf8}, 0x1, 0x0, 0x0, 0x40000}, 0x20004010) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='Cpuacct.stE\xae\x00', 0x275a, 0x0) r3 = creat(&(0x7f0000000080)='./bus\x00', 0x0) fallocate(r3, 0x0, 0x0, 0x1) read$eventfd(r3, &(0x7f00000003c0), 0x8) fallocate(r0, 0xe, 0x6, 0xffffffffffff5a11) r4 = creat(&(0x7f0000000280)='./bus\x00', 0x80) r5 = socket$inet6(0xa, 0x400000000001, 0x0) r6 = fcntl$getown(r4, 0x9) capget(&(0x7f00000000c0)={0x20080522, r6}, &(0x7f0000000140)={0x1, 0x8000, 0x81, 0x40, 0xfffffffff0520d4f, 0x5}) r7 = dup(r5) ioctl$FICLONE(0xffffffffffffffff, 0x40049409, r5) setsockopt$inet6_tcp_int(r7, 0x6, 0x12, &(0x7f0000000000)=0x7f, 0x4) bind$inet6(r5, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r5, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$SO_BINDTODEVICE(r5, 0x1, 0x19, &(0x7f0000000180)='syz_tun\x00', 0x10) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x400}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r8 = open(&(0x7f0000000440)='./bus\x00', 0x141042, 0x0) ftruncate(r4, 0x800fe) sendfile(r7, r8, 0x0, 0x8000fffffffe) 03:36:15 executing program 0: mmap(&(0x7f0000011000/0x2000)=nil, 0x2000, 0x4, 0x31, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000040)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1}) readv(r0, &(0x7f0000001680)=[{&(0x7f0000000100)=""/216, 0xd8}], 0x1) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x3f, &(0x7f00000002c0)="11dca5055e0bcfe47bf070") syz_open_dev$evdev(&(0x7f0000012fee)='/.%v/\x11%put/event#\x00', 0x0, 0x0) r2 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet6_MRT6_DEL_MFC_PROXY(r2, 0x29, 0xd3, &(0x7f0000000240)={{0xa, 0x4e23, 0x1ff, @loopback, 0x100}, {0xa, 0x4e21, 0xffffffffffff7fff, @ipv4={[], [], @rand_addr=0x62}, 0x3}, 0x401, [0x400, 0x7fff, 0x6, 0x6, 0x9, 0x7, 0x6]}, 0x5c) openat$ipvs(0xffffffffffffff9c, &(0x7f0000000200)='/proc/sys/net/ipv4/vs/sync_refresh_period\x00', 0x2, 0x0) ioctl$UFFDIO_WAKE(r0, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000012000/0x4000)=nil, 0x4000}) 03:36:15 executing program 2 (fault-call:4 fault-nth:84): r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca50d5e0bcfe47bf070") mkdir(&(0x7f00000001c0)='./file0\x00', 0x0) mkdir(&(0x7f0000000040)='./file1\x00', 0x0) mount$overlay(0x40000a, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='overlay\x00', 0x0, &(0x7f0000000100)={[{@upperdir={'upperdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './file1'}, 0x5c}], [], 0xf603000000000000}) 03:36:15 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x822102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg$netlink(0xffffffffffffffff, &(0x7f0000001dc0)={0x0, 0x0, &(0x7f00000000c0)=[{0x0, 0xfffffffffffffce2}, {0x0, 0x15e}, {0x0, 0x2c3}, {&(0x7f0000000000)=ANY=[@ANYBLOB="b803010000000020000000000000000000"], 0x9c}], 0x4}, 0x0) r0 = gettid() wait4(0x0, 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x4) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 03:36:15 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) setsockopt$netlink_NETLINK_LISTEN_ALL_NSID(r0, 0x10e, 0x8, &(0x7f0000000000)=0xe0f5, 0x4) r2 = socket$inet(0x10, 0x80003, 0x0) setsockopt$IP_VS_SO_SET_TIMEOUT(r2, 0x0, 0x48a, &(0x7f0000000080)={0x401, 0x7, 0x6}, 0xc) getresgid(&(0x7f00000000c0), &(0x7f00000001c0)=0x0, &(0x7f0000000200)) lstat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) stat(&(0x7f0000000300)='\x00', &(0x7f0000000340)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) setresgid(r3, r4, r5) sendmsg(r2, &(0x7f0000000100)={0x0, 0xa1, &(0x7f0000000040)=[{&(0x7f0000000140)="2400001a0007041dfffd946f610500f213b7de6d6720cd64399902000004000000000000000008351cb93cd3ed29c1df00020004000300280000011100ffffba16a0aa1c090000000000001200a47e23f7efbf54969f0000000000000000000000008a1a", 0x57}], 0x1, 0x0, 0x34e}, 0x10000) 03:36:15 executing program 3: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, 0x0, &(0x7f0000000200)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000003c0)='./file0\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffe000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) [ 536.383629] FAULT_INJECTION: forcing a failure. [ 536.383629] name failslab, interval 1, probability 0, space 0, times 0 [ 536.447131] CPU: 0 PID: 21559 Comm: syz-executor.2 Not tainted 4.14.138 #34 [ 536.454279] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 536.463629] Call Trace: [ 536.466222] dump_stack+0x138/0x19c [ 536.469858] should_fail.cold+0x10f/0x159 [ 536.474096] should_failslab+0xdb/0x130 [ 536.478075] kmem_cache_alloc_trace+0x2e9/0x790 [ 536.482750] ? trace_hardirqs_on+0x10/0x10 [ 536.486988] ? __lock_is_held+0xb6/0x140 [ 536.491051] ext4_readdir+0x18d9/0x2a40 [ 536.492625] FAULT_FLAG_ALLOW_RETRY missing 70 [ 536.495037] ? __ext4_check_dir_entry+0x310/0x310 [ 536.495051] ? iterate_dir+0xc3/0x5f0 [ 536.508168] iterate_dir+0x1a2/0x5f0 [ 536.511891] ovl_indexdir_cleanup+0x19d/0x4b8 [ 536.516393] ? ovl_workdir_cleanup_recurse+0x4d0/0x4d0 [ 536.521673] ? mark_held_locks+0xb1/0x100 [ 536.525818] ? kfree+0x183/0x270 [ 536.529177] ? ovl_cache_entry_find_link.constprop.0+0x1b0/0x1b0 [ 536.535326] ? ovl_verify_origin+0x6b/0x130 [ 536.539650] ovl_fill_super+0x1e42/0x2660 [ 536.543807] ? ovl_put_super+0x4b0/0x4b0 [ 536.547859] ? sget_userns+0x76b/0xc30 [ 536.551743] ? get_anon_bdev+0x1c0/0x1c0 [ 536.555813] ? get_anon_bdev+0x1c0/0x1c0 [ 536.559868] ? sget+0xde/0x120 [ 536.563059] ? selinux_sb_copy_data+0x21e/0x390 [ 536.567730] ? ovl_put_super+0x4b0/0x4b0 [ 536.571791] mount_nodev+0x52/0xf0 [ 536.575335] ovl_mount+0x2d/0x40 [ 536.578708] mount_fs+0x97/0x2a1 [ 536.582081] vfs_kern_mount.part.0+0x5e/0x3d0 [ 536.586623] do_mount+0x417/0x27d0 [ 536.590187] ? copy_mount_string+0x40/0x40 [ 536.594417] ? copy_mount_options+0x151/0x2f0 [ 536.598916] ? __sanitizer_cov_trace_pc+0x4e/0x60 [ 536.603764] ? copy_mount_options+0x1fe/0x2f0 [ 536.608263] SyS_mount+0xab/0x120 [ 536.611709] ? copy_mnt_ns+0x8c0/0x8c0 [ 536.615604] do_syscall_64+0x1e8/0x640 [ 536.619485] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 536.624330] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 536.629530] RIP: 0033:0x459829 [ 536.632715] RSP: 002b:00007fba3cf61c78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 536.640509] RAX: ffffffffffffffda RBX: 00007fba3cf61c90 RCX: 0000000000459829 [ 536.647777] RDX: 00000000200000c0 RSI: 0000000020000000 RDI: 000000000040000a [ 536.655046] RBP: 000000000075bf20 R08: 0000000020000100 R09: 0000000000000000 [ 536.662309] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fba3cf626d4 [ 536.669671] R13: 00000000004c5e44 R14: 00000000004da948 R15: 0000000000000004 [ 536.676962] CPU: 1 PID: 21566 Comm: syz-executor.0 Not tainted 4.14.138 #34 [ 536.684076] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 536.693438] Call Trace: [ 536.696034] dump_stack+0x138/0x19c [ 536.699674] handle_userfault.cold+0x3c/0x50 [ 536.704092] ? find_get_entry+0x215/0x520 [ 536.708245] ? userfaultfd_ioctl+0x2fe0/0x2fe0 [ 536.712837] ? lock_downgrade+0x6e0/0x6e0 [ 536.717001] ? find_get_entry+0x23c/0x520 [ 536.721165] ? find_lock_entry+0x139/0x3f0 [ 536.725412] shmem_getpage_gfp+0x203b/0x25d0 [ 536.729847] ? shmem_add_to_page_cache+0x860/0x860 [ 536.734801] ? lock_downgrade+0x6e0/0x6e0 [ 536.738958] shmem_fault+0x203/0x720 [ 536.742685] ? shmem_read_mapping_page_gfp+0x150/0x150 [ 536.747966] ? find_get_entries_tag+0x830/0x830 [ 536.752642] __do_fault+0x104/0x390 [ 536.756276] __handle_mm_fault+0x2460/0x3470 [ 536.760693] ? vm_insert_mixed_mkwrite+0x40/0x40 [ 536.765452] ? find_held_lock+0x35/0x130 [ 536.769519] ? handle_mm_fault+0x1b6/0x7c0 [ 536.773770] handle_mm_fault+0x293/0x7c0 [ 536.777836] __do_page_fault+0x4c1/0xb80 [ 536.781907] ? vmalloc_fault+0xe30/0xe30 [ 536.785971] ? page_fault+0x2f/0x50 [ 536.789599] do_page_fault+0x71/0x511 [ 536.793408] ? page_fault+0x2f/0x50 03:36:15 executing program 5: syz_open_dev$sndtimer(&(0x7f0000000100)='/dev/snd/timer\x00', 0x0, 0xc2) r0 = memfd_create(0x0, 0x0) pipe2(&(0x7f00000001c0)={0xffffffffffffffff}, 0x80000) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000240)='TIPCv2\x00') sendmsg$TIPC_NL_PUBL_GET(r1, &(0x7f00000004c0)={&(0x7f0000000200), 0xc, &(0x7f0000000400)={&(0x7f0000000700)=ANY=[@ANYBLOB="f800b900ee6059aa5bf14ff6a69df6cf78598587885cc2979be4d33804ce45cf25a023e9d85b90b16d1c4f676e9d8d20b58f8357894ddc76b8621dbea8fcf60e000000000000beb107743e7f8356bb1b4c0de66bec6f53d13682abef3e61e52e81ef49b7430113f3811d3f04cf033549732f89d78a64aad3db174f0fa25aae831eb197865d", @ANYRES16=r2, @ANYBLOB="00012abd7000fedbdf25070000002400020008000100a400000008000100800000000800010000000000080001000600000068000100080003000000000008000300ff000000380004001400010002004e20e00000020000000000000000200002000a00000000000005ff010000000000000000000000000001060000000c00020008000300f7e50000100001007564703a73797a3100000000140009000800010002000000080002005f03000020000200080002003200000004000400080001000500000008000100fdffffff24000900080001000400000008000200348bffff08000100020000000800010000000100d38e0166af14aef0fed3fe37ccb98b8e1d618758710bcc343515620b7485b2e5d34afd97798864139f9bd4a82584dd5fa513b207b6aed55e6fa9e1a400b4c5cfda809f61fa901ac4e4a13376e03f6d591f4663839b5b00066e998ace"], 0xf8}, 0x1, 0x0, 0x0, 0x40000}, 0x20004010) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='Cpuacct.stE\xae\x00', 0x275a, 0x0) r3 = creat(&(0x7f0000000080)='./bus\x00', 0x0) fallocate(r3, 0x0, 0x0, 0x1) read$eventfd(r3, &(0x7f00000003c0), 0x8) fallocate(r0, 0xe, 0x6, 0xffffffffffff5a11) r4 = creat(&(0x7f0000000280)='./bus\x00', 0x80) r5 = socket$inet6(0xa, 0x400000000001, 0x0) r6 = fcntl$getown(r4, 0x9) capget(&(0x7f00000000c0)={0x20080522, r6}, &(0x7f0000000140)={0x1, 0x8000, 0x81, 0x40, 0xfffffffff0520d4f, 0x5}) r7 = dup(r5) ioctl$FICLONE(0xffffffffffffffff, 0x40049409, r5) setsockopt$inet6_tcp_int(r7, 0x6, 0x12, &(0x7f0000000000)=0x7f, 0x4) bind$inet6(r5, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r5, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$SO_BINDTODEVICE(r5, 0x1, 0x19, &(0x7f0000000180)='syz_tun\x00', 0x10) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x400}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r8 = open(&(0x7f0000000440)='./bus\x00', 0x141042, 0x0) ftruncate(r4, 0x800fe) sendfile(r7, r8, 0x0, 0x8000fffffffe) 03:36:15 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = openat$rtc(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/rtc\x00', 0x0, 0x0) ioctl$RTC_WKALM_SET(r1, 0x4028700f, &(0x7f0000000080)={0x2, 0x0, {0x0, 0x0, 0x0, 0x1f, 0xb, 0x60}}) r2 = syz_open_dev$dmmidi(&(0x7f0000000000)='/dev/dmmidi#\x00', 0x2, 0x44c0) getsockopt$bt_BT_POWER(r2, 0x112, 0x9, &(0x7f0000000040)=0x6, &(0x7f00000000c0)=0x1) socket$inet_udplite(0x2, 0x2, 0x88) 03:36:15 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x822102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg$netlink(0xffffffffffffffff, &(0x7f0000001dc0)={0x0, 0x0, &(0x7f00000000c0)=[{0x0, 0xfffffffffffffce2}, {0x0, 0x15e}, {0x0, 0x2c3}, {&(0x7f0000000000)=ANY=[@ANYBLOB="b803010000000020000000000000000000"], 0x9c}], 0x4}, 0x0) r0 = gettid() wait4(0x0, 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x4) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 03:36:15 executing program 3: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, 0x0, &(0x7f0000000200)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000003c0)='./file0\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffe000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) [ 536.797036] page_fault+0x45/0x50 [ 536.800488] RIP: 0033:0x4531c0 [ 536.803674] RSP: 002b:00007f37187db7a8 EFLAGS: 00010202 [ 536.809031] RAX: 00007f37187db850 RBX: 0000000000000003 RCX: 000000000000000e [ 536.816303] RDX: 00000000000003ff RSI: 0000000020012fe0 RDI: 00007f37187db850 [ 536.823575] RBP: 000000000075bfc8 R08: 00000000000003ff R09: 0000000000000000 [ 536.830856] R10: ffffffffffffffff R11: 0000000000000246 R12: 00007f37187dc6d4 [ 536.838129] R13: 00000000004c8beb R14: 00000000004dfb08 R15: 00000000ffffffff 03:36:15 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x822102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg$netlink(0xffffffffffffffff, &(0x7f0000001dc0)={0x0, 0x0, &(0x7f00000000c0)=[{0x0, 0xfffffffffffffce2}, {0x0, 0x15e}, {0x0, 0x2c3}, {&(0x7f0000000000)=ANY=[@ANYBLOB="b803010000000020000000000000000000"], 0x9c}], 0x4}, 0x0) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0xffffffffffffffff, r0, 0x0, 0x0) tkill(r0, 0x4) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 03:36:15 executing program 5: syz_open_dev$sndtimer(&(0x7f0000000100)='/dev/snd/timer\x00', 0x0, 0xc2) r0 = memfd_create(0x0, 0x0) pipe2(&(0x7f00000001c0)={0xffffffffffffffff}, 0x80000) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000240)='TIPCv2\x00') sendmsg$TIPC_NL_PUBL_GET(r1, &(0x7f00000004c0)={&(0x7f0000000200), 0xc, &(0x7f0000000400)={&(0x7f0000000700)=ANY=[@ANYBLOB="f800b900ee6059aa5bf14ff6a69df6cf78598587885cc2979be4d33804ce45cf25a023e9d85b90b16d1c4f676e9d8d20b58f8357894ddc76b8621dbea8fcf60e000000000000beb107743e7f8356bb1b4c0de66bec6f53d13682abef3e61e52e81ef49b7430113f3811d3f04cf033549732f89d78a64aad3db174f0fa25aae831eb197865d", @ANYRES16=r2, @ANYBLOB="00012abd7000fedbdf25070000002400020008000100a400000008000100800000000800010000000000080001000600000068000100080003000000000008000300ff000000380004001400010002004e20e00000020000000000000000200002000a00000000000005ff010000000000000000000000000001060000000c00020008000300f7e50000100001007564703a73797a3100000000140009000800010002000000080002005f03000020000200080002003200000004000400080001000500000008000100fdffffff24000900080001000400000008000200348bffff08000100020000000800010000000100d38e0166af14aef0fed3fe37ccb98b8e1d618758710bcc343515620b7485b2e5d34afd97798864139f9bd4a82584dd5fa513b207b6aed55e6fa9e1a400b4c5cfda809f61fa901ac4e4a13376e03f6d591f4663839b5b00066e998ace"], 0xf8}, 0x1, 0x0, 0x0, 0x40000}, 0x20004010) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='Cpuacct.stE\xae\x00', 0x275a, 0x0) r3 = creat(&(0x7f0000000080)='./bus\x00', 0x0) fallocate(r3, 0x0, 0x0, 0x1) read$eventfd(r3, &(0x7f00000003c0), 0x8) fallocate(r0, 0xe, 0x6, 0xffffffffffff5a11) r4 = creat(&(0x7f0000000280)='./bus\x00', 0x80) r5 = socket$inet6(0xa, 0x400000000001, 0x0) r6 = fcntl$getown(r4, 0x9) capget(&(0x7f00000000c0)={0x20080522, r6}, &(0x7f0000000140)={0x1, 0x8000, 0x81, 0x40, 0xfffffffff0520d4f, 0x5}) r7 = dup(r5) ioctl$FICLONE(0xffffffffffffffff, 0x40049409, r5) setsockopt$inet6_tcp_int(r7, 0x6, 0x12, &(0x7f0000000000)=0x7f, 0x4) bind$inet6(r5, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r5, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$SO_BINDTODEVICE(r5, 0x1, 0x19, &(0x7f0000000180)='syz_tun\x00', 0x10) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x400}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r8 = open(&(0x7f0000000440)='./bus\x00', 0x141042, 0x0) ftruncate(r4, 0x800fe) sendfile(r7, r8, 0x0, 0x8000fffffffe) 03:36:15 executing program 1: r0 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/sys/net/ipv4/vs/nat_icmp_send\x00', 0x2, 0x0) r1 = socket(0x1f, 0x80000, 0x0) sendto(r1, &(0x7f0000000180)="120000001200e7ef007b1a41cd00000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r1, &(0x7f00000037c0)=[{{0x0, 0x0, &(0x7f0000000380)=[{&(0x7f00000000c0)=""/85, 0x55}], 0x1}}], 0x1, 0x0, 0x0) r2 = socket(0x2, 0x2, 0x0) write$P9_RFLUSH(0xffffffffffffffff, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r0, 0x84, 0x76, &(0x7f0000000040)={0x0}, &(0x7f00000001c0)=0x8) setsockopt$inet_sctp6_SCTP_SET_PEER_PRIMARY_ADDR(r2, 0x84, 0x5, &(0x7f0000000200)={r3, @in={{0x2, 0x4e24, @initdev={0xac, 0x1e, 0x1, 0x0}}}}, 0x84) ppoll(&(0x7f0000000300), 0x0, 0x0, &(0x7f00000002c0), 0x8) setsockopt$inet_int(r2, 0x0, 0x40, &(0x7f0000000000), 0xfec7) [ 536.954813] overlayfs: failed index dir cleanup (-12) [ 536.974054] overlayfs: try deleting index dir or mounting with '-o index=off' to disable inodes index. 03:36:16 executing program 0: r0 = socket$inet6(0xa, 0x10000000003, 0x6) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000000)={{{@in=@empty, @in6=@remote, 0x0, 0x0, 0x0, 0x0, 0xa, 0x20}}, {{@in6=@ipv4={[], [], @remote}, 0x0, 0x3c}, 0x0, @in6=@local}}, 0xe8) r2 = syz_open_dev$vbi(&(0x7f0000000100)='/dev/vbi#\x00', 0x3, 0x2) mq_getsetattr(r2, &(0x7f0000000140)={0x3, 0x4, 0x4, 0xffffffff, 0x6, 0x3, 0x2, 0x8}, &(0x7f0000000180)) syz_emit_ethernet(0x4a, &(0x7f0000000240)={@local, @broadcast, [], {@ipv6={0x86dd, {0x0, 0x6, "d8652b", 0x14, 0x6, 0x0, @local, @local, {[], @tcp={{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0) 03:36:16 executing program 3: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0) chdir(&(0x7f00000003c0)='./file0\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffe000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) 03:36:16 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x822102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg$netlink(0xffffffffffffffff, &(0x7f0000001dc0)={0x0, 0x0, &(0x7f00000000c0)=[{0x0, 0xfffffffffffffce2}, {0x0, 0x15e}, {0x0, 0x2c3}, {&(0x7f0000000000)=ANY=[@ANYBLOB="b803010000000020000000000000000000"], 0x9c}], 0x4}, 0x0) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0xffffffffffffffff, r0, 0x0, 0x0) tkill(r0, 0x4) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 03:36:16 executing program 2 (fault-call:4 fault-nth:85): r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca50d5e0bcfe47bf070") mkdir(&(0x7f00000001c0)='./file0\x00', 0x0) mkdir(&(0x7f0000000040)='./file1\x00', 0x0) mount$overlay(0x40000a, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='overlay\x00', 0x0, &(0x7f0000000100)={[{@upperdir={'upperdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './file1'}, 0x5c}], [], 0xf603000000000000}) 03:36:16 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x822102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg$netlink(0xffffffffffffffff, &(0x7f0000001dc0)={0x0, 0x0, &(0x7f00000000c0)=[{0x0, 0xfffffffffffffce2}, {0x0, 0x15e}, {0x0, 0x2c3}, {&(0x7f0000000000)=ANY=[@ANYBLOB="b803010000000020000000000000000000"], 0x9c}], 0x4}, 0x0) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0xffffffffffffffff, r0, 0x0, 0x0) tkill(r0, 0x4) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) [ 537.181536] FAULT_INJECTION: forcing a failure. [ 537.181536] name failslab, interval 1, probability 0, space 0, times 0 [ 537.210944] CPU: 0 PID: 21609 Comm: syz-executor.2 Not tainted 4.14.138 #34 [ 537.218076] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 537.227428] Call Trace: [ 537.230016] dump_stack+0x138/0x19c [ 537.233654] should_fail.cold+0x10f/0x159 [ 537.237810] should_failslab+0xdb/0x130 [ 537.241789] __kmalloc+0x2f0/0x7a0 [ 537.245338] ? dx_probe+0x1080/0x1080 [ 537.249149] ? ovl_cache_entry_new+0x3c/0x360 [ 537.253658] ovl_cache_entry_new+0x3c/0x360 [ 537.257983] ovl_fill_merge+0x394/0xa50 [ 537.261957] ? ovl_cache_entry_find_link.constprop.0+0x1b0/0x1b0 [ 537.268101] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 537.273547] call_filldir+0x343/0x5e0 [ 537.277364] ext4_readdir+0x1df8/0x2a40 [ 537.281468] ? __ext4_check_dir_entry+0x310/0x310 [ 537.286320] ? iterate_dir+0xc3/0x5f0 [ 537.290118] iterate_dir+0x1a2/0x5f0 [ 537.293827] ovl_indexdir_cleanup+0x19d/0x4b8 [ 537.298303] ? ovl_workdir_cleanup_recurse+0x4d0/0x4d0 [ 537.303581] ? mark_held_locks+0xb1/0x100 [ 537.307723] ? kfree+0x183/0x270 [ 537.311077] ? ovl_cache_entry_find_link.constprop.0+0x1b0/0x1b0 [ 537.317223] ? ovl_verify_origin+0x6b/0x130 [ 537.321541] ovl_fill_super+0x1e42/0x2660 [ 537.325704] ? ovl_put_super+0x4b0/0x4b0 [ 537.329744] ? sget_userns+0x76b/0xc30 [ 537.333614] ? get_anon_bdev+0x1c0/0x1c0 [ 537.337707] ? get_anon_bdev+0x1c0/0x1c0 [ 537.341757] ? sget+0xde/0x120 [ 537.344942] ? selinux_sb_copy_data+0x21e/0x390 [ 537.349593] ? ovl_put_super+0x4b0/0x4b0 [ 537.353643] mount_nodev+0x52/0xf0 [ 537.357174] ovl_mount+0x2d/0x40 [ 537.360531] mount_fs+0x97/0x2a1 [ 537.363888] vfs_kern_mount.part.0+0x5e/0x3d0 [ 537.368372] do_mount+0x417/0x27d0 [ 537.371905] ? copy_mount_options+0x5c/0x2f0 [ 537.376326] ? rcu_read_lock_sched_held+0x110/0x130 [ 537.381343] ? copy_mount_string+0x40/0x40 [ 537.385575] ? copy_mount_options+0x1fe/0x2f0 [ 537.390064] SyS_mount+0xab/0x120 [ 537.393534] ? copy_mnt_ns+0x8c0/0x8c0 [ 537.397405] do_syscall_64+0x1e8/0x640 [ 537.401280] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 537.406145] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 537.411325] RIP: 0033:0x459829 [ 537.414514] RSP: 002b:00007fba3cf61c78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 537.422222] RAX: ffffffffffffffda RBX: 00007fba3cf61c90 RCX: 0000000000459829 03:36:16 executing program 3: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0) chdir(&(0x7f00000003c0)='./file0\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffe000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) 03:36:16 executing program 0: r0 = syz_open_dev$dri(&(0x7f0000000240)='/dev/dri/card#\x00', 0x0, 0x0) ioctl$FS_IOC_GETFSMAP(r0, 0xc0c0583b, &(0x7f00000004c0)=ANY=[@ANYBLOB="0000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000500000000ffffff7f03001f00f9ffffffffffffffb5000000000000000000c902000000000100ffffffffffff000000000000000c9caa5f000000009b456cb2100000000000000000000000000080000000030000000400000000000000840300000000000000000500000000000200000000000000000000000000000000000000000000000000000000000000005f0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001e8a9f8dbd6e16ce1c13429603ea16241bb851743b943f4fcce93b9340fa697d0dad2fa91f2cc6b84756fe8530e24e52e6d74e41d99daa6d7672a053dbfa384d9e74a3a8fd30cb5b73d9e3622e0bc0c7fd190e8d36e3eb4b3a13fddcbb25901c6ebe9ac8f22a3fbcb0cd4a9b6cdd4a1bb18c7b6b9199928af37b237e0c344c32cb7b335dab10684e9726a0a76db4f6d53047d2d57fa838b6de7bd49848cfd519f8ef23ef538e6f1a7797329c96142fbb50b09fc580794df79ad5587db476f443972eeeb4ede08d016e96fb3304cd9b65c489464fd97ff1e1ff8fffd62ea70b5e417abdb8964e80f29c8e14c4abe5211fd7b04bc6a3767cb972822dbf40e6af2c40b4d0f79cb1ad403fe7667fb589116a2ab033c399eb4eba08bb8b83291dcb1eee5d6241fcea9fb0d644d200be4eb55e75849cff00ee75bef2"]) fadvise64(r0, 0x4, 0x4, 0x4) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$DRM_IOCTL_RM_MAP(r0, 0x4028641b, &(0x7f0000000040)={0x0, 0x40, 0x7, 0x4, &(0x7f0000ffc000/0x3000)=nil}) openat$smack_task_current(0xffffffffffffff9c, 0x0, 0x2, 0x0) r1 = add_key$keyring(&(0x7f00000000c0)='keyring\x00', &(0x7f0000000100)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffc) r2 = add_key(&(0x7f0000000180)='asymmetric\x00', &(0x7f0000000200)={'syz', 0x0}, &(0x7f0000000380)="74840079dd173c3eb462149f7a1704ce005e7b50d63daadef480d608279488176da7688e618ff13afe2ee05a3fdfe8c623d4927f0ea9b7300315ad48805f7e9603b1a060ebf34f65058a3790a5", 0x4d, 0xfffffffffffffffe) keyctl$negate(0xd, r1, 0x8000, r2) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = syz_open_dev$usbmon(&(0x7f0000000000)='/dev/usbmon#\x00', 0x81, 0xa0100) ioctl$KVM_GET_NR_MMU_PAGES(r3, 0xae45, 0x101) ioctl$DRM_IOCTL_SET_MASTER(r0, 0x641e) setsockopt$packet_fanout_data(0xffffffffffffffff, 0x107, 0x16, &(0x7f00000001c0)={0x2, &(0x7f0000000140)=[{0x80000001, 0x7fff, 0x0, 0xffff}, {0x2, 0x6, 0x9, 0x4}]}, 0x10) r4 = shmget$private(0x0, 0x1000, 0x200, &(0x7f0000ffc000/0x1000)=nil) shmctl$SHM_LOCK(r4, 0xb) ioctl$DRM_IOCTL_SET_VERSION(r0, 0xc0106407, &(0x7f0000000080)={0x100000001, 0x2, 0xffffffff}) ioctl$PPPIOCSPASS(r3, 0x40107447, &(0x7f0000000440)={0x6, &(0x7f0000000400)=[{0x2000000000000000, 0x9, 0x6, 0x8}, {0xfffffffffffffff9, 0x8, 0x10001, 0xfffffffffffffffa}, {0x2, 0xffff, 0x5b, 0x40}, {0x4, 0x8, 0x3, 0xffffffffffffff00}, {0x0, 0x2, 0x7fffffff, 0x8}, {0x0, 0x30b12298, 0x7, 0xc03}]}) 03:36:16 executing program 5: syz_open_dev$sndtimer(&(0x7f0000000100)='/dev/snd/timer\x00', 0x0, 0xc2) r0 = memfd_create(&(0x7f0000000040)='\x00\xac=\x9d\xd2\xdb\xe6\xbf\xb4\b\xedcJ\x8e\x84\xd4N\x12\x9b\x1f\t\xbd\x11+\x86T\x16\xa3\xb3\xae0\x9f9?\xefo\xa4k\x012>\xa1\x9c\x86x\x1c\x9f\x84\x195\xde\x97_\t~\xf3Y\x12\"p^\xc1\x0f', 0x0) pipe2(0x0, 0x80000) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000240)='TIPCv2\x00') sendmsg$TIPC_NL_PUBL_GET(0xffffffffffffffff, &(0x7f00000004c0)={&(0x7f0000000200), 0xc, &(0x7f0000000400)={&(0x7f0000000700)=ANY=[@ANYBLOB="f800b900ee6059aa5bf14ff6a69df6cf78598587885cc2979be4d33804ce45cf25a023e9d85b90b16d1c4f676e9d8d20b58f8357894ddc76b8621dbea8fcf60e000000000000beb107743e7f8356bb1b4c0de66bec6f53d13682abef3e61e52e81ef49b7430113f3811d3f04cf033549732f89d78a64aad3db174f0fa25aae831eb197865d", @ANYRES16=r1, @ANYBLOB="00012abd7000fedbdf25070000002400020008000100a400000008000100800000000800010000000000080001000600000068000100080003000000000008000300ff000000380004001400010002004e20e00000020000000000000000200002000a00000000000005ff010000000000000000000000000001060000000c00020008000300f7e50000100001007564703a73797a3100000000140009000800010002000000080002005f03000020000200080002003200000004000400080001000500000008000100fdffffff24000900080001000400000008000200348bffff08000100020000000800010000000100d38e0166af14aef0fed3fe37ccb98b8e1d618758710bcc343515620b7485b2e5d34afd97798864139f9bd4a82584dd5fa513b207b6aed55e6fa9e1a400b4c5cfda809f61fa901ac4e4a13376e03f6d591f4663839b5b00066e998ace"], 0xf8}, 0x1, 0x0, 0x0, 0x40000}, 0x20004010) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='Cpuacct.stE\xae\x00', 0x275a, 0x0) r2 = creat(&(0x7f0000000080)='./bus\x00', 0x0) fallocate(r2, 0x0, 0x0, 0x1) read$eventfd(r2, &(0x7f00000003c0), 0x8) fallocate(r0, 0xe, 0x6, 0xffffffffffff5a11) r3 = creat(&(0x7f0000000280)='./bus\x00', 0x80) r4 = socket$inet6(0xa, 0x400000000001, 0x0) r5 = fcntl$getown(r3, 0x9) capget(&(0x7f00000000c0)={0x20080522, r5}, &(0x7f0000000140)={0x1, 0x8000, 0x81, 0x40, 0xfffffffff0520d4f, 0x5}) r6 = dup(r4) ioctl$FICLONE(0xffffffffffffffff, 0x40049409, r4) setsockopt$inet6_tcp_int(r6, 0x6, 0x12, &(0x7f0000000000)=0x7f, 0x4) bind$inet6(r4, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r4, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$SO_BINDTODEVICE(r4, 0x1, 0x19, &(0x7f0000000180)='syz_tun\x00', 0x10) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x400}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r7 = open(&(0x7f0000000440)='./bus\x00', 0x141042, 0x0) ftruncate(r3, 0x800fe) sendfile(r6, r7, 0x0, 0x8000fffffffe) 03:36:16 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x822102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg$netlink(0xffffffffffffffff, &(0x7f0000001dc0)={0x0, 0x0, &(0x7f00000000c0)=[{0x0, 0xfffffffffffffce2}, {0x0, 0x15e}, {0x0, 0x2c3}, {&(0x7f0000000000)=ANY=[@ANYBLOB="b803010000000020000000000000000000"], 0x9c}], 0x4}, 0x0) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, 0x0, 0x0, 0x0) tkill(r0, 0x4) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) [ 537.429484] RDX: 00000000200000c0 RSI: 0000000020000000 RDI: 000000000040000a [ 537.436760] RBP: 000000000075bf20 R08: 0000000020000100 R09: 0000000000000000 [ 537.444025] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fba3cf626d4 [ 537.451286] R13: 00000000004c5e44 R14: 00000000004da948 R15: 0000000000000004 03:36:16 executing program 2 (fault-call:4 fault-nth:86): r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca50d5e0bcfe47bf070") mkdir(&(0x7f00000001c0)='./file0\x00', 0x0) mkdir(&(0x7f0000000040)='./file1\x00', 0x0) mount$overlay(0x40000a, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='overlay\x00', 0x0, &(0x7f0000000100)={[{@upperdir={'upperdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './file1'}, 0x5c}], [], 0xf603000000000000}) [ 537.490483] overlayfs: failed index dir cleanup (-12) [ 537.510114] net_ratelimit: 18 callbacks suppressed [ 537.510120] protocol 88fb is buggy, dev hsr_slave_0 [ 537.512850] overlayfs: try deleting index dir or mounting with '-o index=off' to disable inodes index. [ 537.515167] protocol 88fb is buggy, dev hsr_slave_1 03:36:16 executing program 3: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0) chdir(&(0x7f00000003c0)='./file0\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffe000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) [ 537.693413] FAULT_INJECTION: forcing a failure. [ 537.693413] name failslab, interval 1, probability 0, space 0, times 0 [ 537.705053] CPU: 0 PID: 21636 Comm: syz-executor.2 Not tainted 4.14.138 #34 [ 537.712156] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 537.721509] Call Trace: [ 537.724101] dump_stack+0x138/0x19c [ 537.727737] should_fail.cold+0x10f/0x159 [ 537.731892] should_failslab+0xdb/0x130 [ 537.735869] kmem_cache_alloc+0x2d7/0x780 [ 537.740023] ? ovl_alloc_inode+0x1c/0x190 [ 537.744175] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 537.749632] selinux_inode_alloc_security+0xb6/0x2a0 [ 537.754802] security_inode_alloc+0x94/0xd0 [ 537.759158] inode_init_always+0x552/0xaf0 [ 537.763426] alloc_inode+0x81/0x180 [ 537.767051] new_inode_pseudo+0x19/0xf0 [ 537.771024] new_inode+0x1f/0x40 [ 537.774394] ovl_new_inode+0x1e/0x50 [ 537.778108] ovl_fill_super+0x16a3/0x2660 [ 537.782265] ? ovl_put_super+0x4b0/0x4b0 [ 537.786323] ? sget_userns+0x76b/0xc30 [ 537.790215] ? get_anon_bdev+0x1c0/0x1c0 [ 537.794283] ? get_anon_bdev+0x1c0/0x1c0 [ 537.798357] ? sget+0xde/0x120 [ 537.801558] ? selinux_sb_copy_data+0x21e/0x390 [ 537.806232] ? ovl_put_super+0x4b0/0x4b0 [ 537.810294] mount_nodev+0x52/0xf0 [ 537.813837] ovl_mount+0x2d/0x40 [ 537.817205] mount_fs+0x97/0x2a1 [ 537.820578] vfs_kern_mount.part.0+0x5e/0x3d0 [ 537.825081] do_mount+0x417/0x27d0 [ 537.828624] ? copy_mount_options+0x5c/0x2f0 [ 537.833049] ? rcu_read_lock_sched_held+0x110/0x130 [ 537.838071] ? copy_mount_string+0x40/0x40 [ 537.842309] ? copy_mount_options+0x1fe/0x2f0 [ 537.842322] SyS_mount+0xab/0x120 [ 537.842330] ? copy_mnt_ns+0x8c0/0x8c0 [ 537.842344] do_syscall_64+0x1e8/0x640 [ 537.842361] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 537.842378] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 537.842386] RIP: 0033:0x459829 [ 537.842392] RSP: 002b:00007fba3cf61c78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 537.842404] RAX: ffffffffffffffda RBX: 00007fba3cf61c90 RCX: 0000000000459829 [ 537.842410] RDX: 00000000200000c0 RSI: 0000000020000000 RDI: 000000000040000a [ 537.842416] RBP: 000000000075bf20 R08: 0000000020000100 R09: 0000000000000000 [ 537.842421] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fba3cf626d4 [ 537.842431] R13: 00000000004c5e44 R14: 00000000004da948 R15: 0000000000000004 [ 537.915543] protocol 88fb is buggy, dev hsr_slave_0 [ 537.920651] protocol 88fb is buggy, dev hsr_slave_1 03:36:16 executing program 1: r0 = socket(0x1e, 0x5, 0x0) r1 = socket(0x1e, 0x2, 0x0) bind(r1, &(0x7f0000d80f80)=@generic={0x1e, "0103000000000000000000000000000009a979f321b30c7bc8790405c7bad62e0a43a632ed4938d36d73fb8f8401a3ff59829a2b0afe7ce43a4b2470a0c5216669ca021f6f65dcf160e7e58f358c0002f0000158d19bcb31f1314a8ef151622ca5bdb9c8ead2000077aeb81c90001d6d7c980ee590c8b9f70dc136cb184a"}, 0x80) getsockopt$inet_sctp_SCTP_RECVNXTINFO(r1, 0x84, 0x21, &(0x7f0000000180), &(0x7f00000001c0)=0x4) connect$llc(r0, &(0x7f0000000040)={0x1e, 0x302, 0x0, 0x0, 0x0, 0x6}, 0x10) r2 = syz_open_dev$usb(&(0x7f0000000000)='/dev/bus/usb/00#/00#\x00', 0x8, 0x800) ioctl$VIDIOC_DBG_G_CHIP_INFO(r2, 0xc0c85666, &(0x7f0000000080)={{0x2, @name="602685454177a02b3c896e0c97760e0e4c684e1fc72987ef70eefd0d53cd366d"}, "812947ec4b1abfaf4f276c143f60dc845ccc0c2a9ed2b7061a8658296b80784b", 0x3}) 03:36:16 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x822102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg$netlink(0xffffffffffffffff, &(0x7f0000001dc0)={0x0, 0x0, &(0x7f00000000c0)=[{0x0, 0xfffffffffffffce2}, {0x0, 0x15e}, {0x0, 0x2c3}, {&(0x7f0000000000)=ANY=[@ANYBLOB="b803010000000020000000000000000000"], 0x9c}], 0x4}, 0x0) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, 0x0, 0x0, 0x0) tkill(r0, 0x4) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 03:36:16 executing program 0: r0 = socket(0x10, 0x802, 0x0) add_key(&(0x7f0000000680)='.dead\x00\x97M\nj\x82P\x11,i\xbe\xbc\xd7+\xff`\x8a\x16\x06~n\x00\x82S\xb1nj\xebl \xed9\x90\xab\x15\xd6\x82\x10`\x8a?p\xf8Y\xa0\x90-`~\xc4F\x02p\x05\xc5\xc3\x19*\xbe\xbf\xee\xe6-4\xfc\x8b\xe7-\x1b\\\x1cT\xfd\t\xb4h\x82\x185Ar\x8e\x87\xa5\x87\xe6\xee\x9do\x90\x0fte\x9fB$\"\xefj\x03\xdd\xfc$[\xae\x8e\x8b\x8b\xbb;\xfc\x12\xf3\"\x9f\x00\xac\x18v\xdd\xa9\xce=\x93:\xbe,+/NK\xf8\xf5R\x1f\x05\x8cr\n@\xe8\b\x16vR,Z\xa2\xd2\xaa\x16Q\xecC\xcd\x18\xbd3\xd2\x9f$\x05\'`\xdcJE\x03\xd8\x83\xf0\x13GfQ_h\xc5<\x85\xce\x98\x86\xe0\x91\xfab94\x06\xb5X\xb8\xa9t\xf2\xba\x00\x00', 0x0, &(0x7f0000000480)="e8fe098c5024c470e5a1555ba566449dfca6006f12b461346f6f6985891c", 0x1e, 0xfffffffffffffff9) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440)='/dev/kvm\x00', 0x0, 0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') connect(0xffffffffffffffff, &(0x7f0000000180)=@in6={0xa, 0x0, 0x0, @dev}, 0x5a) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000006000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) r3 = dup2(r1, r2) ioctl$VIDIOC_SUBDEV_G_SELECTION(r3, 0xc040563d, &(0x7f0000000280)={0x0, 0x0, 0x102, 0x1, {0x81, 0xd3, 0x400, 0x100000000}}) ioctl$TIOCGISO7816(0xffffffffffffffff, 0x80285442, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x40305828, &(0x7f0000000200)={0x0, 0x4, 0x6, 0x20}) setsockopt$inet_icmp_ICMP_FILTER(0xffffffffffffffff, 0x1, 0x1, &(0x7f0000000240), 0x4) connect$inet(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000500)='./cgroup\x00', 0x200002, 0x0) fchdir(r4) openat$pfkey(0xffffffffffffff9c, 0x0, 0x0, 0x0) io_setup(0x0, 0x0) syz_open_dev$media(0x0, 0x0, 0x20000) ioctl$KVM_GET_TSC_KHZ(0xffffffffffffffff, 0xaea3) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f00000004c0)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) umount2(&(0x7f0000000540)='./file0\x00', 0x4) readv(0xffffffffffffffff, 0x0, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x1040000004, 0x0, 0x0, 0x0, 0x4cc]}) ioctl$IMGETVERSION(r0, 0x80044942, &(0x7f0000000140)) r5 = getpgrp(0x0) r6 = dup3(r0, r0, 0x80000) perf_event_open(&(0x7f0000000080)={0x2, 0x70, 0x5, 0x8000, 0x862b, 0x81, 0x0, 0xfff, 0x60000, 0x4, 0xfffffffffffffff7, 0x5, 0x8000, 0x7f, 0x8001, 0x5, 0x20, 0xfffffffffffffffc, 0x7, 0x3d, 0x8001, 0x1, 0x1, 0x1, 0x100, 0xd0c, 0x6, 0xffffffffffffff71, 0x9, 0x7fff, 0x80000000, 0x9f19, 0x40, 0x1ab4, 0x6, 0x5, 0x80000001, 0xff, 0x0, 0x6, 0x2, @perf_bp={&(0x7f0000000040), 0x8}, 0x20000, 0x0, 0x0, 0x7, 0x5, 0x8, 0x800}, r5, 0xf, r6, 0x2) write(r0, &(0x7f0000000580)="fc00000048000700ab092500090007000aab07ff010000000000369321000100ff0100000005d0000000000000039815fa2c1ec28656aaa79bb94b46fe000000bc00820000036c6c256f1a272f2e117c22ebc205214000000000008934d7d5bbc91a3e2e80772c05defd5a32e280fc83ab82f605f70c9ddef2fe082038f4f8b29d3ef3d92c83170e5bba4a463ae4f5566f91cf190201ded815b2ccd243f295ed94e0ad91bd0734babc7c3f2eeb57d43dd16b17e583df150c3b880f411f46a6b567b4d5715587e658a1ad0a4f01731d05b0350b0041f0d48f6f0000080548deac270e33429fd3000175e63fb8d38a873cf1587c3b4100000000000000", 0xfc) 03:36:16 executing program 3: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000200)='devtmpfs\x00', 0x0, 0x0) chdir(0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffe000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) 03:36:16 executing program 5: syz_open_dev$sndtimer(&(0x7f0000000100)='/dev/snd/timer\x00', 0x0, 0xc2) r0 = memfd_create(&(0x7f0000000040)='\x00\xac=\x9d\xd2\xdb\xe6\xbf\xb4\b\xedcJ\x8e\x84\xd4N\x12\x9b\x1f\t\xbd\x11+\x86T\x16\xa3\xb3\xae0\x9f9?\xefo\xa4k\x012>\xa1\x9c\x86x\x1c\x9f\x84\x195\xde\x97_\t~\xf3Y\x12\"p^\xc1\x0f', 0x0) pipe2(0x0, 0x80000) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000240)='TIPCv2\x00') sendmsg$TIPC_NL_PUBL_GET(0xffffffffffffffff, &(0x7f00000004c0)={&(0x7f0000000200), 0xc, &(0x7f0000000400)={&(0x7f0000000700)=ANY=[@ANYBLOB="f800b900ee6059aa5bf14ff6a69df6cf78598587885cc2979be4d33804ce45cf25a023e9d85b90b16d1c4f676e9d8d20b58f8357894ddc76b8621dbea8fcf60e000000000000beb107743e7f8356bb1b4c0de66bec6f53d13682abef3e61e52e81ef49b7430113f3811d3f04cf033549732f89d78a64aad3db174f0fa25aae831eb197865d", @ANYRES16=r1, @ANYBLOB="00012abd7000fedbdf25070000002400020008000100a400000008000100800000000800010000000000080001000600000068000100080003000000000008000300ff000000380004001400010002004e20e00000020000000000000000200002000a00000000000005ff010000000000000000000000000001060000000c00020008000300f7e50000100001007564703a73797a3100000000140009000800010002000000080002005f03000020000200080002003200000004000400080001000500000008000100fdffffff24000900080001000400000008000200348bffff08000100020000000800010000000100d38e0166af14aef0fed3fe37ccb98b8e1d618758710bcc343515620b7485b2e5d34afd97798864139f9bd4a82584dd5fa513b207b6aed55e6fa9e1a400b4c5cfda809f61fa901ac4e4a13376e03f6d591f4663839b5b00066e998ace"], 0xf8}, 0x1, 0x0, 0x0, 0x40000}, 0x20004010) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='Cpuacct.stE\xae\x00', 0x275a, 0x0) r2 = creat(&(0x7f0000000080)='./bus\x00', 0x0) fallocate(r2, 0x0, 0x0, 0x1) read$eventfd(r2, &(0x7f00000003c0), 0x8) fallocate(r0, 0xe, 0x6, 0xffffffffffff5a11) r3 = creat(&(0x7f0000000280)='./bus\x00', 0x80) r4 = socket$inet6(0xa, 0x400000000001, 0x0) r5 = fcntl$getown(r3, 0x9) capget(&(0x7f00000000c0)={0x20080522, r5}, &(0x7f0000000140)={0x1, 0x8000, 0x81, 0x40, 0xfffffffff0520d4f, 0x5}) r6 = dup(r4) ioctl$FICLONE(0xffffffffffffffff, 0x40049409, r4) setsockopt$inet6_tcp_int(r6, 0x6, 0x12, &(0x7f0000000000)=0x7f, 0x4) bind$inet6(r4, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r4, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$SO_BINDTODEVICE(r4, 0x1, 0x19, &(0x7f0000000180)='syz_tun\x00', 0x10) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x400}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r7 = open(&(0x7f0000000440)='./bus\x00', 0x141042, 0x0) ftruncate(r3, 0x800fe) sendfile(r6, r7, 0x0, 0x8000fffffffe) 03:36:16 executing program 2 (fault-call:4 fault-nth:87): r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca50d5e0bcfe47bf070") mkdir(&(0x7f00000001c0)='./file0\x00', 0x0) mkdir(&(0x7f0000000040)='./file1\x00', 0x0) mount$overlay(0x40000a, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='overlay\x00', 0x0, &(0x7f0000000100)={[{@upperdir={'upperdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './file1'}, 0x5c}], [], 0xf603000000000000}) 03:36:17 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x822102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg$netlink(0xffffffffffffffff, &(0x7f0000001dc0)={0x0, 0x0, &(0x7f00000000c0)=[{0x0, 0xfffffffffffffce2}, {0x0, 0x15e}, {0x0, 0x2c3}, {&(0x7f0000000000)=ANY=[@ANYBLOB="b803010000000020000000000000000000"], 0x9c}], 0x4}, 0x0) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, 0x0, 0x0, 0x0) tkill(r0, 0x4) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) [ 538.070197] protocol 88fb is buggy, dev hsr_slave_0 [ 538.075335] protocol 88fb is buggy, dev hsr_slave_1 [ 538.080519] protocol 88fb is buggy, dev hsr_slave_0 [ 538.085595] protocol 88fb is buggy, dev hsr_slave_1 03:36:17 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="c0dca5055e0bcfec7be070") connect$inet6(0xffffffffffffffff, 0x0, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) unshare(0x40000000) socket$nl_xfrm(0x10, 0x3, 0x6) pipe(0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffff9c, &(0x7f0000000100)={0x0, 0x18, 0xfa00, {0x0, 0x0, 0x106, 0xb}}, 0x20) r1 = socket$inet6(0xa, 0x3, 0x3a) prctl$PR_SET_ENDIAN(0x14, 0x1) setsockopt$inet6_int(r1, 0x29, 0xc8, &(0x7f00000007c0), 0x4) setsockopt$inet6_MRT6_ADD_MIF(r1, 0x29, 0xca, &(0x7f0000000080)={0x9, 0x1}, 0x130) setsockopt$inet6_MRT6_ADD_MFC(r1, 0x29, 0xc9, 0x0, 0x0) 03:36:17 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x822102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg$netlink(0xffffffffffffffff, &(0x7f0000001dc0)={0x0, 0x0, &(0x7f00000000c0)=[{0x0, 0xfffffffffffffce2}, {0x0, 0x15e}, {0x0, 0x2c3}, {&(0x7f0000000000)=ANY=[@ANYBLOB="b803010000000020000000000000000000"], 0x9c}], 0x4}, 0x0) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(0x0, 0x4) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 03:36:17 executing program 3: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000200)='devtmpfs\x00', 0x0, 0x0) chdir(0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffe000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) 03:36:17 executing program 0: r0 = socket(0x10, 0x802, 0x0) add_key(&(0x7f0000000680)='.dead\x00\x97M\nj\x82P\x11,i\xbe\xbc\xd7+\xff`\x8a\x16\x06~n\x00\x82S\xb1nj\xebl \xed9\x90\xab\x15\xd6\x82\x10`\x8a?p\xf8Y\xa0\x90-`~\xc4F\x02p\x05\xc5\xc3\x19*\xbe\xbf\xee\xe6-4\xfc\x8b\xe7-\x1b\\\x1cT\xfd\t\xb4h\x82\x185Ar\x8e\x87\xa5\x87\xe6\xee\x9do\x90\x0fte\x9fB$\"\xefj\x03\xdd\xfc$[\xae\x8e\x8b\x8b\xbb;\xfc\x12\xf3\"\x9f\x00\xac\x18v\xdd\xa9\xce=\x93:\xbe,+/NK\xf8\xf5R\x1f\x05\x8cr\n@\xe8\b\x16vR,Z\xa2\xd2\xaa\x16Q\xecC\xcd\x18\xbd3\xd2\x9f$\x05\'`\xdcJE\x03\xd8\x83\xf0\x13GfQ_h\xc5<\x85\xce\x98\x86\xe0\x91\xfab94\x06\xb5X\xb8\xa9t\xf2\xba\x00\x00', 0x0, &(0x7f0000000480)="e8fe098c5024c470e5a1555ba566449dfca6006f12b461346f6f6985891c", 0x1e, 0xfffffffffffffff9) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440)='/dev/kvm\x00', 0x0, 0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') connect(0xffffffffffffffff, &(0x7f0000000180)=@in6={0xa, 0x0, 0x0, @dev}, 0x5a) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000006000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) r3 = dup2(r1, r2) ioctl$VIDIOC_SUBDEV_G_SELECTION(r3, 0xc040563d, &(0x7f0000000280)={0x0, 0x0, 0x102, 0x1, {0x81, 0xd3, 0x400, 0x100000000}}) ioctl$TIOCGISO7816(0xffffffffffffffff, 0x80285442, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x40305828, &(0x7f0000000200)={0x0, 0x4, 0x6, 0x20}) setsockopt$inet_icmp_ICMP_FILTER(0xffffffffffffffff, 0x1, 0x1, &(0x7f0000000240), 0x4) connect$inet(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000500)='./cgroup\x00', 0x200002, 0x0) fchdir(r4) openat$pfkey(0xffffffffffffff9c, 0x0, 0x0, 0x0) io_setup(0x0, 0x0) syz_open_dev$media(0x0, 0x0, 0x20000) ioctl$KVM_GET_TSC_KHZ(0xffffffffffffffff, 0xaea3) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f00000004c0)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) umount2(&(0x7f0000000540)='./file0\x00', 0x4) readv(0xffffffffffffffff, 0x0, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x1040000004, 0x0, 0x0, 0x0, 0x4cc]}) ioctl$IMGETVERSION(r0, 0x80044942, &(0x7f0000000140)) r5 = getpgrp(0x0) r6 = dup3(r0, r0, 0x80000) perf_event_open(&(0x7f0000000080)={0x2, 0x70, 0x5, 0x8000, 0x862b, 0x81, 0x0, 0xfff, 0x60000, 0x4, 0xfffffffffffffff7, 0x5, 0x8000, 0x7f, 0x8001, 0x5, 0x20, 0xfffffffffffffffc, 0x7, 0x3d, 0x8001, 0x1, 0x1, 0x1, 0x100, 0xd0c, 0x6, 0xffffffffffffff71, 0x9, 0x7fff, 0x80000000, 0x9f19, 0x40, 0x1ab4, 0x6, 0x5, 0x80000001, 0xff, 0x0, 0x6, 0x2, @perf_bp={&(0x7f0000000040), 0x8}, 0x20000, 0x0, 0x0, 0x7, 0x5, 0x8, 0x800}, r5, 0xf, r6, 0x2) write(r0, &(0x7f0000000580)="fc00000048000700ab092500090007000aab07ff010000000000369321000100ff0100000005d0000000000000039815fa2c1ec28656aaa79bb94b46fe000000bc00820000036c6c256f1a272f2e117c22ebc205214000000000008934d7d5bbc91a3e2e80772c05defd5a32e280fc83ab82f605f70c9ddef2fe082038f4f8b29d3ef3d92c83170e5bba4a463ae4f5566f91cf190201ded815b2ccd243f295ed94e0ad91bd0734babc7c3f2eeb57d43dd16b17e583df150c3b880f411f46a6b567b4d5715587e658a1ad0a4f01731d05b0350b0041f0d48f6f0000080548deac270e33429fd3000175e63fb8d38a873cf1587c3b4100000000000000", 0xfc) [ 538.162766] FAULT_INJECTION: forcing a failure. [ 538.162766] name failslab, interval 1, probability 0, space 0, times 0 [ 538.270209] CPU: 0 PID: 21654 Comm: syz-executor.2 Not tainted 4.14.138 #34 [ 538.277356] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 538.286704] Call Trace: [ 538.286721] dump_stack+0x138/0x19c [ 538.286736] should_fail.cold+0x10f/0x159 [ 538.286750] should_failslab+0xdb/0x130 [ 538.286762] kmem_cache_alloc+0x2d7/0x780 [ 538.286773] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 538.286785] ? ovl_i_callback+0x30/0x30 [ 538.286795] ovl_alloc_inode+0x1c/0x190 [ 538.286803] alloc_inode+0x64/0x180 [ 538.286812] new_inode_pseudo+0x19/0xf0 [ 538.286822] new_inode+0x1f/0x40 [ 538.286831] ovl_new_inode+0x1e/0x50 [ 538.286842] ovl_fill_super+0x16a3/0x2660 [ 538.286860] ? ovl_put_super+0x4b0/0x4b0 [ 538.286868] ? sget_userns+0x76b/0xc30 [ 538.286878] ? get_anon_bdev+0x1c0/0x1c0 [ 538.286895] ? get_anon_bdev+0x1c0/0x1c0 [ 538.286903] ? sget+0xde/0x120 [ 538.286914] ? selinux_sb_copy_data+0x21e/0x390 [ 538.286925] ? ovl_put_super+0x4b0/0x4b0 [ 538.365409] mount_nodev+0x52/0xf0 [ 538.365424] ovl_mount+0x2d/0x40 [ 538.365435] mount_fs+0x97/0x2a1 [ 538.365451] vfs_kern_mount.part.0+0x5e/0x3d0 [ 538.365465] do_mount+0x417/0x27d0 [ 538.365478] ? copy_mount_options+0x5c/0x2f0 [ 538.380259] ? rcu_read_lock_sched_held+0x110/0x130 [ 538.380277] ? copy_mount_string+0x40/0x40 [ 538.380293] ? copy_mount_options+0x1fe/0x2f0 [ 538.380308] SyS_mount+0xab/0x120 [ 538.380315] ? copy_mnt_ns+0x8c0/0x8c0 [ 538.380327] do_syscall_64+0x1e8/0x640 [ 538.380336] ? trace_hardirqs_off_thunk+0x1a/0x1c 03:36:17 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x822102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg$netlink(0xffffffffffffffff, &(0x7f0000001dc0)={0x0, 0x0, &(0x7f00000000c0)=[{0x0, 0xfffffffffffffce2}, {0x0, 0x15e}, {0x0, 0x2c3}, {&(0x7f0000000000)=ANY=[@ANYBLOB="b803010000000020000000000000000000"], 0x9c}], 0x4}, 0x0) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(0x0, 0x4) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 03:36:17 executing program 3: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000200)='devtmpfs\x00', 0x0, 0x0) chdir(0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffe000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) [ 538.380360] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 538.380369] RIP: 0033:0x459829 [ 538.380375] RSP: 002b:00007fba3cf61c78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 538.380386] RAX: ffffffffffffffda RBX: 00007fba3cf61c90 RCX: 0000000000459829 [ 538.380395] RDX: 00000000200000c0 RSI: 0000000020000000 RDI: 000000000040000a [ 538.393377] RBP: 000000000075bf20 R08: 0000000020000100 R09: 0000000000000000 [ 538.393384] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fba3cf626d4 03:36:17 executing program 5: syz_open_dev$sndtimer(&(0x7f0000000100)='/dev/snd/timer\x00', 0x0, 0xc2) r0 = memfd_create(&(0x7f0000000040)='\x00\xac=\x9d\xd2\xdb\xe6\xbf\xb4\b\xedcJ\x8e\x84\xd4N\x12\x9b\x1f\t\xbd\x11+\x86T\x16\xa3\xb3\xae0\x9f9?\xefo\xa4k\x012>\xa1\x9c\x86x\x1c\x9f\x84\x195\xde\x97_\t~\xf3Y\x12\"p^\xc1\x0f', 0x0) pipe2(0x0, 0x80000) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000240)='TIPCv2\x00') sendmsg$TIPC_NL_PUBL_GET(0xffffffffffffffff, &(0x7f00000004c0)={&(0x7f0000000200), 0xc, &(0x7f0000000400)={&(0x7f0000000700)=ANY=[@ANYBLOB="f800b900ee6059aa5bf14ff6a69df6cf78598587885cc2979be4d33804ce45cf25a023e9d85b90b16d1c4f676e9d8d20b58f8357894ddc76b8621dbea8fcf60e000000000000beb107743e7f8356bb1b4c0de66bec6f53d13682abef3e61e52e81ef49b7430113f3811d3f04cf033549732f89d78a64aad3db174f0fa25aae831eb197865d", @ANYRES16=r1, @ANYBLOB="00012abd7000fedbdf25070000002400020008000100a400000008000100800000000800010000000000080001000600000068000100080003000000000008000300ff000000380004001400010002004e20e00000020000000000000000200002000a00000000000005ff010000000000000000000000000001060000000c00020008000300f7e50000100001007564703a73797a3100000000140009000800010002000000080002005f03000020000200080002003200000004000400080001000500000008000100fdffffff24000900080001000400000008000200348bffff08000100020000000800010000000100d38e0166af14aef0fed3fe37ccb98b8e1d618758710bcc343515620b7485b2e5d34afd97798864139f9bd4a82584dd5fa513b207b6aed55e6fa9e1a400b4c5cfda809f61fa901ac4e4a13376e03f6d591f4663839b5b00066e998ace"], 0xf8}, 0x1, 0x0, 0x0, 0x40000}, 0x20004010) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='Cpuacct.stE\xae\x00', 0x275a, 0x0) r2 = creat(&(0x7f0000000080)='./bus\x00', 0x0) fallocate(r2, 0x0, 0x0, 0x1) read$eventfd(r2, &(0x7f00000003c0), 0x8) fallocate(r0, 0xe, 0x6, 0xffffffffffff5a11) r3 = creat(&(0x7f0000000280)='./bus\x00', 0x80) r4 = socket$inet6(0xa, 0x400000000001, 0x0) r5 = fcntl$getown(r3, 0x9) capget(&(0x7f00000000c0)={0x20080522, r5}, &(0x7f0000000140)={0x1, 0x8000, 0x81, 0x40, 0xfffffffff0520d4f, 0x5}) r6 = dup(r4) ioctl$FICLONE(0xffffffffffffffff, 0x40049409, r4) setsockopt$inet6_tcp_int(r6, 0x6, 0x12, &(0x7f0000000000)=0x7f, 0x4) bind$inet6(r4, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r4, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$SO_BINDTODEVICE(r4, 0x1, 0x19, &(0x7f0000000180)='syz_tun\x00', 0x10) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x400}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r7 = open(&(0x7f0000000440)='./bus\x00', 0x141042, 0x0) ftruncate(r3, 0x800fe) sendfile(r6, r7, 0x0, 0x8000fffffffe) 03:36:17 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2(&(0x7f0000000040)={0xffffffffffffffff}, 0x2e880e73b591ed54) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x3d, 0x0) write$binfmt_aout(r1, &(0x7f00000000c0)=ANY=[], 0xff2e) ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000380)) r2 = syz_open_pts(r1, 0x0) dup3(r2, r1, 0x80000) setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f00000001c0)={0x400, {{0xa, 0x4e20, 0x327, @loopback, 0x3ff}}, {{0xa, 0x4e24, 0x1, @initdev={0xfe, 0x88, [], 0x0, 0x0}, 0x2}}}, 0x108) ioctl$TIOCSETD(r2, 0x5423, &(0x7f00000000c0)) ioctl$TIOCGLCKTRMIOS(r1, 0x5456, &(0x7f0000000080)={0x1, 0xffffffff, 0x40, 0x853, 0x0, 0x8001, 0x4, 0x20, 0x6, 0x81, 0x8, 0x6}) 03:36:17 executing program 2 (fault-call:4 fault-nth:88): r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca50d5e0bcfe47bf070") mkdir(&(0x7f00000001c0)='./file0\x00', 0x0) mkdir(&(0x7f0000000040)='./file1\x00', 0x0) mount$overlay(0x40000a, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='overlay\x00', 0x0, &(0x7f0000000100)={[{@upperdir={'upperdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './file1'}, 0x5c}], [], 0xf603000000000000}) [ 538.393389] R13: 00000000004c5e44 R14: 00000000004da948 R15: 0000000000000004 [ 538.477271] IPVS: ftp: loaded support on port[0] = 21 [ 538.550128] protocol 88fb is buggy, dev hsr_slave_0 [ 538.555290] protocol 88fb is buggy, dev hsr_slave_1 03:36:17 executing program 0: r0 = creat(&(0x7f0000000000)='./file0\x00', 0x0) clone(0x180000105, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000000a000)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x11, @perf_config_ext, 0x8000000200000000, 0x800007f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) connect(r0, &(0x7f0000000040)=@l2={0x1f, 0x80000000, {0x100000001, 0x2, 0x5, 0x9, 0x6, 0xf5}, 0x7, 0xffffffffffffffff}, 0x80) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000fb5ffc)='nfs\x00', 0x0, &(0x7f000000a000)) 03:36:17 executing program 3: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000200)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000003c0)='./file0\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffe000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) [ 538.629754] FAULT_INJECTION: forcing a failure. [ 538.629754] name failslab, interval 1, probability 0, space 0, times 0 [ 538.700484] CPU: 1 PID: 21694 Comm: syz-executor.2 Not tainted 4.14.138 #34 [ 538.707789] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 538.707794] Call Trace: [ 538.707811] dump_stack+0x138/0x19c [ 538.707828] should_fail.cold+0x10f/0x159 [ 538.707843] should_failslab+0xdb/0x130 [ 538.707863] __kmalloc_track_caller+0x2ec/0x790 [ 538.707873] ? __lock_is_held+0xb6/0x140 [ 538.707887] ? check_preemption_disabled+0x3c/0x250 [ 538.707899] ? prepare_creds+0x3e/0x380 [ 538.707907] ? selinux_cred_prepare+0x49/0xb0 [ 538.707918] kmemdup+0x27/0x60 [ 538.707926] selinux_cred_prepare+0x49/0xb0 [ 538.707936] security_prepare_creds+0x7d/0xb0 [ 538.707946] prepare_creds+0x2cf/0x380 [ 538.707956] ovl_fill_super+0x1533/0x2660 [ 538.707970] ? ovl_put_super+0x4b0/0x4b0 [ 538.707976] ? sget_userns+0x76b/0xc30 [ 538.707986] ? get_anon_bdev+0x1c0/0x1c0 [ 538.732023] ? get_anon_bdev+0x1c0/0x1c0 [ 538.732033] ? sget+0xde/0x120 [ 538.732045] ? selinux_sb_copy_data+0x21e/0x390 [ 538.732058] ? ovl_put_super+0x4b0/0x4b0 [ 538.732068] mount_nodev+0x52/0xf0 [ 538.732079] ovl_mount+0x2d/0x40 [ 538.732089] mount_fs+0x97/0x2a1 [ 538.740848] vfs_kern_mount.part.0+0x5e/0x3d0 [ 538.740870] do_mount+0x417/0x27d0 [ 538.740880] ? copy_mount_options+0x5c/0x2f0 [ 538.740892] ? rcu_read_lock_sched_held+0x110/0x130 [ 538.740905] ? copy_mount_string+0x40/0x40 [ 538.740921] ? copy_mount_options+0x1fe/0x2f0 [ 538.740935] SyS_mount+0xab/0x120 [ 538.740943] ? copy_mnt_ns+0x8c0/0x8c0 [ 538.740956] do_syscall_64+0x1e8/0x640 03:36:17 executing program 0: r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000680)='/dev/snapshot\x00', 0x200220, 0x0) getsockopt$ARPT_SO_GET_REVISION_TARGET(0xffffffffffffffff, 0x0, 0x63, &(0x7f0000000600)={'TPROXY\x00'}, &(0x7f0000000640)=0x1e) socket$packet(0x11, 0x0, 0x300) pipe2(0x0, 0x0) r1 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000440)='/proc/sys/net/ipv4/vs/snat_reroute\x00', 0x2, 0x0) r2 = syz_genetlink_get_family_id$tipc(&(0x7f00000004c0)='TIPC\x00') sendmsg$TIPC_CMD_GET_MAX_PORTS(r1, &(0x7f0000000580)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x8020}, 0xc, &(0x7f0000000540)={&(0x7f0000000500)={0x1c, r2, 0x8, 0x70bd2c, 0x25dfdbfb}, 0x1c}, 0x1, 0x0, 0x0, 0x4000}, 0x40) setsockopt$l2tp_PPPOL2TP_SO_SENDSEQ(0xffffffffffffffff, 0x111, 0x3, 0x0, 0x4) ioctl$VIDIOC_REQBUFS(0xffffffffffffffff, 0xc0145608, &(0x7f0000000180)={0x0, 0x6}) ioctl$SNDRV_SEQ_IOCTL_SUBSCRIBE_PORT(0xffffffffffffffff, 0x40505330, 0x0) unlink(0x0) r3 = socket$inet6_udp(0xa, 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_inet6_SIOCSIFADDR(r3, 0x89a1, &(0x7f00000000c0)={@local={0xfe, 0x80, [0x1600, 0x3ef, 0x2000000, 0x3f00000000000000, 0x100000000000600, 0x0, 0x1103, 0x0, 0x0, 0x0, 0x0, 0x6]}}) prctl$PR_GET_FP_MODE(0x2e) ioctl$sock_inet6_SIOCADDRT(r3, 0x89a0, &(0x7f0000000040)={@local={0xfe, 0x80, [0x0, 0xfeff0000]}, @local, @local}) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x8031, 0xffffffffffffffff, 0x0) ftruncate(0xffffffffffffffff, 0x0) write(0xffffffffffffffff, &(0x7f00000002c0)="60b7fdfefe5f021ce1eef846f2e3402518b4878718dba7bc53eaaec76281255a6d32f40eb26b15108f75cf531c785ec46fd4eca035aa274e01456277d142de586e0300f3046a957353d67c0266a97601e4a538a6cb7463b32137efa8bc601828341d945dfff47e0ade421675a0c3076bbd039ec4060f05965c5035356f520e2899008659e1fcbaca361da5c7ca5faa66b64f541c581a474eb2dec05831a3fc5c10535733ab4534bac96e6d46729211453ca25db42097a9ac0713ba06ab0cadc8a36dc2c6e631ed26b4502f219060a9cdad00000000", 0xd5) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x3f, &(0x7f0000000000)=0x100000001, 0x4) openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000140)='/dev/dlm_plock\x00', 0x800, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/sequencer\x00', 0x200000, 0x0) syz_open_dev$sndpcmc(&(0x7f0000000200)='/dev/snd/pcmC#D#c\x00', 0x80000e23a, 0x204002) openat$vfio(0xffffffffffffff9c, &(0x7f0000000240)='/dev/vfio/vfio\x00', 0x1, 0x0) openat$hwrng(0xffffffffffffff9c, 0x0, 0x8000, 0x0) openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000000400)='/dev/dlm-monitor\x00', 0x121080, 0x0) lchown(0x0, 0x0, 0x0) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3c, &(0x7f00000000c0)=0x1, 0x4) recvmmsg(r0, &(0x7f0000001040)=[{{&(0x7f00000006c0)=@nfc, 0x80, &(0x7f0000000940)=[{&(0x7f0000000740)=""/88, 0x58}, {&(0x7f0000000280)=""/5, 0x5}, {&(0x7f00000003c0)=""/42, 0x2a}, {&(0x7f00000007c0)=""/137, 0x89}, {&(0x7f0000000880)=""/138, 0x8a}], 0x5, &(0x7f00000005c0)=""/37, 0x25}, 0x1}, {{0x0, 0x0, &(0x7f0000000f40)=[{&(0x7f00000009c0)=""/57, 0x39}, {&(0x7f0000000a00)=""/137, 0x89}, {&(0x7f0000000ac0)=""/220, 0xdc}, {&(0x7f0000000bc0)=""/197, 0xc5}, {&(0x7f0000000cc0)=""/113, 0x71}, {&(0x7f0000000d40)=""/131, 0x83}, {&(0x7f0000000e00)=""/143, 0x8f}, {&(0x7f0000000ec0)=""/78, 0x4e}], 0x8, &(0x7f0000000fc0)=""/98, 0x62}, 0xa3}], 0x2, 0x40000000, &(0x7f00000010c0)={0x0, 0x989680}) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x4008040, &(0x7f0000000100)={0x2, 0x0, @empty}, 0x10) [ 538.740965] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 538.740989] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 538.749949] RIP: 0033:0x459829 [ 538.749955] RSP: 002b:00007fba3cf61c78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 538.749967] RAX: ffffffffffffffda RBX: 00007fba3cf61c90 RCX: 0000000000459829 [ 538.749973] RDX: 00000000200000c0 RSI: 0000000020000000 RDI: 000000000040000a [ 538.749980] RBP: 000000000075bf20 R08: 0000000020000100 R09: 0000000000000000 [ 538.749986] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fba3cf626d4 [ 538.749992] R13: 00000000004c5e44 R14: 00000000004da948 R15: 0000000000000004 [ 539.065971] IPVS: ftp: loaded support on port[0] = 21 03:36:18 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)) r0 = syz_open_dev$sndpcmc(&(0x7f0000000000)='/dev/snd/pcmC#D#c\x00', 0xfffffffffffffff8, 0x4000) setsockopt$bt_l2cap_L2CAP_LM(r0, 0x6, 0x3, &(0x7f0000000080)=0x18, 0x4) r1 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dlm_plock\x00', 0xa611b6ad4540b7c8, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x1000410200) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xe2w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11+4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00', 0x275a, 0x0) ioctl$FITRIM(r2, 0xc0185879, &(0x7f0000000040)={0x0, 0x8000}) 03:36:18 executing program 5: syz_open_dev$sndtimer(&(0x7f0000000100)='/dev/snd/timer\x00', 0x0, 0xc2) r0 = memfd_create(&(0x7f0000000040)='\x00\xac=\x9d\xd2\xdb\xe6\xbf\xb4\b\xedcJ\x8e\x84\xd4N\x12\x9b\x1f\t\xbd\x11+\x86T\x16\xa3\xb3\xae0\x9f9?\xefo\xa4k\x012>\xa1\x9c\x86x\x1c\x9f\x84\x195\xde\x97_\t~\xf3Y\x12\"p^\xc1\x0f', 0x0) pipe2(&(0x7f00000001c0)={0xffffffffffffffff}, 0x0) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000240)='TIPCv2\x00') sendmsg$TIPC_NL_PUBL_GET(r1, &(0x7f00000004c0)={&(0x7f0000000200), 0xc, &(0x7f0000000400)={&(0x7f0000000700)=ANY=[@ANYBLOB="f800b900ee6059aa5bf14ff6a69df6cf78598587885cc2979be4d33804ce45cf25a023e9d85b90b16d1c4f676e9d8d20b58f8357894ddc76b8621dbea8fcf60e000000000000beb107743e7f8356bb1b4c0de66bec6f53d13682abef3e61e52e81ef49b7430113f3811d3f04cf033549732f89d78a64aad3db174f0fa25aae831eb197865d", @ANYRES16=r2, @ANYBLOB="00012abd7000fedbdf25070000002400020008000100a400000008000100800000000800010000000000080001000600000068000100080003000000000008000300ff000000380004001400010002004e20e00000020000000000000000200002000a00000000000005ff010000000000000000000000000001060000000c00020008000300f7e50000100001007564703a73797a3100000000140009000800010002000000080002005f03000020000200080002003200000004000400080001000500000008000100fdffffff24000900080001000400000008000200348bffff08000100020000000800010000000100d38e0166af14aef0fed3fe37ccb98b8e1d618758710bcc343515620b7485b2e5d34afd97798864139f9bd4a82584dd5fa513b207b6aed55e6fa9e1a400b4c5cfda809f61fa901ac4e4a13376e03f6d591f4663839b5b00066e998ace"], 0xf8}, 0x1, 0x0, 0x0, 0x40000}, 0x20004010) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='Cpuacct.stE\xae\x00', 0x275a, 0x0) r3 = creat(&(0x7f0000000080)='./bus\x00', 0x0) fallocate(r3, 0x0, 0x0, 0x1) read$eventfd(r3, &(0x7f00000003c0), 0x8) fallocate(r0, 0xe, 0x6, 0xffffffffffff5a11) r4 = creat(&(0x7f0000000280)='./bus\x00', 0x80) r5 = socket$inet6(0xa, 0x400000000001, 0x0) r6 = fcntl$getown(r4, 0x9) capget(&(0x7f00000000c0)={0x20080522, r6}, &(0x7f0000000140)={0x1, 0x8000, 0x81, 0x40, 0xfffffffff0520d4f, 0x5}) r7 = dup(r5) ioctl$FICLONE(0xffffffffffffffff, 0x40049409, r5) setsockopt$inet6_tcp_int(r7, 0x6, 0x12, &(0x7f0000000000)=0x7f, 0x4) bind$inet6(r5, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r5, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$SO_BINDTODEVICE(r5, 0x1, 0x19, &(0x7f0000000180)='syz_tun\x00', 0x10) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x400}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r8 = open(&(0x7f0000000440)='./bus\x00', 0x141042, 0x0) ftruncate(r4, 0x800fe) sendfile(r7, r8, 0x0, 0x8000fffffffe) 03:36:18 executing program 3: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000200)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000003c0)='./file0\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffe000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) 03:36:18 executing program 2 (fault-call:4 fault-nth:89): r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca50d5e0bcfe47bf070") mkdir(&(0x7f00000001c0)='./file0\x00', 0x0) mkdir(&(0x7f0000000040)='./file1\x00', 0x0) mount$overlay(0x40000a, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='overlay\x00', 0x0, &(0x7f0000000100)={[{@upperdir={'upperdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './file1'}, 0x5c}], [], 0xf603000000000000}) [ 540.001897] FAULT_INJECTION: forcing a failure. [ 540.001897] name failslab, interval 1, probability 0, space 0, times 0 [ 540.046802] CPU: 0 PID: 21719 Comm: syz-executor.2 Not tainted 4.14.138 #34 [ 540.053936] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 540.063282] Call Trace: [ 540.063299] dump_stack+0x138/0x19c [ 540.063316] should_fail.cold+0x10f/0x159 [ 540.063331] should_failslab+0xdb/0x130 [ 540.069522] kmem_cache_alloc+0x2d7/0x780 [ 540.081753] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 540.087214] ? ovl_i_callback+0x30/0x30 [ 540.091193] ovl_alloc_inode+0x1c/0x190 [ 540.095172] alloc_inode+0x64/0x180 [ 540.098797] new_inode_pseudo+0x19/0xf0 [ 540.102756] new_inode+0x1f/0x40 [ 540.106103] ovl_new_inode+0x1e/0x50 [ 540.109797] ovl_fill_super+0x16a3/0x2660 [ 540.113929] ? ovl_put_super+0x4b0/0x4b0 [ 540.118007] ? sget_userns+0x76b/0xc30 [ 540.121882] ? get_anon_bdev+0x1c0/0x1c0 [ 540.125940] ? get_anon_bdev+0x1c0/0x1c0 [ 540.129977] ? sget+0xde/0x120 [ 540.133149] ? selinux_sb_copy_data+0x21e/0x390 [ 540.137796] ? ovl_put_super+0x4b0/0x4b0 [ 540.141835] mount_nodev+0x52/0xf0 [ 540.145362] ovl_mount+0x2d/0x40 [ 540.148706] mount_fs+0x97/0x2a1 [ 540.152054] vfs_kern_mount.part.0+0x5e/0x3d0 [ 540.156539] do_mount+0x417/0x27d0 [ 540.160064] ? copy_mount_options+0x5c/0x2f0 [ 540.164456] ? rcu_read_lock_sched_held+0x110/0x130 [ 540.169454] ? copy_mount_string+0x40/0x40 [ 540.173671] ? copy_mount_options+0x1fe/0x2f0 [ 540.178150] SyS_mount+0xab/0x120 [ 540.181583] ? copy_mnt_ns+0x8c0/0x8c0 [ 540.185452] do_syscall_64+0x1e8/0x640 [ 540.189317] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 540.194169] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 540.199366] RIP: 0033:0x459829 [ 540.202536] RSP: 002b:00007fba3cf61c78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 540.210224] RAX: ffffffffffffffda RBX: 00007fba3cf61c90 RCX: 0000000000459829 [ 540.217473] RDX: 00000000200000c0 RSI: 0000000020000000 RDI: 000000000040000a [ 540.224722] RBP: 000000000075bf20 R08: 0000000020000100 R09: 0000000000000000 [ 540.231968] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fba3cf626d4 [ 540.239218] R13: 00000000004c5e44 R14: 00000000004da948 R15: 0000000000000004 03:36:20 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x822102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg$netlink(0xffffffffffffffff, &(0x7f0000001dc0)={0x0, 0x0, &(0x7f00000000c0)=[{0x0, 0xfffffffffffffce2}, {0x0, 0x15e}, {0x0, 0x2c3}, {&(0x7f0000000000)=ANY=[@ANYBLOB="b803010000000020000000000000000000"], 0x9c}], 0x4}, 0x0) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(0x0, 0x4) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 03:36:20 executing program 0: getpgid(0x0) r0 = syz_open_dev$vcsa(&(0x7f0000001500)='/dev/vcsa#\x00', 0x1, 0x141001) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) perf_event_open(&(0x7f0000000640)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x83, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = syz_open_dev$sndctrl(&(0x7f0000006000)='/dev/snd/controlC#\x00', 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r3, 0x40045532, &(0x7f0000000000)) r4 = openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer\x00', 0x0, 0x0) ioctl$DRM_IOCTL_MODE_GETCRTC(r4, 0xc06864a1, &(0x7f0000000140)={&(0x7f0000000100)=[0x0, 0x3, 0x0, 0x1, 0xff, 0x0, 0x4, 0x0], 0x8, 0x0, 0x4, 0x6f6c, 0x0, 0x200, {0x7, 0xfffffffffffff55e, 0xec, 0x4, 0x659, 0x100, 0x6, 0x0, 0x2, 0xbd, 0x400, 0x37dce2ed, 0xd9, 0x0, "8145b113caa5929639760ff0515a292cb364b3d0afc8738030bba6eb57c7d073"}}) r5 = open(&(0x7f0000000080)='./file0\x00', 0x40002, 0x100) ioctl$TIOCSSERIAL(r1, 0x541f, &(0x7f00000003c0)={0x9, 0xffffffff, 0x8000, 0x1f, 0x2, 0x6, 0xd2, 0xfff, 0x10000, 0x6, 0xe000000000000000, 0x2, 0xfffffffffffffffd, 0x80, &(0x7f00000002c0)=""/82, 0xce41, 0x3, 0x95d8}) ioctl$LOOP_SET_BLOCK_SIZE(r5, 0x4c09, 0x3) socket$inet_udplite(0x2, 0x2, 0x88) socket$inet6(0xa, 0x3, 0x1) r6 = socket$key(0xf, 0x3, 0x2) setsockopt$sock_int(r6, 0x1, 0x8, &(0x7f00000001c0), 0x4) sendmsg$key(r6, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[]}}, 0x0) sendmsg$key(r6, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000080)=ANY=[@ANYBLOB="02120000020000000a000097d3d34473"], 0x10}}, 0x0) recvmmsg(r6, &(0x7f0000000f00), 0x274, 0x10000, &(0x7f0000001000)={0x77359400}) r7 = openat$audio(0xffffffffffffff9c, &(0x7f0000000280)='/dev/audio\x00', 0x140202, 0x0) r8 = syz_open_dev$sndpcmp(&(0x7f0000000480)='/dev/snd/pcmC#D#p\x00', 0x0, 0x405) r9 = dup2(r8, r7) socket$inet_udplite(0x2, 0x2, 0x88) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) write$P9_RFSYNC(r9, &(0x7f0000001580)={0xfe07, 0x33, 0x10002}, 0x151) write$P9_RATTACH(r0, &(0x7f0000000000)={0x14}, 0x14) ioctl$TIOCEXCL(r0, 0x540c) 03:36:20 executing program 3: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000200)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000003c0)='./file0\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffe000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) 03:36:20 executing program 5: syz_open_dev$sndtimer(&(0x7f0000000100)='/dev/snd/timer\x00', 0x0, 0xc2) r0 = memfd_create(&(0x7f0000000040)='\x00\xac=\x9d\xd2\xdb\xe6\xbf\xb4\b\xedcJ\x8e\x84\xd4N\x12\x9b\x1f\t\xbd\x11+\x86T\x16\xa3\xb3\xae0\x9f9?\xefo\xa4k\x012>\xa1\x9c\x86x\x1c\x9f\x84\x195\xde\x97_\t~\xf3Y\x12\"p^\xc1\x0f', 0x0) pipe2(&(0x7f00000001c0)={0xffffffffffffffff}, 0x0) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000240)='TIPCv2\x00') sendmsg$TIPC_NL_PUBL_GET(r1, &(0x7f00000004c0)={&(0x7f0000000200), 0xc, &(0x7f0000000400)={&(0x7f0000000700)=ANY=[@ANYBLOB="f800b900ee6059aa5bf14ff6a69df6cf78598587885cc2979be4d33804ce45cf25a023e9d85b90b16d1c4f676e9d8d20b58f8357894ddc76b8621dbea8fcf60e000000000000beb107743e7f8356bb1b4c0de66bec6f53d13682abef3e61e52e81ef49b7430113f3811d3f04cf033549732f89d78a64aad3db174f0fa25aae831eb197865d", @ANYRES16=r2, @ANYBLOB="00012abd7000fedbdf25070000002400020008000100a400000008000100800000000800010000000000080001000600000068000100080003000000000008000300ff000000380004001400010002004e20e00000020000000000000000200002000a00000000000005ff010000000000000000000000000001060000000c00020008000300f7e50000100001007564703a73797a3100000000140009000800010002000000080002005f03000020000200080002003200000004000400080001000500000008000100fdffffff24000900080001000400000008000200348bffff08000100020000000800010000000100d38e0166af14aef0fed3fe37ccb98b8e1d618758710bcc343515620b7485b2e5d34afd97798864139f9bd4a82584dd5fa513b207b6aed55e6fa9e1a400b4c5cfda809f61fa901ac4e4a13376e03f6d591f4663839b5b00066e998ace"], 0xf8}, 0x1, 0x0, 0x0, 0x40000}, 0x20004010) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='Cpuacct.stE\xae\x00', 0x275a, 0x0) r3 = creat(&(0x7f0000000080)='./bus\x00', 0x0) fallocate(r3, 0x0, 0x0, 0x1) read$eventfd(r3, &(0x7f00000003c0), 0x8) fallocate(r0, 0xe, 0x6, 0xffffffffffff5a11) r4 = creat(&(0x7f0000000280)='./bus\x00', 0x80) r5 = socket$inet6(0xa, 0x400000000001, 0x0) r6 = fcntl$getown(r4, 0x9) capget(&(0x7f00000000c0)={0x20080522, r6}, &(0x7f0000000140)={0x1, 0x8000, 0x81, 0x40, 0xfffffffff0520d4f, 0x5}) r7 = dup(r5) ioctl$FICLONE(0xffffffffffffffff, 0x40049409, r5) setsockopt$inet6_tcp_int(r7, 0x6, 0x12, &(0x7f0000000000)=0x7f, 0x4) bind$inet6(r5, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r5, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$SO_BINDTODEVICE(r5, 0x1, 0x19, &(0x7f0000000180)='syz_tun\x00', 0x10) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x400}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r8 = open(&(0x7f0000000440)='./bus\x00', 0x141042, 0x0) ftruncate(r4, 0x800fe) sendfile(r7, r8, 0x0, 0x8000fffffffe) 03:36:20 executing program 1: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000180)=""/148, 0x94}], 0x1, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000380)='net/igmp\x00') preadv(r0, &(0x7f0000000480), 0x2d1, 0x0) ioctl$PPPIOCGDEBUG(r0, 0x80047441, &(0x7f0000000000)) 03:36:20 executing program 2 (fault-call:4 fault-nth:90): r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca50d5e0bcfe47bf070") mkdir(&(0x7f00000001c0)='./file0\x00', 0x0) mkdir(&(0x7f0000000040)='./file1\x00', 0x0) mount$overlay(0x40000a, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='overlay\x00', 0x0, &(0x7f0000000100)={[{@upperdir={'upperdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './file1'}, 0x5c}], [], 0xf603000000000000}) 03:36:20 executing program 0: r0 = getpid() r1 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000000)='/proc/capi/capi20ncci\x00', 0x101000, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={r0, r1, 0x0, 0x1c, &(0x7f0000000040)='selfposix_acl_access[md5sum\x00'}, 0x30) sendmsg$inet(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r2, &(0x7f000014f000)={0x0, 0x0, &(0x7f00000bfff0)={&(0x7f0000c07e98)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in, @in6=@ipv4={[], [], @local={0xac, 0x14, 0xffffffffffffffff}}}, {@in6, 0x0, 0x33}, @in=@broadcast, {}, {}, {}, 0x0, 0x0, 0xa}, [@algo_auth={0x48, 0x1, {{'md5\x00'}}}]}, 0x138}}, 0x0) 03:36:20 executing program 3: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000200)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000003c0)='./file0\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, r0, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffe000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) 03:36:20 executing program 1: r0 = socket(0x4, 0x78a76b62a5ebc6a9, 0xfffffffffffffffc) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)=ANY=[@ANYBLOB="1400000052000103000000000000780000020000"], 0x14}}, 0x0) recvmmsg(r0, &(0x7f000000cc80)=[{{0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000180)=""/4096, 0x1000}], 0x1}}, {{0x0, 0x0, &(0x7f0000003400)=[{&(0x7f0000001200)=""/219, 0xdb}, {&(0x7f0000001400)=""/4096, 0x1000}, {&(0x7f0000002400)=""/4096, 0x1000}], 0x3}}, {{0x0, 0x0, &(0x7f0000009880)=[{&(0x7f00000035c0)=""/4096, 0x1000}, {&(0x7f00000045c0)=""/4096, 0x1000}, {&(0x7f00000055c0)=""/4096, 0x1000}, {&(0x7f00000065c0)=""/4096, 0x1000}, {&(0x7f00000075c0)=""/4096, 0x1000}, {&(0x7f0000008780)=""/4096, 0x1000}], 0x6}}, {{0x0, 0x0, 0x0}}], 0x4, 0x0, 0x0) r1 = fcntl$getown(r0, 0x9) ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f0000000000)=0x0) kcmp(r1, r2, 0x1, r0, r0) getsockopt$IP_VS_SO_GET_SERVICE(r0, 0x0, 0x483, &(0x7f0000001180), &(0x7f0000000040)=0x68) [ 541.603629] FAULT_INJECTION: forcing a failure. [ 541.603629] name failslab, interval 1, probability 0, space 0, times 0 [ 541.676007] CPU: 0 PID: 21739 Comm: syz-executor.2 Not tainted 4.14.138 #34 [ 541.683241] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 541.692593] Call Trace: [ 541.695187] dump_stack+0x138/0x19c [ 541.698829] should_fail.cold+0x10f/0x159 [ 541.702983] should_failslab+0xdb/0x130 [ 541.706964] kmem_cache_alloc_trace+0x2e9/0x790 [ 541.711636] ? lock_downgrade+0x6e0/0x6e0 [ 541.715793] get_mountpoint+0xd4/0x330 [ 541.719688] lock_mount+0xe0/0x2c0 03:36:20 executing program 1: r0 = socket(0x2000000000000021, 0x2, 0x10000000000002) connect$rxrpc(r0, &(0x7f0000000080)=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x1e}}}, 0x24) socket$inet(0x2b, 0x0, 0x8) ioctl$IMGETVERSION(0xffffffffffffffff, 0x80044942, &(0x7f0000000100)) mkdir(0x0, 0x0) r1 = openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dlm-control\x00', 0x2080, 0x0) perf_event_open(&(0x7f0000000140)={0x0, 0x70, 0xfffffffffffffffa, 0xffffffffffffffff, 0x3, 0x2, 0x0, 0x3, 0x20200, 0x8, 0x82, 0x40, 0xffffffffffff7324, 0x1, 0x2, 0x9, 0x0, 0x2, 0x8, 0x1, 0x5, 0x0, 0x3, 0x100, 0x2, 0x0, 0x3ff, 0x2, 0x8001, 0x5, 0xfffffffffffffffe, 0xd9, 0xe2, 0x20, 0x10001, 0x9, 0x32, 0xfffffffffffffffd, 0x0, 0xfffffffffffffff8, 0x4, @perf_config_ext={0xde3, 0xffff}, 0x4000, 0x208686a9, 0xbc8, 0x8, 0x4, 0x3}, 0x0, 0x6, r1, 0xa) preadv(0xffffffffffffffff, 0x0, 0x0, 0x2) getsockopt$inet_sctp_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$ipvs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net\x00\x00\x00\x00\x00\x00\x00\a/expire_nodest_conn\x00', 0x2, 0x0) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x4) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_ONE_REG(0xffffffffffffffff, 0x4010aeac, 0x0) getdents64(r2, &(0x7f00000000c0)=""/11, 0xeb) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmmsg(r0, &(0x7f0000005c00)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)=[{0x18, 0x110, 0x1, 'w'}], 0x18}}], 0x1, 0x0) [ 541.723248] do_add_mount+0x27/0x350 [ 541.726982] do_mount+0x1307/0x27d0 [ 541.730613] ? copy_mount_options+0x5c/0x2f0 [ 541.735028] ? rcu_read_lock_sched_held+0x110/0x130 [ 541.740056] ? copy_mount_string+0x40/0x40 [ 541.744293] ? copy_mount_options+0x1fe/0x2f0 [ 541.748985] SyS_mount+0xab/0x120 [ 541.752443] ? copy_mnt_ns+0x8c0/0x8c0 [ 541.756335] do_syscall_64+0x1e8/0x640 [ 541.760235] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 541.765087] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 541.770274] RIP: 0033:0x459829 03:36:20 executing program 0: r0 = fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) ioctl$KVM_IRQ_LINE(r0, 0x4008ae61, &(0x7f0000000280)={0x2000000000000401, 0x3d}) setsockopt$inet6_tcp_int(r0, 0x6, 0x17, &(0x7f00000001c0)=0x9da5, 0x4) r1 = syz_open_dev$mice(&(0x7f0000000400)='/dev/input/mice\x00', 0x0, 0x5) writev(r1, &(0x7f0000000140)=[{0x0, 0x3cd}, {&(0x7f0000000080)="dcc4c760832043513c6576e953a29ee2fd8a66b457edd02d3dd127f562a2f28707a1b7de0b7751ad52f71617a2c1d8ed70189a17d76fef86c8220000e09b7b095478efbf317b3e57fe3457f71d7fcadddaacdf07c942c3765ee843f332", 0x5d}], 0x2) setsockopt$SO_RDS_MSG_RXPATH_LATENCY(r1, 0x114, 0xa, &(0x7f0000000100)={0x1, "fb"}, 0x2) sendto$rxrpc(r1, &(0x7f0000000000)="0927af96cc1811ebb16dda48", 0xc, 0xc40023bc14206e85, &(0x7f0000000040)=@in6={0x21, 0x1, 0x2, 0x1c, {0xa, 0x4e20, 0x10001, @initdev={0xfe, 0x88, [], 0x1, 0x0}, 0x7}}, 0x24) open(&(0x7f0000000180)='./file0\x00', 0xc000, 0x4) [ 541.773458] RSP: 002b:00007fba3cf61c78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 541.781170] RAX: ffffffffffffffda RBX: 00007fba3cf61c90 RCX: 0000000000459829 [ 541.788437] RDX: 00000000200000c0 RSI: 0000000020000000 RDI: 000000000040000a [ 541.795703] RBP: 000000000075bf20 R08: 0000000020000100 R09: 0000000000000000 [ 541.802975] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fba3cf626d4 [ 541.810244] R13: 00000000004c5e44 R14: 00000000004da948 R15: 0000000000000004 03:36:20 executing program 5: syz_open_dev$sndtimer(&(0x7f0000000100)='/dev/snd/timer\x00', 0x0, 0xc2) r0 = memfd_create(&(0x7f0000000040)='\x00\xac=\x9d\xd2\xdb\xe6\xbf\xb4\b\xedcJ\x8e\x84\xd4N\x12\x9b\x1f\t\xbd\x11+\x86T\x16\xa3\xb3\xae0\x9f9?\xefo\xa4k\x012>\xa1\x9c\x86x\x1c\x9f\x84\x195\xde\x97_\t~\xf3Y\x12\"p^\xc1\x0f', 0x0) pipe2(&(0x7f00000001c0)={0xffffffffffffffff}, 0x0) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000240)='TIPCv2\x00') sendmsg$TIPC_NL_PUBL_GET(r1, &(0x7f00000004c0)={&(0x7f0000000200), 0xc, &(0x7f0000000400)={&(0x7f0000000700)=ANY=[@ANYBLOB="f800b900ee6059aa5bf14ff6a69df6cf78598587885cc2979be4d33804ce45cf25a023e9d85b90b16d1c4f676e9d8d20b58f8357894ddc76b8621dbea8fcf60e000000000000beb107743e7f8356bb1b4c0de66bec6f53d13682abef3e61e52e81ef49b7430113f3811d3f04cf033549732f89d78a64aad3db174f0fa25aae831eb197865d", @ANYRES16=r2, @ANYBLOB="00012abd7000fedbdf25070000002400020008000100a400000008000100800000000800010000000000080001000600000068000100080003000000000008000300ff000000380004001400010002004e20e00000020000000000000000200002000a00000000000005ff010000000000000000000000000001060000000c00020008000300f7e50000100001007564703a73797a3100000000140009000800010002000000080002005f03000020000200080002003200000004000400080001000500000008000100fdffffff24000900080001000400000008000200348bffff08000100020000000800010000000100d38e0166af14aef0fed3fe37ccb98b8e1d618758710bcc343515620b7485b2e5d34afd97798864139f9bd4a82584dd5fa513b207b6aed55e6fa9e1a400b4c5cfda809f61fa901ac4e4a13376e03f6d591f4663839b5b00066e998ace"], 0xf8}, 0x1, 0x0, 0x0, 0x40000}, 0x20004010) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='Cpuacct.stE\xae\x00', 0x275a, 0x0) r3 = creat(&(0x7f0000000080)='./bus\x00', 0x0) fallocate(r3, 0x0, 0x0, 0x1) read$eventfd(r3, &(0x7f00000003c0), 0x8) fallocate(r0, 0xe, 0x6, 0xffffffffffff5a11) r4 = creat(&(0x7f0000000280)='./bus\x00', 0x80) r5 = socket$inet6(0xa, 0x400000000001, 0x0) r6 = fcntl$getown(r4, 0x9) capget(&(0x7f00000000c0)={0x20080522, r6}, &(0x7f0000000140)={0x1, 0x8000, 0x81, 0x40, 0xfffffffff0520d4f, 0x5}) r7 = dup(r5) ioctl$FICLONE(0xffffffffffffffff, 0x40049409, r5) setsockopt$inet6_tcp_int(r7, 0x6, 0x12, &(0x7f0000000000)=0x7f, 0x4) bind$inet6(r5, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r5, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$SO_BINDTODEVICE(r5, 0x1, 0x19, &(0x7f0000000180)='syz_tun\x00', 0x10) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x400}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r8 = open(&(0x7f0000000440)='./bus\x00', 0x141042, 0x0) ftruncate(r4, 0x800fe) sendfile(r7, r8, 0x0, 0x8000fffffffe) [ 542.710228] net_ratelimit: 22 callbacks suppressed [ 542.710234] protocol 88fb is buggy, dev hsr_slave_0 [ 542.720268] protocol 88fb is buggy, dev hsr_slave_1 [ 542.725331] protocol 88fb is buggy, dev hsr_slave_0 [ 542.730429] protocol 88fb is buggy, dev hsr_slave_1 [ 543.750122] protocol 88fb is buggy, dev hsr_slave_0 [ 543.755229] protocol 88fb is buggy, dev hsr_slave_1 [ 544.150164] protocol 88fb is buggy, dev hsr_slave_0 [ 544.155239] protocol 88fb is buggy, dev hsr_slave_1 [ 544.390194] protocol 88fb is buggy, dev hsr_slave_0 [ 544.395337] protocol 88fb is buggy, dev hsr_slave_1 03:36:23 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x822102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg$netlink(0xffffffffffffffff, &(0x7f0000001dc0)={0x0, 0x0, &(0x7f00000000c0)=[{0x0, 0xfffffffffffffce2}, {0x0, 0x15e}, {0x0, 0x2c3}, {&(0x7f0000000000)=ANY=[@ANYBLOB="b803010000000020000000000000000000"], 0x9c}], 0x4}, 0x0) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x0) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 03:36:23 executing program 3: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000200)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000003c0)='./file0\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, r0, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffe000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) 03:36:23 executing program 2 (fault-call:4 fault-nth:91): r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca50d5e0bcfe47bf070") mkdir(&(0x7f00000001c0)='./file0\x00', 0x0) mkdir(&(0x7f0000000040)='./file1\x00', 0x0) mount$overlay(0x40000a, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='overlay\x00', 0x0, &(0x7f0000000100)={[{@upperdir={'upperdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './file1'}, 0x5c}], [], 0xf603000000000000}) 03:36:23 executing program 0: syz_emit_ethernet(0x0, &(0x7f0000000380)=ANY=[], 0x0) r0 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) ioctl$PPPIOCCONNECT(r0, 0x4004743a, &(0x7f0000000040)=0x4) getsockopt$TIPC_SOCK_RECVQ_DEPTH(r0, 0x10f, 0x84, &(0x7f0000000080), &(0x7f00000000c0)=0x4) 03:36:23 executing program 5: syz_open_dev$sndtimer(&(0x7f0000000100)='/dev/snd/timer\x00', 0x0, 0xc2) r0 = memfd_create(&(0x7f0000000040)='\x00\xac=\x9d\xd2\xdb\xe6\xbf\xb4\b\xedcJ\x8e\x84\xd4N\x12\x9b\x1f\t\xbd\x11+\x86T\x16\xa3\xb3\xae0\x9f9?\xefo\xa4k\x012>\xa1\x9c\x86x\x1c\x9f\x84\x195\xde\x97_\t~\xf3Y\x12\"p^\xc1\x0f', 0x0) pipe2(&(0x7f00000001c0)={0xffffffffffffffff}, 0x80000) r2 = syz_genetlink_get_family_id$tipc2(0x0) sendmsg$TIPC_NL_PUBL_GET(r1, &(0x7f00000004c0)={&(0x7f0000000200), 0xc, &(0x7f0000000400)={&(0x7f0000000700)=ANY=[@ANYBLOB="f800b900ee6059aa5bf14ff6a69df6cf78598587885cc2979be4d33804ce45cf25a023e9d85b90b16d1c4f676e9d8d20b58f8357894ddc76b8621dbea8fcf60e000000000000beb107743e7f8356bb1b4c0de66bec6f53d13682abef3e61e52e81ef49b7430113f3811d3f04cf033549732f89d78a64aad3db174f0fa25aae831eb197865d", @ANYRES16=r2, @ANYBLOB="00012abd7000fedbdf25070000002400020008000100a400000008000100800000000800010000000000080001000600000068000100080003000000000008000300ff000000380004001400010002004e20e00000020000000000000000200002000a00000000000005ff010000000000000000000000000001060000000c00020008000300f7e50000100001007564703a73797a3100000000140009000800010002000000080002005f03000020000200080002003200000004000400080001000500000008000100fdffffff24000900080001000400000008000200348bffff08000100020000000800010000000100d38e0166af14aef0fed3fe37ccb98b8e1d618758710bcc343515620b7485b2e5d34afd97798864139f9bd4a82584dd5fa513b207b6aed55e6fa9e1a400b4c5cfda809f61fa901ac4e4a13376e03f6d591f4663839b5b00066e998ace"], 0xf8}, 0x1, 0x0, 0x0, 0x40000}, 0x20004010) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='Cpuacct.stE\xae\x00', 0x275a, 0x0) r3 = creat(&(0x7f0000000080)='./bus\x00', 0x0) fallocate(r3, 0x0, 0x0, 0x1) read$eventfd(r3, &(0x7f00000003c0), 0x8) fallocate(r0, 0xe, 0x6, 0xffffffffffff5a11) r4 = creat(&(0x7f0000000280)='./bus\x00', 0x80) r5 = socket$inet6(0xa, 0x400000000001, 0x0) r6 = fcntl$getown(r4, 0x9) capget(&(0x7f00000000c0)={0x20080522, r6}, &(0x7f0000000140)={0x1, 0x8000, 0x81, 0x40, 0xfffffffff0520d4f, 0x5}) r7 = dup(r5) ioctl$FICLONE(0xffffffffffffffff, 0x40049409, r5) setsockopt$inet6_tcp_int(r7, 0x6, 0x12, &(0x7f0000000000)=0x7f, 0x4) bind$inet6(r5, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r5, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$SO_BINDTODEVICE(r5, 0x1, 0x19, &(0x7f0000000180)='syz_tun\x00', 0x10) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x400}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r8 = open(&(0x7f0000000440)='./bus\x00', 0x141042, 0x0) ftruncate(r4, 0x800fe) sendfile(r7, r8, 0x0, 0x8000fffffffe) 03:36:23 executing program 1: r0 = socket(0x2000000000000021, 0x2, 0x10000000000002) connect$rxrpc(r0, &(0x7f0000000080)=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x1e}}}, 0x24) socket$inet(0x2b, 0x0, 0x8) ioctl$IMGETVERSION(0xffffffffffffffff, 0x80044942, &(0x7f0000000100)) mkdir(0x0, 0x0) r1 = openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dlm-control\x00', 0x2080, 0x0) perf_event_open(&(0x7f0000000140)={0x0, 0x70, 0xfffffffffffffffa, 0xffffffffffffffff, 0x3, 0x2, 0x0, 0x3, 0x20200, 0x8, 0x82, 0x40, 0xffffffffffff7324, 0x1, 0x2, 0x9, 0x0, 0x2, 0x8, 0x1, 0x5, 0x0, 0x3, 0x100, 0x2, 0x0, 0x3ff, 0x2, 0x8001, 0x5, 0xfffffffffffffffe, 0xd9, 0xe2, 0x20, 0x10001, 0x9, 0x32, 0xfffffffffffffffd, 0x0, 0xfffffffffffffff8, 0x4, @perf_config_ext={0xde3, 0xffff}, 0x4000, 0x208686a9, 0xbc8, 0x8, 0x4, 0x3}, 0x0, 0x6, r1, 0xa) preadv(0xffffffffffffffff, 0x0, 0x0, 0x2) getsockopt$inet_sctp_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$ipvs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net\x00\x00\x00\x00\x00\x00\x00\a/expire_nodest_conn\x00', 0x2, 0x0) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x4) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_ONE_REG(0xffffffffffffffff, 0x4010aeac, 0x0) getdents64(r2, &(0x7f00000000c0)=""/11, 0xeb) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmmsg(r0, &(0x7f0000005c00)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)=[{0x18, 0x110, 0x1, 'w'}], 0x18}}], 0x1, 0x0) 03:36:23 executing program 0: r0 = perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x800000000000013, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = open$dir(&(0x7f0000000000)='./file0\x00', 0x40000400000002c2, 0x0) prctl$PR_SET_NAME(0xf, &(0x7f0000000080)='#\x00') r2 = dup2(r1, r0) getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f00000000c0), &(0x7f0000000100)=0xc) 03:36:23 executing program 3: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000200)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000003c0)='./file0\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, r0, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffe000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) [ 544.559442] FAULT_INJECTION: forcing a failure. [ 544.559442] name failslab, interval 1, probability 0, space 0, times 0 [ 544.603260] CPU: 1 PID: 21774 Comm: syz-executor.2 Not tainted 4.14.138 #34 [ 544.610411] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 544.619772] Call Trace: [ 544.622366] dump_stack+0x138/0x19c [ 544.626003] should_fail.cold+0x10f/0x159 [ 544.630159] should_failslab+0xdb/0x130 [ 544.634136] kmem_cache_alloc_trace+0x2e9/0x790 [ 544.638806] ? lock_downgrade+0x6e0/0x6e0 [ 544.642963] get_mountpoint+0xd4/0x330 [ 544.646862] lock_mount+0xe0/0x2c0 [ 544.650405] do_add_mount+0x27/0x350 [ 544.654121] do_mount+0x1307/0x27d0 [ 544.657744] ? copy_mount_options+0x5c/0x2f0 [ 544.662152] ? rcu_read_lock_sched_held+0x110/0x130 [ 544.667173] ? copy_mount_string+0x40/0x40 [ 544.671421] ? copy_mount_options+0x1fe/0x2f0 [ 544.675921] SyS_mount+0xab/0x120 [ 544.679378] ? copy_mnt_ns+0x8c0/0x8c0 [ 544.683266] do_syscall_64+0x1e8/0x640 [ 544.687156] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 544.692007] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 544.697193] RIP: 0033:0x459829 [ 544.700380] RSP: 002b:00007fba3cf61c78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 03:36:23 executing program 5: syz_open_dev$sndtimer(&(0x7f0000000100)='/dev/snd/timer\x00', 0x0, 0xc2) r0 = memfd_create(&(0x7f0000000040)='\x00\xac=\x9d\xd2\xdb\xe6\xbf\xb4\b\xedcJ\x8e\x84\xd4N\x12\x9b\x1f\t\xbd\x11+\x86T\x16\xa3\xb3\xae0\x9f9?\xefo\xa4k\x012>\xa1\x9c\x86x\x1c\x9f\x84\x195\xde\x97_\t~\xf3Y\x12\"p^\xc1\x0f', 0x0) pipe2(&(0x7f00000001c0)={0xffffffffffffffff}, 0x80000) r2 = syz_genetlink_get_family_id$tipc2(0x0) sendmsg$TIPC_NL_PUBL_GET(r1, &(0x7f00000004c0)={&(0x7f0000000200), 0xc, &(0x7f0000000400)={&(0x7f0000000700)=ANY=[@ANYBLOB="f800b900ee6059aa5bf14ff6a69df6cf78598587885cc2979be4d33804ce45cf25a023e9d85b90b16d1c4f676e9d8d20b58f8357894ddc76b8621dbea8fcf60e000000000000beb107743e7f8356bb1b4c0de66bec6f53d13682abef3e61e52e81ef49b7430113f3811d3f04cf033549732f89d78a64aad3db174f0fa25aae831eb197865d", @ANYRES16=r2, @ANYBLOB="00012abd7000fedbdf25070000002400020008000100a400000008000100800000000800010000000000080001000600000068000100080003000000000008000300ff000000380004001400010002004e20e00000020000000000000000200002000a00000000000005ff010000000000000000000000000001060000000c00020008000300f7e50000100001007564703a73797a3100000000140009000800010002000000080002005f03000020000200080002003200000004000400080001000500000008000100fdffffff24000900080001000400000008000200348bffff08000100020000000800010000000100d38e0166af14aef0fed3fe37ccb98b8e1d618758710bcc343515620b7485b2e5d34afd97798864139f9bd4a82584dd5fa513b207b6aed55e6fa9e1a400b4c5cfda809f61fa901ac4e4a13376e03f6d591f4663839b5b00066e998ace"], 0xf8}, 0x1, 0x0, 0x0, 0x40000}, 0x20004010) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='Cpuacct.stE\xae\x00', 0x275a, 0x0) r3 = creat(&(0x7f0000000080)='./bus\x00', 0x0) fallocate(r3, 0x0, 0x0, 0x1) read$eventfd(r3, &(0x7f00000003c0), 0x8) fallocate(r0, 0xe, 0x6, 0xffffffffffff5a11) r4 = creat(&(0x7f0000000280)='./bus\x00', 0x80) r5 = socket$inet6(0xa, 0x400000000001, 0x0) r6 = fcntl$getown(r4, 0x9) capget(&(0x7f00000000c0)={0x20080522, r6}, &(0x7f0000000140)={0x1, 0x8000, 0x81, 0x40, 0xfffffffff0520d4f, 0x5}) r7 = dup(r5) ioctl$FICLONE(0xffffffffffffffff, 0x40049409, r5) setsockopt$inet6_tcp_int(r7, 0x6, 0x12, &(0x7f0000000000)=0x7f, 0x4) bind$inet6(r5, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r5, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$SO_BINDTODEVICE(r5, 0x1, 0x19, &(0x7f0000000180)='syz_tun\x00', 0x10) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x400}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r8 = open(&(0x7f0000000440)='./bus\x00', 0x141042, 0x0) ftruncate(r4, 0x800fe) sendfile(r7, r8, 0x0, 0x8000fffffffe) [ 544.708090] RAX: ffffffffffffffda RBX: 00007fba3cf61c90 RCX: 0000000000459829 [ 544.715362] RDX: 00000000200000c0 RSI: 0000000020000000 RDI: 000000000040000a [ 544.722631] RBP: 000000000075bf20 R08: 0000000020000100 R09: 0000000000000000 [ 544.729902] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fba3cf626d4 [ 544.737204] R13: 00000000004c5e44 R14: 00000000004da948 R15: 0000000000000004 03:36:23 executing program 0: syz_emit_ethernet(0xfffffffffffffe42, &(0x7f0000000280)={@local, @remote, [{[], {0x8100, 0xfffffffffffffffc, 0x8, 0x8000000002}}], {@ipv6={0x86dd, {0x5, 0x6, "e77e29", 0x0, 0x2b, 0x7, @initdev={0xfe, 0x88, [], 0x0, 0x0}, @local, {[@srh={0x84, 0x0, 0x4, 0x0, 0x2, 0x20, 0x5, [@local, @mcast2, @local]}], @icmpv6=@pkt_toobig={0x2, 0x0, 0x0, 0x5, {0x1, 0x6, "e42024", 0x80000001, 0x29, 0x6, @rand_addr="a3f7621ef460a4fac66fc6e3445e6ae9", @loopback, [@srh={0xc, 0x0, 0x4, 0x0, 0x5, 0x40, 0x7ff, [@mcast2]}, @dstopts={0x2b, 0x0, [], [@calipso={0x7, 0x0, {0x20, 0x0, 0x7ff, 0xffffffffffffffff, [0xa19, 0x5, 0x2, 0x200, 0x400, 0x100000001, 0x1000, 0x101, 0x7]}}, @pad1]}, @fragment={0x0, 0x0, 0x8, 0x5, 0x0, 0x6, 0x64}, @routing={0x84, 0x0, 0x8d50c88807c8e25b, 0xe03, 0x0, [@rand_addr="b4a03391763c7ce371bf0883dda52bce", @local]}, @routing={0x6e, 0x0, 0x2, 0x401, 0x0, [@remote, @ipv4={[], [], @loopback}, @local, @remote]}], "0d30741859c805df8a8944799adeb2089f6197d587f3213cac4b09cf42874f6d0a6066da2a5bb7bc0b656f2e9cd4c3e2c663634b9a1d903e3fc24797798fc0553f6e87351cedcde5c8a9e77733f79c0b618abe7eb954e2c8d55d9da72016a6902e4d6514f5dbed546831dccf2ec81507e04c8b7d381e60b08a7ae534644738df7370bdb2b5fc5457eb38676d3d786954670716b6ca588868eb2162e1e9fd54f3fe3ac81ee255f88d542404526b9ba0aa5245089b8235dad8b8ad8d54de93773b5d7778957d95b13108b419568415c8395302937cd1184cf6d007a241facb3db0d284844f10e94eb8859fc1f5f06e5997c4fde17b9839cce64876de0348195996d419466311f5f793ce423b90b69d3d00547950810ca3cc1ef1ffa730e8db7d47188baa5fada40093c61e39b4ebbcdbae378154fd9990c7397362a820c4ef433965e3ba893218478e3fb2d20963e4f1385fb00a146dca6bc1fd47735d6212d5036d21dd961cbea5e9088cdf9ae9c1dabede4e3acf8273b4a3be6b35478ce18ff927041eeb6eeb23e0c460dca1fae9d88dce725661aa181b48b78f322edd035badb3d2f12b241489024544519b84233e318461f6bf45da47c1e128a86d128c34b681b2799d66a012ea5b5031b927b8d966e1fde6e3cc48f22df73efa4e85b1258694a7d43ec3d5d9f5366ae8fd8eed9dbe0ffd0402308eebeed9ac0c033088a8cb7e5006a3903e1c8798a3eb7c720edf140e2cb3c1e97cac9f0a1be4a6f6952245b0dc9a691115473bfcc7d4cfacce9b32e84c1d219c2a877253cea11759168bdce52e5bd4a235f5313747b8acc491463ceb237617432b97929221520ba9bfcdfe68d3c964dc72aaf64a42c00e3c151a746404f665893dfb5135115c2222392ee41e4428642a3930bf092e99d21b4fc3555d8a4fb809ff2a62a30cf85530bb3e17fc55a8724f77fde3f29f076625790fbc377150aa7f06dd5f5fe2eb71b22ab36c7fe976ec9b332fb0f3bef7d735289314020c2fb2bcc7519c654085960060984cd69fb09ce0209fde665fab38c6ef068d8eaa5e9e974b3ec517994cd1fbe2e19cf9d71be758281c4013deff789fd133fa1086eb88d96a16d43426f7ca10e9493c8c87c230569aadb454247168bcbece764744596b825e0b17429f08ce9ae97e6db66c9b2d0aebe30d1214c39285b3ae50d9c7a9f40d6f1b3ea8164b00c51d281b553187870d3abf66d4ceb209a9e6bf2277b954d607a9919bf5f172a8e9b95c33000f64a4098ad0c1706ec547defee866667341c2f5f272a321b14f5dc15e882839171382d0518d691575155b3a21f39dc80669153dba38fb2a66fd6978fb7c7cde15076c6825f0e5ec3e7cd5328ce992bab9b8f85f4fd7ed1b280583b8c422bb1920f89d9ddfa815fd42e2807fd8ed66bf2c005ab4fb69576d998e883b229cb95f7fd682b3214d83096835d0f5391465feef9761c19fe9fd68bb4b1204d387b4ad8a245228eb55722566df1e82ea502b3a736b8e7949c8a5f24f72f71ae145621e1b831c415b5342812b9d96bc38a88e6abb6fcbbbf6d9bdba1f17f41a2e7e2ca0df6b39322af6b4e29492bd0fa532374708f37004b9daca81b975a89ecc2c70fe112265eb4ee48e62c9c11e7685eb447f1d3000cf91fd238f11861f5e6adace94c247e4f7eb24aaeada5d13ef089b744cb02f56ae68e3208b6881bf1a08205c70926a4688e7b0823deb74397e9270e181d47a91aa647725f648619e0e607107d6e21ee3318f0ee01bb5fa21d27b1a804669d8019cc7424b21f598123cbef0e9bb689f4fd1b2de5cf774ffb3024bdfd32aaf2955899080ad66f4d9e7fba9a5934f74db3295f050dcbc5f92803b98e889c0dc3ce1197988bab2abfde07e1a3726caea0f4baf19272e059e8739e6206fd40d7cba1a687f216bdbcdfd98799dd4a16686a2c7f3d736ed9bb997b6c54d288eb38c6844a349ff2bdada5ea2a758e1bebe0a39490bb16d2eeef22131666c4273b4577da5c3f765272d6b985b07f5f2a2b11a4a3bebb29e0f3753a40bd20dbab4953eb65553132accc135db23311823f1a6d3383d916ecfb8ef3d712aa6da2a9815c56972ef1983a674af935ef3dbc570f1e579841c7a25e794bb90409cf7c7d77b18a414d6a43230916a12bc7f5ba453985aeba9532a3158c13751d334305cb9f0257edd0a0aad09c2f4dd77af7fc7bde9321c927b79766cece2ca0c74e43b5f4d076c3b816cde6c05c2e34b455d5301aab87adac1c18f86fd942b7cb96c81f653ca45c446187195c79326c35b82dace54e3ff6d3bb6032ad3119ef2d18e03d291fde86467ddd59fa8e6cb9c8a4d02d519d8de912ff8bb2592baf9e08df7841c312999b392d457607e61ea3c13accf608f3774bf01173ae752cb025494b0835d5d21e60531c56f582e4f48bf39503a5b940177e97f4ac70d6153f3eac8644f6bfa99443cf76c38517164e60ff6d24a28a9382a55c0d4a7e67035cd0ae3de1f448d21e54816199eb5f91adbefaa77c55b9ac2fc9c00fa4f1d0bee7e02c51bcff103c7b19a12364bbdc042f66bdb558ccc4c5b6b06c5bb8debf4372e5c0a1f60499264c4c6f6f29f6cb54d81d96de6ec11426ceb9eca904cf92100e3b6c65fde9a6a83ba16a2040db07b96a7683ba9563c5ff31a177725746809c747290e3b56057e7e3988febb63691fadf9999c772152466d307d54b7ba92fe3b67063472d7c2b255b9f70ab8b36dd08f9a78fbc41e4e06417548ccba025cfe059ad05d8280dcdd4951dc3f228215b450637bf16851eae4ffe8d9dd68b20a12c5060e0c62dfede7fc451b327e75a2e7bff69b43aa220e7634e250ee649b274493964c7c3945fe8027ddee4d26fcd5510891d500d680d15fd85dd1fab428d6089d26adfc652b5b99501850af2bc71052e612af1be90c75c43b054208e2ee3bfb316d9c4605eda291b6cd5b204861019a88952137cf90522e0be9e0411cd93328458d1ed034be6729e781c143fcc0dd6434bd62116bb276f4562c0d41d35ccee8cd69dc9897634661ddd02521252f365ce73ef6a8d6f83f389a10b40274284f4ce9b96d7dd7d66f5ab3a8b1e93324bf54e287ac648874817b2c2f7ab99a3eb102fc0c53e47dba72194c05bb603d4fcaef25c9f6523751d4c0ddb78c92424c552752433509f53be3e7cc644fb7b3075bf1de61915b0e38f8c5c68d7514eda3085ce0a08392c7c654380fe7752445c519882ecfa9f84c9ad536f4e6df05870d4fa0535c26868434ddf245dd8f96690d5726505c60fd37c0bf5c113a979a7738286446d1da136a54060e0978fcae4134609fe141636e902e97dbbc0b8e30c82fd137689379ff57141d731454fffadfd1d34e033438959690582a268381bb931acbcce236827de15cb63ea5f13f448d911c11df3944312464afa1cde396e0ae10236e8a434816081f8ba3fc6107a7a1e0dd9dcdc226536ae919dc45527341362d45c037984e0b4222df043543d27ec64bba47a96447fd3ab91a6534637de0d5a65992364ed731a83dcf52f965b548f5ac6b0220ecdfac2b488251174ab9077145069758e5960432d1eb4e7fbe982dc85a7497f7589c47b116cd95ad57b42f27a1c31f23fe2c2b7929771e87d02601889dc19f04cf4e8fd86e19dddb1fbbf74974201d2c5f69c3dd25a8bba22c6c1610191fe75ae115843679ca3af15a66614a6878f3352ebe9db48faebeb9ab58b42c9d80dac93e9350802873f5d1e54eb423b6da7075b0319ec0f129a9427733ac83a36cb2df92516b8a5621f243e8f92133c88c4e7e7b7f4a1ec7f5656f2804df42b0aaac04ab7b18a65a4e968cdda22381d509232aeb935a11d113005d07956f0214927a7d9aa9b9beb91736314385a5db953387b085fcdf61811bf7365984a20f0c0240d02df6ae29e8756a63ae682a7145f855bb8d6ab6839ba235f9c933ec2c3099e81e044a1f78b44c177ef977326b795d70a34b3d1902232f199b69b7f17ff291e9e81951647d4de954d61463684edec414e239d843cabb55e5412ad66effa565fe7ebdba78fbd5eb6e48174159ba1976ff88de74dc4b8bb2da22667fac2663f1a7c2df270a3789c5a3a598b1dfc17b3ed436efc417855e1bb9d3607cb8c17adc2bcdd5ae685e7f4e3be3da12aae4ab08b384b9a6bcc090652a6a40973a5593676d90e2ea0f78b5a2b271fd58cc0e14e7133f7eabd22cc3ce62eb8cd881f554230c58638029ea6afb3984dfc2288acee074b100178a1574f7bc2770871237f7a612c0f5b721431123e8dbcc3a33b2337a8d841943ffcdb48c71cb6a55090b4fe2c617e2e1d49f9c77e8876c0b691972f1d0806c0f8c4158b8825b50783e7d26c106d5ea4877d21d89637c184a8c97d884c837c04afaa14ca0e3ba8b5d5915b9e1e401c1e5048c4c0c6d2ffa3247b3053cbde415c1ec49e6236a2de04509b42fb06e58242625f318216031d696a64dea8214a6ef0ba033aea84d74cb9a397c831b42a3857e9c859e3cf6d98f58c62de297088a37988b8d063bf0674ff023c404936394993edc368bcb5785d1a1e1a3ce869d9b4e7f9f9f27745c5dcab185698eeeb151d2ce2cfba0b9a0483a40fb38d0c598bd8a01411b14133db1b78c46ccf681bf07026ba2e136673ba42092badac346258e3f3fd5e939779211e0ab7ce35ddf7e39ff31e95a1b4b194f6d8ed6de14720db1ab3cf3a5b39cd4ef1ddc0e7dabec6e6a2a25cd45588eeac5e0f653d4b0ad728cd1c9a9f9ee15bfbd01ba59989a1855f52e6e74e316b6039122b6ce9e0d0e9c726b78689f2e81063763e75e784ded5ac12e343aa196fea264a413b183119f53b9953d29492232bcc9e9c71599dfd36b2ef85388ee1d037f61d734e8174198fe7b7cc94958db847e21affd576b93e016c644af946178758408a9a8ab3c3b041b4109768a67e865edbe047dc7449576497cc259b62964ca1af40ea97301a86325a116ea548a165a8d00c5f3027514fb926e6cf260c1694ff618c36270f2d5aa0579adbf2c334761d27b3b5be84d4231d607794fb88b8cebe8906aacb990cb701ffce5d25ead297e36a527ef832a0220cb7032d4275da1ed21b4b24566dc5e209d6f82b53b423d15b55a4df22d4b7ac36d6743f30cbb1cd7f08cf7346d8d13289d6e392d3c286f88826ee72cc11d80d4267f534018041717097242cd01d0691e6ec6d1ba769259185af2dce390d74418753e020d1046d286afd513765fee1da70b2b78f2f4d48f00bd0abf3049a1f82599bf618155956449b47953f7b15ca750c42b8831f97b85e3a2654db25ddaeca95c3f682f69a2894896c354aacbb2c7a91c3888638d65d2b13ee58e4826f61cea07aa20b26ff2c60d331c598c20e40d1d86ca06f78067fd59b74508e6277586383e9fb889f6b7fe9fe6a31c1cfeb7d4dfcd258618efdfffe849b241ef16487e7cc2f2cb11cdff67c9c770e5222753ef9ade557274f03b70df9ed840f8125d5e1e27a0da249772a978b9d6ed08cdf091a051ada719dc4632afe8d1377418ca6d91619da02287577489d7effcbd0ad5908e86d2bb46e6cba1eb07264f514bacbdd88898ec9f00cf2143de3ae82fb74184b6a44707ac06fe5b9144b0906d0ffa07729c3999edd50a8b9292e0c18ecf57b095970538c92084176a801760b270ff4a0212f360c3d28f7a27474778ff366e7a3f62f27d91788cd54612808b6a44aa8532d8148b1051ab685113161a7760678f1a668374690b4b77442ee21ab0f7b3c523e4cb799b58f9dc81"}}}}}}}, 0x0) r0 = syz_open_dev$cec(&(0x7f0000000080)='/dev/cec#\x00', 0x0, 0x2) syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0xb3, 0x40000) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f00000000c0)={0x1, @time={0x77359400}, 0x2, {0x100000001, 0x3ffc000000}, 0x2, 0x0, 0x9}) bpf$BPF_PROG_GET_NEXT_ID(0xb, &(0x7f0000000000)=0x7f, 0x4) 03:36:23 executing program 2 (fault-call:4 fault-nth:92): r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca50d5e0bcfe47bf070") mkdir(&(0x7f00000001c0)='./file0\x00', 0x0) mkdir(&(0x7f0000000040)='./file1\x00', 0x0) mount$overlay(0x40000a, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='overlay\x00', 0x0, &(0x7f0000000100)={[{@upperdir={'upperdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './file1'}, 0x5c}], [], 0xf603000000000000}) 03:36:23 executing program 0: r0 = syz_open_dev$sndpcmc(&(0x7f0000000100)='/dev/snd/pcmC#D#c\x00', 0x0, 0x608b41) ioctl$VT_GETMODE(r0, 0x5601, &(0x7f0000000200)) bpf$OBJ_GET_PROG(0x7, 0x0, 0xfffffffffffffede) getpeername$ax25(r0, &(0x7f0000000240)={{0x3, @netrom}, [@remote, @remote, @rose, @netrom, @default, @remote, @default, @bcast]}, &(0x7f00000002c0)=0x48) accept4$alg(r0, 0x0, 0x0, 0x80000) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$xfs(&(0x7f0000000140)='xfs\x00', &(0x7f0000000000)='./file0\x00', 0xffffffff, 0x1, &(0x7f00000000c0)=[{&(0x7f0000000040)="5846534200001000000000000000100000000000000000000000000000000000984f0b5042b64b06bc86cba3e6cc3f80020000000000000000000000000000800000f9ffffffff8000000000000000821c000001000010000000000100000000000006c034a40200010000100700000000000000000000000c090804", 0x7c}], 0x0, 0x0) openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) openat$vnet(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/vhost-net\x00', 0x2, 0x0) 03:36:26 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca50d5e0bcfe47bf070") mkdir(&(0x7f00000001c0)='./file0\x00', 0x0) mkdir(&(0x7f0000000040)='./file1\x00', 0x0) mount$overlay(0x40000a, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='overlay\x00', 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB='upperdir=./file0,lpwerdir=./file0,workdir=./file1\\\x00']) r1 = openat$selinux_commit_pending_bools(0xffffffffffffff9c, &(0x7f0000000080)='/selinux/commit_pending_bools\x00', 0x1, 0x0) ioctl$TIOCGPTPEER(r1, 0x5441, 0x401) 03:36:26 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x822102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg$netlink(0xffffffffffffffff, &(0x7f0000001dc0)={0x0, 0x0, &(0x7f00000000c0)=[{0x0, 0xfffffffffffffce2}, {0x0, 0x15e}, {0x0, 0x2c3}, {&(0x7f0000000000)=ANY=[@ANYBLOB="b803010000000020000000000000000000"], 0x9c}], 0x4}, 0x0) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x0) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 03:36:26 executing program 3: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000200)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000003c0)='./file0\x00') openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffe000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) 03:36:26 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$inet(0x10, 0x10000000003, 0x3958800000000000) r2 = dup2(r1, r1) sendmsg(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000000c0)="24000000fa0307041dfffdd46fa2830020200a0009ed0300001d85680c1ba3a20400ff7e280000005304ffffba16a0aa1c0009b356da5a80d18b6e06e9fd62662455a4df49d05343793cec4c", 0x4c}], 0x1}, 0x0) 03:36:26 executing program 5: syz_open_dev$sndtimer(&(0x7f0000000100)='/dev/snd/timer\x00', 0x0, 0xc2) r0 = memfd_create(&(0x7f0000000040)='\x00\xac=\x9d\xd2\xdb\xe6\xbf\xb4\b\xedcJ\x8e\x84\xd4N\x12\x9b\x1f\t\xbd\x11+\x86T\x16\xa3\xb3\xae0\x9f9?\xefo\xa4k\x012>\xa1\x9c\x86x\x1c\x9f\x84\x195\xde\x97_\t~\xf3Y\x12\"p^\xc1\x0f', 0x0) pipe2(&(0x7f00000001c0)={0xffffffffffffffff}, 0x80000) r2 = syz_genetlink_get_family_id$tipc2(0x0) sendmsg$TIPC_NL_PUBL_GET(r1, &(0x7f00000004c0)={&(0x7f0000000200), 0xc, &(0x7f0000000400)={&(0x7f0000000700)=ANY=[@ANYBLOB="f800b900ee6059aa5bf14ff6a69df6cf78598587885cc2979be4d33804ce45cf25a023e9d85b90b16d1c4f676e9d8d20b58f8357894ddc76b8621dbea8fcf60e000000000000beb107743e7f8356bb1b4c0de66bec6f53d13682abef3e61e52e81ef49b7430113f3811d3f04cf033549732f89d78a64aad3db174f0fa25aae831eb197865d", @ANYRES16=r2, @ANYBLOB="00012abd7000fedbdf25070000002400020008000100a400000008000100800000000800010000000000080001000600000068000100080003000000000008000300ff000000380004001400010002004e20e00000020000000000000000200002000a00000000000005ff010000000000000000000000000001060000000c00020008000300f7e50000100001007564703a73797a3100000000140009000800010002000000080002005f03000020000200080002003200000004000400080001000500000008000100fdffffff24000900080001000400000008000200348bffff08000100020000000800010000000100d38e0166af14aef0fed3fe37ccb98b8e1d618758710bcc343515620b7485b2e5d34afd97798864139f9bd4a82584dd5fa513b207b6aed55e6fa9e1a400b4c5cfda809f61fa901ac4e4a13376e03f6d591f4663839b5b00066e998ace"], 0xf8}, 0x1, 0x0, 0x0, 0x40000}, 0x20004010) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='Cpuacct.stE\xae\x00', 0x275a, 0x0) r3 = creat(&(0x7f0000000080)='./bus\x00', 0x0) fallocate(r3, 0x0, 0x0, 0x1) read$eventfd(r3, &(0x7f00000003c0), 0x8) fallocate(r0, 0xe, 0x6, 0xffffffffffff5a11) r4 = creat(&(0x7f0000000280)='./bus\x00', 0x80) r5 = socket$inet6(0xa, 0x400000000001, 0x0) r6 = fcntl$getown(r4, 0x9) capget(&(0x7f00000000c0)={0x20080522, r6}, &(0x7f0000000140)={0x1, 0x8000, 0x81, 0x40, 0xfffffffff0520d4f, 0x5}) r7 = dup(r5) ioctl$FICLONE(0xffffffffffffffff, 0x40049409, r5) setsockopt$inet6_tcp_int(r7, 0x6, 0x12, &(0x7f0000000000)=0x7f, 0x4) bind$inet6(r5, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r5, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$SO_BINDTODEVICE(r5, 0x1, 0x19, &(0x7f0000000180)='syz_tun\x00', 0x10) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x400}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r8 = open(&(0x7f0000000440)='./bus\x00', 0x141042, 0x0) ftruncate(r4, 0x800fe) sendfile(r7, r8, 0x0, 0x8000fffffffe) 03:36:26 executing program 1: r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snapshot\x00', 0x20000, 0x0) getpeername$tipc(r0, &(0x7f0000000040)=@id, &(0x7f0000000080)=0x10) setsockopt$inet_sctp_SCTP_DISABLE_FRAGMENTS(r0, 0x84, 0x8, &(0x7f00000000c0)=0x81, 0x4) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000240)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-cipher_null\x00'}, 0x58) r2 = accept4(r1, 0x0, 0x0, 0x80000) getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r0, 0x84, 0x7c, &(0x7f0000000180)={0x0, 0xfff, 0x4}, &(0x7f0000000200)=0x8) getsockopt$inet_sctp_SCTP_MAXSEG(r2, 0x84, 0xd, &(0x7f00000002c0)=@assoc_value={r3, 0xffffffffffffff7f}, &(0x7f0000000300)=0x8) openat$selinux_relabel(0xffffffffffffff9c, &(0x7f0000000340)='/selinux/relabel\x00', 0x2, 0x0) ioctl$DRM_IOCTL_GEM_OPEN(r0, 0xc010640b, &(0x7f0000000100)={0x0, 0x0, 0x6}) ioctl$DRM_IOCTL_GEM_CLOSE(r0, 0x40086409, &(0x7f0000000140)={r4}) r5 = syz_open_procfs(0x0, &(0x7f00000001c0)='pagemap\x00') sendfile(r2, r5, 0x0, 0x5000000000043f) [ 547.559917] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=1018 sclass=netlink_route_socket pig=21816 comm=syz-executor.0 [ 547.561751] overlayfs: unrecognized mount option "lpwerdir=./file0" or missing value 03:36:26 executing program 1: r0 = openat$zero(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/zero\x00', 0x0, 0x0) ioctl$TUNSETVNETLE(r0, 0x400454dc, &(0x7f0000000240)) init_module(&(0x7f00000000c0)='\x00', 0x1, 0x0) r1 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ashmem\x00', 0x0, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) r3 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) unshare(0x20600) getgid() getgroups(0x0, &(0x7f00000003c0)) r4 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_ADD(r4, 0x4c80, 0x0) r5 = openat$selinux_status(0xffffffffffffff9c, &(0x7f0000000100)='/selinux/status\x00', 0x0, 0x0) setsockopt$netlink_NETLINK_PKTINFO(0xffffffffffffffff, 0x10e, 0x3, 0x0, 0x0) fcntl$setown(r1, 0x8, 0x0) r6 = ioctl$LOOP_CTL_GET_FREE(r5, 0x4c82) ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, r6) r7 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000280)='TIPCv2\x00') sendmsg$TIPC_NL_SOCK_GET(r3, &(0x7f0000000540)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000500)={&(0x7f0000000300)={0x1dc, r7, 0x20, 0x70bd2b, 0x25dfdbfe, {}, [@TIPC_NLA_BEARER={0x108, 0x1, [@TIPC_NLA_BEARER_UDP_OPTS={0x2c, 0x4, {{0x14, 0x1, @in={0x2, 0x4e23, @local}}, {0x14, 0x2, @in={0x2, 0x4e23, @multicast2}}}}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x3ff}, @TIPC_NLA_BEARER_PROP={0x44, 0x2, [@TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x2}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x20}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x4}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x19}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x1}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0xffffffffffff7fff}]}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0xf11, @local}}, {0x20, 0x2, @in6={0xa, 0x4e21, 0x0, @mcast1, 0x51e}}}}, @TIPC_NLA_BEARER_PROP={0x54, 0x2, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x2}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x2}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1f}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x9}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8001}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xffffffffffff8000}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x101}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x7}]}]}, @TIPC_NLA_NODE={0x38, 0x6, [@TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x4}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x2}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x99}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_UP={0x4}]}, @TIPC_NLA_MEDIA={0x68, 0x5, [@TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}, @TIPC_NLA_MEDIA_PROP={0x24, 0x2, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xd}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x15}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8c48}]}, @TIPC_NLA_MEDIA_PROP={0x14, 0x2, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x9}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x10}]}, @TIPC_NLA_MEDIA_PROP={0x14, 0x2, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x10001}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0xfffffffffffffff7}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'ib\x00'}]}, @TIPC_NLA_SOCK={0x4}, @TIPC_NLA_MON={0x1c, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xffff}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x3}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x80000001}]}]}, 0x1dc}, 0x1, 0x0, 0x0, 0x20000001}, 0x4) syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00') socket$inet_icmp_raw(0x2, 0x3, 0x1) syz_emit_ethernet(0x0, 0x0, 0x0) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) prctl$PR_SET_FP_MODE(0x2d, 0x2) inotify_add_watch(r5, &(0x7f00000002c0)='./bus\x00', 0x800) inotify_rm_watch(r5, 0x0) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r2, 0x6, 0x14, &(0x7f0000000040), 0x4) open(&(0x7f0000000140)='./bus\x00', 0x141042, 0x0) ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x40305828, 0x0) 03:36:26 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x822102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg$netlink(0xffffffffffffffff, &(0x7f0000001dc0)={0x0, 0x0, &(0x7f00000000c0)=[{0x0, 0xfffffffffffffce2}, {0x0, 0x15e}, {0x0, 0x2c3}, {&(0x7f0000000000)=ANY=[@ANYBLOB="b803010000000020000000000000000000"], 0x9c}], 0x4}, 0x0) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x0) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 03:36:26 executing program 3: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000200)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000003c0)='./file0\x00') openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffe000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) [ 547.631973] overlayfs: unrecognized mount option "lpwerdir=./file0" or missing value [ 547.650169] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=1018 sclass=netlink_route_socket pig=21829 comm=syz-executor.0 03:36:26 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca50d5e0bcfe47bf070") setsockopt$sock_linger(r0, 0x1, 0xd, &(0x7f0000000100)={0x1, 0x1000}, 0x8) mkdir(&(0x7f00000001c0)='./file0\x00', 0x0) mkdir(&(0x7f0000000040)='./file1\x00', 0x0) mount$overlay(0x40000a, &(0x7f0000000140)='./file1\x00', &(0x7f00000000c0)='overlay\x00', 0x8000, &(0x7f0000000180)=ANY=[@ANYBLOB="776f726b6469723d2e2f5ab71a0d1325eba4488ccc966f432569726451ba3d2e2f66696c65302c6e66735f6578706f72743d6f6e5c00"]) rt_sigsuspend(&(0x7f0000000080)={0x87d0}, 0x8) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000200)={0x0}, &(0x7f0000000240)=0xc) wait4(r1, &(0x7f0000000280), 0x4, 0x0) 03:36:26 executing program 0: r0 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000040)='/dev/qat_adf_ctl\x00', 0x400000, 0x0) getsockopt$inet_sctp_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f0000000080), &(0x7f00000000c0)=0x4) ioctl$NBD_DISCONNECT(r0, 0xab08) readlink(&(0x7f0000000100)='./file0\x00', &(0x7f0000000140), 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000440)='./file0\x00', 0x1000, 0x1, &(0x7f00000002c0)=[{&(0x7f00000004c0)="eb64c86d4f66632e66617400020441000500077008f800009aa7eb1d65e2ffaae223d8c32d8c00000100f9d9edc828caf3", 0x2a, 0x8}], 0x0, 0x0) getresuid(&(0x7f0000000200), &(0x7f0000000240)=0x0, &(0x7f0000000280)) ioctl$PPPIOCDISCONN(r0, 0x7439) getresuid(&(0x7f0000000300), &(0x7f0000000340)=0x0, &(0x7f0000000380)) mount$9p_unix(&(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='./file0\x00', &(0x7f00000001c0)='9p\x00', 0x20, &(0x7f00000003c0)={'trans=unix,', {[{@noextend='noextend'}, {@afid={'afid', 0x3d, 0x3}}], [{@uid_lt={'uid<', r1}}, {@uid_gt={'uid>', r2}}, {@smackfsroot={'smackfsroot', 0x3d, '\'\'\'!system!'}}]}}) 03:36:26 executing program 3: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000200)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000003c0)='./file0\x00') openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffe000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) 03:36:26 executing program 5: syz_open_dev$sndtimer(&(0x7f0000000100)='/dev/snd/timer\x00', 0x0, 0xc2) r0 = memfd_create(&(0x7f0000000040)='\x00\xac=\x9d\xd2\xdb\xe6\xbf\xb4\b\xedcJ\x8e\x84\xd4N\x12\x9b\x1f\t\xbd\x11+\x86T\x16\xa3\xb3\xae0\x9f9?\xefo\xa4k\x012>\xa1\x9c\x86x\x1c\x9f\x84\x195\xde\x97_\t~\xf3Y\x12\"p^\xc1\x0f', 0x0) pipe2(&(0x7f00000001c0), 0x80000) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000240)='TIPCv2\x00') sendmsg$TIPC_NL_PUBL_GET(0xffffffffffffffff, &(0x7f00000004c0)={&(0x7f0000000200), 0xc, &(0x7f0000000400)={&(0x7f0000000700)=ANY=[@ANYBLOB="f800b900ee6059aa5bf14ff6a69df6cf78598587885cc2979be4d33804ce45cf25a023e9d85b90b16d1c4f676e9d8d20b58f8357894ddc76b8621dbea8fcf60e000000000000beb107743e7f8356bb1b4c0de66bec6f53d13682abef3e61e52e81ef49b7430113f3811d3f04cf033549732f89d78a64aad3db174f0fa25aae831eb197865d", @ANYRES16=r1, @ANYBLOB="00012abd7000fedbdf25070000002400020008000100a400000008000100800000000800010000000000080001000600000068000100080003000000000008000300ff000000380004001400010002004e20e00000020000000000000000200002000a00000000000005ff010000000000000000000000000001060000000c00020008000300f7e50000100001007564703a73797a3100000000140009000800010002000000080002005f03000020000200080002003200000004000400080001000500000008000100fdffffff24000900080001000400000008000200348bffff08000100020000000800010000000100d38e0166af14aef0fed3fe37ccb98b8e1d618758710bcc343515620b7485b2e5d34afd97798864139f9bd4a82584dd5fa513b207b6aed55e6fa9e1a400b4c5cfda809f61fa901ac4e4a13376e03f6d591f4663839b5b00066e998ace"], 0xf8}, 0x1, 0x0, 0x0, 0x40000}, 0x20004010) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='Cpuacct.stE\xae\x00', 0x275a, 0x0) r2 = creat(&(0x7f0000000080)='./bus\x00', 0x0) fallocate(r2, 0x0, 0x0, 0x1) read$eventfd(r2, &(0x7f00000003c0), 0x8) fallocate(r0, 0xe, 0x6, 0xffffffffffff5a11) r3 = creat(&(0x7f0000000280)='./bus\x00', 0x80) r4 = socket$inet6(0xa, 0x400000000001, 0x0) r5 = fcntl$getown(r3, 0x9) capget(&(0x7f00000000c0)={0x20080522, r5}, &(0x7f0000000140)={0x1, 0x8000, 0x81, 0x40, 0xfffffffff0520d4f, 0x5}) r6 = dup(r4) ioctl$FICLONE(0xffffffffffffffff, 0x40049409, r4) setsockopt$inet6_tcp_int(r6, 0x6, 0x12, &(0x7f0000000000)=0x7f, 0x4) bind$inet6(r4, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r4, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$SO_BINDTODEVICE(r4, 0x1, 0x19, &(0x7f0000000180)='syz_tun\x00', 0x10) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x400}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r7 = open(&(0x7f0000000440)='./bus\x00', 0x141042, 0x0) ftruncate(r3, 0x800fe) sendfile(r6, r7, 0x0, 0x8000fffffffe) 03:36:26 executing program 0: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000480)=@acquire={0x16c, 0x17, 0x1, 0x0, 0x0, {{@in=@multicast1}, @in6=@ipv4={[], [], @dev}, {@in=@loopback, @in6=@local}, {{@in, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0x2}}}, [@tmpl={0x44, 0x5, [{{@in6=@mcast1}, 0x3, @in=@multicast1, 0x0, 0x3301}]}]}, 0x16c}}, 0x0) r1 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000000)='/proc/capi/capi20ncci\x00', 0x200, 0x0) setsockopt$inet6_MCAST_JOIN_GROUP(r1, 0x29, 0x2a, &(0x7f0000000280)={0x6, {{0xa, 0x4e20, 0x5, @ipv4={[], [], @empty}, 0x3}}}, 0x88) [ 547.842496] overlayfs: unrecognized mount option "nfs_export=on\" or missing value 03:36:26 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) pipe2(&(0x7f0000000000)={0xffffffffffffffff}, 0x80000) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000ffc000/0x3000)=nil, 0x3000}, 0x1}) bind$nfc_llcp(r1, &(0x7f00000000c0)={0x27, 0x1, 0x0, 0x0, 0x0, 0x0, "4879a53185a0c42c067876d20ee26538c286608245a5da961cf31aac4844becd775c77e64cf64889157b7d02789bf48180331c117566f95f413ddbb53bd633"}, 0x60) [ 547.910122] net_ratelimit: 18 callbacks suppressed [ 547.910128] protocol 88fb is buggy, dev hsr_slave_0 [ 547.920182] protocol 88fb is buggy, dev hsr_slave_1 03:36:26 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca50d5e0bcfe47bf070") r1 = socket$netlink(0x10, 0x3, 0x8000000004) writev(r1, &(0x7f00000000c0)=[{&(0x7f0000000300)="580000001400192340834b80040d8c5602067fbc45ff810500000000000058000b480400945f64009400050028925a01000000000000008000f0fffeffe809000000fff5dd0000001000010006081000418e00000004fcff", 0x58}], 0x1) r2 = openat$autofs(0xffffffffffffff9c, &(0x7f0000001840)='/dev/autofs\x00', 0x40000, 0x0) ioctl$EVIOCGVERSION(r2, 0x80044501, &(0x7f0000000040)=""/48) setsockopt$X25_QBITINCL(r2, 0x106, 0x1, &(0x7f0000001880), 0x4) 03:36:26 executing program 3: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000200)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000003c0)='./file0\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x0, &(0x7f0000ffe000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) 03:36:26 executing program 0: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) write(0xffffffffffffffff, &(0x7f0000000040)="2400000052001f", 0x7) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0xa, 0x80803, 0x9) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'veth1_to_bond\x00', 0x0}) sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0xffffffffffffffbb, &(0x7f0000000140)={&(0x7f0000000000)=@ipv6_newaddr={0x40, 0x14, 0x509, 0x0, 0x0, {0x2, 0x0, 0x0, 0x0, r3}, [@IFA_CACHEINFO={0x14, 0x6, {0x0, 0xf0ffff01000000}}, @IFA_LOCAL={0x14, 0x2, @local}]}, 0x14c}}, 0x0) 03:36:27 executing program 1: r0 = socket$inet6(0xa, 0x1, 0x0) connect$inet6(r0, &(0x7f0000000240)={0xa, 0x0, 0x0, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x1c}}}, 0x1c) r1 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dlm_plock\x00', 0x20002, 0x0) r2 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0)='TIPC\x00') sendmsg$TIPC_CMD_GET_MEDIA_NAMES(r1, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0xa0000}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x1c, r2, 0x200, 0x70bd26, 0x25dfdbfe, {}, [""]}, 0x1c}, 0x1, 0x0, 0x0, 0x40}, 0x8ee038d28bd6260) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000280)={{{@in6=@initdev, @in6=@ipv4={[], [], @initdev}, 0x0, 0x0, 0x0, 0x0, 0x80000002}, {}, {}, 0x0, 0x0, 0x400000000001}, {{@in6=@empty, 0x0, 0x33}, 0x0, @in6=@rand_addr="8680c7235bf6dc2f3ff3df464ccc9dbb"}}, 0xe8) connect$inet6(r0, &(0x7f0000000040), 0x1c) [ 548.310156] protocol 88fb is buggy, dev hsr_slave_0 [ 548.315294] protocol 88fb is buggy, dev hsr_slave_1 [ 548.550209] protocol 88fb is buggy, dev hsr_slave_0 [ 548.555358] protocol 88fb is buggy, dev hsr_slave_1 [ 548.560500] protocol 88fb is buggy, dev hsr_slave_0 [ 548.565565] protocol 88fb is buggy, dev hsr_slave_1 [ 548.610681] overlayfs: unrecognized mount option "nfs_export=on\" or missing value [ 548.960140] protocol 88fb is buggy, dev hsr_slave_0 [ 548.965288] protocol 88fb is buggy, dev hsr_slave_1 03:36:29 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x822102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg$netlink(0xffffffffffffffff, &(0x7f0000001dc0)={0x0, 0x0, &(0x7f00000000c0)=[{0x0, 0xfffffffffffffce2}, {0x0, 0x15e}, {0x0, 0x2c3}, {&(0x7f0000000000)=ANY=[@ANYBLOB="b803010000000020000000000000000000"], 0x9c}], 0x4}, 0x0) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x4) ptrace$cont(0xffffffffffffffff, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 03:36:29 executing program 3: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000200)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000003c0)='./file0\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x0, &(0x7f0000ffe000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) 03:36:29 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000400)='/dev/kvm\x00', 0x100000, 0x0) pipe2(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x800) r2 = inotify_add_watch(0xffffffffffffffff, &(0x7f0000000080)='./file0\x00', 0x4000845) inotify_rm_watch(r1, r2) r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000015000/0x1000)=nil}) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff], 0x1f004}) ioctl$KVM_RUN(r4, 0xae80, 0x0) r5 = openat$null(0xffffffffffffff9c, &(0x7f0000000140)='/dev/null\x00', 0x28000, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(r5, 0x84, 0x6e, &(0x7f0000000440)=[@in={0x2, 0x4e22, @empty}], 0x10) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f00000002c0)) ioctl$KVM_DEASSIGN_PCI_DEVICE(0xffffffffffffffff, 0x4040ae72, &(0x7f0000000040)={0x0, 0x0, 0x80000000, 0x0, 0x1ff}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe5000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setresgid(0x0, 0xee00, 0x0) setgroups(0x0, 0x0) setresuid(0x0, 0xfffe, 0xffffffffffffffff) shmget$private(0x0, 0x2000, 0x3fffe, &(0x7f0000ffe000/0x2000)=nil) 03:36:29 executing program 5: syz_open_dev$sndtimer(&(0x7f0000000100)='/dev/snd/timer\x00', 0x0, 0xc2) r0 = memfd_create(&(0x7f0000000040)='\x00\xac=\x9d\xd2\xdb\xe6\xbf\xb4\b\xedcJ\x8e\x84\xd4N\x12\x9b\x1f\t\xbd\x11+\x86T\x16\xa3\xb3\xae0\x9f9?\xefo\xa4k\x012>\xa1\x9c\x86x\x1c\x9f\x84\x195\xde\x97_\t~\xf3Y\x12\"p^\xc1\x0f', 0x0) pipe2(&(0x7f00000001c0), 0x80000) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000240)='TIPCv2\x00') sendmsg$TIPC_NL_PUBL_GET(0xffffffffffffffff, &(0x7f00000004c0)={&(0x7f0000000200), 0xc, &(0x7f0000000400)={&(0x7f0000000700)=ANY=[@ANYBLOB="f800b900ee6059aa5bf14ff6a69df6cf78598587885cc2979be4d33804ce45cf25a023e9d85b90b16d1c4f676e9d8d20b58f8357894ddc76b8621dbea8fcf60e000000000000beb107743e7f8356bb1b4c0de66bec6f53d13682abef3e61e52e81ef49b7430113f3811d3f04cf033549732f89d78a64aad3db174f0fa25aae831eb197865d", @ANYRES16=r1, @ANYBLOB="00012abd7000fedbdf25070000002400020008000100a400000008000100800000000800010000000000080001000600000068000100080003000000000008000300ff000000380004001400010002004e20e00000020000000000000000200002000a00000000000005ff010000000000000000000000000001060000000c00020008000300f7e50000100001007564703a73797a3100000000140009000800010002000000080002005f03000020000200080002003200000004000400080001000500000008000100fdffffff24000900080001000400000008000200348bffff08000100020000000800010000000100d38e0166af14aef0fed3fe37ccb98b8e1d618758710bcc343515620b7485b2e5d34afd97798864139f9bd4a82584dd5fa513b207b6aed55e6fa9e1a400b4c5cfda809f61fa901ac4e4a13376e03f6d591f4663839b5b00066e998ace"], 0xf8}, 0x1, 0x0, 0x0, 0x40000}, 0x20004010) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='Cpuacct.stE\xae\x00', 0x275a, 0x0) r2 = creat(&(0x7f0000000080)='./bus\x00', 0x0) fallocate(r2, 0x0, 0x0, 0x1) read$eventfd(r2, &(0x7f00000003c0), 0x8) fallocate(r0, 0xe, 0x6, 0xffffffffffff5a11) r3 = creat(&(0x7f0000000280)='./bus\x00', 0x80) r4 = socket$inet6(0xa, 0x400000000001, 0x0) r5 = fcntl$getown(r3, 0x9) capget(&(0x7f00000000c0)={0x20080522, r5}, &(0x7f0000000140)={0x1, 0x8000, 0x81, 0x40, 0xfffffffff0520d4f, 0x5}) r6 = dup(r4) ioctl$FICLONE(0xffffffffffffffff, 0x40049409, r4) setsockopt$inet6_tcp_int(r6, 0x6, 0x12, &(0x7f0000000000)=0x7f, 0x4) bind$inet6(r4, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r4, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$SO_BINDTODEVICE(r4, 0x1, 0x19, &(0x7f0000000180)='syz_tun\x00', 0x10) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x400}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r7 = open(&(0x7f0000000440)='./bus\x00', 0x141042, 0x0) ftruncate(r3, 0x800fe) sendfile(r6, r7, 0x0, 0x8000fffffffe) 03:36:29 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca50d5e0bcfe47bf070") mkdir(&(0x7f00000001c0)='./file0\x00', 0x0) mkdir(&(0x7f0000000040)='./file1\x00', 0x0) r1 = syz_open_dev$usbmon(&(0x7f0000000080)='/dev/usbmon#\x00', 0x1f, 0x2) mknodat(r1, &(0x7f0000000140)='./file1\x00', 0xc000, 0x7fff) mount$overlay(0x40000a, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='overlay\x00', 0x0, &(0x7f0000000100)={[{@upperdir={'upperdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './file1'}, 0x5c}], [], 0xf603000000000000}) 03:36:29 executing program 1: syz_open_dev$sndtimer(&(0x7f0000000100)='/dev/snd/timer\x00', 0x0, 0xc2) r0 = memfd_create(&(0x7f0000000040)='\x00\xac=\x9d\xd2\xdb\xe6\xbf\xb4\b\xedcJ\x8e\x84\xd4N\x12\x9b\x1f\t\xbd\x11+\x86T\x16\xa3\xb3\xae0\x9f9?\xefo\xa4k\x012>\xa1\x9c\x86x\x1c\x9f\x84\x195\xde\x97_\t~\xf3Y\x12\"p^\xc1\x0f', 0x0) pipe2(&(0x7f00000001c0), 0x80000) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000240)='TIPCv2\x00') sendmsg$TIPC_NL_PUBL_GET(0xffffffffffffffff, &(0x7f00000004c0)={&(0x7f0000000200), 0xc, &(0x7f0000000400)={&(0x7f0000000700)=ANY=[@ANYBLOB="f800b900ee6059aa5bf14ff6a69df6cf78598587885cc2979be4d33804ce45cf25a023e9d85b90b16d1c4f676e9d8d20b58f8357894ddc76b8621dbea8fcf60e000000000000beb107743e7f8356bb1b4c0de66bec6f53d13682abef3e61e52e81ef49b7430113f3811d3f04cf033549732f89d78a64aad3db174f0fa25aae831eb197865d", @ANYRES16=r1, @ANYBLOB="00012abd7000fedbdf25070000002400020008000100a400000008000100800000000800010000000000080001000600000068000100080003000000000008000300ff000000380004001400010002004e20e00000020000000000000000200002000a00000000000005ff010000000000000000000000000001060000000c00020008000300f7e50000100001007564703a73797a3100000000140009000800010002000000080002005f03000020000200080002003200000004000400080001000500000008000100fdffffff24000900080001000400000008000200348bffff08000100020000000800010000000100d38e0166af14aef0fed3fe37ccb98b8e1d618758710bcc343515620b7485b2e5d34afd97798864139f9bd4a82584dd5fa513b207b6aed55e6fa9e1a400b4c5cfda809f61fa901ac4e4a13376e03f6d591f4663839b5b00066e998ace"], 0xf8}, 0x1, 0x0, 0x0, 0x40000}, 0x20004010) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='Cpuacct.stE\xae\x00', 0x275a, 0x0) r2 = creat(&(0x7f0000000080)='./bus\x00', 0x0) fallocate(r2, 0x0, 0x0, 0x1) read$eventfd(r2, &(0x7f00000003c0), 0x8) fallocate(r0, 0xe, 0x6, 0xffffffffffff5a11) r3 = creat(&(0x7f0000000280)='./bus\x00', 0x80) r4 = socket$inet6(0xa, 0x400000000001, 0x0) r5 = fcntl$getown(r3, 0x9) capget(&(0x7f00000000c0)={0x20080522, r5}, &(0x7f0000000140)={0x1, 0x8000, 0x81, 0x40, 0xfffffffff0520d4f, 0x5}) r6 = dup(r4) ioctl$FICLONE(0xffffffffffffffff, 0x40049409, r4) setsockopt$inet6_tcp_int(r6, 0x6, 0x12, &(0x7f0000000000)=0x7f, 0x4) bind$inet6(r4, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r4, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$SO_BINDTODEVICE(r4, 0x1, 0x19, &(0x7f0000000180)='syz_tun\x00', 0x10) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x400}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r7 = open(&(0x7f0000000440)='./bus\x00', 0x141042, 0x0) ftruncate(r3, 0x800fe) sendfile(r6, r7, 0x0, 0x8000fffffffe) 03:36:29 executing program 3: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000200)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000003c0)='./file0\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x0, &(0x7f0000ffe000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) 03:36:29 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$dsp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x2, 0x0) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x37) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x2, 0x13}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r0, 0x0, 0x0) [ 550.785152] overlayfs: filesystem on './file0' not supported as upperdir 03:36:29 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca50d5e0bcfe47bf070") mkdir(&(0x7f0000000140)='./file1\x00', 0x100010004) mkdir(&(0x7f0000000040)='./file1\x00', 0x0) r1 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vcs\x00', 0x44000, 0x0) ioctl$UI_SET_PHYS(r1, 0x4008556c, &(0x7f0000000180)='syz1\x00') mount$overlay(0x40000a, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='overlay\x00', 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="75707065726426723d2e2f66696c65302c6c6f7765726469723d2e2f66696c653097a96f726b6469723d2e2f66696c65bc315c"]) 03:36:29 executing program 0: r0 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/avc/cache_stats\x00', 0x0, 0x0) getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, &(0x7f0000000080)={{{@in, @in6=@mcast1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@local}, 0x0, @in6=@loopback}}, &(0x7f0000000180)=0xe8) getresgid(&(0x7f00000001c0), &(0x7f0000000200)=0x0, &(0x7f0000000240)) fstat(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0}) fstat(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000000380)={{{@in6=@local, @in6=@loopback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@loopback}, 0x0, @in=@dev}}, &(0x7f0000000480)=0xe8) r6 = getgid() getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, &(0x7f00000004c0)={{{@in=@initdev, @in6=@mcast1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@mcast1}, 0x0, @in=@loopback}}, &(0x7f00000005c0)=0xe8) getresgid(&(0x7f0000000600), &(0x7f0000000640)=0x0, &(0x7f0000000680)) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f00000006c0)={0x0, 0x0}, &(0x7f0000000700)=0xc) getgroups(0x3, &(0x7f0000000740)=[0xee00, 0xee00, 0xee00]) write$FUSE_DIRENTPLUS(r0, &(0x7f0000000b40)=ANY=[@ANYBLOB="60030000feffffff0600000000000000020000000000000001000000000000000180000000000000050000000000000008000000050000000000000000000000000800000000000000000100000000000010000000000000650700000000000001000000000000000000000002000000800800000104000040000000", @ANYRES32=r1, @ANYRES32=r2, @ANYBLOB="00000000020000000000000005000000000000000800007400000000130000000900000063707573657476626f786e657430776c616e30000000000004000000000000000100000000000000842a0000000000000800000000000000ffff0000018000000100000000000000030c000000000000ff7f0000000000000900000000000000f9ffffffffffffff0300003000000000040000005895ca7ac2870000ffffffff9d0000001107413b2fc8716af5ed582050ae55b180cae100dc3849624b1a5478ce12816ee20dc6", @ANYRES32=r3, @ANYRES32=r4, @ANYBLOB="ff0300000100000000000000060000000000000001000000000000001300000000000000706f7369785f61636c5f6163636573732f2d7d00000000000300000000000000000000000000000004000000000000000500000000000000190000001f0000000200000000000000070000000000000000000000010000000600000000000000080000000000000008000000000000000300000020000000030000000300000081000000", @ANYRES32=r5, @ANYRES32=r6, @ANYBLOB="fdffffff030000000000000002000000000000003b07000000000000140000000be90000292f637075736574237b747275737465643a5b2f00000000000000000000000003000000000000000000000000000000010000000000000056010000a4ca000005000000000000003f000000000000000500000000000000ff07000000000000ff00000000000000010100000000000036000000500000000400000009000000488d0000", @ANYRES32=r7, @ANYRES32=r8, @ANYBLOB="423669094000000000000000010000000000000003000000000000000600000004000000766d6e657431000001000000000000000000000000000000010000000000000061b1000000000000ffffff7fc0030000040000000000000000000000000000008f0a0000000000000000ff0f00000000000800000000000000100000000000000008000007000000000100000400000006000000", @ANYRES32=r9, @ANYRES32=r10, @ANYBLOB="90080000000000000000000002000000000000000200000000000000080000000900000076626f786e657431"], 0x360) r11 = socket$packet(0x11, 0x0, 0x300) setsockopt$SO_ATTACH_FILTER(r11, 0x1, 0x1a, &(0x7f0000fbe000)={0x2, &(0x7f0000000000)=[{0x45, 0x0, 0x0, 0xfffff004}, {0x80000006}]}, 0x10) 03:36:29 executing program 5: syz_open_dev$sndtimer(&(0x7f0000000100)='/dev/snd/timer\x00', 0x0, 0xc2) r0 = memfd_create(&(0x7f0000000040)='\x00\xac=\x9d\xd2\xdb\xe6\xbf\xb4\b\xedcJ\x8e\x84\xd4N\x12\x9b\x1f\t\xbd\x11+\x86T\x16\xa3\xb3\xae0\x9f9?\xefo\xa4k\x012>\xa1\x9c\x86x\x1c\x9f\x84\x195\xde\x97_\t~\xf3Y\x12\"p^\xc1\x0f', 0x0) pipe2(&(0x7f00000001c0), 0x80000) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000240)='TIPCv2\x00') sendmsg$TIPC_NL_PUBL_GET(0xffffffffffffffff, &(0x7f00000004c0)={&(0x7f0000000200), 0xc, &(0x7f0000000400)={&(0x7f0000000700)=ANY=[@ANYBLOB="f800b900ee6059aa5bf14ff6a69df6cf78598587885cc2979be4d33804ce45cf25a023e9d85b90b16d1c4f676e9d8d20b58f8357894ddc76b8621dbea8fcf60e000000000000beb107743e7f8356bb1b4c0de66bec6f53d13682abef3e61e52e81ef49b7430113f3811d3f04cf033549732f89d78a64aad3db174f0fa25aae831eb197865d", @ANYRES16=r1, @ANYBLOB="00012abd7000fedbdf25070000002400020008000100a400000008000100800000000800010000000000080001000600000068000100080003000000000008000300ff000000380004001400010002004e20e00000020000000000000000200002000a00000000000005ff010000000000000000000000000001060000000c00020008000300f7e50000100001007564703a73797a3100000000140009000800010002000000080002005f03000020000200080002003200000004000400080001000500000008000100fdffffff24000900080001000400000008000200348bffff08000100020000000800010000000100d38e0166af14aef0fed3fe37ccb98b8e1d618758710bcc343515620b7485b2e5d34afd97798864139f9bd4a82584dd5fa513b207b6aed55e6fa9e1a400b4c5cfda809f61fa901ac4e4a13376e03f6d591f4663839b5b00066e998ace"], 0xf8}, 0x1, 0x0, 0x0, 0x40000}, 0x20004010) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='Cpuacct.stE\xae\x00', 0x275a, 0x0) r2 = creat(&(0x7f0000000080)='./bus\x00', 0x0) fallocate(r2, 0x0, 0x0, 0x1) read$eventfd(r2, &(0x7f00000003c0), 0x8) fallocate(r0, 0xe, 0x6, 0xffffffffffff5a11) r3 = creat(&(0x7f0000000280)='./bus\x00', 0x80) r4 = socket$inet6(0xa, 0x400000000001, 0x0) r5 = fcntl$getown(r3, 0x9) capget(&(0x7f00000000c0)={0x20080522, r5}, &(0x7f0000000140)={0x1, 0x8000, 0x81, 0x40, 0xfffffffff0520d4f, 0x5}) r6 = dup(r4) ioctl$FICLONE(0xffffffffffffffff, 0x40049409, r4) setsockopt$inet6_tcp_int(r6, 0x6, 0x12, &(0x7f0000000000)=0x7f, 0x4) bind$inet6(r4, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r4, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$SO_BINDTODEVICE(r4, 0x1, 0x19, &(0x7f0000000180)='syz_tun\x00', 0x10) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x400}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r7 = open(&(0x7f0000000440)='./bus\x00', 0x141042, 0x0) ftruncate(r3, 0x800fe) sendfile(r6, r7, 0x0, 0x8000fffffffe) 03:36:29 executing program 3 (fault-call:6 fault-nth:0): mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000200)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000003c0)='./file0\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffe000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) [ 551.016017] FAULT_INJECTION: forcing a failure. [ 551.016017] name failslab, interval 1, probability 0, space 0, times 0 [ 551.028873] CPU: 0 PID: 21920 Comm: syz-executor.3 Not tainted 4.14.138 #34 [ 551.036003] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 551.045371] Call Trace: [ 551.047978] dump_stack+0x138/0x19c [ 551.051625] should_fail.cold+0x10f/0x159 [ 551.055783] should_failslab+0xdb/0x130 [ 551.059763] kmem_cache_alloc_node+0x287/0x780 [ 551.064366] ? get_pid_task+0x98/0x140 [ 551.068265] copy_process.part.0+0x17d5/0x6a00 [ 551.072854] ? save_trace+0x290/0x290 [ 551.076677] ? proc_fail_nth_write+0x7d/0x180 [ 551.081258] ? proc_cwd_link+0x1b0/0x1b0 [ 551.085319] ? __f_unlock_pos+0x19/0x20 [ 551.089300] ? find_held_lock+0x35/0x130 [ 551.093375] ? __cleanup_sighand+0x50/0x50 [ 551.097615] ? lock_downgrade+0x6e0/0x6e0 [ 551.101772] _do_fork+0x19e/0xce0 [ 551.105234] ? fork_idle+0x280/0x280 [ 551.108950] ? fput+0xd4/0x150 [ 551.112143] ? SyS_write+0x15e/0x230 [ 551.115863] SyS_clone+0x37/0x50 [ 551.119225] ? sys_vfork+0x30/0x30 [ 551.122769] do_syscall_64+0x1e8/0x640 [ 551.126654] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 551.131500] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 551.136689] RIP: 0033:0x459829 [ 551.139877] RSP: 002b:00007f74f3dd6c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 551.147602] RAX: ffffffffffffffda RBX: 00007f74f3dd6c90 RCX: 0000000000459829 [ 551.154878] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 551.154889] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 551.169431] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f74f3dd76d4 [ 551.169438] R13: 00000000004bfce6 R14: 00000000004d1a38 R15: 0000000000000004 [ 551.174619] x86/PAT: syz-executor.3:21920 freeing invalid memtype [mem 0x00002000-0x00002fff] [ 553.190152] net_ratelimit: 22 callbacks suppressed [ 553.195132] protocol 88fb is buggy, dev hsr_slave_0 [ 553.200203] protocol 88fb is buggy, dev hsr_slave_1 [ 553.205273] protocol 88fb is buggy, dev hsr_slave_0 [ 553.210306] protocol 88fb is buggy, dev hsr_slave_1 03:36:32 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x4) ioctl$FIBMAP(r0, 0x2284, &(0x7f0000000040)=0x102) 03:36:32 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca50d5e0bcfe47bf070") mkdir(&(0x7f00000001c0)='./file0\x00', 0x0) fcntl$getown(r0, 0x9) mkdir(&(0x7f0000000040)='./file1\x00', 0x0) mount$overlay(0x40000a, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='overlay\x00', 0x0, &(0x7f0000000100)={[{@upperdir={'upperdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './file1'}, 0x5c}], [], 0xf603000000000000}) 03:36:32 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x822102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg$netlink(0xffffffffffffffff, &(0x7f0000001dc0)={0x0, 0x0, &(0x7f00000000c0)=[{0x0, 0xfffffffffffffce2}, {0x0, 0x15e}, {0x0, 0x2c3}, {&(0x7f0000000000)=ANY=[@ANYBLOB="b803010000000020000000000000000000"], 0x9c}], 0x4}, 0x0) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x4) ptrace$cont(0xffffffffffffffff, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 03:36:32 executing program 3 (fault-call:6 fault-nth:1): mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000200)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000003c0)='./file0\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffe000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) 03:36:32 executing program 5: syz_open_dev$sndtimer(&(0x7f0000000100)='/dev/snd/timer\x00', 0x0, 0xc2) r0 = memfd_create(&(0x7f0000000040)='\x00\xac=\x9d\xd2\xdb\xe6\xbf\xb4\b\xedcJ\x8e\x84\xd4N\x12\x9b\x1f\t\xbd\x11+\x86T\x16\xa3\xb3\xae0\x9f9?\xefo\xa4k\x012>\xa1\x9c\x86x\x1c\x9f\x84\x195\xde\x97_\t~\xf3Y\x12\"p^\xc1\x0f', 0x0) pipe2(&(0x7f00000001c0)={0xffffffffffffffff}, 0x80000) syz_genetlink_get_family_id$tipc2(&(0x7f0000000240)='TIPCv2\x00') sendmsg$TIPC_NL_PUBL_GET(r1, 0x0, 0x20004010) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='Cpuacct.stE\xae\x00', 0x275a, 0x0) r2 = creat(&(0x7f0000000080)='./bus\x00', 0x0) fallocate(r2, 0x0, 0x0, 0x1) read$eventfd(r2, &(0x7f00000003c0), 0x8) fallocate(r0, 0xe, 0x6, 0xffffffffffff5a11) r3 = creat(&(0x7f0000000280)='./bus\x00', 0x80) r4 = socket$inet6(0xa, 0x400000000001, 0x0) r5 = fcntl$getown(r3, 0x9) capget(&(0x7f00000000c0)={0x20080522, r5}, &(0x7f0000000140)={0x1, 0x8000, 0x81, 0x40, 0xfffffffff0520d4f, 0x5}) r6 = dup(r4) ioctl$FICLONE(0xffffffffffffffff, 0x40049409, r4) setsockopt$inet6_tcp_int(r6, 0x6, 0x12, &(0x7f0000000000)=0x7f, 0x4) bind$inet6(r4, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r4, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$SO_BINDTODEVICE(r4, 0x1, 0x19, &(0x7f0000000180)='syz_tun\x00', 0x10) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x400}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r7 = open(&(0x7f0000000440)='./bus\x00', 0x141042, 0x0) ftruncate(r3, 0x800fe) sendfile(r6, r7, 0x0, 0x8000fffffffe) 03:36:32 executing program 1: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000200)='/dev/net/tun\x00', 0x0, 0x0) socketpair$unix(0x1, 0xffffffffffffffff, 0x0, 0x0) r1 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = memfd_create(&(0x7f00000001c0)='-B\xd5NI\xc5j\xbappp\xf0\b\x84\xa2m\x00:)\x00\xbb\x8d\xac\xacva}knh#\xcb)\x0f\xc8\xc0:\x9cc\x10d\xee\xa9\x8bCc\xad\x89\x9ck\xde\xc5\xe96\xddU\xa9=\xcdJx\xaa\x8f~\xb90a\xa9\xb2\x04K\x98\x93?\x88Q\xf7\xd6\x1d\xa1\xce\x8b\x19\xea\xef\xe3\xab\xb6\xa5$4\xd6\xfe7\x0f\xe7\xd9$\xce \xabN\xae\xc9\xbd\xd3g@\xe1\'s\x0e\x90\xf2\xcdr\xb8(', 0x0) pwrite64(r2, &(0x7f000003bfff)='/', 0x1, 0x0) mmap(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x4, 0x11, r2, 0x0) lseek(r1, 0x0, 0x0) sendfile(r2, r2, &(0x7f0000000440), 0x20) sendfile(r2, r2, &(0x7f0000000100), 0x7f8) symlink(&(0x7f0000001000)='./file0\x00', &(0x7f0000000080)='./file0\x00') r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='mountstats\x00') getsockopt$inet_sctp6_SCTP_GET_PEER_ADDRS(r0, 0x84, 0x6c, &(0x7f0000001a00)={0x0, 0x1000, "7f13a27a7caea85c4bfac02adc1dd6b87d6cd104a657b076fecd2a358ba84f4995419fee715714dc2fbe6fd7fdf374a3551e9ffd92452b934abe00957de84e55a2246a615c6d6946d071efcc35d63b3b95f86a653326f6ca95ec6b5a7205edb9c820169809e808320be0ed3d1ca53dad5813b7e7b94c51b145bec52c52f9220179d26fdaac97731cf4dca3087441d76c41d566014d106c19185021b67c235a9d8bbe72112eaea017325b9bea7f2f7942eadedf19a97abf1877f5c82b31538d15edfdb6877f9d965eb0f57094533ccd08da8c38b883ce71dbc1086782d265e028a31e8924481fc0fecae5951a0035aabb5e256eed76edc2cfb5d64ee3d5a503b694c714046d315692e00a764ed76bf27fa255d5e58c961dbb33affadc559becd5131629e95e2699176ed6faa88b9630202e3908e535f62bc4363d89d7e30f259c871a4898f39d83c6f3ebf620380f2adfb3a0fda9ea0b12cf358365ee5b2d893124fd0fff9256584dc19b28ee076e5d0f55dd8ce273aefeec35545ca2f966c8b0d16575ebd4e6c04da7a99e82e849da98fa45f05302ca94641c6a8d29768f431e7c0fc83a174779a0f2fb596b671d86cd86373fa0607cd61b792b2772db289e4dac8601d52c5406e3230e2f2b3b109ac93b8375b1291766406a40b9c75cdae7fedad2c00529bce6cd5a1bbed6c6f891aa3e8511346aea20e729e00043f210a3cbf02ce39740d20ca4897721dbe5ead933dc22e288d11762631dcd3d565da83456a2ce468de19557a0e2d2d1e3c070c89989f562b6c038b223dd73c22364751c06b707cf0c0ca968abf08385581bc282306c876263e990b040e728514960edf6a9f3561a795893675dcaf5ae420c31e5079df602b65743cc561becd0b39656b7f350f4cbfd3a888b2daba52c5a956e091ece70620831ff790a0ba83e1b6a379f7cbc64a64cc06c1165d60c37c200b2cbd816e774fb610e110e8d5e55cc7155d74eed9dd0488968afe1fc6668441719d6f761636dbb227e054ca1e93b82255e12139bab5e22499d335a1d0d482e08334729d341d30e1596d5ff1d7cd23afa21961d68b09640e30a015342c4ca7f726c538eaacf458d11ffeb849951a3522e7300c73192a96225677513588e6291922ab10fe2db86ca5b537018a84954a448a1996bb71319aad680367d08728dc2590e307a2b26f545f9ce791e823e665afd1e7817f8818bd0953f23904b5d7628b4526d98fec83ca710754e9a0cc4d203ddf806f91ec6df60dcf15a3b2c15955c4ac776e62c59da00f4654dc26a357c0f69bb0a9138160856a5b5c66df601c8772b9416531cba0e9157d33b46e93bfb92f08ae3f0d625e70751b95cd3aab54c5d3bce642d2b798044f78855e536580962aae0c9a75cd74f42a1e2cbadf53f6b24cbfff70c588cfe61edde014fc5aa37bfbe4b51c4389b7beb568f36c8fa77e73a5880ee1d55a851f6bdb9267b7f6936a6a810ba0014aca572e118e20e93c97dde63c83c3c4aa744d3798ca8df531255be6c7a298be1a2e0af864220ca3466201a9cda4bd7f1c9488495f667605d09b580d3fcd920a70fbd351806730295a31a4c45d7525539da095de7f8a3405d88b4d3d1e9a8106645551e3c6815316cdda79274a69190ee807da0988f1537aeee39f9d167cd2eedfc65e6a95c113d45f08d98d2ebec76189a7af1e755f6ad95474b2965213d09a937346625be30063c977d07c4d59180e6d9db3e4a1e0f77bf7b69e3b3f3c1b521f776bacd82b5018a62b29ed0b4fe9818bfdf81411becd655345bd65c6a7bb471ffd8bfcdfe43d85cfc6d3771892468abad97dcf9689ec3265044588f30cfdcba25f1db5f6d9a22e1e7ad4ebf7f071b638268c7f0e76484f8ce4ba23c75dcd8e7a9c98e71ace7c5ed9c405ef2b3a3fcccb4b1f5455c413d4706a11a3b33f8b488870a2b8f974aaa25278927ec268a84f0ec9dcf35038a0c5438f648c0459e83e8e33c2fc45c0bfbcfbf1a47fe82f88aebed10b071ac80be7ac082f0330d1249a3082b5321cf0c1daa3bb1920701e2f954e2415fb5237a937cac4a8ab64a02e4f7a46b0f310ae5410b0c70ff7bd2ba3cd1e5df45db74593dcb0e9b5bffcbcfaf46c639b730a4593c8c54d7b4aa2ad9ee0efbf76a201a44203607721b5adb4536ae201684360788e2d81eab866b73bd986e7f902f9309452c13578f5dc15479fb8d92b4e996553b487973ad7f27f45dfb553b6ae863b452d07bea4a582e892664f2b3c40aa9bc945ac464f317a134823564e60ab76c72fcad70245bfeaa4478db9848a007847c243cb42e41f99b2a504d5cd97dc8e4b512c9135bcd3138a6279e30955e7fe717121ed6d1165911fd82e92a2cb6b5bb6d3c5f0e247e86c1270ed92dcb9c97f29277b5259bdb1eca7ee40313eb8cc04a892f6a2760bb848ee122890911185a652825103696f8906209a03cbe01015207d44b43cac0e041e824e3208227041cadf1a5c51b72a00f01915bbd30c366d24745dc082bc64da91b7859c7ea73e1a1c731588a11c49f440746515dd12912fdda2cb51e2a234710a8a97d67cfa3e5b5eec40f81c4915e533353d45fd468d1fe07a5cdfac4e2566172e9a97ef2ccf5376b19b6dd332d891a0d2c213f23d23406269593ea8e1f3a4f821de8f3343da6d7b5b04b58aade5ccc88cfac23892f259a6f233f4a8df987d02a6b060b734eb4dd357ed7f3b1c1aa8db140c18b20995c4f664b9c0aec217353cfeed56992f4ba2762a33329fb4f8270396424da8edfc1e2f334cfbebcc6b51752c3336d8a1e161b5894335491b087a8ab18651275a6e14d5df0357a482cdfb9d6008d881ffb30c6ae13d01a03e407dfc4e1aecf0d93d775c92daf20869d63d41d13dbffc55b1687a154638643dc5855aafd71adaa2cd397c442c5d4375c4f568f0a2b49023c394308c06ec12b9a23c3e362e54f4daee8c1294701da8f60ec5e1e02031b260e2001a361e25a4f9c96018c4cd7b77aea371651b039ece4a549e3f55263d05f39566b0daf786c093aa6a5c23fb55673c56d39e1fbdc5eaf393b1d2102ca39b63e18bbf0ab6cb9bd3b78aec587665c46dd361891874f53defb1ad816d8a4b43ee5a3050bfba5606fe039158751233a4f9dab279a5e50a34e574e2cb5b140bd232fe7465e177184edfdc05141a2108f4608e6fad06a5d47b05fe1c04ed2b796a7d425c865700e0b4b5f86f1b658e9b8b4d6b0ec33ea72de3f816ac807d2badc9aaa2aca0840e3d5bb61bc2e530216efea521c6010d1be8ae6ff61e636cd877bbfc28638bfea53fb6a2fecb15f2f47ea4a038e4117540438810bdc0ce7c783687651ca95b2cf0d1d4d2f70eef07ac033df8ce0674680690d209c45b279e513c12b5c8bff48aa3b4ab183e9512a47b035f971373198c3cda28f514b4e4e3fa684fa587b5bfdf07ca1f00e8d6f71f5619fa2873d2060bda5309b149ceb976e0659283c14a23147658281671627043717c88673ebc99b9fe53480a92fbb326f455877f67561d7e5b7fa82aa23d6fb61d5caed48c957699e62fe7d74cdeabd48ad83defbe51b79a85e0e085aec9200105dd82f04248c14017bfb2dbfb356df8cc17cac6ffe138f66146e2ec2f2a42c2bad49bb5c8c1dffd7ff9f9b71790ef1866fa10d016d74f443264f3a6ea70dff9cdffc21a010e329f5649c284ae9c2b2edb767e57bc93d54e76f071d88eaa0ed969691fb4ec793c362ef94bab0038d01cb79858ef51482bcaa07acea78f2f0b0eb93bdedfef350420d7e72a600da795c5591b37233b540f10685f83db3142eb0348ef333e21aa4a3ffcb0b01dd6cac72741188adc289e0814217f4cc321529376f268143605266526a344927ca4b0b7a68077602dddef978140bef6e264ff1fbe7c6b81de52f565cb4446634bdc844d8c69b8b080603b902d5571f39f623937223a4f460141377a3c8fb3d092333026aa5c49cbdd30a3087ba62eadb66d43ba803c7111958979971df0a62c57cefa8566de9d078a3a2eb34705ced9c5cc2bab10116b6aaf3fc3edf528bd6af1c2ff6dfb63387d1476975543800b0fcaf3b9f1a9ba56c3e9567fd27c7c6ae898750f172a873303b2518cfd4a637aaf677df568f17bb64d8ab5625537a34eeac4b5f29bd376652807437b33a9508e9a293b23aa8a33fdcb60174cd94f53f060419bffcf6349d0445fe77cc74b11c193b71cb5c2632a7f0148e2acf61ea50379111e48f0e4a3052ddcf609b108db5e6cd111c76532b9d01e83a0e76bc46b69b40b9749e31a26cc01198402c47d8563574c12d393a3a663d1345266476a706f334d6e1ba02787dcd3075b745bf084b7ca51f4a383a826e4b0fa89da5cf6ceee2930a2207abed5c3e078fba6f7f28da8c0de952eb092c37d61841fa0c89966eda616a477f035e85f4b2900f76e73e6194319baf2f073d8f638bf5d37d77cf332d6faf051b2bdc1852dc3ca8f6633c36f4707c2c7d1d1ff12f8dc84218a7d445d21b6f85d0ddfeb9c865451f4b6979ca6e5d54585fc59d3488f3905761a89f3131348b556427600a2557803ec9b503fd5c8feebaad938cc599520c923b2e6345d6ca3fffcc28a0b836e52910e67968973aaf8302957aa1081e51d11fa2a88fff5ce7a78a78cce4de0f349e7a007c413ff44e55e825d3c096a0a32b3de42c13e45712e16ea0ad4bc214009c26a8a68d9cd2254aff182928f9c02e83db09aff4527247f02bc5a042f87028eda116b9da5c5c08e3fc1def72a6792337e51623c48f0e4ad62e2bb1a5b73fdd1bfafce2e0b6a8d085fdb9a3a753e608c508b33ee27b6ab7649e19d5ccd94c3695255a37dab90e9444ebad1ef2ed32ab74d61ad66e9ffc715f2483eb07f069d230b3778803c2e12fde2a36d2f3b563bc6283ff9df450798a8c4b3815f92505d05c06ac99a94f2ee16f2a6f00cdcd48babe7d66907bb286e4e0e02c5506bd01be6bdc67e1650e3b4da9968ee4e30490e13c4e6461ae5644860facbfcce1f4889288845a38b179a1ef99e2331b0bc09411a96b0ff6bc48430e0d51de5970c4db9f1af8b195482c1fc9de3d94d3553bd7a22b6c8793f7c52ee40ad90e635a7bd78f8e1eec9765db208463677ff03e44e1ab37645e5c70759c167d812ebf5c33b81264642def7af904d0780f696618e2cb85047f71a4e8d4ea7fb23fff322075835bc00ac7bb8a5f218a029cd99b4317e9f5d43bf5c725bc4d19b74b969b7a31f5c165e35543b0faace5c34b2eaf22dd08aacc3c3d0ef7de244c765e2d9557e767f3cbd86a3dfe88821539bc5275a45cb1fba3d97e7bccd7bedde68a564c181fa98563b5e1a2c7702203105dfe4c46354aca0183833c27382aaad379738d9dab6ad60187b7de2b1cb498df6e725d0069e719eaea2df96ae2ad2d45fd0993263018144f722012f418d732c8bae46b1f0a17e832552615da1ff65ec8aa65358b8c2101b312e6f02b3275b2e69f53af6b79cca8af30c77b97c2c2c80fdc3363ce4e78802538e1a09c65c4f1ffa255ee56fdd6e350489040d3d20ce53e18bdb4292ce367abac26ff41baf9347eca69282ce1a30737c9babc0efca711b6c73d1b94b440d796eaf5d02382c53116d43a0841f4552ca77c071ad2be448214effdd36762ba24a5c91e1ec4a0afa9493002d5e83df02dfb7e174db9693fe7b453911e4ff1934721fe105935db6b02c994a949394bcb1d5b7e8b4f41c3e182279449053caf077a7d790c87fe096808d40a4b66420068cd5a0025ab2fa4a740e317846c830639"}, &(0x7f0000000400)=0x1008) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r3, 0x84, 0x9, &(0x7f0000000480)={r4, @in={{0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x27}}}, 0xf1f, 0x2, 0x3, 0x1, 0x76cc2f5721f48d82}, 0x98) pivot_root(&(0x7f0000000380)='./file1\x00', &(0x7f00000003c0)='./file0/file0/file0\x00') perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r5 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r5, &(0x7f0000000100)={0xa, 0x0, 0x0, @dev, 0x5}, 0x1c) r6 = syz_open_procfs(0x0, &(0x7f0000000040)='net/protocols\x00') fcntl$setown(0xffffffffffffffff, 0x8, 0x0) sendfile(r5, r6, 0x0, 0x8000) prctl$PR_SVE_SET_VL(0x32, 0x21dc2) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount$bpf(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000019c0)='bpf\x00', 0x0, 0x0) mount$bpf(0x20000000, &(0x7f0000000300)='./file0/file0\x00', 0x0, 0x5004, 0x0) getresuid(&(0x7f0000000180), &(0x7f0000000240)=0x0, &(0x7f0000000280)) getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER(r6, 0x84, 0x7b, &(0x7f00000002c0)={0x0, 0x6}, &(0x7f0000000340)=0x8) setsockopt$inet_sctp_SCTP_SET_PEER_PRIMARY_ADDR(r0, 0x84, 0x5, &(0x7f00000005c0)={r8, @in={{0x2, 0x4e20, @initdev={0xac, 0x1e, 0x1, 0x0}}}}, 0x84) r9 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) ioctl$SIOCGSTAMP(r9, 0x8906, 0x0) setreuid(r7, 0xee00) r10 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_ifreq(r10, 0x0, &(0x7f0000000140)={'veth0\x00', @ifru_settings={0x0, 0x0, @fr=0x0}}) 03:36:32 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) pipe2(&(0x7f0000000080)={0xffffffffffffffff}, 0x800) setsockopt$inet_sctp_SCTP_PARTIAL_DELIVERY_POINT(r1, 0x84, 0x13, &(0x7f00000000c0)=0x80000001, 0x4) fsetxattr$security_capability(r1, &(0x7f0000000180)='security.capability\x00', &(0x7f00000001c0)=@v1={0x1000000, [{0x40, 0x4}]}, 0xc, 0x3) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca50d5e0bcfe47bf070") r2 = syz_open_dev$radio(&(0x7f0000000040)='/dev/radio#\x00', 0x3, 0x2) openat$fuse(0xffffffffffffff9c, &(0x7f0000000200)='/dev/fuse\x00', 0x2, 0x0) ioctl$SNDRV_RAWMIDI_IOCTL_DROP(r0, 0x40045730, &(0x7f0000000240)=0x40) poll(&(0x7f0000000100)=[{r2}], 0x1, 0x4) setsockopt$inet_sctp6_SCTP_RECVRCVINFO(r2, 0x84, 0x20, &(0x7f0000000140)=0x40000000000000, 0x4) [ 553.774140] FAULT_INJECTION: forcing a failure. [ 553.774140] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 553.843150] CPU: 1 PID: 21933 Comm: syz-executor.3 Not tainted 4.14.138 #34 [ 553.850293] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 553.859654] Call Trace: [ 553.862252] dump_stack+0x138/0x19c [ 553.865913] should_fail.cold+0x10f/0x159 [ 553.870062] ? __might_sleep+0x93/0xb0 [ 553.873959] __alloc_pages_nodemask+0x1d6/0x7a0 [ 553.878639] ? __alloc_pages_slowpath+0x2930/0x2930 [ 553.883662] ? rcu_read_lock_sched_held+0x110/0x130 [ 553.888693] copy_process.part.0+0x26a/0x6a00 [ 553.893196] ? save_trace+0x290/0x290 [ 553.896997] ? proc_fail_nth_write+0x7d/0x180 [ 553.901521] ? proc_cwd_link+0x1b0/0x1b0 [ 553.905585] ? __f_unlock_pos+0x19/0x20 [ 553.909559] ? find_held_lock+0x35/0x130 [ 553.913634] ? __cleanup_sighand+0x50/0x50 [ 553.917883] ? lock_downgrade+0x6e0/0x6e0 [ 553.922039] _do_fork+0x19e/0xce0 [ 553.925502] ? fork_idle+0x280/0x280 [ 553.929221] ? fput+0xd4/0x150 [ 553.932411] ? SyS_write+0x15e/0x230 [ 553.936127] SyS_clone+0x37/0x50 [ 553.939489] ? sys_vfork+0x30/0x30 [ 553.943035] do_syscall_64+0x1e8/0x640 [ 553.946920] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 553.951768] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 553.956957] RIP: 0033:0x459829 [ 553.960178] RSP: 002b:00007f74f3dd6c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 553.967887] RAX: ffffffffffffffda RBX: 00007f74f3dd6c90 RCX: 0000000000459829 [ 553.975154] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 553.982427] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 03:36:32 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = syz_open_dev$vcsn(&(0x7f0000000200)='/dev/vcs#\x00', 0x20, 0x40083) bind$netlink(r1, &(0x7f0000000140)={0x10, 0x0, 0x25dfdbfb, 0x1}, 0xc) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca50d5e0bcfe47bf070") mkdir(&(0x7f00000001c0)='./file0\x00', 0x0) mkdir(&(0x7f0000000040)='./file1\x00', 0x0) mount$overlay(0x40000a, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='overlay\x00', 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="75707065726469723d2e2f66696c65302c6c6f7765726469723d2e2f66696c65302c776f726b64426b3d2e2f66696c65165c00"]) 03:36:32 executing program 0: perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair(0x1e, 0x1, 0x0, &(0x7f0000000140)={0x0, 0x0}) close(r0) setsockopt$sock_attach_bpf(r1, 0x10f, 0x87, &(0x7f0000000180), 0x4bd) socketpair(0x1e, 0x1, 0x0, &(0x7f0000000140)={0x0, 0x0}) close(r2) bpf$MAP_CREATE(0x0, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, [], 0x0, 0xffffffffffffff9c}, 0x3c) setsockopt$sock_attach_bpf(r3, 0x10f, 0x87, &(0x7f0000000180), 0x4bd) close(0xffffffffffffffff) socketpair(0x1e, 0x80005, 0x0, &(0x7f0000000340)={0x0, 0x0}) close(r0) setsockopt$sock_attach_bpf(r4, 0x10f, 0x87, &(0x7f0000000180), 0x127) [ 553.989698] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f74f3dd76d4 [ 553.996966] R13: 00000000004bfce6 R14: 00000000004d1a38 R15: 0000000000000004 [ 554.046615] x86/PAT: syz-executor.3:21933 freeing invalid memtype [mem 0x00002000-0x00002fff] 03:36:33 executing program 5: syz_open_dev$sndtimer(&(0x7f0000000100)='/dev/snd/timer\x00', 0x0, 0xc2) r0 = memfd_create(&(0x7f0000000040)='\x00\xac=\x9d\xd2\xdb\xe6\xbf\xb4\b\xedcJ\x8e\x84\xd4N\x12\x9b\x1f\t\xbd\x11+\x86T\x16\xa3\xb3\xae0\x9f9?\xefo\xa4k\x012>\xa1\x9c\x86x\x1c\x9f\x84\x195\xde\x97_\t~\xf3Y\x12\"p^\xc1\x0f', 0x0) pipe2(&(0x7f00000001c0)={0xffffffffffffffff}, 0x80000) syz_genetlink_get_family_id$tipc2(&(0x7f0000000240)='TIPCv2\x00') sendmsg$TIPC_NL_PUBL_GET(r1, 0x0, 0x20004010) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='Cpuacct.stE\xae\x00', 0x275a, 0x0) r2 = creat(&(0x7f0000000080)='./bus\x00', 0x0) fallocate(r2, 0x0, 0x0, 0x1) read$eventfd(r2, &(0x7f00000003c0), 0x8) fallocate(r0, 0xe, 0x6, 0xffffffffffff5a11) r3 = creat(&(0x7f0000000280)='./bus\x00', 0x80) r4 = socket$inet6(0xa, 0x400000000001, 0x0) r5 = fcntl$getown(r3, 0x9) capget(&(0x7f00000000c0)={0x20080522, r5}, &(0x7f0000000140)={0x1, 0x8000, 0x81, 0x40, 0xfffffffff0520d4f, 0x5}) r6 = dup(r4) ioctl$FICLONE(0xffffffffffffffff, 0x40049409, r4) setsockopt$inet6_tcp_int(r6, 0x6, 0x12, &(0x7f0000000000)=0x7f, 0x4) bind$inet6(r4, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r4, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$SO_BINDTODEVICE(r4, 0x1, 0x19, &(0x7f0000000180)='syz_tun\x00', 0x10) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x400}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r7 = open(&(0x7f0000000440)='./bus\x00', 0x141042, 0x0) ftruncate(r3, 0x800fe) sendfile(r6, r7, 0x0, 0x8000fffffffe) 03:36:33 executing program 3 (fault-call:6 fault-nth:2): mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000200)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000003c0)='./file0\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffe000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) 03:36:33 executing program 0: mkdir(&(0x7f0000001b40)='./file0\x00', 0x0) mlock(&(0x7f000004c000/0x3000)=nil, 0x3000) munlockall() [ 554.150110] protocol 88fb is buggy, dev hsr_slave_0 [ 554.155277] protocol 88fb is buggy, dev hsr_slave_1 [ 554.166318] overlayfs: unrecognized mount option "workdBk=./file\" or missing value [ 554.210601] overlayfs: unrecognized mount option "workdBk=./file\" or missing value 03:36:33 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca50d5e0bcfe47bf070") mkdir(&(0x7f00000001c0)='./file0\x00', 0x0) mkdir(&(0x7f0000000040)='./file1\x00', 0x0) mknod(&(0x7f0000000080)='./file0\x00', 0x40, 0x5) mount$overlay(0x40000a, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='overlay\x00', 0x0, &(0x7f0000000100)={[{@upperdir={'upperdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './file1'}, 0x5c}], [], 0xf603000000000000}) [ 554.253581] FAULT_INJECTION: forcing a failure. [ 554.253581] name failslab, interval 1, probability 0, space 0, times 0 03:36:33 executing program 0: syz_mount_image$msdos(&(0x7f0000000000)='msdos\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300)={[{@fat=@flush='flush'}]}) [ 554.331661] CPU: 1 PID: 21960 Comm: syz-executor.3 Not tainted 4.14.138 #34 [ 554.338812] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 554.348176] Call Trace: [ 554.350775] dump_stack+0x138/0x19c [ 554.354411] should_fail.cold+0x10f/0x159 [ 554.358570] should_failslab+0xdb/0x130 [ 554.362547] kmem_cache_alloc+0x2d7/0x780 [ 554.366697] ? creds_are_invalid+0x48/0x110 [ 554.371019] ? __validate_process_creds+0x14c/0x200 [ 554.376041] prepare_creds+0x3e/0x380 [ 554.379846] copy_creds+0x7b/0x4f0 [ 554.383392] ? lockdep_init_map+0x9/0x10 [ 554.387458] copy_process.part.0+0x868/0x6a00 [ 554.391960] ? save_trace+0x290/0x290 [ 554.395762] ? proc_fail_nth_write+0x7d/0x180 [ 554.400261] ? proc_cwd_link+0x1b0/0x1b0 [ 554.404324] ? __f_unlock_pos+0x19/0x20 [ 554.408312] ? __cleanup_sighand+0x50/0x50 [ 554.412546] ? lock_downgrade+0x6e0/0x6e0 [ 554.416700] _do_fork+0x19e/0xce0 [ 554.420157] ? fork_idle+0x280/0x280 [ 554.423895] ? fput+0xd4/0x150 [ 554.427092] ? SyS_write+0x15e/0x230 [ 554.430809] SyS_clone+0x37/0x50 [ 554.434172] ? sys_vfork+0x30/0x30 [ 554.437803] do_syscall_64+0x1e8/0x640 [ 554.441694] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 554.446542] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 554.451734] RIP: 0033:0x459829 [ 554.454920] RSP: 002b:00007f74f3dd6c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 554.462632] RAX: ffffffffffffffda RBX: 00007f74f3dd6c90 RCX: 0000000000459829 [ 554.469899] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 554.477170] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 554.484440] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f74f3dd76d4 [ 554.491710] R13: 00000000004bfce6 R14: 00000000004d1a38 R15: 0000000000000004 [ 554.538593] x86/PAT: syz-executor.3:21960 freeing invalid memtype [mem 0x00002000-0x00002fff] [ 554.550112] protocol 88fb is buggy, dev hsr_slave_0 [ 554.555230] protocol 88fb is buggy, dev hsr_slave_1 [ 554.790156] protocol 88fb is buggy, dev hsr_slave_0 [ 554.795308] protocol 88fb is buggy, dev hsr_slave_1 03:36:35 executing program 5: syz_open_dev$sndtimer(&(0x7f0000000100)='/dev/snd/timer\x00', 0x0, 0xc2) r0 = memfd_create(&(0x7f0000000040)='\x00\xac=\x9d\xd2\xdb\xe6\xbf\xb4\b\xedcJ\x8e\x84\xd4N\x12\x9b\x1f\t\xbd\x11+\x86T\x16\xa3\xb3\xae0\x9f9?\xefo\xa4k\x012>\xa1\x9c\x86x\x1c\x9f\x84\x195\xde\x97_\t~\xf3Y\x12\"p^\xc1\x0f', 0x0) pipe2(&(0x7f00000001c0)={0xffffffffffffffff}, 0x80000) syz_genetlink_get_family_id$tipc2(&(0x7f0000000240)='TIPCv2\x00') sendmsg$TIPC_NL_PUBL_GET(r1, 0x0, 0x20004010) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='Cpuacct.stE\xae\x00', 0x275a, 0x0) r2 = creat(&(0x7f0000000080)='./bus\x00', 0x0) fallocate(r2, 0x0, 0x0, 0x1) read$eventfd(r2, &(0x7f00000003c0), 0x8) fallocate(r0, 0xe, 0x6, 0xffffffffffff5a11) r3 = creat(&(0x7f0000000280)='./bus\x00', 0x80) r4 = socket$inet6(0xa, 0x400000000001, 0x0) r5 = fcntl$getown(r3, 0x9) capget(&(0x7f00000000c0)={0x20080522, r5}, &(0x7f0000000140)={0x1, 0x8000, 0x81, 0x40, 0xfffffffff0520d4f, 0x5}) r6 = dup(r4) ioctl$FICLONE(0xffffffffffffffff, 0x40049409, r4) setsockopt$inet6_tcp_int(r6, 0x6, 0x12, &(0x7f0000000000)=0x7f, 0x4) bind$inet6(r4, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r4, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$SO_BINDTODEVICE(r4, 0x1, 0x19, &(0x7f0000000180)='syz_tun\x00', 0x10) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x400}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r7 = open(&(0x7f0000000440)='./bus\x00', 0x141042, 0x0) ftruncate(r3, 0x800fe) sendfile(r6, r7, 0x0, 0x8000fffffffe) 03:36:35 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x822102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg$netlink(0xffffffffffffffff, &(0x7f0000001dc0)={0x0, 0x0, &(0x7f00000000c0)=[{0x0, 0xfffffffffffffce2}, {0x0, 0x15e}, {0x0, 0x2c3}, {&(0x7f0000000000)=ANY=[@ANYBLOB="b803010000000020000000000000000000"], 0x9c}], 0x4}, 0x0) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x4) ptrace$cont(0xffffffffffffffff, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 03:36:35 executing program 3 (fault-call:6 fault-nth:3): mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000200)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000003c0)='./file0\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffe000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) 03:36:35 executing program 2: r0 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000080)='/selinux/policy\x00', 0x0, 0x0) ioctl$EVIOCGEFFECTS(r0, 0x80044584, &(0x7f0000000140)=""/110) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="11dca50d5e0bcfe47bf070") mkdir(&(0x7f00000001c0)='./file0\x00', 0x0) mkdir(&(0x7f0000000040)='./file1\x00', 0x0) mount$overlay(0x40000a, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='overlay\x00', 0x0, &(0x7f0000000100)={[{@upperdir={'upperdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './file1'}, 0x5c}], [], 0xf603000000000000}) fstat(r1, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_mount_image$iso9660(&(0x7f0000000200)='iso9660\x00', &(0x7f0000000240)='./file2\x00', 0x9, 0x3, &(0x7f0000000400)=[{&(0x7f0000000280)="2b0bd8705d89f44e2fa94edf374529a893442a8d6ba46bda398fbca4529a9c805170bfc2580b70c0cd1e0a8656cf33aa55d379fcf81420ed21a9901bc153b16ddb5cea58845d1ff702f3e2d9defe63a3cb8e59926fbb06b5831eb9fcd4271b48d77ef7711ec9aaf0f0c9367b610f07dcf6c2cd5839ba206dcc562493", 0x7c, 0x6}, {&(0x7f0000000300)="3ab4e7897112b35589f59be45cd157d11c4af870e32d2b8b8f09e2d27bbf5492590eb9128fd42ed98f1592df331fe33213c5d3daa5bcdf846911b5fdd9eaa074adacd071bb411682b2e431cfd5b53d4b467c", 0x52, 0x9}, {&(0x7f0000000380)="9d9dd9a01edc26fea9af0de0ce43005a2897f8d745febc9f951b82dcab0888b10b0978664d5ec6bb7d0e69d2204ad08d020b26afe68c293327789708741b4e966b04db99ebb9f4cdfb63ab9b4607dc392559ba50e741116e99a8", 0x5a, 0x6}], 0x1400a2, &(0x7f0000000500)={[{@map_off='map=off'}, {@session={'session', 0x3d, 0x7}}, {@sbsector={'sbsector', 0x3d, 0x2}}, {@gid={'gid', 0x3d, r2}}, {@mode={'mode', 0x3d, 0x952b}}, {@utf8='utf8'}], [{@fsmagic={'fsmagic', 0x3d, 0x9}}, {@obj_type={'obj_type', 0x3d, 'workdir'}}, {@smackfsfloor={'smackfsfloor', 0x3d, '*vboxnet0&(['}}]}) 03:36:35 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000001c0)={{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0xffffffff]}) 03:36:35 executing program 0: pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bind$inet(r2, &(0x7f00000002c0)={0x2, 0x0, @local}, 0x10) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10) splice(r0, 0x0, r2, 0x0, 0x30005, 0x0) [ 556.784155] FAULT_INJECTION: forcing a failure. [ 556.784155] name failslab, interval 1, probability 0, space 0, times 0 [ 556.819020] CPU: 1 PID: 21979 Comm: syz-executor.3 Not tainted 4.14.138 #34 [ 556.826173] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 556.835531] Call Trace: [ 556.838145] dump_stack+0x138/0x19c [ 556.841792] should_fail.cold+0x10f/0x159 [ 556.845946] should_failslab+0xdb/0x130 [ 556.845961] __kmalloc_track_caller+0x2ec/0x790 [ 556.845973] ? check_preemption_disabled+0x3c/0x250 [ 556.845989] ? prepare_creds+0x3e/0x380 [ 556.854611] ? selinux_cred_prepare+0x49/0xb0 [ 556.854624] kmemdup+0x27/0x60 [ 556.854633] selinux_cred_prepare+0x49/0xb0 [ 556.854645] security_prepare_creds+0x7d/0xb0 [ 556.854659] prepare_creds+0x2cf/0x380 [ 556.854669] copy_creds+0x7b/0x4f0 [ 556.854678] ? lockdep_init_map+0x9/0x10 [ 556.854692] copy_process.part.0+0x868/0x6a00 [ 556.854708] ? save_trace+0x290/0x290 [ 556.854718] ? proc_fail_nth_write+0x7d/0x180 [ 556.854727] ? proc_cwd_link+0x1b0/0x1b0 [ 556.854737] ? __f_unlock_pos+0x19/0x20 [ 556.854754] ? __cleanup_sighand+0x50/0x50 [ 556.917154] ? lock_downgrade+0x6e0/0x6e0 [ 556.921304] _do_fork+0x19e/0xce0 [ 556.924768] ? fork_idle+0x280/0x280 [ 556.928475] ? fput+0xd4/0x150 [ 556.931647] ? SyS_write+0x15e/0x230 [ 556.935347] SyS_clone+0x37/0x50 [ 556.938741] ? sys_vfork+0x30/0x30 [ 556.942275] do_syscall_64+0x1e8/0x640 [ 556.946152] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 556.950978] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 556.956197] RIP: 0033:0x459829 [ 556.959376] RSP: 002b:00007f74f3dd6c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 556.967085] RAX: ffffffffffffffda RBX: 00007f74f3dd6c90 RCX: 0000000000459829 [ 556.974503] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 03:36:35 executing program 1: clone(0x41be, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = getpid() rt_tgsigqueueinfo(r1, r1, 0x16, &(0x7f0000000140)) ptrace(0x10, r1) ptrace(0x2, r1) 03:36:35 executing program 5: syz_open_dev$sndtimer(&(0x7f0000000100)='/dev/snd/timer\x00', 0x0, 0xc2) r0 = memfd_create(&(0x7f0000000040)='\x00\xac=\x9d\xd2\xdb\xe6\xbf\xb4\b\xedcJ\x8e\x84\xd4N\x12\x9b\x1f\t\xbd\x11+\x86T\x16\xa3\xb3\xae0\x9f9?\xefo\xa4k\x012>\xa1\x9c\x86x\x1c\x9f\x84\x195\xde\x97_\t~\xf3Y\x12\"p^\xc1\x0f', 0x0) pipe2(&(0x7f00000001c0)={0xffffffffffffffff}, 0x80000) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000240)='TIPCv2\x00') sendmsg$TIPC_NL_PUBL_GET(r1, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000700)=ANY=[@ANYBLOB="f800b900ee6059aa5bf14ff6a69df6cf78598587885cc2979be4d33804ce45cf25a023e9d85b90b16d1c4f676e9d8d20b58f8357894ddc76b8621dbea8fcf60e000000000000beb107743e7f8356bb1b4c0de66bec6f53d13682abef3e61e52e81ef49b7430113f3811d3f04cf033549732f89d78a64aad3db174f0fa25aae831eb197865d", @ANYRES16=r2, @ANYBLOB="00012abd7000fedbdf25070000002400020008000100a400000008000100800000000800010000000000080001000600000068000100080003000000000008000300ff000000380004001400010002004e20e00000020000000000000000200002000a00000000000005ff010000000000000000000000000001060000000c00020008000300f7e50000100001007564703a73797a3100000000140009000800010002000000080002005f03000020000200080002003200000004000400080001000500000008000100fdffffff24000900080001000400000008000200348bffff08000100020000000800010000000100d38e0166af14aef0fed3fe37ccb98b8e1d618758710bcc343515620b7485b2e5d34afd97798864139f9bd4a82584dd5fa513b207b6aed55e6fa9e1a400b4c5cfda809f61fa901ac4e4a13376e03f6d591f4663839b5b00066e998ace"], 0x3}, 0x1, 0x0, 0x0, 0x40000}, 0x20004010) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='Cpuacct.stE\xae\x00', 0x275a, 0x0) r3 = creat(&(0x7f0000000080)='./bus\x00', 0x0) fallocate(r3, 0x0, 0x0, 0x1) read$eventfd(r3, &(0x7f00000003c0), 0x8) fallocate(r0, 0xe, 0x6, 0xffffffffffff5a11) r4 = creat(&(0x7f0000000280)='./bus\x00', 0x80) r5 = socket$inet6(0xa, 0x400000000001, 0x0) r6 = fcntl$getown(r4, 0x9) capget(&(0x7f00000000c0)={0x20080522, r6}, &(0x7f0000000140)={0x1, 0x8000, 0x81, 0x40, 0xfffffffff0520d4f, 0x5}) r7 = dup(r5) ioctl$FICLONE(0xffffffffffffffff, 0x40049409, r5) setsockopt$inet6_tcp_int(r7, 0x6, 0x12, &(0x7f0000000000)=0x7f, 0x4) bind$inet6(r5, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r5, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$SO_BINDTODEVICE(r5, 0x1, 0x19, &(0x7f0000000180)='syz_tun\x00', 0x10) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x400}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r8 = open(&(0x7f0000000440)='./bus\x00', 0x141042, 0x0) ftruncate(r4, 0x800fe) sendfile(r7, r8, 0x0, 0x8000fffffffe) 03:36:36 executing program 3 (fault-call:6 fault-nth:4): mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000200)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000003c0)='./file0\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffe000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) [ 556.981763] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 556.989022] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f74f3dd76d4 [ 556.996290] R13: 00000000004bfce6 R14: 00000000004d1a38 R15: 0000000000000004 [ 557.024813] x86/PAT: syz-executor.3:21979 freeing invalid memtype [mem 0x00002000-0x00002fff] [ 557.080770] overlayfs: filesystem on './file0' not supported as upperdir [ 557.155481] FAULT_INJECTION: forcing a failure. [ 557.155481] name failslab, interval 1, probability 0, space 0, times 0 [ 557.173543] CPU: 0 PID: 22002 Comm: syz-executor.3 Not tainted 4.14.138 #34 [ 557.180675] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 557.190037] Call Trace: [ 557.190060] dump_stack+0x138/0x19c [ 557.190077] should_fail.cold+0x10f/0x159 [ 557.190094] should_failslab+0xdb/0x130 [ 557.190109] kmem_cache_alloc+0x2d7/0x780 [ 557.190120] ? creds_are_invalid+0x48/0x110 [ 557.190135] ? selinux_is_enabled+0x9/0x50 [ 557.190146] ? creds_are_invalid+0x48/0x110 [ 557.190162] __delayacct_tsk_init+0x20/0x80 [ 557.204721] copy_process.part.0+0x1a6c/0x6a00 [ 557.204741] ? save_trace+0x290/0x290 [ 557.204754] ? proc_fail_nth_write+0x7d/0x180 [ 557.234390] ? proc_cwd_link+0x1b0/0x1b0 [ 557.234403] ? __f_unlock_pos+0x19/0x20 [ 557.234422] ? __cleanup_sighand+0x50/0x50 [ 557.242956] ? lock_downgrade+0x6e0/0x6e0 [ 557.242973] _do_fork+0x19e/0xce0 [ 557.242987] ? fork_idle+0x280/0x280 [ 557.243002] ? fput+0xd4/0x150 [ 557.265634] ? SyS_write+0x15e/0x230 [ 557.269365] SyS_clone+0x37/0x50 [ 557.272742] ? sys_vfork+0x30/0x30 [ 557.276291] do_syscall_64+0x1e8/0x640 [ 557.280181] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 557.285041] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 557.290227] RIP: 0033:0x459829 [ 557.293416] RSP: 002b:00007f74f3dd6c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 03:36:36 executing program 5: syz_open_dev$sndtimer(&(0x7f0000000100)='/dev/snd/timer\x00', 0x0, 0xc2) r0 = memfd_create(&(0x7f0000000040)='\x00\xac=\x9d\xd2\xdb\xe6\xbf\xb4\b\xedcJ\x8e\x84\xd4N\x12\x9b\x1f\t\xbd\x11+\x86T\x16\xa3\xb3\xae0\x9f9?\xefo\xa4k\x012>\xa1\x9c\x86x\x1c\x9f\x84\x195\xde\x97_\t~\xf3Y\x12\"p^\xc1\x0f', 0x0) pipe2(&(0x7f00000001c0)={0xffffffffffffffff}, 0x80000) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000240)='TIPCv2\x00') sendmsg$TIPC_NL_PUBL_GET(r1, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000700)=ANY=[@ANYBLOB="f800b900ee6059aa5bf14ff6a69df6cf78598587885cc2979be4d33804ce45cf25a023e9d85b90b16d1c4f676e9d8d20b58f8357894ddc76b8621dbea8fcf60e000000000000beb107743e7f8356bb1b4c0de66bec6f53d13682abef3e61e52e81ef49b7430113f3811d3f04cf033549732f89d78a64aad3db174f0fa25aae831eb197865d", @ANYRES16=r2, @ANYBLOB="00012abd7000fedbdf25070000002400020008000100a400000008000100800000000800010000000000080001000600000068000100080003000000000008000300ff000000380004001400010002004e20e00000020000000000000000200002000a00000000000005ff010000000000000000000000000001060000000c00020008000300f7e50000100001007564703a73797a3100000000140009000800010002000000080002005f03000020000200080002003200000004000400080001000500000008000100fdffffff24000900080001000400000008000200348bffff08000100020000000800010000000100d38e0166af14aef0fed3fe37ccb98b8e1d618758710bcc343515620b7485b2e5d34afd97798864139f9bd4a82584dd5fa513b207b6aed55e6fa9e1a400b4c5cfda809f61fa901ac4e4a13376e03f6d591f4663839b5b00066e998ace"], 0x3}, 0x1, 0x0, 0x0, 0x40000}, 0x20004010) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='Cpuacct.stE\xae\x00', 0x275a, 0x0) r3 = creat(&(0x7f0000000080)='./bus\x00', 0x0) fallocate(r3, 0x0, 0x0, 0x1) read$eventfd(r3, &(0x7f00000003c0), 0x8) fallocate(r0, 0xe, 0x6, 0xffffffffffff5a11) r4 = creat(&(0x7f0000000280)='./bus\x00', 0x80) r5 = socket$inet6(0xa, 0x400000000001, 0x0) r6 = fcntl$getown(r4, 0x9) capget(&(0x7f00000000c0)={0x20080522, r6}, &(0x7f0000000140)={0x1, 0x8000, 0x81, 0x40, 0xfffffffff0520d4f, 0x5}) r7 = dup(r5) ioctl$FICLONE(0xffffffffffffffff, 0x40049409, r5) setsockopt$inet6_tcp_int(r7, 0x6, 0x12, &(0x7f0000000000)=0x7f, 0x4) bind$inet6(r5, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r5, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$SO_BINDTODEVICE(r5, 0x1, 0x19, &(0x7f0000000180)='syz_tun\x00', 0x10) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x400}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r8 = open(&(0x7f0000000440)='./bus\x00', 0x141042, 0x0) ftruncate(r4, 0x800fe) sendfile(r7, r8, 0x0, 0x8000fffffffe) 03:36:36 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008913, &(0x7f0000000000)="11dca50d5e0bcfe47bf070") mkdir(&(0x7f00000001c0)='./file0\x00', 0x0) mkdir(&(0x7f0000000040)='./file1\x00', 0x0) mount$overlay(0x40000a, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='overlay\x00', 0x0, &(0x7f0000000100)={[{@upperdir={'upperdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './file1'}, 0x5c}], [], 0xf603000000000000}) [ 557.301126] RAX: ffffffffffffffda RBX: 00007f74f3dd6c90 RCX: 0000000000459829 [ 557.308393] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 557.315664] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 557.322936] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f74f3dd76d4 [ 557.330240] R13: 00000000004bfce6 R14: 00000000004d1a38 R15: 0000000000000004 03:36:36 executing program 3 (fault-call:6 fault-nth:5): mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000200)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000003c0)='./file0\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffe000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) 03:36:36 executing program 5: syz_open_dev$sndtimer(&(0x7f0000000100)='/dev/snd/timer\x00', 0x0, 0xc2) r0 = memfd_create(&(0x7f0000000040)='\x00\xac=\x9d\xd2\xdb\xe6\xbf\xb4\b\xedcJ\x8e\x84\xd4N\x12\x9b\x1f\t\xbd\x11+\x86T\x16\xa3\xb3\xae0\x9f9?\xefo\xa4k\x012>\xa1\x9c\x86x\x1c\x9f\x84\x195\xde\x97_\t~\xf3Y\x12\"p^\xc1\x0f', 0x0) pipe2(&(0x7f00000001c0)={0xffffffffffffffff}, 0x80000) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000240)='TIPCv2\x00') sendmsg$TIPC_NL_PUBL_GET(r1, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000700)=ANY=[@ANYBLOB="f800b900ee6059aa5bf14ff6a69df6cf78598587885cc2979be4d33804ce45cf25a023e9d85b90b16d1c4f676e9d8d20b58f8357894ddc76b8621dbea8fcf60e000000000000beb107743e7f8356bb1b4c0de66bec6f53d13682abef3e61e52e81ef49b7430113f3811d3f04cf033549732f89d78a64aad3db174f0fa25aae831eb197865d", @ANYRES16=r2, @ANYBLOB="00012abd7000fedbdf25070000002400020008000100a400000008000100800000000800010000000000080001000600000068000100080003000000000008000300ff000000380004001400010002004e20e00000020000000000000000200002000a00000000000005ff010000000000000000000000000001060000000c00020008000300f7e50000100001007564703a73797a3100000000140009000800010002000000080002005f03000020000200080002003200000004000400080001000500000008000100fdffffff24000900080001000400000008000200348bffff08000100020000000800010000000100d38e0166af14aef0fed3fe37ccb98b8e1d618758710bcc343515620b7485b2e5d34afd97798864139f9bd4a82584dd5fa513b207b6aed55e6fa9e1a400b4c5cfda809f61fa901ac4e4a13376e03f6d591f4663839b5b00066e998ace"], 0x3}, 0x1, 0x0, 0x0, 0x40000}, 0x20004010) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='Cpuacct.stE\xae\x00', 0x275a, 0x0) r3 = creat(&(0x7f0000000080)='./bus\x00', 0x0) fallocate(r3, 0x0, 0x0, 0x1) read$eventfd(r3, &(0x7f00000003c0), 0x8) fallocate(r0, 0xe, 0x6, 0xffffffffffff5a11) r4 = creat(&(0x7f0000000280)='./bus\x00', 0x80) r5 = socket$inet6(0xa, 0x400000000001, 0x0) r6 = fcntl$getown(r4, 0x9) capget(&(0x7f00000000c0)={0x20080522, r6}, &(0x7f0000000140)={0x1, 0x8000, 0x81, 0x40, 0xfffffffff0520d4f, 0x5}) r7 = dup(r5) ioctl$FICLONE(0xffffffffffffffff, 0x40049409, r5) setsockopt$inet6_tcp_int(r7, 0x6, 0x12, &(0x7f0000000000)=0x7f, 0x4) bind$inet6(r5, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r5, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$SO_BINDTODEVICE(r5, 0x1, 0x19, &(0x7f0000000180)='syz_tun\x00', 0x10) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x400}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r8 = open(&(0x7f0000000440)='./bus\x00', 0x141042, 0x0) ftruncate(r4, 0x800fe) sendfile(r7, r8, 0x0, 0x8000fffffffe) [ 557.410407] x86/PAT: syz-executor.3:22010 freeing invalid memtype [mem 0x00002000-0x00002fff] [ 557.493678] FAULT_INJECTION: forcing a failure. [ 557.493678] name failslab, interval 1, probability 0, space 0, times 0 [ 557.504306] overlayfs: filesystem on './file0' not supported as upperdir [ 557.530862] CPU: 1 PID: 22019 Comm: syz-executor.3 Not tainted 4.14.138 #34 [ 557.538019] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 557.547386] Call Trace: [ 557.549987] dump_stack+0x138/0x19c [ 557.553625] should_fail.cold+0x10f/0x159 [ 557.557782] should_failslab+0xdb/0x130 [ 557.561761] kmem_cache_alloc+0x2d7/0x780 [ 557.565914] ? lockdep_init_map+0x9/0x10 [ 557.569976] ? debug_mutex_init+0x2d/0x5a [ 557.574128] dup_fd+0x85/0xa40 [ 557.577330] copy_process.part.0+0x1b5a/0x6a00 [ 557.581923] ? save_trace+0x290/0x290 [ 557.585754] ? proc_fail_nth_write+0x7d/0x180 [ 557.590248] ? proc_cwd_link+0x1b0/0x1b0 [ 557.594319] ? __cleanup_sighand+0x50/0x50 [ 557.598551] ? lock_downgrade+0x6e0/0x6e0 [ 557.602708] _do_fork+0x19e/0xce0 [ 557.606172] ? fork_idle+0x280/0x280 [ 557.609892] ? fput+0xd4/0x150 [ 557.613085] ? SyS_write+0x15e/0x230 [ 557.616805] SyS_clone+0x37/0x50 [ 557.620168] ? sys_vfork+0x30/0x30 [ 557.623712] do_syscall_64+0x1e8/0x640 [ 557.627599] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 557.632453] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 557.637636] RIP: 0033:0x459829 [ 557.640828] RSP: 002b:00007f74f3dd6c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 557.648542] RAX: ffffffffffffffda RBX: 00007f74f3dd6c90 RCX: 0000000000459829 [ 557.655801] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 557.655807] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 557.655812] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f74f3dd76d4 [ 557.655818] R13: 00000000004bfce6 R14: 00000000004d1a38 R15: 0000000000000004 [ 557.682591] x86/PAT: syz-executor.3:22019 freeing invalid memtype [mem 0x00002000-0x00002fff] [ 557.892178] ptrace attach of "/root/syz-executor.1"[21992] was attempted by "/root/syz-executor.1"[22028] [ 558.310140] net_ratelimit: 18 callbacks suppressed [ 558.310146] protocol 88fb is buggy, dev hsr_slave_0 [ 558.320183] protocol 88fb is buggy, dev hsr_slave_1 [ 558.710156] protocol 88fb is buggy, dev hsr_slave_0 [ 558.715255] protocol 88fb is buggy, dev hsr_slave_1 [ 558.950422] protocol 88fb is buggy, dev hsr_slave_0 [ 558.958297] protocol 88fb is buggy, dev hsr_slave_1 [ 558.963469] protocol 88fb is buggy, dev hsr_slave_0 [ 558.968656] protocol 88fb is buggy, dev hsr_slave_1 [ 559.430101] protocol 88fb is buggy, dev hsr_slave_0 [ 559.435192] protocol 88fb is buggy, dev hsr_slave_1 03:36:38 executing program 5: syz_open_dev$sndtimer(&(0x7f0000000100)='/dev/snd/timer\x00', 0x0, 0xc2) r0 = memfd_create(&(0x7f0000000040)='\x00\xac=\x9d\xd2\xdb\xe6\xbf\xb4\b\xedcJ\x8e\x84\xd4N\x12\x9b\x1f\t\xbd\x11+\x86T\x16\xa3\xb3\xae0\x9f9?\xefo\xa4k\x012>\xa1\x9c\x86x\x1c\x9f\x84\x195\xde\x97_\t~\xf3Y\x12\"p^\xc1\x0f', 0x0) pipe2(&(0x7f00000001c0)={0xffffffffffffffff}, 0x80000) syz_genetlink_get_family_id$tipc2(&(0x7f0000000240)='TIPCv2\x00') sendmsg$TIPC_NL_PUBL_GET(r1, &(0x7f00000004c0)={&(0x7f0000000200), 0xc, 0x0, 0x1, 0x0, 0x0, 0x40000}, 0x20004010) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='Cpuacct.stE\xae\x00', 0x275a, 0x0) r2 = creat(&(0x7f0000000080)='./bus\x00', 0x0) fallocate(r2, 0x0, 0x0, 0x1) read$eventfd(r2, &(0x7f00000003c0), 0x8) fallocate(r0, 0xe, 0x6, 0xffffffffffff5a11) r3 = creat(&(0x7f0000000280)='./bus\x00', 0x80) r4 = socket$inet6(0xa, 0x400000000001, 0x0) r5 = fcntl$getown(r3, 0x9) capget(&(0x7f00000000c0)={0x20080522, r5}, &(0x7f0000000140)={0x1, 0x8000, 0x81, 0x40, 0xfffffffff0520d4f, 0x5}) r6 = dup(r4) ioctl$FICLONE(0xffffffffffffffff, 0x40049409, r4) setsockopt$inet6_tcp_int(r6, 0x6, 0x12, &(0x7f0000000000)=0x7f, 0x4) bind$inet6(r4, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r4, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$SO_BINDTODEVICE(r4, 0x1, 0x19, &(0x7f0000000180)='syz_tun\x00', 0x10) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x400}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r7 = open(&(0x7f0000000440)='./bus\x00', 0x141042, 0x0) ftruncate(r3, 0x800fe) sendfile(r6, r7, 0x0, 0x8000fffffffe) 03:36:38 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x822102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg$netlink(0xffffffffffffffff, &(0x7f0000001dc0)={0x0, 0x0, &(0x7f00000000c0)=[{0x0, 0xfffffffffffffce2}, {0x0, 0x15e}, {0x0, 0x2c3}, {&(0x7f0000000000)=ANY=[@ANYBLOB="b803010000000020000000000000000000"], 0x9c}], 0x4}, 0x0) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x4) ptrace$cont(0x18, 0x0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 03:36:38 executing program 0: prctl$PR_SET_NAME(0xf, &(0x7f0000000180)='^\xc3W;\xcc\xfdG\xea\xfd\xc8\xec7\xe5\x8a\xb9\x12$') seccomp(0x1, 0x6, &(0x7f0000000100)={0x1, &(0x7f0000004fe8)=[{0x8000000010006, 0x0, 0x0, 0x50000}]}) mremap(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x3000, 0x0, &(0x7f0000ffd000/0x3000)=nil) 03:36:38 executing program 2: r0 = syz_open_dev$dmmidi(&(0x7f0000000080)='/dev/dmmidi#\x00', 0xb2, 0x10000) getsockopt$inet_sctp6_SCTP_CONTEXT(0xffffffffffffffff, 0x84, 0x11, &(0x7f0000000140)={0x0, 0x80000000}, &(0x7f0000000180)=0x8) getsockopt$inet_sctp6_SCTP_LOCAL_AUTH_CHUNKS(r0, 0x84, 0x1b, &(0x7f0000000200)={r1, 0x3d, "c3b657a63f2b44c6a14241af9698f18b44a64246d5441ba09a707a241a264064d74ee85d51a305c6c157e2c577faacbad9e2a463e31ae7989f0bbc52ee"}, &(0x7f0000000280)=0x45) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000000)="11dca50d5e0bcfe47bf070") mkdir(&(0x7f00000001c0)='./file0\x00', 0x0) mkdir(&(0x7f0000000040)='./file1\x00', 0x0) mount$overlay(0x40000a, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='overlay\x00', 0x0, &(0x7f0000000100)={[{@upperdir={'upperdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './file1'}, 0x5c}], [], 0xf603000000000000}) 03:36:38 executing program 3 (fault-call:6 fault-nth:6): mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000200)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000003c0)='./file0\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffe000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) 03:36:38 executing program 1: 03:36:38 executing program 1: [ 559.842638] audit: type=1326 audit(2000000198.820:170): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=22032 comm=5EC3573BCCFD47EAFDC8EC37E58AB9 exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=228 compat=0 ip=0x45c66a code=0x50000 [ 559.845048] FAULT_INJECTION: forcing a failure. [ 559.845048] name failslab, interval 1, probability 0, space 0, times 0 [ 559.915376] overlayfs: filesystem on './file0' not supported as upperdir [ 559.922467] CPU: 1 PID: 22036 Comm: syz-executor.3 Not tainted 4.14.138 #34 [ 559.929585] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 559.938942] Call Trace: [ 559.941543] dump_stack+0x138/0x19c [ 559.945181] should_fail.cold+0x10f/0x159 [ 559.949339] should_failslab+0xdb/0x130 [ 559.953314] kmem_cache_alloc_trace+0x2e9/0x790 [ 559.957987] ? lock_downgrade+0x6e0/0x6e0 [ 559.962141] alloc_fdtable+0x7f/0x280 [ 559.965943] dup_fd+0x693/0xa40 [ 559.969233] copy_process.part.0+0x1b5a/0x6a00 [ 559.972452] audit: type=1326 audit(2000000198.850:171): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=22032 comm=5EC3573BCCFD47EAFDC8EC37E58AB9 exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x459829 code=0x50000 [ 559.973820] ? save_trace+0x290/0x290 [ 559.973832] ? proc_fail_nth_write+0x7d/0x180 [ 559.973842] ? proc_cwd_link+0x1b0/0x1b0 03:36:39 executing program 2: r0 = mq_open(&(0x7f0000000180)='!mime_type]]^ppp1wlan0\x00', 0x2, 0x8, &(0x7f0000000140)={0xffffffffffffffff, 0x1, 0x1f, 0xe8, 0x7, 0x80000001, 0x6, 0x6}) fcntl$getflags(r0, 0x3) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="11dca50d5e0bcfe47bf070") mkdir(&(0x7f00000001c0)='./file0\x00', 0x0) r2 = creat(&(0x7f0000000080)='./file1\x00', 0x10) mount$overlay(0x0, &(0x7f00000002c0)='./file0\x00', &(0x7f0000000300)='overlay\x00', 0x80, &(0x7f0000000340)={[{@redirect_dir={'redirect_dir', 0x3d, './file0'}}, {@nfs_export_off='nfs_export=off'}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@metacopy_on='metacopy=on'}, {@nfs_export_on='nfs_export=on'}], [{@func={'func', 0x3d, 'FIRMWARE_CHECK'}}, {@subj_role={'subj_role', 0x3d, 'em1wlan1eth1selinux\x01\xe9{'}}]}) r3 = syz_open_dev$adsp(&(0x7f0000000100)='/dev/adsp#\x00', 0x1, 0x28000) ioctl$sock_netrom_SIOCDELRT(r3, 0x890c, &(0x7f0000000240)={0x1, @default, @bpq0='bpq0\x00', 0x4, 'syz1\x00', @null, 0xd82b, 0x7, [@bcast, @bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @default, @null, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @null]}) openat$proc_capi20(0xffffffffffffff9c, &(0x7f0000000200)='/proc/capi/capi20\x00', 0x4000, 0x0) setsockopt$inet_sctp6_SCTP_RECVRCVINFO(r2, 0x84, 0x20, &(0x7f00000000c0)=0x2, 0x4) mkdir(&(0x7f0000000040)='./file1\x00', 0x0) [ 559.973868] ? __cleanup_sighand+0x50/0x50 [ 560.016451] ? lock_downgrade+0x6e0/0x6e0 [ 560.021060] _do_fork+0x19e/0xce0 [ 560.024520] ? fork_idle+0x280/0x280 [ 560.028238] ? fput+0xd4/0x150 [ 560.031432] ? SyS_write+0x15e/0x230 [ 560.035159] SyS_clone+0x37/0x50 [ 560.038525] ? sys_vfork+0x30/0x30 [ 560.042067] do_syscall_64+0x1e8/0x640 [ 560.045954] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 560.050803] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 560.055988] RIP: 0033:0x459829 [ 560.059170] RSP: 002b:00007f74f3dd6c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 560.066876] RAX: ffffffffffffffda RBX: 00007f74f3dd6c90 RCX: 0000000000459829 [ 560.074150] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 560.076780] audit: type=1326 audit(2000000198.850:172): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=22032 comm=5EC3573BCCFD47EAFDC8EC37E58AB9 exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x459829 code=0x50000 [ 560.081416] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 03:36:39 executing program 5: syz_open_dev$sndtimer(&(0x7f0000000100)='/dev/snd/timer\x00', 0x0, 0xc2) r0 = memfd_create(&(0x7f0000000040)='\x00\xac=\x9d\xd2\xdb\xe6\xbf\xb4\b\xedcJ\x8e\x84\xd4N\x12\x9b\x1f\t\xbd\x11+\x86T\x16\xa3\xb3\xae0\x9f9?\xefo\xa4k\x012>\xa1\x9c\x86x\x1c\x9f\x84\x195\xde\x97_\t~\xf3Y\x12\"p^\xc1\x0f', 0x0) pipe2(&(0x7f00000001c0)={0xffffffffffffffff}, 0x80000) syz_genetlink_get_family_id$tipc2(&(0x7f0000000240)='TIPCv2\x00') sendmsg$TIPC_NL_PUBL_GET(r1, &(0x7f00000004c0)={&(0x7f0000000200), 0xc, 0x0, 0x1, 0x0, 0x0, 0x40000}, 0x20004010) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='Cpuacct.stE\xae\x00', 0x275a, 0x0) r2 = creat(&(0x7f0000000080)='./bus\x00', 0x0) fallocate(r2, 0x0, 0x0, 0x1) read$eventfd(r2, &(0x7f00000003c0), 0x8) fallocate(r0, 0xe, 0x6, 0xffffffffffff5a11) r3 = creat(&(0x7f0000000280)='./bus\x00', 0x80) r4 = socket$inet6(0xa, 0x400000000001, 0x0) r5 = fcntl$getown(r3, 0x9) capget(&(0x7f00000000c0)={0x20080522, r5}, &(0x7f0000000140)={0x1, 0x8000, 0x81, 0x40, 0xfffffffff0520d4f, 0x5}) r6 = dup(r4) ioctl$FICLONE(0xffffffffffffffff, 0x40049409, r4) setsockopt$inet6_tcp_int(r6, 0x6, 0x12, &(0x7f0000000000)=0x7f, 0x4) bind$inet6(r4, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r4, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$SO_BINDTODEVICE(r4, 0x1, 0x19, &(0x7f0000000180)='syz_tun\x00', 0x10) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x400}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r7 = open(&(0x7f0000000440)='./bus\x00', 0x141042, 0x0) ftruncate(r3, 0x800fe) sendfile(r6, r7, 0x0, 0x8000fffffffe) 03:36:39 executing program 1: 03:36:39 executing program 3 (fault-call:6 fault-nth:7): mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000200)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000003c0)='./file0\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffe000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) [ 560.081422] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f74f3dd76d4 [ 560.081428] R13: 00000000004bfce6 R14: 00000000004d1a38 R15: 0000000000000004 [ 560.093873] x86/PAT: syz-executor.3:22036 freeing invalid memtype [mem 0x00002000-0x00002fff] 03:36:39 executing program 1: 03:36:39 executing program 1: [ 560.154132] audit: type=1326 audit(2000000198.850:173): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=22032 comm=5EC3573BCCFD47EAFDC8EC37E58AB9 exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x459829 code=0x50000 [ 560.214144] FAULT_INJECTION: forcing a failure. [ 560.214144] name failslab, interval 1, probability 0, space 0, times 0 [ 560.240642] audit: type=1326 audit(2000000198.850:174): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=22032 comm=5EC3573BCCFD47EAFDC8EC37E58AB9 exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x459829 code=0x50000 [ 560.266429] CPU: 0 PID: 22053 Comm: syz-executor.3 Not tainted 4.14.138 #34 [ 560.273537] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 560.282888] Call Trace: [ 560.285487] dump_stack+0x138/0x19c [ 560.289137] should_fail.cold+0x10f/0x159 [ 560.293299] should_failslab+0xdb/0x130 [ 560.297277] kmem_cache_alloc_node_trace+0x280/0x770 [ 560.302387] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 560.307845] __kmalloc_node+0x3d/0x80 [ 560.311644] kvmalloc_node+0x4e/0xe0 [ 560.315364] alloc_fdtable+0xcf/0x280 [ 560.319166] dup_fd+0x693/0xa40 [ 560.322460] copy_process.part.0+0x1b5a/0x6a00 [ 560.327048] ? save_trace+0x290/0x290 [ 560.330852] ? proc_fail_nth_write+0x7d/0x180 [ 560.335352] ? proc_cwd_link+0x1b0/0x1b0 [ 560.339426] ? __cleanup_sighand+0x50/0x50 [ 560.343659] ? lock_downgrade+0x6e0/0x6e0 [ 560.347810] _do_fork+0x19e/0xce0 [ 560.351270] ? fork_idle+0x280/0x280 [ 560.354988] ? fput+0xd4/0x150 [ 560.358183] ? SyS_write+0x15e/0x230 [ 560.361905] SyS_clone+0x37/0x50 [ 560.365269] ? sys_vfork+0x30/0x30 [ 560.368809] do_syscall_64+0x1e8/0x640 [ 560.372693] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 560.377547] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 560.382736] RIP: 0033:0x459829 [ 560.385922] RSP: 002b:00007f74f3dd6c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 560.393625] RAX: ffffffffffffffda RBX: 00007f74f3dd6c90 RCX: 0000000000459829 [ 560.393631] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 560.393636] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 560.393642] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f74f3dd76d4 [ 560.393647] R13: 00000000004bfce6 R14: 00000000004d1a38 R15: 0000000000000004 [ 560.403740] overlayfs: unrecognized mount option "redirect_dir=./file0" or missing value [ 560.439647] audit: type=1326 audit(2000000198.850:175): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=22032 comm=5EC3573BCCFD47EAFDC8EC37E58AB9 exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x459829 code=0x50000 [ 560.454785] overlayfs: unrecognized mount option "redirect_dir=./file0" or missing value [ 560.465419] audit: type=1326 audit(2000000198.850:176): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=22032 comm=5EC3573BCCFD47EAFDC8EC37E58AB9 exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x459829 code=0x50000 [ 560.499603] audit: type=1326 audit(2000000198.850:177): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=22032 comm=5EC3573BCCFD47EAFDC8EC37E58AB9 exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x459829 code=0x50000 [ 560.526039] audit: type=1326 audit(2000000198.850:178): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=22032 comm=5EC3573BCCFD47EAFDC8EC37E58AB9 exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x459829 code=0x50000 [ 560.534886] x86/PAT: syz-executor.3:22053 freeing invalid memtype [mem 0x00002000-0x00002fff] [ 560.551993] audit: type=1326 audit(2000000198.850:179): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=22032 comm=5EC3573BCCFD47EAFDC8EC37E58AB9 exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x459829 code=0x50000 03:36:41 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x822102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg$netlink(0xffffffffffffffff, &(0x7f0000001dc0)={0x0, 0x0, &(0x7f00000000c0)=[{0x0, 0xfffffffffffffce2}, {0x0, 0x15e}, {0x0, 0x2c3}, {&(0x7f0000000000)=ANY=[@ANYBLOB="b803010000000020000000000000000000"], 0x9c}], 0x4}, 0x0) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x4) ptrace$cont(0x18, 0x0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 03:36:41 executing program 5: syz_open_dev$sndtimer(&(0x7f0000000100)='/dev/snd/timer\x00', 0x0, 0xc2) r0 = memfd_create(&(0x7f0000000040)='\x00\xac=\x9d\xd2\xdb\xe6\xbf\xb4\b\xedcJ\x8e\x84\xd4N\x12\x9b\x1f\t\xbd\x11+\x86T\x16\xa3\xb3\xae0\x9f9?\xefo\xa4k\x012>\xa1\x9c\x86x\x1c\x9f\x84\x195\xde\x97_\t~\xf3Y\x12\"p^\xc1\x0f', 0x0) pipe2(&(0x7f00000001c0)={0xffffffffffffffff}, 0x80000) syz_genetlink_get_family_id$tipc2(&(0x7f0000000240)='TIPCv2\x00') sendmsg$TIPC_NL_PUBL_GET(r1, &(0x7f00000004c0)={&(0x7f0000000200), 0xc, 0x0, 0x1, 0x0, 0x0, 0x40000}, 0x20004010) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='Cpuacct.stE\xae\x00', 0x275a, 0x0) r2 = creat(&(0x7f0000000080)='./bus\x00', 0x0) fallocate(r2, 0x0, 0x0, 0x1) read$eventfd(r2, &(0x7f00000003c0), 0x8) fallocate(r0, 0xe, 0x6, 0xffffffffffff5a11) r3 = creat(&(0x7f0000000280)='./bus\x00', 0x80) r4 = socket$inet6(0xa, 0x400000000001, 0x0) r5 = fcntl$getown(r3, 0x9) capget(&(0x7f00000000c0)={0x20080522, r5}, &(0x7f0000000140)={0x1, 0x8000, 0x81, 0x40, 0xfffffffff0520d4f, 0x5}) r6 = dup(r4) ioctl$FICLONE(0xffffffffffffffff, 0x40049409, r4) setsockopt$inet6_tcp_int(r6, 0x6, 0x12, &(0x7f0000000000)=0x7f, 0x4) bind$inet6(r4, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r4, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$SO_BINDTODEVICE(r4, 0x1, 0x19, &(0x7f0000000180)='syz_tun\x00', 0x10) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x400}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r7 = open(&(0x7f0000000440)='./bus\x00', 0x141042, 0x0) ftruncate(r3, 0x800fe) sendfile(r6, r7, 0x0, 0x8000fffffffe) 03:36:41 executing program 1: 03:36:41 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = syz_open_dev$adsp(&(0x7f0000000080)='/dev/adsp#\x00', 0x99, 0x80) ioctl$KDGETKEYCODE(r1, 0x4b4c, &(0x7f0000000140)={0x2890e17e}) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca50d5e0bcfe47bf070") mkdir(&(0x7f00000001c0)='./file0\x00', 0x0) mkdir(&(0x7f0000000040)='./file1\x00', 0x0) mount$overlay(0x40000a, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='overlay\x00', 0x0, &(0x7f0000000100)={[{@upperdir={'upperdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './file1'}, 0x5c}], [], 0xf603000000000000}) 03:36:41 executing program 3 (fault-call:6 fault-nth:8): mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000200)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000003c0)='./file0\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffe000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) 03:36:41 executing program 0: 03:36:41 executing program 0: 03:36:41 executing program 1: [ 562.894795] FAULT_INJECTION: forcing a failure. [ 562.894795] name failslab, interval 1, probability 0, space 0, times 0 [ 562.916946] overlayfs: filesystem on './file0' not supported as upperdir [ 562.947524] CPU: 1 PID: 22068 Comm: syz-executor.3 Not tainted 4.14.138 #34 [ 562.954678] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 562.964050] Call Trace: [ 562.966652] dump_stack+0x138/0x19c [ 562.970296] should_fail.cold+0x10f/0x159 [ 562.974468] should_failslab+0xdb/0x130 [ 562.978452] kmem_cache_alloc_node_trace+0x280/0x770 [ 562.983567] ? kasan_unpoison_shadow+0x35/0x50 [ 562.988158] __kmalloc_node+0x3d/0x80 [ 562.991963] kvmalloc_node+0x4e/0xe0 [ 562.995680] alloc_fdtable+0x13b/0x280 [ 562.999569] dup_fd+0x693/0xa40 [ 563.002865] copy_process.part.0+0x1b5a/0x6a00 [ 563.007459] ? save_trace+0x290/0x290 [ 563.011262] ? proc_fail_nth_write+0x7d/0x180 [ 563.015760] ? proc_cwd_link+0x1b0/0x1b0 [ 563.019835] ? __cleanup_sighand+0x50/0x50 [ 563.024077] ? lock_downgrade+0x6e0/0x6e0 [ 563.028236] _do_fork+0x19e/0xce0 [ 563.031694] ? fork_idle+0x280/0x280 [ 563.035410] ? fput+0xd4/0x150 [ 563.038601] ? SyS_write+0x15e/0x230 [ 563.042321] SyS_clone+0x37/0x50 [ 563.045683] ? sys_vfork+0x30/0x30 [ 563.049226] do_syscall_64+0x1e8/0x640 [ 563.053112] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 563.057965] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 563.063157] RIP: 0033:0x459829 [ 563.066344] RSP: 002b:00007f74f3dd6c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 563.074073] RAX: ffffffffffffffda RBX: 00007f74f3dd6c90 RCX: 0000000000459829 [ 563.081701] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 563.089087] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 03:36:42 executing program 5: syz_open_dev$sndtimer(&(0x7f0000000100)='/dev/snd/timer\x00', 0x0, 0xc2) r0 = memfd_create(&(0x7f0000000040)='\x00\xac=\x9d\xd2\xdb\xe6\xbf\xb4\b\xedcJ\x8e\x84\xd4N\x12\x9b\x1f\t\xbd\x11+\x86T\x16\xa3\xb3\xae0\x9f9?\xefo\xa4k\x012>\xa1\x9c\x86x\x1c\x9f\x84\x195\xde\x97_\t~\xf3Y\x12\"p^\xc1\x0f', 0x0) pipe2(&(0x7f00000001c0)={0xffffffffffffffff}, 0x80000) syz_genetlink_get_family_id$tipc2(&(0x7f0000000240)='TIPCv2\x00') sendmsg$TIPC_NL_PUBL_GET(r1, &(0x7f00000004c0)={&(0x7f0000000200), 0xc, &(0x7f0000000400), 0x1, 0x0, 0x0, 0x40000}, 0x20004010) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='Cpuacct.stE\xae\x00', 0x275a, 0x0) r2 = creat(&(0x7f0000000080)='./bus\x00', 0x0) fallocate(r2, 0x0, 0x0, 0x1) read$eventfd(r2, &(0x7f00000003c0), 0x8) fallocate(r0, 0xe, 0x6, 0xffffffffffff5a11) r3 = creat(&(0x7f0000000280)='./bus\x00', 0x80) r4 = socket$inet6(0xa, 0x400000000001, 0x0) r5 = fcntl$getown(r3, 0x9) capget(&(0x7f00000000c0)={0x20080522, r5}, &(0x7f0000000140)={0x1, 0x8000, 0x81, 0x40, 0xfffffffff0520d4f, 0x5}) r6 = dup(r4) ioctl$FICLONE(0xffffffffffffffff, 0x40049409, r4) setsockopt$inet6_tcp_int(r6, 0x6, 0x12, &(0x7f0000000000)=0x7f, 0x4) bind$inet6(r4, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r4, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$SO_BINDTODEVICE(r4, 0x1, 0x19, &(0x7f0000000180)='syz_tun\x00', 0x10) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x400}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r7 = open(&(0x7f0000000440)='./bus\x00', 0x141042, 0x0) ftruncate(r3, 0x800fe) sendfile(r6, r7, 0x0, 0x8000fffffffe) 03:36:42 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca50d5e0bcfe47bf070") mkdir(&(0x7f00000001c0)='./file0\x00', 0x0) lsetxattr$security_smack_entry(&(0x7f0000000080)='./file1\x00', &(0x7f0000000140)='security.SMACK64IPOUT\x00', &(0x7f0000000180)='\x00', 0x1, 0x1) mkdir(&(0x7f0000000040)='./file1\x00', 0x0) mount$overlay(0x40000a, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='overlay\x00', 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="75707065726469723d2e9175696c65302c6c6f7765726b69723d2e2f66696c65302c776f726b6469723d2e2f66696c65315c00"]) 03:36:42 executing program 1: 03:36:42 executing program 0: [ 563.096360] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f74f3dd76d4 [ 563.103621] R13: 00000000004bfce6 R14: 00000000004d1a38 R15: 0000000000000004 [ 563.137936] x86/PAT: syz-executor.3:22062 freeing invalid memtype [mem 0x00002000-0x00002fff] [ 563.210263] overlayfs: unrecognized mount option "lowerkir=./file0" or missing value [ 563.590144] net_ratelimit: 22 callbacks suppressed [ 563.595141] protocol 88fb is buggy, dev hsr_slave_0 [ 563.600225] protocol 88fb is buggy, dev hsr_slave_1 [ 563.605328] protocol 88fb is buggy, dev hsr_slave_0 [ 563.610395] protocol 88fb is buggy, dev hsr_slave_1 [ 564.550149] protocol 88fb is buggy, dev hsr_slave_0 [ 564.555274] protocol 88fb is buggy, dev hsr_slave_1 [ 564.950134] protocol 88fb is buggy, dev hsr_slave_0 [ 564.955207] protocol 88fb is buggy, dev hsr_slave_1 [ 565.190177] protocol 88fb is buggy, dev hsr_slave_0 [ 565.195242] protocol 88fb is buggy, dev hsr_slave_1 03:36:44 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x822102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg$netlink(0xffffffffffffffff, &(0x7f0000001dc0)={0x0, 0x0, &(0x7f00000000c0)=[{0x0, 0xfffffffffffffce2}, {0x0, 0x15e}, {0x0, 0x2c3}, {&(0x7f0000000000)=ANY=[@ANYBLOB="b803010000000020000000000000000000"], 0x9c}], 0x4}, 0x0) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x4) ptrace$cont(0x18, 0x0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 03:36:44 executing program 0: 03:36:44 executing program 1: pipe2(0x0, 0x0) 03:36:44 executing program 3 (fault-call:6 fault-nth:9): mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000200)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000003c0)='./file0\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffe000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) 03:36:44 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca50d5e0bcfe47bf070") mkdir(&(0x7f00000001c0)='./file0\x00', 0x0) mkdir(&(0x7f0000000140)='./file0\x00', 0x28) mount$overlay(0x40000a, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='overlay\x00', 0x0, &(0x7f0000000100)={[{@upperdir={'upperdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './file1'}, 0x5c}], [], 0xf603000000000000}) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000180)={0x0, 0x0}, &(0x7f0000000200)=0xc) getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, &(0x7f0000000240)={{{@in=@empty, @in6=@loopback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@mcast1}, 0x0, @in=@multicast2}}, &(0x7f0000000340)=0xe8) mount$overlay(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000380)={[{@nfs_export_on='nfs_export=on'}, {@nfs_export_on='nfs_export=on'}, {@upperdir={'upperdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, './file1'}}, {@metacopy_off='metacopy=off'}, {@metacopy_on='metacopy=on'}, {@index_off='index=off'}], [{@audit='audit'}, {@uid_eq={'uid', 0x3d, r1}}, {@context={'context', 0x3d, 'staff_u'}}, {@pcr={'pcr', 0x3d, 0x11}}, {@fowner_eq={'fowner', 0x3d, r2}}]}) 03:36:44 executing program 5: syz_open_dev$sndtimer(&(0x7f0000000100)='/dev/snd/timer\x00', 0x0, 0xc2) r0 = memfd_create(&(0x7f0000000040)='\x00\xac=\x9d\xd2\xdb\xe6\xbf\xb4\b\xedcJ\x8e\x84\xd4N\x12\x9b\x1f\t\xbd\x11+\x86T\x16\xa3\xb3\xae0\x9f9?\xefo\xa4k\x012>\xa1\x9c\x86x\x1c\x9f\x84\x195\xde\x97_\t~\xf3Y\x12\"p^\xc1\x0f', 0x0) pipe2(&(0x7f00000001c0)={0xffffffffffffffff}, 0x80000) syz_genetlink_get_family_id$tipc2(&(0x7f0000000240)='TIPCv2\x00') sendmsg$TIPC_NL_PUBL_GET(r1, &(0x7f00000004c0)={&(0x7f0000000200), 0xc, &(0x7f0000000400), 0x1, 0x0, 0x0, 0x40000}, 0x20004010) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='Cpuacct.stE\xae\x00', 0x275a, 0x0) r2 = creat(&(0x7f0000000080)='./bus\x00', 0x0) fallocate(r2, 0x0, 0x0, 0x1) read$eventfd(r2, &(0x7f00000003c0), 0x8) fallocate(r0, 0xe, 0x6, 0xffffffffffff5a11) r3 = creat(&(0x7f0000000280)='./bus\x00', 0x80) r4 = socket$inet6(0xa, 0x400000000001, 0x0) r5 = fcntl$getown(r3, 0x9) capget(&(0x7f00000000c0)={0x20080522, r5}, &(0x7f0000000140)={0x1, 0x8000, 0x81, 0x40, 0xfffffffff0520d4f, 0x5}) r6 = dup(r4) ioctl$FICLONE(0xffffffffffffffff, 0x40049409, r4) setsockopt$inet6_tcp_int(r6, 0x6, 0x12, &(0x7f0000000000)=0x7f, 0x4) bind$inet6(r4, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r4, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$SO_BINDTODEVICE(r4, 0x1, 0x19, &(0x7f0000000180)='syz_tun\x00', 0x10) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x400}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r7 = open(&(0x7f0000000440)='./bus\x00', 0x141042, 0x0) ftruncate(r3, 0x800fe) sendfile(r6, r7, 0x0, 0x8000fffffffe) 03:36:44 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_mreq(r1, 0x0, 0xc, &(0x7f0000000000)={@local={0xac, 0x14, 0x0}}, 0x8) recvfrom$inet(r0, 0x0, 0x7f8ad630, 0x0, 0x0, 0x800e00637) shutdown(r0, 0x0) [ 565.915776] overlayfs: failed to resolve './file1': -2 [ 565.926994] FAULT_INJECTION: forcing a failure. [ 565.926994] name failslab, interval 1, probability 0, space 0, times 0 [ 565.932276] overlayfs: unrecognized mount option "nfs_export=on" or missing value [ 565.961285] CPU: 0 PID: 22097 Comm: syz-executor.3 Not tainted 4.14.138 #34 [ 565.968476] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 565.970012] overlayfs: failed to resolve './file1': -2 [ 565.977834] Call Trace: [ 565.977857] dump_stack+0x138/0x19c [ 565.977877] should_fail.cold+0x10f/0x159 [ 565.977895] should_failslab+0xdb/0x130 [ 565.977913] kmem_cache_alloc+0x2d7/0x780 [ 566.001620] ? dup_fd+0x533/0xa40 [ 566.005079] copy_fs_struct+0x43/0x2d0 [ 566.008981] copy_process.part.0+0x3924/0x6a00 [ 566.013576] ? save_trace+0x290/0x290 [ 566.017384] ? proc_fail_nth_write+0x7d/0x180 [ 566.022697] ? proc_cwd_link+0x1b0/0x1b0 [ 566.026771] ? __cleanup_sighand+0x50/0x50 [ 566.031008] ? lock_downgrade+0x6e0/0x6e0 [ 566.035166] _do_fork+0x19e/0xce0 [ 566.038625] ? fork_idle+0x280/0x280 [ 566.042354] ? fput+0xd4/0x150 [ 566.045549] ? SyS_write+0x15e/0x230 [ 566.049269] SyS_clone+0x37/0x50 [ 566.052635] ? sys_vfork+0x30/0x30 [ 566.056175] do_syscall_64+0x1e8/0x640 [ 566.060060] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 566.064905] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 566.070088] RIP: 0033:0x459829 [ 566.073268] RSP: 002b:00007f74f3dd6c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 566.080977] RAX: ffffffffffffffda RBX: 00007f74f3dd6c90 RCX: 0000000000459829 [ 566.088242] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 566.095509] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 566.102777] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f74f3dd76d4 03:36:44 executing program 1: r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vcs\x00', 0x0, 0x0) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) read(r1, &(0x7f0000000600)=""/11, 0x232) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000140)) dup2(r1, r0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r2, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4) connect$inet6(r2, &(0x7f0000000080), 0x1c) r3 = dup2(r2, r2) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000440), 0x131f64) clone(0x2102001ff9, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r3, 0x29, 0x20, &(0x7f00000000c0)={@dev, 0x0, 0x2}, 0x20) clone(0x6102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$KDMKTONE(r0, 0x4b30, 0x0) ioctl$int_out(r0, 0x0, 0x0) 03:36:45 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca50d5e0bcfe47bf070") mkdir(&(0x7f00000001c0)='./file0\x00', 0x0) mkdir(&(0x7f0000000040)='./file1\x00', 0x0) mount$overlay(0x40000a, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='overlay\x00', 0x0, &(0x7f0000000100)={[{@upperdir={'upperdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './file1'}, 0x5c}], [], 0xf603000000000000}) r1 = syz_open_dev$midi(&(0x7f0000000080)='/dev/midi#\x00', 0x9, 0x4000) ioctl$ASHMEM_GET_SIZE(r1, 0x7704, 0x0) 03:36:45 executing program 5: syz_open_dev$sndtimer(&(0x7f0000000100)='/dev/snd/timer\x00', 0x0, 0xc2) r0 = memfd_create(&(0x7f0000000040)='\x00\xac=\x9d\xd2\xdb\xe6\xbf\xb4\b\xedcJ\x8e\x84\xd4N\x12\x9b\x1f\t\xbd\x11+\x86T\x16\xa3\xb3\xae0\x9f9?\xefo\xa4k\x012>\xa1\x9c\x86x\x1c\x9f\x84\x195\xde\x97_\t~\xf3Y\x12\"p^\xc1\x0f', 0x0) pipe2(&(0x7f00000001c0)={0xffffffffffffffff}, 0x80000) syz_genetlink_get_family_id$tipc2(&(0x7f0000000240)='TIPCv2\x00') sendmsg$TIPC_NL_PUBL_GET(r1, &(0x7f00000004c0)={&(0x7f0000000200), 0xc, &(0x7f0000000400), 0x1, 0x0, 0x0, 0x40000}, 0x20004010) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='Cpuacct.stE\xae\x00', 0x275a, 0x0) r2 = creat(&(0x7f0000000080)='./bus\x00', 0x0) fallocate(r2, 0x0, 0x0, 0x1) read$eventfd(r2, &(0x7f00000003c0), 0x8) fallocate(r0, 0xe, 0x6, 0xffffffffffff5a11) r3 = creat(&(0x7f0000000280)='./bus\x00', 0x80) r4 = socket$inet6(0xa, 0x400000000001, 0x0) r5 = fcntl$getown(r3, 0x9) capget(&(0x7f00000000c0)={0x20080522, r5}, &(0x7f0000000140)={0x1, 0x8000, 0x81, 0x40, 0xfffffffff0520d4f, 0x5}) r6 = dup(r4) ioctl$FICLONE(0xffffffffffffffff, 0x40049409, r4) setsockopt$inet6_tcp_int(r6, 0x6, 0x12, &(0x7f0000000000)=0x7f, 0x4) bind$inet6(r4, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r4, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$SO_BINDTODEVICE(r4, 0x1, 0x19, &(0x7f0000000180)='syz_tun\x00', 0x10) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x400}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r7 = open(&(0x7f0000000440)='./bus\x00', 0x141042, 0x0) ftruncate(r3, 0x800fe) sendfile(r6, r7, 0x0, 0x8000fffffffe) [ 566.110049] R13: 00000000004bfce6 R14: 00000000004d1a38 R15: 0000000000000004 [ 566.154709] x86/PAT: syz-executor.3:22097 freeing invalid memtype [mem 0x00002000-0x00002fff] [ 566.194702] overlayfs: filesystem on './file0' not supported as upperdir 03:36:45 executing program 3 (fault-call:6 fault-nth:10): mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000200)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000003c0)='./file0\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffe000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) 03:36:45 executing program 0: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000002c0)=@updsa={0x104, 0x1a, 0x205, 0x0, 0x0, {{@in6=@mcast1, @in=@loopback}, {@in=@remote, 0x0, 0x2b}, @in=@multicast1, {}, {}, {}, 0x0, 0x0, 0xa, 0x2}, [@coaddr={0x14, 0xe, @in6=@dev}]}, 0x104}}, 0x0) [ 566.309629] FAULT_INJECTION: forcing a failure. [ 566.309629] name failslab, interval 1, probability 0, space 0, times 0 [ 566.326990] CPU: 1 PID: 22128 Comm: syz-executor.3 Not tainted 4.14.138 #34 [ 566.334103] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 566.343464] Call Trace: [ 566.346113] dump_stack+0x138/0x19c [ 566.349755] should_fail.cold+0x10f/0x159 [ 566.353909] should_failslab+0xdb/0x130 [ 566.357885] kmem_cache_alloc+0x2d7/0x780 [ 566.362032] ? _raw_spin_unlock+0x2d/0x50 [ 566.366182] copy_process.part.0+0x3987/0x6a00 [ 566.370775] ? save_trace+0x290/0x290 [ 566.374572] ? proc_fail_nth_write+0x7d/0x180 [ 566.379061] ? proc_cwd_link+0x1b0/0x1b0 [ 566.383131] ? __cleanup_sighand+0x50/0x50 [ 566.387402] ? lock_downgrade+0x6e0/0x6e0 [ 566.391558] _do_fork+0x19e/0xce0 [ 566.395015] ? fork_idle+0x280/0x280 [ 566.398726] ? fput+0xd4/0x150 [ 566.401918] ? SyS_write+0x15e/0x230 [ 566.405640] SyS_clone+0x37/0x50 [ 566.409001] ? sys_vfork+0x30/0x30 [ 566.412542] do_syscall_64+0x1e8/0x640 [ 566.416961] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 566.421818] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 566.427008] RIP: 0033:0x459829 [ 566.430176] RSP: 002b:00007f74f3dd6c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 566.437986] RAX: ffffffffffffffda RBX: 00007f74f3dd6c90 RCX: 0000000000459829 [ 566.445239] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 566.452506] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 566.459758] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f74f3dd76d4 [ 566.467026] R13: 00000000004bfce6 R14: 00000000004d1a38 R15: 0000000000000004 [ 566.487739] x86/PAT: syz-executor.3:22128 freeing invalid memtype [mem 0x00002000-0x00002fff] [ 568.710122] net_ratelimit: 18 callbacks suppressed [ 568.715099] protocol 88fb is buggy, dev hsr_slave_0 [ 568.720168] protocol 88fb is buggy, dev hsr_slave_1 03:36:47 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x822102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg$netlink(0xffffffffffffffff, &(0x7f0000001dc0)={0x0, 0x0, &(0x7f00000000c0)=[{0x0, 0xfffffffffffffce2}, {0x0, 0x15e}, {0x0, 0x2c3}, {&(0x7f0000000000)=ANY=[@ANYBLOB="b803010000000020000000000000000000"], 0x9c}], 0x4}, 0x0) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x4) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xffffffffffffffff, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 03:36:47 executing program 1: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uhid\x00', 0x6, 0x0) write$UHID_CREATE2(r0, &(0x7f00000013c0)=ANY=[@ANYBLOB="0b00000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000073797a30000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000ccb9000080f882dccab370b227c3c9139f8ec7144f651bedff8afafce2d93041b54c5a85307abcca720d2cd28c12a628ea1dd314d8edc7e1fa5f96f4498be5bd459bb3655167cafab09cd86fa63829"], 0x119) socket$inet6(0xa, 0x0, 0x0) write$UHID_INPUT(r0, &(0x7f0000000380)={0x8, "416e70d8392a6a29d47b2ca7423869a7d47f33ad8b8e8cb8e1e24fa4d18959014f3cc7351d6e8880980b0bda7cfac9e53e3eba4e58e0480211592fe29d2015d8b8ca1984f1f1a5f4f4f5971b7fd87a839d8fe15e7341dcb2b6b793cf68af6e57ba2048f136f191bc695fef228229d6ed5fbdcee0a5a22a902a96f635272cf705b3180770418aab7397cdcac8889e830c0f442e1591bb4b9609429af4186df8759f7c135437949d5990c3bc9a1265e81c3cda97e0377687214a93dae00da84549e146ff260596e624d9db831f5406ccd515c6807a1496a5f2a4c60a6521f1dba3706f4e5832b80089570dbcff587c3c6f2bf22f335cf1ca9d24b7ed3a8cacfaf0548f685775480e5df76e4f515de21cef92c0e4e2bf7fd820be91bee4f60a14cb04893858c0f8d4e850875605682d0fec375647b6b07e6117e6425e2adb4bc3f9aed93c440670582ddcbf257435d91f5df261e1c90a01e653d3392f94ea11a946a21a1d4464837e7a44c391a1d305495208b61b21abe8a27ebb33aa5299b05535bfe04eadf56908589eff330f0eb1a1e74c308b540963f440ea3fc9ad2accd9c1e93dc4612c58e9f8ccc555427b26455f4b0561b53c9a1ee19f4951439330a2293925fe35da21b7e43cdbab2d6c3ba852dd89ffa26eb35d1e16179bc35f98d5b3480c664153d15ece47bc4303bff165230b5fa1d81e3c2234baa3bc95ad7c24d5bbeccf727bb43773bf4d4c0876c2181347014e83b068b2810bc234c61e8a2120e50cffa9dc2228aab09fc096448c67f90b91840d53c52df8170e96c170793a44c5b158bc780591bc0cd02aadecf776d4da9499af343eb0247f76e7c8711b2561cb623a1bf4742abacf00e072cd54b87dc6d5c7a9d3f03b605d9368622a2c06998fcfec398f34683b8ac70d264d639693737a2ea78d3d6b19b2cee1d02f248a5ab265b57d46ae58e835825b4885a5507650ca9c38a2090a9faf5f95bef2e97dff8093f798a6cd5688408f6bd36c691e01e60705a3d805b2e27a3210d25a64405c6be4f9402d1a26f5ebe0e02361e2a5e4f77722f7fd9e676710e1b05c70b76704a01eb4d96dbb96b2f7773ecffa969960af53cd06e902d681079a2d5ab0bc0cf9594728541a978c8b5c8fe188cceb6036e76586133f8214cd71ba04e287202fd8685ae9b7c5544f8505d40dee3eace96637f4e5b4ad43a2b574f90ab65ae6e7cb6442ec0ef7429ba793cfc845aa8e0ab721af45fa9acc95e94c8de4d77de21fbd06ff2e87a1a8d98ce7b498d19039193ef0d6869db7f14c4e7de8f1e871115d446cb0be3518e56b47d8d74216aa4f817cbc932fbf7e2c022b216517455a2eecf3906e0e00bb21834e63400068c33b3b86b69bb4a280484c12bbeae20584c29fdee235b4fa0ce05d50e1ae421f84fc4b8d8cf63902a4225b1134b58e0bf03ba48e22bcd84e50e696342d65242c82b617b20a01d3f0738b9c36fb48bad1009dbfd285ae89a728a1e6125cb2c79a95590fea8358ea970778b5a3a3f8524121a29ea9424da7d9e49e505b89b4bec4d4ec443a380a3307f3e8880929c169bb6a6281a45206676069e5b66202c102817972fa2fcdb2c69c76aac4a76ac795e6d0cbaeefc32059221cc37745880c232963e5db2b4e8b0c824dcfa0f09a7d75094bca7edff04893ffa349ae581ea796dee0e8e537d8065ff373c80aeabebf9fb332cfb04ddff6af2334a9e7d12c02d8e49912acb2c85817e2f0f781e0e2cca32b95cad5ca56a3d444d7e883d6d9c8112f681a55125811dc423878f90f1fc37e72430e56fef342737fb1fc0a91948ffd14b041b2f459bef47b575a864694c223161500b6974601997abdc913ddc5671c263a1e9fa6da8b5161acda8361456d8521ffd6b57ace7c9917b12e6da084841cb424c78796216445a4784c05613d3a102e7c3bf0e459ece3a0c28a9a7f806791645104c231f81f0d51633f66bdfd301bb33d866c5376f507e034033620364c5062d130029555493498a43091e8008defab4993bd44853842d1d69c55a5c5a76bb4b63430b5d3d5fd414246ff2351295ef0c5c7b34a7ac41457350f6f9eb986054a413c87d2fd25f049f0c992335e11d956c6b9d0b2b1f6e0b88aca8369947b9d3365ae08c5a1dc418c35233700becbb18241c65fc2c31746f428a3bfd1e661da29c1c58b12912301f2abb3282cf6abd558439c34436268bfaf9ddba9ea87952be75251866d33faa419c209dccec8a76ca0e8d9fc81dc8f865e410a2b650f888c091e4a644270087f3d390c3fa155128f0df0c856aa52f9b3958b0f8133c6616693e593eefae62ddd572c5fc096c83a38910211d648df81c735f24952c370c5cab10d4c71efac608d0e58e9a7d918898d720570da45e3fd231937f48c1b9cbf51c3988ecef64eb83f36b95ea67e672f62d61638d983bc3b366626f9a902e454abd863bff681fc41618b02f9b6da664f6cd515f02c4af256470c0d680e1b40823a3d3ba2e41f3dbd792d872aba1de70a85e9fde38df80e35dbe4d6e47b56a855a9916b27fe38c8230ababc338e7d9186140cf972126b094146369b9384542fcf906f6bef4efd9b794ab0a71fbc8cb62ac0c0b1271cdd10083f7b0245e0b597d9d7d5bb3eec5593b8d1bfd63a194a288efad01774495784e487313a449ed33153273f4ea2bdb06846750af0125615f6ea777c939b2b34fc7fa79b213f3c85fde56173b0a1b7b1d431e2731076ab9831f5e7ca87c2c6406c46783e3cc58a2b5e353eb23a8c06fba929a29b663d56c955adeecdfe887227e3325902c054de27e5f893b4dbd96ad1a3c98c99a68db7a6320007e85fcf136d760321958f381aed26b7b23e061886819327efeb3d9e500fa82f2e84d0f9e66957808f4fcaddcf80c552be3c1d2e9961ce0b761d2bd507cd7f06466e591e7178fcdd7a40c92cd1470396d0564980441090fa8a37ff2ec6e366082557283ba1fff47b32d47a2a885007545d256fb9ecbdb95295749e39469f80495c189c1a01b06cdaadf963960c00ab02b7bc96a387db7b86d633e56271957f07ab6adc82e61f1828f612e599fcddaa21d1c9cd1a095f2fa1996aa5fd0e042d6a864a4dad2393405b90247e3bdbba21beff0515eb053748eb83b24b7c67e03eed422e7b903658f45cbf2dabe7701c2bbc40d361ed835854c089856280eaa7611e8a95c6b12249526aff7fe3f951276bfdb11435d0bebfce03127a7f36123377b42ab7aee05d697fb74026e0c9baedcef9f2c6129eef352297b649ae705b36af2829d574f6b1569d04729d16d4d7ec212bdfa92d4fa06db95e687d397f063797706ce64775ca3766d706989f0e490666a04560f90d5bdfbd6da9b9fe35486f5b8d3e5b09fdb2fbf294366b591a8feef429dbc73f9a52c9d377946a2cf1149d87c00fb02ea80e911cc1bc72c66ab7a1640f7717592a7f819963d89d31a226b3076ae282f1e9f71a676e1d9cb085b2a6de044041883902b64c121a665e978604491b8f17795e438a1cd01dbdf7e94f9934652d90d138419f9e6a67b03f01fc6607a238d46f8d2180d8fc5caac59e05e88cc3913a377d63f67b35de0ff58e92831d52c739d7fc102a0547424e3f09627068b5666444b4db07932152a66336930f9bbcc7f14f85c5d2687b9a769d8d97412f43dd04aedec754202a9d182ace7a0aed29133e7840bd1771dbf4f7b5536d2def49af72fecdf75e5e56c24437f01df13595251559e076b25f4cbc7396ceb50dc21ac95b89a35f800669b2614160e70ff53a9834e6b0124fa64eb75d97fe3918345717583173b99e8ba7f9bca08d4e1da98966a052fb2a73fccb3852c8b9f32d08658f523cdea7b06cfce3bbd6f62432ef3a1ddc5c89ea6f91fa0c7efd6a98320601d825ba0139be11f3040220697ecea0e0cf0913b75759c8957c4d493cdea788d96c06ef78ec5121726601a7d3a33352120ddee75a11a4520b595c4bd149b3411c57dc24dd33591689f98ecba7eaa05eaae4e2f57b0cd063534efe8dd453beccdb9029ded3de1a93f100fcf68834f95fb9d9a3b6d0281abf1fa980127cf5e5089f3e480f37008b1b8455732ec786e5e119015d525c3776159f7da30df1deeceb275b38b44815984a15966ae4f2056436ecef3d513af9fc857806c936184d093ad4e4c684861eccae0fcbf0dd9d36d089a03e5ecdfcab1f76913f98cae993b4beefea60adaddbe8e1a684378711294eba46c09950efd99a45a3683cd665e5195ccb025c76af53bde62564386f110820f315b206cec8925580ce65ca6cd80ae3de18f729349338f0bda032aeef70efe5116b5c5df0e69254bf3e0f16875a79823792549518e9115eb66d72b8f4d1d592cfd034d13b686750293447f1781a401e068b3bb61a361bab3acb038eff8a3a5a6104af00b60053b717ef9cc59bfc70c1bcf1f410211ac7a3509d2f9f0fa4ff1338d0d815441f6206d25dd3957d9038ef9b487d46122d63ca976845e0d9a10179a9b319aabd791b7d14e48b33f87c3334a713f09e1c198e1a2723913197b0233a334e135c07419d90a8a20781444bcb251a38123d2cc55a0a7639d57788e8dbc949e405444024603b359d191b053d1eeb6983a1493caf70df04f705a99dbe75db53f400e80d89fffa0c9d83fb36a82a3c770a6ee37a87671dfc798a0658baf6b36d45b849245f0735bcf5f3fb67e29df74ba1bd983b9897ff51a2fae50dac8c69bc556fb01f0359a258c2eb6f238d03dc93a7f6eed2742679432d36675af6e9e1fed6954e6d7290e340b6194dcadd31c334cd0b9e79a35175297df144993e2fc2d4c9d0db6b32be19aea9f97a715958413090adfdf37879798fccec9e3c673096997f2a73c21ffdc71de666d3b42c5fcd553adcf77d9c94ae6f14e082bc2d7593ee80b6a76e44344d3ad0a4a3ad8d962cd97197229407cdb814fd163548cb30ac3e1c956499633b70a9f3dce36867d4c7f1a51cb98d56bcaa50cb08fd0e0aa155d759c1f38335acf5580ac13bc2eac8b0b037ba846f2b56ad0ad78e61996d79b3dcb6693bdf25a6ddaf3b1254f0eb6fb5a358a566f70048e8db412c7b0c9131583d0b3a0d881432dda2b9ded14bf2c5e935beb1e66073c13fc8bcfb5a812badf6f245aec4b765c9a747a9f8a34064dac8f9f5ffcae2a6634d84736408bdb9c3432e902bfc850bf710b43894789e13c06755295fe9c57c9074862062ee4b47ec27126461e8655ac9a3add6bd64b87d853622d43545a9ddca37922074665def87c1d2053a92f7d153ab9d0bda7b7e2cee3284e391d7c136e784eb6970b348aca0cffcb287dc42f60e9f16e79393c581bbcbf4bc62a892fd2ed3d9efd4b5846ae07e7a0a4fda33a8d3d08edcff007a413f4968c8f7dd0d1250d319ea3b58ebe524fbffc394c2c60dbcfe501158d3ad649294ebeff395003a2f1d1684b39b3ccbb4b999a99ce58a583b7d86f55c32b82b7d9adcdf5477bcf8f436d5a7637b8fc0ce19de35a7bf705f6dcddd4cb83203ab6825016029284b1e82c521d2b0505d3617470db23f242ae9dc1f43776ecceb5ab10ee4eb2966941d0b48b2af1ea1252b7d7dbcc5da7fec1f1fe8367290857b4f237fce0853345c8cd40dd0e33e175aa25e830db823a3b83ac10beeac6e3e438fb3bb8fdea3b33648477d298f4f73baadeec3fc54bffc0a7f4f962ee5e4e20ca0eed05fa9af7a54bb6f9d6b0285d0fbf617544b1f3024c78fc44cb940c289e2e43735b85601cd76c85643e56f5fbb2df0d52dca1f6f662141608a", 0x1000}, 0x1006) 03:36:47 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca50d5e0bcfe47bf070") mkdir(&(0x7f00000001c0)='./file0\x00', 0x0) mkdir(&(0x7f0000000040)='./file1\x00', 0x0) r1 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer\x00', 0x8080, 0x0) sendmsg$alg(r1, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000200)="39e95cd4f3deed4dad981c7cca369c2088fd4885c1357e55c8b392f6b5614f9c6af74355d1d175bad56d3aacc10a9a86fa9e51cbbb3aefe835ec164e616d64a8c0fb9d0e363323e3bb67bdd23b80ab9743ce6aafb7b319dfa9df0343847a72f5dc4d50927e1bd9880aa66899ed372a9fd9f30eb1cf20a2c066f9ddf02605d7d028fdcf02d9f5c42d1b463c19e9a8adfbd5d330ac48a9cacd", 0x98}, {&(0x7f00000002c0)="4c3be534b884373357dfe82c42f5a43f8b00efb2879292c52c978bc6c3f2bb56b7045f98ea6814c6bda0c8b7703bc704aea81a1d4696093bbd240b39ad70a619d720dbce993521661af485c5dd4d72decaaa10bd9dd28f908b8c90aa441425ad32a089c77c60f71b2aeb7f44eeb3d69cb61fa35af712bb8281c750e0be9a85add135c0d2fb5940823fc8942bb6c601874e72c94a3048528f806c082947c33b3ba36494470cb6741524f55bbef0a91a8aff34ce63876452accb65ecef30bb91efac9917ed084558147b13e53b689952ac07407ee0a377db3d5b90", 0xda}, {&(0x7f00000003c0)="e9d4c310515a49315299f1f6b2bb43cb938bced99b25ea1e18ca1dbbc790aa15b668bcd31cb6080429d69aa7bce967e334142d05e84c616b9e37d24c7cb1d8c3e4a669640a16a0a085877580451ae86d80e2eafff999eeed33f394ccedc3a6f0e9732e1e9277fa51af183c51a3b2f00e6595edd16a5fb0464c54e8537c912d4f92a163f9c9590628f9cce5d0", 0x8c}, {&(0x7f0000000140)="5bdf0e26ef7f1cf38f55e6ce427fbf14eda7e65d0315f6641ba5f721a7bbeb7405a430012ba27167b22bb1b040f00fed81be8a31ea2e8052725bc0", 0x3b}], 0x4, &(0x7f0000000480)=[@iv={0x98, 0x117, 0x2, 0x83, "b1e8460120c0fed9d0752bb0c855680e2f2fb67f8e59669d71c026a0aa533a9cc8d80dbae2363776068eded6b0923a041b2c4961698f1a4b9aba300f2c06f91afa2381841aebe044cfa364ac30a1a378b7a9da2f4700ceab19b5d954efeb74657c733af854c84d4cd29385515ad5c911c23857b1805a413eb9eec950685539e36a4d3f"}, @op={0x18}, @op={0x18, 0x117, 0x3, 0x1}, @iv={0x68, 0x117, 0x2, 0x4e, "675ed31005d06916ea02f56ec2b1f1c236258d17c74073d025e0c485fb6d8031443fe129b69f18347e7facc83ba9d423f4d12c63e97ce098babff97d5bdfef2d1736c62a4f18075ba41ba46e0b36"}, @iv={0xd0, 0x117, 0x2, 0xb5, "ac95051d323dfb25e1b545b3f599e4acbe082206710a9dd491cca5c5b6ec3bf49c55dcfaeb1d2401ec4c2cf522a532a85e1be78ae73c5ed0eba017300c431be4cbe5d622e9517958f341eef08a11d42275a9427bb53191b688cda76adc480105a37abb2ab3c0639d2a3b9c17554dbd5635c6e51961f896b8e5c75a07ee924d9341a90efeaa8832fdc6803f40de1b30f76c20d40f41d093a4e70f9837953e63636f40983060feb919f6495a8face123b82d5d91b1e5"}, @iv={0x28, 0x117, 0x2, 0x13, "848aeb01e4b36fda35376e36efef81e108bdbc"}, @iv={0xe0, 0x117, 0x2, 0xc6, "a72af3f9a9cdd0459da6bf87816e6250b4457145ca75180ab76b50cc2879146db9c95e35367a8a1d6620303f3f98434c70100136bfc33e053a4e39e89131b22719c3e3ca287d1884ed14613258f8a404fe7a998f7282b6b856f1bce54936f3067edc58961f35011317f1e7bc6558317d8541ce4e9a047e7792459f2e1fd644faeb0242cefbcd8604f7717a9bfdd96490b60524a14bb3e2685c4367c9beb6575e068b378ea83b7c251b243e8fb3fd36d8ffa69d37e6a6173bc80be49590af70fcc17d49c03768"}], 0x308, 0x4000045}, 0x0) mount$overlay(0x40000a, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='overlay\x00', 0x0, &(0x7f0000000100)={[{@upperdir={'upperdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './file1'}, 0x5c}], [], 0xf603000000000000}) 03:36:47 executing program 0: openat$selinux_user(0xffffffffffffff9c, &(0x7f0000000500)='/selinux/user\x00', 0x2, 0x0) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x38) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x3, 0x1}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r0, 0x0, 0x0) 03:36:47 executing program 5: syz_open_dev$sndtimer(&(0x7f0000000100)='/dev/snd/timer\x00', 0x0, 0xc2) r0 = memfd_create(&(0x7f0000000040)='\x00\xac=\x9d\xd2\xdb\xe6\xbf\xb4\b\xedcJ\x8e\x84\xd4N\x12\x9b\x1f\t\xbd\x11+\x86T\x16\xa3\xb3\xae0\x9f9?\xefo\xa4k\x012>\xa1\x9c\x86x\x1c\x9f\x84\x195\xde\x97_\t~\xf3Y\x12\"p^\xc1\x0f', 0x0) pipe2(&(0x7f00000001c0)={0xffffffffffffffff}, 0x80000) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000240)='TIPCv2\x00') sendmsg$TIPC_NL_PUBL_GET(r1, &(0x7f00000004c0)={&(0x7f0000000200), 0xc, &(0x7f0000000400)={&(0x7f0000000700)=ANY=[@ANYBLOB="f800b900ee6059aa5bf14ff6a69df6cf78598587885cc2979be4d33804ce45cf25a023e9d85b90b16d1c4f676e9d8d20b58f8357894ddc76b8621dbea8fcf60e000000000000beb107743e7f8356bb1b4c0de66bec6f53d13682abef3e61e52e81ef49b7430113f3811d3f04cf033549732f89d78a64aad3db174f0fa25aae831eb197865d", @ANYRES16=r2], 0x2}, 0x1, 0x0, 0x0, 0x40000}, 0x20004010) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='Cpuacct.stE\xae\x00', 0x275a, 0x0) r3 = creat(&(0x7f0000000080)='./bus\x00', 0x0) fallocate(r3, 0x0, 0x0, 0x1) read$eventfd(r3, &(0x7f00000003c0), 0x8) fallocate(r0, 0xe, 0x6, 0xffffffffffff5a11) r4 = creat(&(0x7f0000000280)='./bus\x00', 0x80) r5 = socket$inet6(0xa, 0x400000000001, 0x0) r6 = fcntl$getown(r4, 0x9) capget(&(0x7f00000000c0)={0x20080522, r6}, &(0x7f0000000140)={0x1, 0x8000, 0x81, 0x40, 0xfffffffff0520d4f, 0x5}) r7 = dup(r5) ioctl$FICLONE(0xffffffffffffffff, 0x40049409, r5) setsockopt$inet6_tcp_int(r7, 0x6, 0x12, &(0x7f0000000000)=0x7f, 0x4) bind$inet6(r5, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r5, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$SO_BINDTODEVICE(r5, 0x1, 0x19, &(0x7f0000000180)='syz_tun\x00', 0x10) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x400}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r8 = open(&(0x7f0000000440)='./bus\x00', 0x141042, 0x0) ftruncate(r4, 0x800fe) sendfile(r7, r8, 0x0, 0x8000fffffffe) 03:36:47 executing program 3 (fault-call:6 fault-nth:11): mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000200)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000003c0)='./file0\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffe000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) [ 568.952706] FAULT_INJECTION: forcing a failure. [ 568.952706] name failslab, interval 1, probability 0, space 0, times 0 [ 568.981569] overlayfs: filesystem on './file0' not supported as upperdir [ 568.984701] ptrace attach of "/root/syz-executor.0"[22141] was attempted by "/root/syz-executor.0"[22145] [ 568.988643] CPU: 0 PID: 22139 Comm: syz-executor.3 Not tainted 4.14.138 #34 [ 569.005295] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 569.014823] Call Trace: [ 569.017415] dump_stack+0x138/0x19c [ 569.021055] should_fail.cold+0x10f/0x159 [ 569.025231] should_failslab+0xdb/0x130 [ 569.029209] kmem_cache_alloc+0x2d7/0x780 [ 569.033373] ? _raw_spin_unlock_irq+0x28/0x90 [ 569.037870] ? trace_hardirqs_on_caller+0x400/0x590 [ 569.042891] copy_process.part.0+0x1cd5/0x6a00 [ 569.047485] ? save_trace+0x290/0x290 [ 569.051319] ? proc_fail_nth_write+0x7d/0x180 [ 569.055820] ? proc_cwd_link+0x1b0/0x1b0 [ 569.059894] ? __cleanup_sighand+0x50/0x50 [ 569.064128] ? lock_downgrade+0x6e0/0x6e0 [ 569.068285] _do_fork+0x19e/0xce0 [ 569.071751] ? fork_idle+0x280/0x280 [ 569.075471] ? fput+0xd4/0x150 [ 569.078666] ? SyS_write+0x15e/0x230 [ 569.082394] SyS_clone+0x37/0x50 [ 569.085757] ? sys_vfork+0x30/0x30 [ 569.089304] do_syscall_64+0x1e8/0x640 [ 569.093192] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 569.098058] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 569.103256] RIP: 0033:0x459829 [ 569.106449] RSP: 002b:00007f74f3dd6c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 569.114156] RAX: ffffffffffffffda RBX: 00007f74f3dd6c90 RCX: 0000000000459829 [ 569.121423] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 569.128695] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 569.135963] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f74f3dd76d4 [ 569.143229] R13: 00000000004bfce6 R14: 00000000004d1a38 R15: 0000000000000004 03:36:48 executing program 5: syz_open_dev$sndtimer(&(0x7f0000000100)='/dev/snd/timer\x00', 0x0, 0xc2) r0 = memfd_create(&(0x7f0000000040)='\x00\xac=\x9d\xd2\xdb\xe6\xbf\xb4\b\xedcJ\x8e\x84\xd4N\x12\x9b\x1f\t\xbd\x11+\x86T\x16\xa3\xb3\xae0\x9f9?\xefo\xa4k\x012>\xa1\x9c\x86x\x1c\x9f\x84\x195\xde\x97_\t~\xf3Y\x12\"p^\xc1\x0f', 0x0) pipe2(&(0x7f00000001c0)={0xffffffffffffffff}, 0x80000) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000240)='TIPCv2\x00') sendmsg$TIPC_NL_PUBL_GET(r1, &(0x7f00000004c0)={&(0x7f0000000200), 0xc, &(0x7f0000000400)={&(0x7f0000000700)=ANY=[@ANYBLOB="f800b900ee6059aa5bf14ff6a69df6cf78598587885cc2979be4d33804ce45cf25a023e9d85b90b16d1c4f676e9d8d20b58f8357894ddc76b8621dbea8fcf60e000000000000beb107743e7f8356bb1b4c0de66bec6f53d13682abef3e61e52e81ef49b7430113f3811d3f04cf033549732f89d78a64aad3db174f0fa25aae831eb197865d", @ANYRES16=r2], 0x2}, 0x1, 0x0, 0x0, 0x40000}, 0x20004010) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='Cpuacct.stE\xae\x00', 0x275a, 0x0) r3 = creat(&(0x7f0000000080)='./bus\x00', 0x0) fallocate(r3, 0x0, 0x0, 0x1) read$eventfd(r3, &(0x7f00000003c0), 0x8) fallocate(r0, 0xe, 0x6, 0xffffffffffff5a11) r4 = creat(&(0x7f0000000280)='./bus\x00', 0x80) r5 = socket$inet6(0xa, 0x400000000001, 0x0) r6 = fcntl$getown(r4, 0x9) capget(&(0x7f00000000c0)={0x20080522, r6}, &(0x7f0000000140)={0x1, 0x8000, 0x81, 0x40, 0xfffffffff0520d4f, 0x5}) r7 = dup(r5) ioctl$FICLONE(0xffffffffffffffff, 0x40049409, r5) setsockopt$inet6_tcp_int(r7, 0x6, 0x12, &(0x7f0000000000)=0x7f, 0x4) bind$inet6(r5, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r5, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$SO_BINDTODEVICE(r5, 0x1, 0x19, &(0x7f0000000180)='syz_tun\x00', 0x10) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x400}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r8 = open(&(0x7f0000000440)='./bus\x00', 0x141042, 0x0) ftruncate(r4, 0x800fe) sendfile(r7, r8, 0x0, 0x8000fffffffe) 03:36:48 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca50d5e0bcfe47bf070") mkdir(&(0x7f00000001c0)='./file0\x00', 0x0) mkdir(&(0x7f0000000040)='./file1\x00', 0x0) mount$overlay(0x40000a, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='overlay\x00', 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="75707065726469723d2e2f66696c65302c6c6f7765726469723d2e2f66696c65302c776f726b6469723d2e2f66696c65315c004a05766189c6db4739b2787d922935ab7831bb8ca55c6a19b4657f6f049a0937ba5cada773d3431b65eb4d711b1c18312c11e257387413ec9d23c525b756c3a535a0347db3f8d70609b5d16b3004b1fa5975e0277492b3cee4123b902d54ef3c44a7aa4222745e3f51fb9269f0e8a9cdd9e62dc678d5483e5bc246119beb36d69e8520f20b16fa5008bc809b169aced7eb641745485f95bb08f99eb30bd91bade90e3a560694b0979847ec2d0a822a"]) chmod(&(0x7f0000000080)='./file1\x00', 0x150) 03:36:48 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000100)="11dca50d5e0bcfe47bf070") r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000240)={0x26, 'aead\x00', 0x0, 0x0, 'gcm(aes)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000080)="ab553fec94248c32e27d04000000288a", 0x10) r2 = accept$alg(r1, 0x0, 0x0) sendmsg$alg(r2, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000180)=[@assoc={0x18, 0x117, 0x4, 0xd4e5}, @op={0x18, 0x117, 0x3, 0x1}], 0x30}, 0x0) write$binfmt_script(r2, &(0x7f0000000600)=ANY=[], 0xfec8) recvmmsg(r2, &(0x7f0000007e00)=[{{&(0x7f0000001240)=@alg, 0x80, &(0x7f0000004700)=[{&(0x7f00000012c0)=""/167, 0x2}, {&(0x7f00000023c0)=""/49, 0x200023f1}, {&(0x7f0000003580)=""/4096, 0x1000}], 0x3, &(0x7f0000004780)=""/245, 0xf5}}], 0x30, 0x0, &(0x7f0000008000)={0x0, 0x989680}) [ 569.150749] protocol 88fb is buggy, dev hsr_slave_0 [ 569.155828] protocol 88fb is buggy, dev hsr_slave_1 03:36:48 executing program 1: mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x0, 0x32, 0xffffffffffffffff, 0x0) r0 = syz_init_net_socket$ax25(0x3, 0x2, 0x0) setsockopt$ax25_int(r0, 0x101, 0x0, &(0x7f0000000700), 0x4) 03:36:48 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) recvmsg(r0, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000680)=[{&(0x7f0000000000)=""/25, 0x19}, {0x0}, {0x0}, {0x0}, {0x0}], 0x5}, 0x6) r1 = socket$inet_udplite(0x2, 0x2, 0x88) recvfrom$inet(r1, 0x0, 0xbf9d, 0x0, 0x0, 0x800e0053e) shutdown(r0, 0x0) ppoll(&(0x7f0000000040)=[{}, {}, {}], 0x3, 0x0, 0x0, 0x0) shutdown(r1, 0x0) 03:36:48 executing program 1: mknod(&(0x7f0000000200)='./bus\x00', 0x0, 0x0) mknod(&(0x7f0000000000)='./file0\x00', 0x8001424, 0x0) r0 = open(&(0x7f0000000140)='./file0\x00', 0x800, 0x0) r1 = open(&(0x7f0000000600)='./bus\x00', 0x2, 0x0) splice(r0, 0x0, r1, 0x0, 0x100400000, 0x0) [ 569.360147] protocol 88fb is buggy, dev hsr_slave_0 [ 569.365300] protocol 88fb is buggy, dev hsr_slave_1 [ 569.370440] protocol 88fb is buggy, dev hsr_slave_0 [ 569.375500] protocol 88fb is buggy, dev hsr_slave_1 [ 569.385140] x86/PAT: syz-executor.3:22134 freeing invalid memtype [mem 0x00002000-0x00002fff] [ 569.401549] overlayfs: filesystem on './file0' not supported as upperdir [ 569.830125] protocol 88fb is buggy, dev hsr_slave_0 [ 569.835253] protocol 88fb is buggy, dev hsr_slave_1 03:36:50 executing program 1: open(0x0, 0x0, 0x0) 03:36:50 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x822102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg$netlink(0xffffffffffffffff, &(0x7f0000001dc0)={0x0, 0x0, &(0x7f00000000c0)=[{0x0, 0xfffffffffffffce2}, {0x0, 0x15e}, {0x0, 0x2c3}, {&(0x7f0000000000)=ANY=[@ANYBLOB="b803010000000020000000000000000000"], 0x9c}], 0x4}, 0x0) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x4) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xffffffffffffffff, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 03:36:50 executing program 5: syz_open_dev$sndtimer(&(0x7f0000000100)='/dev/snd/timer\x00', 0x0, 0xc2) r0 = memfd_create(&(0x7f0000000040)='\x00\xac=\x9d\xd2\xdb\xe6\xbf\xb4\b\xedcJ\x8e\x84\xd4N\x12\x9b\x1f\t\xbd\x11+\x86T\x16\xa3\xb3\xae0\x9f9?\xefo\xa4k\x012>\xa1\x9c\x86x\x1c\x9f\x84\x195\xde\x97_\t~\xf3Y\x12\"p^\xc1\x0f', 0x0) pipe2(&(0x7f00000001c0)={0xffffffffffffffff}, 0x80000) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000240)='TIPCv2\x00') sendmsg$TIPC_NL_PUBL_GET(r1, &(0x7f00000004c0)={&(0x7f0000000200), 0xc, &(0x7f0000000400)={&(0x7f0000000700)=ANY=[@ANYBLOB="f800b900ee6059aa5bf14ff6a69df6cf78598587885cc2979be4d33804ce45cf25a023e9d85b90b16d1c4f676e9d8d20b58f8357894ddc76b8621dbea8fcf60e000000000000beb107743e7f8356bb1b4c0de66bec6f53d13682abef3e61e52e81ef49b7430113f3811d3f04cf033549732f89d78a64aad3db174f0fa25aae831eb197865d", @ANYRES16=r2], 0x2}, 0x1, 0x0, 0x0, 0x40000}, 0x20004010) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='Cpuacct.stE\xae\x00', 0x275a, 0x0) r3 = creat(&(0x7f0000000080)='./bus\x00', 0x0) fallocate(r3, 0x0, 0x0, 0x1) read$eventfd(r3, &(0x7f00000003c0), 0x8) fallocate(r0, 0xe, 0x6, 0xffffffffffff5a11) r4 = creat(&(0x7f0000000280)='./bus\x00', 0x80) r5 = socket$inet6(0xa, 0x400000000001, 0x0) r6 = fcntl$getown(r4, 0x9) capget(&(0x7f00000000c0)={0x20080522, r6}, &(0x7f0000000140)={0x1, 0x8000, 0x81, 0x40, 0xfffffffff0520d4f, 0x5}) r7 = dup(r5) ioctl$FICLONE(0xffffffffffffffff, 0x40049409, r5) setsockopt$inet6_tcp_int(r7, 0x6, 0x12, &(0x7f0000000000)=0x7f, 0x4) bind$inet6(r5, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r5, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$SO_BINDTODEVICE(r5, 0x1, 0x19, &(0x7f0000000180)='syz_tun\x00', 0x10) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x400}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r8 = open(&(0x7f0000000440)='./bus\x00', 0x141042, 0x0) ftruncate(r4, 0x800fe) sendfile(r7, r8, 0x0, 0x8000fffffffe) 03:36:50 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca50d5e0bcfe47bf070") mkdir(&(0x7f00000001c0)='./file0\x00', 0x0) mkdir(&(0x7f0000000040)='./file1\x00', 0x0) mount$overlay(0x40000a, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='overlay\x00', 0x0, &(0x7f0000000100)={[{@upperdir={'upperdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './file1'}, 0x5c}], [], 0xf603000000000000}) r1 = semget$private(0x0, 0x3, 0x25) semctl$SETVAL(r1, 0x3, 0x10, &(0x7f0000000080)=0x1) 03:36:50 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) recvmsg(r1, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000880)=[{&(0x7f0000000140)=""/255, 0xff}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}], 0x8}, 0x2) recvfrom$inet(r2, 0x0, 0x78cf, 0x0, 0x0, 0x800e00515) shutdown(r1, 0x0) r3 = dup(r2) r4 = socket$inet_udplite(0x2, 0x2, 0x88) r5 = dup2(r2, r4) lseek(r0, 0x0, 0x0) recvfrom$inet(r5, 0x0, 0xffffff27, 0x0, 0x0, 0x800e0050e) shutdown(r3, 0x0) 03:36:50 executing program 3 (fault-call:6 fault-nth:12): mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000200)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000003c0)='./file0\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffe000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) 03:36:50 executing program 1: socket$vsock_stream(0x28, 0x1, 0x0) perf_event_open(&(0x7f0000000300)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000080)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_ctr_aes192\x00'}, 0x58) r1 = openat$proc_capi20ncci(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$PPPIOCDISCONN(r1, 0x7439) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000140)="ae", 0x1) r2 = accept$alg(r0, 0x0, 0x0) recvmmsg(r2, &(0x7f0000001280)=[{{0x0, 0x0, &(0x7f0000001180)=[{&(0x7f0000001080)=""/251, 0xfb}], 0x1}}], 0x1, 0x0, &(0x7f0000001380)={0x77359400}) 03:36:51 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca50d5e0bcfe47bf070") mkdir(&(0x7f00000001c0)='./file0\x00', 0x0) r1 = openat$selinux_avc_cache_threshold(0xffffffffffffff9c, &(0x7f0000000080)='/selinux/avc/cache_threshold\x00', 0x2, 0x0) write$FUSE_NOTIFY_STORE(r1, &(0x7f0000000140)={0x29, 0x4, 0x0, {0x4, 0xfffffffffffff371, 0x1, 0x0, [0x0]}}, 0x29) mkdir(&(0x7f0000000040)='./file1\x00', 0x0) mount$overlay(0x40000a, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='overlay\x00', 0x0, &(0x7f0000000100)={[{@upperdir={'upperdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './file1'}, 0x5c}], [], 0xf603000000000000}) semget$private(0x0, 0x4, 0x8) [ 572.023396] FAULT_INJECTION: forcing a failure. [ 572.023396] name failslab, interval 1, probability 0, space 0, times 0 [ 572.043599] overlayfs: filesystem on './file0' not supported as upperdir [ 572.099218] CPU: 0 PID: 22191 Comm: syz-executor.3 Not tainted 4.14.138 #34 [ 572.106370] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 572.115724] Call Trace: [ 572.118318] dump_stack+0x138/0x19c [ 572.121962] should_fail.cold+0x10f/0x159 [ 572.126117] should_failslab+0xdb/0x130 [ 572.130094] kmem_cache_alloc+0x2d7/0x780 [ 572.134245] ? lockdep_init_map+0x9/0x10 [ 572.138308] ? debug_mutex_init+0x2d/0x5a [ 572.142464] copy_process.part.0+0x3c75/0x6a00 03:36:51 executing program 1: socket$vsock_stream(0x28, 0x1, 0x0) perf_event_open(&(0x7f0000000300)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000080)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_ctr_aes192\x00'}, 0x58) r1 = openat$proc_capi20ncci(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$PPPIOCDISCONN(r1, 0x7439) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000140)="ae", 0x1) r2 = accept$alg(r0, 0x0, 0x0) recvmmsg(r2, &(0x7f0000001280)=[{{0x0, 0x0, &(0x7f0000001180)=[{&(0x7f0000001080)=""/251, 0xfb}], 0x1}}], 0x1, 0x0, &(0x7f0000001380)={0x77359400}) 03:36:51 executing program 1: r0 = openat$capi20(0xffffffffffffff9c, &(0x7f0000000140)='/dev/capi20\x00', 0x0, 0x0) ioctl$CAPI_GET_PROFILE(r0, 0xc0404309, &(0x7f0000000000)=0x2) [ 572.147058] ? proc_fail_nth_write+0x7d/0x180 [ 572.151557] ? proc_cwd_link+0x1b0/0x1b0 [ 572.155632] ? __cleanup_sighand+0x50/0x50 [ 572.159868] ? lock_downgrade+0x6e0/0x6e0 [ 572.164021] _do_fork+0x19e/0xce0 [ 572.167482] ? fork_idle+0x280/0x280 [ 572.171205] ? fput+0xd4/0x150 [ 572.174406] ? SyS_write+0x15e/0x230 [ 572.178125] SyS_clone+0x37/0x50 [ 572.181489] ? sys_vfork+0x30/0x30 [ 572.185028] do_syscall_64+0x1e8/0x640 [ 572.188911] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 572.193767] entry_SYSCALL_64_after_hwframe+0x42/0xb7 03:36:51 executing program 0: r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vcs\x00', 0x0, 0x0) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0) read(r1, &(0x7f0000000600)=""/11, 0x232) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000140)) dup2(r1, r0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r2, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4) connect$inet6(r2, &(0x7f0000000080), 0x1c) r3 = dup2(r2, r2) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000440), 0x131f64) clone(0x2102001ff9, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r3, 0x29, 0x20, &(0x7f00000000c0)={@dev, 0x0, 0x2}, 0x20) ioctl$KDMKTONE(r0, 0x4b30, 0x0) 03:36:51 executing program 5: syz_open_dev$sndtimer(&(0x7f0000000100)='/dev/snd/timer\x00', 0x0, 0xc2) r0 = memfd_create(&(0x7f0000000040)='\x00\xac=\x9d\xd2\xdb\xe6\xbf\xb4\b\xedcJ\x8e\x84\xd4N\x12\x9b\x1f\t\xbd\x11+\x86T\x16\xa3\xb3\xae0\x9f9?\xefo\xa4k\x012>\xa1\x9c\x86x\x1c\x9f\x84\x195\xde\x97_\t~\xf3Y\x12\"p^\xc1\x0f', 0x0) pipe2(&(0x7f00000001c0)={0xffffffffffffffff}, 0x80000) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000240)='TIPCv2\x00') sendmsg$TIPC_NL_PUBL_GET(r1, &(0x7f00000004c0)={&(0x7f0000000200), 0xc, &(0x7f0000000400)={&(0x7f0000000700)=ANY=[@ANYBLOB="f800b900ee6059aa5bf14ff6a69df6cf78598587885cc2979be4d33804ce45cf25a023e9d85b90b16d1c4f676e9d8d20b58f8357894ddc76b8621dbea8fcf60e000000000000beb107743e7f8356bb1b4c0de66bec6f53d13682abef3e61e52e81ef49b7430113f3811d3f04cf033549732f89d78a64aad3db174f0fa25aae831eb197865d", @ANYRES16=r2, @ANYBLOB], 0x3}, 0x1, 0x0, 0x0, 0x40000}, 0x20004010) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='Cpuacct.stE\xae\x00', 0x275a, 0x0) r3 = creat(&(0x7f0000000080)='./bus\x00', 0x0) fallocate(r3, 0x0, 0x0, 0x1) read$eventfd(r3, &(0x7f00000003c0), 0x8) fallocate(r0, 0xe, 0x6, 0xffffffffffff5a11) r4 = creat(&(0x7f0000000280)='./bus\x00', 0x80) r5 = socket$inet6(0xa, 0x400000000001, 0x0) r6 = fcntl$getown(r4, 0x9) capget(&(0x7f00000000c0)={0x20080522, r6}, &(0x7f0000000140)={0x1, 0x8000, 0x81, 0x40, 0xfffffffff0520d4f, 0x5}) r7 = dup(r5) ioctl$FICLONE(0xffffffffffffffff, 0x40049409, r5) setsockopt$inet6_tcp_int(r7, 0x6, 0x12, &(0x7f0000000000)=0x7f, 0x4) bind$inet6(r5, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r5, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$SO_BINDTODEVICE(r5, 0x1, 0x19, &(0x7f0000000180)='syz_tun\x00', 0x10) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x400}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r8 = open(&(0x7f0000000440)='./bus\x00', 0x141042, 0x0) ftruncate(r4, 0x800fe) sendfile(r7, r8, 0x0, 0x8000fffffffe) [ 572.198952] RIP: 0033:0x459829 [ 572.202138] RSP: 002b:00007f74f3dd6c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 572.209845] RAX: ffffffffffffffda RBX: 00007f74f3dd6c90 RCX: 0000000000459829 [ 572.217111] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 572.224379] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 572.231646] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f74f3dd76d4 [ 572.239181] R13: 00000000004bfce6 R14: 00000000004d1a38 R15: 0000000000000004 03:36:51 executing program 3 (fault-call:6 fault-nth:13): mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000200)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000003c0)='./file0\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffe000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) [ 572.269939] x86/PAT: syz-executor.3:22185 freeing invalid memtype [mem 0x00002000-0x00002fff] 03:36:51 executing program 1: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETVNETHDRSZ(r0, 0x400454d8, 0x0) r1 = gettid() r2 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000080)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000100)={0x3, 0x70, 0xa3, 0x6, 0x6, 0x0, 0x0, 0x7, 0x0, 0x8, 0x1, 0x5, 0x6, 0x2de, 0x0, 0x0, 0x8000, 0x2, 0x2551, 0xfffffffffffffffe, 0x1, 0x10001, 0x9, 0x200, 0x6, 0x6, 0x5, 0x7fffffff, 0x5, 0xbd, 0x0, 0x7, 0x1, 0xff, 0x2, 0x9, 0x3, 0x4, 0x0, 0x7, 0x0, @perf_config_ext={0x9, 0x80}, 0x0, 0x3, 0x80000000, 0x7, 0x0, 0x400, 0x180000000000}, r1, 0xe, r2, 0x2) close(r0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000200)={0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0}, 0x30) perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffbfffffe, 0x0, 0x4, 0x400, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socket$kcm(0x29, 0x0, 0x0) ioctl$TUNGETFEATURES(0xffffffffffffffff, 0x800454cf, &(0x7f00000002c0)) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000006c0)={r2, 0x0, 0xfffffffffffffe86, 0x0, 0x0, 0x0}, 0x28) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000540)={r2, 0x0, 0x0}, 0x10) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40086602, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) openat$cgroup_ro(r3, &(0x7f00000008c0)='cgroup.stat\x00', 0x0, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup.cpu/syz0\x00', 0x200002, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x17, 0x8, &(0x7f00000000c0)=@framed={{}, [@map={0x18, 0x2}, @alu={0x4, 0x0, 0xa, 0x0, 0xe, 0x597fcabf2b970914, 0x19}, @call, @ldst={0x33e8a83911dc1845, 0x3, 0x0, 0x5, 0x6, 0xfffffffffffffffe, 0xfffffffffffffffc}]}, &(0x7f0000000400)='syzkaller\x00', 0x7, 0x0, 0x0, 0x0, 0x4, [], 0x0, 0xe, r3, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) r5 = openat$cgroup_int(r4, &(0x7f0000000040)='cpuset.cpus\x00', 0x2, 0x0) write$cgroup_int(r5, &(0x7f0000000300), 0x1) socket$kcm(0x2, 0x1000000000000002, 0x0) [ 572.374448] overlayfs: filesystem on './file0' not supported as upperdir [ 572.417736] FAULT_INJECTION: forcing a failure. [ 572.417736] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 572.480783] CPU: 0 PID: 22224 Comm: syz-executor.3 Not tainted 4.14.138 #34 [ 572.487922] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 572.497280] Call Trace: [ 572.499879] dump_stack+0x138/0x19c [ 572.503525] should_fail.cold+0x10f/0x159 [ 572.507677] ? __might_sleep+0x93/0xb0 [ 572.511572] __alloc_pages_nodemask+0x1d6/0x7a0 [ 572.516245] ? fs_reclaim_acquire+0x20/0x20 [ 572.520571] ? __alloc_pages_slowpath+0x2930/0x2930 [ 572.525600] ? check_preemption_disabled+0x3c/0x250 [ 572.530618] alloc_pages_current+0xec/0x1e0 [ 572.534948] __get_free_pages+0xf/0x40 [ 572.538838] pgd_alloc+0x25/0x2b0 [ 572.542297] ? lockdep_init_map+0x9/0x10 [ 572.546369] mm_init+0x578/0x970 [ 572.546383] copy_process.part.0+0x3ccd/0x6a00 [ 572.546401] ? proc_fail_nth_write+0x7d/0x180 [ 572.554328] ? proc_cwd_link+0x1b0/0x1b0 [ 572.554356] ? __cleanup_sighand+0x50/0x50 [ 572.554368] ? lock_downgrade+0x6e0/0x6e0 [ 572.554385] _do_fork+0x19e/0xce0 [ 572.554398] ? fork_idle+0x280/0x280 [ 572.554411] ? fput+0xd4/0x150 [ 572.554421] ? SyS_write+0x15e/0x230 [ 572.554436] SyS_clone+0x37/0x50 [ 572.554446] ? sys_vfork+0x30/0x30 [ 572.592256] do_syscall_64+0x1e8/0x640 [ 572.596141] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 572.600990] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 572.606173] RIP: 0033:0x459829 [ 572.609359] RSP: 002b:00007f74f3dd6c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 572.617063] RAX: ffffffffffffffda RBX: 00007f74f3dd6c90 RCX: 0000000000459829 [ 572.624328] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 572.631606] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 572.638878] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f74f3dd76d4 [ 572.646320] R13: 00000000004bfce6 R14: 00000000004d1a38 R15: 0000000000000004 [ 572.662578] x86/PAT: syz-executor.3:22224 freeing invalid memtype [mem 0x00002000-0x00002fff] [ 573.990141] net_ratelimit: 22 callbacks suppressed [ 573.990147] protocol 88fb is buggy, dev hsr_slave_0 [ 574.000187] protocol 88fb is buggy, dev hsr_slave_1 [ 574.005283] protocol 88fb is buggy, dev hsr_slave_0 [ 574.010362] protocol 88fb is buggy, dev hsr_slave_1 03:36:53 executing program 5: syz_open_dev$sndtimer(&(0x7f0000000100)='/dev/snd/timer\x00', 0x0, 0xc2) r0 = memfd_create(&(0x7f0000000040)='\x00\xac=\x9d\xd2\xdb\xe6\xbf\xb4\b\xedcJ\x8e\x84\xd4N\x12\x9b\x1f\t\xbd\x11+\x86T\x16\xa3\xb3\xae0\x9f9?\xefo\xa4k\x012>\xa1\x9c\x86x\x1c\x9f\x84\x195\xde\x97_\t~\xf3Y\x12\"p^\xc1\x0f', 0x0) pipe2(&(0x7f00000001c0)={0xffffffffffffffff}, 0x80000) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000240)='TIPCv2\x00') sendmsg$TIPC_NL_PUBL_GET(r1, &(0x7f00000004c0)={&(0x7f0000000200), 0xc, &(0x7f0000000400)={&(0x7f0000000700)=ANY=[@ANYBLOB="f800b900ee6059aa5bf14ff6a69df6cf78598587885cc2979be4d33804ce45cf25a023e9d85b90b16d1c4f676e9d8d20b58f8357894ddc76b8621dbea8fcf60e000000000000beb107743e7f8356bb1b4c0de66bec6f53d13682abef3e61e52e81ef49b7430113f3811d3f04cf033549732f89d78a64aad3db174f0fa25aae831eb197865d", @ANYRES16=r2, @ANYBLOB], 0x3}, 0x1, 0x0, 0x0, 0x40000}, 0x20004010) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='Cpuacct.stE\xae\x00', 0x275a, 0x0) r3 = creat(&(0x7f0000000080)='./bus\x00', 0x0) fallocate(r3, 0x0, 0x0, 0x1) read$eventfd(r3, &(0x7f00000003c0), 0x8) fallocate(r0, 0xe, 0x6, 0xffffffffffff5a11) r4 = creat(&(0x7f0000000280)='./bus\x00', 0x80) r5 = socket$inet6(0xa, 0x400000000001, 0x0) r6 = fcntl$getown(r4, 0x9) capget(&(0x7f00000000c0)={0x20080522, r6}, &(0x7f0000000140)={0x1, 0x8000, 0x81, 0x40, 0xfffffffff0520d4f, 0x5}) r7 = dup(r5) ioctl$FICLONE(0xffffffffffffffff, 0x40049409, r5) setsockopt$inet6_tcp_int(r7, 0x6, 0x12, &(0x7f0000000000)=0x7f, 0x4) bind$inet6(r5, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r5, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$SO_BINDTODEVICE(r5, 0x1, 0x19, &(0x7f0000000180)='syz_tun\x00', 0x10) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x400}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r8 = open(&(0x7f0000000440)='./bus\x00', 0x141042, 0x0) ftruncate(r4, 0x800fe) sendfile(r7, r8, 0x0, 0x8000fffffffe) 03:36:53 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x822102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg$netlink(0xffffffffffffffff, &(0x7f0000001dc0)={0x0, 0x0, &(0x7f00000000c0)=[{0x0, 0xfffffffffffffce2}, {0x0, 0x15e}, {0x0, 0x2c3}, {&(0x7f0000000000)=ANY=[@ANYBLOB="b803010000000020000000000000000000"], 0x9c}], 0x4}, 0x0) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x4) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xffffffffffffffff, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 03:36:53 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000140)="11dca50d5e0bcfe47bee59a2e1cbdd3c01ae4a") mkdir(&(0x7f00000001c0)='./file0\x00', 0x0) bpf$OBJ_PIN_PROG(0x6, &(0x7f0000000180)={&(0x7f0000000080)='./file1\x00', r0}, 0x10) mkdir(&(0x7f0000000040)='./file1\x00', 0x80) mount$overlay(0x40000a, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='overlay\x00', 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="75707065726469723d2e2f66696c65302c6c6f7765726469723d2e2f66696c65302c776f726b6452523936a3c6be07b7f24d13"]) 03:36:53 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000480)='/dev/ptmx\x00', 0x201, 0x0) write$binfmt_aout(r0, &(0x7f0000000180)=ANY=[@ANYRES16], 0x2) ioctl$TCSETS(r0, 0x40045431, &(0x7f00003b9fdc)) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000100)="11dca50d5e0bcfe47bf070") r2 = syz_open_pts(r0, 0x0) readv(r2, &(0x7f00000001c0)=[{&(0x7f0000000100)=""/55, 0x37}], 0x1) ioctl$TCSETSW(r2, 0x5403, &(0x7f0000000000)) 03:36:53 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) dup2(0xffffffffffffffff, 0xffffffffffffffff) r2 = socket$inet_udplite(0x2, 0x2, 0x88) recvmsg(r1, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000880)=[{&(0x7f0000000140)=""/255, 0xff}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}], 0x8}, 0x2) recvfrom$inet(r2, 0x0, 0x78cf, 0x0, 0x0, 0x800e00515) shutdown(r1, 0x0) r3 = dup(r2) r4 = socket$inet_udplite(0x2, 0x2, 0x88) r5 = dup2(r2, r4) getsockopt$inet_mreq(r2, 0x0, 0x9, 0x0, &(0x7f0000000080)) recvfrom$inet(r5, 0x0, 0xffffff27, 0x0, 0x0, 0x800e0050e) shutdown(r3, 0x0) 03:36:53 executing program 3 (fault-call:6 fault-nth:14): mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000200)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000003c0)='./file0\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffe000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) [ 574.950144] protocol 88fb is buggy, dev hsr_slave_0 [ 574.955273] protocol 88fb is buggy, dev hsr_slave_1 03:36:54 executing program 0: [ 575.022159] overlayfs: unrecognized mount option "workdRR96ƾM" or missing value [ 575.039375] FAULT_INJECTION: forcing a failure. [ 575.039375] name failslab, interval 1, probability 0, space 0, times 0 [ 575.053296] CPU: 1 PID: 22240 Comm: syz-executor.3 Not tainted 4.14.138 #34 [ 575.060410] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 575.069766] Call Trace: 03:36:54 executing program 0: 03:36:54 executing program 0: [ 575.072373] dump_stack+0x138/0x19c [ 575.076028] should_fail.cold+0x10f/0x159 [ 575.080193] should_failslab+0xdb/0x130 [ 575.084182] kmem_cache_alloc+0x2d7/0x780 [ 575.088337] ? lock_downgrade+0x6e0/0x6e0 [ 575.092494] __khugepaged_enter+0x37/0x340 [ 575.096737] copy_process.part.0+0x5557/0x6a00 [ 575.101332] ? proc_fail_nth_write+0x7d/0x180 [ 575.105896] ? __cleanup_sighand+0x50/0x50 [ 575.110141] ? lock_downgrade+0x6e0/0x6e0 [ 575.114384] _do_fork+0x19e/0xce0 [ 575.117853] ? fork_idle+0x280/0x280 03:36:54 executing program 0: [ 575.121574] ? fput+0xd4/0x150 [ 575.124772] ? SyS_write+0x15e/0x230 [ 575.128497] SyS_clone+0x37/0x50 [ 575.131866] ? sys_vfork+0x30/0x30 [ 575.135412] do_syscall_64+0x1e8/0x640 [ 575.139297] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 575.144152] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 575.149338] RIP: 0033:0x459829 [ 575.152523] RSP: 002b:00007f74f3dd6c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 575.160234] RAX: ffffffffffffffda RBX: 00007f74f3dd6c90 RCX: 0000000000459829 03:36:54 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="482a80af36f7fa01dca50d") mkdir(&(0x7f00000001c0)='./file0\x00', 0x0) mkdir(&(0x7f0000000040)='./file1\x00', 0x0) mount$overlay(0x40000a, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='overlay\x00', 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB='upperdir=./ir=./file0,workdir=./file1\\\x00'/51]) r1 = socket(0x2, 0x6, 0x2) r2 = dup3(r1, r1, 0x80000) ioctl$DRM_IOCTL_ADD_CTX(0xffffffffffffffff, 0xc0086420, &(0x7f0000000140)={0x0}) ioctl$DRM_IOCTL_GET_SAREA_CTX(r2, 0xc010641d, &(0x7f0000000180)={r3, &(0x7f0000000200)=""/254}) ioctl$SIOCAX25DELFWD(r1, 0x89eb, &(0x7f0000000080)={@null, @null}) [ 575.167506] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 575.174776] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 575.182047] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f74f3dd76d4 [ 575.189316] R13: 00000000004bfce6 R14: 00000000004d1a38 R15: 0000000000000004 03:36:54 executing program 0: [ 575.216705] x86/PAT: syz-executor.3:22240 freeing invalid memtype [mem 0x00002000-0x00002fff] [ 575.252722] overlayfs: missing 'lowerdir' [ 575.316419] overlayfs: missing 'lowerdir' 03:36:54 executing program 5: syz_open_dev$sndtimer(&(0x7f0000000100)='/dev/snd/timer\x00', 0x0, 0xc2) r0 = memfd_create(&(0x7f0000000040)='\x00\xac=\x9d\xd2\xdb\xe6\xbf\xb4\b\xedcJ\x8e\x84\xd4N\x12\x9b\x1f\t\xbd\x11+\x86T\x16\xa3\xb3\xae0\x9f9?\xefo\xa4k\x012>\xa1\x9c\x86x\x1c\x9f\x84\x195\xde\x97_\t~\xf3Y\x12\"p^\xc1\x0f', 0x0) pipe2(&(0x7f00000001c0)={0xffffffffffffffff}, 0x80000) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000240)='TIPCv2\x00') sendmsg$TIPC_NL_PUBL_GET(r1, &(0x7f00000004c0)={&(0x7f0000000200), 0xc, &(0x7f0000000400)={&(0x7f0000000700)=ANY=[@ANYBLOB="f800b900ee6059aa5bf14ff6a69df6cf78598587885cc2979be4d33804ce45cf25a023e9d85b90b16d1c4f676e9d8d20b58f8357894ddc76b8621dbea8fcf60e000000000000beb107743e7f8356bb1b4c0de66bec6f53d13682abef3e61e52e81ef49b7430113f3811d3f04cf033549732f89d78a64aad3db174f0fa25aae831eb197865d", @ANYRES16=r2, @ANYBLOB], 0x3}, 0x1, 0x0, 0x0, 0x40000}, 0x20004010) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='Cpuacct.stE\xae\x00', 0x275a, 0x0) r3 = creat(&(0x7f0000000080)='./bus\x00', 0x0) fallocate(r3, 0x0, 0x0, 0x1) read$eventfd(r3, &(0x7f00000003c0), 0x8) fallocate(r0, 0xe, 0x6, 0xffffffffffff5a11) r4 = creat(&(0x7f0000000280)='./bus\x00', 0x80) r5 = socket$inet6(0xa, 0x400000000001, 0x0) r6 = fcntl$getown(r4, 0x9) capget(&(0x7f00000000c0)={0x20080522, r6}, &(0x7f0000000140)={0x1, 0x8000, 0x81, 0x40, 0xfffffffff0520d4f, 0x5}) r7 = dup(r5) ioctl$FICLONE(0xffffffffffffffff, 0x40049409, r5) setsockopt$inet6_tcp_int(r7, 0x6, 0x12, &(0x7f0000000000)=0x7f, 0x4) bind$inet6(r5, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r5, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$SO_BINDTODEVICE(r5, 0x1, 0x19, &(0x7f0000000180)='syz_tun\x00', 0x10) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x400}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r8 = open(&(0x7f0000000440)='./bus\x00', 0x141042, 0x0) ftruncate(r4, 0x800fe) sendfile(r7, r8, 0x0, 0x8000fffffffe) [ 575.350996] protocol 88fb is buggy, dev hsr_slave_0 [ 575.356851] protocol 88fb is buggy, dev hsr_slave_1 [ 575.590177] protocol 88fb is buggy, dev hsr_slave_0 [ 575.595332] protocol 88fb is buggy, dev hsr_slave_1 03:36:57 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x822102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg$netlink(0xffffffffffffffff, &(0x7f0000001dc0)={0x0, 0x0, &(0x7f00000000c0)=[{0x0, 0xfffffffffffffce2}, {0x0, 0x15e}, {0x0, 0x2c3}, {&(0x7f0000000000)=ANY=[@ANYBLOB="b803010000000020000000000000000000"], 0x9c}], 0x4}, 0x0) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x4) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, 0x0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 03:36:57 executing program 3 (fault-call:6 fault-nth:15): mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000200)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000003c0)='./file0\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffe000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) 03:36:57 executing program 1: 03:36:57 executing program 0: 03:36:57 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000080)={0x0}, &(0x7f0000000140)=0xc) r2 = add_key$user(&(0x7f0000000200)='user\x00', &(0x7f0000000240)={'syz', 0x3}, &(0x7f00000003c0)="6a26b04f1a8832ebbb465953c3fbfdfb8421981bd628aee080fa7affd78cb3a3778204d2885362e553a4aeecb948f4c5e2153e34c6b00482a8a6e070396cfa2bc872f029bb36e38b1607a7abced63f43424619d043bd00f0b912f02a8453d65e9ed3bce4bac065f1b9a73a1deab7dc17f9e107e5916740d11c2145fe224e85c24dc489e6f054a7a819eb4de6043d856de47fc7bfbb7a38b28d042a19b9dd494befb5e0f88c27d744b12e37caea0e58aa670f69771474f75272ee458654a92c58eb31a8826cfb41bd6261dc5fa98ff429b5ec5bc56f72384531c83faf1f994a926449abeb107ef44b4e99767277", 0xed, 0xffffffffffffffff) keyctl$get_security(0x11, r2, &(0x7f0000000280)=""/27, 0x1b) ptrace$peek(0x1, r1, &(0x7f0000000180)) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca50d5e0bcfe47bf070") mkdir(&(0x7f00000001c0)='./file0\x00', 0x0) r3 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000580)='/dev/vsock\x00', 0x20180, 0x0) bind$netlink(r3, &(0x7f00000005c0)={0x10, 0x0, 0x25dfdbfc, 0x10000}, 0xc) mkdir(&(0x7f0000000040)='./file1\x00', 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r0, 0x40082404, &(0x7f0000000600)=0x5) r4 = dup(r0) getsockname$unix(r4, &(0x7f00000004c0), &(0x7f0000000540)=0x6e) r5 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/dlm-monitor\x00', 0x40, 0x0) ioctl$sock_bt_cmtp_CMTPGETCONNLIST(r5, 0x800443d2, &(0x7f0000000380)={0x4, &(0x7f0000000300)=[{}, {}, {}, {}]}) mount$overlay(0x40000a, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='overlay\x00', 0x0, &(0x7f0000000700)=ANY=[@ANYBLOB="7570707765726469723d2e2f668c6c65302c776e726b64697d3d2e2f66696c65315cf87e1ab579c06d00b9845b599eeaf0336cbcb5fd223d3814af923fc60080c2b04729dcac46ef31706f5f259ae71c57b8a387de3c2f84760f7ca0279ffc59ebbb2c565b2e8ca7f256d89a67a07d6da159c72d002e97a45857d8447cc41bcac8c95b5de4f93345d1a8aeb6a0318dd67c2aab12"]) ioctl$KVM_IRQ_LINE_STATUS(r5, 0xc008ae67, &(0x7f0000000100)={0x3, 0x3}) 03:36:57 executing program 5: syz_open_dev$sndtimer(&(0x7f0000000100)='/dev/snd/timer\x00', 0x0, 0xc2) r0 = memfd_create(&(0x7f0000000040)='\x00\xac=\x9d\xd2\xdb\xe6\xbf\xb4\b\xedcJ\x8e\x84\xd4N\x12\x9b\x1f\t\xbd\x11+\x86T\x16\xa3\xb3\xae0\x9f9?\xefo\xa4k\x012>\xa1\x9c\x86x\x1c\x9f\x84\x195\xde\x97_\t~\xf3Y\x12\"p^\xc1\x0f', 0x0) pipe2(&(0x7f00000001c0)={0xffffffffffffffff}, 0x80000) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000240)='TIPCv2\x00') sendmsg$TIPC_NL_PUBL_GET(r1, &(0x7f00000004c0)={&(0x7f0000000200), 0xc, &(0x7f0000000400)={&(0x7f0000000700)=ANY=[@ANYBLOB="f800b900ee6059aa5bf14ff6a69df6cf78598587885cc2979be4d33804ce45cf25a023e9d85b90b16d1c4f676e9d8d20b58f8357894ddc76b8621dbea8fcf60e000000000000beb107743e7f8356bb1b4c0de66bec6f53d13682abef3e61e52e81ef49b7430113f3811d3f04cf033549732f89d78a64aad3db174f0fa25aae831eb197865d", @ANYRES16=r2, @ANYBLOB="00012abd7000fedbdf25070000002400020008000100a400000008000100800000000800010000000000080001000600000068000100080003000000000008000300ff000000380004001400010002004e20e00000020000000000000000200002000a00000000000005ff010000000000000000000000000001060000000c00020008000300f7e50000100001007564703a73797a310000000014000900080001000200000008"], 0x3}, 0x1, 0x0, 0x0, 0x40000}, 0x20004010) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='Cpuacct.stE\xae\x00', 0x275a, 0x0) r3 = creat(&(0x7f0000000080)='./bus\x00', 0x0) fallocate(r3, 0x0, 0x0, 0x1) read$eventfd(r3, &(0x7f00000003c0), 0x8) fallocate(r0, 0xe, 0x6, 0xffffffffffff5a11) r4 = creat(&(0x7f0000000280)='./bus\x00', 0x80) r5 = socket$inet6(0xa, 0x400000000001, 0x0) r6 = fcntl$getown(r4, 0x9) capget(&(0x7f00000000c0)={0x20080522, r6}, &(0x7f0000000140)={0x1, 0x8000, 0x81, 0x40, 0xfffffffff0520d4f, 0x5}) r7 = dup(r5) ioctl$FICLONE(0xffffffffffffffff, 0x40049409, r5) setsockopt$inet6_tcp_int(r7, 0x6, 0x12, &(0x7f0000000000)=0x7f, 0x4) bind$inet6(r5, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r5, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$SO_BINDTODEVICE(r5, 0x1, 0x19, &(0x7f0000000180)='syz_tun\x00', 0x10) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x400}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r8 = open(&(0x7f0000000440)='./bus\x00', 0x141042, 0x0) ftruncate(r4, 0x800fe) sendfile(r7, r8, 0x0, 0x8000fffffffe) 03:36:57 executing program 0: 03:36:57 executing program 1: [ 578.099593] FAULT_INJECTION: forcing a failure. [ 578.099593] name failslab, interval 1, probability 0, space 0, times 0 [ 578.116462] overlayfs: unrecognized mount option "uppwerdir=./fle0" or missing value [ 578.128338] CPU: 0 PID: 22277 Comm: syz-executor.3 Not tainted 4.14.138 #34 [ 578.135478] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 578.144836] Call Trace: [ 578.147443] dump_stack+0x138/0x19c [ 578.151080] should_fail.cold+0x10f/0x159 [ 578.155237] should_failslab+0xdb/0x130 [ 578.159219] kmem_cache_alloc+0x2d7/0x780 [ 578.163375] ? _raw_spin_unlock+0x2d/0x50 [ 578.167528] ? __khugepaged_enter+0x26c/0x340 [ 578.172034] copy_process.part.0+0x444f/0x6a00 [ 578.176645] ? __cleanup_sighand+0x50/0x50 [ 578.180883] ? lock_downgrade+0x6e0/0x6e0 [ 578.185042] _do_fork+0x19e/0xce0 [ 578.188498] ? fork_idle+0x280/0x280 [ 578.192218] ? fput+0xd4/0x150 [ 578.195425] ? SyS_write+0x15e/0x230 03:36:57 executing program 0: [ 578.199152] SyS_clone+0x37/0x50 [ 578.202518] ? sys_vfork+0x30/0x30 [ 578.206060] do_syscall_64+0x1e8/0x640 [ 578.209946] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 578.214799] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 578.219988] RIP: 0033:0x459829 [ 578.223172] RSP: 002b:00007f74f3dd6c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 578.230934] RAX: ffffffffffffffda RBX: 00007f74f3dd6c90 RCX: 0000000000459829 [ 578.238203] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 03:36:57 executing program 5: syz_open_dev$sndtimer(&(0x7f0000000100)='/dev/snd/timer\x00', 0x0, 0xc2) r0 = memfd_create(&(0x7f0000000040)='\x00\xac=\x9d\xd2\xdb\xe6\xbf\xb4\b\xedcJ\x8e\x84\xd4N\x12\x9b\x1f\t\xbd\x11+\x86T\x16\xa3\xb3\xae0\x9f9?\xefo\xa4k\x012>\xa1\x9c\x86x\x1c\x9f\x84\x195\xde\x97_\t~\xf3Y\x12\"p^\xc1\x0f', 0x0) pipe2(&(0x7f00000001c0)={0xffffffffffffffff}, 0x80000) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000240)='TIPCv2\x00') sendmsg$TIPC_NL_PUBL_GET(r1, &(0x7f00000004c0)={&(0x7f0000000200), 0xc, &(0x7f0000000400)={&(0x7f0000000700)=ANY=[@ANYBLOB="f800b900ee6059aa5bf14ff6a69df6cf78598587885cc2979be4d33804ce45cf25a023e9d85b90b16d1c4f676e9d8d20b58f8357894ddc76b8621dbea8fcf60e000000000000beb107743e7f8356bb1b4c0de66bec6f53d13682abef3e61e52e81ef49b7430113f3811d3f04cf033549732f89d78a64aad3db174f0fa25aae831eb197865d", @ANYRES16=r2, @ANYBLOB="00012abd7000fedbdf25070000002400020008000100a400000008000100800000000800010000000000080001000600000068000100080003000000000008000300ff000000380004001400010002004e20e00000020000000000000000200002000a00000000000005ff010000000000000000000000000001060000000c00020008000300f7e50000100001007564703a73797a310000000014000900080001000200000008"], 0x3}, 0x1, 0x0, 0x0, 0x40000}, 0x20004010) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='Cpuacct.stE\xae\x00', 0x275a, 0x0) r3 = creat(&(0x7f0000000080)='./bus\x00', 0x0) fallocate(r3, 0x0, 0x0, 0x1) read$eventfd(r3, &(0x7f00000003c0), 0x8) fallocate(r0, 0xe, 0x6, 0xffffffffffff5a11) r4 = creat(&(0x7f0000000280)='./bus\x00', 0x80) r5 = socket$inet6(0xa, 0x400000000001, 0x0) r6 = fcntl$getown(r4, 0x9) capget(&(0x7f00000000c0)={0x20080522, r6}, &(0x7f0000000140)={0x1, 0x8000, 0x81, 0x40, 0xfffffffff0520d4f, 0x5}) r7 = dup(r5) ioctl$FICLONE(0xffffffffffffffff, 0x40049409, r5) setsockopt$inet6_tcp_int(r7, 0x6, 0x12, &(0x7f0000000000)=0x7f, 0x4) bind$inet6(r5, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r5, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$SO_BINDTODEVICE(r5, 0x1, 0x19, &(0x7f0000000180)='syz_tun\x00', 0x10) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x400}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r8 = open(&(0x7f0000000440)='./bus\x00', 0x141042, 0x0) ftruncate(r4, 0x800fe) sendfile(r7, r8, 0x0, 0x8000fffffffe) 03:36:57 executing program 0: 03:36:57 executing program 1: [ 578.245474] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 578.252776] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f74f3dd76d4 [ 578.260075] R13: 00000000004bfce6 R14: 00000000004d1a38 R15: 0000000000000004 [ 578.281355] overlayfs: unrecognized mount option "uppwerdir=./fle0" or missing value [ 578.393295] x86/PAT: syz-executor.3:22277 freeing invalid memtype [mem 0x00002000-0x00002fff] [ 579.110134] net_ratelimit: 18 callbacks suppressed [ 579.110138] protocol 88fb is buggy, dev hsr_slave_0 [ 579.120279] protocol 88fb is buggy, dev hsr_slave_1 [ 579.510130] protocol 88fb is buggy, dev hsr_slave_0 [ 579.515446] protocol 88fb is buggy, dev hsr_slave_1 [ 579.750133] protocol 88fb is buggy, dev hsr_slave_0 [ 579.755257] protocol 88fb is buggy, dev hsr_slave_1 [ 579.760416] protocol 88fb is buggy, dev hsr_slave_0 [ 579.765464] protocol 88fb is buggy, dev hsr_slave_1 [ 580.230166] protocol 88fb is buggy, dev hsr_slave_0 [ 580.235275] protocol 88fb is buggy, dev hsr_slave_1 03:37:00 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x822102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg$netlink(0xffffffffffffffff, &(0x7f0000001dc0)={0x0, 0x0, &(0x7f00000000c0)=[{0x0, 0xfffffffffffffce2}, {0x0, 0x15e}, {0x0, 0x2c3}, {&(0x7f0000000000)=ANY=[@ANYBLOB="b803010000000020000000000000000000"], 0x9c}], 0x4}, 0x0) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x4) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, 0x0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 03:37:00 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca50d5e0bcfe47bf070") mkdir(&(0x7f00000001c0)='./file0\x00', 0x0) close(r0) ioctl$EXT4_IOC_GROUP_ADD(r0, 0x40286608, &(0x7f0000000080)={0x3612, 0x1, 0x7, 0x1, 0x69, 0xde}) mkdir(&(0x7f0000000040)='./file1\x00', 0x0) mount$overlay(0x40000a, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='overlay\x00', 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="3c010000000000003d2e2f66696c65302c6c6f77657264d3f52f01f9e4ec7e951fd065cccc5769723d2e2f66696c65302c776f726b6469723d2e2f66696c65315c00cbd6ac93813953c2abcb3147ba42c3f52d6790b948e089b969fc5a11fb1917368ba16e4e6696de2c"]) 03:37:00 executing program 1: r0 = socket$inet(0x2b, 0x801, 0x0) connect$inet(r0, &(0x7f0000000140)={0x2, 0x0, @remote}, 0x10) setsockopt$IP_VS_SO_SET_STOPDAEMON(r0, 0x0, 0x48c, &(0x7f0000000000)={0x0, 'rose0\x00'}, 0x18) 03:37:00 executing program 0: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket(0x40000000002, 0x3, 0x2) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000012c0)='syz_tun\x00', 0x10) sendto$unix(r0, 0x0, 0x0, 0x0, &(0x7f0000000d00)=@abs={0x0, 0x0, 0x10000e0}, 0x6e) setsockopt$inet_int(r0, 0x0, 0xd, &(0x7f0000000140)=0x5, 0x4) recvmmsg(r0, &(0x7f0000000240)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffec8}}], 0x4000000000002c5, 0x2, 0x0) 03:37:00 executing program 3 (fault-call:6 fault-nth:16): mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000200)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000003c0)='./file0\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffe000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) 03:37:00 executing program 5: syz_open_dev$sndtimer(&(0x7f0000000100)='/dev/snd/timer\x00', 0x0, 0xc2) r0 = memfd_create(&(0x7f0000000040)='\x00\xac=\x9d\xd2\xdb\xe6\xbf\xb4\b\xedcJ\x8e\x84\xd4N\x12\x9b\x1f\t\xbd\x11+\x86T\x16\xa3\xb3\xae0\x9f9?\xefo\xa4k\x012>\xa1\x9c\x86x\x1c\x9f\x84\x195\xde\x97_\t~\xf3Y\x12\"p^\xc1\x0f', 0x0) pipe2(&(0x7f00000001c0)={0xffffffffffffffff}, 0x80000) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000240)='TIPCv2\x00') sendmsg$TIPC_NL_PUBL_GET(r1, &(0x7f00000004c0)={&(0x7f0000000200), 0xc, &(0x7f0000000400)={&(0x7f0000000700)=ANY=[@ANYBLOB="f800b900ee6059aa5bf14ff6a69df6cf78598587885cc2979be4d33804ce45cf25a023e9d85b90b16d1c4f676e9d8d20b58f8357894ddc76b8621dbea8fcf60e000000000000beb107743e7f8356bb1b4c0de66bec6f53d13682abef3e61e52e81ef49b7430113f3811d3f04cf033549732f89d78a64aad3db174f0fa25aae831eb197865d", @ANYRES16=r2, @ANYBLOB="00012abd7000fedbdf25070000002400020008000100a400000008000100800000000800010000000000080001000600000068000100080003000000000008000300ff000000380004001400010002004e20e00000020000000000000000200002000a00000000000005ff010000000000000000000000000001060000000c00020008000300f7e50000100001007564703a73797a310000000014000900080001000200000008"], 0x3}, 0x1, 0x0, 0x0, 0x40000}, 0x20004010) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='Cpuacct.stE\xae\x00', 0x275a, 0x0) r3 = creat(&(0x7f0000000080)='./bus\x00', 0x0) fallocate(r3, 0x0, 0x0, 0x1) read$eventfd(r3, &(0x7f00000003c0), 0x8) fallocate(r0, 0xe, 0x6, 0xffffffffffff5a11) r4 = creat(&(0x7f0000000280)='./bus\x00', 0x80) r5 = socket$inet6(0xa, 0x400000000001, 0x0) r6 = fcntl$getown(r4, 0x9) capget(&(0x7f00000000c0)={0x20080522, r6}, &(0x7f0000000140)={0x1, 0x8000, 0x81, 0x40, 0xfffffffff0520d4f, 0x5}) r7 = dup(r5) ioctl$FICLONE(0xffffffffffffffff, 0x40049409, r5) setsockopt$inet6_tcp_int(r7, 0x6, 0x12, &(0x7f0000000000)=0x7f, 0x4) bind$inet6(r5, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r5, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$SO_BINDTODEVICE(r5, 0x1, 0x19, &(0x7f0000000180)='syz_tun\x00', 0x10) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x400}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r8 = open(&(0x7f0000000440)='./bus\x00', 0x141042, 0x0) ftruncate(r4, 0x800fe) sendfile(r7, r8, 0x0, 0x8000fffffffe) 03:37:00 executing program 1: r0 = openat$vimc0(0xffffffffffffff9c, &(0x7f0000000000)='/dev/video0\x00', 0x2, 0x0) ioctl$VIDIOC_QUERYBUF(r0, 0xc0585609, &(0x7f00000000c0)={0x0, 0x9, 0x4, 0x0, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "0ecbdcc6"}, 0x0, 0x0, @userptr, 0x4}) 03:37:00 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca50d5e0bcfe47bf070") mkdir(&(0x7f00000001c0)='./file0\x00', 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x100000014) mount$overlay(0x40000a, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='overlay\x00', 0x0, &(0x7f0000000100)={[{@upperdir={'upperdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './file1'}, 0x5c}], [], 0xf603000000000000}) 03:37:00 executing program 0: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x4, 0xe, &(0x7f0000000580)=ANY=[@ANYBLOB="b70200003c5a86abbfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff6d6405000000000065040400010000000404000001000000b7050000000000006a0a80fe000000008500000053000000b70000000000000095000000000000004e6201363034fdb117168bd07ba08af33957a1ee35fe2aa84452569957c1002ed7d4d8e17f791f4798c8eb484de03352bdffe6cb952d6406fb393d205a4898e3959a28cd18de6661ec34f6559bdbf50aa91faf85a769d32ecd226cfa0607ec380424727c033ecbab9939b3229cc3a96f3662a5872ce15a3feda8321abe60bf37f1ea9c121fb4499cbef312c9cf66e4a0bbc911adbda7d56e4acc6d0d9503ee6181ba6ed61af09982e17eb6df068e3febf7ff8300fa51c7a3f3041e27c2e5bd00000000000000000005ff07ff3358c47095d28577aea5a3f618c03a1de19ccbe16762a229565b1d679f20c88199"], &(0x7f0000000340)='syzkaller\x00'}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r0, 0x0, 0xe, 0x0, &(0x7f0000000080)="52d3814e7fffff3bad6c48ef054c", 0x0}, 0x28) [ 581.117400] overlayfs: unrecognized mount option "<" or missing value [ 581.126042] FAULT_INJECTION: forcing a failure. [ 581.126042] name failslab, interval 1, probability 0, space 0, times 0 [ 581.131069] overlayfs: unrecognized mount option "<" or missing value [ 581.184081] overlayfs: failed to resolve './file1': -2 [ 581.193559] CPU: 1 PID: 22303 Comm: syz-executor.3 Not tainted 4.14.138 #34 [ 581.200828] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 581.208054] overlayfs: failed to resolve './file1': -2 [ 581.210205] Call Trace: [ 581.218136] dump_stack+0x138/0x19c [ 581.221749] should_fail.cold+0x10f/0x159 [ 581.225876] should_failslab+0xdb/0x130 [ 581.229903] kmem_cache_alloc+0x2d7/0x780 [ 581.234064] copy_process.part.0+0x444f/0x6a00 [ 581.238705] ? __cleanup_sighand+0x50/0x50 [ 581.242995] ? lock_downgrade+0x6e0/0x6e0 [ 581.247201] _do_fork+0x19e/0xce0 [ 581.250652] ? fork_idle+0x280/0x280 [ 581.250663] ? fput+0xd4/0x150 [ 581.250670] ? SyS_write+0x15e/0x230 [ 581.250678] SyS_clone+0x37/0x50 [ 581.250683] ? sys_vfork+0x30/0x30 [ 581.250696] do_syscall_64+0x1e8/0x640 [ 581.272209] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 581.277090] entry_SYSCALL_64_after_hwframe+0x42/0xb7 03:37:00 executing program 5: syz_open_dev$sndtimer(&(0x7f0000000100)='/dev/snd/timer\x00', 0x0, 0xc2) r0 = memfd_create(&(0x7f0000000040)='\x00\xac=\x9d\xd2\xdb\xe6\xbf\xb4\b\xedcJ\x8e\x84\xd4N\x12\x9b\x1f\t\xbd\x11+\x86T\x16\xa3\xb3\xae0\x9f9?\xefo\xa4k\x012>\xa1\x9c\x86x\x1c\x9f\x84\x195\xde\x97_\t~\xf3Y\x12\"p^\xc1\x0f', 0x0) pipe2(&(0x7f00000001c0)={0xffffffffffffffff}, 0x80000) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000240)='TIPCv2\x00') sendmsg$TIPC_NL_PUBL_GET(r1, &(0x7f00000004c0)={&(0x7f0000000200), 0xc, &(0x7f0000000400)={&(0x7f0000000700)=ANY=[@ANYBLOB="f800b900ee6059aa5bf14ff6a69df6cf78598587885cc2979be4d33804ce45cf25a023e9d85b90b16d1c4f676e9d8d20b58f8357894ddc76b8621dbea8fcf60e000000000000beb107743e7f8356bb1b4c0de66bec6f53d13682abef3e61e52e81ef49b7430113f3811d3f04cf033549732f89d78a64aad3db174f0fa25aae831eb197865d", @ANYRES16=r2, @ANYBLOB="00012abd7000fedbdf25070000002400020008000100a400000008000100800000000800010000000000080001000600000068000100080003000000000008000300ff000000380004001400010002004e20e00000020000000000000000200002000a00000000000005ff010000000000000000000000000001060000000c00020008000300f7e50000100001007564703a73797a3100000000140009000800010002000000080002005f03000020000200080002003200000004000400080001000500000008000100fdffffff24000900080001000400000008000200348bffff08000100020000000800010000000100d38e0166af14aef0fe"], 0x3}, 0x1, 0x0, 0x0, 0x40000}, 0x20004010) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='Cpuacct.stE\xae\x00', 0x275a, 0x0) r3 = creat(&(0x7f0000000080)='./bus\x00', 0x0) fallocate(r3, 0x0, 0x0, 0x1) read$eventfd(r3, &(0x7f00000003c0), 0x8) fallocate(r0, 0xe, 0x6, 0xffffffffffff5a11) r4 = creat(&(0x7f0000000280)='./bus\x00', 0x80) r5 = socket$inet6(0xa, 0x400000000001, 0x0) r6 = fcntl$getown(r4, 0x9) capget(&(0x7f00000000c0)={0x20080522, r6}, &(0x7f0000000140)={0x1, 0x8000, 0x81, 0x40, 0xfffffffff0520d4f, 0x5}) r7 = dup(r5) ioctl$FICLONE(0xffffffffffffffff, 0x40049409, r5) setsockopt$inet6_tcp_int(r7, 0x6, 0x12, &(0x7f0000000000)=0x7f, 0x4) bind$inet6(r5, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r5, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$SO_BINDTODEVICE(r5, 0x1, 0x19, &(0x7f0000000180)='syz_tun\x00', 0x10) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x400}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r8 = open(&(0x7f0000000440)='./bus\x00', 0x141042, 0x0) ftruncate(r4, 0x800fe) sendfile(r7, r8, 0x0, 0x8000fffffffe) [ 581.282274] RIP: 0033:0x459829 [ 581.285568] RSP: 002b:00007f74f3dd6c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 581.293270] RAX: ffffffffffffffda RBX: 00007f74f3dd6c90 RCX: 0000000000459829 [ 581.300527] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 581.307785] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 581.315085] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f74f3dd76d4 [ 581.322350] R13: 00000000004bfce6 R14: 00000000004d1a38 R15: 0000000000000004 03:37:00 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca50d5e0bcfe47bf070") r1 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000140)='/dev/ubi_ctrl\x00', 0x98240, 0x0) ioctl$KVM_CHECK_EXTENSION(r1, 0xae03, 0x8) mkdir(&(0x7f00000001c0)='./file0\x00', 0x0) mkdir(&(0x7f0000000040)='./file1\x00', 0x0) mount$overlay(0x40000a, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='overlay\x00', 0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="75707065726469723d2e2f66696c65302c6c6f7765726469723d2e2f66696c65302c776f726b6469723d2e2f198d1662f09d9d65fb30264b121f66696c65315c002a08dc71547d7c1169401b618158f42415bb441414046c1c113cd69f03373e537c56fda071dcce85779ed77d91c05e8fae2c58651a2e58e2dd64de506104d3be53f4e157fae226f24adb2902d3f158705caeb0f95b7d174453a5aed7f720dd5b6f7d58a06bcc10e63999b5f24ecd3ac4945c7fe7fa5e107d94c565b72a2bad35c3a675961bbf04195b65683fba83f3cf6d2081c8e81713bd3fa6921f6b093fb6174c64571a739f15cbff779e616f5992d279e2fb0c74902f8ddf6057610000000000c49a4a5aff96104222f1699cd5a97426884c4e4f941c60abd680387fad11252ad0d376c32a93b4a5de1da7261b18ed6315632dc123c476ba1f43e4588177f9113642a530c1ce166604b80003c47faa32bd8e09ed001f832a9649b01dbeb6371f0ce85560dea5fb5e4f4dd51227398120d7821c59ab8cc010d91b5252a5896bacef44c424e92ab55dd0bd179696227855b22dc5c521edec0c475c53797a10b1fbd5d270a4da17d29ce5e2872df56c96c62ce134a71df8da7bfd6f66165da0cf4760fb2f296eb3609c0ad2e715bf29fb46a1449975cef9e596933277fcda52eda9311ffc8b18277b503cbac0"]) 03:37:00 executing program 1: clone(0x41be, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = getpid() rt_tgsigqueueinfo(r1, r1, 0x16, &(0x7f0000000140)) ptrace(0x10, r1) ptrace(0x7, r1) [ 581.335245] x86/PAT: syz-executor.3:22303 freeing invalid memtype [mem 0x00002000-0x00002fff] [ 581.365904] overlayfs: failed to resolve './be0&Kfile1': -2 [ 581.379487] overlayfs: failed to resolve './be0&Kfile1': -2 03:37:03 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x822102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg$netlink(0xffffffffffffffff, &(0x7f0000001dc0)={0x0, 0x0, &(0x7f00000000c0)=[{0x0, 0xfffffffffffffce2}, {0x0, 0x15e}, {0x0, 0x2c3}, {&(0x7f0000000000)=ANY=[@ANYBLOB="b803010000000020000000000000000000"], 0x9c}], 0x4}, 0x0) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x4) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, 0x0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 03:37:03 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x822102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg$netlink(0xffffffffffffffff, &(0x7f0000001dc0)={0x0, 0x0, &(0x7f00000000c0)=[{0x0, 0xfffffffffffffce2}, {0x0, 0x15e}, {0x0, 0x2c3}, {&(0x7f0000000000)=ANY=[@ANYBLOB="b803010000000020000000000000000000"], 0x9c}], 0x4}, 0x0) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x4) ptrace$cont(0x18, 0x0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 03:37:03 executing program 5: syz_open_dev$sndtimer(&(0x7f0000000100)='/dev/snd/timer\x00', 0x0, 0xc2) r0 = memfd_create(&(0x7f0000000040)='\x00\xac=\x9d\xd2\xdb\xe6\xbf\xb4\b\xedcJ\x8e\x84\xd4N\x12\x9b\x1f\t\xbd\x11+\x86T\x16\xa3\xb3\xae0\x9f9?\xefo\xa4k\x012>\xa1\x9c\x86x\x1c\x9f\x84\x195\xde\x97_\t~\xf3Y\x12\"p^\xc1\x0f', 0x0) pipe2(&(0x7f00000001c0)={0xffffffffffffffff}, 0x80000) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000240)='TIPCv2\x00') sendmsg$TIPC_NL_PUBL_GET(r1, &(0x7f00000004c0)={&(0x7f0000000200), 0xc, &(0x7f0000000400)={&(0x7f0000000700)=ANY=[@ANYBLOB="f800b900ee6059aa5bf14ff6a69df6cf78598587885cc2979be4d33804ce45cf25a023e9d85b90b16d1c4f676e9d8d20b58f8357894ddc76b8621dbea8fcf60e000000000000beb107743e7f8356bb1b4c0de66bec6f53d13682abef3e61e52e81ef49b7430113f3811d3f04cf033549732f89d78a64aad3db174f0fa25aae831eb197865d", @ANYRES16=r2, @ANYBLOB="00012abd7000fedbdf25070000002400020008000100a400000008000100800000000800010000000000080001000600000068000100080003000000000008000300ff000000380004001400010002004e20e00000020000000000000000200002000a00000000000005ff010000000000000000000000000001060000000c00020008000300f7e50000100001007564703a73797a3100000000140009000800010002000000080002005f03000020000200080002003200000004000400080001000500000008000100fdffffff24000900080001000400000008000200348bffff08000100020000000800010000000100d38e0166af14aef0fe"], 0x3}, 0x1, 0x0, 0x0, 0x40000}, 0x20004010) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='Cpuacct.stE\xae\x00', 0x275a, 0x0) r3 = creat(&(0x7f0000000080)='./bus\x00', 0x0) fallocate(r3, 0x0, 0x0, 0x1) read$eventfd(r3, &(0x7f00000003c0), 0x8) fallocate(r0, 0xe, 0x6, 0xffffffffffff5a11) r4 = creat(&(0x7f0000000280)='./bus\x00', 0x80) r5 = socket$inet6(0xa, 0x400000000001, 0x0) r6 = fcntl$getown(r4, 0x9) capget(&(0x7f00000000c0)={0x20080522, r6}, &(0x7f0000000140)={0x1, 0x8000, 0x81, 0x40, 0xfffffffff0520d4f, 0x5}) r7 = dup(r5) ioctl$FICLONE(0xffffffffffffffff, 0x40049409, r5) setsockopt$inet6_tcp_int(r7, 0x6, 0x12, &(0x7f0000000000)=0x7f, 0x4) bind$inet6(r5, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r5, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$SO_BINDTODEVICE(r5, 0x1, 0x19, &(0x7f0000000180)='syz_tun\x00', 0x10) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x400}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r8 = open(&(0x7f0000000440)='./bus\x00', 0x141042, 0x0) ftruncate(r4, 0x800fe) sendfile(r7, r8, 0x0, 0x8000fffffffe) 03:37:03 executing program 3 (fault-call:6 fault-nth:17): mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000200)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000003c0)='./file0\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffe000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) 03:37:03 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x3, &(0x7f0000000940)="11dca50d5e0bcfe47bf070") mkdir(&(0x7f00000001c0)='./file0\x00', 0x0) mkdir(&(0x7f0000000040)='./file1\x00', 0x0) getresgid(&(0x7f00000007c0), &(0x7f0000000800)=0x0, &(0x7f0000000840)) syz_mount_image$msdos(&(0x7f0000000080)='msdos\x00', &(0x7f0000000140)='./file1\x00', 0x9, 0x8, &(0x7f0000000700)=[{&(0x7f0000000200)="302b636285e356c27e9c5b00121885c651612bb4658c78deee998dff9de9ec5c740d0d1904fe310d97b99d70180c5600fa892eed9b24396e641c9a172d2fbe8623b09c1964ac7781d25d66b1c56113ffa891c499c46ecd7f0bd5d2081f6f6ab885519156cef1b8d768edbeb6c96ce02e9994e41cbd819b619e2e66fcb3456d7eed1f52fba548b40c674890f638636a3ef685b3b543d4b114e32f56733219bddf5153d58d3c8ab44ceab97628da1e422c0fabac816b2f53b5b25f8740beb2347745ebb52e0b3d24124915afe27131a169f365369d9f2bfa1658", 0xd9, 0x3000}, {&(0x7f0000000300)="b6248ac13a5e6cce2cecde6fa86cc718577f7267bc605975aba4182ff3c3b79ccd548c54a0fe263a225c57802971f691d639e2be6203d3a3c62bd388dbaf5906060ad10db393f6dcfca362cbaa1021ebc72d5ce957b38591cbd4b2bd3d18cf11ef32a59c28feed0f4e57a5361dbea6a6db326215ca3637097c739a1ac1", 0x7d, 0x737f}, {&(0x7f0000000380)="f6a98b3bc8154446616b7221445d60d399aefb8d91ca594ff1b5d9d417318317841929790a8f6bd92b9a58f8c22f95b52fa0a833383caf9b60cb88e0ba949c1025c309f9469e14f871cd67b88824b2011717f8227f3d5c391a60e2083a259cc71eb03b05537910babaae13a2d1568a46f001d01b62c0657e7e5e19f067b4d7b0c56b3ce54bbdb16d354d09698b", 0x8d}, {&(0x7f0000000440)="d8c1f9dd7b481c10ccb79080c0bec3c47466da8339b2e6cc24d3b2fc38c3cd34942f5131975505e928b8ffd248861c77646ba545447e46d4fc69808f15bd74d8738edf947912cf16d6eb49640fb06c75dec9a301acda37cf19eefbc01a813181104dea09086015b8d748d292098e8b1fe01252d05755a05f776f8d468d939377983d22525f6669a42fdc16fd43b1ba528d8c53883d8dda13427c4d1e2eb249e7ff2d4007f29046d079958cfc66f402bb33e1ce73342439555fc5696e19443273b1cbefa54f40bf1f8ff011", 0xcb}, {&(0x7f0000000180)="d14156d7e17d69d85403c3d1f6a984409863b65ff7c8af399f", 0x19, 0x401}, {&(0x7f0000000540)="34c133ca054be42e23f885f9c59c1187fa71d8bdb5762b84d4", 0x19}, {&(0x7f0000000580)="5fe6776fc57e1718c17f70f83cb95290b145ef0ade6ee961dfaaf46e9e879587cf37800000800b556aa9e6ef93fee85c69ce3f80336937ad7bf32d1c443aa63713eb798b762f60f50828df603995667155382ed8ce40291e1d71025bf306dec043eb1e78bcabec99bedd1767cf3a1858db296253f36e4b8ae9f05e3e88b928ea80bb4fc157b46de2d1f66ff86a5d9d43bbe32a0211308c9c75d4e966a6a5d31b3954a51106b0", 0xa6, 0x4}, {&(0x7f0000000640)="d884be871bbeba4a17535f18a47ffa89f6115010c162047cefc4aa1fb46d15a2aa68c3f72facf9aeedf0d91cec4b0039ef1ac4fe0e57b9f744eecebbe45c9e7709f4a6e4bca2ed5ea15c0af12cf2cb98d9958254622960e16877429bcd8ed5f05422870742efb195624535c8fc85c4714d740c3ec5e7c16069b4d963afc5572f040613e6e828e8b5d730d1c1a78f31ac456c1eaa7238cbf24015c8e4ecbe05de3e18217f30fc454307b021b3", 0xac, 0x5}], 0xa00000, &(0x7f0000000880)={[{@fat=@quiet='quiet'}, {@nodots='nodots'}, {@dots='dots'}, {@nodots='nodots'}, {@dots='dots'}, {@nodots='nodots'}, {@fat=@gid={'gid', 0x3d, r1}}, {@dots='dots'}, {@dots='dots'}, {@dots='dots'}]}) mount$overlay(0x40000a, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='overlay\x00', 0x0, &(0x7f0000000100)={[{@upperdir={'upperdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './file1'}, 0x5c}], [], 0xf603000000000000}) 03:37:03 executing program 1: r0 = socket(0x10, 0x802, 0x0) write(r0, 0xffffffffffffffff, 0xffffffffffffff7a) 03:37:03 executing program 1: getresuid(&(0x7f0000000000)=0x0, &(0x7f0000000040), &(0x7f0000000080)) setresuid(r0, 0xfffe, 0x0) r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/self/net/pfkey\x00', 0x200, 0x0) ioctl$sock_bt_cmtp_CMTPGETCONNINFO(r1, 0x800443d3, &(0x7f0000000140)={{0x101, 0x7b2, 0x3, 0xfffffffffffffffd, 0x3, 0xe12}, 0x5, 0x5, 0x7}) ioctl$sock_bt_bnep_BNEPGETSUPPFEAT(r1, 0x800442d4, &(0x7f0000000100)=0x6) socket$inet_icmp_raw(0x2, 0x3, 0x1) ioctl$FS_IOC_GETFSMAP(r1, 0xc0c0583b, &(0x7f0000000180)={0x0, 0x0, 0x7, 0x0, [], [{0x0, 0x8, 0xeb2d, 0x3, 0x8, 0x81}, {0x4, 0x0, 0x5, 0xf4, 0x3f2, 0x6}], [[], [], [], [], [], [], []]}) 03:37:03 executing program 1: ioctl(0xffffffffffffffff, 0x0, &(0x7f0000000540)="6bd50c68061b1db09cbf0766d198e8b930dd31419fc75134c30ec296663b280d78bfa4ace58877b1c51f5bd5e854bbc99edda8d13bcdd56e0b41dcff69d8d5a53add931277") r0 = socket$nl_xfrm(0x10, 0x3, 0x6) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000000180)={{{@in6=@mcast1, @in6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@empty}, 0x0, @in6=@mcast1}}, &(0x7f00000000c0)=0xe8) sendmsg$nl_xfrm(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000000)=@getae={0x9c, 0x1f, 0x601, 0x70bd2c, 0x25dfdbfc, {{@in=@multicast2, 0x4d4, 0xa, 0xff}, @in6=@ipv4={[], [], @loopback}, 0x7b8bc73d, 0x3502}, [@coaddr={0x14, 0xe, @in6=@rand_addr="24b5c0123b8d28491bcfca19ce470217"}, @offload={0xc, 0x1c, {r1, 0x1}}, @replay_esn_val={0x3c, 0x17, {0x8, 0x70bd2a, 0x70bd26, 0x70bd25, 0x70bd29, 0x3, [0x4, 0x4000000000000000, 0x10000, 0x20, 0xba5, 0x8, 0xafa, 0xe77e]}}]}, 0x9c}}, 0x0) [ 584.146788] FAT-fs (loop2): invalid media value (0xf6) [ 584.152914] FAT-fs (loop2): Can't find a valid FAT filesystem [ 584.161249] FAULT_INJECTION: forcing a failure. [ 584.161249] name failslab, interval 1, probability 0, space 0, times 0 03:37:03 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca50d5e0bcfe47bf070") mkdir(&(0x7f0000000040)='./file1\x00', 0x0) mount$overlay(0x40000a, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='overlay\x00', 0x0, &(0x7f0000000100)={[{@upperdir={'upperdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './file1'}, 0x5c}], [], 0xf603000000000000}) r1 = syz_open_dev$audion(&(0x7f0000000080)='/dev/audio#\x00', 0x81, 0x80000) mknodat(r1, &(0x7f0000000140)='./file0\x00', 0x20, 0x9) ioctl$DRM_IOCTL_RM_MAP(r1, 0x4028641b, &(0x7f0000000180)={0x0, 0x7fffffff, 0x7, 0x18, &(0x7f0000ffb000/0x2000)=nil, 0x6}) [ 584.192901] overlayfs: filesystem on './file0' not supported as upperdir [ 584.214003] CPU: 0 PID: 22344 Comm: syz-executor.3 Not tainted 4.14.138 #34 [ 584.221164] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 584.230518] Call Trace: [ 584.233095] dump_stack+0x138/0x19c [ 584.236724] should_fail.cold+0x10f/0x159 [ 584.240957] should_failslab+0xdb/0x130 [ 584.244979] kmem_cache_alloc+0x47/0x780 [ 584.249040] ? __lock_is_held+0xb6/0x140 [ 584.253089] ? check_preemption_disabled+0x3c/0x250 [ 584.258086] anon_vma_clone+0xde/0x470 [ 584.261956] anon_vma_fork+0x87/0x4d0 [ 584.265745] copy_process.part.0+0x45e2/0x6a00 [ 584.270316] ? __cleanup_sighand+0x50/0x50 [ 584.274585] ? lock_downgrade+0x6e0/0x6e0 [ 584.278728] _do_fork+0x19e/0xce0 [ 584.282172] ? fork_idle+0x280/0x280 [ 584.285869] ? fput+0xd4/0x150 [ 584.289048] ? SyS_write+0x15e/0x230 [ 584.292754] SyS_clone+0x37/0x50 [ 584.296116] ? sys_vfork+0x30/0x30 [ 584.299687] do_syscall_64+0x1e8/0x640 [ 584.303568] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 584.308442] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 584.313681] RIP: 0033:0x459829 [ 584.316861] RSP: 002b:00007f74f3dd6c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 584.324557] RAX: ffffffffffffffda RBX: 00007f74f3dd6c90 RCX: 0000000000459829 [ 584.331811] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 584.339126] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 03:37:03 executing program 5: syz_open_dev$sndtimer(&(0x7f0000000100)='/dev/snd/timer\x00', 0x0, 0xc2) r0 = memfd_create(&(0x7f0000000040)='\x00\xac=\x9d\xd2\xdb\xe6\xbf\xb4\b\xedcJ\x8e\x84\xd4N\x12\x9b\x1f\t\xbd\x11+\x86T\x16\xa3\xb3\xae0\x9f9?\xefo\xa4k\x012>\xa1\x9c\x86x\x1c\x9f\x84\x195\xde\x97_\t~\xf3Y\x12\"p^\xc1\x0f', 0x0) pipe2(&(0x7f00000001c0)={0xffffffffffffffff}, 0x80000) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000240)='TIPCv2\x00') sendmsg$TIPC_NL_PUBL_GET(r1, &(0x7f00000004c0)={&(0x7f0000000200), 0xc, &(0x7f0000000400)={&(0x7f0000000700)=ANY=[@ANYBLOB="f800b900ee6059aa5bf14ff6a69df6cf78598587885cc2979be4d33804ce45cf25a023e9d85b90b16d1c4f676e9d8d20b58f8357894ddc76b8621dbea8fcf60e000000000000beb107743e7f8356bb1b4c0de66bec6f53d13682abef3e61e52e81ef49b7430113f3811d3f04cf033549732f89d78a64aad3db174f0fa25aae831eb197865d", @ANYRES16=r2, @ANYBLOB="00012abd7000fedbdf25070000002400020008000100a400000008000100800000000800010000000000080001000600000068000100080003000000000008000300ff000000380004001400010002004e20e00000020000000000000000200002000a00000000000005ff010000000000000000000000000001060000000c00020008000300f7e50000100001007564703a73797a3100000000140009000800010002000000080002005f03000020000200080002003200000004000400080001000500000008000100fdffffff24000900080001000400000008000200348bffff08000100020000000800010000000100d38e0166af14aef0fe"], 0x3}, 0x1, 0x0, 0x0, 0x40000}, 0x20004010) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='Cpuacct.stE\xae\x00', 0x275a, 0x0) r3 = creat(&(0x7f0000000080)='./bus\x00', 0x0) fallocate(r3, 0x0, 0x0, 0x1) read$eventfd(r3, &(0x7f00000003c0), 0x8) fallocate(r0, 0xe, 0x6, 0xffffffffffff5a11) r4 = creat(&(0x7f0000000280)='./bus\x00', 0x80) r5 = socket$inet6(0xa, 0x400000000001, 0x0) r6 = fcntl$getown(r4, 0x9) capget(&(0x7f00000000c0)={0x20080522, r6}, &(0x7f0000000140)={0x1, 0x8000, 0x81, 0x40, 0xfffffffff0520d4f, 0x5}) r7 = dup(r5) ioctl$FICLONE(0xffffffffffffffff, 0x40049409, r5) setsockopt$inet6_tcp_int(r7, 0x6, 0x12, &(0x7f0000000000)=0x7f, 0x4) bind$inet6(r5, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r5, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$SO_BINDTODEVICE(r5, 0x1, 0x19, &(0x7f0000000180)='syz_tun\x00', 0x10) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x400}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r8 = open(&(0x7f0000000440)='./bus\x00', 0x141042, 0x0) ftruncate(r4, 0x800fe) sendfile(r7, r8, 0x0, 0x8000fffffffe) 03:37:03 executing program 1: ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, 0x0) sched_getaffinity(0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r0, &(0x7f0000ef8cfd)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) listen(r0, 0x8) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$bt_hci(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) r2 = syz_open_dev$vcsn(&(0x7f00000000c0)='/dev/vcs#\x00', 0x0, 0x0) getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r1, 0x84, 0x22, &(0x7f0000000000)={0x3ff, 0x1, 0x7f, 0x0, 0x0}, &(0x7f0000000040)=0x10) getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r2, 0x84, 0x7c, &(0x7f0000000080)={r3, 0x4, 0x100000000}, &(0x7f0000000100)=0x8) read$eventfd(r2, 0x0, 0x0) syz_open_dev$dmmidi(0x0, 0x62, 0x8000) r4 = accept4(r0, 0x0, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000300)={'rose0\x00'}) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r1, 0x84, 0x6b, &(0x7f000055bfe4)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c) pipe(&(0x7f0000000480)) getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, 0x0, 0x0) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r4, 0x84, 0x9, &(0x7f0000000340)={0x0, @in={{0x2, 0x3000000, @empty}}, 0x0, 0x0, 0x0, 0x0, 0x1000000000054}, 0x98) [ 584.346421] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f74f3dd76d4 [ 584.353673] R13: 00000000004bfce6 R14: 00000000004d1a38 R15: 0000000000000004 03:37:03 executing program 5: syz_open_dev$sndtimer(&(0x7f0000000100)='/dev/snd/timer\x00', 0x0, 0xc2) r0 = memfd_create(&(0x7f0000000040)='\x00\xac=\x9d\xd2\xdb\xe6\xbf\xb4\b\xedcJ\x8e\x84\xd4N\x12\x9b\x1f\t\xbd\x11+\x86T\x16\xa3\xb3\xae0\x9f9?\xefo\xa4k\x012>\xa1\x9c\x86x\x1c\x9f\x84\x195\xde\x97_\t~\xf3Y\x12\"p^\xc1\x0f', 0x0) pipe2(&(0x7f00000001c0)={0xffffffffffffffff}, 0x80000) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000240)='TIPCv2\x00') sendmsg$TIPC_NL_PUBL_GET(r1, &(0x7f00000004c0)={&(0x7f0000000200), 0xc, &(0x7f0000000400)={&(0x7f0000000700)=ANY=[@ANYBLOB="f800b900ee6059aa5bf14ff6a69df6cf78598587885cc2979be4d33804ce45cf25a023e9d85b90b16d1c4f676e9d8d20b58f8357894ddc76b8621dbea8fcf60e000000000000beb107743e7f8356bb1b4c0de66bec6f53d13682abef3e61e52e81ef49b7430113f3811d3f04cf033549732f89d78a64aad3db174f0fa25aae831eb197865d", @ANYRES16=r2, @ANYBLOB="00012abd7000fedbdf25070000002400020008000100a400000008000100800000000800010000000000080001000600000068000100080003000000000008000300ff000000380004001400010002004e20e00000020000000000000000200002000a00000000000005ff010000000000000000000000000001060000000c00020008000300f7e50000100001007564703a73797a3100000000140009000800010002000000080002005f03000020000200080002003200000004000400080001000500000008000100fdffffff24000900080001000400000008000200348bffff08000100020000000800010000000100d38e0166af14aef0fed3fe37ccb98b8e1d618758710bcc343515620b7485b2e5d34afd97798864139f9bd4a82584dd5fa513b2"], 0x3}, 0x1, 0x0, 0x0, 0x40000}, 0x20004010) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='Cpuacct.stE\xae\x00', 0x275a, 0x0) r3 = creat(&(0x7f0000000080)='./bus\x00', 0x0) fallocate(r3, 0x0, 0x0, 0x1) read$eventfd(r3, &(0x7f00000003c0), 0x8) fallocate(r0, 0xe, 0x6, 0xffffffffffff5a11) r4 = creat(&(0x7f0000000280)='./bus\x00', 0x80) r5 = socket$inet6(0xa, 0x400000000001, 0x0) r6 = fcntl$getown(r4, 0x9) capget(&(0x7f00000000c0)={0x20080522, r6}, &(0x7f0000000140)={0x1, 0x8000, 0x81, 0x40, 0xfffffffff0520d4f, 0x5}) r7 = dup(r5) ioctl$FICLONE(0xffffffffffffffff, 0x40049409, r5) setsockopt$inet6_tcp_int(r7, 0x6, 0x12, &(0x7f0000000000)=0x7f, 0x4) bind$inet6(r5, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r5, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$SO_BINDTODEVICE(r5, 0x1, 0x19, &(0x7f0000000180)='syz_tun\x00', 0x10) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x400}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r8 = open(&(0x7f0000000440)='./bus\x00', 0x141042, 0x0) ftruncate(r4, 0x800fe) sendfile(r7, r8, 0x0, 0x8000fffffffe) [ 584.390072] net_ratelimit: 22 callbacks suppressed [ 584.390076] protocol 88fb is buggy, dev hsr_slave_0 [ 584.400142] protocol 88fb is buggy, dev hsr_slave_1 [ 584.405225] protocol 88fb is buggy, dev hsr_slave_0 [ 584.410310] protocol 88fb is buggy, dev hsr_slave_1 [ 584.418305] x86/PAT: syz-executor.3:22344 freeing invalid memtype [mem 0x00002000-0x00002fff] [ 585.350107] protocol 88fb is buggy, dev hsr_slave_0 [ 585.355204] protocol 88fb is buggy, dev hsr_slave_1 [ 585.750130] protocol 88fb is buggy, dev hsr_slave_0 [ 585.755234] protocol 88fb is buggy, dev hsr_slave_1 [ 585.990192] protocol 88fb is buggy, dev hsr_slave_0 [ 585.995415] protocol 88fb is buggy, dev hsr_slave_1 03:37:06 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x822102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg$netlink(0xffffffffffffffff, &(0x7f0000001dc0)={0x0, 0x0, &(0x7f00000000c0)=[{0x0, 0xfffffffffffffce2}, {0x0, 0x15e}, {0x0, 0x2c3}, {&(0x7f0000000000)=ANY=[@ANYBLOB="b803010000000020000000000000000000"], 0x9c}], 0x4}, 0x0) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x4) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, 0x0) ptrace$cont(0x7, r0, 0x0, 0x0) 03:37:06 executing program 3 (fault-call:6 fault-nth:18): mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000200)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000003c0)='./file0\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffe000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) 03:37:06 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca50d5e0bcfe47bf070") mkdir(&(0x7f0000000140)='./file0\x00', 0x0) sendmmsg$sock(r0, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000080)}], 0x1}}, {{&(0x7f00000001c0)=@ax25={{0x3, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, 0x5}, [@remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @default, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}]}, 0x80, &(0x7f00000014c0)=[{&(0x7f0000000240)="3ba0b6ed4ce57808f6a0c2c35a1f71a124c4290d19a4cbe41346e4c095e21c0bd659441e1fcc07ad9649d5c73c11e8de05c9e87b", 0x34}, {&(0x7f0000000280)="2c16a130c9f5217854747a0c0c739e618d75db48550d9621a5719ea5e3287fb4824cca81841a2b0e181f0249009251f2c69ac8c92746710286af62f029ef578405767c6ea4766247d052eaa4d16196c92c063bbd464e76befdccd371583e39ed887cd3551f029881f375cb7af001943161f956e581ed8db056d1814c680403044488d85c1906272819ce1e2a9aa8d890a62518fea8159df9e49034488957868ca80be36f467ac483f552bfdff920ceaf39c2ef85dbe8ce3ed55e666128a41b02f6770611ce8fa3f680bc11392e634021c9bae21256b96060b8c210900a0fd4ecbbf8a83625098fe8", 0xe8}, {&(0x7f0000000380)="36768225e290cbd4a74d746f45cbd12e88482432b2f0d67efeacf80ed28f6d37762ee7da7b5b64e19371debd0665127a594a25941d918aba1e4f052e4aee93c565b9fdc7a3f0879e7601c27b0cf9beb68d8d3808673b9be0f984a47b91dcdb2c3565a84d2fa603d63ae3a1d7aaa49824b60c1e039319fd2be85e5fcb08fc6a1a957fb78857df3bc0c36211a9b528496e7f0ba0dc10816e75b0bec59625ab77c0574b12e1172cbfbe023576e61ad435e556d6e4188f0b0cb6f992951df9d4ea8bd53ebbfcd85debfb596b529a4fe8ca9ded59f12c23f418933e0a1c3e91fc75eee5a7a5cde5200978b9", 0xe9}, {&(0x7f0000000480)="f2192160a8c0ae4803364b73330530e9837f5da1ff539f8833d67b5132208b1297a71430ef4127ac90181e62cfa7d065710db5f1defe665f08cba303b298b14cd81930c20534fa4d6bfd8b5223b135c9f24105c868a52f9e9d14314c7e786f76d06fb2bdd37e5dc8abb6376b5f0ce3de87e35202d4ac5a40b6fe8570a835968c5996a6c4a7f13790794547349f2f041a2b1f1fa43029ab809108f44681f5f581717a9b0ffebdff6c0aa3aabc45dd8d1fc1d52b926f125c92a3aa49379cf730c71cd50e68ea47a397e78ea92e637997beb76cbfdab7b76cae459547cafc4709531ac6a75be41478a9855430411b5c03d38dc4b4458eeeee238e1c4afd152b97cd94627dc256eaaba9126ef96592c001071ec0384bfb50993eef284e4a1c48a32acd13b4a62a56da2c303fb9ea97ade40e07e966f42a0f0fd6e55207a33eb8760f3bcf741619831969557fd2b5d1423ca8cd942a69f069751c1625e09ea9dc119581b45296d278791c5995bd6771870857e4f758e93455a34059768bdfb8d47b29a95911db4bf9df0c318c7d831ca044681bc6ce1df28eccb2ecdd26dba57eed0a7f3d9978ef56bec9111bc3129686233f6f043f00c8fb84a25c924121be07599a187f8bb820a81bc3ce3f8b42bc4172c1a4f70144cd9294d23dea65e311055042624f9175e6d6baffc743c12f285c12115084e03cdb9c9dcf89c114f4a32c05b9fcd63334502ecbffa4fc92fbbbdac1bd790c23d50e69cbc3d6d22dfc9a09a71bdc53a68f22df69284afcdf47dcb1659dfeb89f89e4e653b2891c3a1355ea4734f7d287544e1c3c32cbfde646ad5bf6070cb0bd5abebe51ff895ef88c8eb0472ec2eff5d32a9eb17852629913a3d9c59515df5651e97200acf3d4e6ef88fc99a0fef928482a5c02345877d95b868939ec365e4aefd9b158e7d7d5902f1cceed1c824c89d452eddc37b077304a8ddb48df4c8506011d1ff55cde4367428b05fdf3af22c2127e26c42f5994fda12da2e5e17d6b8160647ae9d2c154af337852cdcb584bbba93604230d18851f0512161f7b6182f4c29f92564c08bb8943241ede838beb94dff9da08a872347e59d2314bc68e2769a346acc16eaaee342ff2eba2de9288740d1cb200b2517f01907532c75e889b2d5d468f8eaebe91c6db8ee5058063a514849e5c90d906ba5d567059bed5f9ac1715423c3fca4f15fbfb7145298b69897314446968636e83c48a4c8fb766eefa3bf023c3dda1a1a1acb55c470493a8c98681a7c39e31ecadbf7e9d6d0ba18a65ee52573a33e8875f1b1714fd9975bbaa756473f21bae67aa8a61725876bab1adb6793dc709f35d9015d9269f71ca949e1bd87a963c4ef29babd9c9945ce2ea080cf66822661da6e573b675a8cb8f3a8f46cd5a44871a5e3ed7ccd4bcbbe9922669ae3803b70feb3f60c484ff219fb9fbfae3185e5b6867ccce20c9485d4d88cbec5ddb7d7d653ab4553c602ccc64461adf8a4b617090ad3530f17064ad46d594cc42a0b1843e9cb7631395c57529ad19111434018f55f17fc0ef38a1f7560544e1ef213b2c199a1aaf01827612baac2de067430e3ce4c7e110b7d53302a2988d5f817d0f2c3e369b7f5f93f3ab94ba95895dd08dec279d80e98867c1e4024b48536b67fb75284d27c01468e5a2027411b93c6f936dfee66da6c8730a04a52679043322c4f2a40d5f361912ba8738a9a680e018ef405c55f7a4b9b3ec3486aaeaf0054b7a432f23d88a33d663345bdb135036526a56be947f40fa3faf9502ed847e1f7fb32c5eefef6ef49bc1d83d361cfabb9b153a67871b89eda0ccdf6d24bffc18030dba39abcf0e5925c63b0c704ade6b839fadd6fa375583df460d4acfc87b4405343332e45d69a9433e300592913d0347c4bf9dc3bbbc7529b540d6aca2dbb0a68a4d97117ac2e50d162583419923dbca29e39e4d18748233ce3da1e216d02714057de6d2fc1003a37711942a0d9a7c337ec17ebe372cf4925a52342fe8f3d0ec5e3baab8635c786e6d4247a75fccf2c7f7d47ce3ab7d316e27bb9bae8b26fc79af5ebc13e168170e9c966e2f998d499d8b286027d2ea83a9c9207633e497a4a4f690e1fd01ac0000b77fdc50306c98c8eaac30dce25728a1e105bec0c965a8708553de1eaf9754f7d82450ad63e8f2119a6193097a51e14c117c8aeaec963883a50898f89df4af8c1197730c3f9876af3f5cadd457a8d8ee82a926147c40468deabc53bc6dedcb2babd548d91595d5888c4f9271bc2a3d65ff27c32cfb3f7606fed4aadc238040754b54fad1a686f40f01f2b564df9b8c2d6a64ad4e2ef7fe58478f1e52a255d5aeff3383bbc1a01c8984952b1b03ed816850bee729f74f3b2eb8bc5e35214ac2ba0784004e40fc27d27bb42c2a7953941966c3478b894fed2df3116e9792adffa780e167c98ef36a0ab593259e24993e4b103e2efb8e1b0b58caca5ffba7317d77545eda0bbc426831901d2e62e78a14c1e4b9cb24a39bd3933e12fa579df7c00e43e379d07906d53bdd84394bc4780a5ffc7d4bcab2970bb6033e6ff34093639bd34a25306bcdaf27c3015e8f9c57a89bc198415efc44e3f1f26f7f855f8a7e3c23dd843965b393b1e4a851d3fc682d7bc1adc3cc58351489b4eb3f82e0b0c5fe3e3d5ee027b6da8b41665cc66511210d54b879b9cebe8902ca3b9e847239c0536977d4f82c997b9d051e8955a825341bbc49024b3706a651bdb6798885ad31bf9956517966fb97ffed567f1af2977477fbdd30a22af1a2b12013c5a7ed5e60ab3ee905e1af64191711925e870b15e0cee421c47d99b6076f879c6621ae283cb65da5693b960b4f891a488896279bc4d8c9898dc2fe8d2ec66c3ad692be5ff981032c612af19563cb67bbf6a5d4ce65e7c9de9105f77680849a9a981ab3dc86a7f56aade457fb3497df636641ddc33c2dbc497d0ac70f71a5b8a5ff603c9c575f1b9de972ca950dcd9d234c62dd882b5f42e19e4e9f0d231904c2c7016a515f05a0125b26b54a46aeeb48f4b9d3c1fcd67bc9284a765f397f94d95ef9bb159e32a4c7c5b951456ec95e7710f52c4b2743fc908c51397326655a59daf7437351e0f1042218e00c8e32a0502835b2c21330e75d824cb9dc0195d49832a39b320dbfccf5afd7281f00a4a4d577a542798ccb0fec3833d8adbd60a730e501dce1c3e00167dd851eb63f8b05b2b86a0f30908d7545ce618bd2390845787eaae1e955cb5ccad8cebf255faa7b996450e553785f444bb8eb79dec357ddd6528853d475e5c930a720f861803617c038bcb4f22897e624663cff6353fe613e5f0e735a3b918b97553a4d2f4001c3e707e6eb505e3c18e6c28c0e9e284cdf977ae9599d966e42bbb218557449019d3d0d8c7975b05c83ebdc0dbdc1014aed5a3b344c365dd021a0f993172587fd81f369fb5063b15fcbe626c2fe34366139defd6f80ab874b2181caf104cd250b0eac2cd75f70ef138eb4d17b4df596431ddfd208e577c1516e453da903936842fc305f98b5bc3f617845ae7d96b221cbe04359eade03cdf542e4e565cc534bc37f30858d2711fc802904b3148cc407fc427e3b3d1740ef29e3c6be355c22d1265ec5937042556150a98d6c02c062d77fbe414052ae45feb749492c675093f6d5e93b5d5e9d33a25a078dae41d6ffd108d27ee2e7e4f0a8853c4f5ffd474fec6e47e9d587aa3732051b195a53c77cf6ac3c9979c645e5d162697a10b322716a9008d63d4fb8be855f4dd4c1a98ed5f8e39c3558c168001da5c630cf3409f258e1ae549c18f88963191a9eabc1a288ca40a28053a598a8c2ccfdb458f0570c01d4848540daf8ac0ac92dbfcf69ff28e629cdd5ad9728bf768f25e9db86c594a3818c1299a5c9e24e3c1b968fb3093d13fc1c5a291aae53efe4293dfeffc3047b8042f03986350646ca85cf351ed8f3b9a61c5a28c90179f2ee844c1c93211af7a74c6ab4eeff2a71d686661277125eb8a6bf91682ea24f142d4659649522c1077b5435e683cb3a100ea4817d05140df49d05ce3d3a3f6113a4c2e513cdf7158bd6bb8ae8f117757d1dca0bb1ebcf815732e6c594b67100038fcff3e7197927267246a1ea5e19be4416ad21668a92e6c947675a5e90232ea44f90f5f4b90a0f0b10a4d4f20cb4909703ca2d6dcf975df1b91f0e620f73341befb16fd9f8f1e28a8e27a9673ff6f6e4dbb2bf41668e8058e16cfe6f9a788e1b4d85dfd824de482a8467db62270dd81bf97a01f79948c7df91dbc747e6db26b36fdd1429a7d9903a95ef85567a7e5fb3baca4f00fc34fa65b55f3f60b931bd51684b4fc13aebfefec75248318839f08c80a255c76a89b85e15871e739966c17cdf1cc30f160b7aa1b4d61e291deae2b08c73f4d7fa47448ce7beae1fc487993053f289e6495960d073cd8b5c654c3be13da875fa9f92ff11cd55f6c80032069e61e389400e0da1a8b5f87a36d60bd251ac1c3cf6a77c50a6e4b387f399a318768e60da88b61d88bcb282c5b8fcc4c688acdd3f37cab9dc17de8f86bcd7fd5c16d453292ab41e83cb39a3f5950c47a63a36080bc3a074e88fc727a070ac24c7584e56c37264d8f81161b7a94e2759feee6822468867fad72cc6b9c09dcb272a7ee22a4a35008ba0a88ee677e0406f3f40cd0e88d6cb2fa4d0dd16432bee23412bb06f2240580836cee93a9f1a58663c867e281bb9c062d228cc9d00df5947b080b16a7ddc8dff2c39ea2820c33c7cb5fd9776ab7718531f77be0f0039d771dac6daca72f39afec3c4ced8f83555cbce63b52328a8bf3d1206eccdf6555dde3e29668ac5091cba8aa65e3809e5c72aa4dd25c7f600526dc547674761a9d9252000970680d1186883cbfb1a990abfd4b4271a0fdddf9dc31125c281c000f75ed86b4b91f10d2fdf44b3d3697778d44c7a7ae1e00515fa3676b6b1fe37ab060c4a35092aef253cc89b5ad56912ff896b69de056fbc4e054aa14078bb163a7255fd4d7f5e1600937606e8d09baccd515cbf2e4810981acc5d7d59c89c488754758b2ef23de781c7aeba32f7877d8221e5081ddd70b189cfd861183be8aa3a92e6818a0c5d004097098c568fa8ff27ed3263aafab261172455dfbe14b26f079f632f25daac9f5350a98eb46643657bb73625959129ca6e28946478230e38b166121c36ae05e46294be3bda5935ff7e8e4e6bbeccbb523092d4199f2e7caba34c88a684f9e9d60c0ccd0e791e86707f94bbd5ac738bdd7b185cf56b8aaa3a5e925904071aa4f62738fd9485f34ddd254c33401613c08c909f2ef11208ca3177aadaebdc5d6a2013229bde2caf2c350db7d95df751462097a28c6f800e5c5daba2a2e1f73edff7726c8d0654c23e7413ff38deaa2abe95e0b96f8ee477565783caae729481723b4c395028b6fcbd3155cefaafc137fe0088f6af3e825a98f72aa6e93d5673a1e31561c8eac2cfe536d19390d5eaac53e6683a6f3653105046ca4e17b046d445e862a2c5fd6da48c93b076dfa4fd3363826b82f5796bcaa96f539ef862d504b46a22775e634db3c3289018a3999b5fcabea5c566e60877591458c63fce1c284a98e02fbf0d04c74f40e81f01863efaa560ef602b44cc891fbf48f06e82af76e57f777adc21c34383df8f2960bcba2a424cb6644b048153e9a23b038a5da6a0d8caa84b29d5504a11aff9a24fb810a3546b7380e8e3457310d50e32d7d9f4fdd217390025586a9ba7671c7f57c9fb071cbf95367db2c8d5833e6c72d7a4293b1bccc4", 0x1000}, {&(0x7f0000001480)="614eefce2bd04528537486873582af07dab533683862192fb9eb26233d50920a14eb", 0x22}], 0x5, &(0x7f0000001540)=[@mark={{0x14, 0x1, 0x24, 0x7}}, @txtime={{0x18, 0x1, 0x3d, 0x8000}}, @mark={{0x14, 0x1, 0x24, 0x7ff}}, @timestamping={{0x14, 0x1, 0x25, 0x9}}], 0x60}}, {{&(0x7f00000015c0)=@pppol2tpin6={0x18, 0x1, {0x0, r0, 0x4, 0x1, 0x1, 0x0, {0xa, 0x4e22, 0x7, @mcast1, 0x6}}}, 0x80, &(0x7f0000003980)=[{&(0x7f0000001640)="600a56af51bd75b07780018b29e9c8cf8a61bc350f7d22b73756e04c4f2661ea9af8b199eee0ab10ee9a767f150314d94154a70cde5445d27b3546a246976bc00fa5e174a0255eb6526731896e492a62f2085d7d64c903cdf6b5fb8249d3b2f97a6077418f6201cbe48f69ca07834d80da4d3096f590e315d506fa76835fe3a0fe43f892ca03a516b3a88a9fb2edb7eac8ac6bf3b2102b2b7f677906bc2186be959aaad061dbb607ea412011c01081ff0cbec6c9bf13187148173a2376060623bda25b756756cba0f2fa1ee1063b0813dea30de96d25cf5d4640e74699a2c76c91b99805e8d71b833c42e3e1d4c344953ba4dcf958bf810ae972d27976fc88e129cb9e01e59b46836b2f914b4c83dbf9dfc844c6e5a4cdc5f742cf193b6fbd0eb7ec0481327d22af4ae7cdbff04d5ac56d057ba71359ab558042386ee2eb08c84363cb056f2b0808fa0c4dea3be2f6357eb56a475ba89db7cbaa2e70588b7274fad2381c8a6990520dded5fd0887ce585a6ac1a3865ceb208b2c80d74cb7fa32ff51c70cb7b9d466f565305b323e8a26edb4a844974b568fb9efac15fd598d90b570f895c8025a3ddb790ac8bfccc4da29091b93b4a74fc6dcf973f7eab50d531746bfeb222aaec0d9659791ec720e22e352d8d927302c4ede5f6cf6852f7724dfa3640b0bcf74be2c72102c6fed164df4c63c480cc38d4fec74a5fc118daf6bb978f56e046cabeda26a08e241bac1b8d0112ba00a481a2ca314572229a1cc9d4d59a7851dec9389e38f69dd5f35c52a6d6cac25a0f8870fc3310ccfcd878875aab71fb9ce844cf381107bdf842231be057d5fa57c0e616607b483e618e1db563fd564bc04d1591538cd355759215bfcd6b708489aad20c8a9ee2b25236a7268510c03af84316ddabb01ac96da60913c87a75da561fd8b4f9b3b0777f29efe99cbce294869f501a8f6eb791b5e27bb809912ee5d5ecccf50f2d6fb539c72c63e3ba04aabf6b573335545c37b7b3735e8a047dcb47c054084c6d3db1bf1cf130c66dbe5a3dccd46e0f769fe1fe33c1a3fd04b96161b37faf426a678cc4ef5abace79f979e23c2ca78900c85650d928cbc2a7f42b5821cdef405dc8d7fe947dd7f5b2c8692f7d5e80d27c2f55d5d31b4aa415b4215abed4ad9c9cad5027f26a257e4057295fcbc7bc352a713e193121cc41a86b178794f8f3566548af1db0d035a89a37f4441c292cd9598ffd06af3dabb1f849b4a61d297505707e671c7172f13e9da393ac5bd5c6aaf76ad1c727d2fdf6dcdb316092f86ed1cf3708e81e229d5a053adcdd16a06855ce8254259e9d47d4f361685f107adcc53255cd1a7d09bb653d22f78c6ef1fdd2fc7d304db6aca21a9fc44d007e1d6fe5fd61d1032766a353a6754946e506b35e9f72e0e597bf600c10e1f7def335c00cfa37efb7871cccfb0c9e05f197674d66d306f389912d0d4b503324b457289a6710403701a1be5a302e96a64e030dcb7599c6e79f1f76ac1d13405aec22323c76c94b87a8cd556944da5674ee41fac764bdaf745f09673961d214d7e59890c6837f7a3246e427ed53d0ff5b5e4253c31a06e36cbac9dc6d46cb544898c5bef35e1ecbb297137912714c609b936f45b7ae0c0e445a78d429c809600da334ccc209cbc457ba3fbf3d9968c87819b552308fe97d2f4b0b3a02e52fff829db32d00d3adfcf3e2435401353b3f31a564b1ce599897cb6f202cd726e5b1aca26e6b7c8cb5aecf76e4dd21c2eacacc80275bc91ff0c6cf871c4b2f2dc980db591faa00770f16e21ad5714c2ceea578972f1dc53ec48bfdc2234f166e19e263f2be8c767ac69830baa60510b75ffae2901b8a5dfec347f7fa8500385ebde9ee76920b4a38b35b75f490503d09cb7d7e27b09031b316bb39cb6a71427dfe4bc8385df13d21dc4a7453a9b425b35b5bf714123029d74bd5db1b6fbffa8557fc577d2c319420e2ded20128a1c2100f2483c5e756816f8d749195b26e2d38356dbb4a781cd2544b5c3646c49e427a2f22cfc97af0f1fc7af9dd88dc0bf0e60480500d12a8b895c8889ae01b40d2ad2d14439eb6d0065a53aaf3932fef15f98effe54eced9c74ed80fb44ce2215b74da896df878251673e79775f759d2c40eae2c2b5f78863d8856f9aeeda9a9952458965de1f977ffcef9634c80b81d564f8e470489020be3078481a66adbeeb45381117ec2e4ac6f72e806d5e767581fa08b9d0b50bd8b605b50944b2f513853ded3f730c38d5559e9aba4410da4005c4dfbc34c716d80ad3beaf662c0d8376c4f0bf43d5f9fab580038cfd41580a70f75e680104e4caca73a1782e78cc9b9f0192c0e3a5a8af7a72de7da7df177d4bee5506a10b60823dd5aab151d6eeb1ba2f79eaa5bfd453f819003bfab4fadfe00248f0708586a31747176bd30c1b0b96fc1e56fde9250e5c2bf79353364bc78879df175ad094dba3e25261632171c4260626a2a8354848677c35d1c6a3d110be954d4d83c92b54a3ed2484f51b5a6877c3cd71645d0b1a90617058644ba17bc8ec513eb24011efa4badcbfd558fe4b952818ebffc694ad0557baf5fe0d687a315aa052db3dd3e61292521b78dcac4992afa7b481d22bc769b6122102b576a70561d5faf50406d9dcc69009dbf168ef02d4af3645a6b8f22bf61c7d8c8961ffea586316fe6ebec16162ea8798a7a1aa16e5f70d9102bd8aa9b7a820f7d6c8cf218be030a74dc55d5206a895dcf1e41a4de7a52de81d15639d6e405e4d087d02d89914356e2a9fe72615dea781354f3c3b16b70862b2a988418c05741c89071ab4ec7ce3cdcfad3f506a59e4b366c068e9896c2853b946fdf19bb99c7abe475397a95c01564fb6166dab32f83632edb53861877a491a793b736b9cc15d82db1977d70bd272358896a4ede9fa0666ffafa69abe96779eae12554af48cf90756efab2d171640ecb33021f2d8b539cd2f7e317e02373162c0244e510cc97aed7ad8897c91696a795b8e9fef26ac0fdc4f10fa4bea3bd9159c86d6cc5cc4d2e6723e53fab81f7fd6c67622a33f36e439484c4422697a032db984b88fe257e60e1d22a51e9fc8c39cda73905fc1ecd2ecea4d0d0eca533de0231afbedc0eca6b731e9df2ca3d9f5fef51f375c1da68a5a8cf4c7c859580b6724546829a1dbe8d940c0339a7eb80c467d74fce20433ece825a71c46ac6088767f28b22ee700c3cae30b563f8f0e33b33b83d39c4c0b7368700283119401c12ba3ae306ee72dad3012cdb78051f8ffd0be90838ad670ce798e7216952e09bc9843e4c29b803d30522d882985b119660c7951f4a8ab58ad6acc7df5d1cfc04b88341aac56c49e590addee137fcb85005db6631272d601e4d456f19c57edf5c67594ecef10478af8b05818fc4c899c7cea054041b38b321cd03207666be6b8e51384cccedc993d444cb379a6e57545b7d614cc170aaa5a349258afd24cd2219aee63442aa280c3a24894f0aee309c05744b900e08cf79bdd0fa733bd8f62e980adf1211653daa930ec5a764d2adf58c6c92985b652b03a838a8456a52aa710bbcad1272ba402fc0ab4b84632fc7653ad4dd3d12e5ac4c4f2a7e531f3fb6d782c4817d8f213fb9a13f06b489c9746022c6112c9c30e156962fd6c4ee46f89b3aba959ff1c88fff3fad593425e9278fcd969d7944e1b7f33a3f1ba171196ae05d2ad0a6bedae442517f5bd642752d32610029fa2c6df4ffad146c0164f9bf915a07a9929ceaf343383c0eecdc9a8295f2b4f0c38dad90b4df0f75ffeb3bae2013a2afd5a8b363f843a73c0dd357e8226a49943a5bfa692d20a73cbe5f7a91ca7a777fb621d23d42548ae6be22c64b53c9af67c0333504f90a0f2598e3b981ee2d5f4ca90cd3d50c982504dfb2e76aee2c0472314c5558abee378389f99b7a4e286804ee11599aa9648a0ad297444f26aad963e6186ed91d5e8f402c655fd4fb434d168cfbfee476b7c2491c45e97d4627722684e3510ba86f49fe53311f5ef526a51b57bf265e9fe42a2bda0e8622896fa281d55e221bcebdc1f7db0880af20072589289c3361c43fe87fc1056a1a4e1b80e31dd073ab9b88e87f74075bb549551b3b0d010ae0cfd2be3147896a194f9e65e0a1cb4a51f02ac11320562f7b1e6f76f33ced45a163ba01e80898464d4490db47cf103378eedef06f0b6ae053eceafd9b4f0fc8445ebdde862de65c32f1d045dda0dd5f324b8fa9e9f0739195a7cb22fe36c147bda4740f90b55dbc4359bcdda340c43586f6d9ab458b467152e94f54413f1f05e93ce0b97f2df840efc5cb99a4c65ecc0f4de28a1507f7547658d5911db680307b0341e7de5b0a95fbda7f8eed1485bb68a257a24584f54c181550f68437ea20fbaeb724f16325ef14eb61c93d66bcda29f6c88c6f962ca9073e360cb4f48fae51dc7a09566afacff5ea04e4529c0e487fb0eebe3b8f00cc419d029cfe723f102d4cca8fad094d8bcbe81f6647c74de26176ffa9731f8e720543fa23f5e27a4b3991ad840549198dbf38a50ce0382ea548eb92c5a35921f3269a6f6181f69a0485ca6e3ac6a1708812c4ed04f7c7ad04c7f17329dfeb17a5ed8cf979d87a9bd0927a878e96b69af637985cbbe68bd451fc8cb3fa0f8be10bdc570c5ca35c04283dda9e15a918e32ea3cd32e39e9d39883319e42d67de989a1b5a3d3b5fd6a88c0e53c8d94837ce42b840084d5150eb852975126770c2049c842929bc37e9f86ac800d75c72086c503a3419c327d09d32ccd9d63aaeeafea03d4d5366a75ec057839e80d36f06da7bdfb207a9e2dd5358cba06bba25bbbadfbb39372b615e9af2bf278337da81687e12691f3911e1c33ac89c96c8e2ee28ac80e29d2abdf6fdac8255a11b7371a5b0fb64e68bf954049619f753955f0dc9c8bdc66e2e258c6b806978d41296b8c33c31422b527f526a45900eb2edbeddfd35d177d02811f8d28dc49aafa471595520f57bf2ea2b93c4fdc0bd3b9abeece60614970f4ff8d3c185b5b69e9bf297c23e406d32442bc38f7d171cdb0d110409370b8ebace22ae657dd6f0e86a4b4e2adb8bfba01aec3d25ead79e0da2d9bbc963ea7363067422989939ad84a31cde7e57f640f6cd0cfc2f8f5191ac1ce7b879cf4979885af246e6766fbd834558a73bee65f8e6f83d062acf95762895eb565b40d4b5431550630dce6c0d883a053051b6aa2ab8144fe71a03a506d9c8bccfdd8093636fa3610c02bee97fb1883c18cd4d87e2bbda817ad127935ae210b1a02aacef3161ab70890256628400ba0059cdcfb2c2aab0ca23c4eb4158370f91977514d943ef19c4be7297826a9e6ff6fc59b92de0de27ff5feb43f4b43422c40fcb6a74efafe8cca5ef0e8f6e4140e3d87aa54eb993ff7817790a61588c31f5149af8d8bfdeb43ac5c81547754791ae919c2bfbf883a285cfa33d6f4a2ab85562f4086875757895880db8555f1c946964b200fc373f598258749525ed97942f0dda5abef29daa1901145d59ffa74535cae71d8c7c6d16f82bcf199043eaeb13f1315738a32436dee59229235e4f60dda9990390ed02a4663bf837437e75090c19cce5dfc3e6e00e3851d2047c634bc1292007b4ad269773fe3ecf88bfaa60733ab8fa8adb59532951c254b6242e41179c2c0a5ef6db5478d3e1ce06ce4e2675bb2988f8e9ee0c1f55268402c48001910a15977de87d00fb87f93b241933814e2f98daabbb0b9c2eecfc6d9995dfb79469b0c6cf6b6b994cd13c08f5e303a04ead91286", 0x1000}, {&(0x7f0000002640)="98be3a7d283356b12fac840cc4af4025e16a50b68140a62f67fabd77d93dc2095ab685d67d81efe9c01ba93e9845b6f911c6a75de7590f9db715f7ac6a80b87282d43de2a4bc4898a3bf13c2ab7e146c97da87e2b7a34fcc8594ef1e2ac473a8fc55da9a61a78be26393ecccd42d8be1063f4c069b72101191c971d8", 0x7c}, {&(0x7f00000026c0)="376c70ed521e4c82191d78a61b326d690e3ec2db7a373b0994b044ae869713cf818de5a749e8d0c050307af191ee371d39669441157cadeba09a762dcf0b", 0x3e}, {&(0x7f0000002700)="bb786a25dcb8f085356c761d3b3b0fe3df32958cb9aec8d3cc16e8aa8faed8bee0cfe46d2aae5916f9a0b6d20cd57859d06f0049fb88ba68157cf16a0083106ec224f27ae8d06ad03fa1c7d53eb066da1fd40cee93aba450cba7fdd1a102a1dc70c894c8dc2b26a59f2d964f55e71f41fe586ac522c1c31b29bdd1508d934442c470b69054cc6d1ddb3ebf4c9804bfb0f3fa65e3f82c7f67e9ec6fa04da96a5818f45cdc5a0b1c69b69f56afdeb2fe9c05f689b08f0352103992d472542b85153987", 0xc2}, {&(0x7f0000002800)="8d3c56a8ddea809bab65d65df3b940b0f7c5c409fa1d510b5c470b9f4f08b11a31b05df15eb6864e5ee53e0449d7404d267f7290448f641b217a8a27c0b7d44b61a3f87b340666dedb2468267afcde5cc3098146d23bd41979aa10c6", 0x5c}, {&(0x7f0000002880)="d47fe385e55f1764f4611750fec3bcdcf925546149a5305f80c26babeeed954bab3e6ccce1d73c97596d3858fb0041d2e7ccb2d12cf2395663dd9028d0713d4d1adbabbe606d0075b029d2b195f05b47096f633b8798ba400b06a0e22fce1f445f7fbc3d62c5ca3d46444cd810d83046ef84067208b45145066680576e2d788d174edeaf146ef933508dce4bc268aadd1c003b8464731630eca1bb59528acd06317eed132ce2d16db70a2597dbe1e4032b6b2bf36ba0", 0xb6}, {&(0x7f0000002940)="541ee7ab9ad65efcf88f68841dbcc9d020c8dfe62732bf5469fe35f1e17de04ac206e194dee438e8d909e2067c116492a70281ca73c753475b7235c2ec0c3fd61d1390d814cd1a2adfdc26faedee6e418388e8d3a1df87f1dd1493c994e6af77c4e3a435a60da4adb97585db3a371f969dfbd240300211f997df07420fa748917b2ff4d065251d8bd852e83ea30f749273c0705a66fef6fbe3af78d54917902389e7b381795d86f563865ddc3d6bc716846071512f171bcc1ae8d1b9532fcac157b20ffd0352191659554613cf8a90f56d409f2c7a1c0b38bc9ea95611409a36f16a3f135731860943a6dab1fac36c170ce2bab2bd4fefc7f49a17d1fd335f00fc4de907917138cf988906322bec2258c00412e2107ece8a7c607954f3bd0a723a78e1d342038dcb71d3b4d548905c92495e0bd81d8f733b3aea4275dbef659018bd3c08e54523e183b11b13ad6da8eb3bf4708492547d11f0a3e621173ff9ca888e2738dc53f9b8a13b05f2801b340d5d02e8ee0ce75bcb2c2b06ca6b9f524010282292f8044d729d905b3b49768524b5e3566fcc4482e1955998bb797729ee3c8386d4aa1cd276de6894d7ecad0cf13ad9e6763d5657ab49c4d0020c9deb8981304e5ee67bc35a39e6c9a9f5eb8937f9afae0f3ed539e5c92b81394c26ed6d8695111069c836e7e47aff165787f0c409a2002f6f9e3bf66d7e2d736c3bcf72b8ee1189d101af6e8331fddc9b3b79a34dd45dc138d861bdd50a92bb8470f389d91773405a9e951d682c74e74e270e9841863b4a7d20208d06f53728eb797dfd4ea3b196a523c0f2284e16254748a670b5af981dede9708f0d771dbb9d016efc09239f0b5af05176a1582703dee10f199368744e6b9ca762b7d72de6706066f6133f96c7d244cf34d40f3182dbd032fa4392f296594c4ba8e5d3524847884da23745bb6a3ce76e61bdbb5386a9e7b8ac76255628b3310eb08b723229bd9b25d0d5df0f8c83e2031021cfa00a392b33888554717e60f8745a3a4028d9513e7c0567ed8014355c611238b2692548c1b9612df6f0770f60c31a965c50492ee7aa7aabbc24798df5949f7dca5a6bde335154d3294041a1eccdc95655eb510c66fcd1565cd2601451eebb131c1e6245146661ca7844ed5c66d651bb12838628e85d0002809a927b04296334e1a632ec57918adf09556ee694ebb58c401f1458a649a3bd9fb72a8f26b8091913a948a8c05a2e011c05b089297bced61aad1bc1e9544a92743bb652f86719366bac7677ccf2af551f17b45646800a1e17840c7141604ab7809bd8db7d2dce5a01e600b6ef748896a8c94ebfbaf85e05a4dd6bc5a3b2413b9e5d337baceab0eb9064b244f2a883d3bdce1b73dead303c27990caa8c6c43b1a7e66983ae6b12ea957b7250d66231e8be5d4d58b73df76bd06de29c72b0f6e4b4ca9b94e1d7a1832b343cf73ad9e553913261cfe4a1de634dcc6608c9bdd384218726bd644706af20ffe13c969ef681046c11364e37b8e694556b883381ecf7db89aeb5934dbbccbb28da0d19ad66a202b00931b6fb96e16154136dbcca4978f193266f95026fe78a1cbb4fd24a97771b61f002f0e48e14abcf2eb99b493346745c604e1f47e4fa4a02fb42cf8195d0cdbeb9d772866e0e6e9497eff4ca415307b5bcd81738a958343ccb5518b115fa509d88c14c0c3a4678bd840124eb7dac36b4243e113099b72da7bc4dd5bd45a9b0ecc8cf230fa1871877d412aae9bcc26a85a0604213823f6eaa74dcdc86b0d6a43e40b5cf5751e53ddec3fb9d799a77a4289934c619fbb2bf5717ca541f271b3bdd7ecca2916214b554f2d81c0bafc5631eb644d3f5c2ad045706923b524227f6a0e81f32be8147d8fa501fb89b05e40118a16d98606f6a4fba9e2c4294afe2e752980f79aee4171c0457c2b8935822c77c3dffc65678613bcd3346bf109d73b93334133d5e59c4d2db28214ca3a0f44a7c7541f1abf7aa320d15421ffd13ac8a62b9c6257102f67dd12be49fcf83166a603abe00d5ba4fb5a081ef817eaa4ba8769b50c3ccc5e9774994729fbb6fb5b27a2caf7a56254ef0c065455c52ed9ab2e73d4ebadf06b4644868a5a11f4fb9e5673fc1363c450d338eefa1055a3edbd91edbe7e14c3199c47b1bb53c273e30717d1abde39eb252cc3d94b26f26104341f2e8532d251e9f902b1cba7c965bc5796e592bb7527cf3786898e4809fde6d937f9195f20331ea47100292ff7f04ea0e5f24968a44a916c34a4a2782ea83c3414e7059ab8fcc40d8325610dd387964ad82e679e61b310f4b59fb919b9ee7ea55284c22a1a4b9c52ea2d6fc049295bffadff0985b440e7ac3b317bebf4324a4605bb2c379a9928cff9d9648c40bf4ee3539184d14e13dbe1f58de4491057286c67492f1b997b61ba4c90d3dbacbf79bdecfe6315332b44f06339966bc36338a16a27d1d93086ad01e1e79018e909961f613365c959eda51b7608b372637ef1c789f3eb147a54bb3a2cb7ee46b47ad469096f7f21f8ba566d58fd0346752228ecefa3f66c91ee42a0f503fb89eecd247f76531f983c7dc4c464d78f178c1400bb2423e7c3a58da946a4d7b43cd3d6149f234e0d4a87443a094bbeddf19b056a8284e15f3eedc29e6f58646e8a11c6227ecda833772a6428c97f0fdab300453b5422c4f880b482fe7643e31189d4b634a090b6d20186452be1d3435124f47ba8b60e2ff2357dc8be77514d3d05ac52725bd02c94b24e914e2469dcad8dd74eedb41ce4891fbf8f85ac3761a96d8ea2839030473584732f9f2e9d70fcc4e583eb0cf12e32390adf7872a2e54e50a5c2b7e068ce46fc98ab29cde336098fea23c24c3b0da5ccd98955822e2442a07aa4d597db35d3f8601f4015423bbff63159255bc2ce7bbbfe4741daf6a0270f0d607d509fba9b9bcef6dd4eb75959c0b8b87852e35b4ebd98a7c4194aff21a10c77b2573f10374b980660d235aee819d0c183b68cd1bc121da0e071bb071290758e0c725420bf992a02ef6248938b50eb15fa31ad42eb15d9146d3b7b4ab79428bc9cd249b5706db873ba850fc22b2b87cb8f7ca9aa160244a4e99cf20c734925331c8eb84798a6700f34e32bf3b55bbdd8968742e5b74dbf029ed149daea71056d89b5e27482ead2c0844b3bf08b635bfd57d62502715fd01f72795bfd3145fe4183890c0ab3e689f28bb3b42ed14282e018bd9b9505d185b17b23a747b25a4f291725ddcfdee3d0b56b5b00126d630793114ce0fa416d73d1d98ca616176ca5ab17125a35e3aee74337a5048d1bea724601e7786183dc127c08bf26576242ca4ed7e986491498ab3dc33a120e7185100e3f4c4b2a24a1a053408d9a13e5ac84a52a9d15fc03b4cc641e497ece5d87c29e7afc264a9d51776cb3e466342d7a2e1f957094bceb2783add8d2030a5233b82977b0f6218925fb51ca6f6cb40f0ef19c5aa2caa6f4ad467eae355bcffe1e5e8fb5a160177686691e6e8d478a8dc711d057542f865ce1b1d7cc1dd1148dfab640c1ac7adb05377dc146c82e4d7a501980ade89d0703f794fbf155ccad1235b196f781b8fe3021af3869dcf0e1247d94f54be8ea30574462d3d5d50044d589992ced241a66df9e73565192ccb97fec058b334184167eb49d02f0670da2eb0ce090b818408c7eee8e5fb5ea9a42edc1ad2a267ab5cf5e2c874c49ebe53fe75c769c8b12e72c05fe1200cff16e64beec39f5a60a721f1294c0e07882c95a1a16f5ba00fd6b81a7f20c1e3f04e995cd6ae84fff0aa6b1e66c4854bb6b3dcff4d632966288cbd37a73cf47b723c124bb6eab7a70a6d13d7d213c5c34000e54cddfc08552d78486b9025e26f0594c7e50639c5b0219d22fa090994870b710d2db68ed1c01f4a71a9c35f61f03375888b8a6a753230b61fb38bdab2856469a5978f22ba90d4782a309489c8e98e3523ff64768ce25bfc941a4b020e42b95d0a64cd2562b8c9ece918e064701a52faffac5daf722e2cfa89d41a26ef7a18d93482cdbe95d61684405765ed40f7c4c644ee8e94e6419c412f472f8d10a036a097b9570a1b5d7c21fbba0e3edf27fe123a78a26859db268d2c60fe6b38d5bd003cbc7c68f4b428704c38c86669a7d1ea8e0b6cfc21cdc6b234f308f4543c3439205703fa0fa27677c3a8e08d84103d1c2a012cf250a7fe8c1d06c15b19281d92232b9cb7ceac6cbc0f5ef1d747ce9ce13e3f15284fb1278d3884b85766c606f2799f62302075728647f71280d4d3ce6eb4e5cf978728ca6a182322fd3cee10641bacc60d02f14193cfb11341f7587b30a99587a9e864bd7ee87504fb73ab3f4b3504e44c72e7f95c74fd80dde9f6163105e6d6eb2ad8fbc152b733fde031f86443de58c2bb8df6daaadc4cf73a5bfdfdb0da8465c8735fe6f57fd0b4ad56538f98674aa8045f5c2c2531612214ae7045b3df92a75fdaeb1f2670013c7c3c78035f931135362c1cccfb254833d0520188983b7cd41c29cd6ad7378199967017ac193eda7507a251ce7a22dbeeefb2e6d967fc72d59c764ed36da570545122ce911a9fc895bb01d5704d7de8e267193e04dd12ef3c122f538eae39aa00dfd0fa3283dfaf71c95f87dfa8b8a47a3b57159f4e4f4ee62f111fdda4adbb97cb8b86aa6e0248f9feafb488a1bf601778ae2b23afd2967eb50d5e556aa1c4d8043758607c86918fff16dc05ea799ae76a793f06313c3eaafc94841b577e061465f468245fbc75a7ac49226c6b161795ee14a781efce49cdf4ec43158e36b7fe7d9fc4a29540fd3ef69dec8a168908989e3c8b778efcddd78a605bf14671346f64cd0b7ba98104f55f28c7d53706d57157ce3777afbd4383636326a6a1164b37aee92b360b65fa12ab32ae0dc13c25c2915b365b9ba8d3c1b7a4e48015a9b0ec8f25537e92be078d3319974a8d7ce4507c50350909bd072270e18f02d14be820b724197bc0597ae3f03a9f9fc777a013a7b0bb883df0dbd03e8f12bbd3b1acf8b6709036f752495e89a688e386843b3fa809a7b0ac9af499a0fc3cd28e631a794096404e4f4c89642a21ca6eb35c790ca6a11997a092afe14026a31589a2d001ae716bb8a6936c5f1f6e1acb126afedae733631c092f53fcd076b43a8f8e135384ff79c22db6db4bbe367f12c6a178af57f8cf6d371ce9e5a3b31cd4001b857c44dd87c07c724950be84bdd0eec64e1e667bfe11627f6d2fcd5aea1a8d6b04b6a34f327b560780fe10593ed182ed0d8593abe7dc118fcbc3850b18a38c92f1d218e5eacfc2e550d72014d009b277cbc49aff6b075d246566681f38beba8eb8608df453959c1bf23e4e8dad8a271a7fb973b9adb2b73d2e970dbea576d749103684bf5dd5c71865e3728f5d8cdeaf9f9baa9d49f7336928e6d4d779f589f7d98c62779ac24f752faf9b766d8a50774582927e9a1e613e899b947eaf78a75d5c58dda1d39d774f047840c7054ccd2d1d0c58c411ba08f5799c703f4cbf79ce02ca666eded21e522851ab85fe56faefa58c02af222894c33490581c8beab38b7a7ce6b0594cf4c9abe9fb7fb9064d9a02f0f683e4b8fcbb1d45e4439f144ef5dbb313ce9f5dcdd7271978f0c65530a400f2cb4ad02249a0d575eb546fcc083aec8b25574d7d1c0ecec26071952e2d952a900ea45c79cca0bddb377c05167ae7e73091a67a14886219c58f2ff470c490ff0f2fc46c0352df9f56a275334fa072512da39ef0b818b150d9c9bbcb67b3fd0ba192bb1bf87d9ad91c8756", 0x1000}, {&(0x7f0000003940)="8e9b2fc1fe1bdbb63bf75b006c2207726d4756dd9780a47f5797a0912a783fd63998fda6acfa5b77dc227ad6331d77ef4771040999", 0x35}], 0x8, &(0x7f0000003a00)=[@txtime={{0x18, 0x1, 0x3d, 0x8001}}, @timestamping={{0x14, 0x1, 0x25, 0x1}}, @txtime={{0x18, 0x1, 0x3d, 0x3e9}}], 0x48}}, {{&(0x7f0000003a80)=@in6={0xa, 0x4e21, 0x1ff, @ipv4={[], [], @multicast1}, 0x4}, 0x80, &(0x7f0000004b00)=[{&(0x7f0000003b00)="5eb2228b3e462d97201e0047f9dea3abeb0f9e9443a91e9cb161613c8a4b691a3cb4ff0fb27f4dcfc3e777eba98d21d3f7902d2a56e343f784f2440cfed825eb93ab6b66366e80e94384f4c5859906f371767d469549b2116e6e9565d9eb15f07b5ff54cf4ddc9064dab8fb8dc93f591e720794982dbc946a25f6240c30bd3deb0b0e046b63caef8e4d98a7a0148e374d5e4e15f58f9a5cf24867c8adedece71fa305760c2eb0152362e2d0578ff1ca15f7a382bdd952aced44a302d1cc07295e52d3fb4a05955f20bb7545eb299a6732f387caaf5c0007ef5c3666ef029f23693d265de61889d15d071c5e02f72353927dabdefabca1e4170216ed06eff9bc38740bc72a805ff97fb64bd615fb0febabcdc629b329ca38575c1f29dbe49e31bebb315eb6271c62bf476731c457fc4068b7b00bf888181173631c5490afbb5737f7c8f83254589cffa33156da1c10cb644b037551ac1e8fdd0f3dd40ba4f45efeef02f8393304ca207f2524d6294085ad5bfff099ae9b87d191c4bed85b3ba0f0ad7e6ce7a26dcbb11ed30848963e048ca041fad4ff028391d3c2708960f16a5d5477a108ced2435ddc9e3f5567e9ba9a976366edba9d231e3dda9418eda19e2308f6fa9ef6d953afd99b7347ffc5fc9385a618e5512ab8396a9a70d7663e97f3ceb03e35ef2cba210b0de5fec8a030fbee9e3d813f023ccd7cf8ca1976a6a913994fcc4611912741e08a11250c6973c55b1b8fc48e19dfd3ea75f19d83bd27890f0fad98b7a0da78e0eeb042a116926233e37eee8db979aa7dd717c2997d2c74a849ed3033d8f2beb445050b51ee77fc266d41c3c3aae6ff23c3287e2bfea6b68673b769c4859091cd03bd71f5efa31fe8d85732db2ccfe04692fdd99ccae450ed4ceb288e8b97b649107f57ba687b29f37023db2bd1e60ae56fa2e5caf4f73f4356b551bcfda6cbd1102ada19d02871c528d10593eff93a3732fbce16b6f17099ec22b4ba5af20dd739586d5846b0102aad9f185b9b4389a5fd97a3f53db107918a117cb030b905d2124a8555ad8bf641e4a5bdc03c2f0298d3abd3dbafcfd40164aa5c315435afb04d405a1b30cca0c72bfd9598ce7e7bf4f35bed3c35c7c6a946659569ed4a8b4920611b27eaf01b10c9af0998cf8026bf57cdc2d1d48fcf9881c997686f1680b6dbda0ef5fd0faa107734a9e227f004c5915bf4f51e16ebf7ed97c223cd2aad3af9d9137e179a747ca036d123fcdceca0e6efa21027ae6e41378e7e4f4ddc1747786745c5dd339c10f9357330a00efac29da12f1301a062e2eba27833b8d1894c3c39bf0696593242c8b861703cdaa5f9b52bcfce68cf1784bd62140a6e10785f6c09150eac644d608a85d150322c93d29611a3a909375d8e97853186174c525cae463dd1f9ba51599c5f008f33d28cd8429bbb86b00ae07de2ed64900399fb90c82913bd963a6737784254f96462637a54663dfbb953d5a7b1baf47eec6e4817784b5ba338c94d7cb22bb6b01216a525ca07d759cfeebedb4eff8e3652e09b34a546967312c07e6dc6030899a52c937980e540b59f00a8f9eccd463b1979e09ed6c6585e68e3620787a215dbf39105233c976cd0a5a0a9742a48ee820e75cdcb612980c8b299d241c0261c37c8e859ee5f3b00b2f251dbe60e39794c335eb34fc7a9030d8b0dc6d034bf76231aa7f55c64aa65bdad4cefb5fa227ce700ce97b9b73711af7178b7efdbf03d30da4e571b5d35a5eff2fd519a4ba3145cf7f865b451edcc1c24233addb262a1136c1221c1ff840132d9390da81eee0bfe260fa3acf31ca58baf31c0094ef88154893dc13e8c964fdabf06c4536a2d0cbffb7249acc2c1be74bbc97e7336da168fb2760445bf2c308954305ad78e2edbf77927e8b7604f5d84d5b630a3710ccfba5565796ee079223642e6d1d31812445ccf54ecd0c9daf081723fc7c4f7726604b9956ee3fac4028e263f8cb86d1d1bf3168eea358447bf57c0c0b1732323e1ae1235251599240b65487222541b678e7b4e59af25b86e20fdc2ac72531aa82b913c4814549bccae212476f5b467f6d3434dc7e2ff3588188d5821c99fecdb5679c3ed7f8e995947494ddfc9ff6e5a3f8b0ce185df72930b73139f1e5acfbee3b46be2bb036570f0ddbc871616702a9669f4e56e5e0bbe8aa79c0b8bc660705e48d8dbf958c8c2eb1e5ab6b68d7b62f2ef65019d2d37a1a4fc4f0c675ee93b8d4edc9f44dfce767ab7bc195815f878502ddc04c2a28bed0e3a43b589e7268ebe1fca05f03b531bd61d8fb6242380e59cd34450f64197f426b870aa1e4a257d1bb8cf32cf413707d6b9e547d7898ffbe1527301acd72f56673b4763ac3ed423dd2e19cba4a43d6b917f368f9c0072a16a349ead69ca6c2fa71e35b6efe86713f133a7d1d3301b0913c00e6ba65f2060e3350b2cd6fb2ae41b1704967e8d567dd2d6d452eb1f969268ce2e01a5e3d8db6d64ef91b8e0b82a11f9d320219a158a82087366dfe50a8355fdd4ff751c84490b17031f2282ac688e7bdb83574ad5f65db101fa41d308716c37e47bc175e8ed676f076095a09fea726c9702a6927db8a3dd2dcc1cea52ed8197e99096b301fd987537424396bd9a929eeae6e70a78a99bcc300dd6c2369d2fd773415d98d5328ce41f7da2f3580897755f5fcf731c024a1611158f82d7e7dee5bf450d8877322d072b08ef9202f58c927363bb1e63968b93c887575bf35fefcb6ba23b3a6db02b4655f28304e39ae0773567231d0d326bbf9a181c4a338e65ea050799f80abb70c08894b29d1b1b9a960fc6309dd18675acda7a00c1bf2d723146814eeb9a7260f955be986f5745ea398eef74c917ca897f9a04a75214c39f6a7bf5743cf193f5d052228c88533b7128aa47529fb4bfea475f2773be4f4a99a2f2d137cf41b9399b78e4f9775b20fec459ae1bae514f573b5c86ef3f09d723b04c50f214ecbd33b0ceb39b9f8d6e50a53707fb6661e5b1f467f245a907ae785f16010d67350f0380b1ae6bd270b144bbd2ff17ce19337b55b018d67bb64316e23c05ed3ae60ee1af27ae42c7347cd41de22693e6b3f470f9966fd8be187dbd38bbcb79b396b3b457a88b39e349019a2370f58961c91bcff54c563dd620c9a8703d598ab3f29a05b0009059a44e6a36d6942351cf651664400357d5f9a4e1c57fddd75fb089c2d8f8ae775120282658c9a4f2c0131f77907ab4fa52c5daf8c520b91aefe76a71ff181cf3cf0381bbd1c5216bddeb50f2d7adb22552a791670b8f8440967300a7f4f56436229ea26a51ae39615e9e3d14800dfe54048019c3ef2cc5ff91e489bea446cd0567a7591bc0f6e06dfb079f7eb5a7179e98a612d35c35a4bc148fbf7d0cc5138a84f211862a53d27d5bd36d82c0157af3717443ecf92927946500ab809282c655c9665628afadf4e2a85ae389ec1f7b3498a5a4b614cdae88d995e45c69b83bea069648ab0c982fa2c5f26d228ff4657f4d608068d90d74de9e6e94460fdf62ff4995deb83ef7cffcdc96b63cb016c58023318c1d4ff61b91abc8f1922d9f58f2e9d8ff218438e398f5b3570566a17ff5d3548007f1c46be02d2dc34abdf67d480f4660bb6ffa97ec27ed29d6219930394e0281e795e6ccbb53e896d1b3503264c26db32bfd0b45c4de67f98644cf6f6507d1bc24aba82f885cf900ae1dd5cc86c35bc5f3fd6e0c3ab8b9bf032e3e4b64577c6ae8764cfc549aecab954f07c9a426ebe193fbf67cf75bd93f99b46bec8748d44cab391d251a3c9d8c972e38fa646adc9532a142d73342c64ff2bbef19b584c33d89e8ec0ee6f79508273aaac306c41604056b4bc5a9ff3b8b9650c1ba81830e44c0fa22a92d09fb0170a33192d151ce21c514abfc8c9cb7921fabbff8397b0fd8f5aa7b0dad37b2a5a7ebd7c5184757be602b321cbf886fcd728bc40f21a0f256ac5a30045d5c8c770b6d1f2ca9d91c561a2b72c9f541e64993300a4cbb1e2000193b9d5422902a872f86323989ed8c6cc8ce3a0a2e7ac90f0b11c6a8086e675f88abdae2a585683ad27ee346c085200804ee409aff9b6c60a128d2c02f5c9e549b24b678fc12232bae2b4b321a77e9384cbd97a8da4ffbdf7332f13d1c4bb852ed138047036a5c71248f18a20f15fb3eae49728e83a869b21ca51c9cfee47490746f67427927cc74f44978f4815ceddf0e80c95a09fe9703cdce42495bace6e9603b0007da29aea8985b645c3f8394946f14dc9ff500678dc1862e35144595ab1aee4c40619d383834a27215b1afd12878a39f6db6082b4c91b7571c5dbdec1dc32dd9bae6556cbc272ac7ae05c7f9ad534489d2da4fb9bef70fd29e7a1a59852f17a0516853e63c497292f98640fce84f00fb9a30c9465737465bb25ccb6999acbee9cbb5e77c5b3caa6ab991e15d88d3c18f73d858dc7d9173fee91a15152809d94a20c81d6ea71e97a61acf65bd59c495cc92a0d93bf95d475b74701d09c0de238a530cb2d6cd92d37565ff8a0ee45fe86945157b63e2c5e3fe8da9e0d21fea5678fadb7ca917dfe261a3605aba788dd27b920b22d6df933294dd5bfdb7d6555b7d2de4e69a2c52d587e660479e7ae566a7f753b359386d0447fba503c04fcd8c49e6cc829d0eac0a80929fe0dad84c6dc58f9327ed3ae423bc379a74dd5b1164b286554b1042774c8a6de073c1e1791ee373aa21e0f31cf8d54931140cbaa775eda6ecd5412a5228a2b3e0384c2e99db143cee1ff5f5e8096adc649619e292ca1ea8d1f37efe431f1b7409a479c9b4eecba94415a4eee6f0a99c5a843809e313d5ecc064cfd7eaa0a0a8c2367b2f537c933f72be6701d728e45128ff75c68551f9ef22cb506b8f9f80d5520c89c29f083da8cdc5c1e1df598b7dd466d987803adb0eca8db63661b93abf02d9f8e6fe2af1688647ed4a30a2a280f00ebf55ad445b67b42e5e84faee64af553535f483ecf4476de0b61d6f5402a43228aa7b9e65adbb61b0347dc775b65711a0427e99300acd9f3644a9a3c8978f7714815f37a3a03ea76f9cd1745d184d847853ebdbeabebc74ec5ede00c985e61ac75d221c8926cd9d48da895e715504ccd5a86bcf7415d2b7545312b0805db6f975d3570ce62b75ca26582aa86a1f1c8c35ce92863227c4b10d3000b59a2b6921e5b24cf78ea9b1feb0d1dc09aeaeaf5454319b4e6ce6a03c8a13b6d7cd3f1ac32bbbaa3703cdfb9358fab0747a127a9225d7b4d780fc2ab8792297b1eb41dda0cb96368178d3e3803a20fe8c3a031d6f31ffbd591faea35796fb47aa50a244d41801f2b0485bb985f4ef0be1d6bd71f6bd5873eb69d70c40f027abdc4662e4cc5f0604280e3ff0fa44ae58e0d4c9f22e310cfa63f7bac336c592fa61b5f35047e3c02cc5023ae64a384e148c156bf7ea319d1f21b345bb518e3f3004093a643b4c4eb9374918a3930f18a1a398bfe62da9423288c4807a70e681379d967d0a189d2575f8096ad26544530f1d3112fd97d45e2fc4d265be9da7613c4e6491b9915990d00738b88d1fc14fb74d3ff80becf3d73b6bdb0253e3efa3eed4eef7efc3510ed9013c13c3758db475ef7a711f530f4a55754b40bc1b894ed2c9df568700bc086a8ef639de1e276765a6cd5f4b821a955b155d122809351917ef35d66da1973bd2c12efc7f18277ee5f85b09647b5f47557f4387ce77fcf6c624c627e6616c73edd5d558f9c7a16bb73b5d2bb4e14621950c55b70dc6bc367da27c529e6907c89d253ef67540e", 0x1000}], 0x1}}], 0x4, 0x20000000) mkdir(&(0x7f0000000040)='./file1\x00', 0x0) mount$overlay(0x40000a, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='overlay\x00', 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="75707065726469726f7765726469723d2e2f66696c65302c776f616b64698000000066696c65315c00"/51]) 03:37:06 executing program 5: syz_open_dev$sndtimer(&(0x7f0000000100)='/dev/snd/timer\x00', 0x0, 0xc2) r0 = memfd_create(&(0x7f0000000040)='\x00\xac=\x9d\xd2\xdb\xe6\xbf\xb4\b\xedcJ\x8e\x84\xd4N\x12\x9b\x1f\t\xbd\x11+\x86T\x16\xa3\xb3\xae0\x9f9?\xefo\xa4k\x012>\xa1\x9c\x86x\x1c\x9f\x84\x195\xde\x97_\t~\xf3Y\x12\"p^\xc1\x0f', 0x0) pipe2(&(0x7f00000001c0)={0xffffffffffffffff}, 0x80000) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000240)='TIPCv2\x00') sendmsg$TIPC_NL_PUBL_GET(r1, &(0x7f00000004c0)={&(0x7f0000000200), 0xc, &(0x7f0000000400)={&(0x7f0000000700)=ANY=[@ANYBLOB="f800b900ee6059aa5bf14ff6a69df6cf78598587885cc2979be4d33804ce45cf25a023e9d85b90b16d1c4f676e9d8d20b58f8357894ddc76b8621dbea8fcf60e000000000000beb107743e7f8356bb1b4c0de66bec6f53d13682abef3e61e52e81ef49b7430113f3811d3f04cf033549732f89d78a64aad3db174f0fa25aae831eb197865d", @ANYRES16=r2, @ANYBLOB="00012abd7000fedbdf25070000002400020008000100a400000008000100800000000800010000000000080001000600000068000100080003000000000008000300ff000000380004001400010002004e20e00000020000000000000000200002000a00000000000005ff010000000000000000000000000001060000000c00020008000300f7e50000100001007564703a73797a3100000000140009000800010002000000080002005f03000020000200080002003200000004000400080001000500000008000100fdffffff24000900080001000400000008000200348bffff08000100020000000800010000000100d38e0166af14aef0fed3fe37ccb98b8e1d618758710bcc343515620b7485b2e5d34afd97798864139f9bd4a82584dd5fa513b2"], 0x3}, 0x1, 0x0, 0x0, 0x40000}, 0x20004010) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='Cpuacct.stE\xae\x00', 0x275a, 0x0) r3 = creat(&(0x7f0000000080)='./bus\x00', 0x0) fallocate(r3, 0x0, 0x0, 0x1) read$eventfd(r3, &(0x7f00000003c0), 0x8) fallocate(r0, 0xe, 0x6, 0xffffffffffff5a11) r4 = creat(&(0x7f0000000280)='./bus\x00', 0x80) r5 = socket$inet6(0xa, 0x400000000001, 0x0) r6 = fcntl$getown(r4, 0x9) capget(&(0x7f00000000c0)={0x20080522, r6}, &(0x7f0000000140)={0x1, 0x8000, 0x81, 0x40, 0xfffffffff0520d4f, 0x5}) r7 = dup(r5) ioctl$FICLONE(0xffffffffffffffff, 0x40049409, r5) setsockopt$inet6_tcp_int(r7, 0x6, 0x12, &(0x7f0000000000)=0x7f, 0x4) bind$inet6(r5, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r5, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$SO_BINDTODEVICE(r5, 0x1, 0x19, &(0x7f0000000180)='syz_tun\x00', 0x10) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x400}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r8 = open(&(0x7f0000000440)='./bus\x00', 0x141042, 0x0) ftruncate(r4, 0x800fe) sendfile(r7, r8, 0x0, 0x8000fffffffe) 03:37:06 executing program 1: r0 = getpid() sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/ubi_ctrl\x00', 0x0, 0x0) r2 = syz_open_dev$midi(&(0x7f0000000240)='/dev/midi#\x00', 0x2, 0x8000) r3 = getegid() getresgid(&(0x7f0000000080), &(0x7f0000000100), &(0x7f0000000180)=0x0) getgroups(0x2, &(0x7f0000000300)=[r3, r4]) setsockopt$ARPT_SO_SET_ADD_COUNTERS(0xffffffffffffffff, 0x0, 0x61, &(0x7f0000000280)={'filter\x00', 0x4}, 0x68) r5 = socket$inet6(0xa, 0x2, 0x0) ptrace$getenv(0x4201, r0, 0x3, &(0x7f0000000500)) openat(r2, &(0x7f00000003c0)='./file0\x00', 0x80000, 0x20) ioctl$VT_RESIZE(r1, 0x5609, &(0x7f0000000400)={0x8, 0x8, 0x4}) setsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x0, 0x0, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) setsockopt$ARPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x60, &(0x7f0000000580)=ANY=[@ANYBLOB="66696c746572000000000000000000000000000000000000000000000000000007000000040000005804000000000000300200003002000070030000700300007003000004", @ANYPTR=&(0x7f0000000540)=ANY=[@ANYBLOB='\x00\x00\x00 \x00'/64], @ANYBLOB="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f0001801000000000000000000000000000000000000000000000000000028004155444954000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f0001801000000000000000000000000000000000000000000000000000028004e46515545554500000000000000000000000000000000000000000000030800090002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f0004001000000000000000000000000000000000000000000000000000050006d616e676c650000000000000000000000000000000000000000000000000180c200000e0000000000000000000000000000000000000000000000000000ffffffff00000ed608000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c000e8000000000000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000000feffffff00000000"], 0x3) recvmmsg(r5, 0x0, 0x0, 0x44000102, 0x0) sendto$inet6(r5, 0x0, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) write(r7, &(0x7f0000000340), 0x41395527) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000380)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r8+30000000}, 0x0) fcntl$dupfd(r2, 0x0, r1) vmsplice(r6, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) 03:37:06 executing program 0: r0 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/avc/cache_stats\x00', 0x0, 0x0) ioctl$KVM_HAS_DEVICE_ATTR(r0, 0x4018aee3, &(0x7f00000000c0)={0x0, 0x6, 0x0, &(0x7f0000000080)=0x5}) r1 = socket$kcm(0xa, 0x2, 0x11) openat$cgroup_procs(r0, &(0x7f0000000100)='tasks\x00', 0x2, 0x0) setsockopt$sock_attach_bpf(r1, 0x88, 0x66, &(0x7f0000000000), 0x4) [ 587.155446] FAULT_INJECTION: forcing a failure. [ 587.155446] name failslab, interval 1, probability 0, space 0, times 0 [ 587.172611] overlayfs: unrecognized mount option "upperdirowerdir=./file0" or missing value [ 587.182964] CPU: 1 PID: 22389 Comm: syz-executor.3 Not tainted 4.14.138 #34 [ 587.190065] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 587.199463] Call Trace: [ 587.202042] dump_stack+0x138/0x19c 03:37:06 executing program 0: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2(0x0, 0x800) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000400)={0x0, 0x0}, &(0x7f0000000580)=0xc) lstat(0x0, &(0x7f00000007c0)) r2 = openat$proc_capi20(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/capi/capi20\x00', 0x800, 0x0) ioctl$UI_BEGIN_FF_ERASE(r2, 0xc00c55ca, &(0x7f00000005c0)={0x7, 0x9, 0x9}) getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, &(0x7f0000000940)={{{@in=@broadcast, @in6=@initdev}}, {{@in6=@remote}, 0x0, @in6=@empty}}, &(0x7f0000000680)=0xe8) syz_genetlink_get_family_id$SEG6(&(0x7f00000002c0)='SEG6\x00') bind$inet(r2, &(0x7f0000000240)={0x2, 0x4e20, @broadcast}, 0x10) clone(0x2100001ff8, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) add_key$keyring(&(0x7f0000000440)='keyring\x00', &(0x7f0000000480)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffc) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) timer_create(0x0, &(0x7f0000000280)={0x0, 0x0, 0x2, @thr={0x0, &(0x7f0000000600)="0148a534fa338d7177e9527070eac0e1f66216b476822560c18b47a1ba351b9e691349ebda81728ec63ec2250e9131377f781dad53c7c8a8a069b9935593b7458ab1788322a2fe775a5d34d3cab8a2737e59f4fccc7666522d4ddc31f1c8eab236f5f0186c76604f96f16ec814b84347593b02d5a6ce0d"}}, 0x0) r3 = dup3(r0, r0, 0x0) fsetxattr$security_evm(r0, 0x0, &(0x7f0000000240)=ANY=[], 0x0, 0x4) r4 = getuid() ioctl$TIOCGPGRP(r3, 0x540f, &(0x7f0000000140)) lstat(&(0x7f00000003c0)='./file0\x00', &(0x7f0000000500)) dup(r3) ioctl$BLKTRACESETUP(r3, 0xc0481273, 0x0) getsockopt$sock_cred(0xffffffffffffff9c, 0x1, 0x11, &(0x7f0000000300)={0x0, 0x0, 0x0}, &(0x7f0000000180)=0x5b) chown(&(0x7f0000000040)='./file0\x00', r4, r5) ioctl$EVIOCGKEYCODE_V2(r2, 0x80284504, &(0x7f0000000840)=""/202) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x40800000, 0x1, &(0x7f0000000100)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x3a, 0x400}], 0x1, 0x0) dup(0xffffffffffffffff) ioctl$EVIOCGMTSLOTS(0xffffffffffffffff, 0x8040450a, 0x0) rename(&(0x7f00000004c0)='./file0\x00', &(0x7f0000000b80)='./file0\x00') mount$bpf(0x0, &(0x7f0000000340)='./file0\x00', &(0x7f0000000380)='bpf\x00', 0x814000, &(0x7f0000000dc0)=ANY=[@ANYBLOB="6d6f64653d30303030303030303030303030303030303030303030362c6d6f64653d30303030303030303030303030303030303030303030302c6d6f64653d30303030303030303030303030303030303030303430302c6d6f64653d30303030303030453030303030303030303030303030332c6d6f64653d30303030303030303030303032303030303030303030302c6d6f64653d30303030303030303030303030303030303030303137372c6d6f64653d30303030303030303030303030303030303030303031312c6d6f64653d30303030303030303030303030303030303030303030332c6d6f64653d30303030303030303030303030303030303030313130332c6d6f64653d30303030303030303030343030303030303030303034302c7375626a5f757365723d2c6f626a5f757365723d47504c2c7569643e8aab5d7ed8912fcb3402aba05f5aacc7c4273cd14b632740c70189f19162078f54eecf11798ae8113e96748c5dcd8290b18a0731092220867be7c5a1ddd7b8f07450ab80438d6d50d2582623a64091c35ae366ac85fb04bb1820e44910e0748b794b67", @ANYRESDEC=r1, @ANYBLOB="e9fcc4841e284bdf672c66736e61", @ANYRESDEC=r4, @ANYBLOB="66665f752cfe00000000e5ffffffffffffff"]) [ 587.205650] should_fail.cold+0x10f/0x159 [ 587.209779] should_failslab+0xdb/0x130 [ 587.213732] kmem_cache_alloc+0x47/0x780 [ 587.217772] ? anon_vma_chain_link+0x142/0x1a0 [ 587.222350] anon_vma_clone+0xde/0x470 [ 587.226336] anon_vma_fork+0x87/0x4d0 [ 587.230132] copy_process.part.0+0x45e2/0x6a00 [ 587.234797] ? __cleanup_sighand+0x50/0x50 [ 587.239066] ? lock_downgrade+0x6e0/0x6e0 [ 587.243212] _do_fork+0x19e/0xce0 [ 587.246659] ? fork_idle+0x280/0x280 [ 587.250430] ? fput+0xd4/0x150 03:37:06 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000015000/0x18000)=nil, &(0x7f0000000180)=[@text16={0x10, &(0x7f0000000040)="baa000ec3e3e3e0f2b75ee65f30f008f6300a6aff4660f3a62227d0f20e06635000040000f22e0260f0350000f01cf", 0x2f}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = fcntl$dupfd(r0, 0x0, r2) sendmsg$FOU_CMD_GET(r3, &(0x7f0000000240)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x3}, 0xc, 0x0}, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x62160558]}) getpeername$unix(0xffffffffffffffff, &(0x7f0000000380), &(0x7f0000000280)=0x6e) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_IRQ_LINE_STATUS(r1, 0xc008ae67, &(0x7f0000000100)={0x8, 0x1000}) ioctl$KVM_SET_LAPIC(r2, 0x4400ae8f, &(0x7f0000000480)={"43f4a40fb5be72ef21e46d69be996dc4a715044f3f833f58903b2ad46517c62860446c9580a082ca897ba490b72d33fe448294dc7c47c54dbe6290ee45bd6d91f17200f9b8f1cf16def551282923b5d69d5e3324d03bd3644dd8116cb23aa6300bf797eb164842d17f9af78a949389c4561ebe1867f77970fc7f5e087fb96ca86d5496134ad89f69de7493f0308fc85834db913c4d43c665e7b53f4669a46c4eec34cbfbe4cf3e1e5ac60ec4c3212d6c688c41091c5c2416304bfdaa532d4f72d24536d418507e41942f263629f6fe8a81ea7bb8f751f5c2758b12deeefec09575aaf1f9b95a3a41586be397d7783b72cdc7b3b44ff734831eca11a170dfd8220bc079a0d5cec58f06248037bde9e4763e08f2d575a6d7ebf3b9da63298f3ab8bf0bcb02bf549653f9bf04cb4ebbf9645e52cfe2816da11cd9d6476c25c2824011739a716b4786c797064bbb977f871404275d79f3c5bcf8cabdf4732017ccfedf2ab0e97eacd05bc5b1b57c6993d6f3e8e118558c055af6f91998f49817946870aa9d839f22faf5e6ef2fb6d2a9c65aed976190542b807db3291cb77d7985dffd4b73793890aa856c5eb551ab74ba47d26816744b5aa4d2564b98e774580303ba4609624b8218b7e8231a4a4a3c0b3192fc0815a469b6091ea06b55c2d51722e75a0ba4eccfe66e7d1851eee2abfa9fe8c91a16999fd28ca215a66f7d2dec5170d29e25aac6b3aabb8a720a587569c63b0301f4eba561319a981297001fee6efabd0c8d71a75dde29c1e8f150b332d0caae8c789bdc6f059a4dccfcf533bc8cfb0fa51a849883146c2dfb6de93fb9df63bdc871166f5e1778f249cd629060cb09a836123766b4dedc3827b30c8ddb7314e47af06cbd046096ef861b932fbb3738547798f50ed0e4719ea95022cc15d9eb04871aca6570b95877dd75743f3bb7cded91198223415f72045246db334f223d317044b50cf4f85e7eca688b51a4c63e6a532cbc8d2c246c4dd52c7afd1c5922785f7059c5f21436462b9903b7e57985291052ee44d3947db1909be58a2e4cfe799658e8b334ce23bc5fbb934ef9e7d4b4c4fee6d8bd2c52b1da6991aa9955ddb2dcba82cedde4f6b934c637a7e73c0b71d71a456ae6f660c1cf3b8efeaa6f58767604de6669d36a3b9fd6f01149a77abba845d3d61ec7707ee4a47431a58a54afc3f411b81ba1de7dcf6c4dc262c4a0dc5e9d40dcff653cf82907b647079ed3fc7eacb90f51a898b69b504247469a7fe0e73a440310fe1f9abad4d68d93198a0736f906972aaabbb80acf12a50c264c8675f262512d07bfa33275f4fb543fdf2a6684df3e1b0c1c6677725da7322f4dee1beff08568baaa13fa34fc62458ca857bfdf311783263d05426e430f658c04bffcff9354bbd80366fdfd43ca12d210e6b9647e6ec187be9a680e146a6a2c"}) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f00000000c0)) syz_genetlink_get_family_id$nbd(&(0x7f0000000440)='nbd\x00') ioctl$KVM_RUN(r2, 0xae80, 0x0) 03:37:06 executing program 0: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x0, 0x11, r0, 0x0) remap_file_pages(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x0, 0x0, 0x0) stat(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0}) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000000100)={{{@in6=@initdev, @in6=@remote, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@local}, 0x0, @in6=@dev}}, &(0x7f0000000200)=0xe8) getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f0000000240)={{{@in, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@loopback}, 0x0, @in6=@mcast1}}, &(0x7f0000000340)=0xe8) r4 = getuid() r5 = geteuid() stat(&(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0, 0x0}) getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, &(0x7f0000000440)={{{@in6=@loopback, @in=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@loopback}, 0x0, @in6=@ipv4={[], [], @multicast2}}}, &(0x7f0000000540)=0xe8) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000000580)={{{@in=@initdev, @in6=@mcast2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@loopback}, 0x0, @in6=@mcast2}}, &(0x7f0000000680)=0xe8) getresuid(&(0x7f00000006c0)=0x0, &(0x7f0000000700), &(0x7f0000000740)) r10 = getegid() stat(&(0x7f0000000780)='./file0\x00', &(0x7f00000007c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r12 = getegid() stat(&(0x7f0000000840)='./file0\x00', &(0x7f0000000880)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r14 = getegid() getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000900)={0x0, 0x0, 0x0}, &(0x7f0000000940)=0xc) r16 = getegid() getresgid(&(0x7f0000000980), &(0x7f00000009c0)=0x0, &(0x7f0000000a00)) fsetxattr$system_posix_acl(r0, &(0x7f0000000000)='system.posix_acl_default\x00', &(0x7f0000000a40)={{}, {0x1, 0x4}, [{0x2, 0x6, r1}, {0x2, 0x3, r2}, {0x2, 0x1, r3}, {0x2, 0x1, r4}, {0x2, 0x1, r5}, {0x2, 0x6, r6}, {0x2, 0x2, r7}, {0x2, 0x4, r8}, {0x2, 0xdddaf8f3bfcfeb82, r9}], {0x4, 0x4}, [{0x8, 0x4, r10}, {0x8, 0x2, r11}, {0x8, 0x4, r12}, {0x8, 0x6, r13}, {0x8, 0x2, r14}, {0x8, 0x2, r15}, {0x8, 0x1, r16}, {0x8, 0x0, r17}], {0x10, 0x1}, {0x20, 0x4}}, 0xac, 0x3) remap_file_pages(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x0, 0x0, 0x0) 03:37:06 executing program 5: syz_open_dev$sndtimer(&(0x7f0000000100)='/dev/snd/timer\x00', 0x0, 0xc2) r0 = memfd_create(&(0x7f0000000040)='\x00\xac=\x9d\xd2\xdb\xe6\xbf\xb4\b\xedcJ\x8e\x84\xd4N\x12\x9b\x1f\t\xbd\x11+\x86T\x16\xa3\xb3\xae0\x9f9?\xefo\xa4k\x012>\xa1\x9c\x86x\x1c\x9f\x84\x195\xde\x97_\t~\xf3Y\x12\"p^\xc1\x0f', 0x0) pipe2(&(0x7f00000001c0)={0xffffffffffffffff}, 0x80000) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000240)='TIPCv2\x00') sendmsg$TIPC_NL_PUBL_GET(r1, &(0x7f00000004c0)={&(0x7f0000000200), 0xc, &(0x7f0000000400)={&(0x7f0000000700)=ANY=[@ANYBLOB="f800b900ee6059aa5bf14ff6a69df6cf78598587885cc2979be4d33804ce45cf25a023e9d85b90b16d1c4f676e9d8d20b58f8357894ddc76b8621dbea8fcf60e000000000000beb107743e7f8356bb1b4c0de66bec6f53d13682abef3e61e52e81ef49b7430113f3811d3f04cf033549732f89d78a64aad3db174f0fa25aae831eb197865d", @ANYRES16=r2, @ANYBLOB="00012abd7000fedbdf25070000002400020008000100a400000008000100800000000800010000000000080001000600000068000100080003000000000008000300ff000000380004001400010002004e20e00000020000000000000000200002000a00000000000005ff010000000000000000000000000001060000000c00020008000300f7e50000100001007564703a73797a3100000000140009000800010002000000080002005f03000020000200080002003200000004000400080001000500000008000100fdffffff24000900080001000400000008000200348bffff08000100020000000800010000000100d38e0166af14aef0fed3fe37ccb98b8e1d618758710bcc343515620b7485b2e5d34afd97798864139f9bd4a82584dd5fa513b2"], 0x3}, 0x1, 0x0, 0x0, 0x40000}, 0x20004010) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='Cpuacct.stE\xae\x00', 0x275a, 0x0) r3 = creat(&(0x7f0000000080)='./bus\x00', 0x0) fallocate(r3, 0x0, 0x0, 0x1) read$eventfd(r3, &(0x7f00000003c0), 0x8) fallocate(r0, 0xe, 0x6, 0xffffffffffff5a11) r4 = creat(&(0x7f0000000280)='./bus\x00', 0x80) r5 = socket$inet6(0xa, 0x400000000001, 0x0) r6 = fcntl$getown(r4, 0x9) capget(&(0x7f00000000c0)={0x20080522, r6}, &(0x7f0000000140)={0x1, 0x8000, 0x81, 0x40, 0xfffffffff0520d4f, 0x5}) r7 = dup(r5) ioctl$FICLONE(0xffffffffffffffff, 0x40049409, r5) setsockopt$inet6_tcp_int(r7, 0x6, 0x12, &(0x7f0000000000)=0x7f, 0x4) bind$inet6(r5, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r5, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$SO_BINDTODEVICE(r5, 0x1, 0x19, &(0x7f0000000180)='syz_tun\x00', 0x10) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x400}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r8 = open(&(0x7f0000000440)='./bus\x00', 0x141042, 0x0) ftruncate(r4, 0x800fe) sendfile(r7, r8, 0x0, 0x8000fffffffe) [ 587.253608] ? SyS_write+0x15e/0x230 [ 587.257384] SyS_clone+0x37/0x50 [ 587.260738] ? sys_vfork+0x30/0x30 [ 587.264270] do_syscall_64+0x1e8/0x640 [ 587.268188] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 587.273071] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 587.278250] RIP: 0033:0x459829 [ 587.281700] RSP: 002b:00007f74f3dd6c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 587.289494] RAX: ffffffffffffffda RBX: 00007f74f3dd6c90 RCX: 0000000000459829 [ 587.296752] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 03:37:06 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x822102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg$netlink(0xffffffffffffffff, &(0x7f0000001dc0)={0x0, 0x0, &(0x7f00000000c0)=[{0x0, 0xfffffffffffffce2}, {0x0, 0x15e}, {0x0, 0x2c3}, {&(0x7f0000000000)=ANY=[@ANYBLOB="b803010000000020000000000000000000"], 0x9c}], 0x4}, 0x0) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x4) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, 0x0) ptrace$cont(0x7, r0, 0x0, 0x0) [ 587.304004] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 587.311276] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f74f3dd76d4 [ 587.318530] R13: 00000000004bfce6 R14: 00000000004d1a38 R15: 0000000000000004 03:37:06 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca50d5e0bcfe47bf070") mkdir(&(0x7f00000001c0)='./file0\x00', 0x0) mkdir(&(0x7f0000000040)='./file1\x00', 0x0) msgget$private(0x0, 0x100) mount$overlay(0x40000a, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='overlay\x00', 0x0, &(0x7f0000000100)={[{@upperdir={'upperdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './file1'}, 0x5c}], [], 0xf603000000000000}) getsockname$packet(0xffffffffffffffff, &(0x7f0000000080)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000000140)=0xb017dfa05345e2f8) getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000000280)={{{@in6, @in=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@ipv4={[], [], @broadcast}}, 0x0, @in6}}, &(0x7f0000000380)=0xe8) socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$inet_IP_IPSEC_POLICY(r0, 0x0, 0x10, &(0x7f00000003c0)={{{@in=@multicast2, @in=@empty, 0x4e22, 0xcee6000, 0x4e23, 0x10001, 0xa, 0x80, 0x0, 0x32, r1, r2}, {0x7fffffff, 0x100, 0x2e6, 0x0, 0x2, 0x6, 0x7, 0x800}, {0xa528, 0x4, 0x3, 0x47416acd}, 0x8001, 0x6e6bb1, 0x1, 0x0, 0x2}, {{@in6=@mcast2, 0x4d3, 0x7c}, 0xa, @in=@initdev={0xac, 0x1e, 0x0, 0x0}, 0x3500, 0x2, 0x1, 0x4, 0x0, 0x10001, 0x10000000000}}, 0xe8) 03:37:06 executing program 3 (fault-call:6 fault-nth:19): mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000200)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000003c0)='./file0\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffe000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) 03:37:06 executing program 0: openat$selinux_mls(0xffffffffffffff9c, 0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x1, 0x0, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x23, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x71d3, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000), 0x2}, 0x0, 0x0, 0xff}, 0x0, 0xfffffffffffffffd, 0xffffffffffffffff, 0x0) migrate_pages(0x0, 0x3, &(0x7f0000000100)=0xffffffff, &(0x7f0000000140)=0x5) [ 587.382662] x86/PAT: syz-executor.3:22419 freeing invalid memtype [mem 0x00002000-0x00002fff] [ 587.410789] overlayfs: filesystem on './file0' not supported as upperdir 03:37:06 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca50d5e0bcfe47bf070") mkdir(&(0x7f00000001c0)='./file0\x00', 0x0) mkdir(&(0x7f0000000040)='./file1\x00', 0x0) mount$overlay(0x40000a, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='overlay\x00', 0x0, &(0x7f0000000100)={[{@upperdir={'upperdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './file1'}, 0x5c}], [], 0xf603000000000000}) r1 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vga_arbiter\x00', 0x10000, 0x0) setxattr$security_smack_transmute(&(0x7f0000000180)='./file0\x00', &(0x7f0000000200)='security.SMACK64TRANSMUTE\x00', &(0x7f0000000240)='TRUE', 0x4, 0x3) ioctl$FS_IOC_GET_ENCRYPTION_POLICY(r1, 0x400c6615, &(0x7f0000000280)) ioctl$CAPI_NCCI_GETUNIT(r1, 0x80044327, &(0x7f0000000140)=0x6) [ 587.430513] FAULT_INJECTION: forcing a failure. [ 587.430513] name failslab, interval 1, probability 0, space 0, times 0 [ 587.449058] CPU: 1 PID: 22430 Comm: syz-executor.3 Not tainted 4.14.138 #34 [ 587.456172] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 587.465724] Call Trace: [ 587.468311] dump_stack+0x138/0x19c [ 587.471923] should_fail.cold+0x10f/0x159 [ 587.476063] should_failslab+0xdb/0x130 [ 587.480021] kmem_cache_alloc+0x47/0x780 [ 587.484063] ? anon_vma_chain_link+0x142/0x1a0 [ 587.488626] anon_vma_clone+0xde/0x470 [ 587.492495] anon_vma_fork+0x87/0x4d0 [ 587.496276] copy_process.part.0+0x45e2/0x6a00 [ 587.500866] ? __cleanup_sighand+0x50/0x50 [ 587.505161] ? lock_downgrade+0x6e0/0x6e0 [ 587.509299] _do_fork+0x19e/0xce0 [ 587.512731] ? fork_idle+0x280/0x280 [ 587.516426] ? fput+0xd4/0x150 [ 587.519598] ? SyS_write+0x15e/0x230 [ 587.523298] SyS_clone+0x37/0x50 [ 587.526641] ? sys_vfork+0x30/0x30 03:37:06 executing program 0: r0 = syz_open_procfs(0x0, &(0x7f0000000000)='fd/0\x00yFAtz\x9b\x88\xb3\x04\x04\xd7a7\x1a\xb2h-ex\xb4\x13\x89\xc1\xc6_\xd9\xb3<^\xfe\b\x10\f\xad\xf6\xd6J\th\xeb;!o\xa2\xcf\xc18)\xa29\xca#9\xbc$\xfd\xef~\x12\x81\xd4\xc5~c\b\xb1\xb091\xbe\xe0%k\x83\xeen\xa6R\xab`:{\x97rg\xd3.\x13\x10\xaf]\xc1\xf7\xec\xcdz\xb2\x00W\xd5G\xff\x9c\xa4Z\xac\x85n\xcc\x00') setsockopt$sock_linger(r0, 0x1, 0xd, &(0x7f0000000140)={0x1, 0x3}, 0x8) r1 = socket$inet_udplite(0x2, 0x2, 0x88) dup2(r1, r0) [ 587.530173] do_syscall_64+0x1e8/0x640 [ 587.534046] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 587.538878] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 587.544044] RIP: 0033:0x459829 [ 587.547217] RSP: 002b:00007f74f3dd6c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 587.554917] RAX: ffffffffffffffda RBX: 00007f74f3dd6c90 RCX: 0000000000459829 [ 587.562178] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 587.569435] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 03:37:06 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000002c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(cast5)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f00000000c0)="0a0775b005", 0x5) r1 = accept$alg(r0, 0x0, 0x0) sendmsg(r1, &(0x7f0000000540)={0x0, 0x0, &(0x7f00000019c0)=[{&(0x7f0000000100)="4f565cca325ef8b6", 0x8}], 0x1}, 0x0) recvmsg(r1, &(0x7f00000001c0)={0x0, 0x100000000000000, &(0x7f0000001600)=[{&(0x7f0000000580)=""/4096, 0x7ffff000}], 0x1, 0x0, 0x141}, 0x0) r2 = shmget(0x1, 0x4000, 0x78000200, &(0x7f0000ffb000/0x4000)=nil) r3 = getpgid(0xffffffffffffffff) fcntl$setown(r1, 0x8, r3) stat(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0}) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000140)={0x0, 0x0, 0x0}, &(0x7f0000000180)=0xc) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000000340)={{{@in6=@dev, @in6=@loopback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@ipv4={[], [], @dev}}, 0x0, @in6=@ipv4={[], [], @multicast2}}}, &(0x7f0000000200)=0xe8) fstat(r0, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r8 = getpgid(0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000440)={0x0}, &(0x7f0000000480)=0xc) shmctl$IPC_SET(r2, 0x1, &(0x7f00000004c0)={{0x5, r4, r5, r6, r7, 0x80, 0x1}, 0x9, 0x0, 0xfb4, 0x2, r8, r9}) 03:37:06 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) writev(r0, &(0x7f0000000000)=[{&(0x7f0000000080)="580000001400192340834b80040d8c560a067fffffff81004e220000000058000b4824ca945f64009400050028925a01000800000000008000f0fffeffe809000000fff5dd000000100001000905080041490000420004fc", 0x58}], 0x1) 03:37:06 executing program 5: syz_open_dev$sndtimer(&(0x7f0000000100)='/dev/snd/timer\x00', 0x0, 0xc2) r0 = memfd_create(&(0x7f0000000040)='\x00\xac=\x9d\xd2\xdb\xe6\xbf\xb4\b\xedcJ\x8e\x84\xd4N\x12\x9b\x1f\t\xbd\x11+\x86T\x16\xa3\xb3\xae0\x9f9?\xefo\xa4k\x012>\xa1\x9c\x86x\x1c\x9f\x84\x195\xde\x97_\t~\xf3Y\x12\"p^\xc1\x0f', 0x0) pipe2(&(0x7f00000001c0)={0xffffffffffffffff}, 0x80000) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000240)='TIPCv2\x00') sendmsg$TIPC_NL_PUBL_GET(r1, &(0x7f00000004c0)={&(0x7f0000000200), 0xc, &(0x7f0000000400)={&(0x7f0000000700)=ANY=[@ANYBLOB="f800b900ee6059aa5bf14ff6a69df6cf78598587885cc2979be4d33804ce45cf25a023e9d85b90b16d1c4f676e9d8d20b58f8357894ddc76b8621dbea8fcf60e000000000000beb107743e7f8356bb1b4c0de66bec6f53d13682abef3e61e52e81ef49b7430113f3811d3f04cf033549732f89d78a64aad3db174f0fa25aae831eb197865d", @ANYRES16=r2, @ANYBLOB="00012abd7000fedbdf25070000002400020008000100a400000008000100800000000800010000000000080001000600000068000100080003000000000008000300ff000000380004001400010002004e20e00000020000000000000000200002000a00000000000005ff010000000000000000000000000001060000000c00020008000300f7e50000100001007564703a73797a3100000000140009000800010002000000080002005f03000020000200080002003200000004000400080001000500000008000100fdffffff24000900080001000400000008000200348bffff08000100020000000800010000000100d38e0166af14aef0fed3fe37ccb98b8e1d618758710bcc343515620b7485b2e5d34afd97798864139f9bd4a82584dd5fa513b207b6aed55e6fa9e1a400b4c5cfda809f61fa901ac4"], 0x3}, 0x1, 0x0, 0x0, 0x40000}, 0x20004010) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='Cpuacct.stE\xae\x00', 0x275a, 0x0) r3 = creat(&(0x7f0000000080)='./bus\x00', 0x0) fallocate(r3, 0x0, 0x0, 0x1) read$eventfd(r3, &(0x7f00000003c0), 0x8) fallocate(r0, 0xe, 0x6, 0xffffffffffff5a11) r4 = creat(&(0x7f0000000280)='./bus\x00', 0x80) r5 = socket$inet6(0xa, 0x400000000001, 0x0) r6 = fcntl$getown(r4, 0x9) capget(&(0x7f00000000c0)={0x20080522, r6}, &(0x7f0000000140)={0x1, 0x8000, 0x81, 0x40, 0xfffffffff0520d4f, 0x5}) r7 = dup(r5) ioctl$FICLONE(0xffffffffffffffff, 0x40049409, r5) setsockopt$inet6_tcp_int(r7, 0x6, 0x12, &(0x7f0000000000)=0x7f, 0x4) bind$inet6(r5, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r5, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$SO_BINDTODEVICE(r5, 0x1, 0x19, &(0x7f0000000180)='syz_tun\x00', 0x10) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x400}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r8 = open(&(0x7f0000000440)='./bus\x00', 0x141042, 0x0) ftruncate(r4, 0x800fe) sendfile(r7, r8, 0x0, 0x8000fffffffe) 03:37:06 executing program 3 (fault-call:6 fault-nth:20): mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000200)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000003c0)='./file0\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffe000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) [ 587.576697] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f74f3dd76d4 [ 587.583956] R13: 00000000004bfce6 R14: 00000000004d1a38 R15: 0000000000000004 [ 587.603869] x86/PAT: syz-executor.3:22437 freeing invalid memtype [mem 0x00002000-0x00002fff] 03:37:06 executing program 0: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000300)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_S_FMT(r0, 0xc0d05605, &(0x7f0000000100)={0x2, @sliced={0x25}}) ioctl$VIDIOC_SUBDEV_S_CROP(r0, 0xc038563c, &(0x7f0000000000)={0x1, 0x0, {0x4, 0x101, 0x1ff, 0x100000000}}) [ 587.659614] netlink: 64 bytes leftover after parsing attributes in process `syz-executor.0'. [ 587.664504] overlayfs: filesystem on './file0' not supported as upperdir [ 587.687224] FAULT_INJECTION: forcing a failure. [ 587.687224] name failslab, interval 1, probability 0, space 0, times 0 03:37:06 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000028913, &(0x7f0000000180)="5d292003ff8327c610f99e88e233b411f1a50d5edaf55d0000000036fdc12fdd11446c8cbda9c7ed9a9f95aa46") mkdir(&(0x7f00000001c0)='./file0\x00', 0x0) mkdir(&(0x7f0000000040)='./file1\x00', 0x0) mount$overlay(0x40000a, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='overlay\x00', 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="75707065726469723d2e2f66696c65302c6c6f7765726469723d2e3066696c65302c776f7222cf2098d3cd348015eba6ca86595b8974c8c365edb103471be87e3f356f1a05489af5e1162fbc8e7d7ced83a93a3c2537283b6de762d38cf973ba20738c4c585c8a28fa32452f98bd26422fa02be679905b763545ea35344b85649ede1690a16092622d80bd0e614c5382727beea76a34a865bfe577d99a7b7beb1f22e1d719f6266a35cf2628929903abe7d994b3939690df4d48281ca6a1bcc82ad495b7b7648631a915d8b0c3445f07bbfa1597f2a1ff583330458af0"]) [ 587.713200] CPU: 0 PID: 22452 Comm: syz-executor.3 Not tainted 4.14.138 #34 [ 587.720318] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 587.729663] Call Trace: [ 587.732246] dump_stack+0x138/0x19c [ 587.735869] should_fail.cold+0x10f/0x159 [ 587.740006] should_failslab+0xdb/0x130 [ 587.743961] kmem_cache_alloc+0x2d7/0x780 [ 587.748101] ? anon_vma_clone+0x310/0x470 [ 587.752237] anon_vma_fork+0xe9/0x4d0 [ 587.756033] copy_process.part.0+0x45e2/0x6a00 [ 587.760615] ? __cleanup_sighand+0x50/0x50 [ 587.764834] ? lock_downgrade+0x6e0/0x6e0 [ 587.769106] _do_fork+0x19e/0xce0 [ 587.772593] ? fork_idle+0x280/0x280 [ 587.776299] ? fput+0xd4/0x150 [ 587.779471] ? SyS_write+0x15e/0x230 [ 587.783216] SyS_clone+0x37/0x50 [ 587.786588] ? sys_vfork+0x30/0x30 [ 587.790116] do_syscall_64+0x1e8/0x640 [ 587.793981] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 587.798818] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 587.803996] RIP: 0033:0x459829 [ 587.807173] RSP: 002b:00007f74f3dd6c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 587.814931] RAX: ffffffffffffffda RBX: 00007f74f3dd6c90 RCX: 0000000000459829 [ 587.822197] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 587.829585] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 587.836846] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f74f3dd76d4 [ 587.844110] R13: 00000000004bfce6 R14: 00000000004d1a38 R15: 0000000000000004 [ 587.860658] x86/PAT: syz-executor.3:22452 freeing invalid memtype [mem 0x00002000-0x00002fff] [ 587.893012] overlayfs: unrecognized mount option "wor" 4ʆY[teG~?5oH/}|탩:<%7(;mbӌs sLX\(2E/&B/+y[v5E54Kd`b-aLSr{j4ewٚ{{"&j5&(ٔMH(*ԕd1ذD_X30E" or missing value [ 587.918503] overlayfs: unrecognized mount option "wor" 4ʆY[teG~?5oH/}|탩:<%7(;mbӌs sLX\(2E/&B/+y[v5E54Kd`b-aLSr{j4ewٚ{{"&j5&(ٔMH(*ԕd1ذD_X30E" or missing value [ 589.510112] net_ratelimit: 18 callbacks suppressed [ 589.510117] protocol 88fb is buggy, dev hsr_slave_0 [ 589.520129] protocol 88fb is buggy, dev hsr_slave_1 [ 589.910166] protocol 88fb is buggy, dev hsr_slave_0 [ 589.915298] protocol 88fb is buggy, dev hsr_slave_1 [ 590.150180] protocol 88fb is buggy, dev hsr_slave_0 [ 590.155301] protocol 88fb is buggy, dev hsr_slave_1 [ 590.160452] protocol 88fb is buggy, dev hsr_slave_0 [ 590.165498] protocol 88fb is buggy, dev hsr_slave_1 03:37:09 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x822102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg$netlink(0xffffffffffffffff, &(0x7f0000001dc0)={0x0, 0x0, &(0x7f00000000c0)=[{0x0, 0xfffffffffffffce2}, {0x0, 0x15e}, {0x0, 0x2c3}, {&(0x7f0000000000)=ANY=[@ANYBLOB="b803010000000020000000000000000000"], 0x9c}], 0x4}, 0x0) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x4) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, 0x0) ptrace$cont(0x7, r0, 0x0, 0x0) 03:37:09 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$VIDIOC_CROPCAP(r1, 0xc02c563a, &(0x7f0000000000)={0x3, {0x7, 0x1000, 0x100010000000, 0xfd41}, {0x6, 0x9, 0x2fc80b65, 0x2}, {0x0, 0x8}}) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x4, &(0x7f0000000040)={0xffffffffffffffff}, 0x13f, 0x4}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_IP(r1, &(0x7f00000000c0)={0x3, 0x40, 0xfa00, {{0xa, 0x4e20, 0x1, @remote, 0x80000001}, {0xa, 0x4e21, 0x5f23, @mcast2, 0x3f}, r2, 0x6}}, 0x48) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ioctl$SNDRV_RAWMIDI_IOCTL_DROP(r1, 0x40045730, &(0x7f00000001c0)=0x9) r3 = socket$inet(0x2, 0x4000000000000003, 0x800000000004) ioctl$VIDIOC_QUERY_DV_TIMINGS(r1, 0x80845663, &(0x7f00000002c0)) ioctl$sock_inet_udp_SIOCINQ(r3, 0x5411, &(0x7f0000000280)) 03:37:09 executing program 5: syz_open_dev$sndtimer(&(0x7f0000000100)='/dev/snd/timer\x00', 0x0, 0xc2) r0 = memfd_create(&(0x7f0000000040)='\x00\xac=\x9d\xd2\xdb\xe6\xbf\xb4\b\xedcJ\x8e\x84\xd4N\x12\x9b\x1f\t\xbd\x11+\x86T\x16\xa3\xb3\xae0\x9f9?\xefo\xa4k\x012>\xa1\x9c\x86x\x1c\x9f\x84\x195\xde\x97_\t~\xf3Y\x12\"p^\xc1\x0f', 0x0) pipe2(&(0x7f00000001c0)={0xffffffffffffffff}, 0x80000) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000240)='TIPCv2\x00') sendmsg$TIPC_NL_PUBL_GET(r1, &(0x7f00000004c0)={&(0x7f0000000200), 0xc, &(0x7f0000000400)={&(0x7f0000000700)=ANY=[@ANYBLOB="f800b900ee6059aa5bf14ff6a69df6cf78598587885cc2979be4d33804ce45cf25a023e9d85b90b16d1c4f676e9d8d20b58f8357894ddc76b8621dbea8fcf60e000000000000beb107743e7f8356bb1b4c0de66bec6f53d13682abef3e61e52e81ef49b7430113f3811d3f04cf033549732f89d78a64aad3db174f0fa25aae831eb197865d", @ANYRES16=r2, @ANYBLOB="00012abd7000fedbdf25070000002400020008000100a400000008000100800000000800010000000000080001000600000068000100080003000000000008000300ff000000380004001400010002004e20e00000020000000000000000200002000a00000000000005ff010000000000000000000000000001060000000c00020008000300f7e50000100001007564703a73797a3100000000140009000800010002000000080002005f03000020000200080002003200000004000400080001000500000008000100fdffffff24000900080001000400000008000200348bffff08000100020000000800010000000100d38e0166af14aef0fed3fe37ccb98b8e1d618758710bcc343515620b7485b2e5d34afd97798864139f9bd4a82584dd5fa513b207b6aed55e6fa9e1a400b4c5cfda809f61fa901ac4"], 0x3}, 0x1, 0x0, 0x0, 0x40000}, 0x20004010) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='Cpuacct.stE\xae\x00', 0x275a, 0x0) r3 = creat(&(0x7f0000000080)='./bus\x00', 0x0) fallocate(r3, 0x0, 0x0, 0x1) read$eventfd(r3, &(0x7f00000003c0), 0x8) fallocate(r0, 0xe, 0x6, 0xffffffffffff5a11) r4 = creat(&(0x7f0000000280)='./bus\x00', 0x80) r5 = socket$inet6(0xa, 0x400000000001, 0x0) r6 = fcntl$getown(r4, 0x9) capget(&(0x7f00000000c0)={0x20080522, r6}, &(0x7f0000000140)={0x1, 0x8000, 0x81, 0x40, 0xfffffffff0520d4f, 0x5}) r7 = dup(r5) ioctl$FICLONE(0xffffffffffffffff, 0x40049409, r5) setsockopt$inet6_tcp_int(r7, 0x6, 0x12, &(0x7f0000000000)=0x7f, 0x4) bind$inet6(r5, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r5, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$SO_BINDTODEVICE(r5, 0x1, 0x19, &(0x7f0000000180)='syz_tun\x00', 0x10) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x400}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r8 = open(&(0x7f0000000440)='./bus\x00', 0x141042, 0x0) ftruncate(r4, 0x800fe) sendfile(r7, r8, 0x0, 0x8000fffffffe) 03:37:09 executing program 0: r0 = socket$inet6(0xa, 0x4001000000000002, 0x0) getsockopt$inet_sctp6_SCTP_MAX_BURST(r0, 0x84, 0x14, &(0x7f0000000040)=@assoc_value={0x0}, &(0x7f0000000080)=0x8) r2 = fcntl$dupfd(r0, 0x0, r0) setsockopt$inet6_MRT6_DEL_MFC(r2, 0x29, 0xcd, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, 0x0, 0x0) unshare(0x2040400) r3 = perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$UI_END_FF_UPLOAD(r3, 0x406855c9, &(0x7f0000000540)={0xa, 0xfff, {0x56, 0x7, 0x934, {0x3}, {0x3}, @ramp={0x80, 0xc27, {0x8, 0x9, 0x5, 0x20}}}, {0x53, 0x2, 0xe5c0, {0x8001, 0x4}, {0x0, 0xfff}, @const={0x3, {0x5, 0x43d, 0x7, 0x10001}}}}) getsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000280)={{{@in=@local, @in=@dev}}, {{@in=@multicast1}, 0x0, @in6=@loopback}}, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000140)={0x0, 0x18, 0xfa00, {0x4, &(0x7f0000000000)={0xffffffffffffffff}, 0x106, 0x3}}, 0x20) r5 = openat$cgroup_ro(r2, &(0x7f0000000440)='cpuacct.stat\x00', 0x0, 0x0) ioctl$NBD_DISCONNECT(r5, 0xab08) write$RDMA_USER_CM_CMD_INIT_QP_ATTR(0xffffffffffffffff, &(0x7f0000000200)={0xb, 0x10, 0xfa00, {&(0x7f0000000380), r4}}, 0xfffffd68) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) r7 = shmget(0x1, 0x4000, 0x0, &(0x7f0000ffc000/0x4000)=nil) shmctl$IPC_RMID(r7, 0x0) ioctl$TCSETSW(r5, 0x5403, &(0x7f0000000500)={0x1f, 0x4, 0x5, 0x6, 0x14, 0x4, 0x6, 0x1000, 0xd45e, 0x0, 0x2, 0xffffffffa20d5514}) setxattr$trusted_overlay_opaque(0x0, &(0x7f0000000180)='trusted.overlay.opaque\x00', &(0x7f00000001c0)='y\x00', 0x2, 0x0) setsockopt$inet_sctp_SCTP_AUTH_KEY(r5, 0x84, 0x17, &(0x7f0000000480)=ANY=[@ANYRES32=r1, @ANYRESOCT=r1], 0x2) ioctl$sock_ifreq(r6, 0x8991, &(0x7f00000000c0)={'bond0\x00\x16@\xea\xff\xff\x80\x00\x00\x02\xff', @ifru_names='bond_slave_1\x00'}) ioctl$sock_ifreq(r6, 0x8990, &(0x7f0000000240)={'bond0\x00\xe1\x03\n\x00!!\x00\x01\x00', @ifru_names='bond_slave_1\x00'}) ioctl(r5, 0x2, &(0x7f00000005c0)="1fa15fad51d651ddd9f69b789c383b4a13b8309e7420724c5e83670412bf3d9cf6a32c386aac04501b8acd260809720a8e3f9343222a5ce8af23f1035d095943b0117d7a66d3e055589837097610676f784bc85b9a7df025900bcdba") 03:37:09 executing program 3 (fault-call:6 fault-nth:21): mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000200)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000003c0)='./file0\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffe000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) 03:37:09 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca50d5e0bcfe47bf070") mkdir(&(0x7f00000001c0)='./file0\x00', 0x0) mkdir(&(0x7f0000000040)='./file1\x00', 0x0) r1 = syz_open_dev$vcsn(&(0x7f0000000080)='/dev/vcs#\x00', 0x80000001, 0x101000) getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f0000000140)={0x1, 0x44, 0x8000, 0x8, 0x3, 0x9ada, 0x7f, 0xffffffffffff0001, 0x0}, &(0x7f0000000180)=0x20) getsockopt$inet_sctp6_SCTP_RTOINFO(r1, 0x84, 0x0, &(0x7f0000000200)={r2, 0x5, 0x7fff, 0xffff}, &(0x7f0000000240)=0x10) mount$overlay(0x40000a, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='overlay\x00', 0x0, &(0x7f0000000100)={[{@upperdir={'upperdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './file1'}, 0x5c}], [], 0xf603000000000000}) 03:37:09 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x81) ioctl$KVM_SET_LAPIC(r3, 0x4400ae8f, &(0x7f0000001640)={"6cdd4237dd245c8404721efdc9c8dc1964125fa96fa42b761c6ec25b2bec0ba4c81036c93a40c8a4d4412a763b00040000000000003c5ca206c047ecee377abaece6b88378e3d63a98fc191f361d264ffa8b46485f02baee1ab6b8154252066178868d1ef4b5365c5dc26ca097ddda7c21a984c2b9ca4bbb7a87165c0c1dbc75d7ea4df10000174a3ac8694525952f44500a1f0db509c32cc7ace842c28f37f06e4ea9f1e5f0c6c379f9cc58bf69fcde318ead4825aa1b6a832d4e48cc41bb5a6baa41d614f6c8941bee805954a62d196a4e8d41f6b21224b57f530d0000c1ff53bf79a1f5c5dc34b2262d66ae793b6304a30b97077f1c131045cbc11c4562d22db88d0edc5daee171cc04d96d9ec2db07478f347edbd6404923ad4a5672b1b285c7988c4ec0922c655ff600000000c00dc290d936d93236051fadfb4b95d02c0bda7ce38dabb7cd103fe4d0c9c963cd717a77f8df8d46099b1f58e068af6afbbc19db161c6df3e7c9c71bc08a282fc2c142856b5e4caff4c0a4f72445ef10dcd2c569319d6e9bb2058d023f669a64fc7d9684b45b00000000364673dcfa9235ea5a2ff23c4bb5c5acb290e8976dcac779ff000000000000003d4e185afe28b774b99d3890bd37428617de4cdd6f53c419ce31054182fd098af7b7f1b1152c691611f897558d4b755cb783978d9859b0537b05b623dcb5c4ca9317471a40fa4998cca80e961efffb4e1aa25d8a17deef0c8694c4395fc99be3c3fe7aeb8af4929ce7d346ca62b25d48fda5d10146702f78b233b5208752726ed9f0c340d494b92d19cc930bb8a5f8b4da8f4603ac0c3b698384e17a570dc8524823ed15af4ecfabb4b2541d3c114b7bba1c21a845c9cf0d1cc24aba47e30f558b2246ad95ccf7d2f80cc0ab26f08336ea1a33b79cf35b898837016eb211a1734c7af076e15451e33519fc978f66df7df4557c91024a8dc130a28ef5f63ad07b39c8d23b85cf434e065e8a29a800655d127de6f6347b4951f97b5703dc78b1ca9d74ea6a9ae12ab367c0de2659cc38d2f33ddd86e0597d33361eada119b5132145fa4525c488c7fffd6ceda6e9a02ebd97ced6b0161f2cc84615ceb8b18883299c636e9e46724a9a0600a8bb02f3e489631d522019a35fe12a33caf9dd8768ddbc02a484c345c3eff254297b1dbb04989c3f9f3c7b3c985c39b1d313018068d3809bac8c657e39f4f692613e28387e955722908dd88b56163be8312ff47c5b6f280472935af74e97a5a8110a4d74496f4c8ec82ddb56d9b962d2fc43fa01a047526865c84f7cff36056cc4ac258021e1581d43badaaec6cc5a2ef989de9801fed6d4be2bfcfe07a69c46bffbe9dd03970800000000000000d372bdd6d89dc1ecf63c23d506114d0fba2bd1c69e8f7e3fccdcda85ce975ec1381b1cec6ddaa76e186719d8191643"}) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x4000000000000015, &(0x7f00000004c0)=0x3, 0xfffffffffffffdcc) r4 = syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$VT_GETMODE(r4, 0x5601, 0x0) r5 = openat$dir(0xffffffffffffff9c, 0x0, 0x101000, 0x800001a0) r6 = dup(r5) mlock(&(0x7f0000bde000/0x4000)=nil, 0x4000) clone(0x13102001fee, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r7 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000180)='IPVS\x00') sendmsg$IPVS_CMD_NEW_DAEMON(r3, &(0x7f00000002c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40400000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000240)={0x70, r7, 0x200, 0x70bd25, 0x25dfdbff, {}, [@IPVS_CMD_ATTR_DAEMON={0x28, 0x3, [@IPVS_DAEMON_ATTR_SYNC_ID={0x8, 0x3, 0x3}, @IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @local}, @IPVS_DAEMON_ATTR_STATE={0x8}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x3}, @IPVS_CMD_ATTR_DEST={0x14, 0x2, [@IPVS_DEST_ATTR_INACT_CONNS={0x8, 0x8, 0x90b}, @IPVS_DEST_ATTR_ADDR_FAMILY={0x8, 0xb, 0xa}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x5}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x8}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x8}]}, 0x70}, 0x1, 0x0, 0x0, 0x8040}, 0x80) ioctl$sock_FIOGETOWN(r6, 0x8903, &(0x7f0000000300)=0x0) getpriority(0x2, r8) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0x3) r9 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rtc0\x00', 0x2, 0x0) ioctl$RTC_WKALM_SET(r9, 0x4028700f, &(0x7f00000000c0)={0x1, 0x1, {0x0, 0x5, 0x5, 0x8, 0x5, 0x466d0ccd, 0x5, 0x11c, 0xffffffffffffffff}}) ioctl$VIDIOC_G_TUNER(r4, 0xc054561d, &(0x7f0000000100)={0x49c, "a168087da9365dea046f8377b4b749778f0e9e58dd01285620536c6a21797748", 0x3, 0x20, 0x5, 0x0, 0x4, 0x0, 0x9}) ioctl$TUNDETACHFILTER(r4, 0x401054d6, 0x0) setsockopt$packet_add_memb(r4, 0x107, 0x1, 0x0, 0x0) keyctl$search(0xa, 0x0, &(0x7f00000005c0)='logon\x00', &(0x7f0000000600)={'syz', 0x1}, 0x0) ioctl$SNDRV_TIMER_IOCTL_TREAD(r6, 0x40045402, 0x0) r10 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r10, 0x0, 0x0) ioctl$sock_bt_cmtp_CMTPCONNADD(r4, 0x400443c8, &(0x7f0000000480)={r6, 0x3f}) setsockopt$sock_timeval(r10, 0x1, 0x8000000017, &(0x7f0000000080)={0x0, 0x7530}, 0xfffffffffffffd5a) [ 590.407823] bond0: Releasing backup interface bond_slave_1 [ 590.424387] FAULT_INJECTION: forcing a failure. [ 590.424387] name failslab, interval 1, probability 0, space 0, times 0 [ 590.447317] CPU: 1 PID: 22476 Comm: syz-executor.3 Not tainted 4.14.138 #34 [ 590.454449] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 590.463806] Call Trace: [ 590.466402] dump_stack+0x138/0x19c [ 590.470043] should_fail.cold+0x10f/0x159 [ 590.474202] should_failslab+0xdb/0x130 [ 590.478180] kmem_cache_alloc+0x2d7/0x780 [ 590.482415] ? anon_vma_clone+0x310/0x470 [ 590.486567] anon_vma_fork+0x1ce/0x4d0 [ 590.490458] copy_process.part.0+0x45e2/0x6a00 [ 590.495064] ? __cleanup_sighand+0x50/0x50 [ 590.499302] ? lock_downgrade+0x6e0/0x6e0 [ 590.503473] _do_fork+0x19e/0xce0 [ 590.506930] ? fork_idle+0x280/0x280 [ 590.510646] ? fput+0xd4/0x150 [ 590.513840] ? SyS_write+0x15e/0x230 [ 590.517562] SyS_clone+0x37/0x50 [ 590.520928] ? sys_vfork+0x30/0x30 [ 590.524476] do_syscall_64+0x1e8/0x640 [ 590.528361] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 590.533208] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 590.538398] RIP: 0033:0x459829 [ 590.541580] RSP: 002b:00007f74f3dd6c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 590.549278] RAX: ffffffffffffffda RBX: 00007f74f3dd6c90 RCX: 0000000000459829 03:37:09 executing program 5: syz_open_dev$sndtimer(&(0x7f0000000100)='/dev/snd/timer\x00', 0x0, 0xc2) r0 = memfd_create(&(0x7f0000000040)='\x00\xac=\x9d\xd2\xdb\xe6\xbf\xb4\b\xedcJ\x8e\x84\xd4N\x12\x9b\x1f\t\xbd\x11+\x86T\x16\xa3\xb3\xae0\x9f9?\xefo\xa4k\x012>\xa1\x9c\x86x\x1c\x9f\x84\x195\xde\x97_\t~\xf3Y\x12\"p^\xc1\x0f', 0x0) pipe2(&(0x7f00000001c0)={0xffffffffffffffff}, 0x80000) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000240)='TIPCv2\x00') sendmsg$TIPC_NL_PUBL_GET(r1, &(0x7f00000004c0)={&(0x7f0000000200), 0xc, &(0x7f0000000400)={&(0x7f0000000700)=ANY=[@ANYBLOB="f800b900ee6059aa5bf14ff6a69df6cf78598587885cc2979be4d33804ce45cf25a023e9d85b90b16d1c4f676e9d8d20b58f8357894ddc76b8621dbea8fcf60e000000000000beb107743e7f8356bb1b4c0de66bec6f53d13682abef3e61e52e81ef49b7430113f3811d3f04cf033549732f89d78a64aad3db174f0fa25aae831eb197865d", @ANYRES16=r2, @ANYBLOB="00012abd7000fedbdf25070000002400020008000100a400000008000100800000000800010000000000080001000600000068000100080003000000000008000300ff000000380004001400010002004e20e00000020000000000000000200002000a00000000000005ff010000000000000000000000000001060000000c00020008000300f7e50000100001007564703a73797a3100000000140009000800010002000000080002005f03000020000200080002003200000004000400080001000500000008000100fdffffff24000900080001000400000008000200348bffff08000100020000000800010000000100d38e0166af14aef0fed3fe37ccb98b8e1d618758710bcc343515620b7485b2e5d34afd97798864139f9bd4a82584dd5fa513b207b6aed55e6fa9e1a400b4c5cfda809f61fa901ac4"], 0x3}, 0x1, 0x0, 0x0, 0x40000}, 0x20004010) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='Cpuacct.stE\xae\x00', 0x275a, 0x0) r3 = creat(&(0x7f0000000080)='./bus\x00', 0x0) fallocate(r3, 0x0, 0x0, 0x1) read$eventfd(r3, &(0x7f00000003c0), 0x8) fallocate(r0, 0xe, 0x6, 0xffffffffffff5a11) r4 = creat(&(0x7f0000000280)='./bus\x00', 0x80) r5 = socket$inet6(0xa, 0x400000000001, 0x0) r6 = fcntl$getown(r4, 0x9) capget(&(0x7f00000000c0)={0x20080522, r6}, &(0x7f0000000140)={0x1, 0x8000, 0x81, 0x40, 0xfffffffff0520d4f, 0x5}) r7 = dup(r5) ioctl$FICLONE(0xffffffffffffffff, 0x40049409, r5) setsockopt$inet6_tcp_int(r7, 0x6, 0x12, &(0x7f0000000000)=0x7f, 0x4) bind$inet6(r5, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r5, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$SO_BINDTODEVICE(r5, 0x1, 0x19, &(0x7f0000000180)='syz_tun\x00', 0x10) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x400}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r8 = open(&(0x7f0000000440)='./bus\x00', 0x141042, 0x0) ftruncate(r4, 0x800fe) sendfile(r7, r8, 0x0, 0x8000fffffffe) [ 590.556533] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 590.563871] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 590.571141] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f74f3dd76d4 [ 590.578389] R13: 00000000004bfce6 R14: 00000000004d1a38 R15: 0000000000000004 03:37:09 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca50d5e0bcfe47bf070") mkdir(&(0x7f00000001c0)='./file0\x00', 0x0) r1 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000080)='/dev/dlm_plock\x00', 0x2200, 0x0) timerfd_gettime(r1, &(0x7f0000000140)) mkdir(&(0x7f0000000040)='./file1\x00', 0x0) mount$overlay(0x40000a, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='overlay\x00', 0x0, &(0x7f0000000100)={[{@upperdir={'upperdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './file1'}, 0x5c}], [], 0xf603000000000000}) 03:37:09 executing program 1: mkdir(&(0x7f0000578000)='./file0\x00', 0x0) lsetxattr(&(0x7f0000712ff8)='./file0\x00', &(0x7f0000faffe7)=@known='system.posix_acl_default\x00', &(0x7f00002e7fec)='\x02\x00\x00\x00 \x00\x00\x00\x00\xfe\xff\x00\x01\x00\x00\x80\x8c\x00\x00\x00', 0x14, 0x0) r0 = socket$isdn_base(0x22, 0x3, 0x0) fcntl$setsig(r0, 0xa, 0x33) prctl$PR_SET_MM_EXE_FILE(0x23, 0xd, r0) [ 590.630127] protocol 88fb is buggy, dev hsr_slave_0 [ 590.635264] protocol 88fb is buggy, dev hsr_slave_1 [ 590.660261] x86/PAT: syz-executor.3:22470 freeing invalid memtype [mem 0x00002000-0x00002fff] 03:37:09 executing program 3 (fault-call:6 fault-nth:22): mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000200)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000003c0)='./file0\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffe000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) [ 590.676470] bond0: Enslaving bond_slave_1 as an active interface with an up link 03:37:09 executing program 0: perf_event_open(&(0x7f0000000000)={0x1, 0x70, 0x7fffffff, 0x6, 0x15ee, 0x8, 0x0, 0x1, 0x28000, 0x7, 0x3, 0x0, 0x1, 0x401, 0x7, 0x0, 0x5, 0x5, 0x4, 0x5, 0x9, 0x3, 0x1, 0x5, 0x8, 0x9, 0x0, 0x3, 0x7, 0x5, 0xe00000000, 0x0, 0xb8, 0x5, 0x72f1b304, 0x0, 0x4, 0xfffffffffffffc01, 0x0, 0x4, 0x0, @perf_config_ext={0x1d, 0x6}, 0x20000, 0x6, 0x7, 0x1, 0xc8, 0x1f, 0x7}, 0x0, 0xa, 0xffffffffffffffff, 0xf33ac599162dd2e5) r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x1, 0x100) mmap(&(0x7f0000013000/0x3000)=nil, 0x3000, 0x10882cc92279fcd5, 0x10010, r0, 0x4) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f00000001c0)={0x26, 'hash\x00', 0x0, 0x0, 'sha224-generic\x00'}, 0x58) r2 = accept$alg(r1, 0x0, 0x0) sendmmsg(r2, &(0x7f0000007f00)=[{{&(0x7f00000056c0)=@can, 0x200056d0, &(0x7f00000000c0)}}, {{&(0x7f0000005900)=@pppoe={0x18, 0x0, {0x0, @link_local, 'syzkaller0\x00'}}, 0x80, &(0x7f0000007ac0), 0x6c, &(0x7f0000007b00)}}], 0x3fffffffffffe0d, 0x0) [ 590.776215] overlayfs: filesystem on './file0' not supported as upperdir [ 590.824651] FAULT_INJECTION: forcing a failure. [ 590.824651] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 590.850843] CPU: 0 PID: 22504 Comm: syz-executor.3 Not tainted 4.14.138 #34 [ 590.857971] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 590.867327] Call Trace: [ 590.869931] dump_stack+0x138/0x19c [ 590.873567] should_fail.cold+0x10f/0x159 [ 590.877717] ? __might_sleep+0x93/0xb0 [ 590.881608] __alloc_pages_nodemask+0x1d6/0x7a0 [ 590.886272] ? save_stack+0xa9/0xd0 [ 590.891420] ? __alloc_pages_slowpath+0x2930/0x2930 [ 590.896432] ? anon_vma_fork+0x1ce/0x4d0 [ 590.900579] ? copy_process.part.0+0x45e2/0x6a00 [ 590.905334] ? _do_fork+0x19e/0xce0 [ 590.908974] ? __lock_acquire+0x5f7/0x4620 [ 590.913209] alloc_pages_current+0xec/0x1e0 [ 590.917533] __get_free_pages+0xf/0x40 [ 590.921427] get_zeroed_page+0x11/0x20 [ 590.925313] __pud_alloc+0x3b/0x200 [ 590.928937] pud_alloc+0xc9/0x130 [ 590.932392] copy_page_range+0x2de/0x1bd0 [ 590.936545] ? find_held_lock+0x35/0x130 [ 590.940604] ? find_held_lock+0x35/0x130 [ 590.944674] ? __pmd_alloc+0x410/0x410 [ 590.948569] ? __vma_link_rb+0x247/0x340 [ 590.952636] copy_process.part.0+0x4764/0x6a00 [ 590.957240] ? __cleanup_sighand+0x50/0x50 [ 590.961476] ? lock_downgrade+0x6e0/0x6e0 [ 590.965634] _do_fork+0x19e/0xce0 [ 590.969194] ? fork_idle+0x280/0x280 [ 590.972912] ? fput+0xd4/0x150 [ 590.976099] ? SyS_write+0x15e/0x230 [ 590.979818] SyS_clone+0x37/0x50 [ 590.983178] ? sys_vfork+0x30/0x30 [ 590.986718] do_syscall_64+0x1e8/0x640 [ 590.990601] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 590.995446] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 591.000629] RIP: 0033:0x459829 [ 591.003815] RSP: 002b:00007f74f3dd6c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 591.011546] RAX: ffffffffffffffda RBX: 00007f74f3dd6c90 RCX: 0000000000459829 [ 591.018816] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 591.026082] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 591.033352] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f74f3dd76d4 [ 591.040621] R13: 00000000004bfce6 R14: 00000000004d1a38 R15: 0000000000000004 [ 591.065364] x86/PAT: syz-executor.3:22504 freeing invalid memtype [mem 0x00002000-0x00002fff] 03:37:12 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x822102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg$netlink(0xffffffffffffffff, &(0x7f0000001dc0)={0x0, 0x0, &(0x7f00000000c0)=[{0x0, 0xfffffffffffffce2}, {0x0, 0x15e}, {0x0, 0x2c3}, {&(0x7f0000000000)=ANY=[@ANYBLOB="b803010000000020000000000000000000"], 0x9c}], 0x4}, 0x0) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x4) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0xffffffffffffffff, r0, 0x0, 0x0) 03:37:12 executing program 1: r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_ASSOCINFO(r0, 0x84, 0x1, 0x0, 0xfffffffffffffd8a) prctl$PR_GET_THP_DISABLE(0x2a) 03:37:12 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca50d5e0bcfe47bf070") mkdir(&(0x7f00000001c0)='./file0\x00', 0x0) mkdir(&(0x7f0000000040)='./file1\x00', 0x0) r1 = openat$selinux_checkreqprot(0xffffffffffffff9c, &(0x7f0000000080)='/selinux/checkreqprot\x00', 0x400, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000140)={0xffffffffffffffff}, 0x111, 0x5}}, 0x20) ioctl$TCSETXW(r0, 0x5435, &(0x7f0000000380)={0x100000000, 0x200, [0xffffffff, 0x7, 0x25ee, 0x2000000000, 0x8], 0xf}) write$RDMA_USER_CM_CMD_RESOLVE_ADDR(r1, &(0x7f0000000200)={0x15, 0x110, 0xfa00, {r2, 0x4, 0x0, 0x0, 0x0, @ib={0x1b, 0x9, 0x241, {"5b19155f3de79be77beeedef55eb0756"}, 0x200, 0xfffffffffffffeae, 0x8}, @in6={0xa, 0x4e21, 0x100000000, @dev={0xfe, 0x80, [], 0xe}, 0x4}}}, 0x118) r3 = fcntl$getown(0xffffffffffffffff, 0x9) syz_open_procfs(r3, &(0x7f0000000340)='net/route\x00') mount$overlay(0x40000a, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='overlay\x00', 0x0, &(0x7f0000000100)={[{@upperdir={'upperdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './file1'}, 0x5c}], [], 0xf603000000000000}) 03:37:12 executing program 5: syz_open_dev$sndtimer(&(0x7f0000000100)='/dev/snd/timer\x00', 0x0, 0xc2) r0 = memfd_create(&(0x7f0000000040)='\x00\xac=\x9d\xd2\xdb\xe6\xbf\xb4\b\xedcJ\x8e\x84\xd4N\x12\x9b\x1f\t\xbd\x11+\x86T\x16\xa3\xb3\xae0\x9f9?\xefo\xa4k\x012>\xa1\x9c\x86x\x1c\x9f\x84\x195\xde\x97_\t~\xf3Y\x12\"p^\xc1\x0f', 0x0) pipe2(&(0x7f00000001c0)={0xffffffffffffffff}, 0x80000) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000240)='TIPCv2\x00') sendmsg$TIPC_NL_PUBL_GET(r1, &(0x7f00000004c0)={&(0x7f0000000200), 0xc, &(0x7f0000000400)={&(0x7f0000000700)=ANY=[@ANYBLOB="f800b900ee6059aa5bf14ff6a69df6cf78598587885cc2979be4d33804ce45cf25a023e9d85b90b16d1c4f676e9d8d20b58f8357894ddc76b8621dbea8fcf60e000000000000beb107743e7f8356bb1b4c0de66bec6f53d13682abef3e61e52e81ef49b7430113f3811d3f04cf033549732f89d78a64aad3db174f0fa25aae831eb197865d", @ANYRES16=r2, @ANYBLOB="00012abd7000fedbdf25070000002400020008000100a400000008000100800000000800010000000000080001000600000068000100080003000000000008000300ff000000380004001400010002004e20e00000020000000000000000200002000a00000000000005ff010000000000000000000000000001060000000c00020008000300f7e50000100001007564703a73797a3100000000140009000800010002000000080002005f03000020000200080002003200000004000400080001000500000008000100fdffffff24000900080001000400000008000200348bffff08000100020000000800010000000100d38e0166af14aef0fed3fe37ccb98b8e1d618758710bcc343515620b7485b2e5d34afd97798864139f9bd4a82584dd5fa513b207b6aed55e6fa9e1a400b4c5cfda809f61fa901ac4e4a13376e03f6d591f46"], 0x3}, 0x1, 0x0, 0x0, 0x40000}, 0x20004010) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='Cpuacct.stE\xae\x00', 0x275a, 0x0) r3 = creat(&(0x7f0000000080)='./bus\x00', 0x0) fallocate(r3, 0x0, 0x0, 0x1) read$eventfd(r3, &(0x7f00000003c0), 0x8) fallocate(r0, 0xe, 0x6, 0xffffffffffff5a11) r4 = creat(&(0x7f0000000280)='./bus\x00', 0x80) r5 = socket$inet6(0xa, 0x400000000001, 0x0) r6 = fcntl$getown(r4, 0x9) capget(&(0x7f00000000c0)={0x20080522, r6}, &(0x7f0000000140)={0x1, 0x8000, 0x81, 0x40, 0xfffffffff0520d4f, 0x5}) r7 = dup(r5) ioctl$FICLONE(0xffffffffffffffff, 0x40049409, r5) setsockopt$inet6_tcp_int(r7, 0x6, 0x12, &(0x7f0000000000)=0x7f, 0x4) bind$inet6(r5, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r5, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$SO_BINDTODEVICE(r5, 0x1, 0x19, &(0x7f0000000180)='syz_tun\x00', 0x10) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x400}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r8 = open(&(0x7f0000000440)='./bus\x00', 0x141042, 0x0) ftruncate(r4, 0x800fe) sendfile(r7, r8, 0x0, 0x8000fffffffe) 03:37:12 executing program 3 (fault-call:6 fault-nth:23): mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000200)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000003c0)='./file0\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffe000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) 03:37:12 executing program 0: link(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='./file0\x00') syz_emit_ethernet(0x66, &(0x7f0000000140)=ANY=[@ANYBLOB="ffffffffffff0180c289030086dd6076605100303afffe80034300050dff00000000000000ffff020000000000000000000000000001860090780007000060c5961e0000000003040000000000001803000005000001ff0500000000000000000000000000011e9e5b4ad574e27ade0626501beed137c37f9f39774b0df33ecdd8bd5e0a50cf190b09c712ab5d6cb40e7ea50cafafbd92ddf6c869935a9cbd36670b4def9ef866a7aac7ba3fee57395efd2d8ea42dccc05b0a95dc700f95234b07dfa6424c61a6be3dddea42449d2d0662bd0e82e8d0226e963206272f00e08ffe9f144f39c0aeeb34b0f084f114bf677a15d923e75c2d90334cf3dc98ac9e7e8bb5dcd681d9beb8597b9c148712725074c6f68c61daae036da3aeae075a72efe681520e5570c6"], 0x0) 03:37:12 executing program 0: pipe(&(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) accept4$inet(r0, 0x0, 0x0, 0x80000) write(r1, &(0x7f00000001c0), 0xfffffef3) read(r0, &(0x7f0000000540)=""/250, 0xfa) syz_open_procfs(0x0, &(0x7f0000000100)='coredump_filter\x00') r2 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r2, &(0x7f0000000080)={0x2, 0x4e23, @multicast2}, 0x10) r3 = socket$packet(0x11, 0x3, 0x300) getsockopt$packet_buf(0xffffffffffffffff, 0x107, 0x0, &(0x7f0000000040)=""/8, &(0x7f0000000080)=0x8) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400800, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x0, 0x7e0}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PPPIOCDISCONN(r1, 0x7439) socket$packet(0x11, 0x3, 0x300) fsetxattr$security_smack_transmute(r1, &(0x7f0000000340)='security.SMACK64TRANSMUTE\x00', &(0x7f0000000400)='TRUE', 0x19f, 0x10000000) socket$inet_tcp(0x2, 0x1, 0x0) clone(0x200, 0x0, 0xfffffffffffffffe, &(0x7f0000000500), 0xffffffffffffffff) socket$packet(0x11, 0x3, 0x300) bind$inet6(r0, &(0x7f0000000080)={0xa, 0x0, 0x1, @initdev={0xfe, 0x88, [], 0x1, 0x0}}, 0x1c) setsockopt$sock_int(r3, 0x1, 0x20000000000002c, &(0x7f00000000c0)=0x1, 0x4) r4 = socket$inet6(0xa, 0x2, 0x0) setsockopt$sock_int(r2, 0x1, 0x26, &(0x7f00000003c0)=0x2008000006, 0x4) bind$inet6(r4, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @ipv4={[], [], @dev}}, 0x1c) getpid() mknod$loop(&(0x7f0000000040)='./file0\x00', 0x6001, 0x1) creat(&(0x7f00000007c0)='./file0\x00', 0x0) inotify_add_watch(r0, &(0x7f0000000140)='./file0\x00', 0x4000000) unlink(&(0x7f0000000380)='./file0\x00') sendto$inet(r2, 0x0, 0x0, 0x20000802, &(0x7f0000000100)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0xa}}, 0x10) setsockopt$SO_BINDTODEVICE(r2, 0x1, 0x19, &(0x7f0000000000)='ip6_vti0\x00', 0x10) sendto$inet(r2, &(0x7f0000d7cfcb), 0xffffffffffffffef, 0x0, 0x0, 0x0) shutdown(r2, 0x1) 03:37:12 executing program 1: r0 = openat$capi20(0xffffffffffffff9c, &(0x7f0000001340)='/dev/capi20\x00', 0x1, 0x0) r1 = syz_open_dev$vbi(&(0x7f00000000c0)='/dev/vbi#\x00', 0x3, 0x2) ioctl$DRM_IOCTL_GET_UNIQUE(r1, 0xc0106401, &(0x7f0000001100)={0x1000, &(0x7f0000000100)=""/4096}) ioctl$CAPI_SET_FLAGS(r0, 0x80044324, &(0x7f0000000000)) r2 = socket(0x5, 0x6, 0x40000000080200) r3 = syz_genetlink_get_family_id$ipvs(&(0x7f0000001180)='IPVS\x00') sendmsg$IPVS_CMD_DEL_SERVICE(r1, &(0x7f0000001280)={&(0x7f0000001140)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000001240)={&(0x7f00000011c0)={0x78, r3, 0x2, 0x8, 0x25dfdbfb, {}, [@IPVS_CMD_ATTR_DEST={0x50, 0x2, [@IPVS_DEST_ATTR_ACTIVE_CONNS={0x8, 0x7, 0x5}, @IPVS_DEST_ATTR_L_THRESH={0x8, 0x6, 0x4}, @IPVS_DEST_ATTR_U_THRESH={0x8}, @IPVS_DEST_ATTR_ACTIVE_CONNS={0x8, 0x7, 0xffffffff}, @IPVS_DEST_ATTR_U_THRESH={0x8, 0x5, 0x166e}, @IPVS_DEST_ATTR_ADDR={0x14, 0x1, @ipv4=@multicast1}, @IPVS_DEST_ATTR_PERSIST_CONNS={0x8}, @IPVS_DEST_ATTR_PORT={0x8, 0x2, 0x4e21}]}, @IPVS_CMD_ATTR_SERVICE={0x14, 0x1, [@IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0x1}, @IPVS_SVC_ATTR_AF={0x8, 0x1, 0x2}]}]}, 0x78}, 0x1, 0x0, 0x0, 0x4000000}, 0x40010) connect$pptp(r2, &(0x7f0000000080)={0x18, 0x2, {0x1, @remote}}, 0x1e) [ 593.436363] FAULT_INJECTION: forcing a failure. [ 593.436363] name fail_page_alloc, interval 1, probability 0, space 0, times 0 03:37:12 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca50d5e0bcfe47bf070") mkdir(&(0x7f00000001c0)='./file0\x00', 0x0) mkdir(&(0x7f0000000040)='./file0\x00', 0x4) mount$overlay(0x40000a, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='overlay\x00', 0x0, &(0x7f0000000100)={[{@upperdir={'upperdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './file1'}, 0x5c}], [], 0xf603000000000000}) [ 593.478741] overlayfs: filesystem on './file0' not supported as upperdir [ 593.507331] CPU: 1 PID: 22517 Comm: syz-executor.3 Not tainted 4.14.138 #34 [ 593.514474] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 593.523852] Call Trace: 03:37:12 executing program 1: socket$inet6(0xa, 0x2, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000300)='/dev/ptmx\x00', 0x0, 0x0) openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000180)='/dev/dlm_plock\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000000)) openat$misdntimer(0xffffffffffffff9c, &(0x7f0000000240)='/dev/mISDNtimer\x00', 0x0, 0x0) syz_open_pts(r0, 0x2005) socket$key(0xf, 0x3, 0x2) unshare(0x600) pselect6(0x40, &(0x7f00000000c0)={0x3}, 0x0, &(0x7f0000000140)={0x1b7}, 0x0, 0x0) [ 593.526454] dump_stack+0x138/0x19c [ 593.530097] should_fail.cold+0x10f/0x159 [ 593.534258] ? __might_sleep+0x93/0xb0 [ 593.538167] __alloc_pages_nodemask+0x1d6/0x7a0 [ 593.542855] ? save_stack+0xa9/0xd0 [ 593.546503] ? __alloc_pages_slowpath+0x2930/0x2930 [ 593.551530] ? anon_vma_fork+0x1ce/0x4d0 [ 593.555596] ? copy_process.part.0+0x45e2/0x6a00 [ 593.560356] ? _do_fork+0x19e/0xce0 [ 593.563998] ? __lock_acquire+0x5f7/0x4620 [ 593.568243] alloc_pages_current+0xec/0x1e0 [ 593.572581] __get_free_pages+0xf/0x40 [ 593.576485] get_zeroed_page+0x11/0x20 [ 593.580383] __pud_alloc+0x3b/0x200 [ 593.584014] pud_alloc+0xc9/0x130 [ 593.587473] copy_page_range+0x2de/0x1bd0 [ 593.591632] ? find_held_lock+0x35/0x130 [ 593.595707] ? find_held_lock+0x35/0x130 [ 593.599791] ? __pmd_alloc+0x410/0x410 [ 593.603685] ? __vma_link_rb+0x247/0x340 [ 593.607763] copy_process.part.0+0x4764/0x6a00 [ 593.612381] ? __cleanup_sighand+0x50/0x50 [ 593.616627] ? lock_downgrade+0x6e0/0x6e0 [ 593.620787] _do_fork+0x19e/0xce0 [ 593.624252] ? fork_idle+0x280/0x280 [ 593.628011] ? fput+0xd4/0x150 [ 593.631211] ? SyS_write+0x15e/0x230 [ 593.634936] SyS_clone+0x37/0x50 [ 593.638311] ? sys_vfork+0x30/0x30 [ 593.641864] do_syscall_64+0x1e8/0x640 [ 593.645757] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 593.650611] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 593.655803] RIP: 0033:0x459829 [ 593.658993] RSP: 002b:00007f74f3dd6c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 593.666709] RAX: ffffffffffffffda RBX: 00007f74f3dd6c90 RCX: 0000000000459829 [ 593.673996] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 593.681278] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 593.688578] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f74f3dd76d4 [ 593.695871] R13: 00000000004bfce6 R14: 00000000004d1a38 R15: 0000000000000004 03:37:12 executing program 1: perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x800000000000012, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) socketpair$unix(0x1, 0x671e8b271be5d0ca, 0x0, &(0x7f0000000080)) io_setup(0xc7f0, &(0x7f00000000c0)=0x0) io_getevents(r1, 0x8001, 0x7, &(0x7f0000000240)=[{}, {}, {}, {}, {}, {}, {}], &(0x7f0000000100)={0x77359400}) clock_settime(0xdceed4a5a50194f9, &(0x7f00000001c0)) 03:37:12 executing program 5: syz_open_dev$sndtimer(&(0x7f0000000100)='/dev/snd/timer\x00', 0x0, 0xc2) r0 = memfd_create(&(0x7f0000000040)='\x00\xac=\x9d\xd2\xdb\xe6\xbf\xb4\b\xedcJ\x8e\x84\xd4N\x12\x9b\x1f\t\xbd\x11+\x86T\x16\xa3\xb3\xae0\x9f9?\xefo\xa4k\x012>\xa1\x9c\x86x\x1c\x9f\x84\x195\xde\x97_\t~\xf3Y\x12\"p^\xc1\x0f', 0x0) pipe2(&(0x7f00000001c0)={0xffffffffffffffff}, 0x80000) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000240)='TIPCv2\x00') sendmsg$TIPC_NL_PUBL_GET(r1, &(0x7f00000004c0)={&(0x7f0000000200), 0xc, &(0x7f0000000400)={&(0x7f0000000700)=ANY=[@ANYBLOB="f800b900ee6059aa5bf14ff6a69df6cf78598587885cc2979be4d33804ce45cf25a023e9d85b90b16d1c4f676e9d8d20b58f8357894ddc76b8621dbea8fcf60e000000000000beb107743e7f8356bb1b4c0de66bec6f53d13682abef3e61e52e81ef49b7430113f3811d3f04cf033549732f89d78a64aad3db174f0fa25aae831eb197865d", @ANYRES16=r2, @ANYBLOB="00012abd7000fedbdf25070000002400020008000100a400000008000100800000000800010000000000080001000600000068000100080003000000000008000300ff000000380004001400010002004e20e00000020000000000000000200002000a00000000000005ff010000000000000000000000000001060000000c00020008000300f7e50000100001007564703a73797a3100000000140009000800010002000000080002005f03000020000200080002003200000004000400080001000500000008000100fdffffff24000900080001000400000008000200348bffff08000100020000000800010000000100d38e0166af14aef0fed3fe37ccb98b8e1d618758710bcc343515620b7485b2e5d34afd97798864139f9bd4a82584dd5fa513b207b6aed55e6fa9e1a400b4c5cfda809f61fa901ac4e4a13376e03f6d591f46"], 0x3}, 0x1, 0x0, 0x0, 0x40000}, 0x20004010) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='Cpuacct.stE\xae\x00', 0x275a, 0x0) r3 = creat(&(0x7f0000000080)='./bus\x00', 0x0) fallocate(r3, 0x0, 0x0, 0x1) read$eventfd(r3, &(0x7f00000003c0), 0x8) fallocate(r0, 0xe, 0x6, 0xffffffffffff5a11) r4 = creat(&(0x7f0000000280)='./bus\x00', 0x80) r5 = socket$inet6(0xa, 0x400000000001, 0x0) r6 = fcntl$getown(r4, 0x9) capget(&(0x7f00000000c0)={0x20080522, r6}, &(0x7f0000000140)={0x1, 0x8000, 0x81, 0x40, 0xfffffffff0520d4f, 0x5}) r7 = dup(r5) ioctl$FICLONE(0xffffffffffffffff, 0x40049409, r5) setsockopt$inet6_tcp_int(r7, 0x6, 0x12, &(0x7f0000000000)=0x7f, 0x4) bind$inet6(r5, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r5, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$SO_BINDTODEVICE(r5, 0x1, 0x19, &(0x7f0000000180)='syz_tun\x00', 0x10) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x400}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r8 = open(&(0x7f0000000440)='./bus\x00', 0x141042, 0x0) ftruncate(r4, 0x800fe) sendfile(r7, r8, 0x0, 0x8000fffffffe) [ 593.817503] overlayfs: failed to resolve './file1': -2 [ 593.842328] overlayfs: failed to resolve './file1': -2 [ 593.886579] x86/PAT: syz-executor.3:22517 freeing invalid memtype [mem 0x00002000-0x00002fff] [ 594.790133] net_ratelimit: 22 callbacks suppressed [ 594.795128] protocol 88fb is buggy, dev hsr_slave_0 [ 594.800201] protocol 88fb is buggy, dev hsr_slave_1 [ 594.805288] protocol 88fb is buggy, dev hsr_slave_0 [ 594.810351] protocol 88fb is buggy, dev hsr_slave_1 [ 595.750112] protocol 88fb is buggy, dev hsr_slave_0 [ 595.755220] protocol 88fb is buggy, dev hsr_slave_1 [ 596.150126] protocol 88fb is buggy, dev hsr_slave_0 [ 596.155215] protocol 88fb is buggy, dev hsr_slave_1 03:37:15 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x822102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg$netlink(0xffffffffffffffff, &(0x7f0000001dc0)={0x0, 0x0, &(0x7f00000000c0)=[{0x0, 0xfffffffffffffce2}, {0x0, 0x15e}, {0x0, 0x2c3}, {&(0x7f0000000000)=ANY=[@ANYBLOB="b803010000000020000000000000000000"], 0x9c}], 0x4}, 0x0) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x4) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0xffffffffffffffff, r0, 0x0, 0x0) 03:37:15 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca50d5e0bcfe47bf070") mkdir(&(0x7f00000001c0)='./file0\x00', 0x0) mkdir(&(0x7f0000000040)='./file1\x00', 0x0) mount$overlay(0x40000a, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='overlay\x00', 0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="75707065726469723d2e2f66696c65302c6c6f22f6f2256d7b0a2b868fac897765726469723d2e2f66696c65302c776f69723d2e2f66696c65315c00d94e9c536966d3269783e0fa01282ca5dbcdd7c2edb3a44454657719b167e3cfd243fecb8f9c3725a2a4b9cfa9bace63d3eba2a95be6e2f0ec4928fa9055b7653c0855aac5c76bde50f3a14e7a4739855ab49263f050daadaccdda2b3f5ea5450cee83806b0e7f00633c2f451bcc6418d4fe97282b7b232f91abd31fb91aef5a63a9808b91e72603052b225c1f5a69a4665caaff822aceddf708849faa865c6d687533628398fa79ad9d9b2b79ceefeeca06ac8dc545a9a9e53525962c7adc5458346677b9f84672f5492ce20786eed8627dc92b26897b3c755b76637a30a4657283840ab01c82ea7721182632ea5481b0413b39accf1939b07e87a9"]) r1 = syz_open_dev$vcsn(&(0x7f0000000140)='/dev/vcs#\x00', 0x100000000, 0x200) setsockopt$inet6_buf(r1, 0x29, 0x0, &(0x7f0000000180)="d577620d39ef8e84aa1be136197a68a80b4e7a2ad1c97462337bbabe767aa59667f304e48c85c9cd32e8b24f5f15afad4f", 0x31) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x40000, &(0x7f0000000200)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c, {[{@fscache='fscache'}], [{@obj_type={'obj_type', 0x3d, 'overlay\x00'}}, {@smackfsdef={'smackfsdef'}}, {@dont_appraise='dont_appraise'}, {@fsuuid={'fsuuid', 0x3d, {[0x33, 0x73, 0x73, 0x30, 0x32, 0x37, 0x61, 0x35], 0x2d, [0x38, 0x30, 0x64, 0x64], 0x2d, [0x65, 0x0, 0x63, 0x39], 0x2d, [0x39, 0x39, 0x35, 0x37], 0x2d, [0x38, 0x39, 0x61, 0x35, 0x63, 0x35, 0x63, 0x32]}}}, {@permit_directio='permit_directio'}]}}) 03:37:15 executing program 3 (fault-call:6 fault-nth:24): mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000200)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000003c0)='./file0\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffe000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) 03:37:15 executing program 1: ioctl(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f00000001c0)=[{&(0x7f0000000180)="eb3c906d6b66732e666174000204010002000270fff80076", 0x18}], 0x0, 0x0) r0 = open(&(0x7f0000000040)='./file0\x00', 0x0, 0x0) fchdir(r0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = open(&(0x7f00000000c0)='./file0\x00', 0x20400040c2, 0x0) r2 = open$dir(&(0x7f0000000380)='./file0\x00', 0x0, 0x0) getsockopt$inet_sctp_SCTP_AUTH_ACTIVE_KEY(0xffffffffffffffff, 0x84, 0x18, 0x0, 0x0) getsockopt$inet_sctp_SCTP_ENABLE_STREAM_RESET(0xffffffffffffffff, 0x84, 0x76, &(0x7f0000000400)={0x0, 0xffffffffffff41a6}, &(0x7f0000000440)=0x8) getsockopt$bt_l2cap_L2CAP_LM(r1, 0x6, 0x3, &(0x7f0000000000), &(0x7f0000000080)=0x4) write(r1, &(0x7f0000000600)="34fd98aa1d0e7adec937a5f331a75f487934f50242a0751944936972896c29a5068c8ecba1aa0a4e2a631b5180e1fbde79f4502dc4c4a1fba9dcd9ed83e639aefa1b87631c33d1a82cb0c0035676ddfeb0fe7984d7519b0f839d497fc9d64ef14d1de22220ff2623df4950134b9fb734a52adad95f131cce3672a9d7d7b400d2c62810b5f20351639330948107bf8d4534a03ac389455c54d8eb4d609b3e858b7213b38eb01f0eeaba3739ae927916e28da6a79a3fd5e32d30ab30bf959d4596e5ffbff6789a650b9e7d248d1ba849012336a4f3ef8fab07a8f5b81bb0bc45b2174538315ca12b7c723b2157562564a8a1f19d28179f8c565448e0e921b8c3e6fc4adaafa8b929ad077f633325b6a6f71a586cabc4883e03e19315f946b277858593a7367e232202fe9ad656c6768a1517da7f0498b48cb078e929fb11db0cc551f754bffc4859dd89a396915cc809b07d448573098409ea21371056f67ef4114ec10547f498d24513fe594308bf022868ad21e85bba811942fdc45161a1a8", 0x17f) ioctl$VIDIOC_ENUM_FRAMESIZES(0xffffffffffffffff, 0xc02c564a, &(0x7f0000000100)) ioctl$VIDIOC_ENUM_FMT(0xffffffffffffffff, 0xc0405602, &(0x7f0000000200)={0x0, 0x5, 0x0, "d60ea31a26fcd2dee18ceed6ed9f7d4b3b5cd126cfc1c00cdda8fa9211cfce6b", 0x38414262}) sendfile(r1, r2, 0x0, 0x10000) 03:37:15 executing program 5: syz_open_dev$sndtimer(&(0x7f0000000100)='/dev/snd/timer\x00', 0x0, 0xc2) r0 = memfd_create(&(0x7f0000000040)='\x00\xac=\x9d\xd2\xdb\xe6\xbf\xb4\b\xedcJ\x8e\x84\xd4N\x12\x9b\x1f\t\xbd\x11+\x86T\x16\xa3\xb3\xae0\x9f9?\xefo\xa4k\x012>\xa1\x9c\x86x\x1c\x9f\x84\x195\xde\x97_\t~\xf3Y\x12\"p^\xc1\x0f', 0x0) pipe2(&(0x7f00000001c0)={0xffffffffffffffff}, 0x80000) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000240)='TIPCv2\x00') sendmsg$TIPC_NL_PUBL_GET(r1, &(0x7f00000004c0)={&(0x7f0000000200), 0xc, &(0x7f0000000400)={&(0x7f0000000700)=ANY=[@ANYBLOB="f800b900ee6059aa5bf14ff6a69df6cf78598587885cc2979be4d33804ce45cf25a023e9d85b90b16d1c4f676e9d8d20b58f8357894ddc76b8621dbea8fcf60e000000000000beb107743e7f8356bb1b4c0de66bec6f53d13682abef3e61e52e81ef49b7430113f3811d3f04cf033549732f89d78a64aad3db174f0fa25aae831eb197865d", @ANYRES16=r2, @ANYBLOB="00012abd7000fedbdf25070000002400020008000100a400000008000100800000000800010000000000080001000600000068000100080003000000000008000300ff000000380004001400010002004e20e00000020000000000000000200002000a00000000000005ff010000000000000000000000000001060000000c00020008000300f7e50000100001007564703a73797a3100000000140009000800010002000000080002005f03000020000200080002003200000004000400080001000500000008000100fdffffff24000900080001000400000008000200348bffff08000100020000000800010000000100d38e0166af14aef0fed3fe37ccb98b8e1d618758710bcc343515620b7485b2e5d34afd97798864139f9bd4a82584dd5fa513b207b6aed55e6fa9e1a400b4c5cfda809f61fa901ac4e4a13376e03f6d591f46"], 0x3}, 0x1, 0x0, 0x0, 0x40000}, 0x20004010) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='Cpuacct.stE\xae\x00', 0x275a, 0x0) r3 = creat(&(0x7f0000000080)='./bus\x00', 0x0) fallocate(r3, 0x0, 0x0, 0x1) read$eventfd(r3, &(0x7f00000003c0), 0x8) fallocate(r0, 0xe, 0x6, 0xffffffffffff5a11) r4 = creat(&(0x7f0000000280)='./bus\x00', 0x80) r5 = socket$inet6(0xa, 0x400000000001, 0x0) r6 = fcntl$getown(r4, 0x9) capget(&(0x7f00000000c0)={0x20080522, r6}, &(0x7f0000000140)={0x1, 0x8000, 0x81, 0x40, 0xfffffffff0520d4f, 0x5}) r7 = dup(r5) ioctl$FICLONE(0xffffffffffffffff, 0x40049409, r5) setsockopt$inet6_tcp_int(r7, 0x6, 0x12, &(0x7f0000000000)=0x7f, 0x4) bind$inet6(r5, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r5, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$SO_BINDTODEVICE(r5, 0x1, 0x19, &(0x7f0000000180)='syz_tun\x00', 0x10) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x400}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r8 = open(&(0x7f0000000440)='./bus\x00', 0x141042, 0x0) ftruncate(r4, 0x800fe) sendfile(r7, r8, 0x0, 0x8000fffffffe) 03:37:15 executing program 0: syz_open_dev$sndtimer(&(0x7f0000000100)='/dev/snd/timer\x00', 0x0, 0xc2) r0 = memfd_create(&(0x7f0000000040)='\x00\xac=\x9d\xd2\xdb\xe6\xbf\xb4\b\xedcJ\x8e\x84\xd4N\x12\x9b\x1f\t\xbd\x11+\x86T\x16\xa3\xb3\xae0\x9f9?\xefo\xa4k\x012>\xa1\x9c\x86x\x1c\x9f\x84\x195\xde\x97_\t~\xf3Y\x12\"p^\xc1\x0f', 0x0) pipe2(&(0x7f00000001c0)={0xffffffffffffffff}, 0x80000) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000240)='TIPCv2\x00') sendmsg$TIPC_NL_PUBL_GET(r1, &(0x7f00000004c0)={&(0x7f0000000200), 0xc, &(0x7f0000000400)={&(0x7f0000000700)=ANY=[@ANYBLOB="f800b900ee6059aa5bf14ff6a69df6cf78598587885cc2979be4d33804ce45cf25a023e9d85b90b16d1c4f676e9d8d20b58f8357894ddc76b8621dbea8fcf60e000000000000beb107743e7f8356bb1b4c0de66bec6f53d13682abef3e61e52e81ef49b7430113f3811d3f04cf033549732f89d78a64aad3db174f0fa25aae831eb197865d", @ANYRES16=r2, @ANYBLOB="00012abd7000fedbdf25070000002400020008000100a400000008000100800000000800010000000000080001000600000068000100080003000000000008000300ff000000380004001400010002004e20e00000020000000000000000200002000a00000000000005ff010000000000000000000000000001060000000c00020008000300f7e50000100001007564703a73797a3100000000140009000800010002000000080002005f03000020000200080002003200000004000400080001000500000008000100fdffffff24000900080001000400000008000200348bffff08000100020000000800010000000100d38e0166af14aef0fed3fe37ccb98b8e1d618758710bcc343515620b7485b2e5d34afd97798864139f9bd4a82584dd5fa513b207b6aed55e6fa9e1a400b4c5cfda809f61fa901ac4e4a13376e03f6d591f46"], 0x3}, 0x1, 0x0, 0x0, 0x40000}, 0x20004010) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='Cpuacct.stE\xae\x00', 0x275a, 0x0) r3 = creat(&(0x7f0000000080)='./bus\x00', 0x0) fallocate(r3, 0x0, 0x0, 0x1) read$eventfd(r3, &(0x7f00000003c0), 0x8) fallocate(r0, 0xe, 0x6, 0xffffffffffff5a11) r4 = creat(&(0x7f0000000280)='./bus\x00', 0x80) r5 = socket$inet6(0xa, 0x400000000001, 0x0) r6 = fcntl$getown(r4, 0x9) capget(&(0x7f00000000c0)={0x20080522, r6}, &(0x7f0000000140)={0x1, 0x8000, 0x81, 0x40, 0xfffffffff0520d4f, 0x5}) r7 = dup(r5) ioctl$FICLONE(0xffffffffffffffff, 0x40049409, r5) setsockopt$inet6_tcp_int(r7, 0x6, 0x12, &(0x7f0000000000)=0x7f, 0x4) bind$inet6(r5, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r5, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$SO_BINDTODEVICE(r5, 0x1, 0x19, &(0x7f0000000180)='syz_tun\x00', 0x10) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x400}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r8 = open(&(0x7f0000000440)='./bus\x00', 0x141042, 0x0) ftruncate(r4, 0x800fe) sendfile(r7, r8, 0x0, 0x8000fffffffe) [ 596.390140] protocol 88fb is buggy, dev hsr_slave_0 [ 596.395234] protocol 88fb is buggy, dev hsr_slave_1 [ 596.473817] overlayfs: unrecognized mount option "lo"%m{ [ 596.473817] +werdir=./file0" or missing value [ 596.496404] FAULT_INJECTION: forcing a failure. [ 596.496404] name failslab, interval 1, probability 0, space 0, times 0 [ 596.516822] overlayfs: unrecognized mount option "lo"%m{ [ 596.516822] +werdir=./file0" or missing value [ 596.521537] kauditd_printk_skb: 57 callbacks suppressed [ 596.521546] audit: type=1800 audit(2000000235.490:237): pid=22566 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op="collect_data" cause="failed(directio)" comm="syz-executor.1" name="file0" dev="sda1" ino=17361 res=0 [ 596.529069] CPU: 1 PID: 22568 Comm: syz-executor.3 Not tainted 4.14.138 #34 [ 596.562720] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 596.572246] Call Trace: [ 596.574840] dump_stack+0x138/0x19c [ 596.578486] should_fail.cold+0x10f/0x159 [ 596.582654] should_failslab+0xdb/0x130 [ 596.586630] kmem_cache_alloc+0x2d7/0x780 [ 596.590782] ? alloc_pages_current+0xf4/0x1e0 [ 596.595280] __pmd_alloc+0xbd/0x410 [ 596.598906] copy_page_range+0x12b7/0x1bd0 [ 596.603141] ? find_held_lock+0x35/0x130 [ 596.607214] ? __pmd_alloc+0x410/0x410 [ 596.611103] ? __vma_link_rb+0x247/0x340 [ 596.615171] copy_process.part.0+0x4764/0x6a00 [ 596.619776] ? __cleanup_sighand+0x50/0x50 [ 596.624014] ? lock_downgrade+0x6e0/0x6e0 [ 596.628166] _do_fork+0x19e/0xce0 [ 596.631623] ? fork_idle+0x280/0x280 [ 596.635339] ? fput+0xd4/0x150 [ 596.638532] ? SyS_write+0x15e/0x230 [ 596.642249] SyS_clone+0x37/0x50 [ 596.645612] ? sys_vfork+0x30/0x30 [ 596.649151] do_syscall_64+0x1e8/0x640 [ 596.653039] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 596.657890] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 596.662075] audit: type=1804 audit(2000000235.510:238): pid=22566 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op="invalid_pcr" cause="open_writers" comm="syz-executor.1" name="file0" dev="sda1" ino=17361 res=1 [ 596.663075] RIP: 0033:0x459829 [ 596.688807] RSP: 002b:00007f74f3dd6c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 596.696527] RAX: ffffffffffffffda RBX: 00007f74f3dd6c90 RCX: 0000000000459829 [ 596.703800] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 596.711071] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 03:37:15 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x822102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg$netlink(0xffffffffffffffff, &(0x7f0000001dc0)={0x0, 0x0, &(0x7f00000000c0)=[{0x0, 0xfffffffffffffce2}, {0x0, 0x15e}, {0x0, 0x2c3}, {&(0x7f0000000000)=ANY=[@ANYBLOB="b803010000000020000000000000000000"], 0x9c}], 0x4}, 0x0) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x4) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0xffffffffffffffff, r0, 0x0, 0x0) 03:37:15 executing program 5: syz_open_dev$sndtimer(&(0x7f0000000100)='/dev/snd/timer\x00', 0x0, 0xc2) r0 = memfd_create(&(0x7f0000000040)='\x00\xac=\x9d\xd2\xdb\xe6\xbf\xb4\b\xedcJ\x8e\x84\xd4N\x12\x9b\x1f\t\xbd\x11+\x86T\x16\xa3\xb3\xae0\x9f9?\xefo\xa4k\x012>\xa1\x9c\x86x\x1c\x9f\x84\x195\xde\x97_\t~\xf3Y\x12\"p^\xc1\x0f', 0x0) pipe2(&(0x7f00000001c0)={0xffffffffffffffff}, 0x80000) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000240)='TIPCv2\x00') sendmsg$TIPC_NL_PUBL_GET(r1, &(0x7f00000004c0)={&(0x7f0000000200), 0xc, &(0x7f0000000400)={&(0x7f0000000700)=ANY=[@ANYBLOB="f800b900ee6059aa5bf14ff6a69df6cf78598587885cc2979be4d33804ce45cf25a023e9d85b90b16d1c4f676e9d8d20b58f8357894ddc76b8621dbea8fcf60e000000000000beb107743e7f8356bb1b4c0de66bec6f53d13682abef3e61e52e81ef49b7430113f3811d3f04cf033549732f89d78a64aad3db174f0fa25aae831eb197865d", @ANYRES16=r2, @ANYBLOB="00012abd7000fedbdf25070000002400020008000100a400000008000100800000000800010000000000080001000600000068000100080003000000000008000300ff000000380004001400010002004e20e00000020000000000000000200002000a00000000000005ff010000000000000000000000000001060000000c00020008000300f7e50000100001007564703a73797a3100000000140009000800010002000000080002005f03000020000200080002003200000004000400080001000500000008000100fdffffff24000900080001000400000008000200348bffff08000100020000000800010000000100d38e0166af14aef0fed3fe37ccb98b8e1d618758710bcc343515620b7485b2e5d34afd97798864139f9bd4a82584dd5fa513b207b6aed55e6fa9e1a400b4c5cfda809f61fa901ac4e4a13376e03f6d591f4663839b5b00"], 0x3}, 0x1, 0x0, 0x0, 0x40000}, 0x20004010) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='Cpuacct.stE\xae\x00', 0x275a, 0x0) r3 = creat(&(0x7f0000000080)='./bus\x00', 0x0) fallocate(r3, 0x0, 0x0, 0x1) read$eventfd(r3, &(0x7f00000003c0), 0x8) fallocate(r0, 0xe, 0x6, 0xffffffffffff5a11) r4 = creat(&(0x7f0000000280)='./bus\x00', 0x80) r5 = socket$inet6(0xa, 0x400000000001, 0x0) r6 = fcntl$getown(r4, 0x9) capget(&(0x7f00000000c0)={0x20080522, r6}, &(0x7f0000000140)={0x1, 0x8000, 0x81, 0x40, 0xfffffffff0520d4f, 0x5}) r7 = dup(r5) ioctl$FICLONE(0xffffffffffffffff, 0x40049409, r5) setsockopt$inet6_tcp_int(r7, 0x6, 0x12, &(0x7f0000000000)=0x7f, 0x4) bind$inet6(r5, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r5, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$SO_BINDTODEVICE(r5, 0x1, 0x19, &(0x7f0000000180)='syz_tun\x00', 0x10) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x400}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r8 = open(&(0x7f0000000440)='./bus\x00', 0x141042, 0x0) ftruncate(r4, 0x800fe) sendfile(r7, r8, 0x0, 0x8000fffffffe) 03:37:15 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/mixer\x00', 0x4000, 0x0) write$uinput_user_dev(r1, &(0x7f00000001c0)={'syz1\x00', {0x5, 0x9, 0xb6, 0x8}, 0x9, [0x80000001, 0xca7f, 0x80000000, 0x5d, 0x10001, 0x400, 0x8000000, 0x4, 0x89b, 0x7, 0xa3, 0x1f, 0x4, 0xa26, 0x1, 0x3, 0x20, 0x101, 0x1, 0x2, 0x265, 0x9, 0x20, 0xff, 0x9, 0xfb8b, 0x3, 0x81, 0x7ff, 0x2, 0xffffffff, 0x0, 0x6, 0x0, 0x1f, 0xcad3, 0x3, 0x1, 0x9, 0x400, 0x822, 0x7, 0x7, 0x7c9, 0x1, 0x5, 0x7ff, 0x7fffffff, 0x3ff, 0x8, 0x6, 0x2, 0x7, 0x8da, 0xffffffffffffffcd, 0x55d, 0x8000, 0xfffffffffffeffff, 0x1ff, 0xffffffffffff7fec, 0x0, 0x5, 0xffffffffffff7fff, 0x5], [0x1443, 0xfff, 0x3, 0x1ff, 0x2, 0x4, 0x9, 0x3, 0x0, 0x12, 0x2, 0x0, 0xfffffffffffffeff, 0x6, 0x4, 0x1000, 0x0, 0xfb4, 0x80, 0xf141, 0x4, 0x0, 0x7, 0x100000001, 0x9, 0x6, 0xec, 0x4ba, 0x815, 0x7, 0x7, 0x8, 0x4, 0x1, 0x1010000, 0x1, 0x100000000, 0x23f7, 0x1, 0x3, 0x400, 0x6, 0x9, 0x0, 0x9, 0x0, 0x6, 0xffffffffffffffe0, 0x2, 0x40, 0x5e00000000000000, 0x80000001, 0x6, 0x20, 0x7ff, 0x1000, 0xfda, 0x9, 0x100000000, 0x0, 0x401, 0x7ff, 0x94c4, 0x40], [0x7, 0x100000001, 0xad, 0x1, 0x5, 0x7, 0x3, 0x3ff, 0x7, 0x6, 0x9, 0x7f, 0x5, 0x1, 0x68, 0x1da200, 0x10000, 0x3, 0xe76, 0x4, 0x2000000000000000, 0x7fff, 0xd70, 0x0, 0x2, 0xfffffffffffffff8, 0x800, 0x6, 0x1, 0xcf1, 0xffff, 0x83a1, 0x200, 0x9, 0x0, 0x800, 0xffffffffffffff5a, 0x7, 0x0, 0x2, 0x8, 0x4, 0x3, 0x1, 0x3, 0x0, 0x4, 0x7f, 0x9, 0xfffffffffffff314, 0x8000, 0x3f, 0x1f, 0x800, 0xda1b, 0x4, 0x0, 0x3, 0x46, 0x3, 0x0, 0x0, 0x100000001, 0x4], [0xcf, 0xffff, 0x2, 0x5, 0x16ba, 0x6, 0x8, 0x6, 0xffffffffffffffc1, 0xffff, 0x8, 0x2, 0x5, 0x6, 0x7ff, 0xb88b, 0x2, 0x4, 0x38, 0x9, 0x600000, 0x1, 0x23, 0x7, 0xff, 0x4db, 0x4, 0x9, 0x9, 0x10001, 0x9, 0x3, 0x0, 0xff, 0x9842, 0x47cd59a0, 0x24, 0x9, 0x8, 0x2, 0x3, 0x104, 0x5, 0xd17, 0x8, 0x4, 0x101, 0x4, 0x8, 0x3, 0xfffffffffffffff9, 0x75b6e3f5, 0x3, 0xffffffff00000001, 0x0, 0x40, 0x5, 0x400, 0x5, 0x3, 0x6, 0x1, 0x6, 0x5]}, 0x45c) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = syz_open_dev$radio(&(0x7f0000000040)='/dev/radio#\x00', 0x1, 0x2) ioctl$KVM_IRQFD(r2, 0x4020ae76, &(0x7f00000008c0)={r3}) [ 596.718336] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f74f3dd76d4 [ 596.725603] R13: 00000000004bfce6 R14: 00000000004d1a38 R15: 0000000000000004 03:37:15 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca50d5e0bcfe47bf070") r1 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000080)='/selinux/enforce\x00', 0x100, 0x0) setns(r1, 0xb35a1d4f17c4263e) mkdir(&(0x7f00000001c0)='./file0\x00', 0x0) mkdir(&(0x7f0000000040)='./file1\x00', 0x0) mount$overlay(0x40000a, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='overlay\x00', 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="75707065726469723d2e2f66696c65302c6c6f7765726469723d2eefe6f083b9c3e4d46f726b6469723d2e2f66696c65315c00"]) ioctl$LOOP_SET_FD(r1, 0x4c00, r1) getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(r1, 0x84, 0x7c, &(0x7f0000000140)={0x0, 0x7, 0x7}, &(0x7f0000000180)=0x8) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r1, 0x84, 0x7c, &(0x7f0000000200)={r2, 0x40, 0x7}, 0x8) 03:37:15 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x822102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg$netlink(0xffffffffffffffff, &(0x7f0000001dc0)={0x0, 0x0, &(0x7f00000000c0)=[{0x0, 0xfffffffffffffce2}, {0x0, 0x15e}, {0x0, 0x2c3}, {&(0x7f0000000000)=ANY=[@ANYBLOB="b803010000000020000000000000000000"], 0x9c}], 0x4}, 0x0) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x4) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, 0x0, 0x0, 0x0) 03:37:15 executing program 1: r0 = syz_init_net_socket$x25(0x9, 0x5, 0x0) ioctl$SIOCX25GSUBSCRIP(r0, 0x89e1, &(0x7f0000000180)={'eth0\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\r\xbb?\x89\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x1a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00$\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\x17\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00S0\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00_/0\xef\x00\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\b\x00', 0x0, 0x2}) r1 = accept(r0, &(0x7f0000000080)=@isdn, &(0x7f0000000100)=0x80) connect$pppoe(r1, &(0x7f0000000140)={0x18, 0x0, {0x0, @broadcast, 'nr0\x00'}}, 0x1e) r2 = syz_open_dev$media(&(0x7f0000000000)='/dev/media#\x00', 0x0, 0x2a000) bind$inet6(r2, &(0x7f0000000040)={0xa, 0x4e21, 0xb88, @empty, 0x400}, 0x1c) [ 596.845195] x86/PAT: syz-executor.3:22568 freeing invalid memtype [mem 0x00002000-0x00002fff] [ 596.885093] overlayfs: missing 'workdir' 03:37:15 executing program 3 (fault-call:6 fault-nth:25): mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000200)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000003c0)='./file0\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffe000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) [ 596.902953] overlayfs: missing 'workdir' 03:37:15 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca50d5e0bcfe47bf070") mkdir(&(0x7f00000001c0)='./file0\x00', 0x0) mkdir(&(0x7f0000000040)='./file1\x00', 0x0) mount$overlay(0x40000a, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='overlay\x00', 0x0, &(0x7f0000000100)={[{@upperdir={'upperdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './file1'}, 0x5c}], [], 0xf603000000000000}) getuid() 03:37:15 executing program 1: r0 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/pfkey\x00', 0x0, 0x0) syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00') close(r0) 03:37:16 executing program 5: syz_open_dev$sndtimer(&(0x7f0000000100)='/dev/snd/timer\x00', 0x0, 0xc2) r0 = memfd_create(&(0x7f0000000040)='\x00\xac=\x9d\xd2\xdb\xe6\xbf\xb4\b\xedcJ\x8e\x84\xd4N\x12\x9b\x1f\t\xbd\x11+\x86T\x16\xa3\xb3\xae0\x9f9?\xefo\xa4k\x012>\xa1\x9c\x86x\x1c\x9f\x84\x195\xde\x97_\t~\xf3Y\x12\"p^\xc1\x0f', 0x0) pipe2(&(0x7f00000001c0)={0xffffffffffffffff}, 0x80000) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000240)='TIPCv2\x00') sendmsg$TIPC_NL_PUBL_GET(r1, &(0x7f00000004c0)={&(0x7f0000000200), 0xc, &(0x7f0000000400)={&(0x7f0000000700)=ANY=[@ANYBLOB="f800b900ee6059aa5bf14ff6a69df6cf78598587885cc2979be4d33804ce45cf25a023e9d85b90b16d1c4f676e9d8d20b58f8357894ddc76b8621dbea8fcf60e000000000000beb107743e7f8356bb1b4c0de66bec6f53d13682abef3e61e52e81ef49b7430113f3811d3f04cf033549732f89d78a64aad3db174f0fa25aae831eb197865d", @ANYRES16=r2, @ANYBLOB="00012abd7000fedbdf25070000002400020008000100a400000008000100800000000800010000000000080001000600000068000100080003000000000008000300ff000000380004001400010002004e20e00000020000000000000000200002000a00000000000005ff010000000000000000000000000001060000000c00020008000300f7e50000100001007564703a73797a3100000000140009000800010002000000080002005f03000020000200080002003200000004000400080001000500000008000100fdffffff24000900080001000400000008000200348bffff08000100020000000800010000000100d38e0166af14aef0fed3fe37ccb98b8e1d618758710bcc343515620b7485b2e5d34afd97798864139f9bd4a82584dd5fa513b207b6aed55e6fa9e1a400b4c5cfda809f61fa901ac4e4a13376e03f6d591f4663839b5b00"], 0x3}, 0x1, 0x0, 0x0, 0x40000}, 0x20004010) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='Cpuacct.stE\xae\x00', 0x275a, 0x0) r3 = creat(&(0x7f0000000080)='./bus\x00', 0x0) fallocate(r3, 0x0, 0x0, 0x1) read$eventfd(r3, &(0x7f00000003c0), 0x8) fallocate(r0, 0xe, 0x6, 0xffffffffffff5a11) r4 = creat(&(0x7f0000000280)='./bus\x00', 0x80) r5 = socket$inet6(0xa, 0x400000000001, 0x0) r6 = fcntl$getown(r4, 0x9) capget(&(0x7f00000000c0)={0x20080522, r6}, &(0x7f0000000140)={0x1, 0x8000, 0x81, 0x40, 0xfffffffff0520d4f, 0x5}) r7 = dup(r5) ioctl$FICLONE(0xffffffffffffffff, 0x40049409, r5) setsockopt$inet6_tcp_int(r7, 0x6, 0x12, &(0x7f0000000000)=0x7f, 0x4) bind$inet6(r5, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r5, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$SO_BINDTODEVICE(r5, 0x1, 0x19, &(0x7f0000000180)='syz_tun\x00', 0x10) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x400}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r8 = open(&(0x7f0000000440)='./bus\x00', 0x141042, 0x0) ftruncate(r4, 0x800fe) sendfile(r7, r8, 0x0, 0x8000fffffffe) [ 597.034822] FAULT_INJECTION: forcing a failure. [ 597.034822] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 597.057083] CPU: 1 PID: 22603 Comm: syz-executor.3 Not tainted 4.14.138 #34 [ 597.064215] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 597.073578] Call Trace: [ 597.076180] dump_stack+0x138/0x19c [ 597.079826] should_fail.cold+0x10f/0x159 [ 597.083979] ? __might_sleep+0x93/0xb0 [ 597.087873] __alloc_pages_nodemask+0x1d6/0x7a0 [ 597.092552] ? __alloc_pages_slowpath+0x2930/0x2930 [ 597.097580] alloc_pages_current+0xec/0x1e0 [ 597.101909] pte_alloc_one+0x1a/0x100 [ 597.105714] __pte_alloc+0x2a/0x2d0 [ 597.109344] copy_page_range+0x11ba/0x1bd0 [ 597.113603] ? __pmd_alloc+0x410/0x410 [ 597.117497] copy_process.part.0+0x4764/0x6a00 [ 597.122105] ? __cleanup_sighand+0x50/0x50 [ 597.125311] overlayfs: filesystem on './file0' not supported as upperdir [ 597.126339] ? lock_downgrade+0x6e0/0x6e0 [ 597.126356] _do_fork+0x19e/0xce0 [ 597.126370] ? fork_idle+0x280/0x280 [ 597.144485] ? fput+0xd4/0x150 [ 597.147688] ? SyS_write+0x15e/0x230 [ 597.151412] SyS_clone+0x37/0x50 [ 597.154778] ? sys_vfork+0x30/0x30 [ 597.158406] do_syscall_64+0x1e8/0x640 [ 597.162291] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 597.167144] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 597.172332] RIP: 0033:0x459829 [ 597.175519] RSP: 002b:00007f74f3dd6c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 03:37:16 executing program 1: ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0) memfd_create(0x0, 0x0) r0 = openat$vfio(0xffffffffffffff9c, 0x0, 0x10000, 0x0) r1 = syz_open_dev$dspn(&(0x7f00000000c0)='/dev/dsp#\x00', 0x1, 0x2) ioctl$int_in(r1, 0x800000c004500a, &(0x7f0000000040)=0x10000000006) r2 = perf_event_open(&(0x7f0000000980)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$inet_sctp6_SCTP_PR_ASSOC_STATUS(r1, 0x84, 0x73, &(0x7f0000000000)={0x0, 0x8, 0x20, 0x4, 0x3}, &(0x7f0000000080)=0x18) setsockopt$inet_sctp_SCTP_SET_PEER_PRIMARY_ADDR(r1, 0x84, 0x5, &(0x7f0000000180)={r3, @in={{0x2, 0x4e22, @empty}}}, 0x84) faccessat(r1, 0x0, 0x0, 0x0) mremap(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x4000, 0x2, &(0x7f0000ffa000/0x4000)=nil) setxattr(&(0x7f0000000100)='./file0\x00', &(0x7f0000000240)=@random={'osx.', '/&ppp0+nodeveth1\xd2ppp0\x00'}, &(0x7f0000000280)='\x00', 0x1, 0x3) getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r0, 0x84, 0xa, &(0x7f0000000140)={0x100000005, 0x200000000000004, 0x8203, 0x0, 0x10001, 0x0, 0x2}, 0x0) write$UHID_INPUT(r1, &(0x7f00000002c0)={0x8, "b13e1c20d1764d052a4289a71186ca1abfa7f39eb694f4602948f6585c2842ac42cb2f94b098e98f2bcd6128dab4a71d544e96e01e3a9a3548ee5f554c06d963346edb9d133e86fdd31c21e9aaffeb52f7cd63297b1fd0db1845e12bda3ce00f0cca0e6ac9c42a61e687c24c0553b408359c86c7bfd7a30944ac327f982b011258e85ee00f050c38e73199d07b72b225a96ab0fb5a9ea944a233e46cd4c25aaa0fe04bd9b3203f61a06c8f094563ffa0078e50248ce1acebc03c75069eb1cb20ebbe30ec063f9ebc45290dc4f8b56ebb08d32e4df04785fd385029f766a0b96db6a1b6615de63393fe97082c076a7170d2b1c06ce0627d6acae850c2b95f38b079a352f27bf6f5460078b8e597c1d3bdb5cf9e73f42eec5aea224ab44b94e18e812864faeaf770ba7471f99b07d41d573d1d4c3833fb4410ea36d710bfa66ccdb14a1927a678f873b023e82c341a43704adb37242a67b2a46d02ab7aee23cf3030a2f3dd58eece667b6e9393ee8d36649e37e83b1c73c0ef65b4df6173c1c25324fbb9afa1361dc4275f152deb03d7138a688eb9dc66e7845ce1be5647bf740b0e1dd038120ef1e3e1cf420cf8b723bef771376e433935e4f9096a10c4a969aceaac4791c41f365b274dab49bddf51b22a24c05ceaedcbf45febc927e98f410d38247d7679cee7b0d3041eaebd7821924ad31e7c5137bf87ce1ec537a981779f0a4c57bbbb5c641cfd02e1e3904f48b0be96fc9851b6bc8c4260168eea9d9d111e2777f78a9021d5eb0166e39410bf279656770263ca2fb7ac0e30d5e168f8cf4bc5665d057da939b770568e41d0fcec5d6aac0bf4ae66fb099b786cdce7f6a9bc00b83d8ed72440a9724d4ef8af71c7efbc31397930cdcb99d30502ecbcc7ddb9161ade16a1badbd7ea3c6c65b387b46234c4660c816506a2f76264bba07ecb685532116bd971464b58e3ea0a29c2fa1d49d9c6308806db01326e9a1b6bbb556f6479b29f48718e211d75f08d0fb477ad8dae5aeaad7e176b2c5ae331ef78212e9dd7e506549dc74ffd940dc91d74aee2fa7f28855919c163f443804e2a072ad8add2be84df87e414afcab0f8e6f67d3ebb1778a6798d50233da09d29b95c0da97304b7a025e50a7c89e614c63bc69477bfe0e5ae2c468332d134f9e22b19eb2f01c8e8d5148b9b980f8b9aa0cab9ba89aafe16d6a8cf9cb5ae659d8fba88e2841f3d6ac0c44dd9f03787d357fe31a4f551e247bfb73b1f2aa1e208c36aa90dcfc4da8877967c05fe951716ec2293d79c6083e79061bbe18150e2af1d889bb4e87c7735b0e7b88a3109a906d1bd4bf9b98c2462420ecc4e9f3a274a6678bc56e9aa7f3d64677141f874f35d00d04a1dc83126ccd69a0221305a3a5418ec24e163b165c1e4533c38f3d213de4012aece68ed11e2f42325d6da5eef78ee985f81a7991e3d1ff69188059c292779579418ef81177fa94b43cdd0fbf92d31f0fb592a864ddc98ddd5b49ece865e7c7a6c873169d0eea46c1a44f645b1cfa40849ffb9f5355ab396dc1a875180f17103be63be4e7d1920949c59ba5d47341c176ac307e165b9733ac5cd9e9691f5ecd76b467881b78f217d50903a06c57270f4104fd26d496dd7e08c27209185761882923f6447c73d53a74e28132e6bf97ee4f2df9d03be88653a9a7251d8df247f1a75f91f95886ce317e3c125aa7686eec86708fa72c9b33a664e76c0ed891ff9d840ac121ae3f96d32330a14fd76df19c7ae0434e2103d6e9175da0b6cc7a007a0a18615271771434959de305636cf7fbfdd16239bff7dbc656a702ebd48f9a2b1937cca80604ec525d292bb7337459235ad047c6933b6c81bd966ea60ec863de568a9e6d8e0378916f441e0f8b2b74df49b9b24094fd643413469428a537aed19b72bf9381ebab4cd57400ecad1cf1b792e9610910d02f9a779b009840e3f1a1395a87f1e590c33018be80a3f34bbaf49e415ba7d3858b40788cd19211b8cad3789870fb252f8991d64bff9558a67a2316ec2402c2f9c52de42e6389fc90bc4379f7b899b1a943035d64f20b7766edf08fdfa185d00493031f0d3f9ad7dce841f725c5adcba896a76857918a2f54c8aa2e50f71eda35b8fea3732a02c146201ad9f4b65b7caa09e2a73f72aee1ce428a35489038d5cc859fbd48be8da5d088ccab897a248fe418b89b409ab5507af725f077d264abec5b53667ca06aed03815dd537535a3360a50ca3d09c025b5057362c7cb5a4b99c58ac64fe813f4d7f2cafbc3048835ec43fa68170ec7310342134c9b5ec417763db145555cdd37f24b27b0911d172710b74d3c754aac02b24030166cbf2eccfaf1e909b629b7919db1351cd0167e8b6bddc5ce4b7e13cbf0c095f636427d440d058e7637eb117947fc6a60942d10bd455030ee38fc447fd3e6232efba65def558dcff60274e6b2ad62464b4f767bcfec22c681c12bdabf1fedc3946f45c9a34a9169f79ea60a9d190dcf1ce14957382af602dd134b610b269247f38c3d4e233f2fda399dc4cf09139cff9e9c731f8bf940df3cbdf9355f604bd0f3d3b20a6cfc39a7d9ff74f734750187b30c1a970a432bf7e9417cc87d8dea00c4e1885845e1a59bc6a5487687c5bca514e9dcf372bcdc0fe4a47f3e4ac456b1a812e69f88b2a8a964d946cc102ba6f3a7c965df24653c6384d810cf157c8581d4b40e874aded8d227a25fab9889f02698bf52980f048408de4a96226949eba5d1b7f41fce61ae1ff9388e096646ddda4c222f7b9bffc1d3e5b645b6e248637698f6a5be1dc03ff7aa9f418153beeef9b9d67ac5b6fc888e5adf0db41a6d5cac2b600af3b428a1294f4fdb4cf64ccc254c1c7ef71b9be3afceb797fc9504bc3f3dde217687d47cd445c44bea2b16eacae76f16d868b77065b189bd7c4678f3a5fc99b4d020d42972d010b7a6b22de46b434f2d8ec4f567af2d531817ec81ffa36cc27d073a66d2152f1be2a8dce08e98a00f473f22e680cf0ebdcf37936cee60f99eec69503a15d8e36f8d599b535021693fb52f9dc93e315d6e849bd4bf9d05fb25f0b09de91b73ca4edfbfa04d9262d449eab2be542ea30f316384609efc52ed641a9e32d48e4a57c65e8bfa5c13e769d5402a0b125c17360800bf0da8592a75abe647f1d9b1072942947da82e701308b60ecdcfd40d7b6cf44b443493ef0466790547c0a8e5914484969e52cba3787c41df965f91ed7074cd62a63db7e1c35b8f9ac30521295ae7b9c81143926f1dd36aefdfbcd7056b0d4209cabe113a18c58ecc062df687666725707029a8be3ef5721484bd429bab33fceb76c6a0f079da8819d0d9565f5e4ed45eb531f9501b85b619b5323169b0297b7cedcf6f288225dd5e6a7f52c1b96cd38dd94b2f6b8cfc6dbd7862901a5295dca5ecbae72344f41c4a222bd6711831d265b910d547501116bcfbf3c9e104b446175c4c8a4e56445ca22f9363f0f54858a8eb4a1c43103bca578c5b0ee372efd705a950510dbbfa4f74c8ddb4bbc1f07dd410ebb39c01f4da8a0bad2d3d35df3a12a9fa2daf44c8163d59aba8a7351ecc9fe4cd25b987dba700e73d7174307161adf70db0e7a802d7c9ec1b912ee58b0a35c2c6f40f112d70ab5aa708071379280c9ffbceaf0a4ec45c89ac0bf3ef40538302b685e24574da8bde8654e99eff66c9ad5e6beafa0e48e1c293c53d955980346cbc052d15e5d1f3baed388dfaa72ca089af06ae757466a704b93a0ff13cb5c722f0b872432a4fd4513ed56825b13ddd4d8c02eb624c8358199f52679421ab0e1792869f6b4aea523a1079b3138f1ef761c6df102096eff43ddb23ee668b9cc5161433feb318903b58387c3dae2833a8c770e7c6e27c31a1fca07377fbb07f11911be6192f7518a8d089b89826e48b28f5c8a00784bef9b2f68c90838eb2c9fcaeda4bb76782510082c977a7ecdd5743e9da8f088a3b67a25cfb25db4a709b6cbf5425e7efa8c2e472464606d9ccd2fc0f73cd1d51a5aa19d9caba10be2147f8e1ad763ba45693f9f078b0716cf588142be847ca67dc132c5782fed12b7d95c55a9bcfdfb85cb48698a45621cc2f1c85559617ece7def71486290b0cf8e987e8788e1a13f17e3f24b93ed2009ebe42e3bea9571f98b39b787c107dcada3a36fa1fe93736e74ec34af80a182cf0adf2846577f1d474c9ff1b4b8a2cfe6a2d445029ca77088b9c84be63655d48cbc5f61b18d7cda0d141f2db6bc3c479aa6ca19638e2c37da38768eb8820e5679345d2abe8033318eb952e297e17dacaaee3df7ef1d6cd554e9b1b453c44e3d4e030e25c5f9ed094100f6d9b1dc5dab371436ab252cc4d7fdf8fe4b7f36ab71f2bbe3878217b151664c3b9ae970e473ae164d77f294ca8ad58634ea446880e8327fc7af2a088e39508443a601eaa00742a7d0ad459dcac24a60edcfa6ac9f72f428c2b8dd30b8278e28f25a1a129d23cacd765de4c4aa52819578951bb8e311e8621f627e3463e2562b6dbc8d1c431c240f1424599438b9c94723f79ffd1fa1bc94104e4598bd43244302f86ddbe47ad8671e25f406aa507ba45bdba09841827a697cece002f79ec7cf14488789d754f84818d180bd04a11cb2115441a402bea2be749ef233bcd26ca27df828ada877a893e54ea3e6ea29e62d6e7693af7cbee59ccdb4045d0e6eeec3d8f59205f324a5f7cf5f871929c83ada04bc5d3990288dca5eb312339933ffb1031e05866e1b2d0aad0ca940795458b7d6c8a3750a76e1e6c8ccd48ca542d6c51164431d70c9d35f0f828cdec404a175a44bc2a9651ec5281c0f3aee9e4375f0eb139f58fa4419fddf9ebe2f8f37121a57397e7e830ac097ed375521a68f7cdc471621b769fef40cd19d8d55a82e27bf5b0cc4182359db7c9066e2ee10df279a89e96fcfea225995f065f7f286b8c8ef9b6c82a34df14dda2f737f557578ce5b15944e3149110102d80465c1b436b6bbb16fdc64a9d130ec7644bc162f0e2c5669a9254970a062561e269d85b72b4748d71d88ca20778287bc3b9613043166862f133f366f6361b9e1d040bbcd9728a70fcf3be7ea8fe0f55980ed03f336ec49f7cb6899813acf47d3b2413e7b637b764fcb9003ece75f8a255b9cdc71f80dbbaa7eaa2111b5551feeb7ea31620a2c88897538915abedcd184d57c79d81505985f561820449c330bc3412bffb68c4c743c5a5a3acafcf00d7561a66f70e5835da530ba62f221211e1fefdc1fbc8c05b1b68b7eb2afac6ebbbc0b961b8ef8b27b555ce7641f6601ac19d5f4adb06b40155a2085ff32de5b2c5edd96a01a14d1bb49b58f1fd718bec428043819b8070e46f0215d2153318320754638d9b40a5214784e7c1f80dde05500cfe8e4dff855504e099634fb3d44829453cf4ac8db7e5a4144f96d4508de90ada04240637fd5b261cfbb80c8d9ccdea6c1d3485a85663cff9749133002c7f9c6ea4de1b50fe90dae397f6b5833e943e6c5f60e10d805e97e6869488b857b44d8c94276f668257c223e2e26dff75222d3f304f8a040ce058e1b7b3bc5f0b69c310beea64212ef0a54bc9fb858c25681cee574c532b64d4f8241e0b855f7f79d0a1ea22fc3d9ad5a1658b5c4d9d417e9eae47c81628341172609a8ef8c72fb6e4e48da6a10207e56b727f65c82d49e2dbb44b492e1265c2b28f98980334ccc3abb0cfd15d73c2f38f4c824022aa7a0ac0b7d35eea934d3455d21e8c710474e54bdf29be107ebc00", 0xa943708f26830065}, 0x1006) dup3(r2, r1, 0x0) fsetxattr$trusted_overlay_nlink(r2, &(0x7f0000001300)='trusted.overlay.nlink\x00', &(0x7f0000001340)={'L-', 0x7}, 0x28, 0x2) [ 597.183225] RAX: ffffffffffffffda RBX: 00007f74f3dd6c90 RCX: 0000000000459829 [ 597.190495] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 597.197762] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 597.205022] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f74f3dd76d4 [ 597.212272] R13: 00000000004bfce6 R14: 00000000004d1a38 R15: 0000000000000004 03:37:16 executing program 0: socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket(0x2000010000000015, 0x5, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000004, 0x8031, 0xffffffffffffffff, 0x0) ioctl$VIDIOC_ENUMAUDOUT(r1, 0xc0345642, &(0x7f0000000000)={0x3ad, "5008cbd2723281b354e955049746499bdc63ef0d5f2b7851618270dee1b05c47", 0x1, 0x1}) getsockopt(r2, 0x114, 0x400002710, 0x0, &(0x7f0000000040)) 03:37:16 executing program 5: syz_open_dev$sndtimer(&(0x7f0000000100)='/dev/snd/timer\x00', 0x0, 0xc2) r0 = memfd_create(&(0x7f0000000040)='\x00\xac=\x9d\xd2\xdb\xe6\xbf\xb4\b\xedcJ\x8e\x84\xd4N\x12\x9b\x1f\t\xbd\x11+\x86T\x16\xa3\xb3\xae0\x9f9?\xefo\xa4k\x012>\xa1\x9c\x86x\x1c\x9f\x84\x195\xde\x97_\t~\xf3Y\x12\"p^\xc1\x0f', 0x0) pipe2(&(0x7f00000001c0)={0xffffffffffffffff}, 0x80000) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000240)='TIPCv2\x00') sendmsg$TIPC_NL_PUBL_GET(r1, &(0x7f00000004c0)={&(0x7f0000000200), 0xc, &(0x7f0000000400)={&(0x7f0000000700)=ANY=[@ANYBLOB="f800b900ee6059aa5bf14ff6a69df6cf78598587885cc2979be4d33804ce45cf25a023e9d85b90b16d1c4f676e9d8d20b58f8357894ddc76b8621dbea8fcf60e000000000000beb107743e7f8356bb1b4c0de66bec6f53d13682abef3e61e52e81ef49b7430113f3811d3f04cf033549732f89d78a64aad3db174f0fa25aae831eb197865d", @ANYRES16=r2, @ANYBLOB="00012abd7000fedbdf25070000002400020008000100a400000008000100800000000800010000000000080001000600000068000100080003000000000008000300ff000000380004001400010002004e20e00000020000000000000000200002000a00000000000005ff010000000000000000000000000001060000000c00020008000300f7e50000100001007564703a73797a3100000000140009000800010002000000080002005f03000020000200080002003200000004000400080001000500000008000100fdffffff24000900080001000400000008000200348bffff08000100020000000800010000000100d38e0166af14aef0fed3fe37ccb98b8e1d618758710bcc343515620b7485b2e5d34afd97798864139f9bd4a82584dd5fa513b207b6aed55e6fa9e1a400b4c5cfda809f61fa901ac4e4a13376e03f6d591f4663839b5b00"], 0x3}, 0x1, 0x0, 0x0, 0x40000}, 0x20004010) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='Cpuacct.stE\xae\x00', 0x275a, 0x0) r3 = creat(&(0x7f0000000080)='./bus\x00', 0x0) fallocate(r3, 0x0, 0x0, 0x1) read$eventfd(r3, &(0x7f00000003c0), 0x8) fallocate(r0, 0xe, 0x6, 0xffffffffffff5a11) r4 = creat(&(0x7f0000000280)='./bus\x00', 0x80) r5 = socket$inet6(0xa, 0x400000000001, 0x0) r6 = fcntl$getown(r4, 0x9) capget(&(0x7f00000000c0)={0x20080522, r6}, &(0x7f0000000140)={0x1, 0x8000, 0x81, 0x40, 0xfffffffff0520d4f, 0x5}) r7 = dup(r5) ioctl$FICLONE(0xffffffffffffffff, 0x40049409, r5) setsockopt$inet6_tcp_int(r7, 0x6, 0x12, &(0x7f0000000000)=0x7f, 0x4) bind$inet6(r5, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r5, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$SO_BINDTODEVICE(r5, 0x1, 0x19, &(0x7f0000000180)='syz_tun\x00', 0x10) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x400}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r8 = open(&(0x7f0000000440)='./bus\x00', 0x141042, 0x0) ftruncate(r4, 0x800fe) sendfile(r7, r8, 0x0, 0x8000fffffffe) 03:37:16 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca50d5e0bcfe47bf070") mkdir(&(0x7f00000001c0)='./file0\x00', 0x0) mkdir(&(0x7f0000000040)='./file1\x00', 0x100) mount$overlay(0x40000a, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='overlay\x00', 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="75707065726469723d2e2f66696c65302c6c6f7765726469723d2e2f66696c65302c776f726b6469723d2e2f66696c65315c00aa44c0785dd045178f8ed01dcd6d7ddd5680f4f42218cc2dadd4180c03cb419502845bf575b5a74381a8f0294c901f36c954e37c2e43589f4705f18233334a453a1a89fa3efa324c1aeb6992c20818a4762d8b6974e0207e9cfd2c9368c0d6cd7b6c8610e1e30add6734daa3846a594af72811778b369ca437860256feca7b50d1d09bf1ee21fa12a00f1490a00f0554b8bcfdee5fdd245a595635c49e65fde1e80412874c2e709fb5c0485e56f66eee34408996be4735d3cb4ede910000000000000000"]) 03:37:16 executing program 3 (fault-call:6 fault-nth:26): mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000200)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000003c0)='./file0\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffe000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) 03:37:16 executing program 1: r0 = socket(0x5, 0x1, 0x4000) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000700)={'bridge_slave_0\x00', 0x0}) sendmsg$nl_route(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=ANY=[@ANYBLOB="4400000010000100000000400000000000000000", @ANYRES32=r2, @ANYBLOB="000000000000000024001200140001006272696467655f734c617665000000000c0005000800030000080000"], 0x44}}, 0x0) [ 597.235746] x86/PAT: syz-executor.3:22603 freeing invalid memtype [mem 0x00002000-0x00002fff] [ 597.356213] FAULT_INJECTION: forcing a failure. [ 597.356213] name failslab, interval 1, probability 0, space 0, times 0 [ 597.396806] overlayfs: filesystem on './file0' not supported as upperdir [ 597.452711] CPU: 0 PID: 22629 Comm: syz-executor.3 Not tainted 4.14.138 #34 [ 597.459880] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 597.469244] Call Trace: [ 597.471840] dump_stack+0x138/0x19c [ 597.475486] should_fail.cold+0x10f/0x159 [ 597.479651] should_failslab+0xdb/0x130 [ 597.483635] kmem_cache_alloc+0x2d7/0x780 [ 597.487819] ptlock_alloc+0x20/0x70 [ 597.491454] pte_alloc_one+0x60/0x100 [ 597.495266] __pte_alloc+0x2a/0x2d0 [ 597.498897] copy_page_range+0x11ba/0x1bd0 [ 597.503156] ? __pmd_alloc+0x410/0x410 [ 597.507050] copy_process.part.0+0x4764/0x6a00 [ 597.511666] ? __cleanup_sighand+0x50/0x50 [ 597.515907] ? lock_downgrade+0x6e0/0x6e0 [ 597.520058] _do_fork+0x19e/0xce0 [ 597.523516] ? fork_idle+0x280/0x280 [ 597.527234] ? fput+0xd4/0x150 [ 597.530433] ? SyS_write+0x15e/0x230 [ 597.534154] SyS_clone+0x37/0x50 [ 597.537518] ? sys_vfork+0x30/0x30 [ 597.541060] do_syscall_64+0x1e8/0x640 [ 597.544943] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 597.549791] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 597.554976] RIP: 0033:0x459829 [ 597.558161] RSP: 002b:00007f74f3dd6c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 597.565873] RAX: ffffffffffffffda RBX: 00007f74f3dd6c90 RCX: 0000000000459829 [ 597.573137] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 597.580401] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 597.587669] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f74f3dd76d4 [ 597.594937] R13: 00000000004bfce6 R14: 00000000004d1a38 R15: 0000000000000004 [ 597.614009] x86/PAT: syz-executor.3:22629 freeing invalid memtype [mem 0x00002000-0x00002fff] 03:37:18 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x822102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg$netlink(0xffffffffffffffff, &(0x7f0000001dc0)={0x0, 0x0, &(0x7f00000000c0)=[{0x0, 0xfffffffffffffce2}, {0x0, 0x15e}, {0x0, 0x2c3}, {&(0x7f0000000000)=ANY=[@ANYBLOB="b803010000000020000000000000000000"], 0x9c}], 0x4}, 0x0) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x4) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, 0x0, 0x0, 0x0) 03:37:18 executing program 1: r0 = openat$vnet(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vhost-net\x00', 0x2, 0x0) r1 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000200)='/dev/cachefiles\x00', 0x3c060125d9492e22, 0x0) ioctl$KVM_SET_MSRS(r1, 0x4008ae89, &(0x7f0000000100)={0x4, 0x0, [{0x8db, 0x0, 0x5}, {0xaa0}, {0xa85, 0x0, 0x1}, {0x1dd, 0x0, 0x6}]}) write$binfmt_elf32(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="7f454c460000000000000000000000000000000000000000000000003800000000000000000000000000200000000000000000000000000000000000000000000000f8ffffff00"/88], 0x58) 03:37:18 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca50d5e0bcfe47bf070") mkdir(&(0x7f00000001c0)='./file0\x00', 0x0) r1 = syz_open_dev$vcsn(&(0x7f0000000080)='/dev/vcs#\x00', 0xcafb, 0x101400) bind$rds(r1, &(0x7f0000000140)={0x2, 0x4e21, @loopback}, 0x10) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000180), &(0x7f0000000200)=0xc) mkdir(&(0x7f0000000240)='./file1\x00', 0x111) mount$overlay(0x40000a, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='overlay\x00', 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="75707065723c6c3dba03d16469723d2e2f6669723d2e2f66696c65302c776f726b6469723d2e2f66696c65315c00"]) 03:37:18 executing program 5: syz_open_dev$sndtimer(&(0x7f0000000100)='/dev/snd/timer\x00', 0x0, 0xc2) r0 = memfd_create(&(0x7f0000000040)='\x00\xac=\x9d\xd2\xdb\xe6\xbf\xb4\b\xedcJ\x8e\x84\xd4N\x12\x9b\x1f\t\xbd\x11+\x86T\x16\xa3\xb3\xae0\x9f9?\xefo\xa4k\x012>\xa1\x9c\x86x\x1c\x9f\x84\x195\xde\x97_\t~\xf3Y\x12\"p^\xc1\x0f', 0x0) pipe2(&(0x7f00000001c0)={0xffffffffffffffff}, 0x80000) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000240)='TIPCv2\x00') sendmsg$TIPC_NL_PUBL_GET(r1, &(0x7f00000004c0)={&(0x7f0000000200), 0xc, &(0x7f0000000400)={&(0x7f0000000700)=ANY=[@ANYBLOB="f800b900ee6059aa5bf14ff6a69df6cf78598587885cc2979be4d33804ce45cf25a023e9d85b90b16d1c4f676e9d8d20b58f8357894ddc76b8621dbea8fcf60e000000000000beb107743e7f8356bb1b4c0de66bec6f53d13682abef3e61e52e81ef49b7430113f3811d3f04cf033549732f89d78a64aad3db174f0fa25aae831eb197865d", @ANYRES16=r2, @ANYBLOB="00012abd7000fedbdf25070000002400020008000100a400000008000100800000000800010000000000080001000600000068000100080003000000000008000300ff000000380004001400010002004e20e00000020000000000000000200002000a00000000000005ff010000000000000000000000000001060000000c00020008000300f7e50000100001007564703a73797a3100000000140009000800010002000000080002005f03000020000200080002003200000004000400080001000500000008000100fdffffff24000900080001000400000008000200348bffff08000100020000000800010000000100d38e0166af14aef0fed3fe37ccb98b8e1d618758710bcc343515620b7485b2e5d34afd97798864139f9bd4a82584dd5fa513b207b6aed55e6fa9e1a400b4c5cfda809f61fa901ac4e4a13376e03f6d591f4663839b5b00066e99"], 0x3}, 0x1, 0x0, 0x0, 0x40000}, 0x20004010) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='Cpuacct.stE\xae\x00', 0x275a, 0x0) r3 = creat(&(0x7f0000000080)='./bus\x00', 0x0) fallocate(r3, 0x0, 0x0, 0x1) read$eventfd(r3, &(0x7f00000003c0), 0x8) fallocate(r0, 0xe, 0x6, 0xffffffffffff5a11) r4 = creat(&(0x7f0000000280)='./bus\x00', 0x80) r5 = socket$inet6(0xa, 0x400000000001, 0x0) r6 = fcntl$getown(r4, 0x9) capget(&(0x7f00000000c0)={0x20080522, r6}, &(0x7f0000000140)={0x1, 0x8000, 0x81, 0x40, 0xfffffffff0520d4f, 0x5}) r7 = dup(r5) ioctl$FICLONE(0xffffffffffffffff, 0x40049409, r5) setsockopt$inet6_tcp_int(r7, 0x6, 0x12, &(0x7f0000000000)=0x7f, 0x4) bind$inet6(r5, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r5, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$SO_BINDTODEVICE(r5, 0x1, 0x19, &(0x7f0000000180)='syz_tun\x00', 0x10) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x400}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r8 = open(&(0x7f0000000440)='./bus\x00', 0x141042, 0x0) ftruncate(r4, 0x800fe) sendfile(r7, r8, 0x0, 0x8000fffffffe) 03:37:18 executing program 3 (fault-call:6 fault-nth:27): mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000200)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000003c0)='./file0\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffe000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) 03:37:18 executing program 0: getsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(0xffffffffffffff9c, 0x84, 0x9, 0x0, 0x0) ioctl$VIDIOC_ENUM_FRAMESIZES(0xffffffffffffffff, 0xc02c564a, &(0x7f00000001c0)={0x0, 0x7f77775d, 0x3, @discrete={0x4, 0x4}}) setsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(0xffffffffffffffff, 0x84, 0x6, &(0x7f0000000a00)={0x0, @in={{0x2, 0x0, @multicast2}}}, 0x84) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000580)='/dev/hwrng\x00', 0xa40, 0x0) ioctl$SNDRV_SEQ_IOCTL_QUERY_NEXT_CLIENT(r0, 0xc0bc5351, &(0x7f0000000600)={0x1, 0x1, 'client1\x00', 0xffffffff80000005, "9bd8afa5036f5288", "5eeb2d7a2f243d49630074ddb6a9b9c302ee99bae4761d9b0363e8965b68efff", 0x3, 0x1}) sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0xa000000000000005) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = openat$selinux_avc_cache_threshold(0xffffffffffffff9c, &(0x7f0000000140)='/selinux/avc/cache_threshold\x00', 0x2, 0x0) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000340)='TIPCv2\x00') sendmsg$TIPC_NL_NAME_TABLE_GET(r1, &(0x7f00000003c0)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000380)={&(0x7f0000000ac0)=ANY=[@ANYBLOB="7db06ba80020005540ee0d355ceb496e62b3283e2640ff59619904c22a233f6445f64aaa1c62e05caf720fd74858070ffdd785057e50a5f7153d6e32b66d952efa386f5b011e5f4bb7c71aebd7be033cb17155a6ca1da9cd2fc1e940e2ba34b5111766dfa7c914c638a8999a371c36e7f2a5e4acac70473587d099a9ff803f5e2388527687d3d6f3e51fd1c05ba64f0d82611a1d10451ee0a8eb6869049e12328e38ed78e1e90db5245989eba5823d8f6b3d03d9f2d2a089561c4b", @ANYRES16=r2, @ANYBLOB="000228bd7000fbdbdf25100000002c000600040002000800010000080000040002000400020004000200040002000400020008000100010001006800040044000700080003001a070000080003000000000008000400000000000800020001040000080002000000000008000100190000000800040006000000080003000200000014000700080001001f00000008000300050000000c00010073797a3100000000"], 0xa8}, 0x1, 0x0, 0x0, 0x1}, 0x4000840) openat$proc_capi20(0xffffffffffffff9c, &(0x7f0000000080)='/proc/capi/capi20\x00', 0x800, 0x0) prctl$PR_SET_FPEXC(0xc, 0x3) setsockopt$IPT_SO_SET_ADD_COUNTERS(0xffffffffffffffff, 0x0, 0x41, &(0x7f0000000200)={'nat\x00', 0x4, [{}, {}, {}, {}]}, 0x68) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x159) lsetxattr$security_selinux(&(0x7f0000000880)='./file0\x00', 0x0, 0x0, 0x0, 0x0) r3 = getpgrp(0x0) setpriority(0x0, r3, 0xffff) r4 = open(&(0x7f0000000180)='./file0\x00', 0x40, 0x1) setxattr$security_capability(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='security.capability\x00', &(0x7f0000000500)=@v3={0x3000000, [{0x0, 0x4}, {0x692, 0x2}]}, 0x18, 0x0) clone(0x4007fc, 0x0, 0xfffffffffffffffe, &(0x7f0000000280), 0xffffffffffffffff) execve(&(0x7f0000000440)='./file0\x00', &(0x7f00000005c0)=[&(0x7f0000000300)='!\x00', &(0x7f0000000400)='\x00', &(0x7f00000004c0)='\x00', &(0x7f0000000540)='wlan1\x00'], &(0x7f0000000100)=[&(0x7f0000000700)='\x10\x00\x00\x00\x00']) bind$inet6(r4, &(0x7f0000000740)={0xa, 0x0, 0x7, @empty, 0x5}, 0xe7) recvmsg(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0xfffffffffffffde0, 0x0, 0x0, 0x0, 0xfffffffffffffffd}, 0x10000) r5 = openat$vhost_vsock(0xffffffffffffff9c, 0x0, 0x2, 0x0) ioctl$VHOST_SET_OWNER(r5, 0xaf01, 0x0) ioctl$VHOST_SET_VRING_ENDIAN(r5, 0x4008af13, 0x0) 03:37:18 executing program 1: r0 = creat(&(0x7f0000000180)='./bus\x00', 0x0) ioctl$FS_IOC_GETFSMAP(r0, 0xc0c0583b, &(0x7f0000000000)={0x0, 0x3ddc060000000000, 0x0, 0x0, [], [{0x801, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x87010000}, {0x801, 0x0, 0xa0008000}]}) [ 599.904862] FAULT_INJECTION: forcing a failure. [ 599.904862] name failslab, interval 1, probability 0, space 0, times 0 [ 599.908203] overlayfs: unrecognized mount option "upper\xa1\x9c\x86x\x1c\x9f\x84\x195\xde\x97_\t~\xf3Y\x12\"p^\xc1\x0f', 0x0) pipe2(&(0x7f00000001c0)={0xffffffffffffffff}, 0x80000) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000240)='TIPCv2\x00') sendmsg$TIPC_NL_PUBL_GET(r1, &(0x7f00000004c0)={&(0x7f0000000200), 0xc, &(0x7f0000000400)={&(0x7f0000000700)=ANY=[@ANYBLOB="f800b900ee6059aa5bf14ff6a69df6cf78598587885cc2979be4d33804ce45cf25a023e9d85b90b16d1c4f676e9d8d20b58f8357894ddc76b8621dbea8fcf60e000000000000beb107743e7f8356bb1b4c0de66bec6f53d13682abef3e61e52e81ef49b7430113f3811d3f04cf033549732f89d78a64aad3db174f0fa25aae831eb197865d", @ANYRES16=r2, @ANYBLOB="00012abd7000fedbdf25070000002400020008000100a400000008000100800000000800010000000000080001000600000068000100080003000000000008000300ff000000380004001400010002004e20e00000020000000000000000200002000a00000000000005ff010000000000000000000000000001060000000c00020008000300f7e50000100001007564703a73797a3100000000140009000800010002000000080002005f03000020000200080002003200000004000400080001000500000008000100fdffffff24000900080001000400000008000200348bffff08000100020000000800010000000100d38e0166af14aef0fed3fe37ccb98b8e1d618758710bcc343515620b7485b2e5d34afd97798864139f9bd4a82584dd5fa513b207b6aed55e6fa9e1a400b4c5cfda809f61fa901ac4e4a13376e03f6d591f4663839b5b00066e99"], 0x3}, 0x1, 0x0, 0x0, 0x40000}, 0x20004010) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='Cpuacct.stE\xae\x00', 0x275a, 0x0) r3 = creat(&(0x7f0000000080)='./bus\x00', 0x0) fallocate(r3, 0x0, 0x0, 0x1) read$eventfd(r3, &(0x7f00000003c0), 0x8) fallocate(r0, 0xe, 0x6, 0xffffffffffff5a11) r4 = creat(&(0x7f0000000280)='./bus\x00', 0x80) r5 = socket$inet6(0xa, 0x400000000001, 0x0) r6 = fcntl$getown(r4, 0x9) capget(&(0x7f00000000c0)={0x20080522, r6}, &(0x7f0000000140)={0x1, 0x8000, 0x81, 0x40, 0xfffffffff0520d4f, 0x5}) r7 = dup(r5) ioctl$FICLONE(0xffffffffffffffff, 0x40049409, r5) setsockopt$inet6_tcp_int(r7, 0x6, 0x12, &(0x7f0000000000)=0x7f, 0x4) bind$inet6(r5, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r5, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$SO_BINDTODEVICE(r5, 0x1, 0x19, &(0x7f0000000180)='syz_tun\x00', 0x10) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x400}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r8 = open(&(0x7f0000000440)='./bus\x00', 0x141042, 0x0) ftruncate(r4, 0x800fe) sendfile(r7, r8, 0x0, 0x8000fffffffe) 03:37:19 executing program 1: mq_notify(0xffffffffffffffff, &(0x7f0000000040)={0x20000000, 0x4000000000004, 0x2}) r0 = syz_open_dev$vbi(&(0x7f0000000000)='/dev/vbi#\x00', 0x2, 0x2) ioctl$SG_EMULATED_HOST(r0, 0x2203, &(0x7f0000000080)) [ 600.077044] RAX: ffffffffffffffda RBX: 00007f74f3dd6c90 RCX: 0000000000459829 [ 600.084812] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 600.084818] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 600.084824] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f74f3dd76d4 03:37:19 executing program 1: mremap(&(0x7f0000004000/0x2000)=nil, 0x2000, 0x1000, 0x7, &(0x7f0000ffe000/0x1000)=nil) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000e53fe8)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000007fe0)={{&(0x7f0000000000/0x4000)=nil, 0x4000}, 0x1}) ioctl$UFFDIO_UNREGISTER(r0, 0xc020aa04, &(0x7f0000007ffc)={&(0x7f0000000000/0x2000)=nil, 0x2000}) [ 600.084829] R13: 00000000004bfce6 R14: 00000000004d1a38 R15: 0000000000000004 [ 600.145126] x86/PAT: syz-executor.3:22645 freeing invalid memtype [mem 0x00002000-0x00002fff] 03:37:19 executing program 3 (fault-call:6 fault-nth:28): mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000200)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000003c0)='./file0\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffe000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) 03:37:19 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000100)='/dev/zero\x00', 0x101040, 0x0) r2 = syz_genetlink_get_family_id$nbd(&(0x7f00000001c0)='nbd\x00') sendmsg$NBD_CMD_CONNECT(r1, &(0x7f0000000280)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x70eb64b4d5ea4307}, 0xc, &(0x7f0000000240)={&(0x7f0000000200)={0x2c, r2, 0x20, 0x70bd2d, 0x25dfdbff, {}, [@NBD_ATTR_TIMEOUT={0xc, 0x4, 0x8}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x24}]}, 0x2c}}, 0x0) setsockopt$inet6_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000140)='cdg\x00', 0x4) r3 = openat$selinux_avc_cache_threshold(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/avc/cache_threshold\x00', 0x2, 0x0) bind$unix(r3, &(0x7f0000000040)=@abs={0x0, 0x0, 0x4e20}, 0x6e) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2, 0x5c831, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000c3e000/0xc000)=nil, 0xc000, 0x1000000000009) [ 600.307815] FAULT_INJECTION: forcing a failure. [ 600.307815] name failslab, interval 1, probability 0, space 0, times 0 [ 600.319189] protocol 88fb is buggy, dev hsr_slave_0 [ 600.319248] protocol 88fb is buggy, dev hsr_slave_1 [ 600.331313] CPU: 0 PID: 22677 Comm: syz-executor.3 Not tainted 4.14.138 #34 [ 600.338440] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 600.347803] Call Trace: [ 600.350418] dump_stack+0x138/0x19c [ 600.354053] should_fail.cold+0x10f/0x159 [ 600.358203] should_failslab+0xdb/0x130 [ 600.362174] kmem_cache_alloc+0x47/0x780 [ 600.362187] ? __lock_is_held+0xb6/0x140 [ 600.362198] ? check_preemption_disabled+0x3c/0x250 [ 600.362212] anon_vma_clone+0xde/0x470 [ 600.362227] anon_vma_fork+0x87/0x4d0 [ 600.362244] copy_process.part.0+0x45e2/0x6a00 [ 600.362278] ? __cleanup_sighand+0x50/0x50 [ 600.362288] ? lock_downgrade+0x6e0/0x6e0 [ 600.362303] _do_fork+0x19e/0xce0 [ 600.362317] ? fork_idle+0x280/0x280 [ 600.375427] ? fput+0xd4/0x150 [ 600.406325] ? SyS_write+0x15e/0x230 [ 600.410085] SyS_clone+0x37/0x50 [ 600.413477] ? sys_vfork+0x30/0x30 [ 600.417008] do_syscall_64+0x1e8/0x640 [ 600.420883] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 600.425720] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 600.431074] RIP: 0033:0x459829 [ 600.434244] RSP: 002b:00007f74f3dd6c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 600.441942] RAX: ffffffffffffffda RBX: 00007f74f3dd6c90 RCX: 0000000000459829 [ 600.449204] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 600.456454] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 600.463711] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f74f3dd76d4 [ 600.470972] R13: 00000000004bfce6 R14: 00000000004d1a38 R15: 0000000000000004 [ 600.493991] x86/PAT: syz-executor.3:22677 freeing invalid memtype [mem 0x00002000-0x00002fff] [ 600.550134] protocol 88fb is buggy, dev hsr_slave_0 [ 600.555266] protocol 88fb is buggy, dev hsr_slave_1 [ 600.560420] protocol 88fb is buggy, dev hsr_slave_0 [ 600.565463] protocol 88fb is buggy, dev hsr_slave_1 [ 601.030148] protocol 88fb is buggy, dev hsr_slave_0 [ 601.035265] protocol 88fb is buggy, dev hsr_slave_1 03:37:21 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x822102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg$netlink(0xffffffffffffffff, &(0x7f0000001dc0)={0x0, 0x0, &(0x7f00000000c0)=[{0x0, 0xfffffffffffffce2}, {0x0, 0x15e}, {0x0, 0x2c3}, {&(0x7f0000000000)=ANY=[@ANYBLOB="b803010000000020000000000000000000"], 0x9c}], 0x4}, 0x0) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x4) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, 0x0, 0x0, 0x0) 03:37:21 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca50d5e0bcfe47bf070") mkdir(&(0x7f0000000080)='./file0\x00', 0x0) r1 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000140)='/dev/sequencer\x00', 0xdf1229469fdc61ab, 0x0) bpf$OBJ_PIN_MAP(0x6, &(0x7f0000000180)={&(0x7f0000000100)='./file1\x00', r1}, 0x10) prctl$PR_GET_FPEMU(0x9, &(0x7f0000000280)) mkdir(&(0x7f0000000240)='./file1\x00', 0x20) mount$overlay(0x40000a, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="00707065726469723d2e2f66696c65302c6c6f7765726469723d2e2f66696c65302c776f726b6469723d2e2f66696c65ffffffff00000000b03aa7312c7436ccd95fcae3d280c8897aa3eb20fc50ac98bf7ebfa9e919dc8b15b72bbce418f6a2d78d78211a0a2398b5e36257f2f541ecd6e052f10f044e6569004270a2752c2255984585f3994f21c0af38b0dede19c909629ba77a79fee9d245d391bbf3c0da31d12a3781b6a43e066133bc74be2b92ede1de7337809f03c08642831cc4"]) 03:37:21 executing program 1: mkdir(&(0x7f0000000280)='./file0\x00', 0x101) r0 = request_key(&(0x7f0000000240)='id_resolver\x00', &(0x7f00000006c0)={'syz', 0x0}, &(0x7f0000000700)='\x00', 0xfffffffffffffff8) r1 = request_key(&(0x7f0000000740)='cifs.spnego\x00', &(0x7f0000000780)={'syz', 0x1}, &(0x7f00000007c0)='@security\\ppp0cgrouptrusted@em0security\x00', 0xfffffffffffffffb) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$fou(&(0x7f0000000a40)='fou\x00') getsockname$packet(0xffffffffffffffff, &(0x7f0000000b40)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000b80)=0x14) sendmsg$FOU_CMD_DEL(r2, &(0x7f0000000c80)={&(0x7f0000000a00)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000c40)={&(0x7f0000000bc0)={0x44, r3, 0x100, 0x70bd25, 0x25dfdbfc, {}, [@FOU_ATTR_IFINDEX={0x8, 0xb, r4}, @FOU_ATTR_PEER_PORT={0x8, 0xa, 0x4e24}, @FOU_ATTR_TYPE={0x8, 0x4, 0x869906b644d57b52}, @FOU_ATTR_IPPROTO={0x8, 0x3, 0x2}, @FOU_ATTR_PORT={0x8, 0x1, 0x4e20}, @FOU_ATTR_LOCAL_V4={0x8, 0x6, @rand_addr=0x10000}]}, 0x44}, 0x1, 0x0, 0x0, 0x1}, 0x4000) r5 = request_key(&(0x7f0000000800)='rxrpc_s\x00', &(0x7f0000000840)={'syz', 0x2}, &(0x7f0000000880)='wlan0[\x00', 0xfffffffffffffffa) keyctl$dh_compute(0x17, &(0x7f00000008c0)={r0, r1, r5}, &(0x7f0000000900)=""/36, 0x24, &(0x7f00000009c0)={&(0x7f0000000940)={'sha3-224-generic\x00'}, &(0x7f0000000980)="3386af5758fa34c62bcf", 0xa}) rt_sigpending(&(0x7f0000000180), 0x8) mount$overlay(0x400000, &(0x7f00000001c0)='./file0\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB=',lowerdir=.:file0,workdir=.']) r6 = open(&(0x7f0000000040)='./file0\x00', 0x80000, 0x0) r7 = openat(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x0, 0x0) getdents64(r7, 0x0, 0xfffffffffffffc9d) r8 = dup3(r6, r7, 0x0) r9 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_LINK_GET(r8, &(0x7f0000000200)={&(0x7f0000000000), 0xc, &(0x7f0000000100)={&(0x7f0000000300)={0x384, r9, 0x4, 0x70bd2a, 0x25dfdbfe, {}, [@TIPC_NLA_NET={0x6c, 0x7, [@TIPC_NLA_NET_ID={0x8, 0x1, 0x7}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x7}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0xffff}, @TIPC_NLA_NET_ID={0x8, 0x1, 0x3}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x34e}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0xffffffffffffffff}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0x6}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x2}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0x4dc}, @TIPC_NLA_NET_ID={0x8, 0x1, 0x2}]}, @TIPC_NLA_MEDIA={0x80, 0x5, [@TIPC_NLA_MEDIA_PROP={0x34, 0x2, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x5}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x5}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x6}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xf}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0xff}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x6}]}, @TIPC_NLA_MEDIA_PROP={0x3c, 0x2, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x6}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x4}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x7}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x3}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xffffffffffffffc1}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x400}]}, @TIPC_NLA_MEDIA_PROP={0xc, 0x2, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x80}]}]}, @TIPC_NLA_NODE={0x34, 0x6, [@TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x15}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x8}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x3}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x6d9c}]}, @TIPC_NLA_MON={0x2c, 0x9, [@TIPC_NLA_MON_REF={0x8, 0x2, 0x8}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x10001}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xb8d}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x100000000}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x7}]}, @TIPC_NLA_NODE={0x1c, 0x6, [@TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0xc000000000000}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0xfffffffffffff50d}, @TIPC_NLA_NODE_UP={0x4}]}, @TIPC_NLA_LINK={0x24, 0x4, [@TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz0\x00'}, @TIPC_NLA_LINK_NAME={0x14, 0x1, 'broadcast-link\x00'}]}, @TIPC_NLA_LINK={0x5c, 0x4, [@TIPC_NLA_LINK_PROP={0x34, 0x7, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x13}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x10000}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x800000000}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x3}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x101}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x3}]}, @TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz0\x00'}, @TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz0\x00'}]}, @TIPC_NLA_BEARER={0x188, 0x1, [@TIPC_NLA_BEARER_NAME={0x10, 0x1, @udp='udp:syz0\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x4e24, @remote}}, {0x20, 0x2, @in6={0xa, 0x4e22, 0x6, @rand_addr="f76db4a92b87e91a497ceaff57a13e92", 0x2}}}}, @TIPC_NLA_BEARER_NAME={0x10, 0x1, @udp='udp:syz2\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e24, 0x8, @ipv4={[], [], @local}, 0x100000001}}, {0x20, 0x2, @in6={0xa, 0x4e23, 0x100000001, @loopback, 0xffff}}}}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x4e20, @initdev={0xac, 0x1e, 0x0, 0x0}}}, {0x20, 0x2, @in6={0xa, 0x4e20, 0x8, @mcast2, 0x2}}}}, @TIPC_NLA_BEARER_PROP={0x2c, 0x2, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x7f}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x3}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x4}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x3f}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x80}]}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x4e22, @broadcast}}, {0x20, 0x2, @in6={0xa, 0x4e23, 0x401, @initdev={0xfe, 0x88, [], 0x1, 0x0}, 0x5}}}}, @TIPC_NLA_BEARER_NAME={0x10, 0x1, @l2={'eth', 0x3a, 'bridge0\x00'}}, @TIPC_NLA_BEARER_PROP={0x3c, 0x2, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0xfffffffffffffffe}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xbeb}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x80000001}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x3}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x4}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x4}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x2}]}]}]}, 0x384}, 0x1, 0x0, 0x0, 0x1}, 0x4000) ioctl$KDADDIO(r7, 0x4b34, 0x3) 03:37:21 executing program 5: syz_open_dev$sndtimer(&(0x7f0000000100)='/dev/snd/timer\x00', 0x0, 0xc2) r0 = memfd_create(&(0x7f0000000040)='\x00\xac=\x9d\xd2\xdb\xe6\xbf\xb4\b\xedcJ\x8e\x84\xd4N\x12\x9b\x1f\t\xbd\x11+\x86T\x16\xa3\xb3\xae0\x9f9?\xefo\xa4k\x012>\xa1\x9c\x86x\x1c\x9f\x84\x195\xde\x97_\t~\xf3Y\x12\"p^\xc1\x0f', 0x0) pipe2(&(0x7f00000001c0)={0xffffffffffffffff}, 0x80000) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000240)='TIPCv2\x00') sendmsg$TIPC_NL_PUBL_GET(r1, &(0x7f00000004c0)={&(0x7f0000000200), 0xc, &(0x7f0000000400)={&(0x7f0000000700)=ANY=[@ANYBLOB="f800b900ee6059aa5bf14ff6a69df6cf78598587885cc2979be4d33804ce45cf25a023e9d85b90b16d1c4f676e9d8d20b58f8357894ddc76b8621dbea8fcf60e000000000000beb107743e7f8356bb1b4c0de66bec6f53d13682abef3e61e52e81ef49b7430113f3811d3f04cf033549732f89d78a64aad3db174f0fa25aae831eb197865d", @ANYRES16=r2, @ANYBLOB="00012abd7000fedbdf25070000002400020008000100a400000008000100800000000800010000000000080001000600000068000100080003000000000008000300ff000000380004001400010002004e20e00000020000000000000000200002000a00000000000005ff010000000000000000000000000001060000000c00020008000300f7e50000100001007564703a73797a3100000000140009000800010002000000080002005f03000020000200080002003200000004000400080001000500000008000100fdffffff24000900080001000400000008000200348bffff08000100020000000800010000000100d38e0166af14aef0fed3fe37ccb98b8e1d618758710bcc343515620b7485b2e5d34afd97798864139f9bd4a82584dd5fa513b207b6aed55e6fa9e1a400b4c5cfda809f61fa901ac4e4a13376e03f6d591f4663839b5b00066e99"], 0x3}, 0x1, 0x0, 0x0, 0x40000}, 0x20004010) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='Cpuacct.stE\xae\x00', 0x275a, 0x0) r3 = creat(&(0x7f0000000080)='./bus\x00', 0x0) fallocate(r3, 0x0, 0x0, 0x1) read$eventfd(r3, &(0x7f00000003c0), 0x8) fallocate(r0, 0xe, 0x6, 0xffffffffffff5a11) r4 = creat(&(0x7f0000000280)='./bus\x00', 0x80) r5 = socket$inet6(0xa, 0x400000000001, 0x0) r6 = fcntl$getown(r4, 0x9) capget(&(0x7f00000000c0)={0x20080522, r6}, &(0x7f0000000140)={0x1, 0x8000, 0x81, 0x40, 0xfffffffff0520d4f, 0x5}) r7 = dup(r5) ioctl$FICLONE(0xffffffffffffffff, 0x40049409, r5) setsockopt$inet6_tcp_int(r7, 0x6, 0x12, &(0x7f0000000000)=0x7f, 0x4) bind$inet6(r5, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r5, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$SO_BINDTODEVICE(r5, 0x1, 0x19, &(0x7f0000000180)='syz_tun\x00', 0x10) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x400}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r8 = open(&(0x7f0000000440)='./bus\x00', 0x141042, 0x0) ftruncate(r4, 0x800fe) sendfile(r7, r8, 0x0, 0x8000fffffffe) 03:37:21 executing program 0: r0 = socket$inet_smc(0x2b, 0x1, 0x0) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = dup3(r1, r0, 0x0) ioctl$TCSETA(r2, 0x5406, &(0x7f0000000000)={0x3f, 0xc00000000000000, 0x10001, 0x20000000000, 0xf, 0x131e, 0x40, 0xfff, 0x6, 0xf2}) getsockopt$inet_sctp_SCTP_LOCAL_AUTH_CHUNKS(0xffffffffffffffff, 0x84, 0x1b, &(0x7f0000000100)=ANY=[@ANYRES32=0x0], 0x0) 03:37:21 executing program 3 (fault-call:6 fault-nth:29): mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000200)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000003c0)='./file0\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffe000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) 03:37:21 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000300)='/dev/ptmx\x00', 0x8000000000000802, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000003c0)=0xd) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x83, 0x0, 0x0, 0x0, 0x100000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) write(r0, &(0x7f0000000040)="e0", 0xfffffe00) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)=0x1b) [ 602.944658] FAULT_INJECTION: forcing a failure. [ 602.944658] name failslab, interval 1, probability 0, space 0, times 0 [ 602.949218] overlayfs: option "workdir=." is useless in a non-upper mount, ignore [ 602.969668] overlayfs: missing 'lowerdir' [ 603.009540] CPU: 0 PID: 22692 Comm: syz-executor.3 Not tainted 4.14.138 #34 [ 603.016685] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 603.026038] Call Trace: [ 603.028631] dump_stack+0x138/0x19c [ 603.032265] should_fail.cold+0x10f/0x159 [ 603.036416] should_failslab+0xdb/0x130 [ 603.040397] kmem_cache_alloc+0x47/0x780 [ 603.044462] ? anon_vma_chain_link+0x142/0x1a0 [ 603.049137] anon_vma_clone+0xde/0x470 [ 603.053030] anon_vma_fork+0x87/0x4d0 [ 603.056834] copy_process.part.0+0x45e2/0x6a00 [ 603.061447] ? __cleanup_sighand+0x50/0x50 [ 603.065679] ? lock_downgrade+0x6e0/0x6e0 [ 603.069831] _do_fork+0x19e/0xce0 [ 603.073287] ? fork_idle+0x280/0x280 [ 603.077003] ? fput+0xd4/0x150 [ 603.080196] ? SyS_write+0x15e/0x230 [ 603.083915] SyS_clone+0x37/0x50 [ 603.086211] overlayfs: option "workdir=." is useless in a non-upper mount, ignore [ 603.087284] ? sys_vfork+0x30/0x30 [ 603.098464] do_syscall_64+0x1e8/0x640 [ 603.102357] ? trace_hardirqs_off_thunk+0x1a/0x1c 03:37:22 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000180)='/dev/binder#\x00', 0x0, 0x0) r1 = fcntl$dupfd(r0, 0x406, r0) r2 = memfd_create(&(0x7f0000000100)='-B\xd5NI\xc5j\xbappp\xf0\b\x84\xa2m\x00:)\x00\xbb\x8d\xac\xacva}knh#\xcb)\x0f\xc8\xc0:\x9cc\x10d\xee\xa9\x8bCc\xad\x89\x9ck\xde\xc5\xe96\xddU\xa9=\xcdJx\xaa\x8f~\xb90a\xa9\xb2\x04K\x98\x93?\x88Q\xf7\xd6\x1d\xa1\xce\x8b\x19\xea\xef\xe3\xab\xb6\xa5$4\xd6\xfe7\x0f\xe7\xd9$\xce \xabN\xae\xc9\xbd\xd3g@\xe1\'s\x0e\x90\xf2\xcdr\xb8(', 0x0) write$binfmt_misc(r2, &(0x7f0000000280)=ANY=[@ANYRESHEX], 0x12) lsetxattr$security_selinux(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='security.selinux\x00', &(0x7f00000000c0)='system_u:object_r:tmp_t:s0\x00', 0x1b, 0x3) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x11, r2, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc018620b, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) prctl$PR_GET_PDEATHSIG(0x2, &(0x7f0000000000)) 03:37:22 executing program 0: r0 = syz_open_dev$swradio(&(0x7f0000000040)='/dev/swradio#\x00', 0x0, 0x2) ioctl$VIDIOC_ENUM_FREQ_BANDS(r0, 0xc0405665, &(0x7f0000000080)={0x8, 0x5}) ioctl$sock_inet6_udp_SIOCINQ(r0, 0x541b, &(0x7f00000000c0)) ioctl$UI_SET_PHYS(r0, 0x4008556c, &(0x7f0000000000)='syz1\x00') 03:37:22 executing program 1: r0 = mq_open(&(0x7f0000000100)='trusted.syz\x00', 0x0, 0x0, &(0x7f0000000240)={0x8, 0x1000000000000000, 0x0, 0x80000000, 0x8}) ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0xc0c0583b, 0x0) ioctl$EXT4_IOC_MOVE_EXT(0xffffffffffffffff, 0xc028660f, 0x0) syz_open_dev$dri(0x0, 0x0, 0x1fffff) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x800, 0x0) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000b40)={0x7, 0x1, 0x2, 'queue1\x00', 0x4}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, 0x0) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(0xffffffffffffffff, 0x84, 0x70, &(0x7f0000000400)={0x0, @in={{0x2, 0x4e23, @multicast1}}, [0x0, 0x0, 0x0, 0x5, 0x0, 0x3, 0x1, 0x0, 0x0, 0x8, 0x0, 0x2, 0x2, 0x0, 0x7ff]}, &(0x7f0000000500)=0x100) getrandom(&(0x7f00000005c0)=""/198, 0xfffffffffffffeb0, 0x3) lgetxattr(0x0, 0x0, 0x0, 0x0) getsockopt$inet_IP_IPSEC_POLICY(r2, 0x0, 0x10, &(0x7f0000000a40)={{{@in6=@mcast2, @in=@dev}}, {{@in6=@mcast2}, 0x0, @in=@loopback}}, &(0x7f0000000540)=0xe8) ustat(0x3f, &(0x7f0000000040)) clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$DRM_IOCTL_GET_SAREA_CTX(0xffffffffffffffff, 0xc010641d, &(0x7f0000000200)={0x0, &(0x7f0000000740)=""/197}) openat$selinux_commit_pending_bools(0xffffffffffffff9c, &(0x7f00000003c0)='/selinux/commit_pending_bools\x00', 0x1, 0x0) msync(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0xffffffffffbffef9) ioctl$sock_inet6_tcp_SIOCATMARK(0xffffffffffffffff, 0x8905, &(0x7f0000000080)) ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60) ioctl$sock_inet_SIOCSIFBRDADDR(r2, 0x891a, &(0x7f0000000140)={'bond_slave_1\x00', {0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x25}}}) io_setup(0x7b, &(0x7f0000000280)=0x0) mq_timedsend(r0, &(0x7f0000000940)="a4eaebd77aa3eb4dc1f8e6d3b2dd0ab4c2226549de434a1837ec2ef8fd579516568f0fd8818575c4dd87e5f7a72cee1a691bcb9e4ac1bc040cf0800c72474f2c857f52a83116cf1415d8f01b57a38bc92f74fdcb8f7ca175feeed3a073629151d66f2d383df7643b4095ff042a819a1b1d0d208be2bc6c231916c6f205dc7beb7132bcf881badce940c25ae023d5cfa35032bab0f887be226457322b1e2827144f5e8accb493d337779790de7a", 0xad, 0x7f, &(0x7f0000000380)={0x77359400}) io_cancel(r3, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x5, 0x2, r2, &(0x7f00000002c0), 0x0, 0x7f, 0x0, 0x1}, &(0x7f0000000340)) ioctl$sock_x25_SIOCADDRT(r0, 0x890b, &(0x7f0000000840)={@remote={[], 0x1}, 0x6, 'bond_slave_0\x00'}) fallocate(0xffffffffffffffff, 0x0, 0x2000000, 0x3) 03:37:22 executing program 5: syz_open_dev$sndtimer(&(0x7f0000000100)='/dev/snd/timer\x00', 0x0, 0xc2) r0 = memfd_create(&(0x7f0000000040)='\x00\xac=\x9d\xd2\xdb\xe6\xbf\xb4\b\xedcJ\x8e\x84\xd4N\x12\x9b\x1f\t\xbd\x11+\x86T\x16\xa3\xb3\xae0\x9f9?\xefo\xa4k\x012>\xa1\x9c\x86x\x1c\x9f\x84\x195\xde\x97_\t~\xf3Y\x12\"p^\xc1\x0f', 0x0) pipe2(&(0x7f00000001c0)={0xffffffffffffffff}, 0x80000) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000240)='TIPCv2\x00') sendmsg$TIPC_NL_PUBL_GET(r1, &(0x7f00000004c0)={&(0x7f0000000200), 0xc, &(0x7f0000000400)={&(0x7f0000000700)=ANY=[@ANYBLOB="f800b900ee6059aa5bf14ff6a69df6cf78598587885cc2979be4d33804ce45cf25a023e9d85b90b16d1c4f676e9d8d20b58f8357894ddc76b8621dbea8fcf60e000000000000beb107743e7f8356bb1b4c0de66bec6f53d13682abef3e61e52e81ef49b7430113f3811d3f04cf033549732f89d78a64aad3db174f0fa25aae831eb197865d", @ANYRES16=r2, @ANYBLOB="00012abd7000fedbdf25070000002400020008000100a400000008000100800000000800010000000000080001000600000068000100080003000000000008000300ff000000380004001400010002004e20e00000020000000000000000200002000a00000000000005ff010000000000000000000000000001060000000c00020008000300f7e50000100001007564703a73797a3100000000140009000800010002000000080002005f03000020000200080002003200000004000400080001000500000008000100fdffffff24000900080001000400000008000200348bffff08000100020000000800010000000100d38e0166af14aef0fed3fe37ccb98b8e1d618758710bcc343515620b7485b2e5d34afd97798864139f9bd4a82584dd5fa513b207b6aed55e6fa9e1a400b4c5cfda809f61fa901ac4e4a13376e03f6d591f4663839b5b00066e998a"], 0x3}, 0x1, 0x0, 0x0, 0x40000}, 0x20004010) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='Cpuacct.stE\xae\x00', 0x275a, 0x0) r3 = creat(&(0x7f0000000080)='./bus\x00', 0x0) fallocate(r3, 0x0, 0x0, 0x1) read$eventfd(r3, &(0x7f00000003c0), 0x8) fallocate(r0, 0xe, 0x6, 0xffffffffffff5a11) r4 = creat(&(0x7f0000000280)='./bus\x00', 0x80) r5 = socket$inet6(0xa, 0x400000000001, 0x0) r6 = fcntl$getown(r4, 0x9) capget(&(0x7f00000000c0)={0x20080522, r6}, &(0x7f0000000140)={0x1, 0x8000, 0x81, 0x40, 0xfffffffff0520d4f, 0x5}) r7 = dup(r5) ioctl$FICLONE(0xffffffffffffffff, 0x40049409, r5) setsockopt$inet6_tcp_int(r7, 0x6, 0x12, &(0x7f0000000000)=0x7f, 0x4) bind$inet6(r5, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r5, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$SO_BINDTODEVICE(r5, 0x1, 0x19, &(0x7f0000000180)='syz_tun\x00', 0x10) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x400}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r8 = open(&(0x7f0000000440)='./bus\x00', 0x141042, 0x0) ftruncate(r4, 0x800fe) sendfile(r7, r8, 0x0, 0x8000fffffffe) [ 603.107208] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 603.112401] RIP: 0033:0x459829 [ 603.115590] RSP: 002b:00007f74f3dd6c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 603.123308] RAX: ffffffffffffffda RBX: 00007f74f3dd6c90 RCX: 0000000000459829 [ 603.130673] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 603.137943] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 603.145213] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f74f3dd76d4 [ 603.152481] R13: 00000000004bfce6 R14: 00000000004d1a38 R15: 0000000000000004 03:37:22 executing program 3 (fault-call:6 fault-nth:30): mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000200)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000003c0)='./file0\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffe000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) [ 603.212120] x86/PAT: syz-executor.3:22710 freeing invalid memtype [mem 0x00002000-0x00002fff] [ 603.313042] FAULT_INJECTION: forcing a failure. [ 603.313042] name failslab, interval 1, probability 0, space 0, times 0 [ 603.325604] CPU: 1 PID: 22722 Comm: syz-executor.3 Not tainted 4.14.138 #34 [ 603.332718] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 603.342068] Call Trace: [ 603.344760] dump_stack+0x138/0x19c [ 603.348396] should_fail.cold+0x10f/0x159 [ 603.352545] ? anon_vma_clone+0xde/0x470 [ 603.356612] should_failslab+0xdb/0x130 [ 603.360593] kmem_cache_alloc+0x47/0x780 [ 603.364659] ? anon_vma_chain_link+0x142/0x1a0 [ 603.369244] anon_vma_clone+0xde/0x470 [ 603.373138] anon_vma_fork+0x87/0x4d0 [ 603.376942] copy_process.part.0+0x45e2/0x6a00 [ 603.381547] ? __cleanup_sighand+0x50/0x50 [ 603.385781] ? lock_downgrade+0x6e0/0x6e0 [ 603.389936] _do_fork+0x19e/0xce0 [ 603.393400] ? fork_idle+0x280/0x280 [ 603.397118] ? fput+0xd4/0x150 [ 603.400307] ? SyS_write+0x15e/0x230 [ 603.400322] SyS_clone+0x37/0x50 [ 603.400331] ? sys_vfork+0x30/0x30 [ 603.400345] do_syscall_64+0x1e8/0x640 [ 603.400353] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 603.400374] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 603.424833] RIP: 0033:0x459829 [ 603.428025] RSP: 002b:00007f74f3dd6c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 603.435726] RAX: ffffffffffffffda RBX: 00007f74f3dd6c90 RCX: 0000000000459829 [ 603.442975] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 603.450224] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 603.457473] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f74f3dd76d4 [ 603.464722] R13: 00000000004bfce6 R14: 00000000004d1a38 R15: 0000000000000004 [ 603.478716] x86/PAT: syz-executor.3:22722 freeing invalid memtype [mem 0x00002000-0x00002fff] [ 605.190112] net_ratelimit: 22 callbacks suppressed [ 605.195079] protocol 88fb is buggy, dev hsr_slave_0 [ 605.200146] protocol 88fb is buggy, dev hsr_slave_1 [ 605.205238] protocol 88fb is buggy, dev hsr_slave_0 [ 605.210318] protocol 88fb is buggy, dev hsr_slave_1 03:37:24 executing program 0: r0 = socket$unix(0x1, 0x801, 0x0) r1 = socket$unix(0x1, 0x1, 0x0) bind$unix(r1, &(0x7f0000003000)=@abs={0x1}, 0x8) r2 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vga_arbiter\x00', 0x2, 0x0) getsockopt$inet_pktinfo(r2, 0x0, 0x8, &(0x7f0000000040)={0x0, @multicast2, @initdev}, &(0x7f0000000080)=0xc) listen(r1, 0x0) accept4(r1, 0x0, 0x0, 0x0) r3 = gettid() timer_create(0x0, &(0x7f00000000c0)={0x0, 0x12}, &(0x7f00009b1ffc)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) tkill(r3, 0x1000000000016) connect(r0, &(0x7f0000985ff8)=@un=@abs={0x1}, 0x8) 03:37:24 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca50d5e0bcfe47bf070") mkdir(&(0x7f00000001c0)='./file0\x00', 0x0) syz_mount_image$minix(&(0x7f0000000080)='minix\x00', &(0x7f0000000140)='./file0\x00', 0x6367, 0x6, &(0x7f0000000540)=[{&(0x7f0000000180), 0x0, 0x2}, {&(0x7f0000000200)="ec63d02f44f880c27ddfe4a2ebfaf10f9072cf4ae0423829fbbbcf0dfb7cb4e8c889905f186a7f00ac276344b7bdfb8b6801412eccf2c805e404a2d7ca10e978d6cf828864dfa51c9747958c0d9504", 0x4f, 0x114}, {&(0x7f0000000280)="7b8b5e464c0b1fd8d64fd0a7bff18f7c1caac6adf74cdde764e170c8d3deec784a15efd8f33fe631cb08517a40d77ef03eb3929d7ea29892f7e5611d48a55dacc9999825e8f76d6db3ada5cfa8e11991c85c7538aba4d04b1ffb8cd8944a02f7ee3e6146cd02ff0456ec4865", 0x6c, 0xff}, {&(0x7f0000000300)="3ec34dd1011a30f33b682db8bf06fc28741a13033d06b0eb20c0c22d9cda5ee77febc348d9e2969add194fdf9f396a601ea3c1663b1250334d7f3ef3eac4a35dabae3a7a8fb749386d5efef394105d9d2c498a2e1f4526986bc8e146a838655a9dfedb9dd2a85acb3b8de11ad8dee26644b41c5522042b871969f69a48df7f3ca6cd5411f1613cf8afb0e92d2fc43c8722f253495a", 0x95, 0x7ffc}, {&(0x7f00000003c0)="7e37940ea3292f72a2c40f45a6256a9817482e94fda0ee877dc80555d52ba704af24ff276de0def361f18913d76876ffd6948dd3e4bc426f3ab562fb2f0399675999e29ad6023d142dd4b2e1ea1c25715c82ae65e804ef743cc47cf5d810a71a5fbdf2c5311d19902d78bc7d8fcfe393cedf73ea50e4c2acb801ef3e90798dcae168805a7cef78da48a992a1a700495b675008be4e3a15520f9c44e2cd8117dd989f43c426c155d350125c861ef50e069d779c7d94c9dde3aa321b35c974e0657fe1e9861df2463c95131c5cf15ef99d583b45278dd791e9d3012db1804b67bb4876b16ebba1986d59cf99b76c5a", 0xee, 0x7}, {&(0x7f00000004c0)="365abdbb2c90cdd01abf2e96b26423933af19e650d85cd16b2b94dd646c0256ebb93af734feb738a5ee365247f4a6fc3c993b78d61cda72ca03b917c86f481b0d1", 0x41, 0x7}], 0x381004, 0x0) mkdir(&(0x7f0000000040)='./file1\x00', 0x0) mount$overlay(0x40000a, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='overlay\x00', 0x0, &(0x7f0000000100)={[{@upperdir={'upperdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './file1'}, 0x5c}], [], 0xf603000000000000}) 03:37:24 executing program 5: syz_open_dev$sndtimer(&(0x7f0000000100)='/dev/snd/timer\x00', 0x0, 0xc2) r0 = memfd_create(&(0x7f0000000040)='\x00\xac=\x9d\xd2\xdb\xe6\xbf\xb4\b\xedcJ\x8e\x84\xd4N\x12\x9b\x1f\t\xbd\x11+\x86T\x16\xa3\xb3\xae0\x9f9?\xefo\xa4k\x012>\xa1\x9c\x86x\x1c\x9f\x84\x195\xde\x97_\t~\xf3Y\x12\"p^\xc1\x0f', 0x0) pipe2(&(0x7f00000001c0)={0xffffffffffffffff}, 0x80000) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000240)='TIPCv2\x00') sendmsg$TIPC_NL_PUBL_GET(r1, &(0x7f00000004c0)={&(0x7f0000000200), 0xc, &(0x7f0000000400)={&(0x7f0000000700)=ANY=[@ANYBLOB="f800b900ee6059aa5bf14ff6a69df6cf78598587885cc2979be4d33804ce45cf25a023e9d85b90b16d1c4f676e9d8d20b58f8357894ddc76b8621dbea8fcf60e000000000000beb107743e7f8356bb1b4c0de66bec6f53d13682abef3e61e52e81ef49b7430113f3811d3f04cf033549732f89d78a64aad3db174f0fa25aae831eb197865d", @ANYRES16=r2, @ANYBLOB="00012abd7000fedbdf25070000002400020008000100a400000008000100800000000800010000000000080001000600000068000100080003000000000008000300ff000000380004001400010002004e20e00000020000000000000000200002000a00000000000005ff010000000000000000000000000001060000000c00020008000300f7e50000100001007564703a73797a3100000000140009000800010002000000080002005f03000020000200080002003200000004000400080001000500000008000100fdffffff24000900080001000400000008000200348bffff08000100020000000800010000000100d38e0166af14aef0fed3fe37ccb98b8e1d618758710bcc343515620b7485b2e5d34afd97798864139f9bd4a82584dd5fa513b207b6aed55e6fa9e1a400b4c5cfda809f61fa901ac4e4a13376e03f6d591f4663839b5b00066e998a"], 0x3}, 0x1, 0x0, 0x0, 0x40000}, 0x20004010) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='Cpuacct.stE\xae\x00', 0x275a, 0x0) r3 = creat(&(0x7f0000000080)='./bus\x00', 0x0) fallocate(r3, 0x0, 0x0, 0x1) read$eventfd(r3, &(0x7f00000003c0), 0x8) fallocate(r0, 0xe, 0x6, 0xffffffffffff5a11) r4 = creat(&(0x7f0000000280)='./bus\x00', 0x80) r5 = socket$inet6(0xa, 0x400000000001, 0x0) r6 = fcntl$getown(r4, 0x9) capget(&(0x7f00000000c0)={0x20080522, r6}, &(0x7f0000000140)={0x1, 0x8000, 0x81, 0x40, 0xfffffffff0520d4f, 0x5}) r7 = dup(r5) ioctl$FICLONE(0xffffffffffffffff, 0x40049409, r5) setsockopt$inet6_tcp_int(r7, 0x6, 0x12, &(0x7f0000000000)=0x7f, 0x4) bind$inet6(r5, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r5, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$SO_BINDTODEVICE(r5, 0x1, 0x19, &(0x7f0000000180)='syz_tun\x00', 0x10) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x400}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r8 = open(&(0x7f0000000440)='./bus\x00', 0x141042, 0x0) ftruncate(r4, 0x800fe) sendfile(r7, r8, 0x0, 0x8000fffffffe) 03:37:24 executing program 3 (fault-call:6 fault-nth:31): mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000200)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000003c0)='./file0\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffe000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) 03:37:24 executing program 1: ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, &(0x7f0000000300)) setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x1b, 0x0, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x20000080}, 0xc, 0x0, 0x1, 0x0, 0x0, 0xc000}, 0x0) r0 = syz_open_procfs(0x0, 0x0) ioctl$DRM_IOCTL_GET_CAP(r0, 0xc010640c, &(0x7f0000000080)={0xf75, 0xffff}) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @local}}}, 0x1b, 0x0}}], 0x1, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) request_key(&(0x7f0000000000)='user\x00', &(0x7f0000000040)={'syz'}, &(0x7f0000000080), 0xfffffffffffffffd) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) sendto$inet(r1, 0x0, 0x0, 0x0, 0x0, 0xb2) r2 = syz_open_procfs(0x0, &(0x7f0000000540)='net/snmp\x00') r3 = openat$rtc(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$RTC_SET_TIME(r3, 0x4024700a, 0x0) preadv(r2, &(0x7f00000017c0), 0x199, 0x0) sendto(0xffffffffffffffff, &(0x7f0000000240), 0x0, 0x0, &(0x7f0000000340)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x4, 0x0, 0x0, 0x3, {0xa, 0x0, 0x0, @ipv4={[], [], @multicast2}}}}, 0x80) getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x1f, 0x0, &(0x7f00000001c0)) getsockopt$IP_VS_SO_GET_VERSION(0xffffffffffffffff, 0x0, 0x480, 0x0, 0x0) 03:37:24 executing program 4 (fault-call:9 fault-nth:0): prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x822102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg$netlink(0xffffffffffffffff, &(0x7f0000001dc0)={0x0, 0x0, &(0x7f00000000c0)=[{0x0, 0xfffffffffffffce2}, {0x0, 0x15e}, {0x0, 0x2c3}, {&(0x7f0000000000)=ANY=[@ANYBLOB="b803010000000020000000000000000000"], 0x9c}], 0x4}, 0x0) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x4) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 03:37:25 executing program 1: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r1, 0x29, 0x1b, &(0x7f00000001c0)={@dev}, 0x20) close(r0) r2 = openat$selinux_checkreqprot(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/checkreqprot\x00', 0x200000, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'vcan0\x00', 0x0}) bind$can_raw(r2, &(0x7f0000000080)={0x1d, r3}, 0x10) [ 606.005488] FAULT_INJECTION: forcing a failure. [ 606.005488] name failslab, interval 1, probability 0, space 0, times 0 [ 606.044424] CPU: 1 PID: 22740 Comm: syz-executor.3 Not tainted 4.14.138 #34 [ 606.051558] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 606.060907] Call Trace: [ 606.060929] dump_stack+0x138/0x19c [ 606.060948] should_fail.cold+0x10f/0x159 [ 606.060967] should_failslab+0xdb/0x130 [ 606.060981] kmem_cache_alloc+0x2d7/0x780 [ 606.060994] ? anon_vma_clone+0x310/0x470 [ 606.061016] anon_vma_fork+0xe9/0x4d0 [ 606.061037] copy_process.part.0+0x45e2/0x6a00 [ 606.061076] ? __cleanup_sighand+0x50/0x50 [ 606.061091] ? lock_downgrade+0x6e0/0x6e0 [ 606.061111] _do_fork+0x19e/0xce0 [ 606.061128] ? fork_idle+0x280/0x280 [ 606.107552] ? fput+0xd4/0x150 [ 606.110751] ? SyS_write+0x15e/0x230 [ 606.114474] SyS_clone+0x37/0x50 [ 606.117841] ? sys_vfork+0x30/0x30 [ 606.121395] do_syscall_64+0x1e8/0x640 [ 606.125283] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 606.130132] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 606.135329] RIP: 0033:0x459829 [ 606.138516] RSP: 002b:00007f74f3dd6c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 606.146227] RAX: ffffffffffffffda RBX: 00007f74f3dd6c90 RCX: 0000000000459829 03:37:25 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca50d5e0bcfe47bf070") mkdir(&(0x7f00000001c0)='./file0\x00', 0x0) mkdir(&(0x7f0000000040)='./file1\x00', 0x0) mount$overlay(0x40000a, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='overlay\x00', 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="75707065726469723d2e2f66696c65302c6c6f7765726469723d2e2f66696c65302c772e726b6469723d2e66e5696c65315c00"]) [ 606.153496] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 606.160760] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 606.168027] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f74f3dd76d4 [ 606.175292] R13: 00000000004bfce6 R14: 00000000004d1a38 R15: 0000000000000004 [ 606.182758] protocol 88fb is buggy, dev hsr_slave_0 [ 606.187833] protocol 88fb is buggy, dev hsr_slave_1 03:37:25 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$binder(0x0, 0x0, 0x4) mprotect(&(0x7f0000001000/0x4000)=nil, 0x4000, 0x5) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) delete_module(&(0x7f00000001c0)='.\x00', 0xa00) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = creat(&(0x7f0000000340)='./file0\x00', 0x0) mkdir(&(0x7f0000000000)='./file1\x00', 0x0) write$binfmt_elf64(r4, &(0x7f0000000080)=ANY=[], 0xffdbc494) flock(r0, 0x6) getsockname$tipc(r4, &(0x7f00000005c0)=@name, &(0x7f0000000600)=0x10) clone(0xc6230000, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$VIDIOC_G_FMT(r4, 0xc0d05604, &(0x7f00000004c0)={0xa, @raw_data="94fe92fd3d99ccb2bfbc6216093161693a617d483c0d69023fa93d2c9918450cb031d14bb072b820dab92caaad776b2173e022a7db9927fb71077baf9a2bee486f6d8172aaa203a96add82cfe233ff0c7a83a56e88072050472f6e865dffe8b118e2ca506ec60e2907c59254e1f10faa79ce11b7daa64c8b0d372a95da77cdefecd56ccb30e3613d1f1a4b8d65fc0af96ee4a48eb04d042684c3338292304685915d8c362587e46503e80958c04d417d30fb263c7b97222978d78b24b78d6e8a3a73d4ab511c0397"}) rename(&(0x7f0000000080)='./file1\x00', &(0x7f0000000180)='./file1/file0\x00') r5 = msgget$private(0x0, 0x203) msgctl$IPC_RMID(r5, 0x0) removexattr(&(0x7f0000000200)='./file1\x00', &(0x7f0000000240)=@random={'btrfs.', '.\x00'}) getsockopt$packet_buf(r4, 0x107, 0x1, &(0x7f00000000c0)=""/61, &(0x7f0000000100)=0x3d) setsockopt$sock_timeval(r2, 0x1, 0x42, &(0x7f0000000300)={0x0, 0x7530}, 0x10) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) syz_open_dev$binder(&(0x7f0000000640)='/dev/binder#\x00', 0x0, 0x0) ioctl$VIDIOC_G_AUDOUT(r4, 0x80345631, &(0x7f0000000680)) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x124, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="006340400000000000000000000000000000ebb502b64369ff"], 0xfffffe25, 0x0, 0x0}) ioctl$EXT4_IOC_SWAP_BOOT(r3, 0x6611) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000002c0)) ioctl$KDSKBMODE(r4, 0x4b45, &(0x7f0000000280)=0x9) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0x4, 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="9142a60c9a35f24217ef3e054c74cdbff6e28081875cd6dc4911d9726be26f47809cf4f54bfe5ffe8a3afd27658e812ac3f91d4bcbac0ee9a62e05a98c331c2a8f6027fa64847886f012c7c479d22edc31e1e129bc157d074421b0ad7541cc483156e8a6364a44820d8b1e4a10074e5e63cf9ad1c47810b25532a2d3d3dd9b5f28aeab6df1f32949e1d8e3d9446c846d"], 0x1, 0x0, &(0x7f0000000200)="86"}) 03:37:25 executing program 3 (fault-call:6 fault-nth:32): mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000200)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000003c0)='./file0\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffe000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) 03:37:25 executing program 1: pipe(&(0x7f0000002600)) madvise(&(0x7f000012b000/0x3000)=nil, 0x3000, 0x800000008) openat$rtc(0xffffffffffffff9c, &(0x7f0000000000)='/dev/rtc0\x00', 0x10000, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) madvise(&(0x7f00000a2000/0x600000)=nil, 0x600000, 0x8) [ 606.206706] x86/PAT: syz-executor.3:22740 freeing invalid memtype [mem 0x00002000-0x00002fff] 03:37:25 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) accept(0xffffffffffffffff, 0x0, &(0x7f0000000000)) mkdir(&(0x7f00000005c0)='./file0\x00', 0x0) mkdir(&(0x7f0000000700)='./file1\x00', 0x0) creat(&(0x7f0000000040)='./file1/file0\x00', 0xfffffffffffffffc) mount$overlay(0x400000, &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)='overlay\x00', 0x0, &(0x7f0000000d40)=ANY=[@ANYBLOB="757002921650000000000066696c659160ac2d776f726b646966696c6514000000ef"]) chdir(&(0x7f0000000180)='./file0\x00') setxattr$system_posix_acl(&(0x7f0000000000)='./file0\x00', &(0x7f00000001c0)='system.posix_acl_access\x00', &(0x7f0000000200), 0x24, 0x0) setsockopt$packet_int(0xffffffffffffffff, 0x107, 0x0, 0x0, 0x0) setsockopt$inet6_group_source_req(0xffffffffffffffff, 0x29, 0x2b, 0x0, 0x0) r0 = socket(0x10, 0x3, 0x0) write(r0, &(0x7f00000000c0)="260000001300abf1eb14c1f8000322ff001000e313000000090000680000000006000300124b", 0x26) connect$inet6(0xffffffffffffffff, &(0x7f0000000080), 0x1c) r1 = request_key(0x0, &(0x7f00000001c0)={'syz'}, &(0x7f0000000200)='GPLem0^eth1\x00', 0xfffffffffffffffc) keyctl$read(0xb, r1, &(0x7f0000000240)=""/4096, 0x1000) 03:37:25 executing program 5: syz_open_dev$sndtimer(&(0x7f0000000100)='/dev/snd/timer\x00', 0x0, 0xc2) r0 = memfd_create(&(0x7f0000000040)='\x00\xac=\x9d\xd2\xdb\xe6\xbf\xb4\b\xedcJ\x8e\x84\xd4N\x12\x9b\x1f\t\xbd\x11+\x86T\x16\xa3\xb3\xae0\x9f9?\xefo\xa4k\x012>\xa1\x9c\x86x\x1c\x9f\x84\x195\xde\x97_\t~\xf3Y\x12\"p^\xc1\x0f', 0x0) pipe2(&(0x7f00000001c0)={0xffffffffffffffff}, 0x80000) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000240)='TIPCv2\x00') sendmsg$TIPC_NL_PUBL_GET(r1, &(0x7f00000004c0)={&(0x7f0000000200), 0xc, &(0x7f0000000400)={&(0x7f0000000700)=ANY=[@ANYBLOB="f800b900ee6059aa5bf14ff6a69df6cf78598587885cc2979be4d33804ce45cf25a023e9d85b90b16d1c4f676e9d8d20b58f8357894ddc76b8621dbea8fcf60e000000000000beb107743e7f8356bb1b4c0de66bec6f53d13682abef3e61e52e81ef49b7430113f3811d3f04cf033549732f89d78a64aad3db174f0fa25aae831eb197865d", @ANYRES16=r2, @ANYBLOB="00012abd7000fedbdf25070000002400020008000100a400000008000100800000000800010000000000080001000600000068000100080003000000000008000300ff000000380004001400010002004e20e00000020000000000000000200002000a00000000000005ff010000000000000000000000000001060000000c00020008000300f7e50000100001007564703a73797a3100000000140009000800010002000000080002005f03000020000200080002003200000004000400080001000500000008000100fdffffff24000900080001000400000008000200348bffff08000100020000000800010000000100d38e0166af14aef0fed3fe37ccb98b8e1d618758710bcc343515620b7485b2e5d34afd97798864139f9bd4a82584dd5fa513b207b6aed55e6fa9e1a400b4c5cfda809f61fa901ac4e4a13376e03f6d591f4663839b5b00066e998a"], 0x3}, 0x1, 0x0, 0x0, 0x40000}, 0x20004010) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='Cpuacct.stE\xae\x00', 0x275a, 0x0) r3 = creat(&(0x7f0000000080)='./bus\x00', 0x0) fallocate(r3, 0x0, 0x0, 0x1) read$eventfd(r3, &(0x7f00000003c0), 0x8) fallocate(r0, 0xe, 0x6, 0xffffffffffff5a11) r4 = creat(&(0x7f0000000280)='./bus\x00', 0x80) r5 = socket$inet6(0xa, 0x400000000001, 0x0) r6 = fcntl$getown(r4, 0x9) capget(&(0x7f00000000c0)={0x20080522, r6}, &(0x7f0000000140)={0x1, 0x8000, 0x81, 0x40, 0xfffffffff0520d4f, 0x5}) r7 = dup(r5) ioctl$FICLONE(0xffffffffffffffff, 0x40049409, r5) setsockopt$inet6_tcp_int(r7, 0x6, 0x12, &(0x7f0000000000)=0x7f, 0x4) bind$inet6(r5, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r5, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$SO_BINDTODEVICE(r5, 0x1, 0x19, &(0x7f0000000180)='syz_tun\x00', 0x10) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x400}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r8 = open(&(0x7f0000000440)='./bus\x00', 0x141042, 0x0) ftruncate(r4, 0x800fe) sendfile(r7, r8, 0x0, 0x8000fffffffe) 03:37:25 executing program 0: bpf$MAP_CREATE(0x0, 0x0, 0x0) keyctl$dh_compute(0x17, 0x0, 0x0, 0x0, 0x0) r0 = syz_open_dev$ndb(0x0, 0x0, 0x20000) r1 = dup2(0xffffffffffffffff, 0xffffffffffffffff) bind$inet6(0xffffffffffffffff, 0x0, 0x0) listen(0xffffffffffffffff, 0x80000000000000bd) ioctl$KVM_SET_BOOT_CPU_ID(r1, 0xae78, &(0x7f0000000000)=0x1) r2 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r2, &(0x7f0000419000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) mlock2(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0) r3 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000140)='IPVS\x00') sendmsg$IPVS_CMD_GET_DAEMON(r1, &(0x7f00000003c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x1dfd0fd875b77d2}, 0xc, &(0x7f0000000380)={&(0x7f00000004c0)={0xdc, r3, 0x0, 0x70bd28, 0x25dfdbfb, {}, [@IPVS_CMD_ATTR_SERVICE={0x4c, 0x1, [@IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x49}, @IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}, @IPVS_SVC_ATTR_SCHED_NAME={0x8, 0x6, 'fo\x00'}, @IPVS_SVC_ATTR_SCHED_NAME={0x8, 0x6, 'sed\x00'}, @IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}, @IPVS_SVC_ATTR_PORT={0x8, 0x4, 0x4e21}, @IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0x3f}, @IPVS_SVC_ATTR_SCHED_NAME={0x8, 0x6, 'nq\x00'}, @IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x8}, @IPVS_CMD_ATTR_DEST={0x24, 0x2, [@IPVS_DEST_ATTR_TUN_TYPE={0x8}, @IPVS_DEST_ATTR_PORT={0x8, 0x2, 0x4e21}, @IPVS_DEST_ATTR_ACTIVE_CONNS={0x8, 0x7, 0xda2}, @IPVS_DEST_ATTR_U_THRESH={0x8}]}, @IPVS_CMD_ATTR_DAEMON={0x14, 0x3, [@IPVS_DAEMON_ATTR_STATE={0x8, 0x1, 0x1}, @IPVS_DAEMON_ATTR_STATE={0x8, 0x1, 0x1}]}, @IPVS_CMD_ATTR_DEST={0x1c, 0x2, [@IPVS_DEST_ATTR_L_THRESH={0x8, 0x6, 0xbe5c}, @IPVS_DEST_ATTR_U_THRESH={0x8, 0x5, 0x4}, @IPVS_DEST_ATTR_TUN_PORT={0x8, 0xe, 0x4e22}]}, @IPVS_CMD_ATTR_SERVICE={0x20, 0x1, [@IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv4=@initdev={0xac, 0x1e, 0x0, 0x0}}, @IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0x8001}]}]}, 0xdc}, 0x1, 0x0, 0x0, 0x4000000}, 0x90) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f00000f0000/0x4000)=nil, 0x4000, 0x0, 0x31, 0xffffffffffffffff, 0x0) ioctl$RTC_WKALM_RD(r1, 0x80287010, 0x0) ioctl$VIDIOC_G_INPUT(0xffffffffffffffff, 0x80045626, 0x0) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2, 0x5c831, 0xffffffffffffffff, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) r7 = syz_open_dev$audion(0x0, 0x4, 0x0) r8 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0) setsockopt$inet_msfilter(r1, 0x0, 0x29, &(0x7f00000000c0)=ANY=[@ANYPTR=&(0x7f00000002c0)=ANY=[@ANYBLOB="67c771f89b03db9723301db5f7a808f7e97a69ff965970653b87e6f390b77a5fdaf326f367b415401ec608000000c2d1cb94450659ffb3caf414f9cae349c1e363a35377a4e29257a0233653a8bd92506992a8ee2de8df610ab652b2", @ANYRES64=0x0, @ANYRES64=r5, @ANYPTR64=&(0x7f0000000400)=ANY=[@ANYPTR64, @ANYRES32=r8, @ANYPTR, @ANYRES32=r4, @ANYPTR, @ANYPTR], @ANYRESOCT, @ANYRES64=r1, @ANYPTR=&(0x7f0000000440)=ANY=[@ANYRESDEC, @ANYRESDEC=r7, @ANYRES32=0x0, @ANYPTR, @ANYRES16=r5], @ANYPTR=&(0x7f0000000480)=ANY=[@ANYRESDEC=0x0]], @ANYRES16=r2, @ANYRESHEX=r0, @ANYRES64=r6], 0x4) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r8, &(0x7f0000cfc000/0x18000)=nil, 0x0, 0xfffffffffffffefd, 0x1, &(0x7f0000000180), 0x10000000000000a2) socket$inet_udplite(0x2, 0x2, 0x88) close(r2) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r9 = openat$selinux_commit_pending_bools(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/commit_pending_bools\x00', 0x1, 0x0) ioctl$RTC_PIE_OFF(r9, 0x7006) ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_INFO(r9, 0x40bc5311, &(0x7f0000000200)={0x20, 0x2, 'client0\x00', 0x1, "c18119d7285ffeb9", "5569c4169bfb850f3af44d1072b8921025aa823d7e7a23bcc4b0c016d39f307a", 0x7, 0x7ff}) ioctl$sock_inet_SIOCSIFBRDADDR(0xffffffffffffffff, 0x891a, 0x0) [ 606.326406] FAULT_INJECTION: forcing a failure. [ 606.326406] name failslab, interval 1, probability 0, space 0, times 0 [ 606.378112] CPU: 1 PID: 22765 Comm: syz-executor.3 Not tainted 4.14.138 #34 [ 606.385256] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 606.394616] Call Trace: [ 606.397226] dump_stack+0x138/0x19c [ 606.400873] should_fail.cold+0x10f/0x159 [ 606.405065] should_failslab+0xdb/0x130 [ 606.409047] kmem_cache_alloc+0x2d7/0x780 [ 606.413197] ? anon_vma_clone+0x310/0x470 [ 606.417354] anon_vma_fork+0x1ce/0x4d0 [ 606.421259] copy_process.part.0+0x45e2/0x6a00 [ 606.425869] ? __cleanup_sighand+0x50/0x50 [ 606.430105] ? lock_downgrade+0x6e0/0x6e0 [ 606.434263] _do_fork+0x19e/0xce0 [ 606.437729] ? fork_idle+0x280/0x280 [ 606.441451] ? fput+0xd4/0x150 [ 606.444648] ? SyS_write+0x15e/0x230 [ 606.448369] SyS_clone+0x37/0x50 [ 606.451739] ? sys_vfork+0x30/0x30 [ 606.455284] do_syscall_64+0x1e8/0x640 [ 606.459173] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 606.464029] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 606.464911] overlayfs: unrecognized mount option "upP" or missing value [ 606.469214] RIP: 0033:0x459829 [ 606.469221] RSP: 002b:00007f74f3dd6c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 606.469233] RAX: ffffffffffffffda RBX: 00007f74f3dd6c90 RCX: 0000000000459829 [ 606.469238] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 606.469244] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 606.469251] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f74f3dd76d4 [ 606.469257] R13: 00000000004bfce6 R14: 00000000004d1a38 R15: 0000000000000004 03:37:25 executing program 3 (fault-call:6 fault-nth:33): mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000200)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000003c0)='./file0\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffe000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) [ 606.475950] overlayfs: unrecognized mount option "w.rkdir=.file1\" or missing value [ 606.540927] K: renamed from caif0 [ 606.550833] protocol 88fb is buggy, dev hsr_slave_0 [ 606.556296] protocol 88fb is buggy, dev hsr_slave_1 [ 606.556522] x86/PAT: syz-executor.3:22765 freeing invalid memtype [mem 0x00002000-0x00002fff] [ 606.571018] overlayfs: unrecognized mount option "w.rkdir=.file1\" or missing value 03:37:25 executing program 5: syz_open_dev$sndtimer(&(0x7f0000000100)='/dev/snd/timer\x00', 0x0, 0xc2) r0 = memfd_create(&(0x7f0000000040)='\x00\xac=\x9d\xd2\xdb\xe6\xbf\xb4\b\xedcJ\x8e\x84\xd4N\x12\x9b\x1f\t\xbd\x11+\x86T\x16\xa3\xb3\xae0\x9f9?\xefo\xa4k\x012>\xa1\x9c\x86x\x1c\x9f\x84\x195\xde\x97_\t~\xf3Y\x12\"p^\xc1\x0f', 0x0) pipe2(&(0x7f00000001c0)={0xffffffffffffffff}, 0x80000) syz_genetlink_get_family_id$tipc2(&(0x7f0000000240)='TIPCv2\x00') sendmsg$TIPC_NL_PUBL_GET(r1, &(0x7f00000004c0)={&(0x7f0000000200), 0xc, &(0x7f0000000400)={&(0x7f0000000700)=ANY=[@ANYBLOB="f800b900ee6059aa5bf14ff6a69df6cf78598587885cc2979be4d33804ce45cf25a023e9d85b90b16d1c4f676e9d8d20b58f8357894ddc76b8621dbea8fcf60e000000000000beb107743e7f8356bb1b4c0de66bec6f53d13682abef3e61e52e81ef49b7430113f3811d3f04cf033549732f89d78a64aad3db174f0fa25aae831eb197865d", @ANYBLOB="00012abd7000fedbdf25070000002400020008000100a400000008000100800000000800010000000000080001000600000068000100080003000000000008000300ff000000380004001400010002004e20e00000020000000000000000200002000a00000000000005ff010000000000000000000000000001060000000c00020008000300f7e50000100001007564703a73797a3100000000140009000800010002000000080002005f03000020000200080002003200000004000400080001000500000008000100fdffffff24000900080001000400000008000200348bffff08000100020000000800010000000100d38e0166af14aef0fed3fe37ccb98b8e1d618758710bcc343515620b7485b2e5d34afd97798864139f9bd4a82584dd5fa513b207b6aed55e6fa9e1a400b4c5cfda809f61fa901ac4e4a13376e03f6d591f4663839b5b00066e998ace"], 0x2}, 0x1, 0x0, 0x0, 0x40000}, 0x20004010) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='Cpuacct.stE\xae\x00', 0x275a, 0x0) r2 = creat(&(0x7f0000000080)='./bus\x00', 0x0) fallocate(r2, 0x0, 0x0, 0x1) read$eventfd(r2, &(0x7f00000003c0), 0x8) fallocate(r0, 0xe, 0x6, 0xffffffffffff5a11) r3 = creat(&(0x7f0000000280)='./bus\x00', 0x80) r4 = socket$inet6(0xa, 0x400000000001, 0x0) r5 = fcntl$getown(r3, 0x9) capget(&(0x7f00000000c0)={0x20080522, r5}, &(0x7f0000000140)={0x1, 0x8000, 0x81, 0x40, 0xfffffffff0520d4f, 0x5}) r6 = dup(r4) ioctl$FICLONE(0xffffffffffffffff, 0x40049409, r4) setsockopt$inet6_tcp_int(r6, 0x6, 0x12, &(0x7f0000000000)=0x7f, 0x4) bind$inet6(r4, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r4, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$SO_BINDTODEVICE(r4, 0x1, 0x19, &(0x7f0000000180)='syz_tun\x00', 0x10) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x400}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r7 = open(&(0x7f0000000440)='./bus\x00', 0x141042, 0x0) ftruncate(r3, 0x800fe) sendfile(r6, r7, 0x0, 0x8000fffffffe) [ 606.621594] A link change request failed with some changes committed already. Interface K may have been left with an inconsistent configuration, please check. 03:37:25 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca50d5e0bcfe47bf070") mkdir(&(0x7f00000001c0)='./file0\x00', 0x0) r1 = openat$audio(0xffffffffffffff9c, &(0x7f0000000280)='/dev/audio\x00', 0x300, 0x0) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000300)='TIPCv2\x00') sendmsg$TIPC_NL_PUBL_GET(r1, &(0x7f0000000400)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x1010000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000340)={0x58, r2, 0x2, 0x70bd2b, 0x25dfdbfc, {}, [@TIPC_NLA_LINK={0x44, 0x4, [@TIPC_NLA_LINK_NAME={0x14, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_NAME={0x14, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz1\x00'}]}]}, 0x58}, 0x1, 0x0, 0x0, 0x8000}, 0x4000000) mkdir(&(0x7f0000000040)='./file1\x00', 0x0) mount$overlay(0x40000a, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='overlay\x00', 0x0, &(0x7f0000000100)={[{@upperdir={'upperdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './file1'}, 0x5c}], [], 0xf603000000000000}) r3 = openat(0xffffffffffffffff, &(0x7f0000000080)='./file0\x00', 0x50042, 0x2) ioctl$DRM_IOCTL_GEM_OPEN(0xffffffffffffffff, 0xc010640b, &(0x7f0000000140)={0x0, 0x0, 0x81}) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r3, 0xc00c642e, &(0x7f0000000180)={0x0, 0x80000}) ioctl$SNDRV_RAWMIDI_IOCTL_PVERSION(r3, 0x80045700, &(0x7f0000000240)) ioctl$DRM_IOCTL_GEM_OPEN(r3, 0xc010640b, &(0x7f0000000200)={r4, r5, 0x20}) [ 606.696173] FAULT_INJECTION: forcing a failure. [ 606.696173] name failslab, interval 1, probability 0, space 0, times 0 [ 606.720284] A link change request failed with some changes committed already. Interface K may have been left with an inconsistent configuration, please check. [ 606.749491] CPU: 1 PID: 22785 Comm: syz-executor.3 Not tainted 4.14.138 #34 [ 606.756626] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 606.765979] Call Trace: [ 606.768578] dump_stack+0x138/0x19c [ 606.772218] should_fail.cold+0x10f/0x159 [ 606.776377] should_failslab+0xdb/0x130 [ 606.780358] kmem_cache_alloc+0x2d7/0x780 [ 606.784510] ? __pmd_alloc+0x410/0x410 [ 606.788409] copy_process.part.0+0x444f/0x6a00 [ 606.793018] ? __cleanup_sighand+0x50/0x50 [ 606.797256] ? lock_downgrade+0x6e0/0x6e0 [ 606.801413] _do_fork+0x19e/0xce0 [ 606.804875] ? fork_idle+0x280/0x280 [ 606.808595] ? fput+0xd4/0x150 [ 606.811822] ? SyS_write+0x15e/0x230 [ 606.815549] SyS_clone+0x37/0x50 [ 606.818915] ? sys_vfork+0x30/0x30 [ 606.822461] do_syscall_64+0x1e8/0x640 [ 606.826356] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 606.831210] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 606.836403] RIP: 0033:0x459829 [ 606.839593] RSP: 002b:00007f74f3dd6c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 606.847311] RAX: ffffffffffffffda RBX: 00007f74f3dd6c90 RCX: 0000000000459829 [ 606.854582] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 606.861853] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 606.861859] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f74f3dd76d4 [ 606.861864] R13: 00000000004bfce6 R14: 00000000004d1a38 R15: 0000000000000004 [ 606.875029] x86/PAT: syz-executor.3:22785 freeing invalid memtype [mem 0x00002000-0x00002fff] 03:37:27 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x822102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg$netlink(0xffffffffffffffff, &(0x7f0000001dc0)={0x0, 0x0, &(0x7f00000000c0)=[{0x0, 0xfffffffffffffce2}, {0x0, 0x15e}, {0x0, 0x2c3}, {&(0x7f0000000100)=ANY=[@ANYBLOB="b8030100030000002000000000000000000085332f20c5cf7e8fd4808772590ecab0b1f602b630a8e1f060"], 0x9c}], 0x4}, 0x0) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) r1 = syz_open_dev$admmidi(&(0x7f0000000000)='/dev/admmidi#\x00', 0x5, 0x10000) mq_notify(r1, &(0x7f0000000140)={0x0, 0x19, 0x5, @tid=r0}) tkill(r0, 0x4) ptrace$cont(0x18, r0, 0x0, 0x0) r2 = openat$selinux_status(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/status\x00', 0x0, 0x0) r3 = fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) ioctl$KVM_CREATE_DEVICE(r2, 0xc00caee0, &(0x7f0000000080)={0x1, r3}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 03:37:27 executing program 5: syz_open_dev$sndtimer(&(0x7f0000000100)='/dev/snd/timer\x00', 0x0, 0xc2) r0 = memfd_create(&(0x7f0000000040)='\x00\xac=\x9d\xd2\xdb\xe6\xbf\xb4\b\xedcJ\x8e\x84\xd4N\x12\x9b\x1f\t\xbd\x11+\x86T\x16\xa3\xb3\xae0\x9f9?\xefo\xa4k\x012>\xa1\x9c\x86x\x1c\x9f\x84\x195\xde\x97_\t~\xf3Y\x12\"p^\xc1\x0f', 0x0) pipe2(&(0x7f00000001c0)={0xffffffffffffffff}, 0x80000) syz_genetlink_get_family_id$tipc2(&(0x7f0000000240)='TIPCv2\x00') sendmsg$TIPC_NL_PUBL_GET(r1, &(0x7f00000004c0)={&(0x7f0000000200), 0xc, &(0x7f0000000400)={&(0x7f0000000700)=ANY=[@ANYBLOB="f800b900ee6059aa5bf14ff6a69df6cf78598587885cc2979be4d33804ce45cf25a023e9d85b90b16d1c4f676e9d8d20b58f8357894ddc76b8621dbea8fcf60e000000000000beb107743e7f8356bb1b4c0de66bec6f53d13682abef3e61e52e81ef49b7430113f3811d3f04cf033549732f89d78a64aad3db174f0fa25aae831eb197865d", @ANYBLOB="00012abd7000fedbdf25070000002400020008000100a400000008000100800000000800010000000000080001000600000068000100080003000000000008000300ff000000380004001400010002004e20e00000020000000000000000200002000a00000000000005ff010000000000000000000000000001060000000c00020008000300f7e50000100001007564703a73797a3100000000140009000800010002000000080002005f03000020000200080002003200000004000400080001000500000008000100fdffffff24000900080001000400000008000200348bffff08000100020000000800010000000100d38e0166af14aef0fed3fe37ccb98b8e1d618758710bcc343515620b7485b2e5d34afd97798864139f9bd4a82584dd5fa513b207b6aed55e6fa9e1a400b4c5cfda809f61fa901ac4e4a13376e03f6d591f4663839b5b00066e998ace"], 0x2}, 0x1, 0x0, 0x0, 0x40000}, 0x20004010) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='Cpuacct.stE\xae\x00', 0x275a, 0x0) r2 = creat(&(0x7f0000000080)='./bus\x00', 0x0) fallocate(r2, 0x0, 0x0, 0x1) read$eventfd(r2, &(0x7f00000003c0), 0x8) fallocate(r0, 0xe, 0x6, 0xffffffffffff5a11) r3 = creat(&(0x7f0000000280)='./bus\x00', 0x80) r4 = socket$inet6(0xa, 0x400000000001, 0x0) r5 = fcntl$getown(r3, 0x9) capget(&(0x7f00000000c0)={0x20080522, r5}, &(0x7f0000000140)={0x1, 0x8000, 0x81, 0x40, 0xfffffffff0520d4f, 0x5}) r6 = dup(r4) ioctl$FICLONE(0xffffffffffffffff, 0x40049409, r4) setsockopt$inet6_tcp_int(r6, 0x6, 0x12, &(0x7f0000000000)=0x7f, 0x4) bind$inet6(r4, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r4, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$SO_BINDTODEVICE(r4, 0x1, 0x19, &(0x7f0000000180)='syz_tun\x00', 0x10) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x400}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r7 = open(&(0x7f0000000440)='./bus\x00', 0x141042, 0x0) ftruncate(r3, 0x800fe) sendfile(r6, r7, 0x0, 0x8000fffffffe) 03:37:27 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) accept(0xffffffffffffffff, 0x0, &(0x7f0000000000)) mkdir(&(0x7f00000005c0)='./file0\x00', 0x0) mkdir(&(0x7f0000000700)='./file1\x00', 0x0) creat(&(0x7f0000000040)='./file1/file0\x00', 0xfffffffffffffffc) mount$overlay(0x400000, &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)='overlay\x00', 0x0, &(0x7f0000000d40)=ANY=[@ANYBLOB="757002921650000000000066696c659160ac2d776f726b646966696c6514000000ef"]) chdir(&(0x7f0000000180)='./file0\x00') setxattr$system_posix_acl(&(0x7f0000000000)='./file0\x00', &(0x7f00000001c0)='system.posix_acl_access\x00', &(0x7f0000000200), 0x24, 0x0) setsockopt$packet_int(0xffffffffffffffff, 0x107, 0x0, 0x0, 0x0) setsockopt$inet6_group_source_req(0xffffffffffffffff, 0x29, 0x2b, 0x0, 0x0) r0 = socket(0x10, 0x3, 0x0) write(r0, &(0x7f00000000c0)="260000001300abf1eb14c1f8000322ff001000e313000000090000680000000006000300124b", 0x26) connect$inet6(0xffffffffffffffff, &(0x7f0000000080), 0x1c) r1 = request_key(0x0, &(0x7f00000001c0)={'syz'}, &(0x7f0000000200)='GPLem0^eth1\x00', 0xfffffffffffffffc) keyctl$read(0xb, r1, &(0x7f0000000240)=""/4096, 0x1000) 03:37:27 executing program 3 (fault-call:6 fault-nth:34): mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000200)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000003c0)='./file0\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffe000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) 03:37:27 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca50d5e0bcfe47bf070") mkdir(&(0x7f00000001c0)='./file0\x00', 0x0) mkdir(&(0x7f0000000040)='./file1\x00', 0x0) openat$selinux_mls(0xffffffffffffff9c, &(0x7f0000000080)='/selinux/mls\x00', 0x0, 0x0) 03:37:27 executing program 0: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$sock_int(r0, 0x1, 0x2c, &(0x7f00000000c0)=0x5, 0x38) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x2c, &(0x7f0000000080)={0x0, 0x0}, 0x10) r1 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv4/vs/sync_sock_size\x00', 0x2, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000040)={'team0\x00', 0x0}) connect$packet(r1, &(0x7f0000000100)={0x11, 0xff, r2, 0x1, 0x11c1, 0x6, @random="0add71ff2937"}, 0x14) [ 609.043663] FAULT_INJECTION: forcing a failure. [ 609.043663] name failslab, interval 1, probability 0, space 0, times 0 [ 609.064506] CPU: 1 PID: 22806 Comm: syz-executor.3 Not tainted 4.14.138 #34 [ 609.071641] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 609.081009] Call Trace: [ 609.083613] dump_stack+0x138/0x19c [ 609.087259] should_fail.cold+0x10f/0x159 [ 609.091423] should_failslab+0xdb/0x130 [ 609.095402] kmem_cache_alloc+0x2d7/0x780 [ 609.099563] copy_process.part.0+0x444f/0x6a00 [ 609.104178] ? __cleanup_sighand+0x50/0x50 [ 609.108421] ? lock_downgrade+0x6e0/0x6e0 [ 609.112585] _do_fork+0x19e/0xce0 [ 609.116046] ? fork_idle+0x280/0x280 [ 609.119773] ? fput+0xd4/0x150 [ 609.122966] ? SyS_write+0x15e/0x230 [ 609.126685] SyS_clone+0x37/0x50 [ 609.130051] ? sys_vfork+0x30/0x30 [ 609.133605] do_syscall_64+0x1e8/0x640 [ 609.137498] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 609.142354] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 609.147541] RIP: 0033:0x459829 [ 609.150731] RSP: 002b:00007f74f3dd6c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 609.156840] overlayfs: unrecognized mount option "workVKȇ\xa1\x9c\x86x\x1c\x9f\x84\x195\xde\x97_\t~\xf3Y\x12\"p^\xc1\x0f', 0x0) pipe2(&(0x7f00000001c0)={0xffffffffffffffff}, 0x80000) syz_genetlink_get_family_id$tipc2(&(0x7f0000000240)='TIPCv2\x00') sendmsg$TIPC_NL_PUBL_GET(r1, &(0x7f00000004c0)={&(0x7f0000000200), 0xc, &(0x7f0000000400)={&(0x7f0000000700)=ANY=[@ANYBLOB="f800b900ee6059aa5bf14ff6a69df6cf78598587885cc2979be4d33804ce45cf25a023e9d85b90b16d1c4f676e9d8d20b58f8357894ddc76b8621dbea8fcf60e000000000000beb107743e7f8356bb1b4c0de66bec6f53d13682abef3e61e52e81ef49b7430113f3811d3f04cf033549732f89d78a64aad3db174f0fa25aae831eb197865d", @ANYBLOB="00012abd7000fedbdf25070000002400020008000100a400000008000100800000000800010000000000080001000600000068000100080003000000000008000300ff000000380004001400010002004e20e00000020000000000000000200002000a00000000000005ff010000000000000000000000000001060000000c00020008000300f7e50000100001007564703a73797a3100000000140009000800010002000000080002005f03000020000200080002003200000004000400080001000500000008000100fdffffff24000900080001000400000008000200348bffff08000100020000000800010000000100d38e0166af14aef0fed3fe37ccb98b8e1d618758710bcc343515620b7485b2e5d34afd97798864139f9bd4a82584dd5fa513b207b6aed55e6fa9e1a400b4c5cfda809f61fa901ac4e4a13376e03f6d591f4663839b5b00066e998ace"], 0x2}, 0x1, 0x0, 0x0, 0x40000}, 0x20004010) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='Cpuacct.stE\xae\x00', 0x275a, 0x0) r2 = creat(&(0x7f0000000080)='./bus\x00', 0x0) fallocate(r2, 0x0, 0x0, 0x1) read$eventfd(r2, &(0x7f00000003c0), 0x8) fallocate(r0, 0xe, 0x6, 0xffffffffffff5a11) r3 = creat(&(0x7f0000000280)='./bus\x00', 0x80) r4 = socket$inet6(0xa, 0x400000000001, 0x0) r5 = fcntl$getown(r3, 0x9) capget(&(0x7f00000000c0)={0x20080522, r5}, &(0x7f0000000140)={0x1, 0x8000, 0x81, 0x40, 0xfffffffff0520d4f, 0x5}) r6 = dup(r4) ioctl$FICLONE(0xffffffffffffffff, 0x40049409, r4) setsockopt$inet6_tcp_int(r6, 0x6, 0x12, &(0x7f0000000000)=0x7f, 0x4) bind$inet6(r4, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r4, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$SO_BINDTODEVICE(r4, 0x1, 0x19, &(0x7f0000000180)='syz_tun\x00', 0x10) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x400}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r7 = open(&(0x7f0000000440)='./bus\x00', 0x141042, 0x0) ftruncate(r3, 0x800fe) sendfile(r6, r7, 0x0, 0x8000fffffffe) 03:37:28 executing program 4: clone(0x822102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg$netlink(0xffffffffffffffff, &(0x7f0000001dc0)={0x0, 0x0, &(0x7f00000000c0)=[{0x0, 0xfffffffffffffce2}, {0x0, 0x15e}, {0x0, 0x2c3}, {&(0x7f00000001c0)=ANY=[@ANYBLOB="b80301001f6074a06cbf38f9636e910c409b35ec2592e92c9cebb36e44e236dd5488d8630424b559cff9630a2b40ea03f98a2d07b780653706bfa1306422f3f589df87a1d6a0548a"], 0x9c}], 0x4}, 0x0) r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) sync_file_range(r0, 0x6, 0x5c8b, 0x0) r1 = gettid() chroot(&(0x7f0000000180)='./file0\x00') wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x4) ptrace$cont(0x18, r1, 0x0, 0x0) r2 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000040)='/dev/snapshot\x00', 0x8081, 0x0) ioctl$UFFDIO_UNREGISTER(r2, 0x8010aa01, &(0x7f0000000080)={&(0x7f0000ffb000/0x2000)=nil, 0x2000}) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ioctl$SIOCGETLINKNAME(r2, 0x89e0, &(0x7f0000000100)={0x2}) ioctl$TUNSETSNDBUF(r2, 0x400454d4, &(0x7f0000000000)=0x5) ptrace$cont(0xffffffffffffffff, r1, 0x0, 0x0) [ 609.266947] overlayfs: unrecognized mount option "upP" or missing value [ 609.288346] x86/PAT: syz-executor.3:22806 freeing invalid memtype [mem 0x00002000-0x00002fff] 03:37:28 executing program 1: syz_init_net_socket$llc(0x1a, 0x3, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = syz_open_dev$midi(&(0x7f0000000000)='/dev/midi#\x00', 0x638, 0x8085) ppoll(&(0x7f0000000340)=[{r0, 0x4}, {r1}], 0x2, 0x0, 0x0, 0x0) r2 = openat$zero(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/zero\x00', 0x0, 0x0) openat$ashmem(0xffffffffffffff9c, &(0x7f0000000480)='/dev/ashmem\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) unshare(0x20600) r3 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_ADD(r3, 0x4c80, 0x0) getsockopt$inet_sctp_SCTP_ENABLE_STREAM_RESET(0xffffffffffffffff, 0x84, 0x76, &(0x7f0000000400)={0x0, 0x20004}, &(0x7f0000000440)=0x8) setsockopt$netlink_NETLINK_PKTINFO(r3, 0x10e, 0x3, 0x0, 0x0) clock_nanosleep(0x5, 0x1, &(0x7f0000000040)={0x0, 0x989680}, &(0x7f0000000100)) ioctl$LOOP_CTL_REMOVE(r3, 0x4c81, 0x0) unshare(0x20000) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(0xffffffffffffffff, 0x6, 0x14, 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r4 = creat(&(0x7f0000000300)='./bus\x00', 0x1) write$P9_RFSYNC(r2, &(0x7f0000000080)={0x7, 0x33, 0x1}, 0x7) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(r4, 0xc0305602, &(0x7f0000000180)={0x0, 0x6e, 0x3001}) ioctl$RTC_PLL_GET(0xffffffffffffffff, 0x80207011, 0x0) ioctl$KDGKBMODE(r2, 0x4b44, &(0x7f0000000140)) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r2, 0xc0305302, &(0x7f0000000000)={0x7, 0x0, 0x6, 0x7fffffff, 0x9, 0xae6c}) ustat(0x0, 0x0) mknodat(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$SCSI_IOCTL_DOORUNLOCK(0xffffffffffffffff, 0x5381) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r4, 0x6, 0x14, 0x0, 0x0) 03:37:28 executing program 3 (fault-call:6 fault-nth:35): mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000200)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000003c0)='./file0\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffe000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) 03:37:28 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca50d5e0bcfe47bf070") mkdir(&(0x7f00000001c0)='./file0\x00', 0x0) mkdir(&(0x7f0000000040)='./file1\x00', 0x0) chmod(&(0x7f0000000080)='./file1\x00', 0x100) mount$overlay(0x40000a, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='overlay\x00', 0x0, &(0x7f0000000100)={[{@upperdir={'upperdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './file1'}, 0x5c}], [], 0xf603000000000000}) [ 609.342250] overlayfs: unrecognized mount option "workVKȇ0x0}) ioprio_set$uid(0x3, r1, 0xffffffff) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 03:37:28 executing program 0: socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000002c0)={0xffffffffffffffff}) socketpair$unix(0x1, 0x80000000000003, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r2, 0x6, 0x200000000000013, &(0x7f0000000040)=0x400100000001, 0x4) r3 = dup2(r2, r0) connect$inet6(r2, &(0x7f0000000380)={0xa, 0x0, 0x0, @remote, 0x6}, 0x1c) getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(r3, 0x84, 0x6c, &(0x7f0000000540)={0x0, 0x3e, "582be32ee3d0b252d7be1c3d4d41995fee12b7987da6cd490fcc74446b16f036388347201a78f07b0e8cd541a71514a1c1cab1eec9e42c7490952883135b"}, &(0x7f0000000280)=0x46) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r3, 0x84, 0x66, &(0x7f00000005c0)={0x0, 0x6}, &(0x7f0000000600)=0x8) getsockopt$inet_sctp_SCTP_CONTEXT(r3, 0x84, 0x11, &(0x7f0000000640)={0x0, 0x7}, &(0x7f0000000680)=0x8) sendmmsg$inet_sctp(r3, &(0x7f00000007c0)=[{&(0x7f0000000000)=@in6={0xa, 0x4e23, 0x6, @mcast2, 0x3ff}, 0x1c, &(0x7f00000004c0)=[{&(0x7f0000000180)="d5bc4df836d3ef837496e3f4de4aec2e586e951944", 0x15}, {&(0x7f0000000200)="fe79f32f9b2f007ad124ccc3b807e9c12c57f4", 0x13}, {&(0x7f0000000240)}, {&(0x7f00000003c0)="7881cb86a0bb8f8b24f7df4e9b684320e11659685fc0420916ca0ee911171881301b4366da0b93bfd556fcd9166e2468f8d611de79403b2dd3b11ad8dc82d8714583d6ee88965fbfc24808091013b09ad2454bd71eca61382b308899583efc6a049c7a099cb0bcd774243d36954b900ebf007e4ed17c8aabe507cd5669cd962cb125d3cda03d7d4b4788fdc2c75cb30af60fb80c70edaf534058b45df834696d29013696669ea39db3163aae7f76bbbce1e0747b6c09ccad22336f4340c4a8b2cfc691a6ef3c6a27e98dc94ca5f0e4bf4eb2b2fab10dc266b078e5157495348891bf992d8af89077", 0xe8}, {&(0x7f0000000300)="7be7b115e84d448d66a075d2ed25f4f04dc4297e68720e11767ae23472aa2793cd74b437e9d111308b82f3d4fa2c0b706565e5ea93f1b25bc7c2115d08b12967eb2dc257a8f0e8e3cc4f48235ff40c0183cef7802867360bccc374b74ed9b2daacff7fd9aa8f57e1c534e1646ef8d999", 0x70}], 0x5, &(0x7f00000006c0)=[@prinfo={0x18, 0x84, 0x5, {0x10, 0x5}}, @sndinfo={0x20, 0x84, 0x2, {0x9, 0x8, 0x8000, 0x6, r4}}, @sndrcv={0x30, 0x84, 0x1, {0xb448, 0x9, 0x200, 0x652, 0xf4, 0xff, 0x4, 0x1990273b, r5}}, @sndinfo={0x20, 0x84, 0x2, {0x400, 0x8000, 0x2, 0x0, r6}}, @prinfo={0x18, 0x84, 0x5, {0x0, 0xffffffff00000001}}, @dstaddrv4={0x18, 0x84, 0x7, @empty}, @authinfo={0x18, 0x84, 0x6, {0x89}}, @init={0x18, 0x84, 0x0, {0x3, 0x10000, 0x101, 0xfffffffffffffffd}}, @prinfo={0x18, 0x84, 0x5, {0x0, 0x1}}], 0x100, 0x20000000}], 0x1, 0x40000) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000440), 0x92f22) connect$unix(r0, &(0x7f00000000c0)=@file={0x0, './file0\x00'}, 0x6e) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bind$inet6(r2, &(0x7f0000000080)={0xa, 0x4e22, 0x0, @empty}, 0x1c) getsockopt$IPT_SO_GET_REVISION_TARGET(r3, 0x0, 0x43, 0x0, &(0x7f00000001c0)) [ 609.472792] FAULT_INJECTION: forcing a failure. [ 609.472792] name failslab, interval 1, probability 0, space 0, times 0 03:37:28 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x822102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg$netlink(0xffffffffffffffff, &(0x7f0000001dc0)={0x0, 0x0, &(0x7f00000000c0)=[{0x0, 0xfffffffffffffce2}, {0x0, 0x15e}, {0x0, 0x2c3}, {&(0x7f0000000000)=ANY=[@ANYBLOB="b803010000000020000000000000000000"], 0x9c}], 0x4}, 0x0) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x4) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) r1 = openat$selinux_checkreqprot(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/checkreqprot\x00', 0x4000, 0x0) sendmmsg$alg(r1, &(0x7f0000001c40)=[{0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000080)="095c97a39e45eac70a6c85ad2c8400561f5f02519367e55c2cd5710d73a2362897a7da3b88604f60f3cfeb30e8b66de5853309c0a3115fcc", 0x38}], 0x1, &(0x7f0000000140)=[@assoc={0x18, 0x117, 0x4, 0x1}, @iv={0xc0, 0x117, 0x2, 0xa8, "d7079ad49a954475d924ce754645c62e4d1edfa35e4d97b6df556ecca240b6886d44c3ab5d1d36ae911bfc7c9d8badebad74f925d2fe661030a5ba2fcb4e53725a03ac86115b3a5017ae2728466ee9b0ff895473119688620cfc0da389199f85611503096e30ff226f8dd1b3e8295971046171362ff59094f3f93b6cf1ef573b82eeb01038b70945d1862b41d3284df7518a51ffc3b41ce598f6c7f0f4df219a0d611646017626df"}, @iv={0x1018, 0x117, 0x2, 0x1000, "8f43c26a43bd892b7f11c7d50d6e313c2a349c9e3eff87d280c61c21d74cf3b2999b2f0b13c84b80364b297a411fde86d2c39c6a625e05ffabbba0f3c56a550eaede49dadcc63334c00bff316f8d1147f1378e4cb9446f0bf2ee1cd0b905ba23bfa79d5dab6a0c2533a62a63ab1db54ad501327d32ccd785ffb0addf0331e625863379f639a29fb6f188f371129ed09883905937ca1a01163334a20020eef9ad939f61ad0a80cd61179ed5625bbefbc8aa744e9d93c9094a64758aee2afbd8e624743870f1833e5ba3995a4615bd82443622a2ef22413c218b28c83d3a432193344f06a54b3dd1cf9aac6da42fd8bcb3c82c870692da8767a6889c18200a4e5097e957e94cdaf7640fd02e7ede5f56ad6f4e06f2cf65b17eb55f9868acaec2bc5477cfaf3e4db6c07b4c489ea77e1d6e21c0b0ae965bb057492fd42efb7b00f1b253d8526113ae69f526430723f92198f4af63791d1ba7a09ea6bd39b48602c0b06055c7040d3661a88c530eb5a1eda55bc80335004ab0f7ec3e13af10d8a1b6a0f56134cec634bce22c851eec77d31d4d1dda5331c202ee16e558dea2fa543d7e09c363f86d2c60e233ca538744416bfcfc3a0a84121ba2fbade34a3b808d710eef3b7cebb1a8ada8b10d40cd8069a589642ac0de3647eab8c0cf08d830b9fee1c2cf8d9c963b61f38a8fd86ddffd515e82a278ff4eea58e1f6e7bebcddffe5f9371637051c2efa783c11ff241c17f1d9b089dd4b61dd01d340d050ed6b310a9598a778f730d6e7adaaf02d5ba6e92fae44cf0b322cfdc7f932568e6f2daa5e414a0ea8ff20adb01bfe4bb9c7f243f0e691757360c32af46a6c4d22f89a62b0dcb619a636a64627b1657ccba8e5c22df44dfe94c68cdfb727c4ae2b5ba85486418bd416fd4bcae64216b854cfee5e73793d60c493d3c5df78831f4b88428682fc96f8b71965f6c3fa1616c86cb34145750c557ca867791e4ffe048459426701129959e57591374e4925108f67f1cb6273406d6e48c237a75d56901172b4a5efd9025b63637dec3973ab32e1a6a8c93d8f3bf99aa89eac6e96968aafc6668c91f0c030adf9cdb001f7b658437cb8a5a95947d5a9010f669270032b3bfbfd033c6612217b618abd809a2d87e50e70af672d3887cab93351620f75e82a707d391d7eb4e91a4804fc987466d785662ce0738bc851a08287885338b7176cc41542dada3d7ac24d57283ac599eb2b824f47d2fee2a9e80be725fb874acd29796aa217a4c4fc3de17d4c5a03706355a978167647f1396a72ada314151745b4cfd0e010c7528fc1d8423dbb05bb8a4245aadb7a315f1015d2c106946ab850cb4e6e74f2a6cad35989dec821aba20dba2646e8c3ca16ce5a2f2588248c5cd5216708a76c58d5753b347c7e1ad3e3747d8846d1f30db4558d25666c031fcb8ad4dcfbe64746539ff107d4ff8fa260ea12f408d2898d2bcbb4bf146facaeda0094c4092ab49995c4c15ba9bc0f447e43f9bc65a38ca190d2ffb1a874754169365f15c76f9129fcc62460f49545ec9f4d560a6ece98a0212ce969325cdd8e5b2494636611d9aba10056bcb182019049b73c89db071c8a631bc6242b59fb7b95ead896b35add6ba65aa019e2ced2a6777729d06399505c73cf2f6ade44458d5affd38253d758c15699398b205ebe1361d10da612c1c6a23dc5ef850236a82852de83dca85ab7314b0546bc19e9b8fae683f8b0119b683fa45e9ae56995f0e659cd68627acd294e9e2dcca6fa0ccb3b45b0a510c67c20a9b899090ffa5cf79df22efdc00ec8cd8a066b6ff21b29671a3693f6881e415b539bcf475981f24e8da7e543545c0ae423e7104046f663b9d2bf6a68858f6c9df406030c8393511a65d48fb6ad61557c8efcf4367d9ee2e721744bdd08df05fecd23966ec20d632cdb764f14bd97ffbf59d0ce25b61a345394e69fa14c09106b21804a01662344f304bc85b23a8c186d2eacde7c50e1acf329027bf849461b8715f37014d46a44de488fa2e8a60a811804468e17336777b9ac65df65ff63c7622112f71cc0137496762acd9522e9ec9b041dff1247ad3cfc41137d61d2247a5999da34102ee1157002c710fd635228402c3ce2401732c4996149ae76e079f1151a88099f79490f22e280f98075f0d74473397a714b4cb561b2273573a79b89fa2c9a1c3e31f9b0941f6a01e165fc10e72627f5592621a39df09b610b893d1fd4faf2424065cf1bef15a8e0d2702dfcc5726a42388902ad25fdda5217fc7f556330e4891a9ceaa101b3ab4828d8ef264b526c149e42c19d058cc589431d8f208dea24848d3a26c6e22e947b63ab77bda901e541a6ab2333887148b54218dd18b9fe01ab9024c457ed5d5f6291c0b8d84484dc18d1096aaf307e95e5ad5675a22139312ff84a90440514d1f942cb113d72032169b3cd431504e02d6756712a0577ff1fe3243da0a8b7912bec14152d01e600f47b4df3fcb4bce87af0e060fca385b4fb6b4d1e5c7851f3601c31cab7d2b26bb4c295c0d8072283b48da09237b679813828ff7381f4ddb491aa121b0252ba4632e1d8581ab1aa7ba362b1f300654f8c85c1dbc3bc1289f6bd03c48557666d7327bee83a719a5634c64df098ed4ea67e0c735132e5f94a172cd81326c54ddf699c537c35c651bc3746a1d1461a4a7ae722b46d2034102aad7109dea027734475fb65ca849ddf99a198fc01f21814b2b004f2c539fc3e985d00fe63a46d5aa6b6f237292f07ac7861a83d6b70c5b7a5681b4adadf6c968ba7cdaaa2445634fcf10757e6127ee3d8ecb373464bdc7d5ef34e23cfd7123619c066e0a1e289983423de9b3305e994d2ba0d23355a30b517d9700950b837dbfc4b8b6297ebe114a7cb42139fb4961525b7d3c61c95921af3c462d183a9346e7d4d5149b0897fd2ba96814b70adb07d35f031f27d36965cec947a430fb96d8bb4728ba0c6041c41928b6fc5d90e875573d3a534e43d776c81f67cc738324a937dd72e47c3e16f31c1dff87dbe9de747ab724da080aeb0bf7a7a85db8476e65a7126382806ce570171a2dd7bda8fc3d200c60e7d921bbffc6d36b73ccb9a9f8df541826a6d2eefdd871cf23c7cc7e6213b72b018fae2f9d08b8a3f0cd413d1095f23aad1155a961109117dba8c9c7c7223513011c73165e41f217695910dd960126d67171ebd09857e4335f4cef30a9aa76176a8f87efb429636cf6ec0f85cd7f1321c9ee3ee32753af3f14112bb676859923038b80c8d034ed9fb3a5d2ff99b2af7b016922ed2041e152d169ec6be394fabb4a7badb8ff7d1d97aa5891055670f61dc4507aa387c5ce110c7360c6d29732e636c01c2a7a1f58ef7bce43587d949d3f0d7fe9c1029d835b81287103a6c173164ced9fa97e9b3fa07f8f14092c5fb3d1d5fbb82016a05ac5c5d339f2891d51489ea1c0733a78ef663b93f96a14dc9bdc9d203ea812d6f95f4a0763c34f6c2bc8f73035b7d955b9390446e62c13139684bc33fc030d93927debc429a658d40a6c57b1730a511f92bc5ebdac1aca71f955a0fb1eea5a9591b8641192fed7202aa6a680937d2bb368336fa2eca31a3f8a760d94c65d8a1f8896df99dc7a4d4399a6f880ea9a6d7dd553ecc217f52f310263cd37d0f418af45530e24ddb13d287de6af7616eac30f76c38fdedb1fcd7fab68c558a4373c41baf75adaa72a428221c8412a0375f4f56ccea607f6ee76a75ff91fa57e2d74f6d38a197707a4bad911d990d6c91b603ed3a063bbbbb7fb8ba687a155859cd5280344677a5a2bec7b52d2f9a9652deeeff80ef6b17a02adc0361b44fef3848c533fdbb3dc7c7ec14216ef2ad107a560223ec5c2cd2c1d0b2cdf0035254738d3e7454114fe256a96da48708cb71ef7faa53be02633229f5d6b379cfcc496f3216b3d6a7a07a9d93ad6d2e12ed2a70ea13df115751dbb9bce2b48415d897f81459d829c0b2c215ec6d15a8c05abc4635632c3896420c6ed004f8e36b85e2a5bab0e95a10cb699df2754541380305e3f360ab6bebc2f0263c253feef589b46af32b742d6106f0f84ba339705f84d485860afaea1e35a5074a965a3eba6800d2ad9943470efd1be7d640fca5374a07e5e525296973ffc6691575a441332b3c3e95d4191b51a50179f5cf636e1035f0e7509e2cfad9cf88fb09ce2892733645cece3bcf0f47257885ca9e0b66ceb51297d93e532aba9f724fa136e81146f14920a32f38dbfee43c0c2de8e432bfdd4dec5c40397c4d038f741ba5aac1e6c44d73598556af1c36025abacbea3d64ebd47d16c00c1790e7361ceb5d6a360015d7ab9e5aa8d4b1ce8e10af7e9f44f71933148d70ed686d2e14834625d5616bff1bec1f6f8b0af5d9dd71fc11aabe5f83b587b6b3dcaf45eb8c1544120b9f50e9f2ab8c4d7b32ac05f1dd993fd0aa57ffc0862629aeaa2790d1219b444b9949aceaad277f9468e3bcfd4adc8330cac7c911a7aa8aef82142f7d6edbe7673879b5594870da7b5a4cc0dada3b9c540f399499e86f8d4051183f57fe51ef85efc49a7864ac6b4ea1a784422d242bebada5136ea51e2507ba70c7935fef3f9d9c612598eae74776f5c22a1abdfc3253821fb382ff24916a3f17b9a0bcc5e7505f4717361a3edc747ff3f3a54e3cd1d3d95c7c162c615805451b34d72d37bd2c9f8c53231d4249bec85457ae22310ccb5de411902eaec1460501848f5fc37d6ea2964c8cc05302c5ffb74f85bdf0ebadde2cddef9a96732e8e6e2802d247af8b7a8aa9f2e79e698a8450c08920c3b1401e8d7a5addbe6c5ed38488beadc04dc3e582eef8d5e0fe526e5ce9a5be8eb1ec0cf406f2201153b82aaaf02bce4ed4679c4fa96ecc5794e5004d7dcd6fe320299f3c7e984da91b45671c3ce717ff7b8b4998edff8d13e3baa2580837a2a18b5fe5749820ff6ea6566dd74d8b8cc37f6aa616a6e51b3f616c16b78caf6a9febe5d5e7680b7e0f10b0eaf489942f33a17486ad5cf117d43dacbbe51933958b2856619438ff87b96bd74e4f7cefaf1c65644610a14ae56731684d6b93b9a1cb4324fb559eebfd5b96747867c7a75059191e124e2d32335de69d45e93e91bc47a7af2e7fe438e9018c7e120347c3a0639aac93a27a504820ed224bc47083bd9e32ecef665f2608a8aa801a6b86dc747d2ee841346426f93867410fa112996e2c5f91bbfeb6028645ce67c09d706dece46412580c0ff212909c5ead04886127e0f992c61f0531247f33432bebda931181efc079892f29259a254ef26c0e198056cf25e249597425b7c28ee2322a29d2e6ed24a9915e46477e030f3a29d497670ff349326f274d90a62ee4814635fa8b5207245e8a40b17b588b6afcaace63d0cc87b0ad1b474561a5158fc4fa3c17858411181bfb0d9cabf2080d7ed291a913db071209597e46690a6febd814fef3a9e169e08520ed89d245d28b36a38285a382ac9b3ec5d02d57c4c725b5ff89fa56a49807f645b5fe77c5760c7205a895007136730810b9a7b2a125323e7f9b9eba7bcbd179438a7c69526673d5721aa90d80498bcc53c493d4ba7e6c429330725cec9a0128088b7655880bce1e10222e5dd791423e35fbaa8985be2accd5065aa9d66b731d7012eccf8e0ab793eb74fb56c3c20d4df4e40ce891f8f8d27b2bbcdace1ab5a8d0412e55240a30eaccd8e8b884d3f919af847f579b362db92a54a3e53c768f98dbddf3a5248c2f31fe13a4deab7ba661dd228e5a979ef2873991e6634c58d1499b1bd5594560b7"}, @assoc={0x18, 0x117, 0x4, 0xffffffff}, @iv={0xc8, 0x117, 0x2, 0xb3, "1c0c0b514975e4cb5e1d6d9246ad28b03f9a85cb7786a365c4699394c73fc7ee2c6b99e2f5bc7fbf37b1b845f633499ab7e8019471830bce321e857ffbf99b2f443cb8e29dc45beef558b165d57c84a95b9f0fe30a729dd2393d69fe9fc626182e87d800c6dfda9c196a02279f5bd9fa85f7f1ba58c4568024edb9049bc9800d407478e2061dd166d4c291f78324e5b98644ca76a809ef3d59c3f8dcc35bd97c971b947a0e24231ac8e87884ab0442b21add45"}, @assoc={0x18, 0x117, 0x4, 0x2}, @iv={0x100, 0x117, 0x2, 0xe8, "3960d6b45ed3c774248bcbce5a39c4cd1c962b0528a2960ff3fae431418c7b83decf3daf9d0d0273d868b71a0c912426cd6cf5309006482880e5915e9552123d32713a1aa210418d1bd342ea12f605c6a7348c88ecfa638b0e60839eb962c62d61db781d50fdcf40b4aff8ccd85f4fbb9ab925c9089fa7c4244cf2674e22087e40f5a44f91df188d1724367e47e6b7a2969716f5a9cbf02fc0f01b97ec980834b978dfd602f0c4aa7ecee3879cc5e21fd3de25e614a100cdaa8bfc825d21bdecafc2dd21a928dcbcb8e00dc3df7a7a92520b920e360bb83aeeee78237afbd434c76b8c359e6039e5"}], 0x12e8, 0x80}, {0x0, 0x0, &(0x7f0000001480)=[{&(0x7f0000001440)="c3ae3c9f64f9006dfbede4963dc4d669c20f78570646ef98c3bc159bca567085833b89de40d5284f7ff2aadbf089969c5e5ed56100d22b1bce1ec7ba389c", 0x3e}], 0x1, &(0x7f00000014c0)=[@iv={0xc8, 0x117, 0x2, 0xad, "c18add907e90fca38e07e7e8e9dbbae9149deeda2078b70d89512ce057e81a0b5bd16665984cbd0fc3fbaf8999a04d3c0c6b51ffc23c1aaef35c4802a4f17454fa44a2f4cce3e0f7df7d3dfb37411a02ec96fa3e6317d42bf9358554d6123e3f6a67385dedce0c03b026a0c7868d25ca11b6d7427835d4e7f50a059a7a67a18f169d768f220472484c065977e612a51313803ae3c2670bbbb90eda02e3e30c77d89129712e3bebdcf6fe00fa8d"}, @assoc={0x18, 0x117, 0x4, 0x200}, @assoc={0x18, 0x117, 0x4, 0x511}, @iv={0x108, 0x117, 0x2, 0xef, "36903d6f1cf06347b9c3c84512de8ad555ceebd10133dac880b0a7c7fd081ee872dcfe37a9f0881295bfb81074214cbb961fb44d0a569dc310afb31a8e2083438ee8449da2c3d80d0413fc9513164a2c6944dc1f589fa2b3166b777f6c93ed1d6c04f2e23ead28129c21233966402d9d78df23458af0631a184887c8cb1fc5a676dea27b45f9a76e5c3b6fdf26d1e2a01261fcb87b5c84feed8804a30b672c71aa0935be7a24f576697e0b72b8c6112ce150acf4533030b91efab5ec47fc131511c47541e5a2fcd48d4abb376676f384f18de6dd2b3f1bd14aa89cc2f3300cdcadb3ba455f2fb5ce5adec18d1bf887"}, @assoc={0x18, 0x117, 0x4, 0x1}, @assoc={0x18, 0x117, 0x4, 0xfffffffffffffffd}], 0x230, 0x8000}, {0x0, 0x0, &(0x7f0000001880)=[{&(0x7f0000001700)="43a2848af24a36ff210767b1ea1bf22655e8eeebd3eae37ea5e719f00370e9f6ceb87b8c2f5d25a16e9476c0e53f929ab9bbef8afe4cf2103a4a6280b35af2a2d7ee3bf9cfc13d0c83e7e2faacb8e2ee212a8d4baa6198e0273b59c153e99062454a1a468339f0db42e1427b0b4424b3f38aa6fac2c4dcf392a9bca1c90cdd4d0872c57c9a3e0aa1df242629", 0x8c}, {&(0x7f00000017c0)="490abe4963c061a6f971c2ce79be90629c3f8d360b59278df470ec8de722168647f80fdff3db0200bbabecc9a1e01d88b2b6118c9fee3f7c1aa93e86e74a4f227d15740422bdaac8ea92bddc57eb487f3630daaa0e2012b1c7e697f9354a0fc944aef9a87603e1c78f6416642d37c79d058f4e0c10a1686a5962762824b76e520664851bb95fda3f4005bc82ce5379318f9de40af35d1c37ead71dce2b9617836930b27be398eb", 0xa7}], 0x2, &(0x7f00000018c0)=[@iv={0x70, 0x117, 0x2, 0x59, "cd5d1723c42ae92b75da42f01034d8ae2774ae656571c5ee4336da10babdf227eae249205e3d1af092632461263a19e396a8b77c34467df50e03ea98a240ea60647e2122ea9d7b2e0d5783950407cb095d602b919b13c9633f"}, @op={0x18, 0x117, 0x3, 0x1}, @op={0x18, 0x117, 0x3, 0x1}, @iv={0xc0, 0x117, 0x2, 0xac, "812171c575a38f84d818a528d43fbc972cd8be70930573dd807a048e1b792a36bc0806782324f5112df73e58fdabf84002efb9068704e2755e4b8ec02ec4f85b6eab901ae537c9b98fbef8fdaa7ceeab372f0d0d9bb56bf1ff26a7f518fe03291d9ded6d60d3011cdc755a191749f9e27e3cc9c0631f45a9733b3ac833c7484928178ded24fb786b3275534407176dc82325c4a8c4d3accb4dda0843ca3eae8fe231b1f2cad9c19769ff8c6b"}, @iv={0x58, 0x117, 0x2, 0x42, "05c04ee5a89df192a7c67cef7701f207eafcb8397936fb18216edc42dc099e084c28eedb76e2ca493f2a1d54809e8635b0d3ad5234a5582c1900cf9ff618daddda27"}, @assoc={0x18, 0x117, 0x4, 0x6e1}], 0x1d0, 0x48000}, {0x0, 0x0, &(0x7f0000001bc0)=[{&(0x7f0000001ac0)="7db771a59e68f1624f722f1674f72b830aa69ddee8462c02358b1a89d6ddaf12af4bd6e6b5", 0x25}, {&(0x7f0000001b00)="28420f03d0317ecce36bb6ceb2b3f7041ca6051ebebc9c2ec4a76728099f53713509388341be2f0c371357fa98324e4e5a9ae90924b790569a010ca2f8d8213c2d3d110de21cf99fed280cbfcbbebc93e3ccce5a86826c7c46db0d5ecb91bd8b5c46493c4c6ce6c256d7b7b955c31ebdd27a37f218d743387570aa6ba50098e9d28879375706e61379822eef25c4a1c7297043564f1562b750010067bacb7eeb427d657822a35c9378ba3bb89af0c256746ca783123f860a1260b9e7176b", 0xbe}], 0x2, &(0x7f0000001c00)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18, 0x4000801}], 0x4, 0x40000) [ 609.545333] CPU: 0 PID: 22844 Comm: syz-executor.3 Not tainted 4.14.138 #34 [ 609.552482] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 609.561840] Call Trace: [ 609.564449] dump_stack+0x138/0x19c [ 609.568089] should_fail.cold+0x10f/0x159 [ 609.572246] should_failslab+0xdb/0x130 [ 609.576312] kmem_cache_alloc+0x47/0x780 [ 609.580387] ? __lock_is_held+0xb6/0x140 [ 609.584449] ? check_preemption_disabled+0x3c/0x250 [ 609.589485] anon_vma_clone+0xde/0x470 [ 609.593385] anon_vma_fork+0x87/0x4d0 [ 609.597303] copy_process.part.0+0x45e2/0x6a00 [ 609.602001] ? __cleanup_sighand+0x50/0x50 [ 609.606239] ? lock_downgrade+0x6e0/0x6e0 [ 609.610396] _do_fork+0x19e/0xce0 [ 609.613858] ? fork_idle+0x280/0x280 [ 609.617584] ? fput+0xd4/0x150 [ 609.620775] ? SyS_write+0x15e/0x230 [ 609.624492] SyS_clone+0x37/0x50 [ 609.627875] ? sys_vfork+0x30/0x30 [ 609.631454] do_syscall_64+0x1e8/0x640 [ 609.635342] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 609.640201] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 609.645387] RIP: 0033:0x459829 [ 609.648573] RSP: 002b:00007f74f3dd6c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 609.656287] RAX: ffffffffffffffda RBX: 00007f74f3dd6c90 RCX: 0000000000459829 [ 609.663588] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 609.670856] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 609.678124] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f74f3dd76d4 [ 609.685399] R13: 00000000004bfce6 R14: 00000000004d1a38 R15: 0000000000000004 03:37:28 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x822102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg$netlink(0xffffffffffffffff, &(0x7f0000001dc0)={0x0, 0x0, &(0x7f00000000c0)=[{0x0, 0xfffffffffffffce2}, {0x0, 0x15e}, {0x0, 0x2c3}, {&(0x7f0000000000)=ANY=[@ANYBLOB="b803010000000020000000000000000000"], 0x9c}], 0x4}, 0x0) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x9, 0x1) tkill(r0, 0x4) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 03:37:28 executing program 5: syz_open_dev$sndtimer(&(0x7f0000000100)='/dev/snd/timer\x00', 0x0, 0xc2) r0 = memfd_create(&(0x7f0000000040)='\x00\xac=\x9d\xd2\xdb\xe6\xbf\xb4\b\xedcJ\x8e\x84\xd4N\x12\x9b\x1f\t\xbd\x11+\x86T\x16\xa3\xb3\xae0\x9f9?\xefo\xa4k\x012>\xa1\x9c\x86x\x1c\x9f\x84\x195\xde\x97_\t~\xf3Y\x12\"p^\xc1\x0f', 0x0) pipe2(&(0x7f00000001c0)={0xffffffffffffffff}, 0x80000) syz_genetlink_get_family_id$tipc2(&(0x7f0000000240)='TIPCv2\x00') sendmsg$TIPC_NL_PUBL_GET(r1, &(0x7f00000004c0)={&(0x7f0000000200), 0xc, &(0x7f0000000400)={&(0x7f0000000700)=ANY=[@ANYBLOB="f800b900ee6059aa5bf14ff6a69df6cf78598587885cc2979be4d33804ce45cf25a023e9d85b90b16d1c4f676e9d8d20b58f8357894ddc76b8621dbea8fcf60e000000000000beb107743e7f8356bb1b4c0de66bec6f53d13682abef3e61e52e81ef49b7430113f3811d3f04cf033549732f89d78a64aad3db174f0fa25aae831eb197865d", @ANYRES16, @ANYBLOB="00012abd7000fedbdf25070000002400020008000100a400000008000100800000000800010000000000080001000600000068000100080003000000000008000300ff000000380004001400010002004e20e00000020000000000000000200002000a00000000000005ff010000000000000000000000000001060000000c00020008000300f7e50000100001007564703a73797a3100000000140009000800010002000000080002005f03000020000200080002003200000004000400080001000500000008000100fdffffff24000900080001000400000008000200348bffff08000100020000000800010000000100d38e0166af14aef0fed3fe37ccb98b8e1d618758710bcc343515620b7485b2e5d34afd97798864139f9bd4a82584dd5fa513b207b6aed55e6fa9e1a400b4c5cfda809f61fa901ac4e4a13376e03f6d591f4663839b5b00066e998ace"], 0xf8}, 0x1, 0x0, 0x0, 0x40000}, 0x20004010) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='Cpuacct.stE\xae\x00', 0x275a, 0x0) r2 = creat(&(0x7f0000000080)='./bus\x00', 0x0) fallocate(r2, 0x0, 0x0, 0x1) read$eventfd(r2, &(0x7f00000003c0), 0x8) fallocate(r0, 0xe, 0x6, 0xffffffffffff5a11) r3 = creat(&(0x7f0000000280)='./bus\x00', 0x80) r4 = socket$inet6(0xa, 0x400000000001, 0x0) r5 = fcntl$getown(r3, 0x9) capget(&(0x7f00000000c0)={0x20080522, r5}, &(0x7f0000000140)={0x1, 0x8000, 0x81, 0x40, 0xfffffffff0520d4f, 0x5}) r6 = dup(r4) ioctl$FICLONE(0xffffffffffffffff, 0x40049409, r4) setsockopt$inet6_tcp_int(r6, 0x6, 0x12, &(0x7f0000000000)=0x7f, 0x4) bind$inet6(r4, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r4, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$SO_BINDTODEVICE(r4, 0x1, 0x19, &(0x7f0000000180)='syz_tun\x00', 0x10) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x400}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r7 = open(&(0x7f0000000440)='./bus\x00', 0x141042, 0x0) ftruncate(r3, 0x800fe) sendfile(r6, r7, 0x0, 0x8000fffffffe) 03:37:28 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x100000002, &(0x7f0000000200)="11dca50d5e0bcfe47bf070") mkdir(&(0x7f00000001c0)='./file0\x00', 0x0) mkdir(&(0x7f0000000040)='./file1\x00', 0x0) mount$overlay(0x40000a, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='overlay\x00', 0x0, &(0x7f0000000100)={[{@upperdir={'upperdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './file1'}, 0x5c}], [], 0xf603000000000000}) 03:37:28 executing program 0: prctl$PR_CAPBSET_READ(0x17, 0x25) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000940)='comm\x00') exit(0x0) fremovexattr(r0, &(0x7f0000000000)=@random={'user.', 'comm\x00'}) fcntl$F_GET_FILE_RW_HINT(r0, 0x40d, &(0x7f0000000040)) [ 609.770794] x86/PAT: syz-executor.3:22867 freeing invalid memtype [mem 0x00002000-0x00002fff] 03:37:28 executing program 3 (fault-call:6 fault-nth:36): mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000200)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000003c0)='./file0\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffe000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) 03:37:28 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x822102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$selinux_validatetrans(0xffffffffffffff9c, &(0x7f0000000100)='/selinux/validatetrans\x00', 0x1, 0x0) fsync(r0) sendmsg$netlink(0xffffffffffffffff, &(0x7f0000001dc0)={0x0, 0x0, &(0x7f00000000c0)=[{0x0, 0xfffffffffffffce2}, {0x0, 0x15e}, {0x0, 0x2c3}, {&(0x7f0000000000)=ANY=[@ANYBLOB="b803010000000020000000000000000000"], 0x9c}], 0x4}, 0x0) r1 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x4) r2 = openat$null(0xffffffffffffff9c, &(0x7f0000000040)='/dev/null\x00', 0x101000, 0x0) ioctl$TCGETS2(r2, 0x802c542a, &(0x7f0000000080)) ptrace$cont(0x18, r1, 0x0, 0x0) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r1, 0x0, 0x0) [ 609.935571] overlayfs: filesystem on './file0' not supported as upperdir [ 610.015237] FAULT_INJECTION: forcing a failure. [ 610.015237] name failslab, interval 1, probability 0, space 0, times 0 [ 610.065046] CPU: 0 PID: 22885 Comm: syz-executor.3 Not tainted 4.14.138 #34 [ 610.072195] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 610.081568] Call Trace: [ 610.084168] dump_stack+0x138/0x19c [ 610.087811] should_fail.cold+0x10f/0x159 [ 610.091967] should_failslab+0xdb/0x130 [ 610.095947] kmem_cache_alloc+0x47/0x780 [ 610.100018] ? __lock_is_held+0xb6/0x140 [ 610.104080] ? check_preemption_disabled+0x3c/0x250 [ 610.109099] anon_vma_clone+0xde/0x470 [ 610.113002] anon_vma_fork+0x87/0x4d0 [ 610.116821] copy_process.part.0+0x45e2/0x6a00 [ 610.121458] ? __cleanup_sighand+0x50/0x50 [ 610.125697] ? lock_downgrade+0x6e0/0x6e0 [ 610.129853] _do_fork+0x19e/0xce0 [ 610.133313] ? fork_idle+0x280/0x280 [ 610.137043] ? fput+0xd4/0x150 [ 610.140238] ? SyS_write+0x15e/0x230 [ 610.143963] SyS_clone+0x37/0x50 [ 610.147329] ? sys_vfork+0x30/0x30 [ 610.150969] do_syscall_64+0x1e8/0x640 [ 610.154858] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 610.154876] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 610.164880] RIP: 0033:0x459829 [ 610.164886] RSP: 002b:00007f74f3dd6c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 610.164895] RAX: ffffffffffffffda RBX: 00007f74f3dd6c90 RCX: 0000000000459829 [ 610.164900] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 610.164905] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 610.164910] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f74f3dd76d4 [ 610.164915] R13: 00000000004bfce6 R14: 00000000004d1a38 R15: 0000000000000004 03:37:29 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet(0x2, 0x4000000000000001, 0x0) prctl$PR_GET_SPECULATION_CTRL(0x34, 0x0, 0x2) setsockopt$inet_IP_XFRM_POLICY(r2, 0x0, 0x11, &(0x7f0000000480)={{{@in=@dev, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0x2}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@broadcast, 0x0, 0x3c}, 0x0, @in=@initdev}}, 0xe8) dup2(r0, r2) 03:37:29 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x822102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg$netlink(0xffffffffffffffff, &(0x7f0000001dc0)={0x0, 0x0, &(0x7f00000000c0)=[{0x0, 0xfffffffffffffce2}, {0x0, 0x15e}, {0x0, 0x2c3}, {&(0x7f0000000000)=ANY=[@ANYBLOB="b803010000000020000000000000000000"], 0x9c}], 0x4}, 0x0) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x4) r1 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000040)='/dev/cachefiles\x00', 0x22822e74eaa6c1b2, 0x0) ioctl$RTC_VL_READ(r1, 0x80047013, &(0x7f0000000080)) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 03:37:29 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca50d5e0bcfe47bf070") mkdir(&(0x7f0000000980)='./file0\x00', 0x8) mkdir(&(0x7f0000000040)='./file1\x00', 0x0) r1 = syz_open_dev$adsp(&(0x7f0000000080)='/dev/adsp#\x00', 0x32b2, 0x40000) sendmsg$kcm(r1, &(0x7f0000000940)={&(0x7f0000000140)=@l2={0x1f, 0x81, {0x4, 0x3, 0xadbd, 0x40, 0x1, 0x7}, 0x8, 0x7}, 0x80, &(0x7f0000000480)=[{&(0x7f0000000280)="925f1fb7408f7cf6967326db8ed1a5fefd2fa48464ba735ce4cbb3ca6f57541e97c50c055f5e0ccc1ec66a9c6e28b28eefbe07b4320fca2c5e43127e6de8a8ec58851ae8a836ca500bf8aa01a20016a5756fd9083eb8e1c83f97a7941a9a4440935386d069ef10bf8c02db739739c50b40e1daaeecef7af76e0bc2eb5c2f08ea0072049d188af887ddaf601d3ee72425157c037cb43d58bc0c56ceb2133750263144f54f2c70f362fc2d0d3c539611e3ac4621d3a7febcbd3818689b7d6695f4d9fd660bf7061f89553cbd19ca17d94d6356ad6dd72f8d1705b33698bff95597d3baf59222420583ab", 0xe9}, {&(0x7f0000000380)="4996117caafdcb655dca15e17acc81e33182d3e96fc5cb23201041e282fac10fcc27345845666a74bb1670bcee234f8d22628c97e3115b53bb79ce3d106bfe801f864914d1d4a0a1d8d7028ee2cfa9ff7b3cdc2f4025afdc717296e3a71673af615f31e92a973b9310f1dcf9d45ccb0e8da6c656606014ff44cd3b057d93570880c9ae66070bb4c977a37dfdb8bd1252ca54bf7e28e55ac16b79810f79de6c4eeacdcc539c7908e9fff406fa59c214b6ae4897cd069a18b15baaab99bd881fbb1ce1", 0xc2}], 0x2, &(0x7f00000004c0)=[{0xc0, 0x10a, 0x5caa, "f7ca4464cd97f9f368dae375b21bdeb103f9c0f21dd3d344e34d81ace02b8e36109e806d34eabaa49e7907c35ee67dd7db3fd2b20b51e197afe73b77a3cecfbc23543989851a81cdaac55b0c6ae07a64276e6e6824ff146b05b427c619c2bc170e844e939444cf17198dd17f338567df50829f447a4f92704be3f5250837f59aaecace6dcbfce1581739eacbd8ab08db16d7b2a0aaa37a72d8beca277d782b6949c4494a4f7c238de872"}, {0x98, 0x10a, 0x4, "05e479b9b72a1fd1315ec660d5e7452b14101327836f9bc4235a807a7ce3ae3c2f998dd036a6df538b5dd93693b925d8b662b11fc94412f304c4b6b6c5ee0c3ddfa357693d73ea30651d3a566121159c6b3933943396ecb76c126d3664b638ab1f13b98673ebd6e5a6610e4ae79b046bc590365ecbccc1fce1c91f13b25b261b83eae9281360"}, {0xd8, 0x0, 0x100000001, "0237c1d5faab1448b4f665e0a0cf9b5a5d2d193e8ae2ddc4a8e8460f58016bd4731b0533f45bf1e4e0e4da966472dafc016b735c2e1e400818f37fbd77243d94d69d9298f3f7269ae752cd061658c899d229c6f73a91066caf092ddcc5869c7ec3cbb3bc555ab98b36499f5fc28e2ab3be0b929349d696bc885abc6cc988d5e1599ff287f53a8bcfb17d4caaeab91accb6e8ea2a11526a6e22d5bd57ac23d4ec0c0b0066194ef5c63bbe39677de4bd144a73a2fcc3196ebf12515d7c1c4e6c52dfe824a443f07e87"}, {0x48, 0x1ad, 0x6, "4faacabedcc1f5e2de1d06e07e33088364b552f44cdc173a377d73ae8f2a64c6268311977868aa8062c034344693d4ac1d"}, {0x88, 0x103, 0x8, "4e6c250e218a8a4beb4553a15cabe43469f2572181186d588fe086994a0919f488a84660e9807507d10f6e1aeb35e4e00ee6bb0f11d636e19eef95cb5afc49d748e5b834417f2f6eca68b60ff05b4fe24eb454f671bc969e704d296d554a33eec17dd736b9707c20d34ef361aee31022bef88d22ac"}, {0x40, 0x10d, 0x1, "eb103d6aeb5f9307a617fa74b826e5c898410263fc1d43192bb1d42e5ec37e8f867dd825e375723e6628822cc62e0d91"}, {0x108, 0xff, 0x2, "830240a25450cb999f4ec31421dc4ece74eb49f33d31635d3446adf572054b3959a4a41f0eb793b1b5d9e8d6f0132c2adf953d13eedf25ce596f76b92b48c74e3e56b6be42648b9e8306bedc835129e8f474b5b250ae810059a40e42f65e587bb757955603472279cb0c58fe13ba9e2b6d354e74de84bf06122dab7d57d1f0222176115068caf70ece70bca50c57100d62c9678112d980a78d2eed947723c1ce97afc0f7a9407ccd9280549a5a46589439c656b60761dd830b2b14626001b7298ac620be0d232a6bea51ca61246dbcc1adb0322dfca3edc2840435918547e6d4ad2e533d52f90e8f8f7b946968cd4c4708765a"}, {0x10, 0x29, 0x1}], 0x458}, 0x4000) ioctl$KVM_GET_ONE_REG(r1, 0x4010aeab, &(0x7f0000000100)={0x401, 0x7ff}) mount$overlay(0x40000a, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='overlay\x00', 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="75707025726469723d2e2f66698565302c6c6f7765726469723d2e2f66696c65302c776f726b6469723d2e3987696c65315c00559109afa8e1859baddef56d40017cc9ed6acd4af8bf37e314af053461b8b2a8ef615760b960b87a929d"]) 03:37:29 executing program 5: syz_open_dev$sndtimer(&(0x7f0000000100)='/dev/snd/timer\x00', 0x0, 0xc2) r0 = memfd_create(&(0x7f0000000040)='\x00\xac=\x9d\xd2\xdb\xe6\xbf\xb4\b\xedcJ\x8e\x84\xd4N\x12\x9b\x1f\t\xbd\x11+\x86T\x16\xa3\xb3\xae0\x9f9?\xefo\xa4k\x012>\xa1\x9c\x86x\x1c\x9f\x84\x195\xde\x97_\t~\xf3Y\x12\"p^\xc1\x0f', 0x0) pipe2(&(0x7f00000001c0)={0xffffffffffffffff}, 0x80000) syz_genetlink_get_family_id$tipc2(&(0x7f0000000240)='TIPCv2\x00') sendmsg$TIPC_NL_PUBL_GET(r1, &(0x7f00000004c0)={&(0x7f0000000200), 0xc, &(0x7f0000000400)={&(0x7f0000000700)=ANY=[@ANYBLOB="f800b900ee6059aa5bf14ff6a69df6cf78598587885cc2979be4d33804ce45cf25a023e9d85b90b16d1c4f676e9d8d20b58f8357894ddc76b8621dbea8fcf60e000000000000beb107743e7f8356bb1b4c0de66bec6f53d13682abef3e61e52e81ef49b7430113f3811d3f04cf033549732f89d78a64aad3db174f0fa25aae831eb197865d", @ANYRES16, @ANYBLOB="00012abd7000fedbdf25070000002400020008000100a400000008000100800000000800010000000000080001000600000068000100080003000000000008000300ff000000380004001400010002004e20e00000020000000000000000200002000a00000000000005ff010000000000000000000000000001060000000c00020008000300f7e50000100001007564703a73797a3100000000140009000800010002000000080002005f03000020000200080002003200000004000400080001000500000008000100fdffffff24000900080001000400000008000200348bffff08000100020000000800010000000100d38e0166af14aef0fed3fe37ccb98b8e1d618758710bcc343515620b7485b2e5d34afd97798864139f9bd4a82584dd5fa513b207b6aed55e6fa9e1a400b4c5cfda809f61fa901ac4e4a13376e03f6d591f4663839b5b00066e998ace"], 0xf8}, 0x1, 0x0, 0x0, 0x40000}, 0x20004010) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='Cpuacct.stE\xae\x00', 0x275a, 0x0) r2 = creat(&(0x7f0000000080)='./bus\x00', 0x0) fallocate(r2, 0x0, 0x0, 0x1) read$eventfd(r2, &(0x7f00000003c0), 0x8) fallocate(r0, 0xe, 0x6, 0xffffffffffff5a11) r3 = creat(&(0x7f0000000280)='./bus\x00', 0x80) r4 = socket$inet6(0xa, 0x400000000001, 0x0) r5 = fcntl$getown(r3, 0x9) capget(&(0x7f00000000c0)={0x20080522, r5}, &(0x7f0000000140)={0x1, 0x8000, 0x81, 0x40, 0xfffffffff0520d4f, 0x5}) r6 = dup(r4) ioctl$FICLONE(0xffffffffffffffff, 0x40049409, r4) setsockopt$inet6_tcp_int(r6, 0x6, 0x12, &(0x7f0000000000)=0x7f, 0x4) bind$inet6(r4, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r4, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$SO_BINDTODEVICE(r4, 0x1, 0x19, &(0x7f0000000180)='syz_tun\x00', 0x10) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x400}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r7 = open(&(0x7f0000000440)='./bus\x00', 0x141042, 0x0) ftruncate(r3, 0x800fe) sendfile(r6, r7, 0x0, 0x8000fffffffe) [ 610.309338] overlayfs: unrecognized mount option "upp%rdir=./fie0" or missing value [ 610.310116] net_ratelimit: 21 callbacks suppressed [ 610.310121] protocol 88fb is buggy, dev hsr_slave_0 [ 610.327365] protocol 88fb is buggy, dev hsr_slave_1 03:37:29 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca50d5e0bcfe47bf070") ioctl$FS_IOC_MEASURE_VERITY(r0, 0xc0046686, &(0x7f0000000200)=ANY=[@ANYBLOB="0600db00089005c8790c1ac29418ce27dd9d2bd265925c7afb283953c7ca1c88e5783e9924cb5aa42310214cb042c6f63d64f1f02de8bb9ed502855f58118af3b90cb43b1a719a36b25de4c655814e710d5107067b43a86ccce88c14e96ad8542f8fef4a58cda1d8d2859d10ff8ec817b9387fbe76632b4294f4609b989d4fabeeac2a3bcdf2de43df4a3eb0a83e6d8ca11c33706fd214bfab01ccf3de3a7dc088ac001303881caafa0a76e25b22040433a35ceefdf5c5097d368c074d05004b1132dab6f7ba9d52aa488c5a5e80fcb3"]) mkdir(&(0x7f00000001c0)='./file0\x00', 0x321a4e8c12b6f21d) mkdir(&(0x7f0000000040)='./file1\x00', 0x0) mount$overlay(0x40000a, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='overlay\x00', 0x0, &(0x7f0000000100)={[{@upperdir={'upperdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './file1'}, 0x5c}], [], 0xf603000000000000}) 03:37:29 executing program 3 (fault-call:6 fault-nth:37): mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000200)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000003c0)='./file0\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffe000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) 03:37:29 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x40000000, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg$netlink(0xffffffffffffffff, &(0x7f0000001dc0)={0x0, 0x0, &(0x7f00000000c0)=[{0x0, 0xfffffffffffffce2}, {0x0, 0x15e}, {0x0, 0x2c3}, {&(0x7f0000000000)=ANY=[@ANYBLOB="b803010000000020000000000000000000"], 0x9c}], 0x4}, 0x0) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0xfffffffffffffffd, 0x0) tkill(r0, 0x4) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) [ 610.395881] x86/PAT: syz-executor.3:22908 freeing invalid memtype [mem 0x00002000-0x00002fff] 03:37:29 executing program 1: r0 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) write$P9_RAUTH(r0, &(0x7f0000000040)={0x14, 0x67, 0x2, {0x0, 0x4, 0x3}}, 0x14) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r1, &(0x7f0000ef8cfd)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) listen(r1, 0x8) r2 = socket$inet6_sctp(0xa, 0x5, 0x84) r3 = accept4(r1, 0x0, 0x0, 0x0) clock_gettime(0x0, &(0x7f0000000080)={0x0, 0x0}) ioctl$SNDRV_CTL_IOCTL_ELEM_READ(r0, 0xc4c85512, &(0x7f0000000180)={{0x8, 0x2, 0x0, 0x8, '\x00', 0x9}, 0x1, [0xffff, 0x100, 0xd9, 0x80000001, 0x5c15, 0x6647, 0x9, 0x1f, 0x7, 0x100000001, 0x40, 0x2, 0x2, 0x2, 0x8, 0x2, 0x9, 0xc241, 0x6, 0xff, 0x9, 0x2, 0x0, 0x6, 0x3, 0x10001, 0x6, 0x6, 0x80000000, 0x0, 0x7fff, 0x0, 0xffffffffffffff98, 0x5, 0x9b6, 0x80, 0x6, 0x7, 0x30, 0x1, 0x4, 0x3, 0x9b, 0x7f, 0xfff, 0x1, 0x7, 0x1, 0x400e3930, 0xc4a, 0x8000000000, 0x0, 0x81, 0xa6, 0x0, 0x6, 0x5, 0xf80, 0x0, 0x9, 0x6, 0x800, 0x200, 0x5, 0x100000001, 0xe5b, 0x7c, 0x7fff, 0xffffffffffffffff, 0x5, 0x20, 0x0, 0x3, 0x0, 0x9, 0x4, 0x5, 0x4, 0x101, 0xbcf1, 0x8000, 0x0, 0x34e8557f, 0x6, 0x0, 0xfffffffffffff800, 0x80000001, 0x5, 0x4, 0x3, 0x1, 0x101, 0x2, 0x800, 0x3f, 0x100000001, 0x1, 0x71a4, 0x1, 0x913f, 0x4, 0x7, 0x9, 0x0, 0x2, 0x2cf, 0x76, 0x9, 0x2, 0x3, 0x4, 0x800, 0x3f, 0x7, 0x5, 0x0, 0x6, 0x8, 0x7, 0x3, 0x100, 0xffffffffffffffff, 0xff, 0xffffffffffff8000, 0x200, 0x50, 0xfff, 0x7], {r4, r5+30000000}}) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r2, 0x84, 0x6b, &(0x7f000055bfe4)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c) setsockopt$inet_sctp6_SCTP_DISABLE_FRAGMENTS(r2, 0x84, 0x8, 0x0, 0x0) write$binfmt_elf32(r3, &(0x7f0000006c40)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x38}, [{}]}, 0x58) r6 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_PROT_MASK(r6, 0x40087705, &(0x7f0000000140)) 03:37:29 executing program 2: r0 = socket$pppoe(0x18, 0x1, 0x0) getsockopt$bt_hci(r0, 0x0, 0x1, &(0x7f0000000240)=""/175, &(0x7f0000000300)=0xaf) r1 = socket$inet_udplite(0x2, 0x2, 0x88) mkdir(&(0x7f0000000200)='./file1\x00', 0x108) ioctl(r1, 0x1000008912, &(0x7f0000000000)="11dca50d5e0bcfe47bf070") mkdir(&(0x7f00000001c0)='./file0\x00', 0x0) r2 = openat$full(0xffffffffffffff9c, &(0x7f0000000080)='/dev/full\x00', 0x280040, 0x0) accept4$llc(r2, &(0x7f0000000140)={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @random}, &(0x7f0000000180)=0x10, 0x800) mkdir(&(0x7f0000000040)='./file1\x00', 0x0) mount$overlay(0x40000a, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='overlay\x00', 0x0, &(0x7f0000000100)={[{@upperdir={'upperdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './file1'}, 0x5c}], [], 0xf603000000000000}) [ 610.573074] FAULT_INJECTION: forcing a failure. [ 610.573074] name failslab, interval 1, probability 0, space 0, times 0 [ 610.623780] CPU: 0 PID: 22920 Comm: syz-executor.3 Not tainted 4.14.138 #34 [ 610.630954] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 610.640310] Call Trace: [ 610.642920] dump_stack+0x138/0x19c [ 610.646561] should_fail.cold+0x10f/0x159 [ 610.650716] ? anon_vma_clone+0xde/0x470 [ 610.654783] should_failslab+0xdb/0x130 [ 610.658769] kmem_cache_alloc+0x47/0x780 [ 610.662838] ? anon_vma_chain_link+0x142/0x1a0 [ 610.667429] anon_vma_clone+0xde/0x470 [ 610.671319] anon_vma_fork+0x87/0x4d0 [ 610.675134] copy_process.part.0+0x45e2/0x6a00 [ 610.679733] ? __cleanup_sighand+0x50/0x50 [ 610.683968] ? lock_downgrade+0x6e0/0x6e0 [ 610.688124] _do_fork+0x19e/0xce0 [ 610.691585] ? fork_idle+0x280/0x280 [ 610.695335] ? fput+0xd4/0x150 [ 610.698539] ? SyS_write+0x15e/0x230 [ 610.702267] SyS_clone+0x37/0x50 [ 610.705632] ? sys_vfork+0x30/0x30 [ 610.709174] do_syscall_64+0x1e8/0x640 [ 610.713071] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 610.717934] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 610.723120] RIP: 0033:0x459829 [ 610.726302] RSP: 002b:00007f74f3dd6c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 610.734009] RAX: ffffffffffffffda RBX: 00007f74f3dd6c90 RCX: 0000000000459829 [ 610.741278] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 610.748542] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 610.755811] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f74f3dd76d4 [ 610.763083] R13: 00000000004bfce6 R14: 00000000004d1a38 R15: 0000000000000004 [ 610.770674] protocol 88fb is buggy, dev hsr_slave_0 [ 610.775749] protocol 88fb is buggy, dev hsr_slave_1 03:37:29 executing program 0: socket$inet_udplite(0x2, 0x2, 0x88) r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bind$inet(r1, &(0x7f00000001c0)={0x2, 0x10000000000, @local}, 0x10) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, &(0x7f0000000140)=0xffffffffff7ffffd, 0x4) ioctl$sock_inet_tcp_SIOCOUTQ(0xffffffffffffffff, 0x5411, &(0x7f0000000340)) connect$inet(r1, &(0x7f00000002c0)={0x2, 0x4e22, @multicast2}, 0xffffffffffffff90) ioctl$sock_inet_SIOCADDRT(r2, 0x890b, &(0x7f0000000080)={0x750, {0x2, 0x0, @dev}, {0x2, 0x0, @remote}, {0x2, 0x4c20, @broadcast}, 0x0, 0x0, 0x2, 0x46a, 0x0, 0x0, 0xfffffffffffffffe}) sendmmsg(r3, &(0x7f0000003740), 0x400031b, 0xfffffffffffffffd) listen(r1, 0x0) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000200)) ioctl$SNDRV_TIMER_IOCTL_STOP(0xffffffffffffffff, 0x54a1) ioctl$KDDELIO(r2, 0x4b35, 0x0) sendmsg$key(0xffffffffffffffff, 0x0, 0x0) r4 = socket$key(0xf, 0x3, 0x2) unshare(0x60000000) socket$inet_tcp(0x2, 0x1, 0x0) sendmmsg(r0, 0x0, 0x0, 0x0) ioctl$sock_SIOCGSKNS(r1, 0x894c, 0x0) mmap(&(0x7f0000000000/0xa000)=nil, 0xa000, 0x0, 0x2172, 0xffffffffffffffff, 0x0) syncfs(0xffffffffffffffff) mprotect(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x1000004) fsetxattr(r4, &(0x7f0000000400)=ANY=[@ANYBLOB="757165092e966e85da616d730ab298e8559c000000008b1f990ec2a8c4591a2a980af1d2814495a0e2e0ac20b9e7121d92fd75c2ea016436c7f4886668213129585be5ed9907cb2b38808cb47ff53b1860ffff69ceec627b89c96364f0264c2a4d81d886362715f6c2a0b41b2d473dc5ee3afb0950880d7baf0d084b943ae19cc0f4811c9c9a2fddde95c347235ba199d800c36d6c7e1ab65c54294bb407000000a868dce5b528807cfca4c9faeab76349baa245854a01eaf58d206fc6f439daba62cbc279ad719a2fa82e1f1b39bf833ccb8dda8ab9abe080d5c5736a76fe"], 0x0, 0x0, 0x3) connect$inet(r2, &(0x7f00000003c0)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0xd}}, 0xffffff38) sched_setaffinity(0x0, 0x8, &(0x7f0000000500)=0x8) setsockopt$IP_VS_SO_SET_TIMEOUT(0xffffffffffffffff, 0x0, 0x48a, &(0x7f0000000100), 0xc) socket$inet_udplite(0x2, 0x2, 0x88) 03:37:29 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca50d5e0bcfe47bf070") getsockopt$IP_VS_SO_GET_SERVICE(r0, 0x0, 0x483, &(0x7f0000000140), &(0x7f0000000080)=0x68) mkdir(&(0x7f00000001c0)='./file0\x00', 0x0) mkdir(&(0x7f0000000340)='./file1\x00', 0x0) mount$overlay(0x40000a, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='overlay\x00', 0x0, &(0x7f0000000100)={[{@upperdir={'upperdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './file1'}, 0x5c}], [], 0xf603000000000000}) r1 = openat(0xffffffffffffff9c, &(0x7f0000000200)='./file1\x00', 0x210080, 0x10) getsockopt$bt_sco_SCO_OPTIONS(r1, 0x11, 0x1, &(0x7f0000000240)=""/148, &(0x7f0000000300)=0x94) prctl$PR_GET_TIMERSLACK(0x1e) 03:37:29 executing program 5: syz_open_dev$sndtimer(&(0x7f0000000100)='/dev/snd/timer\x00', 0x0, 0xc2) r0 = memfd_create(&(0x7f0000000040)='\x00\xac=\x9d\xd2\xdb\xe6\xbf\xb4\b\xedcJ\x8e\x84\xd4N\x12\x9b\x1f\t\xbd\x11+\x86T\x16\xa3\xb3\xae0\x9f9?\xefo\xa4k\x012>\xa1\x9c\x86x\x1c\x9f\x84\x195\xde\x97_\t~\xf3Y\x12\"p^\xc1\x0f', 0x0) pipe2(&(0x7f00000001c0)={0xffffffffffffffff}, 0x80000) syz_genetlink_get_family_id$tipc2(&(0x7f0000000240)='TIPCv2\x00') sendmsg$TIPC_NL_PUBL_GET(r1, &(0x7f00000004c0)={&(0x7f0000000200), 0xc, &(0x7f0000000400)={&(0x7f0000000700)=ANY=[@ANYBLOB="f800b900ee6059aa5bf14ff6a69df6cf78598587885cc2979be4d33804ce45cf25a023e9d85b90b16d1c4f676e9d8d20b58f8357894ddc76b8621dbea8fcf60e000000000000beb107743e7f8356bb1b4c0de66bec6f53d13682abef3e61e52e81ef49b7430113f3811d3f04cf033549732f89d78a64aad3db174f0fa25aae831eb197865d", @ANYRES16, @ANYBLOB="00012abd7000fedbdf25070000002400020008000100a400000008000100800000000800010000000000080001000600000068000100080003000000000008000300ff000000380004001400010002004e20e00000020000000000000000200002000a00000000000005ff010000000000000000000000000001060000000c00020008000300f7e50000100001007564703a73797a3100000000140009000800010002000000080002005f03000020000200080002003200000004000400080001000500000008000100fdffffff24000900080001000400000008000200348bffff08000100020000000800010000000100d38e0166af14aef0fed3fe37ccb98b8e1d618758710bcc343515620b7485b2e5d34afd97798864139f9bd4a82584dd5fa513b207b6aed55e6fa9e1a400b4c5cfda809f61fa901ac4e4a13376e03f6d591f4663839b5b00066e998ace"], 0xf8}, 0x1, 0x0, 0x0, 0x40000}, 0x20004010) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='Cpuacct.stE\xae\x00', 0x275a, 0x0) r2 = creat(&(0x7f0000000080)='./bus\x00', 0x0) fallocate(r2, 0x0, 0x0, 0x1) read$eventfd(r2, &(0x7f00000003c0), 0x8) fallocate(r0, 0xe, 0x6, 0xffffffffffff5a11) r3 = creat(&(0x7f0000000280)='./bus\x00', 0x80) r4 = socket$inet6(0xa, 0x400000000001, 0x0) r5 = fcntl$getown(r3, 0x9) capget(&(0x7f00000000c0)={0x20080522, r5}, &(0x7f0000000140)={0x1, 0x8000, 0x81, 0x40, 0xfffffffff0520d4f, 0x5}) r6 = dup(r4) ioctl$FICLONE(0xffffffffffffffff, 0x40049409, r4) setsockopt$inet6_tcp_int(r6, 0x6, 0x12, &(0x7f0000000000)=0x7f, 0x4) bind$inet6(r4, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r4, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$SO_BINDTODEVICE(r4, 0x1, 0x19, &(0x7f0000000180)='syz_tun\x00', 0x10) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x400}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r7 = open(&(0x7f0000000440)='./bus\x00', 0x141042, 0x0) ftruncate(r3, 0x800fe) sendfile(r6, r7, 0x0, 0x8000fffffffe) 03:37:29 executing program 3 (fault-call:6 fault-nth:38): mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000200)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000003c0)='./file0\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffe000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) [ 610.819134] x86/PAT: syz-executor.3:22930 freeing invalid memtype [mem 0x00002000-0x00002fff] [ 610.936011] FAULT_INJECTION: forcing a failure. [ 610.936011] name failslab, interval 1, probability 0, space 0, times 0 [ 610.950141] protocol 88fb is buggy, dev hsr_slave_0 [ 610.955301] protocol 88fb is buggy, dev hsr_slave_1 [ 610.955608] overlayfs: filesystem on './file0' not supported as upperdir [ 610.960461] protocol 88fb is buggy, dev hsr_slave_0 [ 610.972399] protocol 88fb is buggy, dev hsr_slave_1 [ 610.979532] IPVS: ftp: loaded support on port[0] = 21 [ 611.025510] CPU: 0 PID: 22940 Comm: syz-executor.3 Not tainted 4.14.138 #34 [ 611.032653] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 611.042012] Call Trace: [ 611.044607] dump_stack+0x138/0x19c [ 611.048248] should_fail.cold+0x10f/0x159 [ 611.052407] should_failslab+0xdb/0x130 [ 611.056389] kmem_cache_alloc+0x2d7/0x780 [ 611.060538] ? anon_vma_clone+0x310/0x470 [ 611.064697] anon_vma_fork+0xe9/0x4d0 [ 611.068504] copy_process.part.0+0x45e2/0x6a00 [ 611.073112] ? __cleanup_sighand+0x50/0x50 [ 611.077361] ? lock_downgrade+0x6e0/0x6e0 [ 611.081526] _do_fork+0x19e/0xce0 [ 611.084989] ? fork_idle+0x280/0x280 [ 611.088721] ? fput+0xd4/0x150 [ 611.091923] ? SyS_write+0x15e/0x230 [ 611.095646] SyS_clone+0x37/0x50 [ 611.099010] ? sys_vfork+0x30/0x30 [ 611.102555] do_syscall_64+0x1e8/0x640 [ 611.106439] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 611.111295] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 611.116482] RIP: 0033:0x459829 03:37:30 executing program 2: fstat(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x0}) r1 = getuid() lstat(&(0x7f0000000180)='./file0\x00', &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0}) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000300)={0x0, 0x0}, &(0x7f0000000340)=0xc) stat(&(0x7f0000000380)='./file1\x00', &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0, 0x0}) r5 = geteuid() lstat(&(0x7f0000000440)='./file1\x00', &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) lstat(&(0x7f0000000500)='./file0\x00', &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) stat(&(0x7f00000005c0)='./file1\x00', &(0x7f0000000600)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) getgroups(0x6, &(0x7f0000000680)=[0x0, 0xee00, 0x0, 0x0, 0xffffffffffffffff, 0x0]) r10 = syz_open_dev$admmidi(&(0x7f00000007c0)='/dev/admmidi#\x00', 0x54, 0x0) sendmsg$nl_crypto(r10, &(0x7f00000009c0)={&(0x7f0000000800)={0x10, 0x0, 0x0, 0x10800010}, 0xc, &(0x7f0000000980)={&(0x7f0000000840)=@get={0x118, 0x13, 0xa00, 0x70bd26, 0x25dfdbfb, {{'drbg_nopr_sha384\x00'}, [], [], 0x2000, 0x400}, [{0x8, 0x1, 0x3}, {0x8, 0x1, 0x1f}, {0x8, 0x1, 0x8}, {0x8, 0x1, 0x7ff}, {0x8, 0x1, 0xffffffffffffff7f}, {0x8, 0x1, 0x3}, {0x8, 0x1, 0xe433}]}, 0x118}, 0x1, 0x0, 0x0, 0x40}, 0x4008040) getgroups(0x6, &(0x7f00000006c0)=[0xffffffffffffffff, 0xee00, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0xffffffffffffffff]) r12 = getegid() lsetxattr$system_posix_acl(&(0x7f0000000080)='./file0\x00', &(0x7f0000000a00)='system.posix_acl_JR?\x92gdefault\x00`\xfb\x8b\xe3\x85R\x00\n*\x18h<\x81\xe7\xd79ya\xc3\x10\xa6$\x8bs\x01\x10\xa7F$)tO>GbR\xa7K\xf6N.I;SU*\x9e\xef\xa6 \xc3;\xfc\xe9\x8f\xae4\xfc5y\\%\x15G\x85\x9e(\x13\x0e\xe3\xe5\x1f\xf3\x95Wv{\"8\xd4z\xf5-\xbe\x85/\x1d \xb7q\x11]\x19g\xe8\x18.a{ac\x1b\xae\x7f\x16\x9cq\xc3\xdb\x97a\xf2\xcf\xdf\xe8,G\x00\xe1-*\x10\x10\\\xae\xcc\x04k\fl\xc4\xc6J\xe0 &\xda\x88\xe3\xf8\\|\x05U\x1c\xef2a\xbc(<\xa1\x9c\x86x\x1c\x9f\x84\x195\xde\x97_\t~\xf3Y\x12\"p^\xc1\x0f', 0x0) pipe2(&(0x7f00000001c0)={0xffffffffffffffff}, 0x80000) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000240)='TIPCv2\x00') sendmsg$TIPC_NL_PUBL_GET(r1, &(0x7f00000004c0)={&(0x7f0000000200), 0xc, &(0x7f0000000400)={&(0x7f0000000700)=ANY=[@ANYRES16=r2, @ANYBLOB="00012abd7000fedbdf25070000002400020008000100a400000008000100800000000800010000000000080001000600000068000100080003000000000008000300ff000000380004001400010002004e20e00000020000000000000000200002000a00000000000005ff010000000000000000000000000001060000000c00020008000300f7e50000100001007564703a73797a3100000000140009000800010002000000080002005f03000020000200080002003200000004000400080001000500000008000100fdffffff24000900080001000400000008000200348bffff08000100020000000800010000000100d38e0166af14aef0fed3fe37ccb98b8e1d618758710bcc343515620b7485b2e5d34afd97798864139f9bd4a82584dd5fa513b207b6aed55e6fa9e1a400b4c5cfda809f61fa901ac4e4a13376e03f6d591f4663839b5b00066e998ace"], 0x2}, 0x1, 0x0, 0x0, 0x40000}, 0x20004010) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='Cpuacct.stE\xae\x00', 0x275a, 0x0) r3 = creat(&(0x7f0000000080)='./bus\x00', 0x0) fallocate(r3, 0x0, 0x0, 0x1) read$eventfd(r3, &(0x7f00000003c0), 0x8) fallocate(r0, 0xe, 0x6, 0xffffffffffff5a11) r4 = creat(&(0x7f0000000280)='./bus\x00', 0x80) r5 = socket$inet6(0xa, 0x400000000001, 0x0) r6 = fcntl$getown(r4, 0x9) capget(&(0x7f00000000c0)={0x20080522, r6}, &(0x7f0000000140)={0x1, 0x8000, 0x81, 0x40, 0xfffffffff0520d4f, 0x5}) r7 = dup(r5) ioctl$FICLONE(0xffffffffffffffff, 0x40049409, r5) setsockopt$inet6_tcp_int(r7, 0x6, 0x12, &(0x7f0000000000)=0x7f, 0x4) bind$inet6(r5, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r5, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$SO_BINDTODEVICE(r5, 0x1, 0x19, &(0x7f0000000180)='syz_tun\x00', 0x10) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x400}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r8 = open(&(0x7f0000000440)='./bus\x00', 0x141042, 0x0) ftruncate(r4, 0x800fe) sendfile(r7, r8, 0x0, 0x8000fffffffe) [ 611.119667] RSP: 002b:00007f74f3dd6c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 611.127381] RAX: ffffffffffffffda RBX: 00007f74f3dd6c90 RCX: 0000000000459829 [ 611.134654] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 611.141925] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 611.149197] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f74f3dd76d4 [ 611.156472] R13: 00000000004bfce6 R14: 00000000004d1a38 R15: 0000000000000004 [ 611.299319] overlayfs: filesystem on './file0' not supported as upperdir 03:37:30 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca50d5e0bcfe47bf070") r1 = syz_open_dev$mice(&(0x7f0000000080)='/dev/input/mice\x00', 0x0, 0x2) ioctl$SIOCRSSCAUSE(r1, 0x89e1, &(0x7f0000000140)=0x7) mkdir(&(0x7f00000001c0)='./file0\x00', 0x0) mkdir(&(0x7f0000000040)='./file1\x00', 0x0) mount$overlay(0x40000a, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='overlay\x00', 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="08fdeb4d063cb9295a707065726469723d2e2f66696c652c6c6f7765726469723de5bc972acc0304b6776f7274"]) 03:37:30 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ptmx\x00', 0x1, 0x0) r1 = open(&(0x7f0000000100)='./file0\x00', 0x101000, 0x80) openat$cgroup(r1, &(0x7f0000000140)='syz0\x00', 0x200002, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)={0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0xb4}) r2 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f00000000c0)=0x3) setsockopt$inet_buf(r1, 0x0, 0x0, &(0x7f0000000180)="c8140e27cf99a3a3442d3e1d734bce32bad4fb1e5af3560d773fa5dc2717c54433980f8308f0f77f", 0x28) r3 = fcntl$dupfd(r0, 0x0, r2) write$cgroup_pid(r3, &(0x7f0000000000), 0x10040) ioctl$TCSETSF(r2, 0x5412, &(0x7f0000000380)={0x7e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x8, 0x1}) ioctl$SNDRV_CTL_IOCTL_ELEM_LIST(r1, 0xc0505510, &(0x7f0000000240)={0x1e65, 0x8, 0x5, 0x2, &(0x7f00000003c0)=[{}, {}, {}, {}, {}, {}, {}, {}]}) 03:37:30 executing program 5: syz_open_dev$sndtimer(&(0x7f0000000100)='/dev/snd/timer\x00', 0x0, 0xc2) r0 = memfd_create(&(0x7f0000000040)='\x00\xac=\x9d\xd2\xdb\xe6\xbf\xb4\b\xedcJ\x8e\x84\xd4N\x12\x9b\x1f\t\xbd\x11+\x86T\x16\xa3\xb3\xae0\x9f9?\xefo\xa4k\x012>\xa1\x9c\x86x\x1c\x9f\x84\x195\xde\x97_\t~\xf3Y\x12\"p^\xc1\x0f', 0x0) pipe2(&(0x7f00000001c0)={0xffffffffffffffff}, 0x80000) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000240)='TIPCv2\x00') sendmsg$TIPC_NL_PUBL_GET(r1, &(0x7f00000004c0)={&(0x7f0000000200), 0xc, &(0x7f0000000400)={&(0x7f0000000700)=ANY=[@ANYRES16=r2, @ANYBLOB="00012abd7000fedbdf25070000002400020008000100a400000008000100800000000800010000000000080001000600000068000100080003000000000008000300ff000000380004001400010002004e20e00000020000000000000000200002000a00000000000005ff010000000000000000000000000001060000000c00020008000300f7e50000100001007564703a73797a3100000000140009000800010002000000080002005f03000020000200080002003200000004000400080001000500000008000100fdffffff24000900080001000400000008000200348bffff08000100020000000800010000000100d38e0166af14aef0fed3fe37ccb98b8e1d618758710bcc343515620b7485b2e5d34afd97798864139f9bd4a82584dd5fa513b207b6aed55e6fa9e1a400b4c5cfda809f61fa901ac4e4a13376e03f6d591f4663839b5b00066e998ace"], 0x2}, 0x1, 0x0, 0x0, 0x40000}, 0x20004010) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='Cpuacct.stE\xae\x00', 0x275a, 0x0) r3 = creat(&(0x7f0000000080)='./bus\x00', 0x0) fallocate(r3, 0x0, 0x0, 0x1) read$eventfd(r3, &(0x7f00000003c0), 0x8) fallocate(r0, 0xe, 0x6, 0xffffffffffff5a11) r4 = creat(&(0x7f0000000280)='./bus\x00', 0x80) r5 = socket$inet6(0xa, 0x400000000001, 0x0) r6 = fcntl$getown(r4, 0x9) capget(&(0x7f00000000c0)={0x20080522, r6}, &(0x7f0000000140)={0x1, 0x8000, 0x81, 0x40, 0xfffffffff0520d4f, 0x5}) r7 = dup(r5) ioctl$FICLONE(0xffffffffffffffff, 0x40049409, r5) setsockopt$inet6_tcp_int(r7, 0x6, 0x12, &(0x7f0000000000)=0x7f, 0x4) bind$inet6(r5, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r5, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$SO_BINDTODEVICE(r5, 0x1, 0x19, &(0x7f0000000180)='syz_tun\x00', 0x10) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x400}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r8 = open(&(0x7f0000000440)='./bus\x00', 0x141042, 0x0) ftruncate(r4, 0x800fe) sendfile(r7, r8, 0x0, 0x8000fffffffe) [ 611.430130] protocol 88fb is buggy, dev hsr_slave_0 [ 611.435273] protocol 88fb is buggy, dev hsr_slave_1 [ 611.462660] x86/PAT: syz-executor.3:22936 freeing invalid memtype [mem 0x00002000-0x00002fff] [ 611.492996] overlayfs: unrecognized mount option "M<)Zpperdir=./file" or missing value [ 611.598118] overlayfs: unrecognized mount option "M<)Zpperdir=./file" or missing value 03:37:30 executing program 4: r0 = getpgid(0xffffffffffffffff) ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f0000000040)=0x0) prctl$PR_SET_PTRACER(0x59616d61, r1) clone(0x822102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg$netlink(0xffffffffffffffff, &(0x7f0000001dc0)={0x0, 0x0, &(0x7f00000000c0)=[{0x0, 0xfffffffffffffce2}, {0x0, 0x15e}, {0x0, 0x2c3}, {&(0x7f0000000000)=ANY=[@ANYBLOB="b803010000000020000000000000000000"], 0x9c}], 0x4}, 0x0) r2 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) tkill(r2, 0x4) syz_open_procfs(r0, &(0x7f0000000080)='net/ptype\x00') ptrace$cont(0x18, r2, 0x0, 0x0) ptrace$setregs(0xd, r2, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r2, 0x0, 0x0) 03:37:30 executing program 3 (fault-call:6 fault-nth:39): mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000200)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000003c0)='./file0\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffe000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) 03:37:30 executing program 1: set_mempolicy(0x8002, &(0x7f0000000080)=0xffffffffffffffc1, 0x2) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='numa_maps\x00') readv(r0, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/41, 0x29}, {&(0x7f0000000100)=""/80, 0x50}], 0x2) [ 611.826279] FAULT_INJECTION: forcing a failure. [ 611.826279] name failslab, interval 1, probability 0, space 0, times 0 [ 611.844146] ptrace attach of "/root/syz-executor.4"[22978] was attempted by "/root/syz-executor.4"[22979] [ 611.855562] CPU: 1 PID: 22975 Comm: syz-executor.3 Not tainted 4.14.138 #34 [ 611.862681] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 611.872041] Call Trace: [ 611.874639] dump_stack+0x138/0x19c [ 611.878270] should_fail.cold+0x10f/0x159 [ 611.882421] should_failslab+0xdb/0x130 [ 611.886392] kmem_cache_alloc+0x2d7/0x780 [ 611.890526] ? anon_vma_clone+0x310/0x470 [ 611.894660] anon_vma_fork+0x1ce/0x4d0 [ 611.898534] copy_process.part.0+0x45e2/0x6a00 [ 611.903110] ? __cleanup_sighand+0x50/0x50 [ 611.907325] ? lock_downgrade+0x6e0/0x6e0 [ 611.911481] _do_fork+0x19e/0xce0 [ 611.914932] ? fork_idle+0x280/0x280 [ 611.918648] ? fput+0xd4/0x150 [ 611.921827] ? SyS_write+0x15e/0x230 [ 611.925549] SyS_clone+0x37/0x50 [ 611.928898] ? sys_vfork+0x30/0x30 [ 611.932440] do_syscall_64+0x1e8/0x640 [ 611.936336] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 611.941170] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 611.946344] RIP: 0033:0x459829 [ 611.949526] RSP: 002b:00007f74f3dd6c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 611.957230] RAX: ffffffffffffffda RBX: 00007f74f3dd6c90 RCX: 0000000000459829 [ 611.964496] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 611.971747] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 611.979026] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f74f3dd76d4 [ 611.986298] R13: 00000000004bfce6 R14: 00000000004d1a38 R15: 0000000000000004 [ 612.006668] x86/PAT: syz-executor.3:22975 freeing invalid memtype [mem 0x00002000-0x00002fff] [ 612.151027] IPVS: ftp: loaded support on port[0] = 21 03:37:31 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca50d5e0bcfe47bf070") mkdir(&(0x7f00000001c0)='./file0\x00', 0x0) mkdir(&(0x7f0000000040)='./file1\x00', 0x0) mount$overlay(0x40000a, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='overlay\x00', 0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="75707065726469723d2e2f66696c65302c6c6f7765726469723d2e2f66696c65302c776f726b6469723d2e2f66696c65315c004598c046f1e36e4d549161acace157246029807adb6fedad114639c61211f468ea846aef74e949518e90975efeb1605dd307ddab5e6ac6860aa1006a8a87cb51444c3c117852eba9c873d927852c73c74025ca40e47e900a1d3da65a75d4c59703c9a57be5f1dc9c15b5dd057f9956375ef37fe5d4f348daf58c6ebafb59c243ba226047d15881264789ea1dd00038504894096cc0c71f479b0ac95b0095e0a68384a583cbdd20c831fdd06b2fa37f8b0279b4676bcc6a653a4e9fa42e66c3683583d5f79c1fe0babf1d92e34d322d1b664db7bd6e256c81317fd61eb764df50cc68f22d3aa0d3ac992f"]) 03:37:31 executing program 5: syz_open_dev$sndtimer(&(0x7f0000000100)='/dev/snd/timer\x00', 0x0, 0xc2) r0 = memfd_create(&(0x7f0000000040)='\x00\xac=\x9d\xd2\xdb\xe6\xbf\xb4\b\xedcJ\x8e\x84\xd4N\x12\x9b\x1f\t\xbd\x11+\x86T\x16\xa3\xb3\xae0\x9f9?\xefo\xa4k\x012>\xa1\x9c\x86x\x1c\x9f\x84\x195\xde\x97_\t~\xf3Y\x12\"p^\xc1\x0f', 0x0) pipe2(&(0x7f00000001c0)={0xffffffffffffffff}, 0x80000) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000240)='TIPCv2\x00') sendmsg$TIPC_NL_PUBL_GET(r1, &(0x7f00000004c0)={&(0x7f0000000200), 0xc, &(0x7f0000000400)={&(0x7f0000000700)=ANY=[@ANYRES16=r2, @ANYBLOB="00012abd7000fedbdf25070000002400020008000100a400000008000100800000000800010000000000080001000600000068000100080003000000000008000300ff000000380004001400010002004e20e00000020000000000000000200002000a00000000000005ff010000000000000000000000000001060000000c00020008000300f7e50000100001007564703a73797a3100000000140009000800010002000000080002005f03000020000200080002003200000004000400080001000500000008000100fdffffff24000900080001000400000008000200348bffff08000100020000000800010000000100d38e0166af14aef0fed3fe37ccb98b8e1d618758710bcc343515620b7485b2e5d34afd97798864139f9bd4a82584dd5fa513b207b6aed55e6fa9e1a400b4c5cfda809f61fa901ac4e4a13376e03f6d591f4663839b5b00066e998ace"], 0x2}, 0x1, 0x0, 0x0, 0x40000}, 0x20004010) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='Cpuacct.stE\xae\x00', 0x275a, 0x0) r3 = creat(&(0x7f0000000080)='./bus\x00', 0x0) fallocate(r3, 0x0, 0x0, 0x1) read$eventfd(r3, &(0x7f00000003c0), 0x8) fallocate(r0, 0xe, 0x6, 0xffffffffffff5a11) r4 = creat(&(0x7f0000000280)='./bus\x00', 0x80) r5 = socket$inet6(0xa, 0x400000000001, 0x0) r6 = fcntl$getown(r4, 0x9) capget(&(0x7f00000000c0)={0x20080522, r6}, &(0x7f0000000140)={0x1, 0x8000, 0x81, 0x40, 0xfffffffff0520d4f, 0x5}) r7 = dup(r5) ioctl$FICLONE(0xffffffffffffffff, 0x40049409, r5) setsockopt$inet6_tcp_int(r7, 0x6, 0x12, &(0x7f0000000000)=0x7f, 0x4) bind$inet6(r5, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r5, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$SO_BINDTODEVICE(r5, 0x1, 0x19, &(0x7f0000000180)='syz_tun\x00', 0x10) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x400}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r8 = open(&(0x7f0000000440)='./bus\x00', 0x141042, 0x0) ftruncate(r4, 0x800fe) sendfile(r7, r8, 0x0, 0x8000fffffffe) 03:37:31 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") r1 = socket$inet6(0xa, 0x80002, 0x0) r2 = syz_open_dev$vcsn(&(0x7f0000000240)='/dev/vcs#\x00', 0x8, 0x4002) accept4$ax25(r2, &(0x7f0000000300)={{0x3, @netrom}, [@null, @bcast, @default, @remote, @null, @remote, @netrom, @null]}, &(0x7f0000000380)=0x48, 0x80800) connect$inet6(r1, &(0x7f0000000100)={0xa, 0x0, 0x0, @loopback}, 0x1c) connect$inet6(r1, &(0x7f0000000000)={0xa, 0x0, 0x0, @dev, 0x10001}, 0x1c) r3 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/vcs\x00', 0xa000, 0x0) ioctl$KVM_SET_ONE_REG(r3, 0x4010aeac, &(0x7f0000000180)={0xffffffffffff106d, 0x7}) getsockopt$inet6_tcp_TCP_REPAIR_WINDOW(r1, 0x6, 0x1d, &(0x7f00000001c0), &(0x7f0000000200)=0x14) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r4, &(0x7f000014f000)={0x0, 0x0, &(0x7f00000bfff0)={&(0x7f0000000280)=ANY=[@ANYBLOB="b8000000190001000000000000000000ff0100000000000000000000000000000000000000000020000000000000000a00"/64, @ANYRES32=0x0, @ANYRES32=0x0, @ANYPTR64], 0x4}, 0x1, 0x0, 0x0, 0x8001}, 0x0) setsockopt$IP6T_SO_SET_ADD_COUNTERS(r1, 0x29, 0x41, &(0x7f0000000080)={'raw\x00', 0x3, [{}, {}, {}]}, 0x58) 03:37:31 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=ANY=[@ANYBLOB="1c000000200029080000000000000000010000285389415f547cfc0f8aa168ff0008000100ad000000"], 0x1c}}, 0x0) 03:37:31 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x822102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg$netlink(0xffffffffffffffff, &(0x7f0000001dc0)={0x0, 0x0, &(0x7f00000000c0)=[{0x0, 0xfffffffffffffce2}, {0x0, 0x15e}, {0x0, 0x2c3}, {&(0x7f0000000000)=ANY=[@ANYBLOB="b803010000000020000000000000000000"], 0x9c}], 0x4}, 0x0) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x4) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 03:37:31 executing program 3 (fault-call:6 fault-nth:40): mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000200)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000003c0)='./file0\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffe000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) [ 613.046328] FAULT_INJECTION: forcing a failure. [ 613.046328] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 613.066529] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'. [ 613.075828] overlayfs: filesystem on './file0' not supported as upperdir [ 613.093841] CPU: 1 PID: 22993 Comm: syz-executor.3 Not tainted 4.14.138 #34 [ 613.100980] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 613.110343] Call Trace: [ 613.112944] dump_stack+0x138/0x19c [ 613.116590] should_fail.cold+0x10f/0x159 [ 613.120747] ? __might_sleep+0x93/0xb0 [ 613.124648] __alloc_pages_nodemask+0x1d6/0x7a0 [ 613.129320] ? save_stack+0x45/0xd0 [ 613.132947] ? kasan_kmalloc+0xce/0xf0 [ 613.136835] ? kasan_slab_alloc+0xf/0x20 [ 613.140933] ? __alloc_pages_slowpath+0x2930/0x2930 [ 613.145962] alloc_pages_current+0xec/0x1e0 [ 613.150289] pte_alloc_one+0x1a/0x100 [ 613.154096] __pte_alloc+0x2a/0x2d0 [ 613.157729] copy_page_range+0x11ba/0x1bd0 [ 613.161968] ? anon_vma_fork+0x358/0x4d0 [ 613.166037] ? vma_compute_subtree_gap+0x190/0x1f0 [ 613.170976] ? __pmd_alloc+0x410/0x410 [ 613.174885] copy_process.part.0+0x4764/0x6a00 [ 613.179502] ? __cleanup_sighand+0x50/0x50 [ 613.183748] ? lock_downgrade+0x6e0/0x6e0 [ 613.187906] _do_fork+0x19e/0xce0 [ 613.191372] ? fork_idle+0x280/0x280 03:37:32 executing program 1: r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) write$binfmt_elf64(r0, &(0x7f0000000080)=ANY=[], 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer\x00', 0x101000, 0x0) unlink(&(0x7f0000000180)='./file0\x00') clone(0x2100001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) fsetxattr$system_posix_acl(r0, &(0x7f0000000000)='system.posix_acl_access\x00', &(0x7f00000002c0)=ANY=[@ANYBLOB="020000000100000000000000010200000000002000000000", @ANYRES32=0x0, @ANYBLOB="1000000000000000200000ff0fbc0008"], 0x2c, 0x0) close(r0) read(r0, &(0x7f00000001c0)=""/134, 0x86) creat(&(0x7f0000000100)='./file0\x00', 0x0) write$P9_RLOPEN(r0, &(0x7f00000000c0)={0x18, 0xd, 0x2, {{0x4, 0x4, 0x5}, 0x800}}, 0x18) 03:37:32 executing program 5: syz_open_dev$sndtimer(&(0x7f0000000100)='/dev/snd/timer\x00', 0x0, 0xc2) r0 = memfd_create(&(0x7f0000000040)='\x00\xac=\x9d\xd2\xdb\xe6\xbf\xb4\b\xedcJ\x8e\x84\xd4N\x12\x9b\x1f\t\xbd\x11+\x86T\x16\xa3\xb3\xae0\x9f9?\xefo\xa4k\x012>\xa1\x9c\x86x\x1c\x9f\x84\x195\xde\x97_\t~\xf3Y\x12\"p^\xc1\x0f', 0x0) pipe2(&(0x7f00000001c0)={0xffffffffffffffff}, 0x80000) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000240)='TIPCv2\x00') sendmsg$TIPC_NL_PUBL_GET(r1, &(0x7f00000004c0)={&(0x7f0000000200), 0xc, &(0x7f0000000400)={&(0x7f0000000700)=ANY=[@ANYBLOB, @ANYRES16=r2, @ANYBLOB="00012abd7000fedbdf25070000002400020008000100a400000008000100800000000800010000000000080001000600000068000100080003000000000008000300ff000000380004001400010002004e20e00000020000000000000000200002000a00000000000005ff010000000000000000000000000001060000000c00020008000300f7e50000100001007564703a73797a3100000000140009000800010002000000080002005f03000020000200080002003200000004000400080001000500000008000100fdffffff24000900080001000400000008000200348bffff08000100020000000800010000000100d38e0166af14aef0fed3fe37ccb98b8e1d618758710bcc343515620b7485b2e5d34afd97798864139f9bd4a82584dd5fa513b207b6aed55e6fa9e1a400b4c5cfda809f61fa901ac4e4a13376e03f6d591f4663839b5b00066e998ace"], 0x3}, 0x1, 0x0, 0x0, 0x40000}, 0x20004010) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='Cpuacct.stE\xae\x00', 0x275a, 0x0) r3 = creat(&(0x7f0000000080)='./bus\x00', 0x0) fallocate(r3, 0x0, 0x0, 0x1) read$eventfd(r3, &(0x7f00000003c0), 0x8) fallocate(r0, 0xe, 0x6, 0xffffffffffff5a11) r4 = creat(&(0x7f0000000280)='./bus\x00', 0x80) r5 = socket$inet6(0xa, 0x400000000001, 0x0) r6 = fcntl$getown(r4, 0x9) capget(&(0x7f00000000c0)={0x20080522, r6}, &(0x7f0000000140)={0x1, 0x8000, 0x81, 0x40, 0xfffffffff0520d4f, 0x5}) r7 = dup(r5) ioctl$FICLONE(0xffffffffffffffff, 0x40049409, r5) setsockopt$inet6_tcp_int(r7, 0x6, 0x12, &(0x7f0000000000)=0x7f, 0x4) bind$inet6(r5, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r5, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$SO_BINDTODEVICE(r5, 0x1, 0x19, &(0x7f0000000180)='syz_tun\x00', 0x10) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x400}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r8 = open(&(0x7f0000000440)='./bus\x00', 0x141042, 0x0) ftruncate(r4, 0x800fe) sendfile(r7, r8, 0x0, 0x8000fffffffe) [ 613.195092] ? fput+0xd4/0x150 [ 613.198285] ? SyS_write+0x15e/0x230 [ 613.202006] SyS_clone+0x37/0x50 [ 613.205376] ? sys_vfork+0x30/0x30 [ 613.208915] do_syscall_64+0x1e8/0x640 [ 613.212803] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 613.217696] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 613.222894] RIP: 0033:0x459829 [ 613.226080] RSP: 002b:00007f74f3dd6c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 613.233793] RAX: ffffffffffffffda RBX: 00007f74f3dd6c90 RCX: 0000000000459829 03:37:32 executing program 0: r0 = socket$inet(0x10, 0x3, 0xc) sendmsg(r0, &(0x7f000001d000)={0x0, 0x0, &(0x7f0000024000)=[{&(0x7f0000000100)="24000000100007031dff22946fa2830020200a0009000300001d85687f0000000400ff7e280000000c0a43ba5d806055b6fdd80b40000000030001000929ec2400020cd37e99d69cda45a95e", 0x4c}], 0x1}, 0x0) ioctl$sock_ifreq(r0, 0x89a2, &(0x7f0000000040)={'bridge0\x00', @ifru_data=&(0x7f0000000000)="84aa3d91181c3a52d7561641fd88e5aac26111b32ef863e7de71968da9de5a91"}) 03:37:32 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) pipe(&(0x7f0000000080)) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca50d5e0bcfe47bf070") mkdir(&(0x7f00000001c0)='./file0\x00', 0x0) mkdir(&(0x7f0000000040)='./file1\x00', 0x0) mount$overlay(0x40000a, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='overlay\x00', 0x0, &(0x7f0000000100)={[{@upperdir={'upperdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './file1'}, 0x5c}], [], 0xf603000000000000}) [ 613.241066] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 613.248361] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 613.255640] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f74f3dd76d4 [ 613.262913] R13: 00000000004bfce6 R14: 00000000004d1a38 R15: 0000000000000004 03:37:32 executing program 1: mkdir(&(0x7f0000000440)='./file1\x00', 0x0) inotify_init() 03:37:32 executing program 3 (fault-call:6 fault-nth:41): mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000200)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000003c0)='./file0\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffe000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) [ 613.324041] x86/PAT: syz-executor.3:22993 freeing invalid memtype [mem 0x00002000-0x00002fff] [ 613.352252] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'. 03:37:32 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca50d5e0bcfe47bf070") mkdir(&(0x7f00000001c0)='./file0\x00', 0x0) mkdir(&(0x7f0000000040)='./file1\x00', 0x0) mount$overlay(0x40000a, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='overlay\x00', 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="7570702f66696c65302c6c6f7765726469723d2e2f66696c65302c776f726b649500"/51]) 03:37:32 executing program 5: syz_open_dev$sndtimer(&(0x7f0000000100)='/dev/snd/timer\x00', 0x0, 0xc2) r0 = memfd_create(&(0x7f0000000040)='\x00\xac=\x9d\xd2\xdb\xe6\xbf\xb4\b\xedcJ\x8e\x84\xd4N\x12\x9b\x1f\t\xbd\x11+\x86T\x16\xa3\xb3\xae0\x9f9?\xefo\xa4k\x012>\xa1\x9c\x86x\x1c\x9f\x84\x195\xde\x97_\t~\xf3Y\x12\"p^\xc1\x0f', 0x0) pipe2(&(0x7f00000001c0)={0xffffffffffffffff}, 0x80000) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000240)='TIPCv2\x00') sendmsg$TIPC_NL_PUBL_GET(r1, &(0x7f00000004c0)={&(0x7f0000000200), 0xc, &(0x7f0000000400)={&(0x7f0000000700)=ANY=[@ANYBLOB, @ANYRES16=r2, @ANYBLOB="00012abd7000fedbdf25070000002400020008000100a400000008000100800000000800010000000000080001000600000068000100080003000000000008000300ff000000380004001400010002004e20e00000020000000000000000200002000a00000000000005ff010000000000000000000000000001060000000c00020008000300f7e50000100001007564703a73797a3100000000140009000800010002000000080002005f03000020000200080002003200000004000400080001000500000008000100fdffffff24000900080001000400000008000200348bffff08000100020000000800010000000100d38e0166af14aef0fed3fe37ccb98b8e1d618758710bcc343515620b7485b2e5d34afd97798864139f9bd4a82584dd5fa513b207b6aed55e6fa9e1a400b4c5cfda809f61fa901ac4e4a13376e03f6d591f4663839b5b00066e998ace"], 0x3}, 0x1, 0x0, 0x0, 0x40000}, 0x20004010) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='Cpuacct.stE\xae\x00', 0x275a, 0x0) r3 = creat(&(0x7f0000000080)='./bus\x00', 0x0) fallocate(r3, 0x0, 0x0, 0x1) read$eventfd(r3, &(0x7f00000003c0), 0x8) fallocate(r0, 0xe, 0x6, 0xffffffffffff5a11) r4 = creat(&(0x7f0000000280)='./bus\x00', 0x80) r5 = socket$inet6(0xa, 0x400000000001, 0x0) r6 = fcntl$getown(r4, 0x9) capget(&(0x7f00000000c0)={0x20080522, r6}, &(0x7f0000000140)={0x1, 0x8000, 0x81, 0x40, 0xfffffffff0520d4f, 0x5}) r7 = dup(r5) ioctl$FICLONE(0xffffffffffffffff, 0x40049409, r5) setsockopt$inet6_tcp_int(r7, 0x6, 0x12, &(0x7f0000000000)=0x7f, 0x4) bind$inet6(r5, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r5, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$SO_BINDTODEVICE(r5, 0x1, 0x19, &(0x7f0000000180)='syz_tun\x00', 0x10) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x400}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r8 = open(&(0x7f0000000440)='./bus\x00', 0x141042, 0x0) ftruncate(r4, 0x800fe) sendfile(r7, r8, 0x0, 0x8000fffffffe) [ 613.421433] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'. 03:37:32 executing program 0: r0 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv4/vs/sync_ports\x00', 0x2, 0x0) write$P9_RGETLOCK(r0, 0x0, 0x0) ioctl$BLKGETSIZE64(r0, 0x80081272, &(0x7f0000000040)) [ 613.489841] FAULT_INJECTION: forcing a failure. [ 613.489841] name failslab, interval 1, probability 0, space 0, times 0 [ 613.509891] CPU: 0 PID: 23025 Comm: syz-executor.3 Not tainted 4.14.138 #34 [ 613.517031] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 613.526397] Call Trace: [ 613.528994] dump_stack+0x138/0x19c [ 613.532643] should_fail.cold+0x10f/0x159 [ 613.536845] should_failslab+0xdb/0x130 [ 613.540832] kmem_cache_alloc+0x2d7/0x780 [ 613.544995] ptlock_alloc+0x20/0x70 [ 613.548629] pte_alloc_one+0x60/0x100 [ 613.552439] __pte_alloc+0x2a/0x2d0 [ 613.556074] copy_page_range+0x11ba/0x1bd0 [ 613.560316] ? anon_vma_fork+0x358/0x4d0 [ 613.564393] ? vma_compute_subtree_gap+0x190/0x1f0 [ 613.569351] ? __pmd_alloc+0x410/0x410 [ 613.573261] copy_process.part.0+0x4764/0x6a00 [ 613.577866] ? __cleanup_sighand+0x50/0x50 [ 613.582106] ? lock_downgrade+0x6e0/0x6e0 [ 613.586264] _do_fork+0x19e/0xce0 [ 613.589725] ? fork_idle+0x280/0x280 [ 613.593446] ? fput+0xd4/0x150 [ 613.596640] ? SyS_write+0x15e/0x230 [ 613.600365] SyS_clone+0x37/0x50 [ 613.603740] ? sys_vfork+0x30/0x30 [ 613.607288] do_syscall_64+0x1e8/0x640 [ 613.611177] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 613.616033] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 613.621220] RIP: 0033:0x459829 [ 613.624405] RSP: 002b:00007f74f3dd6c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 613.632117] RAX: ffffffffffffffda RBX: 00007f74f3dd6c90 RCX: 0000000000459829 03:37:32 executing program 5: syz_open_dev$sndtimer(&(0x7f0000000100)='/dev/snd/timer\x00', 0x0, 0xc2) r0 = memfd_create(&(0x7f0000000040)='\x00\xac=\x9d\xd2\xdb\xe6\xbf\xb4\b\xedcJ\x8e\x84\xd4N\x12\x9b\x1f\t\xbd\x11+\x86T\x16\xa3\xb3\xae0\x9f9?\xefo\xa4k\x012>\xa1\x9c\x86x\x1c\x9f\x84\x195\xde\x97_\t~\xf3Y\x12\"p^\xc1\x0f', 0x0) pipe2(&(0x7f00000001c0)={0xffffffffffffffff}, 0x80000) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000240)='TIPCv2\x00') sendmsg$TIPC_NL_PUBL_GET(r1, &(0x7f00000004c0)={&(0x7f0000000200), 0xc, &(0x7f0000000400)={&(0x7f0000000700)=ANY=[@ANYBLOB, @ANYRES16=r2, @ANYBLOB="00012abd7000fedbdf25070000002400020008000100a400000008000100800000000800010000000000080001000600000068000100080003000000000008000300ff000000380004001400010002004e20e00000020000000000000000200002000a00000000000005ff010000000000000000000000000001060000000c00020008000300f7e50000100001007564703a73797a3100000000140009000800010002000000080002005f03000020000200080002003200000004000400080001000500000008000100fdffffff24000900080001000400000008000200348bffff08000100020000000800010000000100d38e0166af14aef0fed3fe37ccb98b8e1d618758710bcc343515620b7485b2e5d34afd97798864139f9bd4a82584dd5fa513b207b6aed55e6fa9e1a400b4c5cfda809f61fa901ac4e4a13376e03f6d591f4663839b5b00066e998ace"], 0x3}, 0x1, 0x0, 0x0, 0x40000}, 0x20004010) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='Cpuacct.stE\xae\x00', 0x275a, 0x0) r3 = creat(&(0x7f0000000080)='./bus\x00', 0x0) fallocate(r3, 0x0, 0x0, 0x1) read$eventfd(r3, &(0x7f00000003c0), 0x8) fallocate(r0, 0xe, 0x6, 0xffffffffffff5a11) r4 = creat(&(0x7f0000000280)='./bus\x00', 0x80) r5 = socket$inet6(0xa, 0x400000000001, 0x0) r6 = fcntl$getown(r4, 0x9) capget(&(0x7f00000000c0)={0x20080522, r6}, &(0x7f0000000140)={0x1, 0x8000, 0x81, 0x40, 0xfffffffff0520d4f, 0x5}) r7 = dup(r5) ioctl$FICLONE(0xffffffffffffffff, 0x40049409, r5) setsockopt$inet6_tcp_int(r7, 0x6, 0x12, &(0x7f0000000000)=0x7f, 0x4) bind$inet6(r5, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r5, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$SO_BINDTODEVICE(r5, 0x1, 0x19, &(0x7f0000000180)='syz_tun\x00', 0x10) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x400}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r8 = open(&(0x7f0000000440)='./bus\x00', 0x141042, 0x0) ftruncate(r4, 0x800fe) sendfile(r7, r8, 0x0, 0x8000fffffffe) [ 613.639406] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 613.646663] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 613.653916] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f74f3dd76d4 [ 613.661189] R13: 00000000004bfce6 R14: 00000000004d1a38 R15: 0000000000000004 [ 613.726550] x86/PAT: syz-executor.3:23025 freeing invalid memtype [mem 0x00002000-0x00002fff] [ 613.789206] overlayfs: unrecognized mount option "upp/file0" or missing value [ 613.817477] overlayfs: unrecognized mount option "upp/file0" or missing value [ 615.750162] net_ratelimit: 22 callbacks suppressed [ 615.750167] protocol 88fb is buggy, dev hsr_slave_0 [ 615.760225] protocol 88fb is buggy, dev hsr_slave_1 [ 615.765293] protocol 88fb is buggy, dev hsr_slave_0 [ 615.770379] protocol 88fb is buggy, dev hsr_slave_1 03:37:35 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x822102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg$netlink(0xffffffffffffffff, &(0x7f0000001dc0)={0x0, 0x0, &(0x7f00000000c0)=[{0x0, 0xfffffffffffffce2}, {0x0, 0x15e}, {0x0, 0x2c3}, {&(0x7f0000000040)=ANY=[@ANYBLOB="bd035f1be2445ec515eb46f1ae821fba340526f4003d03008bda6fa738042f"], 0x9c}], 0x4}, 0x0) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x4) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer2\x00', 0x100, 0x0) connect$bt_sco(r1, &(0x7f0000000080)={0x1f, {0x5, 0x4, 0x5, 0x401, 0x401, 0x1}}, 0x8) 03:37:35 executing program 1: r0 = gettid() timer_create(0xb, &(0x7f0000000140)={0x0, 0x8, 0x4, @tid=r0}, &(0x7f0000000400)) timer_settime(0x0, 0x0, &(0x7f0000000000)={{0x0, 0x1}, {0x0, 0x1c9c380}}, 0x0) prctl$PR_SET_UNALIGN(0x6, 0x0) r1 = signalfd4(0xffffffffffffffff, &(0x7f0000000ff8)={0xfffffffffffffdb1}, 0x8, 0x0) read(r1, &(0x7f0000000080)=""/128, 0x88308aa) perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0xfffffffffffff000, 0x1, 0x5, 0x4, 0x0, 0x6f3, 0x40000, 0x8, 0x7, 0x81da, 0xaec2, 0x3, 0xffffffffffffff20, 0x7fffffff, 0x9, 0x4, 0x10001, 0x0, 0x25, 0x9, 0x101, 0x9f8, 0x7, 0x1, 0x1, 0x1, 0x80000000, 0x8, 0x4, 0xe630000000000, 0x0, 0x7, 0x100000000, 0x2ddb, 0x6, 0x87, 0x0, 0xfff, 0x1, @perf_bp={&(0x7f0000000040), 0x2}, 0x80, 0x2, 0x8, 0x7, 0x2, 0x1}, r0, 0xf, 0xffffffffffffffff, 0x8) timer_settime(0x0, 0x0, &(0x7f00000001c0)={{0x0, 0x1c9c380}}, 0x0) 03:37:35 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000480)='/dev/kvm\x00', 0x0, 0x0) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(r1, 0x40042409, 0x0) ioctl$VIDIOC_CROPCAP(0xffffffffffffffff, 0xc02c563a, &(0x7f0000000100)) setsockopt$packet_int(0xffffffffffffffff, 0x107, 0x0, 0x0, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x0, @broadcast}, 0x10) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) r2 = openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000140)='/proc/thread-self/attr/current\x00', 0x2, 0x0) syz_open_dev$sndpcmp(&(0x7f0000000040)='/dev/snd/pcmC#D#p\x00', 0x6, 0x0) syz_genetlink_get_family_id$team(&(0x7f00000000c0)='team\x00') getsockname$packet(0xffffffffffffffff, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000000240)=0x14) getsockopt$inet_IP_IPSEC_POLICY(r0, 0x0, 0x10, &(0x7f0000000280)={{{@in6=@remote, @in6=@ipv4={[], [], @loopback}}}, {{@in=@local}, 0x0, @in6=@empty}}, &(0x7f0000000380)=0xe8) getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x1d, &(0x7f00000003c0)={@remote}, &(0x7f0000000400)=0x14) mkdirat$cgroup(r2, &(0x7f0000000080)='syz1\x00', 0x1ff) accept$packet(0xffffffffffffffff, &(0x7f0000000440)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000004c0)=0x14) getsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x27, &(0x7f0000001980)={@rand_addr, @local}, &(0x7f00000019c0)=0xc) getsockname$packet(r2, &(0x7f0000001ec0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, &(0x7f0000001f00)=0x14) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r3, &(0x7f0000000180)={0x0, 0x71, &(0x7f0000000100)={&(0x7f00000001c0)={0x14, 0x22, 0x829, 0x0, 0x0, {0x4, 0x1000000}}, 0x14}, 0x1, 0xfdffffff00000000}, 0x0) 03:37:35 executing program 3 (fault-call:6 fault-nth:42): mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000200)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000003c0)='./file0\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffe000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) 03:37:35 executing program 5: syz_open_dev$sndtimer(&(0x7f0000000100)='/dev/snd/timer\x00', 0x0, 0xc2) r0 = memfd_create(&(0x7f0000000040)='\x00\xac=\x9d\xd2\xdb\xe6\xbf\xb4\b\xedcJ\x8e\x84\xd4N\x12\x9b\x1f\t\xbd\x11+\x86T\x16\xa3\xb3\xae0\x9f9?\xefo\xa4k\x012>\xa1\x9c\x86x\x1c\x9f\x84\x195\xde\x97_\t~\xf3Y\x12\"p^\xc1\x0f', 0x0) pipe2(&(0x7f00000001c0)={0xffffffffffffffff}, 0x80000) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000240)='TIPCv2\x00') sendmsg$TIPC_NL_PUBL_GET(r1, &(0x7f00000004c0)={&(0x7f0000000200), 0xc, &(0x7f0000000400)={&(0x7f0000000700)=ANY=[@ANYBLOB="f800b900ee6059aa5bf14ff6a69df6cf78598587885cc2979be4d33804ce45cf25a023e9d85b90b16d1c4f676e9d8d20b58f8357894ddc76b8621dbea8fcf60e000000", @ANYRES16=r2, @ANYBLOB="00012abd7000fedbdf25070000002400020008000100a400000008000100800000000800010000000000080001000600000068000100080003000000000008000300ff000000380004001400010002004e20e00000020000000000000000200002000a00000000000005ff010000000000000000000000000001060000000c00020008000300f7e50000100001007564703a73797a3100000000140009000800010002000000080002005f03000020000200080002003200000004000400080001000500000008000100fdffffff24000900080001000400000008000200348bffff08000100020000000800010000000100d38e0166af14aef0fed3fe37ccb98b8e1d618758710bcc343515620b7485b2e5d34afd97798864139f9bd4a82584dd5fa513b207b6aed55e6fa9e1a400b4c5cfda809f61fa901ac4e4a13376e03f6d591f4663839b5b00066e998ace"], 0x3}, 0x1, 0x0, 0x0, 0x40000}, 0x20004010) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='Cpuacct.stE\xae\x00', 0x275a, 0x0) r3 = creat(&(0x7f0000000080)='./bus\x00', 0x0) fallocate(r3, 0x0, 0x0, 0x1) read$eventfd(r3, &(0x7f00000003c0), 0x8) fallocate(r0, 0xe, 0x6, 0xffffffffffff5a11) r4 = creat(&(0x7f0000000280)='./bus\x00', 0x80) r5 = socket$inet6(0xa, 0x400000000001, 0x0) r6 = fcntl$getown(r4, 0x9) capget(&(0x7f00000000c0)={0x20080522, r6}, &(0x7f0000000140)={0x1, 0x8000, 0x81, 0x40, 0xfffffffff0520d4f, 0x5}) r7 = dup(r5) ioctl$FICLONE(0xffffffffffffffff, 0x40049409, r5) setsockopt$inet6_tcp_int(r7, 0x6, 0x12, &(0x7f0000000000)=0x7f, 0x4) bind$inet6(r5, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r5, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$SO_BINDTODEVICE(r5, 0x1, 0x19, &(0x7f0000000180)='syz_tun\x00', 0x10) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x400}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r8 = open(&(0x7f0000000440)='./bus\x00', 0x141042, 0x0) ftruncate(r4, 0x800fe) sendfile(r7, r8, 0x0, 0x8000fffffffe) 03:37:35 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x4, &(0x7f0000000000)="01dca50d5e0bcfe47bf070") mkdir(&(0x7f00000001c0)='./file0\x00', 0x0) mkdir(&(0x7f0000000040)='./file1\x00', 0x0) r1 = openat$selinux_mls(0xffffffffffffff9c, &(0x7f0000000240)='/selinux/mls\x00', 0x0, 0x0) clock_gettime(0x0, &(0x7f00000002c0)={0x0, 0x0}) utimensat(r1, &(0x7f0000000280)='./file0/file0\x00', &(0x7f0000000300)={{r2, r3/1000+30000}, {0x77359400}}, 0x0) r4 = getpgrp(0x0) r5 = openat$null(0xffffffffffffff9c, &(0x7f0000000100)='/dev/null\x00', 0x20000, 0x0) ioctl$sock_rose_SIOCRSCLRRT(r5, 0x89e4) move_pages(r4, 0x5, &(0x7f0000000080)=[&(0x7f0000fff000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil], &(0x7f0000000140)=[0x3, 0xff], &(0x7f0000000180)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x2) mkdir(&(0x7f0000000340)='./file0/file0\x00', 0x4) mount$overlay(0x40000a, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='overlay\x00', 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="75707065726469723d2e2f66696c65302c6c6f7765c114d90129b2726469723d2e2f66696c65302c8e6f726b6469723d2e2f66696c65315c00"]) [ 616.076827] FAULT_INJECTION: forcing a failure. [ 616.076827] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 616.125747] overlayfs: unrecognized mount option "lowe)rdir=./file0" or missing value [ 616.132272] CPU: 1 PID: 23053 Comm: syz-executor.3 Not tainted 4.14.138 #34 [ 616.141296] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 616.150650] Call Trace: [ 616.150671] dump_stack+0x138/0x19c [ 616.150686] should_fail.cold+0x10f/0x159 [ 616.150696] ? __might_sleep+0x93/0xb0 [ 616.150712] __alloc_pages_nodemask+0x1d6/0x7a0 [ 616.150726] ? __alloc_pages_slowpath+0x2930/0x2930 [ 616.150746] alloc_pages_current+0xec/0x1e0 [ 616.150760] pte_alloc_one+0x1a/0x100 [ 616.150773] __pte_alloc+0x2a/0x2d0 [ 616.150785] copy_page_range+0x11ba/0x1bd0 [ 616.150816] ? __pmd_alloc+0x410/0x410 [ 616.150834] copy_process.part.0+0x4764/0x6a00 [ 616.150874] ? __cleanup_sighand+0x50/0x50 [ 616.150892] ? lock_downgrade+0x6e0/0x6e0 [ 616.174756] _do_fork+0x19e/0xce0 [ 616.174773] ? fork_idle+0x280/0x280 [ 616.174789] ? fput+0xd4/0x150 [ 616.174799] ? SyS_write+0x15e/0x230 [ 616.174815] SyS_clone+0x37/0x50 [ 616.174824] ? sys_vfork+0x30/0x30 [ 616.174837] do_syscall_64+0x1e8/0x640 [ 616.194666] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 616.194687] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 616.194696] RIP: 0033:0x459829 [ 616.194702] RSP: 002b:00007f74f3dd6c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 616.194713] RAX: ffffffffffffffda RBX: 00007f74f3dd6c90 RCX: 0000000000459829 [ 616.194718] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 616.194724] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 03:37:35 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca50d5e0bcfe47bf070") bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0xf, &(0x7f0000000000)=@framed={{0x18, 0x2}, [@call]}, &(0x7f00000000c0)='GPL\x00', 0x4, 0x1000, &(0x7f000062b000)=""/4096, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) [ 616.194731] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f74f3dd76d4 [ 616.194744] R13: 00000000004bfce6 R14: 00000000004d1a38 R15: 0000000000000004 [ 616.279996] overlayfs: unrecognized mount option "lowe)rdir=./file0" or missing value 03:37:35 executing program 5: syz_open_dev$sndtimer(&(0x7f0000000100)='/dev/snd/timer\x00', 0x0, 0xc2) r0 = memfd_create(&(0x7f0000000040)='\x00\xac=\x9d\xd2\xdb\xe6\xbf\xb4\b\xedcJ\x8e\x84\xd4N\x12\x9b\x1f\t\xbd\x11+\x86T\x16\xa3\xb3\xae0\x9f9?\xefo\xa4k\x012>\xa1\x9c\x86x\x1c\x9f\x84\x195\xde\x97_\t~\xf3Y\x12\"p^\xc1\x0f', 0x0) pipe2(&(0x7f00000001c0)={0xffffffffffffffff}, 0x80000) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000240)='TIPCv2\x00') sendmsg$TIPC_NL_PUBL_GET(r1, &(0x7f00000004c0)={&(0x7f0000000200), 0xc, &(0x7f0000000400)={&(0x7f0000000700)=ANY=[@ANYBLOB="f800b900ee6059aa5bf14ff6a69df6cf78598587885cc2979be4d33804ce45cf25a023e9d85b90b16d1c4f676e9d8d20b58f8357894ddc76b8621dbea8fcf60e000000", @ANYRES16=r2, @ANYBLOB="00012abd7000fedbdf25070000002400020008000100a400000008000100800000000800010000000000080001000600000068000100080003000000000008000300ff000000380004001400010002004e20e00000020000000000000000200002000a00000000000005ff010000000000000000000000000001060000000c00020008000300f7e50000100001007564703a73797a3100000000140009000800010002000000080002005f03000020000200080002003200000004000400080001000500000008000100fdffffff24000900080001000400000008000200348bffff08000100020000000800010000000100d38e0166af14aef0fed3fe37ccb98b8e1d618758710bcc343515620b7485b2e5d34afd97798864139f9bd4a82584dd5fa513b207b6aed55e6fa9e1a400b4c5cfda809f61fa901ac4e4a13376e03f6d591f4663839b5b00066e998ace"], 0x3}, 0x1, 0x0, 0x0, 0x40000}, 0x20004010) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='Cpuacct.stE\xae\x00', 0x275a, 0x0) r3 = creat(&(0x7f0000000080)='./bus\x00', 0x0) fallocate(r3, 0x0, 0x0, 0x1) read$eventfd(r3, &(0x7f00000003c0), 0x8) fallocate(r0, 0xe, 0x6, 0xffffffffffff5a11) r4 = creat(&(0x7f0000000280)='./bus\x00', 0x80) r5 = socket$inet6(0xa, 0x400000000001, 0x0) r6 = fcntl$getown(r4, 0x9) capget(&(0x7f00000000c0)={0x20080522, r6}, &(0x7f0000000140)={0x1, 0x8000, 0x81, 0x40, 0xfffffffff0520d4f, 0x5}) r7 = dup(r5) ioctl$FICLONE(0xffffffffffffffff, 0x40049409, r5) setsockopt$inet6_tcp_int(r7, 0x6, 0x12, &(0x7f0000000000)=0x7f, 0x4) bind$inet6(r5, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r5, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$SO_BINDTODEVICE(r5, 0x1, 0x19, &(0x7f0000000180)='syz_tun\x00', 0x10) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x400}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r8 = open(&(0x7f0000000440)='./bus\x00', 0x141042, 0x0) ftruncate(r4, 0x800fe) sendfile(r7, r8, 0x0, 0x8000fffffffe) 03:37:35 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x822102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x4) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 03:37:35 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca50d5e0bcfe47bf070") mkdir(&(0x7f00000001c0)='./file0\x00', 0x0) r1 = openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/dlm-control\x00', 0x402281, 0x0) ioctl$SNDRV_SEQ_IOCTL_QUERY_NEXT_PORT(r1, 0xc0a85352, &(0x7f0000000200)={{0x81, 0x7fffffff}, 'port0\x00', 0x10, 0x60000, 0x1, 0x7fff, 0x7, 0x20, 0x7, 0x0, 0xb0145634996ed90c, 0x100000001}) mkdir(&(0x7f0000000040)='./file1\x00', 0x0) mount$overlay(0x40000a, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='overlay\x00', 0x0, &(0x7f0000000100)={[{@upperdir={'upperdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './file1'}, 0x5c}], [], 0xf603000000000000}) r2 = syz_genetlink_get_family_id$tipc(&(0x7f0000000380)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_TOL(r1, &(0x7f0000000340)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000300)={&(0x7f00000002c0)={0x34, r2, 0x400, 0x70bd2c, 0x25dfdbfd, {{}, 0x0, 0x4107, 0x0, {0x18, 0x18, {0x6, @bearer=@l2={'eth', 0x3a, 'syzkaller0\x00'}}}}, ["", "", "", "", "", "", "", "", ""]}, 0x34}, 0x1, 0x0, 0x0, 0x80}, 0x0) [ 616.424257] x86/PAT: syz-executor.3:23053 freeing invalid memtype [mem 0x00002000-0x00002fff] 03:37:35 executing program 1: r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/net/tun\x00', 0x2, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000280)={'\x00\x00\x00\xe6\xff\xff\xff\x00\x00\x00\x00\x00\x02\x00', 0x5002}) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000002c0)=@newlink={0x28, 0x10, 0xc362e63b3f31ba5f, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x3}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0) r3 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) ftruncate(r3, 0x2007fff) write$P9_RXATTRCREATE(r3, &(0x7f0000000140)={0x383}, 0x7) write$P9_RSETATTR(r3, &(0x7f0000000040)={0x7}, 0x7) sendfile(r0, r3, &(0x7f0000d83ff8), 0x800000000024) 03:37:35 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) r0 = creat(&(0x7f0000000040)='./file0\x00', 0x1) r1 = syz_open_dev$admmidi(&(0x7f0000000080)='/dev/admmidi#\x00', 0x9, 0x10000) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r0, 0x2405, r1) clone(0x822102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg$netlink(0xffffffffffffffff, &(0x7f0000001dc0)={0x0, 0x0, &(0x7f00000000c0)=[{0x0, 0xfffffffffffffce2}, {0x0, 0x15e}, {0x0, 0x2c3}, {&(0x7f0000000000)=ANY=[@ANYBLOB="b803010000000020000000000000000000"], 0x9c}], 0x4}, 0x0) r2 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) tkill(r2, 0x3a) ptrace$cont(0x18, r2, 0x0, 0x0) ptrace$setregs(0xd, r2, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r2, 0x0, 0x0) 03:37:35 executing program 3 (fault-call:6 fault-nth:43): mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000200)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000003c0)='./file0\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffe000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) [ 616.550822] protocol 88fb is buggy, dev hsr_slave_0 [ 616.556775] protocol 88fb is buggy, dev hsr_slave_1 [ 616.669384] FAULT_INJECTION: forcing a failure. [ 616.669384] name failslab, interval 1, probability 0, space 0, times 0 [ 616.684787] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=23092 comm=syz-executor.1 [ 616.687555] CPU: 1 PID: 23091 Comm: syz-executor.3 Not tainted 4.14.138 #34 [ 616.704003] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 616.713358] Call Trace: [ 616.713376] dump_stack+0x138/0x19c [ 616.713391] should_fail.cold+0x10f/0x159 [ 616.713406] should_failslab+0xdb/0x130 [ 616.713417] kmem_cache_alloc+0x2d7/0x780 [ 616.713433] ptlock_alloc+0x20/0x70 [ 616.713446] pte_alloc_one+0x60/0x100 [ 616.713458] __pte_alloc+0x2a/0x2d0 [ 616.713471] copy_page_range+0x11ba/0x1bd0 [ 616.713503] ? __pmd_alloc+0x410/0x410 [ 616.713528] copy_process.part.0+0x4764/0x6a00 [ 616.723251] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=23092 comm=syz-executor.1 [ 616.723880] ? __cleanup_sighand+0x50/0x50 [ 616.740523] device sit0 left promiscuous mode [ 616.742992] ? lock_downgrade+0x6e0/0x6e0 [ 616.743016] _do_fork+0x19e/0xce0 [ 616.751136] ? fork_idle+0x280/0x280 [ 616.751152] ? fput+0xd4/0x150 [ 616.751161] ? SyS_write+0x15e/0x230 [ 616.751175] SyS_clone+0x37/0x50 [ 616.751184] ? sys_vfork+0x30/0x30 [ 616.751197] do_syscall_64+0x1e8/0x640 [ 616.751206] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 616.751223] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 616.751232] RIP: 0033:0x459829 [ 616.751238] RSP: 002b:00007f74f3dd6c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 616.751250] RAX: ffffffffffffffda RBX: 00007f74f3dd6c90 RCX: 0000000000459829 [ 616.751257] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 616.751263] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 616.751269] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f74f3dd76d4 [ 616.751274] R13: 00000000004bfce6 R14: 00000000004d1a38 R15: 0000000000000004 03:37:35 executing program 5: syz_open_dev$sndtimer(&(0x7f0000000100)='/dev/snd/timer\x00', 0x0, 0xc2) r0 = memfd_create(&(0x7f0000000040)='\x00\xac=\x9d\xd2\xdb\xe6\xbf\xb4\b\xedcJ\x8e\x84\xd4N\x12\x9b\x1f\t\xbd\x11+\x86T\x16\xa3\xb3\xae0\x9f9?\xefo\xa4k\x012>\xa1\x9c\x86x\x1c\x9f\x84\x195\xde\x97_\t~\xf3Y\x12\"p^\xc1\x0f', 0x0) pipe2(&(0x7f00000001c0)={0xffffffffffffffff}, 0x80000) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000240)='TIPCv2\x00') sendmsg$TIPC_NL_PUBL_GET(r1, &(0x7f00000004c0)={&(0x7f0000000200), 0xc, &(0x7f0000000400)={&(0x7f0000000700)=ANY=[@ANYBLOB="f800b900ee6059aa5bf14ff6a69df6cf78598587885cc2979be4d33804ce45cf25a023e9d85b90b16d1c4f676e9d8d20b58f8357894ddc76b8621dbea8fcf60e000000", @ANYRES16=r2, @ANYBLOB="00012abd7000fedbdf25070000002400020008000100a400000008000100800000000800010000000000080001000600000068000100080003000000000008000300ff000000380004001400010002004e20e00000020000000000000000200002000a00000000000005ff010000000000000000000000000001060000000c00020008000300f7e50000100001007564703a73797a3100000000140009000800010002000000080002005f03000020000200080002003200000004000400080001000500000008000100fdffffff24000900080001000400000008000200348bffff08000100020000000800010000000100d38e0166af14aef0fed3fe37ccb98b8e1d618758710bcc343515620b7485b2e5d34afd97798864139f9bd4a82584dd5fa513b207b6aed55e6fa9e1a400b4c5cfda809f61fa901ac4e4a13376e03f6d591f4663839b5b00066e998ace"], 0x3}, 0x1, 0x0, 0x0, 0x40000}, 0x20004010) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='Cpuacct.stE\xae\x00', 0x275a, 0x0) r3 = creat(&(0x7f0000000080)='./bus\x00', 0x0) fallocate(r3, 0x0, 0x0, 0x1) read$eventfd(r3, &(0x7f00000003c0), 0x8) fallocate(r0, 0xe, 0x6, 0xffffffffffff5a11) r4 = creat(&(0x7f0000000280)='./bus\x00', 0x80) r5 = socket$inet6(0xa, 0x400000000001, 0x0) r6 = fcntl$getown(r4, 0x9) capget(&(0x7f00000000c0)={0x20080522, r6}, &(0x7f0000000140)={0x1, 0x8000, 0x81, 0x40, 0xfffffffff0520d4f, 0x5}) r7 = dup(r5) ioctl$FICLONE(0xffffffffffffffff, 0x40049409, r5) setsockopt$inet6_tcp_int(r7, 0x6, 0x12, &(0x7f0000000000)=0x7f, 0x4) bind$inet6(r5, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r5, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$SO_BINDTODEVICE(r5, 0x1, 0x19, &(0x7f0000000180)='syz_tun\x00', 0x10) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x400}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r8 = open(&(0x7f0000000440)='./bus\x00', 0x141042, 0x0) ftruncate(r4, 0x800fe) sendfile(r7, r8, 0x0, 0x8000fffffffe) 03:37:35 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca50d5e0bcfe47bf070") ioctl$EXT4_IOC_PRECACHE_EXTENTS(0xffffffffffffffff, 0x6612) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x3, &(0x7f0000000000)=@framed={{0x18, 0x2, 0x0, 0x2}}, &(0x7f00000000c0)='GPL\x00', 0x4, 0x1000, &(0x7f000062b000)=""/4096, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) [ 616.757609] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=23092 comm=syz-executor.1 [ 616.820653] overlayfs: filesystem on './file0' not supported as upperdir [ 616.846248] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 616.897366] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 616.906442] x86/PAT: syz-executor.3:23091 freeing invalid memtype [mem 0x00002000-0x00002fff] 03:37:35 executing program 3 (fault-call:6 fault-nth:44): mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000200)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000003c0)='./file0\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffe000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) [ 616.950109] protocol 88fb is buggy, dev hsr_slave_0 [ 616.951022] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=23092 comm=syz-executor.1 [ 616.955229] protocol 88fb is buggy, dev hsr_slave_1 [ 616.976553] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=23092 comm=syz-executor.1 03:37:36 executing program 2: r0 = syz_open_dev$admmidi(&(0x7f0000001780)='/dev/admmidi#\x00', 0xffffffffffff3d01, 0x40400) connect(r0, &(0x7f00000017c0)=@pptp={0x18, 0x2, {0x1, @broadcast}}, 0x80) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="11dca50d5e0bcfe47bf070") mkdir(&(0x7f0000000080)='./file0\x00', 0x100) mkdir(&(0x7f0000000040)='./file1\x00', 0x0) r2 = getuid() syz_mount_image$ext4(&(0x7f00000000c0)='ext3\x00', &(0x7f0000000100)='./file1\x00', 0x6, 0x2, &(0x7f0000000300)=[{&(0x7f0000000140)="3385387a87300f4fe8e903dab190eb4c5aec300ff7c8f36511f2dec30029d2f93581547c2df4feefd76a3da869d36e5a6d19c1b21c082f06f4d36f90ddb759351442dedb12b7d1c659dfd1704dcd9c23cc54c73c74f20baf830f2adc988923fe2fc3b6411eb8e45ce423346c733f07f44df91838a68b7617cbc17997d31dda2c3db968b2a616", 0x86}, {&(0x7f0000000200)="fc3a03c93e642a68cf28c39e99a12e6d09038d9e1d32cf71d3079112c67861d819e43c4a29e555bd1c28f8be3f0e118f07d8caa4bf817492d6db4c53f02242f389a566f2fd8450b7db3e0a32340fd1ea201bd03926dbcd53928ed5967d7a82d4c251098e3331baf0d248e79d80a1e2c497c690d907be1be5db22c44816be5d830930836d28ca56106ccd18320d92df479ed6fb4b4b76b44a7f690ff94c78155db2baf6f41f6bd94529447d8804fbd3e0406e8b3b3355de11737b2c0f1dc438a4a1ef3ecbf2e2", 0xc6}], 0x208884, &(0x7f0000000340)=ANY=[@ANYBLOB="757365720000617474722c6a6f75726e616c5f70617468bd2e2f66696cbd7f3365302f66696c65302c6575", @ANYRESDEC=r2, @ANYBLOB=',smackfsroot=/dev/admmidi#\x00,obj_user=/dev/admmidi#\x00,dont_measure,\x00']) [ 616.989126] A link change request failed with some changes committed already. Interface K may have been left with an inconsistent configuration, please check. [ 617.009240] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=23092 comm=syz-executor.1 [ 617.052366] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=23092 comm=syz-executor.1 03:37:36 executing program 0: r0 = syz_init_net_socket$ax25(0x3, 0x2, 0x0) setsockopt$ax25_int(r0, 0x101, 0x6, &(0x7f0000000700), 0x4) [ 617.098604] FAULT_INJECTION: forcing a failure. [ 617.098604] name failslab, interval 1, probability 0, space 0, times 0 [ 617.123540] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=23092 comm=syz-executor.1 [ 617.152799] CPU: 1 PID: 23105 Comm: syz-executor.3 Not tainted 4.14.138 #34 [ 617.160108] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 617.169469] Call Trace: [ 617.172062] dump_stack+0x138/0x19c [ 617.175719] should_fail.cold+0x10f/0x159 [ 617.179881] should_failslab+0xdb/0x130 [ 617.183865] kmem_cache_alloc+0x2d7/0x780 [ 617.188021] copy_process.part.0+0x444f/0x6a00 [ 617.191155] protocol 88fb is buggy, dev hsr_slave_0 [ 617.192626] ? __cleanup_sighand+0x50/0x50 03:37:36 executing program 5: syz_open_dev$sndtimer(&(0x7f0000000100)='/dev/snd/timer\x00', 0x0, 0xc2) r0 = memfd_create(&(0x7f0000000040)='\x00\xac=\x9d\xd2\xdb\xe6\xbf\xb4\b\xedcJ\x8e\x84\xd4N\x12\x9b\x1f\t\xbd\x11+\x86T\x16\xa3\xb3\xae0\x9f9?\xefo\xa4k\x012>\xa1\x9c\x86x\x1c\x9f\x84\x195\xde\x97_\t~\xf3Y\x12\"p^\xc1\x0f', 0x0) pipe2(&(0x7f00000001c0)={0xffffffffffffffff}, 0x80000) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000240)='TIPCv2\x00') sendmsg$TIPC_NL_PUBL_GET(r1, &(0x7f00000004c0)={&(0x7f0000000200), 0xc, &(0x7f0000000400)={&(0x7f0000000700)=ANY=[@ANYBLOB="f800b900ee6059aa5bf14ff6a69df6cf78598587885cc2979be4d33804ce45cf25a023e9d85b90b16d1c4f676e9d8d20b58f8357894ddc76b8621dbea8fcf60e000000000000beb107743e7f8356bb1b4c0de66bec6f53d13682abef3e61e52e81ef49b7", @ANYRES16=r2, @ANYBLOB="00012abd7000fedbdf25070000002400020008000100a400000008000100800000000800010000000000080001000600000068000100080003000000000008000300ff000000380004001400010002004e20e00000020000000000000000200002000a00000000000005ff010000000000000000000000000001060000000c00020008000300f7e50000100001007564703a73797a3100000000140009000800010002000000080002005f03000020000200080002003200000004000400080001000500000008000100fdffffff24000900080001000400000008000200348bffff08000100020000000800010000000100d38e0166af14aef0fed3fe37ccb98b8e1d618758710bcc343515620b7485b2e5d34afd97798864139f9bd4a82584dd5fa513b207b6aed55e6fa9e1a400b4c5cfda809f61fa901ac4e4a13376e03f6d591f4663839b5b00066e998ace"], 0x3}, 0x1, 0x0, 0x0, 0x40000}, 0x20004010) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='Cpuacct.stE\xae\x00', 0x275a, 0x0) r3 = creat(&(0x7f0000000080)='./bus\x00', 0x0) fallocate(r3, 0x0, 0x0, 0x1) read$eventfd(r3, &(0x7f00000003c0), 0x8) fallocate(r0, 0xe, 0x6, 0xffffffffffff5a11) r4 = creat(&(0x7f0000000280)='./bus\x00', 0x80) r5 = socket$inet6(0xa, 0x400000000001, 0x0) r6 = fcntl$getown(r4, 0x9) capget(&(0x7f00000000c0)={0x20080522, r6}, &(0x7f0000000140)={0x1, 0x8000, 0x81, 0x40, 0xfffffffff0520d4f, 0x5}) r7 = dup(r5) ioctl$FICLONE(0xffffffffffffffff, 0x40049409, r5) setsockopt$inet6_tcp_int(r7, 0x6, 0x12, &(0x7f0000000000)=0x7f, 0x4) bind$inet6(r5, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r5, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$SO_BINDTODEVICE(r5, 0x1, 0x19, &(0x7f0000000180)='syz_tun\x00', 0x10) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x400}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r8 = open(&(0x7f0000000440)='./bus\x00', 0x141042, 0x0) ftruncate(r4, 0x800fe) sendfile(r7, r8, 0x0, 0x8000fffffffe) [ 617.192644] ? lock_downgrade+0x6e0/0x6e0 [ 617.206034] _do_fork+0x19e/0xce0 [ 617.209497] ? fork_idle+0x280/0x280 [ 617.213219] ? fput+0xd4/0x150 [ 617.216414] ? SyS_write+0x15e/0x230 [ 617.220134] SyS_clone+0x37/0x50 [ 617.220144] ? sys_vfork+0x30/0x30 [ 617.220158] do_syscall_64+0x1e8/0x640 [ 617.220167] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 617.220184] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 617.220191] RIP: 0033:0x459829 [ 617.220197] RSP: 002b:00007f74f3dd6c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 03:37:36 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000140)="11dca50d5e0bcfe47bf070") r1 = socket$vsock_stream(0x28, 0x1, 0x0) accept4(r1, 0x0, 0x0, 0x0) [ 617.220207] RAX: ffffffffffffffda RBX: 00007f74f3dd6c90 RCX: 0000000000459829 [ 617.220213] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 617.220222] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 617.227110] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f74f3dd76d4 [ 617.227116] R13: 00000000004bfce6 R14: 00000000004d1a38 R15: 0000000000000004 [ 617.232688] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=23092 comm=syz-executor.1 03:37:36 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca50d5e0bcfe47bf070") mkdir(&(0x7f00000001c0)='./file0\x00', 0x4) mkdir(&(0x7f0000000040)='./file1\x00', 0x0) mount$overlay(0x40000a, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='overlay\x00', 0x0, &(0x7f0000000100)={[{@upperdir={'upperdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './file1'}, 0x5c}], [], 0xf603000000000000}) syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000140)='./file1\x00', 0x8, 0x3, &(0x7f0000000480)=[{&(0x7f0000000200)="b8886cd78190b454259071567259de09aa26dc56773b261e75d8023394c2961e2c45d61290b0feda59e8337de80e61fe7618e1535389d4a001f9079ecee788ec60cfc380a3b8d1dfedd9246d7cffc78ceca3eead22228a0b5665ed921a598442561f85b1c5f14dd41f81f2ebd203152470ab64cbf035767ed6b819f5bf1888713b467f1ff67a4bfe245c4c2410fee4b8749a5e0675901152919087409fec29e9b26654779991c0e6343de70b2d2823c3036d69851666eea53c3715399c79a0dd0499d9f9ce18954dd00a10afc39c3a81bc1f6941a4d1877ed35ccbed0c9e796083d455920a97f93d751380c2789ed0a8f632cafd5409175e04", 0xf9, 0x100}, {&(0x7f0000000300)="93165c4b99515f4529c31fce4756affaa624bcdd74d8899103b05d66a7d822e2cd67cd8f07e7980cac1f0ec0005086dfececa73ab6d70579af2fb8ebd79f62a180b17b17276d422f6711a25c86a51f2f41978734cb97584eb13e52b84af17141600ad51be0ca1a67f4f56ae4fd43c3cbb25c8d11453ef761757c9139f513a8c163", 0x81, 0x8}, {&(0x7f00000003c0)="a339119052ae4d089a12adcb11c879a6300f75198d17ea2e8b314f5d2e92f474541e072fc530a8ce4b2f9a5ddad7a591c0f13cb1954b8e597ed6532e98fb371c7eb31097c4ec54b9e45962dd11e2c5e567c36ab9905aed9565928621598c79a63d0b5b98d9acb661e6c90d37a71701aeb822b1b669c28b4c39e003104274c2adee1f92a691bf0a605c469ab73ddf61e536ccc71e35ea91fca089d5d074293aa33047bca429c911", 0xa7, 0x3e1}], 0x1000, &(0x7f0000000500)={[{@flushoncommit='flushoncommit'}, {@enospc_debug='enospc_debug'}, {@metadata_ratio={'metadata_ratio', 0x3d, 0xa8}}, {@user_subvol_rm='user_subvol_rm_allowed'}, {@space_cache='space_cache'}, {@ref_verify='ref_verify'}, {@inode_cache='inode_cache'}], [{@measure='measure'}]}) [ 617.335423] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=23092 comm=syz-executor.1 [ 617.352944] x86/PAT: syz-executor.3:23105 freeing invalid memtype [mem 0x00002000-0x00002fff] 03:37:36 executing program 3 (fault-call:6 fault-nth:45): mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000200)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000003c0)='./file0\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffe000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) [ 617.393349] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready 03:37:36 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x4) sendmsg$nl_generic(r0, &(0x7f0000005000)={&(0x7f0000000040)={0x10, 0xf0ffffff00000f00}, 0xc, &(0x7f0000000240)={&(0x7f00000000c0)={0x48, 0x14, 0x207, 0x0, 0x0, {0x2, 0xf0ffff, 0x600}, [@nested={0x0, 0x0, [@typed={0x0, 0x2, @fd}]}]}, 0x24c}}, 0x0) [ 617.544331] overlayfs: filesystem on './file0' not supported as upperdir [ 617.555239] FAULT_INJECTION: forcing a failure. [ 617.555239] name failslab, interval 1, probability 0, space 0, times 0 [ 617.613301] CPU: 1 PID: 23129 Comm: syz-executor.3 Not tainted 4.14.138 #34 [ 617.620463] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 617.629994] Call Trace: [ 617.632607] dump_stack+0x138/0x19c [ 617.636287] should_fail.cold+0x10f/0x159 [ 617.640459] should_failslab+0xdb/0x130 [ 617.644453] kmem_cache_alloc+0x47/0x780 [ 617.648678] ? __lock_is_held+0xb6/0x140 [ 617.652757] ? check_preemption_disabled+0x3c/0x250 [ 617.658116] anon_vma_clone+0xde/0x470 [ 617.662036] anon_vma_fork+0x87/0x4d0 [ 617.665895] copy_process.part.0+0x45e2/0x6a00 [ 617.670517] ? __cleanup_sighand+0x50/0x50 [ 617.674768] ? lock_downgrade+0x6e0/0x6e0 [ 617.678939] _do_fork+0x19e/0xce0 [ 617.682523] ? fork_idle+0x280/0x280 [ 617.686374] ? fput+0xd4/0x150 [ 617.689583] ? SyS_write+0x15e/0x230 [ 617.693401] SyS_clone+0x37/0x50 [ 617.697032] ? sys_vfork+0x30/0x30 [ 617.700599] do_syscall_64+0x1e8/0x640 [ 617.704673] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 617.709707] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 617.714909] RIP: 0033:0x459829 [ 617.718106] RSP: 002b:00007f74f3dd6c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 617.726307] RAX: ffffffffffffffda RBX: 00007f74f3dd6c90 RCX: 0000000000459829 [ 617.733733] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 617.741284] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 617.748754] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f74f3dd76d4 [ 617.756120] R13: 00000000004bfce6 R14: 00000000004d1a38 R15: 0000000000000004 [ 617.815905] x86/PAT: syz-executor.3:23135 freeing invalid memtype [mem 0x00002000-0x00002fff] 03:37:38 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x822102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg$netlink(0xffffffffffffffff, &(0x7f0000001dc0)={0x0, 0x0, &(0x7f00000000c0)=[{0x0, 0xfffffffffffffce2}, {0x0, 0x15e}, {0x0, 0x2c3}, {&(0x7f0000000000)=ANY=[@ANYBLOB="b803010000000020000000000000000000"], 0x9c}], 0x4}, 0x0) r0 = gettid() syz_init_net_socket$nfc_llcp(0x27, 0x3, 0x1) wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x4) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 03:37:38 executing program 0: r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000140)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000000)={0x80006, 0xfffbfffffffeffff, 0x0, 0xffffffffffffffff}) ioctl$DMA_BUF_IOCTL_SYNC(r1, 0x40086200, &(0x7f0000000040)=0x1) 03:37:38 executing program 5: syz_open_dev$sndtimer(&(0x7f0000000100)='/dev/snd/timer\x00', 0x0, 0xc2) r0 = memfd_create(&(0x7f0000000040)='\x00\xac=\x9d\xd2\xdb\xe6\xbf\xb4\b\xedcJ\x8e\x84\xd4N\x12\x9b\x1f\t\xbd\x11+\x86T\x16\xa3\xb3\xae0\x9f9?\xefo\xa4k\x012>\xa1\x9c\x86x\x1c\x9f\x84\x195\xde\x97_\t~\xf3Y\x12\"p^\xc1\x0f', 0x0) pipe2(&(0x7f00000001c0)={0xffffffffffffffff}, 0x80000) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000240)='TIPCv2\x00') sendmsg$TIPC_NL_PUBL_GET(r1, &(0x7f00000004c0)={&(0x7f0000000200), 0xc, &(0x7f0000000400)={&(0x7f0000000700)=ANY=[@ANYBLOB="f800b900ee6059aa5bf14ff6a69df6cf78598587885cc2979be4d33804ce45cf25a023e9d85b90b16d1c4f676e9d8d20b58f8357894ddc76b8621dbea8fcf60e000000000000beb107743e7f8356bb1b4c0de66bec6f53d13682abef3e61e52e81ef49b7", @ANYRES16=r2, @ANYBLOB="00012abd7000fedbdf25070000002400020008000100a400000008000100800000000800010000000000080001000600000068000100080003000000000008000300ff000000380004001400010002004e20e00000020000000000000000200002000a00000000000005ff010000000000000000000000000001060000000c00020008000300f7e50000100001007564703a73797a3100000000140009000800010002000000080002005f03000020000200080002003200000004000400080001000500000008000100fdffffff24000900080001000400000008000200348bffff08000100020000000800010000000100d38e0166af14aef0fed3fe37ccb98b8e1d618758710bcc343515620b7485b2e5d34afd97798864139f9bd4a82584dd5fa513b207b6aed55e6fa9e1a400b4c5cfda809f61fa901ac4e4a13376e03f6d591f4663839b5b00066e998ace"], 0x3}, 0x1, 0x0, 0x0, 0x40000}, 0x20004010) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='Cpuacct.stE\xae\x00', 0x275a, 0x0) r3 = creat(&(0x7f0000000080)='./bus\x00', 0x0) fallocate(r3, 0x0, 0x0, 0x1) read$eventfd(r3, &(0x7f00000003c0), 0x8) fallocate(r0, 0xe, 0x6, 0xffffffffffff5a11) r4 = creat(&(0x7f0000000280)='./bus\x00', 0x80) r5 = socket$inet6(0xa, 0x400000000001, 0x0) r6 = fcntl$getown(r4, 0x9) capget(&(0x7f00000000c0)={0x20080522, r6}, &(0x7f0000000140)={0x1, 0x8000, 0x81, 0x40, 0xfffffffff0520d4f, 0x5}) r7 = dup(r5) ioctl$FICLONE(0xffffffffffffffff, 0x40049409, r5) setsockopt$inet6_tcp_int(r7, 0x6, 0x12, &(0x7f0000000000)=0x7f, 0x4) bind$inet6(r5, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r5, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$SO_BINDTODEVICE(r5, 0x1, 0x19, &(0x7f0000000180)='syz_tun\x00', 0x10) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x400}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r8 = open(&(0x7f0000000440)='./bus\x00', 0x141042, 0x0) ftruncate(r4, 0x800fe) sendfile(r7, r8, 0x0, 0x8000fffffffe) 03:37:38 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca50d5e0bcfe47bf070") mkdir(&(0x7f00000001c0)='./file0\x00', 0x0) mkdir(&(0x7f0000000040)='./file1\x00', 0x0) mount$overlay(0x40000a, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='overlay\x00', 0x0, &(0x7f0000000100)={[{@upperdir={'upperdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './file1'}, 0x5c}], [], 0xf603000000000000}) stat(&(0x7f0000000080)='./file0\x00', &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0}) r2 = request_key(&(0x7f0000000200)='trusted\x00', &(0x7f0000000240)={'syz', 0x1}, &(0x7f0000000280)='upperdir', 0xfffffffffffffffd) keyctl$get_persistent(0x16, r1, r2) 03:37:38 executing program 1: syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c) r1 = dup2(0xffffffffffffffff, 0xffffffffffffffff) listen(r0, 0x80) setsockopt$inet6_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, 0x0, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) sendto$inet6(r2, 0x0, 0xfffffffffffffdc6, 0x20000004, &(0x7f0000000280)={0xa, 0x4e22}, 0x1c) setsockopt$inet6_icmp_ICMP_FILTER(0xffffffffffffffff, 0x1, 0x1, 0x0, 0x0) ioctl$FITRIM(r2, 0xc0185879, &(0x7f0000000000)={0x9, 0x2, 0x100}) syz_genetlink_get_family_id$nbd(0x0) sendmsg$NBD_CMD_STATUS(r1, 0x0, 0x0) write(r2, &(0x7f0000000140)="f3fbd2e58ffbc7bba0679c67fdcd14c4ac2ca59d13f3dea78d6eed67dd8f4381b16d21d186082ea9033a58f1f07f15bacab07e295bf99c00efb43b36dda8b3c81e83786c1021f6feedb7f749", 0x4c) recvfrom$inet6(r2, &(0x7f0000001840)=""/31, 0xfffffe0e, 0x100, &(0x7f0000001880), 0x1c) r3 = accept4(r0, 0x0, 0x0, 0x0) sendto$inet6(r3, &(0x7f00000000c0), 0xfffffdda, 0x0, 0x0, 0x0) 03:37:38 executing program 3 (fault-call:6 fault-nth:46): mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000200)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000003c0)='./file0\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffe000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) 03:37:38 executing program 0: pipe(&(0x7f0000000100)={0xffffffffffffffff}) unshare(0x8000400) vmsplice(r0, 0x0, 0x0, 0x0) [ 619.597281] FAULT_INJECTION: forcing a failure. [ 619.597281] name failslab, interval 1, probability 0, space 0, times 0 [ 619.624944] CPU: 0 PID: 23145 Comm: syz-executor.3 Not tainted 4.14.138 #34 [ 619.632185] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 619.641674] Call Trace: [ 619.644436] dump_stack+0x138/0x19c [ 619.648239] should_fail.cold+0x10f/0x159 [ 619.652416] should_failslab+0xdb/0x130 [ 619.656591] kmem_cache_alloc+0x47/0x780 [ 619.660854] ? anon_vma_chain_link+0x142/0x1a0 [ 619.665583] anon_vma_clone+0xde/0x470 [ 619.669686] anon_vma_fork+0x87/0x4d0 [ 619.673524] copy_process.part.0+0x45e2/0x6a00 [ 619.678156] ? __cleanup_sighand+0x50/0x50 [ 619.682532] ? lock_downgrade+0x6e0/0x6e0 [ 619.686709] _do_fork+0x19e/0xce0 [ 619.690194] ? fork_idle+0x280/0x280 [ 619.694088] ? fput+0xd4/0x150 [ 619.697300] ? SyS_write+0x15e/0x230 [ 619.697875] overlayfs: filesystem on './file0' not supported as upperdir [ 619.701046] SyS_clone+0x37/0x50 [ 619.701056] ? sys_vfork+0x30/0x30 [ 619.701071] do_syscall_64+0x1e8/0x640 [ 619.701080] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 619.701097] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 619.701105] RIP: 0033:0x459829 [ 619.701110] RSP: 002b:00007f74f3dd6c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 619.740563] RAX: ffffffffffffffda RBX: 00007f74f3dd6c90 RCX: 0000000000459829 03:37:38 executing program 5: syz_open_dev$sndtimer(&(0x7f0000000100)='/dev/snd/timer\x00', 0x0, 0xc2) r0 = memfd_create(&(0x7f0000000040)='\x00\xac=\x9d\xd2\xdb\xe6\xbf\xb4\b\xedcJ\x8e\x84\xd4N\x12\x9b\x1f\t\xbd\x11+\x86T\x16\xa3\xb3\xae0\x9f9?\xefo\xa4k\x012>\xa1\x9c\x86x\x1c\x9f\x84\x195\xde\x97_\t~\xf3Y\x12\"p^\xc1\x0f', 0x0) pipe2(&(0x7f00000001c0)={0xffffffffffffffff}, 0x80000) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000240)='TIPCv2\x00') sendmsg$TIPC_NL_PUBL_GET(r1, &(0x7f00000004c0)={&(0x7f0000000200), 0xc, &(0x7f0000000400)={&(0x7f0000000700)=ANY=[@ANYBLOB="f800b900ee6059aa5bf14ff6a69df6cf78598587885cc2979be4d33804ce45cf25a023e9d85b90b16d1c4f676e9d8d20b58f8357894ddc76b8621dbea8fcf60e000000000000beb107743e7f8356bb1b4c0de66bec6f53d13682abef3e61e52e81ef49b7", @ANYRES16=r2, @ANYBLOB="00012abd7000fedbdf25070000002400020008000100a400000008000100800000000800010000000000080001000600000068000100080003000000000008000300ff000000380004001400010002004e20e00000020000000000000000200002000a00000000000005ff010000000000000000000000000001060000000c00020008000300f7e50000100001007564703a73797a3100000000140009000800010002000000080002005f03000020000200080002003200000004000400080001000500000008000100fdffffff24000900080001000400000008000200348bffff08000100020000000800010000000100d38e0166af14aef0fed3fe37ccb98b8e1d618758710bcc343515620b7485b2e5d34afd97798864139f9bd4a82584dd5fa513b207b6aed55e6fa9e1a400b4c5cfda809f61fa901ac4e4a13376e03f6d591f4663839b5b00066e998ace"], 0x3}, 0x1, 0x0, 0x0, 0x40000}, 0x20004010) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='Cpuacct.stE\xae\x00', 0x275a, 0x0) r3 = creat(&(0x7f0000000080)='./bus\x00', 0x0) fallocate(r3, 0x0, 0x0, 0x1) read$eventfd(r3, &(0x7f00000003c0), 0x8) fallocate(r0, 0xe, 0x6, 0xffffffffffff5a11) r4 = creat(&(0x7f0000000280)='./bus\x00', 0x80) r5 = socket$inet6(0xa, 0x400000000001, 0x0) r6 = fcntl$getown(r4, 0x9) capget(&(0x7f00000000c0)={0x20080522, r6}, &(0x7f0000000140)={0x1, 0x8000, 0x81, 0x40, 0xfffffffff0520d4f, 0x5}) r7 = dup(r5) ioctl$FICLONE(0xffffffffffffffff, 0x40049409, r5) setsockopt$inet6_tcp_int(r7, 0x6, 0x12, &(0x7f0000000000)=0x7f, 0x4) bind$inet6(r5, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r5, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$SO_BINDTODEVICE(r5, 0x1, 0x19, &(0x7f0000000180)='syz_tun\x00', 0x10) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x400}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r8 = open(&(0x7f0000000440)='./bus\x00', 0x141042, 0x0) ftruncate(r4, 0x800fe) sendfile(r7, r8, 0x0, 0x8000fffffffe) 03:37:38 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca50d5e0bcfe47bf070") mkdir(&(0x7f00000001c0)='./file0\x00', 0x0) mount$overlay(0x40000a, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='overlay\x00', 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="757070657264697269723d2e2f66696c65302c776f726b6469723d2e2f66696c65315c0000000000000000000000000000000051123ecc98090033d4d8dad4addc353e120977c24e7204f44b9bda239774eb1c01e7dcf785828c120bd97f5acd1ddc54e9b9e64ad57a6d30f5d25046f1b57facd7e78a9832849659e4592a5e2f05"]) epoll_create(0x82) [ 619.747939] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 619.755229] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 619.762658] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f74f3dd76d4 [ 619.770059] R13: 00000000004bfce6 R14: 00000000004d1a38 R15: 0000000000000004 03:37:38 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x822102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg$netlink(0xffffffffffffffff, &(0x7f0000001dc0)={0x0, 0x0, &(0x7f00000000c0)=[{0x0, 0xfffffffffffffce2}, {0x0, 0x15e}, {0x0, 0x2c3}, {&(0x7f0000000280)=ANY=[@ANYBLOB="b8030100000000200000000000000000000f885587f2a48062d904348d97ba9e7ef003ced4748c09d5ca13de6dbf4e95e17c800d4e09872f028677833fb440835fcb7c9c84123b9781628d6746121b87fc87216f2d886908ce1681947ef246eb71799f7951b305cd008000004ef06601f6bee09111517dd46a28a92415abf927cd3b47f1163c1e1779e5724d372eb6020fecde0a3213c1a674dd132a37b71f077e4d37788be13bf6c7fdae95a5c841c1827d41e17a2ee6097878d7a9e493ce860fb7db5bea7c04000000d28e8a0fba881ec6caf147513c617c325ba858e20c64dcfcec9cc058f39a9dfa11079cbf914bbc2a67e4b50c00"/264], 0x9c}], 0x4}, 0x0) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) fcntl$getflags(r0, 0x401) r1 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) tkill(r1, 0x4) ptrace$cont(0x18, r1, 0x0, 0x0) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) r2 = syz_open_dev$radio(&(0x7f0000000100)='/dev/radio#\x00', 0x2, 0x2) ioctl$KVM_GET_TSC_KHZ(r2, 0xaea3) ptrace$cont(0x7, r1, 0x0, 0x0) 03:37:38 executing program 3 (fault-call:6 fault-nth:47): mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000200)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000003c0)='./file0\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffe000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) 03:37:38 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x822102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg$netlink(0xffffffffffffffff, &(0x7f0000001dc0)={0x0, 0xfffffffffffffc20, &(0x7f00000000c0)=[{0x0, 0xfffffffffffffce2}, {0x0, 0x15e}, {0x0, 0xffffffffffffff9d}, {&(0x7f0000000040)=ANY=[@ANYBLOB="b803010000000020000000000000000000"], 0x9c}], 0x4}, 0x0) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x4) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) [ 619.849511] x86/PAT: syz-executor.3:23167 freeing invalid memtype [mem 0x00002000-0x00002fff] 03:37:38 executing program 0: r0 = socket$inet6(0xa, 0x400000000001, 0x0) pipe2(0x0, 0x0) mknod(0x0, 0x0, 0x0) close(r0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/net/tun\x00', 0x2, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000280)={'\x00\x00\x00\xe6\xff\xff\xff\x00\x00\x00\x00\x00\x02\x00', 0x5002}) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000002c0)=@newlink={0x28, 0x10, 0xc362e63b3f31ba5f, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x3}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0) sendmsg$inet6(0xffffffffffffffff, 0x0, 0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, 0x0, 0x0) r3 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) ftruncate(r3, 0x2007fff) setsockopt$netlink_NETLINK_RX_RING(0xffffffffffffffff, 0x10e, 0x6, 0x0, 0x0) write$P9_RXATTRCREATE(r3, &(0x7f0000000140)={0x383}, 0x7) write$P9_RSETATTR(r3, &(0x7f0000000040)={0x7}, 0x7) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0) sendfile(r0, r3, &(0x7f0000d83ff8), 0x800000000024) creat(0x0, 0x0) [ 619.936294] overlayfs: unrecognized mount option "upperdirir=./file0" or missing value 03:37:39 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x822102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg$netlink(0xffffffffffffffff, &(0x7f0000001dc0)={0x0, 0x0, &(0x7f00000000c0)=[{0x0, 0xfffffffffffffce2}, {0x0, 0x15e}, {0x0, 0x2c3}, {&(0x7f0000000000)=ANY=[@ANYBLOB="b803010000000020000000000000000000"], 0x9c}], 0x4}, 0x0) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x27) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) [ 620.012390] FAULT_INJECTION: forcing a failure. [ 620.012390] name failslab, interval 1, probability 0, space 0, times 0 [ 620.037239] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 620.037792] overlayfs: unrecognized mount option "upperdirir=./file0" or missing value [ 620.090788] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 620.115343] CPU: 1 PID: 23187 Comm: syz-executor.3 Not tainted 4.14.138 #34 [ 620.122842] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 620.132663] Call Trace: [ 620.135276] dump_stack+0x138/0x19c [ 620.138932] should_fail.cold+0x10f/0x159 [ 620.143684] ? anon_vma_clone+0xde/0x470 [ 620.147773] should_failslab+0xdb/0x130 [ 620.151772] kmem_cache_alloc+0x47/0x780 [ 620.156025] ? anon_vma_chain_link+0x142/0x1a0 [ 620.160637] anon_vma_clone+0xde/0x470 [ 620.164550] anon_vma_fork+0x87/0x4d0 [ 620.168373] copy_process.part.0+0x45e2/0x6a00 [ 620.172998] ? __cleanup_sighand+0x50/0x50 [ 620.177418] ? lock_downgrade+0x6e0/0x6e0 [ 620.181854] _do_fork+0x19e/0xce0 [ 620.185336] ? fork_idle+0x280/0x280 [ 620.189069] ? fput+0xd4/0x150 [ 620.192280] ? SyS_write+0x15e/0x230 [ 620.196016] SyS_clone+0x37/0x50 [ 620.199468] ? sys_vfork+0x30/0x30 [ 620.203027] do_syscall_64+0x1e8/0x640 [ 620.206930] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 620.211900] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 620.217104] RIP: 0033:0x459829 [ 620.220658] RSP: 002b:00007f74f3dd6c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 620.228758] RAX: ffffffffffffffda RBX: 00007f74f3dd6c90 RCX: 0000000000459829 03:37:39 executing program 5: syz_open_dev$sndtimer(&(0x7f0000000100)='/dev/snd/timer\x00', 0x0, 0xc2) r0 = memfd_create(&(0x7f0000000040)='\x00\xac=\x9d\xd2\xdb\xe6\xbf\xb4\b\xedcJ\x8e\x84\xd4N\x12\x9b\x1f\t\xbd\x11+\x86T\x16\xa3\xb3\xae0\x9f9?\xefo\xa4k\x012>\xa1\x9c\x86x\x1c\x9f\x84\x195\xde\x97_\t~\xf3Y\x12\"p^\xc1\x0f', 0x0) pipe2(&(0x7f00000001c0)={0xffffffffffffffff}, 0x80000) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000240)='TIPCv2\x00') sendmsg$TIPC_NL_PUBL_GET(r1, &(0x7f00000004c0)={&(0x7f0000000200), 0xc, &(0x7f0000000400)={&(0x7f0000000700)=ANY=[@ANYBLOB="f800b900ee6059aa5bf14ff6a69df6cf78598587885cc2979be4d33804ce45cf25a023e9d85b90b16d1c4f676e9d8d20b58f8357894ddc76b8621dbea8fcf60e000000000000beb107743e7f8356bb1b4c0de66bec6f53d13682abef3e61e52e81ef49b7430113f3811d3f04cf033549732f89d78a", @ANYRES16=r2, @ANYBLOB="00012abd7000fedbdf25070000002400020008000100a400000008000100800000000800010000000000080001000600000068000100080003000000000008000300ff000000380004001400010002004e20e00000020000000000000000200002000a00000000000005ff010000000000000000000000000001060000000c00020008000300f7e50000100001007564703a73797a3100000000140009000800010002000000080002005f03000020000200080002003200000004000400080001000500000008000100fdffffff24000900080001000400000008000200348bffff08000100020000000800010000000100d38e0166af14aef0fed3fe37ccb98b8e1d618758710bcc343515620b7485b2e5d34afd97798864139f9bd4a82584dd5fa513b207b6aed55e6fa9e1a400b4c5cfda809f61fa901ac4e4a13376e03f6d591f4663839b5b00066e998ace"], 0x3}, 0x1, 0x0, 0x0, 0x40000}, 0x20004010) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='Cpuacct.stE\xae\x00', 0x275a, 0x0) r3 = creat(&(0x7f0000000080)='./bus\x00', 0x0) fallocate(r3, 0x0, 0x0, 0x1) read$eventfd(r3, &(0x7f00000003c0), 0x8) fallocate(r0, 0xe, 0x6, 0xffffffffffff5a11) r4 = creat(&(0x7f0000000280)='./bus\x00', 0x80) r5 = socket$inet6(0xa, 0x400000000001, 0x0) r6 = fcntl$getown(r4, 0x9) capget(&(0x7f00000000c0)={0x20080522, r6}, &(0x7f0000000140)={0x1, 0x8000, 0x81, 0x40, 0xfffffffff0520d4f, 0x5}) r7 = dup(r5) ioctl$FICLONE(0xffffffffffffffff, 0x40049409, r5) setsockopt$inet6_tcp_int(r7, 0x6, 0x12, &(0x7f0000000000)=0x7f, 0x4) bind$inet6(r5, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r5, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$SO_BINDTODEVICE(r5, 0x1, 0x19, &(0x7f0000000180)='syz_tun\x00', 0x10) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x400}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r8 = open(&(0x7f0000000440)='./bus\x00', 0x141042, 0x0) ftruncate(r4, 0x800fe) sendfile(r7, r8, 0x0, 0x8000fffffffe) [ 620.236221] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 620.243503] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 620.243510] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f74f3dd76d4 [ 620.243515] R13: 00000000004bfce6 R14: 00000000004d1a38 R15: 0000000000000004 03:37:39 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x822102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg$netlink(0xffffffffffffffff, &(0x7f0000001dc0)={0x0, 0x0, &(0x7f00000000c0)=[{0x0, 0xfffffffffffffce2}, {0x0, 0x15e}, {0x0, 0x2c3}, {&(0x7f0000000000)=ANY=[@ANYBLOB="b803010000000020000000000000000000"], 0x9c}], 0x4}, 0x0) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x4) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x101, 0x0) bind$alg(r1, &(0x7f0000000100)={0x26, 'skcipher\x00', 0x0, 0x0, 'xts(camellia)\x00'}, 0x58) ptrace$cont(0x7, r0, 0x0, 0x0) 03:37:39 executing program 1: pipe(&(0x7f0000000000)) 03:37:39 executing program 2: r0 = syz_open_procfs(0x0, &(0x7f0000000080)='statm\x00') write$P9_RREADLINK(r0, &(0x7f0000000180)={0x10, 0x17, 0x2, {0x7, './file0'}}, 0x10) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="11dca50d5e0bcfe47bf070") mkdir(&(0x7f00000001c0)='./file0\x00', 0x0) write$binfmt_elf64(r1, &(0x7f00000006c0)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x6eba17b8, 0x5, 0xe9c8, 0x2, 0x3, 0x3e, 0x100000000, 0x53, 0x40, 0x30a, 0x4, 0x74, 0x38, 0x1, 0x1b98}, [{0x3, 0x5, 0xcd, 0x3ff, 0x1f, 0x8, 0x100, 0x533a}, {0x7, 0x100000000, 0x2, 0x20, 0x7277, 0x9, 0x7, 0xffffffffffffffc0}], "a17a839dc52cf9a05e423635b0c2bedd7b9ab7bcbb9eb86e3e595a51fd4e77fbf151e3591d36167588f6aea1da73c8419ef51385e4bc640548bbfb6fa63f3d694a63bb3b68109d05e1ee77d05c1e21e344eea9d530b3d931446cfb8db1c34c84b24b8aafa482854e7a80", [[], [], [], [], [], [], [], []]}, 0x91a) r2 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000100)='/dev/autofs\x00', 0xe31f574673929a60, 0x0) sendmsg$nl_crypto(r2, &(0x7f0000000500)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000380)=@del={0x128, 0x11, 0x20, 0x70bd2c, 0x25dfdbfe, {{'aegis128-aesni\x00'}, [], [], 0x400, 0x2400}, [{0x8, 0x1, 0x6}, {0x8, 0x1, 0x4}, {0x8, 0x1, 0x3}, {0x8, 0x1, 0x1}, {0x8, 0x1, 0xadc}, {0x8, 0x1, 0x4}, {0x8, 0x1, 0x3ff}, {0x8, 0x1, 0x101}, {0x8, 0x1, 0x8}]}, 0x128}, 0x1, 0x0, 0x0, 0x20000000}, 0x40) r3 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000140)='/dev/sequencer\x00', 0x725241, 0x0) ioctl$SIOCSIFMTU(r3, 0x8922, &(0x7f0000000200)={'caif0\x00', 0x5}) mkdir(&(0x7f0000000040)='./file1\x00', 0x0) mount$overlay(0x40000a, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='overlay\x00', 0x0, &(0x7f0000000540)=ANY=[@ANYBLOB="75707065726469723d2e2f66696c65302c6c6f7765724469723d2e2f66696c65315c003e445a5c4f47800096903de53504ac9e673fc8f666750b9e0b66a2b2aa1ed08dd2cab639c28572c06ece4806cdb3029e529c4f69600eabd62d3f4a05708b0539d4b0c4a09d1412884a79e48a3f09e5d6e5b666684ee3d3614f3baa4ab851890b7687857dc362f118d65997496791990dac3c90ce00000000000000000000000000000021360e2dd0c4a0d7214b67df987b7dd90658da6e5c5b0f2efd5beba8cf466ce617faec1ed8f02c4ea13ead69578f2b5e52ad28181268e5a550ddfcc7f74d25fd51d9234ab15cdaa005cbd59f0871574cf4c6e7048b1a1d7ad260723c78edd3899e9eee15f9c07cfbe31f07380000000000000200f8660cb429e226055e090a2c6617411eb8e2e45b4c5446f1586aab60a782d05c398813087679dd2f16c13df49b2b2122dff4325e064d43f325bed7231ea3bb4f32635cc658759a104842a82a2042d8ad216e610d0b6a45f3eb2550b2232b1bba5c"]) 03:37:39 executing program 5: syz_open_dev$sndtimer(&(0x7f0000000100)='/dev/snd/timer\x00', 0x0, 0xc2) r0 = memfd_create(&(0x7f0000000040)='\x00\xac=\x9d\xd2\xdb\xe6\xbf\xb4\b\xedcJ\x8e\x84\xd4N\x12\x9b\x1f\t\xbd\x11+\x86T\x16\xa3\xb3\xae0\x9f9?\xefo\xa4k\x012>\xa1\x9c\x86x\x1c\x9f\x84\x195\xde\x97_\t~\xf3Y\x12\"p^\xc1\x0f', 0x0) pipe2(&(0x7f00000001c0)={0xffffffffffffffff}, 0x80000) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000240)='TIPCv2\x00') sendmsg$TIPC_NL_PUBL_GET(r1, &(0x7f00000004c0)={&(0x7f0000000200), 0xc, &(0x7f0000000400)={&(0x7f0000000700)=ANY=[@ANYBLOB="f800b900ee6059aa5bf14ff6a69df6cf78598587885cc2979be4d33804ce45cf25a023e9d85b90b16d1c4f676e9d8d20b58f8357894ddc76b8621dbea8fcf60e000000000000beb107743e7f8356bb1b4c0de66bec6f53d13682abef3e61e52e81ef49b7430113f3811d3f04cf033549732f89d78a", @ANYRES16=r2, @ANYBLOB="00012abd7000fedbdf25070000002400020008000100a400000008000100800000000800010000000000080001000600000068000100080003000000000008000300ff000000380004001400010002004e20e00000020000000000000000200002000a00000000000005ff010000000000000000000000000001060000000c00020008000300f7e50000100001007564703a73797a3100000000140009000800010002000000080002005f03000020000200080002003200000004000400080001000500000008000100fdffffff24000900080001000400000008000200348bffff08000100020000000800010000000100d38e0166af14aef0fed3fe37ccb98b8e1d618758710bcc343515620b7485b2e5d34afd97798864139f9bd4a82584dd5fa513b207b6aed55e6fa9e1a400b4c5cfda809f61fa901ac4e4a13376e03f6d591f4663839b5b00066e998ace"], 0x3}, 0x1, 0x0, 0x0, 0x40000}, 0x20004010) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='Cpuacct.stE\xae\x00', 0x275a, 0x0) r3 = creat(&(0x7f0000000080)='./bus\x00', 0x0) fallocate(r3, 0x0, 0x0, 0x1) read$eventfd(r3, &(0x7f00000003c0), 0x8) fallocate(r0, 0xe, 0x6, 0xffffffffffff5a11) r4 = creat(&(0x7f0000000280)='./bus\x00', 0x80) r5 = socket$inet6(0xa, 0x400000000001, 0x0) r6 = fcntl$getown(r4, 0x9) capget(&(0x7f00000000c0)={0x20080522, r6}, &(0x7f0000000140)={0x1, 0x8000, 0x81, 0x40, 0xfffffffff0520d4f, 0x5}) r7 = dup(r5) ioctl$FICLONE(0xffffffffffffffff, 0x40049409, r5) setsockopt$inet6_tcp_int(r7, 0x6, 0x12, &(0x7f0000000000)=0x7f, 0x4) bind$inet6(r5, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r5, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$SO_BINDTODEVICE(r5, 0x1, 0x19, &(0x7f0000000180)='syz_tun\x00', 0x10) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x400}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r8 = open(&(0x7f0000000440)='./bus\x00', 0x141042, 0x0) ftruncate(r4, 0x800fe) sendfile(r7, r8, 0x0, 0x8000fffffffe) 03:37:39 executing program 3 (fault-call:6 fault-nth:48): mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000200)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000003c0)='./file0\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffe000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) 03:37:39 executing program 1: socket$inet6(0xa, 0x0, 0x0) syz_emit_ethernet(0x0, 0x0, 0x0) getsockopt$inet_mreqsrc(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) close(0xffffffffffffffff) openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000002c0)=@newlink={0x28, 0x10, 0xc362e63b3f31ba5f, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x3}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0) 03:37:39 executing program 4: ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f0000000100)) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000140)={0x0, 0x0}) prctl$PR_SET_PTRACER(0x59616d61, r0) clone(0x822102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg$netlink(0xffffffffffffffff, &(0x7f0000001dc0)={0x0, 0x0, &(0x7f00000000c0)=[{0x0, 0xfffffffffffffce2}, {0x0, 0x15e}, {0x0, 0x2c3}, {&(0x7f0000000000)=ANY=[@ANYBLOB="b80301000169b1b3000000000000000000"], 0x9c}], 0x4}, 0x0) r1 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x4) ptrace$cont(0x18, r1, 0x0, 0x0) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) r2 = openat$proc_capi20(0xffffffffffffff9c, &(0x7f0000000040)='/proc/capi/capi20\x00', 0x0, 0x0) ioctl$VFIO_IOMMU_GET_INFO(r2, 0x3b70, &(0x7f0000000080)={0x10}) ptrace$cont(0x7, r1, 0x0, 0x0) [ 620.492528] x86/PAT: syz-executor.3:23212 freeing invalid memtype [mem 0x00002000-0x00002fff] [ 620.522960] overlayfs: unrecognized mount option "lowerDir=./file1\" or missing value [ 620.593608] ptrace attach of "/root/syz-executor.4"[23225] was attempted by "/root/syz-executor.4"[23227] [ 620.607973] overlayfs: unrecognized mount option "lowerDir=./file1\" or missing value [ 620.618231] FAULT_INJECTION: forcing a failure. [ 620.618231] name failslab, interval 1, probability 0, space 0, times 0 [ 620.638318] CPU: 1 PID: 23229 Comm: syz-executor.3 Not tainted 4.14.138 #34 [ 620.645472] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 620.654851] Call Trace: [ 620.657462] dump_stack+0x138/0x19c [ 620.661237] should_fail.cold+0x10f/0x159 [ 620.665408] should_failslab+0xdb/0x130 [ 620.669406] kmem_cache_alloc+0x2d7/0x780 [ 620.673670] ? anon_vma_clone+0x310/0x470 [ 620.677842] anon_vma_fork+0xe9/0x4d0 [ 620.681676] copy_process.part.0+0x45e2/0x6a00 [ 620.686304] ? __cleanup_sighand+0x50/0x50 03:37:39 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca50d5e0bcfe47bf070") setxattr$trusted_overlay_nlink(&(0x7f0000000080)='./file1\x00', &(0x7f0000000140)='trusted.overlay.nlink\x00', &(0x7f00000002c0)={'U-', 0x7748421d}, 0x24, 0x2) mkdir(&(0x7f00000001c0)='./file0\x00', 0x0) r1 = openat$selinux_status(0xffffffffffffff9c, &(0x7f0000000180)='/selinux/status\x00', 0x0, 0x0) ioctl$VHOST_SET_VRING_BUSYLOOP_TIMEOUT(r1, 0x4008af23, &(0x7f0000000300)={0x0, 0x59}) mkdir(&(0x7f0000000040)='./file1\x00', 0x0) setxattr$security_ima(&(0x7f0000000200)='./file1\x00', &(0x7f0000000240)='security.ima\x00', &(0x7f0000000280)=@md5={0x1, "55843f289f2fda82c05eb6f0edbd3bd4"}, 0x11, 0x1) mount$overlay(0x40000a, &(0x7f0000000340)='./file0\x00', &(0x7f00000000c0)='overlay\x00', 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB='uppeod0,lowerdir=./file0,workd\\\x00'/42]) [ 620.690705] ? lock_downgrade+0x6e0/0x6e0 [ 620.694881] _do_fork+0x19e/0xce0 [ 620.698440] ? fork_idle+0x280/0x280 [ 620.702175] ? fput+0xd4/0x150 [ 620.705388] ? SyS_write+0x15e/0x230 [ 620.709129] SyS_clone+0x37/0x50 [ 620.712597] ? sys_vfork+0x30/0x30 [ 620.716526] do_syscall_64+0x1e8/0x640 [ 620.720432] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 620.725300] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 620.730740] RIP: 0033:0x459829 [ 620.734114] RSP: 002b:00007f74f3dd6c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 03:37:39 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x822102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg$netlink(0xffffffffffffffff, &(0x7f0000001dc0)={0x0, 0x0, &(0x7f00000000c0)=[{0x0, 0xfffffffffffffce2}, {0x0, 0x15e}, {0x0, 0x2c3}, {&(0x7f0000000000)=ANY=[@ANYBLOB="b803010000000020000000000000000000"], 0x9c}], 0x4}, 0x0) r0 = gettid() r1 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_MRT6_DEL_MFC(r1, 0x29, 0xcd, &(0x7f0000000040)={{0xa, 0x4e21, 0x2, @mcast1, 0x31ef}, {0xa, 0x4e22, 0x5, @local, 0x1}, 0xba, [0xfffffffffffeffff, 0x40000000, 0x8000, 0x0, 0x100000001, 0xfff, 0x3, 0x7fffffff]}, 0x5c) wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x4) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) [ 620.742022] RAX: ffffffffffffffda RBX: 00007f74f3dd6c90 RCX: 0000000000459829 [ 620.747796] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 620.749305] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 620.749312] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 620.749318] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f74f3dd76d4 [ 620.749324] R13: 00000000004bfce6 R14: 00000000004d1a38 R15: 0000000000000004 [ 620.860599] net_ratelimit: 23 callbacks suppressed [ 620.860630] A link change request failed with some changes committed already. Interface K may have been left with an inconsistent configuration, please check. [ 620.871090] x86/PAT: syz-executor.3:23229 freeing invalid memtype [mem 0x00002000-0x00002fff] [ 620.901568] overlayfs: unrecognized mount option "uppeod0" or missing value [ 620.908690] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready 03:37:39 executing program 0: 03:37:39 executing program 5: syz_open_dev$sndtimer(&(0x7f0000000100)='/dev/snd/timer\x00', 0x0, 0xc2) r0 = memfd_create(&(0x7f0000000040)='\x00\xac=\x9d\xd2\xdb\xe6\xbf\xb4\b\xedcJ\x8e\x84\xd4N\x12\x9b\x1f\t\xbd\x11+\x86T\x16\xa3\xb3\xae0\x9f9?\xefo\xa4k\x012>\xa1\x9c\x86x\x1c\x9f\x84\x195\xde\x97_\t~\xf3Y\x12\"p^\xc1\x0f', 0x0) pipe2(&(0x7f00000001c0)={0xffffffffffffffff}, 0x80000) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000240)='TIPCv2\x00') sendmsg$TIPC_NL_PUBL_GET(r1, &(0x7f00000004c0)={&(0x7f0000000200), 0xc, &(0x7f0000000400)={&(0x7f0000000700)=ANY=[@ANYBLOB="f800b900ee6059aa5bf14ff6a69df6cf78598587885cc2979be4d33804ce45cf25a023e9d85b90b16d1c4f676e9d8d20b58f8357894ddc76b8621dbea8fcf60e000000000000beb107743e7f8356bb1b4c0de66bec6f53d13682abef3e61e52e81ef49b7430113f3811d3f04cf033549732f89d78a", @ANYRES16=r2, @ANYBLOB="00012abd7000fedbdf25070000002400020008000100a400000008000100800000000800010000000000080001000600000068000100080003000000000008000300ff000000380004001400010002004e20e00000020000000000000000200002000a00000000000005ff010000000000000000000000000001060000000c00020008000300f7e50000100001007564703a73797a3100000000140009000800010002000000080002005f03000020000200080002003200000004000400080001000500000008000100fdffffff24000900080001000400000008000200348bffff08000100020000000800010000000100d38e0166af14aef0fed3fe37ccb98b8e1d618758710bcc343515620b7485b2e5d34afd97798864139f9bd4a82584dd5fa513b207b6aed55e6fa9e1a400b4c5cfda809f61fa901ac4e4a13376e03f6d591f4663839b5b00066e998ace"], 0x3}, 0x1, 0x0, 0x0, 0x40000}, 0x20004010) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='Cpuacct.stE\xae\x00', 0x275a, 0x0) r3 = creat(&(0x7f0000000080)='./bus\x00', 0x0) fallocate(r3, 0x0, 0x0, 0x1) read$eventfd(r3, &(0x7f00000003c0), 0x8) fallocate(r0, 0xe, 0x6, 0xffffffffffff5a11) r4 = creat(&(0x7f0000000280)='./bus\x00', 0x80) r5 = socket$inet6(0xa, 0x400000000001, 0x0) r6 = fcntl$getown(r4, 0x9) capget(&(0x7f00000000c0)={0x20080522, r6}, &(0x7f0000000140)={0x1, 0x8000, 0x81, 0x40, 0xfffffffff0520d4f, 0x5}) r7 = dup(r5) ioctl$FICLONE(0xffffffffffffffff, 0x40049409, r5) setsockopt$inet6_tcp_int(r7, 0x6, 0x12, &(0x7f0000000000)=0x7f, 0x4) bind$inet6(r5, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r5, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$SO_BINDTODEVICE(r5, 0x1, 0x19, &(0x7f0000000180)='syz_tun\x00', 0x10) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x400}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r8 = open(&(0x7f0000000440)='./bus\x00', 0x141042, 0x0) ftruncate(r4, 0x800fe) sendfile(r7, r8, 0x0, 0x8000fffffffe) 03:37:39 executing program 3 (fault-call:6 fault-nth:49): mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000200)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000003c0)='./file0\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffe000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) 03:37:39 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x822102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg$netlink(0xffffffffffffffff, &(0x7f0000001dc0)={0x0, 0x0, &(0x7f00000000c0)=[{0x0, 0xfffffffffffffce2}, {0x0, 0x15e}, {0x0, 0x2c3}, {&(0x7f0000000000)=ANY=[@ANYBLOB="b803010000000020000000000000000000"], 0x9c}], 0x4}, 0x0) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x4) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) r1 = syz_open_dev$vbi(&(0x7f0000000040)='/dev/vbi#\x00', 0x1, 0x2) accept4$packet(0xffffffffffffffff, &(0x7f0000000080)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @remote}, &(0x7f0000000100)=0x14, 0x800) ioctl$sock_inet6_SIOCSIFDSTADDR(r1, 0x8918, &(0x7f0000000140)={@loopback, 0xf, r2}) 03:37:39 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000200)={0x2, 0x1004e20}, 0x10) connect$inet(r0, &(0x7f00000002c0)={0x2, 0x4e20, @empty}, 0x10) sendto$inet(r0, &(0x7f0000000280)="dd", 0x1, 0x182c7597b70eb164, 0x0, 0xfffffffffffffe72) sendto$inet(r0, &(0x7f00000000c0)="4bba57bee128b2763efc6fe9a8b3160c8c780ced1240f0c62e5e3eb0279e63f863731bcaa461012bf6eb84ad7ffab75a4a2612e2c8a283a01d606b98b8b4793942e744c5", 0x44, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f0000003c80), 0x38e, 0x62, 0x0) [ 620.967737] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 620.991323] overlayfs: unrecognized mount option "uppeod0" or missing value 03:37:40 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca50d5e0bcfe47bf070") bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000200)={0x0, 0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000180)='upperdir'}, 0x30) alarm(0xdc4) ptrace$setregset(0x4205, r1, 0x3, &(0x7f00000002c0)={&(0x7f0000000240)="5839557c290ca827b6bb675ccc36a38877b338ab18c1c71bd94eb28c0ce55baae84b27504f85dbc66315e7f78eb5f95bcf948ebdfbd377489e7f44fa0f6a5974d9d011d67b9ee5f0", 0x48}) mkdir(&(0x7f00000001c0)='./file0\x00', 0x0) mkdir(&(0x7f0000000040)='./file1\x00', 0x0) accept(r0, &(0x7f0000000300)=@tipc=@id, &(0x7f0000000380)=0x80) mount$overlay(0x40000a, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='overlay\x00', 0x0, &(0x7f0000000100)={[{@upperdir={'upperdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './file1'}, 0x5c}], [], 0xf603000000000000}) r2 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x200, 0x0) setsockopt$bt_BT_POWER(r2, 0x112, 0x9, &(0x7f0000000140)=0xffffffffffffffdd, 0x1) [ 621.078120] FAULT_INJECTION: forcing a failure. [ 621.078120] name failslab, interval 1, probability 0, space 0, times 0 [ 621.106632] CPU: 1 PID: 23260 Comm: syz-executor.3 Not tainted 4.14.138 #34 [ 621.111369] protocol 88fb is buggy, dev hsr_slave_0 [ 621.113871] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 621.113876] Call Trace: [ 621.113901] dump_stack+0x138/0x19c [ 621.119415] protocol 88fb is buggy, dev hsr_slave_1 [ 621.128725] should_fail.cold+0x10f/0x159 [ 621.128740] should_failslab+0xdb/0x130 [ 621.128751] kmem_cache_alloc+0x2d7/0x780 [ 621.128760] ? anon_vma_clone+0x310/0x470 [ 621.128775] anon_vma_fork+0x1ce/0x4d0 [ 621.128791] copy_process.part.0+0x45e2/0x6a00 [ 621.128826] ? __cleanup_sighand+0x50/0x50 [ 621.169746] ? lock_downgrade+0x6e0/0x6e0 [ 621.173926] _do_fork+0x19e/0xce0 [ 621.177409] ? fork_idle+0x280/0x280 [ 621.181150] ? fput+0xd4/0x150 [ 621.184366] ? SyS_write+0x15e/0x230 [ 621.188106] SyS_clone+0x37/0x50 [ 621.191488] ? sys_vfork+0x30/0x30 [ 621.195232] do_syscall_64+0x1e8/0x640 [ 621.199138] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 621.204094] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 621.209387] RIP: 0033:0x459829 [ 621.212674] RSP: 002b:00007f74f3dd6c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 621.220401] RAX: ffffffffffffffda RBX: 00007f74f3dd6c90 RCX: 0000000000459829 03:37:40 executing program 0: [ 621.227686] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 621.234973] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 621.242258] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f74f3dd76d4 [ 621.249546] R13: 00000000004bfce6 R14: 00000000004d1a38 R15: 0000000000000004 03:37:40 executing program 3 (fault-call:6 fault-nth:50): mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000200)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000003c0)='./file0\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffe000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) 03:37:40 executing program 5: syz_open_dev$sndtimer(&(0x7f0000000100)='/dev/snd/timer\x00', 0x0, 0xc2) r0 = memfd_create(&(0x7f0000000040)='\x00\xac=\x9d\xd2\xdb\xe6\xbf\xb4\b\xedcJ\x8e\x84\xd4N\x12\x9b\x1f\t\xbd\x11+\x86T\x16\xa3\xb3\xae0\x9f9?\xefo\xa4k\x012>\xa1\x9c\x86x\x1c\x9f\x84\x195\xde\x97_\t~\xf3Y\x12\"p^\xc1\x0f', 0x0) pipe2(&(0x7f00000001c0)={0xffffffffffffffff}, 0x80000) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000240)='TIPCv2\x00') sendmsg$TIPC_NL_PUBL_GET(r1, &(0x7f00000004c0)={&(0x7f0000000200), 0xc, &(0x7f0000000400)={&(0x7f0000000700)=ANY=[@ANYBLOB="f800b900ee6059aa5bf14ff6a69df6cf78598587885cc2979be4d33804ce45cf25a023e9d85b90b16d1c4f676e9d8d20b58f8357894ddc76b8621dbea8fcf60e000000000000beb107743e7f8356bb1b4c0de66bec6f53d13682abef3e61e52e81ef49b7430113f3811d3f04cf033549732f89d78a64aad3db174f0fa2", @ANYRES16=r2, @ANYBLOB="00012abd7000fedbdf25070000002400020008000100a400000008000100800000000800010000000000080001000600000068000100080003000000000008000300ff000000380004001400010002004e20e00000020000000000000000200002000a00000000000005ff010000000000000000000000000001060000000c00020008000300f7e50000100001007564703a73797a3100000000140009000800010002000000080002005f03000020000200080002003200000004000400080001000500000008000100fdffffff24000900080001000400000008000200348bffff08000100020000000800010000000100d38e0166af14aef0fed3fe37ccb98b8e1d618758710bcc343515620b7485b2e5d34afd97798864139f9bd4a82584dd5fa513b207b6aed55e6fa9e1a400b4c5cfda809f61fa901ac4e4a13376e03f6d591f4663839b5b00066e998ace"], 0x3}, 0x1, 0x0, 0x0, 0x40000}, 0x20004010) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='Cpuacct.stE\xae\x00', 0x275a, 0x0) r3 = creat(&(0x7f0000000080)='./bus\x00', 0x0) fallocate(r3, 0x0, 0x0, 0x1) read$eventfd(r3, &(0x7f00000003c0), 0x8) fallocate(r0, 0xe, 0x6, 0xffffffffffff5a11) r4 = creat(&(0x7f0000000280)='./bus\x00', 0x80) r5 = socket$inet6(0xa, 0x400000000001, 0x0) r6 = fcntl$getown(r4, 0x9) capget(&(0x7f00000000c0)={0x20080522, r6}, &(0x7f0000000140)={0x1, 0x8000, 0x81, 0x40, 0xfffffffff0520d4f, 0x5}) r7 = dup(r5) ioctl$FICLONE(0xffffffffffffffff, 0x40049409, r5) setsockopt$inet6_tcp_int(r7, 0x6, 0x12, &(0x7f0000000000)=0x7f, 0x4) bind$inet6(r5, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r5, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$SO_BINDTODEVICE(r5, 0x1, 0x19, &(0x7f0000000180)='syz_tun\x00', 0x10) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x400}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r8 = open(&(0x7f0000000440)='./bus\x00', 0x141042, 0x0) ftruncate(r4, 0x800fe) sendfile(r7, r8, 0x0, 0x8000fffffffe) 03:37:40 executing program 0: syz_emit_ethernet(0x66, &(0x7f0000000000)={@broadcast, @broadcast, [], {@ipv6={0x86dd, {0x0, 0x6, "02290f", 0x30, 0x3a, 0x0, @ipv4, @mcast2, {[], @icmpv6=@pkt_toobig={0x2, 0x0, 0x0, 0x0, {0x0, 0x6, "9433df", 0x0, 0x32, 0x0, @loopback, @dev={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb]}}}}}}}}, 0x0) [ 621.286800] x86/PAT: syz-executor.3:23260 freeing invalid memtype [mem 0x00002000-0x00002fff] [ 621.318160] overlayfs: filesystem on './file0' not supported as upperdir 03:37:40 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca50d5e0bcfe47bf070") mkdir(&(0x7f0000000140)='./file0\x00', 0x40) mkdir(&(0x7f0000000040)='./file1\x00', 0x0) mount$overlay(0x40000a, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='overlay\x00', 0x0, &(0x7f0000000100)={[{@upperdir={'upperdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './file1'}, 0x5c}], [], 0xf603000000000000}) [ 621.350709] protocol 88fb is buggy, dev hsr_slave_0 [ 621.356277] protocol 88fb is buggy, dev hsr_slave_1 [ 621.362000] protocol 88fb is buggy, dev hsr_slave_0 [ 621.367530] protocol 88fb is buggy, dev hsr_slave_1 03:37:40 executing program 0: syz_emit_ethernet(0x46, &(0x7f0000000000)={@local, @local, [], {@ipv6={0x86dd, {0x0, 0x6, "c22df7", 0x10, 0x21, 0x0, @dev={0xfe, 0x80, [0x2, 0x0, 0x0, 0x0, 0x3800000000000000]}, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x300000000000000]}, {[], @dccp={{0x0, 0x0, 0x4, 0x1, 0x0, 0x0, 0x2, 0x2, 0x0, "0087ae", 0x0, "ca8345"}}}}}}}, 0x0) 03:37:40 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000200)={0x2, 0x1004e20}, 0x10) connect$inet(r0, &(0x7f00000002c0)={0x2, 0x4e20, @empty}, 0x10) sendto$inet(r0, &(0x7f0000000280)="dd", 0x1, 0x182c7597b70eb164, 0x0, 0xfffffffffffffe72) sendto$inet(r0, &(0x7f00000000c0)="4bba57bee128b2763efc6fe9a8b3160c8c780ced1240f0c62e5e3eb0279e63f863731bcaa461012bf6eb84ad7ffab75a4a2612e2c8a283a01d606b98b8b4793942e744c5", 0x44, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f0000003c80), 0x38e, 0x62, 0x0) [ 621.428263] FAULT_INJECTION: forcing a failure. [ 621.428263] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 621.533499] CPU: 1 PID: 23282 Comm: syz-executor.3 Not tainted 4.14.138 #34 [ 621.540827] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 621.550472] Call Trace: [ 621.553201] dump_stack+0x138/0x19c [ 621.556864] should_fail.cold+0x10f/0x159 [ 621.561032] ? __might_sleep+0x93/0xb0 [ 621.564939] __alloc_pages_nodemask+0x1d6/0x7a0 [ 621.569623] ? save_stack+0x45/0xd0 [ 621.573402] ? kasan_kmalloc+0xce/0xf0 [ 621.577308] ? kasan_slab_alloc+0xf/0x20 [ 621.581396] ? __alloc_pages_slowpath+0x2930/0x2930 [ 621.586441] alloc_pages_current+0xec/0x1e0 [ 621.590786] pte_alloc_one+0x1a/0x100 [ 621.594615] __pte_alloc+0x2a/0x2d0 [ 621.598264] copy_page_range+0x11ba/0x1bd0 [ 621.602524] ? anon_vma_fork+0x358/0x4d0 [ 621.606642] ? __pmd_alloc+0x410/0x410 [ 621.610554] copy_process.part.0+0x4764/0x6a00 [ 621.615178] ? __cleanup_sighand+0x50/0x50 [ 621.619607] ? lock_downgrade+0x6e0/0x6e0 [ 621.623780] _do_fork+0x19e/0xce0 [ 621.627279] ? fork_idle+0x280/0x280 [ 621.631014] ? fput+0xd4/0x150 [ 621.634313] ? SyS_write+0x15e/0x230 [ 621.638048] SyS_clone+0x37/0x50 [ 621.641439] ? sys_vfork+0x30/0x30 [ 621.645084] do_syscall_64+0x1e8/0x640 [ 621.648986] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 621.654268] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 621.659476] RIP: 0033:0x459829 [ 621.662679] RSP: 002b:00007f74f3dd6c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 621.670407] RAX: ffffffffffffffda RBX: 00007f74f3dd6c90 RCX: 0000000000459829 03:37:40 executing program 0: syz_emit_ethernet(0x46, &(0x7f0000000000)={@local, @local, [], {@ipv6={0x86dd, {0x0, 0x6, "c22df7", 0x10, 0x21, 0x0, @dev={0xfe, 0x80, [0x2, 0x0, 0x0, 0x0, 0x3800000000000000]}, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x300000000000000]}, {[], @dccp={{0x0, 0x0, 0x4, 0x1, 0x0, 0x0, 0x2, 0x2, 0x0, "0087ae", 0x0, "ca8345"}}}}}}}, 0x0) [ 621.677692] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 621.685083] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 621.692486] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f74f3dd76d4 [ 621.700020] R13: 00000000004bfce6 R14: 00000000004d1a38 R15: 0000000000000004 03:37:40 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca50d5e0bcfe47bf070") mkdir(&(0x7f00000001c0)='./file0\x00', 0x0) mkdir(&(0x7f0000000040)='./file1\x00', 0x0) mount$overlay(0x40000a, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='overlay\x00', 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="75707065726469723d2e2f66696c65302c6c6f7765726469723d2e2f66696c65302c776f726b6469020b000066696c65315c0038bc69512137287789accf06c35a2bec98035af38f6c298a477315ae77640849258f54fbea414e8f89b31f995728608487c7e4a15ae9a10e4664e25a34cca00b922eb111fd"]) [ 621.784271] x86/PAT: syz-executor.3:23282 freeing invalid memtype [mem 0x00002000-0x00002fff] [ 621.866091] overlayfs: unrecognized mount option "workdi " or missing value [ 621.876630] overlayfs: unrecognized mount option "workdi " or missing value [ 621.990196] protocol 88fb is buggy, dev hsr_slave_0 [ 621.995866] protocol 88fb is buggy, dev hsr_slave_1 03:37:42 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x822102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg$netlink(0xffffffffffffffff, &(0x7f0000001dc0)={0x0, 0x0, &(0x7f00000000c0)=[{0x0, 0xfffffffffffffce2}, {0x0, 0x15e}, {0x0, 0x2c3}, {&(0x7f0000000000)=ANY=[@ANYBLOB="b803010000000020000000000000000000"], 0x9c}], 0x4}, 0x0) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) r1 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dlm_plock\x00', 0x400, 0x0) ioctl$KVM_S390_INTERRUPT_CPU(r1, 0x4010ae94, &(0x7f0000000080)={0x5, 0x4b31e3d3}) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x4) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 03:37:42 executing program 5: syz_open_dev$sndtimer(&(0x7f0000000100)='/dev/snd/timer\x00', 0x0, 0xc2) r0 = memfd_create(&(0x7f0000000040)='\x00\xac=\x9d\xd2\xdb\xe6\xbf\xb4\b\xedcJ\x8e\x84\xd4N\x12\x9b\x1f\t\xbd\x11+\x86T\x16\xa3\xb3\xae0\x9f9?\xefo\xa4k\x012>\xa1\x9c\x86x\x1c\x9f\x84\x195\xde\x97_\t~\xf3Y\x12\"p^\xc1\x0f', 0x0) pipe2(&(0x7f00000001c0)={0xffffffffffffffff}, 0x80000) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000240)='TIPCv2\x00') sendmsg$TIPC_NL_PUBL_GET(r1, &(0x7f00000004c0)={&(0x7f0000000200), 0xc, &(0x7f0000000400)={&(0x7f0000000700)=ANY=[@ANYBLOB="f800b900ee6059aa5bf14ff6a69df6cf78598587885cc2979be4d33804ce45cf25a023e9d85b90b16d1c4f676e9d8d20b58f8357894ddc76b8621dbea8fcf60e000000000000beb107743e7f8356bb1b4c0de66bec6f53d13682abef3e61e52e81ef49b7430113f3811d3f04cf033549732f89d78a64aad3db174f0fa2", @ANYRES16=r2, @ANYBLOB="00012abd7000fedbdf25070000002400020008000100a400000008000100800000000800010000000000080001000600000068000100080003000000000008000300ff000000380004001400010002004e20e00000020000000000000000200002000a00000000000005ff010000000000000000000000000001060000000c00020008000300f7e50000100001007564703a73797a3100000000140009000800010002000000080002005f03000020000200080002003200000004000400080001000500000008000100fdffffff24000900080001000400000008000200348bffff08000100020000000800010000000100d38e0166af14aef0fed3fe37ccb98b8e1d618758710bcc343515620b7485b2e5d34afd97798864139f9bd4a82584dd5fa513b207b6aed55e6fa9e1a400b4c5cfda809f61fa901ac4e4a13376e03f6d591f4663839b5b00066e998ace"], 0x3}, 0x1, 0x0, 0x0, 0x40000}, 0x20004010) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='Cpuacct.stE\xae\x00', 0x275a, 0x0) r3 = creat(&(0x7f0000000080)='./bus\x00', 0x0) fallocate(r3, 0x0, 0x0, 0x1) read$eventfd(r3, &(0x7f00000003c0), 0x8) fallocate(r0, 0xe, 0x6, 0xffffffffffff5a11) r4 = creat(&(0x7f0000000280)='./bus\x00', 0x80) r5 = socket$inet6(0xa, 0x400000000001, 0x0) r6 = fcntl$getown(r4, 0x9) capget(&(0x7f00000000c0)={0x20080522, r6}, &(0x7f0000000140)={0x1, 0x8000, 0x81, 0x40, 0xfffffffff0520d4f, 0x5}) r7 = dup(r5) ioctl$FICLONE(0xffffffffffffffff, 0x40049409, r5) setsockopt$inet6_tcp_int(r7, 0x6, 0x12, &(0x7f0000000000)=0x7f, 0x4) bind$inet6(r5, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r5, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$SO_BINDTODEVICE(r5, 0x1, 0x19, &(0x7f0000000180)='syz_tun\x00', 0x10) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x400}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r8 = open(&(0x7f0000000440)='./bus\x00', 0x141042, 0x0) ftruncate(r4, 0x800fe) sendfile(r7, r8, 0x0, 0x8000fffffffe) 03:37:42 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000200)={0x2, 0x1004e20}, 0x10) connect$inet(r0, &(0x7f00000002c0)={0x2, 0x4e20, @empty}, 0x10) sendto$inet(r0, &(0x7f0000000280)="dd", 0x1, 0x182c7597b70eb164, 0x0, 0xfffffffffffffe72) sendto$inet(r0, &(0x7f00000000c0)="4bba57bee128b2763efc6fe9a8b3160c8c780ced1240f0c62e5e3eb0279e63f863731bcaa461012bf6eb84ad7ffab75a4a2612e2c8a283a01d606b98b8b4793942e744c5", 0x44, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f0000003c80), 0x38e, 0x62, 0x0) 03:37:42 executing program 3 (fault-call:6 fault-nth:51): mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000200)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000003c0)='./file0\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffe000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) 03:37:42 executing program 0: syz_emit_ethernet(0x46, &(0x7f0000000000)={@local, @local, [], {@ipv6={0x86dd, {0x0, 0x6, "c22df7", 0x10, 0x21, 0x0, @dev={0xfe, 0x80, [0x2, 0x0, 0x0, 0x0, 0x3800000000000000]}, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x300000000000000]}, {[], @dccp={{0x0, 0x0, 0x4, 0x1, 0x0, 0x0, 0x2, 0x2, 0x0, "0087ae", 0x0, "ca8345"}}}}}}}, 0x0) 03:37:43 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca50d5e0bcfe47bf070") setsockopt$IP_VS_SO_SET_ZERO(r0, 0x0, 0x48f, &(0x7f0000000040)={0x2f, @remote, 0x4e22, 0xffffffffffffffff, 'lblc\x00', 0x8, 0x8, 0x49}, 0x2c) mkdir(&(0x7f00000001c0)='./file0\x00', 0x10) mount$overlay(0x40000a, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='overlay\x00', 0x0, &(0x7f0000000100)={[{@upperdir={'upperdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './file1'}, 0x5c}], [], 0xf603000000000000}) [ 624.052001] IPVS: set_ctl: invalid protocol: 47 172.20.20.187:20002 [ 624.083318] FAULT_INJECTION: forcing a failure. [ 624.083318] name failslab, interval 1, probability 0, space 0, times 0 03:37:43 executing program 0: syz_emit_ethernet(0x46, &(0x7f0000000000)={@local, @local, [], {@ipv6={0x86dd, {0x0, 0x6, "c22df7", 0x10, 0x21, 0x0, @dev={0xfe, 0x80, [0x2, 0x0, 0x0, 0x0, 0x3800000000000000]}, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x300000000000000]}, {[], @dccp={{0x0, 0x0, 0x4, 0x1, 0x0, 0x0, 0x2, 0x2, 0x0, "0087ae", 0x0, "ca8345"}}}}}}}, 0x0) [ 624.102531] overlayfs: failed to resolve './file1': -2 [ 624.145388] CPU: 0 PID: 23311 Comm: syz-executor.3 Not tainted 4.14.138 #34 [ 624.152532] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 624.161885] Call Trace: [ 624.164478] dump_stack+0x138/0x19c [ 624.168153] should_fail.cold+0x10f/0x159 [ 624.172308] should_failslab+0xdb/0x130 [ 624.176285] kmem_cache_alloc+0x2d7/0x780 [ 624.180440] ptlock_alloc+0x20/0x70 [ 624.184067] pte_alloc_one+0x60/0x100 [ 624.187873] __pte_alloc+0x2a/0x2d0 [ 624.191506] copy_page_range+0x11ba/0x1bd0 [ 624.195763] ? anon_vma_fork+0x358/0x4d0 [ 624.199843] ? __pmd_alloc+0x410/0x410 [ 624.203745] copy_process.part.0+0x4764/0x6a00 [ 624.205801] overlayfs: failed to resolve './file1': -2 [ 624.208359] ? __cleanup_sighand+0x50/0x50 [ 624.208373] ? lock_downgrade+0x6e0/0x6e0 [ 624.222026] _do_fork+0x19e/0xce0 [ 624.225486] ? fork_idle+0x280/0x280 [ 624.229203] ? fput+0xd4/0x150 [ 624.232395] ? SyS_write+0x15e/0x230 [ 624.236114] SyS_clone+0x37/0x50 [ 624.239492] ? sys_vfork+0x30/0x30 03:37:43 executing program 0: syz_emit_ethernet(0x0, 0x0, 0x0) 03:37:43 executing program 5: syz_open_dev$sndtimer(&(0x7f0000000100)='/dev/snd/timer\x00', 0x0, 0xc2) r0 = memfd_create(&(0x7f0000000040)='\x00\xac=\x9d\xd2\xdb\xe6\xbf\xb4\b\xedcJ\x8e\x84\xd4N\x12\x9b\x1f\t\xbd\x11+\x86T\x16\xa3\xb3\xae0\x9f9?\xefo\xa4k\x012>\xa1\x9c\x86x\x1c\x9f\x84\x195\xde\x97_\t~\xf3Y\x12\"p^\xc1\x0f', 0x0) pipe2(&(0x7f00000001c0)={0xffffffffffffffff}, 0x80000) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000240)='TIPCv2\x00') sendmsg$TIPC_NL_PUBL_GET(r1, &(0x7f00000004c0)={&(0x7f0000000200), 0xc, &(0x7f0000000400)={&(0x7f0000000700)=ANY=[@ANYBLOB="f800b900ee6059aa5bf14ff6a69df6cf78598587885cc2979be4d33804ce45cf25a023e9d85b90b16d1c4f676e9d8d20b58f8357894ddc76b8621dbea8fcf60e000000000000beb107743e7f8356bb1b4c0de66bec6f53d13682abef3e61e52e81ef49b7430113f3811d3f04cf033549732f89d78a64aad3db174f0fa2", @ANYRES16=r2, @ANYBLOB="00012abd7000fedbdf25070000002400020008000100a400000008000100800000000800010000000000080001000600000068000100080003000000000008000300ff000000380004001400010002004e20e00000020000000000000000200002000a00000000000005ff010000000000000000000000000001060000000c00020008000300f7e50000100001007564703a73797a3100000000140009000800010002000000080002005f03000020000200080002003200000004000400080001000500000008000100fdffffff24000900080001000400000008000200348bffff08000100020000000800010000000100d38e0166af14aef0fed3fe37ccb98b8e1d618758710bcc343515620b7485b2e5d34afd97798864139f9bd4a82584dd5fa513b207b6aed55e6fa9e1a400b4c5cfda809f61fa901ac4e4a13376e03f6d591f4663839b5b00066e998ace"], 0x3}, 0x1, 0x0, 0x0, 0x40000}, 0x20004010) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='Cpuacct.stE\xae\x00', 0x275a, 0x0) r3 = creat(&(0x7f0000000080)='./bus\x00', 0x0) fallocate(r3, 0x0, 0x0, 0x1) read$eventfd(r3, &(0x7f00000003c0), 0x8) fallocate(r0, 0xe, 0x6, 0xffffffffffff5a11) r4 = creat(&(0x7f0000000280)='./bus\x00', 0x80) r5 = socket$inet6(0xa, 0x400000000001, 0x0) r6 = fcntl$getown(r4, 0x9) capget(&(0x7f00000000c0)={0x20080522, r6}, &(0x7f0000000140)={0x1, 0x8000, 0x81, 0x40, 0xfffffffff0520d4f, 0x5}) r7 = dup(r5) ioctl$FICLONE(0xffffffffffffffff, 0x40049409, r5) setsockopt$inet6_tcp_int(r7, 0x6, 0x12, &(0x7f0000000000)=0x7f, 0x4) bind$inet6(r5, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r5, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$SO_BINDTODEVICE(r5, 0x1, 0x19, &(0x7f0000000180)='syz_tun\x00', 0x10) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x400}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r8 = open(&(0x7f0000000440)='./bus\x00', 0x141042, 0x0) ftruncate(r4, 0x800fe) sendfile(r7, r8, 0x0, 0x8000fffffffe) [ 624.243038] do_syscall_64+0x1e8/0x640 [ 624.246923] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 624.251804] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 624.256999] RIP: 0033:0x459829 [ 624.260222] RSP: 002b:00007f74f3dd6c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 624.267936] RAX: ffffffffffffffda RBX: 00007f74f3dd6c90 RCX: 0000000000459829 [ 624.275226] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 624.275235] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 03:37:43 executing program 0: syz_emit_ethernet(0x0, 0x0, 0x0) [ 624.289786] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f74f3dd76d4 [ 624.297057] R13: 00000000004bfce6 R14: 00000000004d1a38 R15: 0000000000000004 03:37:43 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca50d5e0bcfe47bf070") mkdir(&(0x7f00000001c0)='./file0\x00', 0x0) lseek(r0, 0x0, 0x0) mkdir(&(0x7f0000000040)='./file1\x00', 0x10) r1 = msgget(0x1, 0x100) msgctl$MSG_STAT(r1, 0xb, &(0x7f0000000380)=""/212) getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000000200)={{{@in=@broadcast, @in=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@local}, 0x0, @in=@initdev}}, &(0x7f0000000180)=0xe8) syz_mount_image$xfs(&(0x7f0000000480)='xfs\x00', &(0x7f00000004c0)='./file0\x00', 0x3f, 0x0, &(0x7f0000000500), 0x1, &(0x7f0000000540)={[{@pqnoenforce='pqnoenforce'}, {@nouuid='nouuid'}, {@nouuid='nouuid'}, {@noikeep='noikeep'}], [{@fsmagic={'fsmagic', 0x3d, 0xb7e}}, {@obj_role={'obj_role', 0x3d, 'wlan0(em1selinux'}}, {@smackfsfloor={'smackfsfloor', 0x3d, '}posix_acl_access&+md5sum}-trusted}--selinux'}}]}) fstat(r0, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) lchown(&(0x7f0000000140)='./file1\x00', r2, r3) openat$selinux_avc_cache_threshold(0xffffffffffffff9c, &(0x7f0000000080)='/selinux/avc/cache_threshold\x00', 0x2, 0x0) mount$overlay(0x40000a, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='overlay\x00', 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="69723d2e2f66696c65302c746f7765726487723d2e2f66696c65302c776f726b646908002e2f66696c65315c00"]) 03:37:43 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x822102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg$netlink(0xffffffffffffffff, &(0x7f0000001dc0)={0x0, 0x0, &(0x7f00000000c0)=[{0x0, 0xfffffffffffffce2}, {0x0, 0x15e}, {0x0, 0x2c3}, {&(0x7f0000000000)=ANY=[@ANYBLOB="b803010000000020000000000000000000"], 0x9c}], 0x4}, 0x0) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x4) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) gettid() r1 = syz_open_dev$admmidi(&(0x7f0000000040)='/dev/admmidi#\x00', 0x6, 0x80) getsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, &(0x7f0000000100)={0x0, @in6={{0xa, 0x4e20, 0x1, @mcast1, 0x80}}, 0x800, 0x80000001, 0x3, 0x2, 0x10}, &(0x7f0000000080)=0x98) setsockopt$inet_sctp_SCTP_CONTEXT(r1, 0x84, 0x11, &(0x7f00000001c0)={r2, 0x59}, 0x8) 03:37:43 executing program 0: syz_emit_ethernet(0x0, 0x0, 0x0) 03:37:43 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000200)={0x2, 0x1004e20}, 0x10) connect$inet(r0, &(0x7f00000002c0)={0x2, 0x4e20, @empty}, 0x10) sendto$inet(r0, &(0x7f0000000280)="dd", 0x1, 0x182c7597b70eb164, 0x0, 0xfffffffffffffe72) sendto$inet(r0, &(0x7f00000000c0)="4bba57bee128b2763efc6fe9a8b3160c8c780ced1240f0c62e5e3eb0279e63f863731bcaa461012bf6eb84ad7ffab75a4a2612e2c8a283a01d606b98b8b4793942e744c5", 0x44, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f0000003c80), 0x38e, 0x62, 0x0) 03:37:43 executing program 0: syz_emit_ethernet(0x46, &(0x7f0000000000)={@local, @local, [], {@ipv6={0x86dd, {0x0, 0x6, "c22df7", 0x10, 0x0, 0x0, @dev={0xfe, 0x80, [0x2, 0x0, 0x0, 0x0, 0x3800000000000000]}, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x300000000000000]}, {[], @dccp={{0x0, 0x0, 0x4, 0x1, 0x0, 0x0, 0x2, 0x2, 0x0, "0087ae", 0x0, "ca8345"}}}}}}}, 0x0) 03:37:43 executing program 3 (fault-call:6 fault-nth:52): mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000200)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000003c0)='./file0\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffe000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) [ 624.492485] x86/PAT: syz-executor.3:23311 freeing invalid memtype [mem 0x00002000-0x00002fff] [ 624.517092] XFS (loop2): unknown mount option [fsmagic=0x0000000000000b7e]. 03:37:43 executing program 5: syz_open_dev$sndtimer(&(0x7f0000000100)='/dev/snd/timer\x00', 0x0, 0xc2) r0 = memfd_create(&(0x7f0000000040)='\x00\xac=\x9d\xd2\xdb\xe6\xbf\xb4\b\xedcJ\x8e\x84\xd4N\x12\x9b\x1f\t\xbd\x11+\x86T\x16\xa3\xb3\xae0\x9f9?\xefo\xa4k\x012>\xa1\x9c\x86x\x1c\x9f\x84\x195\xde\x97_\t~\xf3Y\x12\"p^\xc1\x0f', 0x0) pipe2(&(0x7f00000001c0)={0xffffffffffffffff}, 0x80000) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000240)='TIPCv2\x00') sendmsg$TIPC_NL_PUBL_GET(r1, &(0x7f00000004c0)={&(0x7f0000000200), 0xc, &(0x7f0000000400)={&(0x7f0000000700)=ANY=[@ANYBLOB="f800b900ee6059aa5bf14ff6a69df6cf78598587885cc2979be4d33804ce45cf25a023e9d85b90b16d1c4f676e9d8d20b58f8357894ddc76b8621dbea8fcf60e000000000000beb107743e7f8356bb1b4c0de66bec6f53d13682abef3e61e52e81ef49b7430113f3811d3f04cf033549732f89d78a64aad3db174f0fa25aae831e", @ANYRES16=r2, @ANYBLOB="00012abd7000fedbdf25070000002400020008000100a400000008000100800000000800010000000000080001000600000068000100080003000000000008000300ff000000380004001400010002004e20e00000020000000000000000200002000a00000000000005ff010000000000000000000000000001060000000c00020008000300f7e50000100001007564703a73797a3100000000140009000800010002000000080002005f03000020000200080002003200000004000400080001000500000008000100fdffffff24000900080001000400000008000200348bffff08000100020000000800010000000100d38e0166af14aef0fed3fe37ccb98b8e1d618758710bcc343515620b7485b2e5d34afd97798864139f9bd4a82584dd5fa513b207b6aed55e6fa9e1a400b4c5cfda809f61fa901ac4e4a13376e03f6d591f4663839b5b00066e998ace"], 0x3}, 0x1, 0x0, 0x0, 0x40000}, 0x20004010) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='Cpuacct.stE\xae\x00', 0x275a, 0x0) r3 = creat(&(0x7f0000000080)='./bus\x00', 0x0) fallocate(r3, 0x0, 0x0, 0x1) read$eventfd(r3, &(0x7f00000003c0), 0x8) fallocate(r0, 0xe, 0x6, 0xffffffffffff5a11) r4 = creat(&(0x7f0000000280)='./bus\x00', 0x80) r5 = socket$inet6(0xa, 0x400000000001, 0x0) r6 = fcntl$getown(r4, 0x9) capget(&(0x7f00000000c0)={0x20080522, r6}, &(0x7f0000000140)={0x1, 0x8000, 0x81, 0x40, 0xfffffffff0520d4f, 0x5}) r7 = dup(r5) ioctl$FICLONE(0xffffffffffffffff, 0x40049409, r5) setsockopt$inet6_tcp_int(r7, 0x6, 0x12, &(0x7f0000000000)=0x7f, 0x4) bind$inet6(r5, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r5, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$SO_BINDTODEVICE(r5, 0x1, 0x19, &(0x7f0000000180)='syz_tun\x00', 0x10) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x400}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r8 = open(&(0x7f0000000440)='./bus\x00', 0x141042, 0x0) ftruncate(r4, 0x800fe) sendfile(r7, r8, 0x0, 0x8000fffffffe) [ 624.542690] overlayfs: unrecognized mount option "ir=./file0" or missing value 03:37:43 executing program 0: syz_emit_ethernet(0x46, &(0x7f0000000000)={@local, @local, [], {@ipv6={0x86dd, {0x0, 0x6, "c22df7", 0x10, 0x0, 0x0, @dev={0xfe, 0x80, [0x2, 0x0, 0x0, 0x0, 0x3800000000000000]}, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x300000000000000]}, {[], @dccp={{0x0, 0x0, 0x4, 0x1, 0x0, 0x0, 0x2, 0x2, 0x0, "0087ae", 0x0, "ca8345"}}}}}}}, 0x0) 03:37:43 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x822102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg$netlink(0xffffffffffffffff, &(0x7f0000001dc0)={0x0, 0x0, &(0x7f00000000c0)=[{0x0, 0xfffffffffffffce2}, {0x0, 0x15e}, {0x0, 0x2c3}, {&(0x7f0000000000)=ANY=[@ANYBLOB="b803000000000000000000020000000000"], 0x9c}], 0x4}, 0x0) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) socket$bt_hidp(0x1f, 0x3, 0x6) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x4) ptrace$cont(0x18, r0, 0x0, 0x0) r1 = syz_open_dev$vcsa(&(0x7f0000000040)='/dev/vcsa#\x00', 0x1, 0x4000) ioctl$RTC_WIE_OFF(r1, 0x7010) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) [ 624.642673] XFS (loop2): unknown mount option [fsmagic=0x0000000000000b7e]. [ 624.667862] FAULT_INJECTION: forcing a failure. [ 624.667862] name failslab, interval 1, probability 0, space 0, times 0 [ 624.676037] overlayfs: unrecognized mount option "ir=./file0" or missing value 03:37:43 executing program 0: syz_emit_ethernet(0x46, &(0x7f0000000000)={@local, @local, [], {@ipv6={0x86dd, {0x0, 0x6, "c22df7", 0x10, 0x0, 0x0, @dev={0xfe, 0x80, [0x2, 0x0, 0x0, 0x0, 0x3800000000000000]}, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x300000000000000]}, {[], @dccp={{0x0, 0x0, 0x4, 0x1, 0x0, 0x0, 0x2, 0x2, 0x0, "0087ae", 0x0, "ca8345"}}}}}}}, 0x0) [ 624.733985] CPU: 0 PID: 23350 Comm: syz-executor.3 Not tainted 4.14.138 #34 [ 624.741155] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 624.750615] Call Trace: [ 624.753220] dump_stack+0x138/0x19c [ 624.756871] should_fail.cold+0x10f/0x159 [ 624.761033] should_failslab+0xdb/0x130 [ 624.765014] kmem_cache_alloc+0x2d7/0x780 [ 624.769178] copy_process.part.0+0x444f/0x6a00 [ 624.774001] ? __cleanup_sighand+0x50/0x50 [ 624.778239] ? lock_downgrade+0x6e0/0x6e0 [ 624.782405] _do_fork+0x19e/0xce0 [ 624.785865] ? fork_idle+0x280/0x280 [ 624.789589] ? fput+0xd4/0x150 [ 624.792783] ? SyS_write+0x15e/0x230 [ 624.796505] SyS_clone+0x37/0x50 [ 624.799875] ? sys_vfork+0x30/0x30 [ 624.803418] do_syscall_64+0x1e8/0x640 [ 624.807308] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 624.812156] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 624.817344] RIP: 0033:0x459829 [ 624.820542] RSP: 002b:00007f74f3dd6c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 03:37:43 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000200)={0x2, 0x1004e20}, 0x10) connect$inet(r0, &(0x7f00000002c0)={0x2, 0x4e20, @empty}, 0x10) sendto$inet(r0, &(0x7f0000000280)="dd", 0x1, 0x182c7597b70eb164, 0x0, 0xfffffffffffffe72) recvmmsg(r0, &(0x7f0000003c80), 0x38e, 0x62, 0x0) 03:37:43 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x822102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg$netlink(0xffffffffffffffff, &(0x7f0000001dc0)={0x0, 0xfffffffffffffce2, &(0x7f00000000c0), 0x2, 0x0, 0x302}, 0x20000000) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4200, r0, 0x0, 0x42) tkill(r0, 0x4) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 03:37:43 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca50d5e0bcfe47bf070") mkdir(&(0x7f00000001c0)='./file0\x00', 0x10) mkdir(&(0x7f0000000040)='./file1\x00', 0x0) mount$overlay(0x40000a, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='overlay\x00', 0x0, &(0x7f0000000100)={[{@upperdir={'upperdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './file1'}, 0x5c}], [], 0xf603000000000000}) [ 624.828250] RAX: ffffffffffffffda RBX: 00007f74f3dd6c90 RCX: 0000000000459829 [ 624.835515] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 624.845739] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 624.853007] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f74f3dd76d4 [ 624.860277] R13: 00000000004bfce6 R14: 00000000004d1a38 R15: 0000000000000004 03:37:43 executing program 0: syz_emit_ethernet(0x46, &(0x7f0000000000)={@local, @local, [], {@ipv6={0x86dd, {0x0, 0x6, "c22df7", 0x10, 0x21, 0x0, @dev={0xfe, 0x80, [0x2, 0x0, 0x0, 0x0, 0x3800000000000000]}, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x300000000000000]}, {[], @dccp={{0x0, 0x0, 0x4, 0x1, 0x0, 0x0, 0x2, 0x0, 0x0, "0087ae", 0x0, "ca8345"}}}}}}}, 0x0) 03:37:43 executing program 5: syz_open_dev$sndtimer(&(0x7f0000000100)='/dev/snd/timer\x00', 0x0, 0xc2) r0 = memfd_create(&(0x7f0000000040)='\x00\xac=\x9d\xd2\xdb\xe6\xbf\xb4\b\xedcJ\x8e\x84\xd4N\x12\x9b\x1f\t\xbd\x11+\x86T\x16\xa3\xb3\xae0\x9f9?\xefo\xa4k\x012>\xa1\x9c\x86x\x1c\x9f\x84\x195\xde\x97_\t~\xf3Y\x12\"p^\xc1\x0f', 0x0) pipe2(&(0x7f00000001c0)={0xffffffffffffffff}, 0x80000) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000240)='TIPCv2\x00') sendmsg$TIPC_NL_PUBL_GET(r1, &(0x7f00000004c0)={&(0x7f0000000200), 0xc, &(0x7f0000000400)={&(0x7f0000000700)=ANY=[@ANYBLOB="f800b900ee6059aa5bf14ff6a69df6cf78598587885cc2979be4d33804ce45cf25a023e9d85b90b16d1c4f676e9d8d20b58f8357894ddc76b8621dbea8fcf60e000000000000beb107743e7f8356bb1b4c0de66bec6f53d13682abef3e61e52e81ef49b7430113f3811d3f04cf033549732f89d78a64aad3db174f0fa25aae831e", @ANYRES16=r2, @ANYBLOB="00012abd7000fedbdf25070000002400020008000100a400000008000100800000000800010000000000080001000600000068000100080003000000000008000300ff000000380004001400010002004e20e00000020000000000000000200002000a00000000000005ff010000000000000000000000000001060000000c00020008000300f7e50000100001007564703a73797a3100000000140009000800010002000000080002005f03000020000200080002003200000004000400080001000500000008000100fdffffff24000900080001000400000008000200348bffff08000100020000000800010000000100d38e0166af14aef0fed3fe37ccb98b8e1d618758710bcc343515620b7485b2e5d34afd97798864139f9bd4a82584dd5fa513b207b6aed55e6fa9e1a400b4c5cfda809f61fa901ac4e4a13376e03f6d591f4663839b5b00066e998ace"], 0x3}, 0x1, 0x0, 0x0, 0x40000}, 0x20004010) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='Cpuacct.stE\xae\x00', 0x275a, 0x0) r3 = creat(&(0x7f0000000080)='./bus\x00', 0x0) fallocate(r3, 0x0, 0x0, 0x1) read$eventfd(r3, &(0x7f00000003c0), 0x8) fallocate(r0, 0xe, 0x6, 0xffffffffffff5a11) r4 = creat(&(0x7f0000000280)='./bus\x00', 0x80) r5 = socket$inet6(0xa, 0x400000000001, 0x0) r6 = fcntl$getown(r4, 0x9) capget(&(0x7f00000000c0)={0x20080522, r6}, &(0x7f0000000140)={0x1, 0x8000, 0x81, 0x40, 0xfffffffff0520d4f, 0x5}) r7 = dup(r5) ioctl$FICLONE(0xffffffffffffffff, 0x40049409, r5) setsockopt$inet6_tcp_int(r7, 0x6, 0x12, &(0x7f0000000000)=0x7f, 0x4) bind$inet6(r5, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r5, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$SO_BINDTODEVICE(r5, 0x1, 0x19, &(0x7f0000000180)='syz_tun\x00', 0x10) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x400}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r8 = open(&(0x7f0000000440)='./bus\x00', 0x141042, 0x0) ftruncate(r4, 0x800fe) sendfile(r7, r8, 0x0, 0x8000fffffffe) 03:37:43 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x822102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg$netlink(0xffffffffffffffff, &(0x7f0000001dc0)={0x0, 0x0, &(0x7f00000000c0)=[{0x0, 0xfffffffffffffce2}, {0x0, 0x15e}, {0x0, 0x2c3}, {&(0x7f0000000000)=ANY=[@ANYBLOB="00001000"/17], 0x9c}], 0x4}, 0x0) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x4) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x7) 03:37:44 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = syz_open_dev$midi(&(0x7f0000000080)='/dev/midi#\x00', 0x101, 0x101201) write$eventfd(r1, &(0x7f0000000140)=0x486c, 0x8) ioctl(r1, 0x1000008912, &(0x7f0000000000)="11dca50d5e0bcfe47bf070") mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount$overlay(0x40000a, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='overlay\x00', 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="75707065726469723d2e2f66696c65222c6c6f10c5324769723d2e2f66696c65315c00"]) dup2(r0, r0) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x1d, &(0x7f00000001c0)={0x4, [0x0, 0x0, 0x0, 0x0]}, &(0x7f0000000200)=0x14) getsockopt$inet_sctp6_SCTP_RESET_STREAMS(r1, 0x84, 0x77, &(0x7f0000000240)={r2, 0x9, 0x3, [0x8abe, 0x8, 0x1]}, &(0x7f0000000280)=0xe) openat$rfkill(0xffffffffffffff9c, &(0x7f0000000180)='/dev/rfkill\x00', 0x2000, 0x0) ioctl$VFIO_GET_API_VERSION(r0, 0x3b64) [ 624.977398] overlayfs: filesystem on './file0' not supported as upperdir 03:37:44 executing program 3 (fault-call:6 fault-nth:53): mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000200)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000003c0)='./file0\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffe000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) 03:37:44 executing program 0: syz_emit_ethernet(0x46, &(0x7f0000000000)={@local, @local, [], {@ipv6={0x86dd, {0x0, 0x6, "c22df7", 0x10, 0x21, 0x0, @dev={0xfe, 0x80, [0x2, 0x0, 0x0, 0x0, 0x3800000000000000]}, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x300000000000000]}, {[], @dccp={{0x0, 0x0, 0x4, 0x1, 0x0, 0x0, 0x2, 0x0, 0x0, "0087ae", 0x0, "ca8345"}}}}}}}, 0x0) 03:37:44 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x822102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg$netlink(0xffffffffffffffff, &(0x7f0000001dc0)={0x0, 0x0, &(0x7f00000000c0)=[{0x0, 0xfffffffffffffce2}, {0x0, 0x15e}, {0x0, 0x2c3}, {&(0x7f0000000000)=ANY=[@ANYBLOB="b8b374a38c2860d3c830fd4d3f77780300"], 0x9c}], 0x4}, 0x0) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x4) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 03:37:44 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000200)={0x2, 0x1004e20}, 0x10) connect$inet(r0, &(0x7f00000002c0)={0x2, 0x4e20, @empty}, 0x10) sendto$inet(r0, &(0x7f0000000280)="dd", 0x1, 0x182c7597b70eb164, 0x0, 0xfffffffffffffe72) recvmmsg(r0, &(0x7f0000003c80), 0x38e, 0x62, 0x0) [ 625.045655] x86/PAT: syz-executor.3:23350 freeing invalid memtype [mem 0x00002000-0x00002fff] 03:37:44 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000200)={0x2, 0x1004e20}, 0x10) connect$inet(r0, &(0x7f00000002c0)={0x2, 0x4e20, @empty}, 0x10) sendto$inet(r0, &(0x7f0000000280)="dd", 0x1, 0x182c7597b70eb164, 0x0, 0xfffffffffffffe72) recvmmsg(r0, &(0x7f0000003c80), 0x38e, 0x62, 0x0) 03:37:44 executing program 0: syz_emit_ethernet(0x46, &(0x7f0000000000)={@local, @local, [], {@ipv6={0x86dd, {0x0, 0x6, "c22df7", 0x10, 0x21, 0x0, @dev={0xfe, 0x80, [0x2, 0x0, 0x0, 0x0, 0x3800000000000000]}, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x300000000000000]}, {[], @dccp={{0x0, 0x0, 0x4, 0x1, 0x0, 0x0, 0x2, 0x0, 0x0, "0087ae", 0x0, "ca8345"}}}}}}}, 0x0) [ 625.189035] overlayfs: unrecognized mount option "lo2Gir=./file1\" or missing value [ 625.190812] FAULT_INJECTION: forcing a failure. [ 625.190812] name failslab, interval 1, probability 0, space 0, times 0 [ 625.219713] overlayfs: unrecognized mount option "lo2Gir=./file1\" or missing value [ 625.253576] CPU: 1 PID: 23402 Comm: syz-executor.3 Not tainted 4.14.138 #34 [ 625.260719] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 625.270070] Call Trace: [ 625.272663] dump_stack+0x138/0x19c [ 625.276302] should_fail.cold+0x10f/0x159 [ 625.280463] should_failslab+0xdb/0x130 [ 625.284449] kmem_cache_alloc+0x47/0x780 [ 625.288517] ? __lock_is_held+0xb6/0x140 [ 625.292588] ? check_preemption_disabled+0x3c/0x250 [ 625.297612] anon_vma_clone+0xde/0x470 [ 625.301508] anon_vma_fork+0x87/0x4d0 [ 625.305318] copy_process.part.0+0x45e2/0x6a00 [ 625.309931] ? __cleanup_sighand+0x50/0x50 [ 625.314170] ? lock_downgrade+0x6e0/0x6e0 [ 625.318340] _do_fork+0x19e/0xce0 [ 625.321801] ? fork_idle+0x280/0x280 [ 625.325525] ? fput+0xd4/0x150 [ 625.327446] overlayfs: unrecognized mount option "lowrZir=./file0" or missing value [ 625.328723] ? SyS_write+0x15e/0x230 [ 625.328740] SyS_clone+0x37/0x50 [ 625.328750] ? sys_vfork+0x30/0x30 [ 625.328765] do_syscall_64+0x1e8/0x640 03:37:44 executing program 5: syz_open_dev$sndtimer(&(0x7f0000000100)='/dev/snd/timer\x00', 0x0, 0xc2) r0 = memfd_create(&(0x7f0000000040)='\x00\xac=\x9d\xd2\xdb\xe6\xbf\xb4\b\xedcJ\x8e\x84\xd4N\x12\x9b\x1f\t\xbd\x11+\x86T\x16\xa3\xb3\xae0\x9f9?\xefo\xa4k\x012>\xa1\x9c\x86x\x1c\x9f\x84\x195\xde\x97_\t~\xf3Y\x12\"p^\xc1\x0f', 0x0) pipe2(&(0x7f00000001c0)={0xffffffffffffffff}, 0x80000) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000240)='TIPCv2\x00') sendmsg$TIPC_NL_PUBL_GET(r1, &(0x7f00000004c0)={&(0x7f0000000200), 0xc, &(0x7f0000000400)={&(0x7f0000000700)=ANY=[@ANYBLOB="f800b900ee6059aa5bf14ff6a69df6cf78598587885cc2979be4d33804ce45cf25a023e9d85b90b16d1c4f676e9d8d20b58f8357894ddc76b8621dbea8fcf60e000000000000beb107743e7f8356bb1b4c0de66bec6f53d13682abef3e61e52e81ef49b7430113f3811d3f04cf033549732f89d78a64aad3db174f0fa25aae831e", @ANYRES16=r2, @ANYBLOB="00012abd7000fedbdf25070000002400020008000100a400000008000100800000000800010000000000080001000600000068000100080003000000000008000300ff000000380004001400010002004e20e00000020000000000000000200002000a00000000000005ff010000000000000000000000000001060000000c00020008000300f7e50000100001007564703a73797a3100000000140009000800010002000000080002005f03000020000200080002003200000004000400080001000500000008000100fdffffff24000900080001000400000008000200348bffff08000100020000000800010000000100d38e0166af14aef0fed3fe37ccb98b8e1d618758710bcc343515620b7485b2e5d34afd97798864139f9bd4a82584dd5fa513b207b6aed55e6fa9e1a400b4c5cfda809f61fa901ac4e4a13376e03f6d591f4663839b5b00066e998ace"], 0x3}, 0x1, 0x0, 0x0, 0x40000}, 0x20004010) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='Cpuacct.stE\xae\x00', 0x275a, 0x0) r3 = creat(&(0x7f0000000080)='./bus\x00', 0x0) fallocate(r3, 0x0, 0x0, 0x1) read$eventfd(r3, &(0x7f00000003c0), 0x8) fallocate(r0, 0xe, 0x6, 0xffffffffffff5a11) r4 = creat(&(0x7f0000000280)='./bus\x00', 0x80) r5 = socket$inet6(0xa, 0x400000000001, 0x0) r6 = fcntl$getown(r4, 0x9) capget(&(0x7f00000000c0)={0x20080522, r6}, &(0x7f0000000140)={0x1, 0x8000, 0x81, 0x40, 0xfffffffff0520d4f, 0x5}) r7 = dup(r5) ioctl$FICLONE(0xffffffffffffffff, 0x40049409, r5) setsockopt$inet6_tcp_int(r7, 0x6, 0x12, &(0x7f0000000000)=0x7f, 0x4) bind$inet6(r5, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r5, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$SO_BINDTODEVICE(r5, 0x1, 0x19, &(0x7f0000000180)='syz_tun\x00', 0x10) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x400}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r8 = open(&(0x7f0000000440)='./bus\x00', 0x141042, 0x0) ftruncate(r4, 0x800fe) sendfile(r7, r8, 0x0, 0x8000fffffffe) 03:37:44 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x822102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = msgget(0x2, 0xe5f234e87a65e91c) msgctl$IPC_STAT(r0, 0x2, &(0x7f0000000100)=""/129) sendmsg$netlink(0xffffffffffffffff, &(0x7f0000001dc0)={0x0, 0x0, &(0x7f00000000c0)=[{0x0, 0xfffffffffffffce2}, {0x0, 0x15e}, {0x0, 0x2c3}, {&(0x7f0000000000)=ANY=[@ANYBLOB="b80000000920000000000000000000"], 0x9c}], 0x4}, 0x0) r1 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x4) ptrace$cont(0x18, r1, 0x0, 0x0) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r1, 0x0, 0x0) 03:37:44 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup2(r0, r0) bpf$OBJ_PIN_PROG(0x6, &(0x7f0000000240)={&(0x7f0000000200)='./file0\x00', r1}, 0x10) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca50d5e0bcfe47bf070") mkdir(&(0x7f00000001c0)='./file0\x00', 0x0) socket$inet_icmp_raw(0x2, 0x3, 0x1) mkdir(&(0x7f0000000040)='./file1\x00', 0x0) mount$overlay(0x40000a, &(0x7f0000000000)='./file0\x00', &(0x7f0000000080)='overlay\x00', 0x1000000, &(0x7f0000000280)=ANY=[@ANYBLOB="776f726b6469723d2e99ff21e3a8b24a5896f82f66696c65312c6c6f77725a69723d2e2f66696c65302c776f726b6469723d2e2f6669b2ca1f0c8d997d5885bba17e277c65315c00d067218dd825deca33a43da81bbbfeaad711be76bc1d185043c66418c408e9fedfc281cb28cb946f56022e"]) setxattr$security_ima(&(0x7f00000000c0)='./file1\x00', &(0x7f0000000100)='security.ima\x00', &(0x7f0000000140)=ANY=[@ANYBLOB="05001400000000060028f8a23fa9765036f4a351706c8e71c48c25d6329e9d41ccf0869456ca00"/50], 0x32, 0x3) 03:37:44 executing program 0: r0 = syz_open_dev$cec(&(0x7f0000000100)='/dev/cec#\x00', 0x2, 0x2) ioctl$sock_inet6_tcp_SIOCINQ(r0, 0xc04c6100, &(0x7f0000000000)) [ 625.328774] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 625.328791] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 625.341014] overlayfs: unrecognized mount option "lowrZir=./file0" or missing value [ 625.343651] RIP: 0033:0x459829 [ 625.343658] RSP: 002b:00007f74f3dd6c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 625.343670] RAX: ffffffffffffffda RBX: 00007f74f3dd6c90 RCX: 0000000000459829 [ 625.343676] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 625.343682] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 03:37:44 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000200)={0x2, 0x1004e20}, 0x10) connect$inet(r0, &(0x7f00000002c0)={0x2, 0x4e20, @empty}, 0x10) sendto$inet(r0, &(0x7f00000000c0)="4bba57bee128b2763efc6fe9a8b3160c8c780ced1240f0c62e5e3eb0279e63f863731bcaa461012bf6eb84ad7ffab75a4a2612e2c8a283a01d606b98b8b4793942e744c5", 0x44, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f0000003c80), 0x38e, 0x62, 0x0) 03:37:44 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x6, &(0x7f0000000080)="145cae0d5e0bcf883ee6dd") mkdir(&(0x7f0000000140)='./file0\x00', 0x80) mkdir(&(0x7f0000000040)='./file1\x00', 0x0) mount$overlay(0x40000a, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='overlay\x00', 0x0, &(0x7f0000000100)={[{@upperdir={'upperdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './file1'}, 0x5c}], [], 0xf603000000000000}) [ 625.343688] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f74f3dd76d4 [ 625.343694] R13: 00000000004bfce6 R14: 00000000004d1a38 R15: 0000000000000004 03:37:44 executing program 3 (fault-call:6 fault-nth:54): mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000200)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000003c0)='./file0\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffe000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) 03:37:44 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x822102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg$netlink(0xffffffffffffffff, &(0x7f0000001dc0)={0x0, 0x0, &(0x7f00000000c0)=[{0x0, 0xfffffffffffffce2}, {0x0, 0x15e}, {0x0, 0x2c3}, {&(0x7f0000000000)=ANY=[@ANYBLOB="b803010000000020000000000000000000"], 0x9c}], 0x4}, 0x0) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) r1 = syz_open_dev$vcsa(&(0x7f0000000040)='/dev/vcsa#\x00', 0x9, 0x24000) ioctl$RTC_UIE_ON(r1, 0x7003) tkill(r0, 0x4) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 03:37:44 executing program 0: r0 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000940)={&(0x7f0000000780)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x64, 0x64, 0x3, [@func_proto={0x0, 0x6, 0x0, 0xd, 0x0, [{0x0, 0x3}, {0x2, 0x4}, {0x7, 0x5}, {0x0, 0x3}, {0x9, 0x3}, {0x9, 0x5}]}, @var={0x3, 0x0, 0x0, 0xe, 0x1}, @ptr={0x8}, @fwd={0x10}]}, {0x0, [0x0]}}, &(0x7f0000000840)=""/200, 0x7f, 0xc8, 0x1}, 0x20) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x365f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$FIBMAP(r0, 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) futex(0x0, 0x0, 0x0, 0x0, &(0x7f00000002c0), 0x0) ioctl$KDMKTONE(0xffffffffffffffff, 0x4b30, 0x0) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000005c0)='/gro<#\xfbW\xe6\xc6\x0f\x1fKE\xb7M\x99\x9a\x9a\a\xd2\x8f(.\xf6\x18\xa4\xcb:\x9c\xd1-\xce\xa4@\xd8\x99\xc2,e+\x8d\xed\xa6\\\x1c\xc3\x97\x94\xf6\xe0.+\xe3\x89\xde\x139E\xa3\x85\xbd\x81\xe9\xbd\xee\xee\x03\x00\x00\x00\x00\x00\x00\x00[T\x15v$\xc5\xbcq\x9a\t\x9ej5)\x00\x00\x009\x8c4\xc4\x88C\xa2B\x8b\x81\v\xea\t\xf0\x8fw\a\f\x15\xe2\xd0q\xbb\t\xbf\x85\x98q\v\xd8D\xab9(\xf6.\x15\xcd2-\xf2\xc4\xd8\x00a\xd5\xd9\xb5Z\xd7\xb4\xac\x1d_+k\xd6\x8ag\xdceHE\xd5\x1c\x8a\xbd#\xcc\x82\xca\xc2(\xb6\xe1\x99p\x9b\xa3D\xd2\x91\x96\xef\x05\fv\x16\x14\xcc\xea\x9d\x11w\x1e\xb5VG\x9ad\x9a`=^h\x8c8\xc9\"\x1eO\xb5vk\xc9\xcfi\x90\xd7\xd3H\xa1\xb4\xda\v\x17\x95\xf7\x19\x99\x99\x92\xc3\xc0\x8a\x18\xc7\"g\xd7B\x8f\x85\x18\xf3\x02\xa7\xb6\x83\x92\xefY\xef\x85\x92\x10E\x18\xbc\xacy\xd6\xa7Wh\xcd\xd0\xfa\xcc\xde\xeb\xdf\xad\xfd\xb0\xee\xfb\xc2(\x8cj\xd0uj{4\xb2\xe1p\x88u6\x9a;\xaa\x9f+J\x9e\xe3\xcc\xc7O\xad\x84\x8c;\x92~,\x15\xb2\x97\f~\xa0W\x16\x8b\a\x88\xaa\xe4C\xaf\x90\xdf\x7f\xe51\x00/n\xb5f\x1a\x8c+\xea<\xe3N@\x9e\xec\xbe{\x90x\xc6\x95\xe1I\x1d\xcbY\xe1\x01\xd2d\xae\xd1(>\xa3\xa9\x93\x16\xc6G\x94|\x00\x00\x00\x00\x00\x00\x00\x00', 0x2761, 0x0) ioctl$RTC_RD_TIME(r1, 0x80247009, &(0x7f0000000100)) getsockopt$inet_mreq(r1, 0x0, 0x0, &(0x7f0000000000)={@loopback, @multicast2}, &(0x7f0000000040)=0x8) write$cgroup_pid(r1, &(0x7f0000000080), 0xfffffe38) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x80000) r2 = open(&(0x7f0000000080)='./file0\x00', 0x40c5, 0x0) open$dir(&(0x7f0000000380)='./file0\x00', 0x6000, 0x0) write$9p(r2, &(0x7f0000001400)="3b27a4b46ee92b4a59073c369a5e19f9db153c4fdbc76aa2a4bb9f3e5e1aa197a9e97d1016c01813792e50c2692c175aad715d110a892949ccc6e2e54c2d5c8f0b7932b69797f217168b0c1feb128ae34f0daf487a70b5c117acd43725fe17993634f1695dabd7f998cd55e9d5bd911e86aa7a4ad75a574bb96951d6018b25d942a9544bca1ebb0e8d10c092cdcb85797673972099e4041aaf8d636f66cb1103ef2050ad28fabaed33d6927889d97f4b5ce0de71d3fd832980f4f088d0d824e20549b4bbd906ffa51ce9de54d779eb4de462faac20a3ab0ed9934373ca22cea5454f4c2a740cd461e39956bb5f98df2aebc60cf32623adbffbcc378fa7250b6a3fc863dadcf6d4f8b855c4e70f0796eee6218445dad2811dd6b540ff52efa2f167dd9c1b8b016268d37db430983fefc0645d20614c8df2eb0872c58e09664e672b0b6a9970fec199257e1c606ec3e364c66a0f4d258c74accd43b987c756d602fd8787fed3aa43fd8d84e9656d4a413fa9a423bc54b873583d6d497005e54712fafc71384988d80134fbf84f53fdd74b354848006b8b5b67e7cc5a472475d3ae545ca1fcf7628b873e31ba83a98a7ad5b0cfbe9711b517a9a1388ad0efa2a3b4e22152021d631b731e2e100a9831111db7acce948bb5deeea260463c140ac929e77c58402776caf85d4569a75dde2f64c4491508afb541ed9b2c81fc95c06706235f383e31cf662c95b1e49cfd94871e22720a41535756e419b271276941692bd023dd9c9dbec4f7db1e5c00d8b3be7b8e826a6aadd001edd0dfeb00f8048442b5c48456fd642e629dcb2ff55592665ff491cd832672ce4d999da186db2c3a1f8b6b1f7d3750d7cdb3097954e6e14fb2183ad662c63d4ce8b82dc2487f0fe2ea2827b53a7c6dcced878d2fb29c1d3ff583570e7bc172d1a5c716e0447cb08ce3c468ffdf975da372f3f3eb455aaf5822bc04a51b6cad24a2331369df81c123b009a2381b42e9aeb077f621608d81c12a5f5c6c295d74afd4dd5c051296be0b54c70bf899b347c36bff62f313079983409d7f9cf1242c917985c1b5d0736fe21f8514f63d0369a374c42da40bd5140bc3e602d00c3cb4f8e621863ab47422778d67d72de34753fd72cef80649a1548e4e8dcbcffe4054cc9d8a1f922623a75904cbdaacde768131e587269a4a99d82f7009c1b8ab79aa232a2fd45ad71b603803123f6ba979fa6a87525884b08d721a21400fb1f950b96ead82f408cc4388d3b78fb456616429a520656d5e5a876fd04748498902c86f58d45f4c1b3919eb846a00edf07e7a830bf723e4774f085f15534dd3b5246c0c0970b5ad7bb39b30b156a9430378c5b0aab1261c78d72ac301cd552d5e8dd4b642ec1dc0672745d593bb26d095b5b23576e3cfd6ab580f6e09419d0f0c64250fafaa3759aa1888da48d89c3f7c9454b0b3d0ab40445f5bed4493ef43ab08f31b1345ac4ffd94ad79c9eee53904ed6f572817153190d2e6863f2e39356bb99926419fd314341a536b7e76cae60bf7750a4c29e3f4", 0x44a) write$P9_RVERSION(r2, &(0x7f00000000c0)=ANY=[], 0x0) ioctl$GIO_FONTX(r2, 0x4b6b, &(0x7f0000000200)=""/165) sendfile(r2, 0xffffffffffffffff, 0x0, 0x10000) 03:37:44 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000200)={0x2, 0x1004e20}, 0x10) connect$inet(r0, &(0x7f00000002c0)={0x2, 0x4e20, @empty}, 0x10) sendto$inet(r0, &(0x7f00000000c0)="4bba57bee128b2763efc6fe9a8b3160c8c780ced1240f0c62e5e3eb0279e63f863731bcaa461012bf6eb84ad7ffab75a4a2612e2c8a283a01d606b98b8b4793942e744c5", 0x44, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f0000003c80), 0x38e, 0x62, 0x0) [ 625.558173] overlayfs: filesystem on './file0' not supported as upperdir [ 625.597817] x86/PAT: syz-executor.3:23435 freeing invalid memtype [mem 0x00002000-0x00002fff] 03:37:44 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca50d5e0bcfe47bf070") mkdir(&(0x7f00000001c0)='./file0\x00', 0x0) mkdir(&(0x7f0000000040)='./file1\x00', 0x0) mount$overlay(0x40000a, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='overlay\x00', 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=./orkdir=./file1\\\x00']) r1 = openat$full(0xffffffffffffff9c, &(0x7f0000000080)='/dev/full\x00', 0x20040, 0x0) ioctl$EVIOCGPHYS(r1, 0x80404507, &(0x7f0000000200)=""/236) 03:37:44 executing program 5: syz_open_dev$sndtimer(&(0x7f0000000100)='/dev/snd/timer\x00', 0x0, 0xc2) r0 = memfd_create(&(0x7f0000000040)='\x00\xac=\x9d\xd2\xdb\xe6\xbf\xb4\b\xedcJ\x8e\x84\xd4N\x12\x9b\x1f\t\xbd\x11+\x86T\x16\xa3\xb3\xae0\x9f9?\xefo\xa4k\x012>\xa1\x9c\x86x\x1c\x9f\x84\x195\xde\x97_\t~\xf3Y\x12\"p^\xc1\x0f', 0x0) pipe2(&(0x7f00000001c0)={0xffffffffffffffff}, 0x80000) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000240)='TIPCv2\x00') sendmsg$TIPC_NL_PUBL_GET(r1, &(0x7f00000004c0)={&(0x7f0000000200), 0xc, &(0x7f0000000400)={&(0x7f0000000700)=ANY=[@ANYBLOB="f800b900ee6059aa5bf14ff6a69df6cf78598587885cc2979be4d33804ce45cf25a023e9d85b90b16d1c4f676e9d8d20b58f8357894ddc76b8621dbea8fcf60e000000000000beb107743e7f8356bb1b4c0de66bec6f53d13682abef3e61e52e81ef49b7430113f3811d3f04cf033549732f89d78a64aad3db174f0fa25aae831eb197", @ANYRES16=r2, @ANYBLOB="00012abd7000fedbdf25070000002400020008000100a400000008000100800000000800010000000000080001000600000068000100080003000000000008000300ff000000380004001400010002004e20e00000020000000000000000200002000a00000000000005ff010000000000000000000000000001060000000c00020008000300f7e50000100001007564703a73797a3100000000140009000800010002000000080002005f03000020000200080002003200000004000400080001000500000008000100fdffffff24000900080001000400000008000200348bffff08000100020000000800010000000100d38e0166af14aef0fed3fe37ccb98b8e1d618758710bcc343515620b7485b2e5d34afd97798864139f9bd4a82584dd5fa513b207b6aed55e6fa9e1a400b4c5cfda809f61fa901ac4e4a13376e03f6d591f4663839b5b00066e998ace"], 0x3}, 0x1, 0x0, 0x0, 0x40000}, 0x20004010) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='Cpuacct.stE\xae\x00', 0x275a, 0x0) r3 = creat(&(0x7f0000000080)='./bus\x00', 0x0) fallocate(r3, 0x0, 0x0, 0x1) read$eventfd(r3, &(0x7f00000003c0), 0x8) fallocate(r0, 0xe, 0x6, 0xffffffffffff5a11) r4 = creat(&(0x7f0000000280)='./bus\x00', 0x80) r5 = socket$inet6(0xa, 0x400000000001, 0x0) r6 = fcntl$getown(r4, 0x9) capget(&(0x7f00000000c0)={0x20080522, r6}, &(0x7f0000000140)={0x1, 0x8000, 0x81, 0x40, 0xfffffffff0520d4f, 0x5}) r7 = dup(r5) ioctl$FICLONE(0xffffffffffffffff, 0x40049409, r5) setsockopt$inet6_tcp_int(r7, 0x6, 0x12, &(0x7f0000000000)=0x7f, 0x4) bind$inet6(r5, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r5, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$SO_BINDTODEVICE(r5, 0x1, 0x19, &(0x7f0000000180)='syz_tun\x00', 0x10) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x400}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r8 = open(&(0x7f0000000440)='./bus\x00', 0x141042, 0x0) ftruncate(r4, 0x800fe) sendfile(r7, r8, 0x0, 0x8000fffffffe) [ 625.721433] audit: type=1804 audit(2000000264.700:239): pid=23447 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op="invalid_pcr" cause="open_writers" comm="syz-executor.0" name="/root/syzkaller-testdir633786714/syzkaller.cBM8Gq/718/file0" dev="sda1" ino=16642 res=1 03:37:44 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x822102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg$netlink(0xffffffffffffffff, &(0x7f0000001dc0)={0x0, 0x0, &(0x7f00000000c0)=[{0x0, 0xfffffffffffffce2}, {0x0, 0x15e}, {0x0, 0x2c3}, {&(0x7f0000000100)=ANY=[@ANYBLOB="b803010000000020000000000000000000a6b082ca58d0469642135b77bdf1ff38dd4eeafb0782800cf129c036552174c47553816d2f3c1087dca290aef8de6bd8e96194a71b12cc3a078c85b075dbf2b9aafacf013c26977c5486892a48bf238cc09d5424a86c47fc050f33b4b2a6c2208fefa552a501d7f7f29e0e79316e313cb777bcb2"], 0x9c}], 0x3}, 0x0) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x4) ptrace$cont(0x18, r0, 0x0, 0x0) r1 = socket$inet6_dccp(0xa, 0x6, 0x0) getsockopt(r1, 0x10d, 0xc, 0x0, &(0x7f00002bdffc)=0x29f) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) r2 = fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) write$P9_RWALK(r2, &(0x7f0000000000)={0x57, 0x6f, 0x2, {0x6, [{0x4, 0x0, 0x8}, {0x1, 0x2, 0x4}, {0x9ec6e9dfd063cc80, 0x1, 0x5}, {0x4bdb11443f4f5d2c, 0x1, 0x8}, {0x40, 0x3}, {0x55, 0x1, 0x6}]}}, 0x57) ptrace$cont(0x7, r0, 0x0, 0x0) [ 625.803839] FAULT_INJECTION: forcing a failure. [ 625.803839] name failslab, interval 1, probability 0, space 0, times 0 [ 625.853771] overlayfs: missing 'workdir' [ 625.863457] CPU: 0 PID: 23452 Comm: syz-executor.3 Not tainted 4.14.138 #34 [ 625.870579] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 625.879959] Call Trace: [ 625.882562] dump_stack+0x138/0x19c [ 625.886208] should_fail.cold+0x10f/0x159 [ 625.890874] should_failslab+0xdb/0x130 [ 625.894855] kmem_cache_alloc+0x2d7/0x780 [ 625.899027] ? anon_vma_clone+0x310/0x470 [ 625.903186] anon_vma_fork+0xe9/0x4d0 [ 625.903678] audit: type=1800 audit(2000000264.700:240): pid=23447 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op="collect_data" cause="failed(directio)" comm="syz-executor.0" name="file0" dev="sda1" ino=16642 res=0 [ 625.906994] copy_process.part.0+0x45e2/0x6a00 [ 625.907027] ? __cleanup_sighand+0x50/0x50 [ 625.938840] ? lock_downgrade+0x6e0/0x6e0 [ 625.943000] _do_fork+0x19e/0xce0 [ 625.946462] ? fork_idle+0x280/0x280 [ 625.950180] ? fput+0xd4/0x150 [ 625.953377] ? SyS_write+0x15e/0x230 [ 625.957097] SyS_clone+0x37/0x50 [ 625.960463] ? sys_vfork+0x30/0x30 [ 625.964004] do_syscall_64+0x1e8/0x640 [ 625.967890] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 625.972742] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 625.977929] RIP: 0033:0x459829 [ 625.981121] RSP: 002b:00007f74f3dd6c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 625.988836] RAX: ffffffffffffffda RBX: 00007f74f3dd6c90 RCX: 0000000000459829 [ 625.996111] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 03:37:45 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000200)={0x2, 0x1004e20}, 0x10) connect$inet(r0, &(0x7f00000002c0)={0x2, 0x4e20, @empty}, 0x10) sendto$inet(r0, &(0x7f00000000c0)="4bba57bee128b2763efc6fe9a8b3160c8c780ced1240f0c62e5e3eb0279e63f863731bcaa461012bf6eb84ad7ffab75a4a2612e2c8a283a01d606b98b8b4793942e744c5", 0x44, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f0000003c80), 0x38e, 0x62, 0x0) 03:37:45 executing program 5: syz_open_dev$sndtimer(&(0x7f0000000100)='/dev/snd/timer\x00', 0x0, 0xc2) r0 = memfd_create(&(0x7f0000000040)='\x00\xac=\x9d\xd2\xdb\xe6\xbf\xb4\b\xedcJ\x8e\x84\xd4N\x12\x9b\x1f\t\xbd\x11+\x86T\x16\xa3\xb3\xae0\x9f9?\xefo\xa4k\x012>\xa1\x9c\x86x\x1c\x9f\x84\x195\xde\x97_\t~\xf3Y\x12\"p^\xc1\x0f', 0x0) pipe2(&(0x7f00000001c0)={0xffffffffffffffff}, 0x80000) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000240)='TIPCv2\x00') sendmsg$TIPC_NL_PUBL_GET(r1, &(0x7f00000004c0)={&(0x7f0000000200), 0xc, &(0x7f0000000400)={&(0x7f0000000700)=ANY=[@ANYBLOB="f800b900ee6059aa5bf14ff6a69df6cf78598587885cc2979be4d33804ce45cf25a023e9d85b90b16d1c4f676e9d8d20b58f8357894ddc76b8621dbea8fcf60e000000000000beb107743e7f8356bb1b4c0de66bec6f53d13682abef3e61e52e81ef49b7430113f3811d3f04cf033549732f89d78a64aad3db174f0fa25aae831eb197", @ANYRES16=r2, @ANYBLOB="00012abd7000fedbdf25070000002400020008000100a400000008000100800000000800010000000000080001000600000068000100080003000000000008000300ff000000380004001400010002004e20e00000020000000000000000200002000a00000000000005ff010000000000000000000000000001060000000c00020008000300f7e50000100001007564703a73797a3100000000140009000800010002000000080002005f03000020000200080002003200000004000400080001000500000008000100fdffffff24000900080001000400000008000200348bffff08000100020000000800010000000100d38e0166af14aef0fed3fe37ccb98b8e1d618758710bcc343515620b7485b2e5d34afd97798864139f9bd4a82584dd5fa513b207b6aed55e6fa9e1a400b4c5cfda809f61fa901ac4e4a13376e03f6d591f4663839b5b00066e998ace"], 0x3}, 0x1, 0x0, 0x0, 0x40000}, 0x20004010) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='Cpuacct.stE\xae\x00', 0x275a, 0x0) r3 = creat(&(0x7f0000000080)='./bus\x00', 0x0) fallocate(r3, 0x0, 0x0, 0x1) read$eventfd(r3, &(0x7f00000003c0), 0x8) fallocate(r0, 0xe, 0x6, 0xffffffffffff5a11) r4 = creat(&(0x7f0000000280)='./bus\x00', 0x80) r5 = socket$inet6(0xa, 0x400000000001, 0x0) r6 = fcntl$getown(r4, 0x9) capget(&(0x7f00000000c0)={0x20080522, r6}, &(0x7f0000000140)={0x1, 0x8000, 0x81, 0x40, 0xfffffffff0520d4f, 0x5}) r7 = dup(r5) ioctl$FICLONE(0xffffffffffffffff, 0x40049409, r5) setsockopt$inet6_tcp_int(r7, 0x6, 0x12, &(0x7f0000000000)=0x7f, 0x4) bind$inet6(r5, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r5, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$SO_BINDTODEVICE(r5, 0x1, 0x19, &(0x7f0000000180)='syz_tun\x00', 0x10) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x400}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r8 = open(&(0x7f0000000440)='./bus\x00', 0x141042, 0x0) ftruncate(r4, 0x800fe) sendfile(r7, r8, 0x0, 0x8000fffffffe) [ 626.003385] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 626.010657] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f74f3dd76d4 [ 626.018280] R13: 00000000004bfce6 R14: 00000000004d1a38 R15: 0000000000000004 03:37:45 executing program 2: r0 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000080)='/proc/self/net/pfkey\x00', 0x1, 0x0) getsockopt$IP6T_SO_GET_REVISION_MATCH(r0, 0x29, 0x44, &(0x7f0000000140)={'icmp\x00'}, &(0x7f0000000180)=0x1e) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="11dca50d5e0bcfe47bf070") mkdir(&(0x7f00000001c0)='./file0\x00', 0x0) mkdir(&(0x7f0000000040)='./file1\x00', 0x0) openat$full(0xffffffffffffff9c, &(0x7f0000000200)='/dev/full\x00', 0x101000, 0x0) mount$overlay(0x40000a, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='overlay\x00', 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=./file0,wor\x00']) [ 626.052165] audit: type=1800 audit(2000000265.030:241): pid=23447 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op="collect_data" cause="failed(directio)" comm="syz-executor.0" name="file0" dev="sda1" ino=16642 res=0 03:37:45 executing program 0: r0 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r0, &(0x7f00000049c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="11dca50d5e0bcfe47bf070") connect$inet6(r0, &(0x7f0000000080)={0xa, 0x4e26, 0x0, @dev={0xfe, 0x80, [], 0xb}, 0x1}, 0x1c) sendmmsg(r0, &(0x7f00000092c0), 0x4ff, 0x0) [ 626.121835] overlayfs: unrecognized mount option "wor" or missing value [ 626.150943] net_ratelimit: 25 callbacks suppressed [ 626.150987] protocol 88fb is buggy, dev hsr_slave_0 [ 626.161987] protocol 88fb is buggy, dev hsr_slave_1 03:37:45 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca50d5e0bcfe47bf070") mkdir(&(0x7f00000001c0)='./file0\x00', 0x0) mkdir(&(0x7f0000000040)='./file1\x00', 0x0) mount$overlay(0x40000a, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='overlay\x00', 0x0, &(0x7f0000000100)={[{@upperdir={'upperdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './file1'}, 0x5c}], [], 0xf603000000000000}) mmap(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x4, 0x4000010, r0, 0x0) [ 626.168269] protocol 88fb is buggy, dev hsr_slave_0 [ 626.174330] protocol 88fb is buggy, dev hsr_slave_1 03:37:45 executing program 3 (fault-call:6 fault-nth:55): mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000200)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000003c0)='./file0\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffe000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) 03:37:45 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x822102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg$netlink(0xffffffffffffffff, &(0x7f0000001dc0)={0x0, 0x0, &(0x7f00000000c0)=[{0x0, 0xfffffffffffffce2}, {0x0, 0x15e}, {0x0, 0x2c3}, {&(0x7f0000000000)=ANY=[@ANYBLOB="b803010000000020000000000000000000"], 0x9c}], 0x4}, 0x0) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x4) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) r1 = openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dlm-control\x00', 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r1, 0xc1105517, &(0x7f0000000100)={{0x2, 0x4, 0xfffffffffffffffb, 0x1, 'syz0\x00', 0x804}, 0x1, 0x104, 0x8, r0, 0x5, 0x7, 'syz0\x00', &(0x7f0000000080)=['\x00', 'em0vboxnet1\x00', '}\x00', '(-eth0}user^[keyring\\\x00', '&#\xd7\x00'], 0x29, [], [0x80000001, 0x7, 0x0, 0x2]}) ptrace$cont(0x7, r0, 0x0, 0x0) 03:37:45 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000200)={0x2, 0x1004e20}, 0x10) sendto$inet(r0, &(0x7f0000000280)="dd", 0x1, 0x182c7597b70eb164, 0x0, 0xfffffffffffffe72) sendto$inet(r0, &(0x7f00000000c0)="4bba57bee128b2763efc6fe9a8b3160c8c780ced1240f0c62e5e3eb0279e63f863731bcaa461012bf6eb84ad7ffab75a4a2612e2c8a283a01d606b98b8b4793942e744c5", 0x44, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f0000003c80), 0x38e, 0x62, 0x0) 03:37:45 executing program 5: syz_open_dev$sndtimer(&(0x7f0000000100)='/dev/snd/timer\x00', 0x0, 0xc2) r0 = memfd_create(&(0x7f0000000040)='\x00\xac=\x9d\xd2\xdb\xe6\xbf\xb4\b\xedcJ\x8e\x84\xd4N\x12\x9b\x1f\t\xbd\x11+\x86T\x16\xa3\xb3\xae0\x9f9?\xefo\xa4k\x012>\xa1\x9c\x86x\x1c\x9f\x84\x195\xde\x97_\t~\xf3Y\x12\"p^\xc1\x0f', 0x0) pipe2(&(0x7f00000001c0)={0xffffffffffffffff}, 0x80000) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000240)='TIPCv2\x00') sendmsg$TIPC_NL_PUBL_GET(r1, &(0x7f00000004c0)={&(0x7f0000000200), 0xc, &(0x7f0000000400)={&(0x7f0000000700)=ANY=[@ANYBLOB="f800b900ee6059aa5bf14ff6a69df6cf78598587885cc2979be4d33804ce45cf25a023e9d85b90b16d1c4f676e9d8d20b58f8357894ddc76b8621dbea8fcf60e000000000000beb107743e7f8356bb1b4c0de66bec6f53d13682abef3e61e52e81ef49b7430113f3811d3f04cf033549732f89d78a64aad3db174f0fa25aae831eb197", @ANYRES16=r2, @ANYBLOB="00012abd7000fedbdf25070000002400020008000100a400000008000100800000000800010000000000080001000600000068000100080003000000000008000300ff000000380004001400010002004e20e00000020000000000000000200002000a00000000000005ff010000000000000000000000000001060000000c00020008000300f7e50000100001007564703a73797a3100000000140009000800010002000000080002005f03000020000200080002003200000004000400080001000500000008000100fdffffff24000900080001000400000008000200348bffff08000100020000000800010000000100d38e0166af14aef0fed3fe37ccb98b8e1d618758710bcc343515620b7485b2e5d34afd97798864139f9bd4a82584dd5fa513b207b6aed55e6fa9e1a400b4c5cfda809f61fa901ac4e4a13376e03f6d591f4663839b5b00066e998ace"], 0x3}, 0x1, 0x0, 0x0, 0x40000}, 0x20004010) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='Cpuacct.stE\xae\x00', 0x275a, 0x0) r3 = creat(&(0x7f0000000080)='./bus\x00', 0x0) fallocate(r3, 0x0, 0x0, 0x1) read$eventfd(r3, &(0x7f00000003c0), 0x8) fallocate(r0, 0xe, 0x6, 0xffffffffffff5a11) r4 = creat(&(0x7f0000000280)='./bus\x00', 0x80) r5 = socket$inet6(0xa, 0x400000000001, 0x0) r6 = fcntl$getown(r4, 0x9) capget(&(0x7f00000000c0)={0x20080522, r6}, &(0x7f0000000140)={0x1, 0x8000, 0x81, 0x40, 0xfffffffff0520d4f, 0x5}) r7 = dup(r5) ioctl$FICLONE(0xffffffffffffffff, 0x40049409, r5) setsockopt$inet6_tcp_int(r7, 0x6, 0x12, &(0x7f0000000000)=0x7f, 0x4) bind$inet6(r5, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r5, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$SO_BINDTODEVICE(r5, 0x1, 0x19, &(0x7f0000000180)='syz_tun\x00', 0x10) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x400}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r8 = open(&(0x7f0000000440)='./bus\x00', 0x141042, 0x0) ftruncate(r4, 0x800fe) sendfile(r7, r8, 0x0, 0x8000fffffffe) 03:37:45 executing program 2: r0 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000080)='/dev/cachefiles\x00', 0x80000, 0x0) ioctl$IOC_PR_REGISTER(r0, 0x401870c8, &(0x7f0000000140)={0x1, 0x6, 0x1}) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="11dca50d5e0bcfe47bf070") mkdir(&(0x7f00000001c0)='./file0\x00', 0x0) mkdir(&(0x7f0000000040)='./file1\x00', 0x0) mount$overlay(0x40000a, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='overlay\x00', 0x0, &(0x7f0000000100)={[{@upperdir={'upperdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './file1'}, 0x5c}], [], 0xf603000000000000}) [ 626.326279] x86/PAT: syz-executor.3:23452 freeing invalid memtype [mem 0x00002000-0x00002fff] [ 626.335641] audit: type=1400 audit(2000000265.310:242): avc: denied { map } for pid=23479 comm="syz-executor.2" path="socket:[83045]" dev="sockfs" ino=83045 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=rawip_socket permissive=1 [ 626.369322] overlayfs: filesystem on './file0' not supported as upperdir 03:37:45 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000200)={0x2, 0x1004e20}, 0x10) sendto$inet(r0, &(0x7f0000000280)="dd", 0x1, 0x182c7597b70eb164, 0x0, 0xfffffffffffffe72) sendto$inet(r0, &(0x7f00000000c0)="4bba57bee128b2763efc6fe9a8b3160c8c780ced1240f0c62e5e3eb0279e63f863731bcaa461012bf6eb84ad7ffab75a4a2612e2c8a283a01d606b98b8b4793942e744c5", 0x44, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f0000003c80), 0x38e, 0x62, 0x0) [ 626.433644] FAULT_INJECTION: forcing a failure. [ 626.433644] name failslab, interval 1, probability 0, space 0, times 0 03:37:45 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x822102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg$netlink(0xffffffffffffffff, &(0x7f0000001dc0)={0x0, 0x0, &(0x7f00000000c0)=[{0x0, 0xfffffffffffffce2}, {0x0, 0x15e}, {0x0, 0x2c3}, {&(0x7f0000000040)=ANY=[@ANYBLOB="b8030100000027fcbfb152074600000000e63c9924458661fbd615c1dd58"], 0x9c}], 0x4}, 0x0) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x4) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) [ 626.516352] CPU: 0 PID: 23496 Comm: syz-executor.3 Not tainted 4.14.138 #34 [ 626.523573] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 626.532926] Call Trace: [ 626.535522] dump_stack+0x138/0x19c [ 626.539156] should_fail.cold+0x10f/0x159 [ 626.543395] should_failslab+0xdb/0x130 [ 626.547377] kmem_cache_alloc+0x2d7/0x780 [ 626.551528] ? anon_vma_clone+0x310/0x470 [ 626.555685] anon_vma_fork+0x1ce/0x4d0 [ 626.559584] copy_process.part.0+0x45e2/0x6a00 [ 626.564191] ? __cleanup_sighand+0x50/0x50 [ 626.568427] ? lock_downgrade+0x6e0/0x6e0 [ 626.572582] _do_fork+0x19e/0xce0 [ 626.576043] ? fork_idle+0x280/0x280 [ 626.579766] ? fput+0xd4/0x150 [ 626.582970] ? SyS_write+0x15e/0x230 [ 626.587483] SyS_clone+0x37/0x50 [ 626.590849] ? sys_vfork+0x30/0x30 [ 626.594396] do_syscall_64+0x1e8/0x640 [ 626.598283] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 626.603141] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 626.608339] RIP: 0033:0x459829 03:37:45 executing program 5: syz_open_dev$sndtimer(&(0x7f0000000100)='/dev/snd/timer\x00', 0x0, 0xc2) r0 = memfd_create(&(0x7f0000000040)='\x00\xac=\x9d\xd2\xdb\xe6\xbf\xb4\b\xedcJ\x8e\x84\xd4N\x12\x9b\x1f\t\xbd\x11+\x86T\x16\xa3\xb3\xae0\x9f9?\xefo\xa4k\x012>\xa1\x9c\x86x\x1c\x9f\x84\x195\xde\x97_\t~\xf3Y\x12\"p^\xc1\x0f', 0x0) pipe2(&(0x7f00000001c0)={0xffffffffffffffff}, 0x80000) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000240)='TIPCv2\x00') sendmsg$TIPC_NL_PUBL_GET(r1, &(0x7f00000004c0)={&(0x7f0000000200), 0xc, &(0x7f0000000400)={&(0x7f0000000700)=ANY=[@ANYBLOB="f800b900ee6059aa5bf14ff6a69df6cf78598587885cc2979be4d33804ce45cf25a023e9d85b90b16d1c4f676e9d8d20b58f8357894ddc76b8621dbea8fcf60e000000000000beb107743e7f8356bb1b4c0de66bec6f53d13682abef3e61e52e81ef49b7430113f3811d3f04cf033549732f89d78a64aad3db174f0fa25aae831eb19786", @ANYRES16=r2, @ANYBLOB="00012abd7000fedbdf25070000002400020008000100a400000008000100800000000800010000000000080001000600000068000100080003000000000008000300ff000000380004001400010002004e20e00000020000000000000000200002000a00000000000005ff010000000000000000000000000001060000000c00020008000300f7e50000100001007564703a73797a3100000000140009000800010002000000080002005f03000020000200080002003200000004000400080001000500000008000100fdffffff24000900080001000400000008000200348bffff08000100020000000800010000000100d38e0166af14aef0fed3fe37ccb98b8e1d618758710bcc343515620b7485b2e5d34afd97798864139f9bd4a82584dd5fa513b207b6aed55e6fa9e1a400b4c5cfda809f61fa901ac4e4a13376e03f6d591f4663839b5b00066e998ace"], 0x3}, 0x1, 0x0, 0x0, 0x40000}, 0x20004010) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='Cpuacct.stE\xae\x00', 0x275a, 0x0) r3 = creat(&(0x7f0000000080)='./bus\x00', 0x0) fallocate(r3, 0x0, 0x0, 0x1) read$eventfd(r3, &(0x7f00000003c0), 0x8) fallocate(r0, 0xe, 0x6, 0xffffffffffff5a11) r4 = creat(&(0x7f0000000280)='./bus\x00', 0x80) r5 = socket$inet6(0xa, 0x400000000001, 0x0) r6 = fcntl$getown(r4, 0x9) capget(&(0x7f00000000c0)={0x20080522, r6}, &(0x7f0000000140)={0x1, 0x8000, 0x81, 0x40, 0xfffffffff0520d4f, 0x5}) r7 = dup(r5) ioctl$FICLONE(0xffffffffffffffff, 0x40049409, r5) setsockopt$inet6_tcp_int(r7, 0x6, 0x12, &(0x7f0000000000)=0x7f, 0x4) bind$inet6(r5, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r5, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$SO_BINDTODEVICE(r5, 0x1, 0x19, &(0x7f0000000180)='syz_tun\x00', 0x10) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x400}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r8 = open(&(0x7f0000000440)='./bus\x00', 0x141042, 0x0) ftruncate(r4, 0x800fe) sendfile(r7, r8, 0x0, 0x8000fffffffe) 03:37:45 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000200)={0x2, 0x1004e20}, 0x10) sendto$inet(r0, &(0x7f0000000280)="dd", 0x1, 0x182c7597b70eb164, 0x0, 0xfffffffffffffe72) sendto$inet(r0, &(0x7f00000000c0)="4bba57bee128b2763efc6fe9a8b3160c8c780ced1240f0c62e5e3eb0279e63f863731bcaa461012bf6eb84ad7ffab75a4a2612e2c8a283a01d606b98b8b4793942e744c5", 0x44, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f0000003c80), 0x38e, 0x62, 0x0) [ 626.611533] RSP: 002b:00007f74f3dd6c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 626.613398] overlayfs: filesystem on './file0' not supported as upperdir [ 626.619258] RAX: ffffffffffffffda RBX: 00007f74f3dd6c90 RCX: 0000000000459829 [ 626.619264] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 626.619269] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 626.619275] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f74f3dd76d4 [ 626.619281] R13: 00000000004bfce6 R14: 00000000004d1a38 R15: 0000000000000004 03:37:45 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x822102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg$netlink(0xffffffffffffffff, &(0x7f0000001dc0)={0x0, 0x0, &(0x7f00000000c0)=[{0x0, 0xfffffffffffffce2}, {0x0, 0x15e}, {0x0, 0x2c3}, {&(0x7f0000000000)=ANY=[@ANYBLOB="b803010000000020000000000000000000"], 0x9c}], 0x4}, 0x0) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x4) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) tkill(r0, 0xc) [ 626.736185] x86/PAT: syz-executor.3:23496 freeing invalid memtype [mem 0x00002000-0x00002fff] [ 626.950114] protocol 88fb is buggy, dev hsr_slave_0 [ 626.955204] protocol 88fb is buggy, dev hsr_slave_1 03:37:45 executing program 0: prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x80000006, 0x0, 0x0, 0x50000}]}) r0 = inotify_init() write$P9_RFSYNC(r0, 0x0, 0x0) 03:37:45 executing program 2: r0 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000080)='/dev/mixer\x00', 0x800, 0x0) fcntl$addseals(r0, 0x409, 0x2) setsockopt$inet_int(r0, 0x0, 0x14, &(0x7f0000000140)=0x19f1, 0x4) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$SIOCRSGCAUSE(r0, 0x89e0, &(0x7f0000000500)) getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r0, 0x84, 0x22, &(0x7f0000000440)={0x4, 0x208, 0x5, 0x5, 0x0}, &(0x7f0000000480)=0x10) setsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(r0, 0x84, 0xa, &(0x7f00000004c0)={0x8, 0x7, 0x20d, 0x3, 0xffd, 0x1, 0x8, 0x0, r2}, 0x20) renameat2(r0, &(0x7f0000000180)='./file2\x00', r0, &(0x7f00000001c0)='./file1\x00', 0x7) ioctl(r1, 0x1000008912, &(0x7f0000000000)="11dca50d5e0bcfe47bf070") mkdir(&(0x7f0000000200)='./file0\x00', 0x0) socket$inet(0x2, 0x1, 0xffffffff) mkdir(&(0x7f0000000040)='./file1\x00', 0x0) socket$inet(0x2, 0x7, 0x0) mount$overlay(0x40000a, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='overlay\x00', 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="75707065726469723d2e2f66696c65300f036f7765726469723d2e2f66696c65302c736f776b6469723d2f2f66696c65315c00"]) ioctl$VIDIOC_G_PRIORITY(r0, 0x80045643, 0x3) getsockopt$inet_sctp_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f0000000240), &(0x7f0000000280)=0x4) getsockopt$inet_sctp6_SCTP_GET_PEER_ADDR_INFO(r0, 0x84, 0xf, &(0x7f00000002c0)={0x0, @in={{0x2, 0x4e22, @local}}, 0x81, 0x9d, 0xffff, 0x1, 0xc7a}, &(0x7f0000000380)=0x98) getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r0, 0x84, 0x22, &(0x7f00000003c0)={0x6, 0x8000, 0x7ff00000000, 0x3f, r3}, &(0x7f0000000400)=0x10) 03:37:45 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x2, 0x2, 0x0) connect$inet(r0, &(0x7f00000002c0)={0x2, 0x4e20, @empty}, 0x10) sendto$inet(r0, &(0x7f0000000280)="dd", 0x1, 0x182c7597b70eb164, 0x0, 0xfffffffffffffe72) sendto$inet(r0, &(0x7f00000000c0)="4bba57bee128b2763efc6fe9a8b3160c8c780ced1240f0c62e5e3eb0279e63f863731bcaa461012bf6eb84ad7ffab75a4a2612e2c8a283a01d606b98b8b4793942e744c5", 0x44, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f0000003c80), 0x38e, 0x62, 0x0) 03:37:45 executing program 3 (fault-call:6 fault-nth:56): mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000200)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000003c0)='./file0\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffe000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) 03:37:45 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x822102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg$netlink(0xffffffffffffffff, &(0x7f0000001dc0)={0x0, 0x0, &(0x7f00000000c0)=[{0x0, 0xfffffffffffffce2}, {0x0, 0x15e}, {0x0, 0x2c3}, {&(0x7f0000000000)=ANY=[@ANYBLOB="b8030100000000200000000000ae000000"], 0x9c}], 0x4}, 0x0) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x1, 0x1) tkill(r0, 0x4) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$cont(0x7, r0, 0x0, 0x0) 03:37:45 executing program 5: syz_open_dev$sndtimer(&(0x7f0000000100)='/dev/snd/timer\x00', 0x0, 0xc2) r0 = memfd_create(&(0x7f0000000040)='\x00\xac=\x9d\xd2\xdb\xe6\xbf\xb4\b\xedcJ\x8e\x84\xd4N\x12\x9b\x1f\t\xbd\x11+\x86T\x16\xa3\xb3\xae0\x9f9?\xefo\xa4k\x012>\xa1\x9c\x86x\x1c\x9f\x84\x195\xde\x97_\t~\xf3Y\x12\"p^\xc1\x0f', 0x0) pipe2(&(0x7f00000001c0)={0xffffffffffffffff}, 0x80000) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000240)='TIPCv2\x00') sendmsg$TIPC_NL_PUBL_GET(r1, &(0x7f00000004c0)={&(0x7f0000000200), 0xc, &(0x7f0000000400)={&(0x7f0000000700)=ANY=[@ANYBLOB="f800b900ee6059aa5bf14ff6a69df6cf78598587885cc2979be4d33804ce45cf25a023e9d85b90b16d1c4f676e9d8d20b58f8357894ddc76b8621dbea8fcf60e000000000000beb107743e7f8356bb1b4c0de66bec6f53d13682abef3e61e52e81ef49b7430113f3811d3f04cf033549732f89d78a64aad3db174f0fa25aae831eb19786", @ANYRES16=r2, @ANYBLOB="00012abd7000fedbdf25070000002400020008000100a400000008000100800000000800010000000000080001000600000068000100080003000000000008000300ff000000380004001400010002004e20e00000020000000000000000200002000a00000000000005ff010000000000000000000000000001060000000c00020008000300f7e50000100001007564703a73797a3100000000140009000800010002000000080002005f03000020000200080002003200000004000400080001000500000008000100fdffffff24000900080001000400000008000200348bffff08000100020000000800010000000100d38e0166af14aef0fed3fe37ccb98b8e1d618758710bcc343515620b7485b2e5d34afd97798864139f9bd4a82584dd5fa513b207b6aed55e6fa9e1a400b4c5cfda809f61fa901ac4e4a13376e03f6d591f4663839b5b00066e998ace"], 0x3}, 0x1, 0x0, 0x0, 0x40000}, 0x20004010) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='Cpuacct.stE\xae\x00', 0x275a, 0x0) r3 = creat(&(0x7f0000000080)='./bus\x00', 0x0) fallocate(r3, 0x0, 0x0, 0x1) read$eventfd(r3, &(0x7f00000003c0), 0x8) fallocate(r0, 0xe, 0x6, 0xffffffffffff5a11) r4 = creat(&(0x7f0000000280)='./bus\x00', 0x80) r5 = socket$inet6(0xa, 0x400000000001, 0x0) r6 = fcntl$getown(r4, 0x9) capget(&(0x7f00000000c0)={0x20080522, r6}, &(0x7f0000000140)={0x1, 0x8000, 0x81, 0x40, 0xfffffffff0520d4f, 0x5}) r7 = dup(r5) ioctl$FICLONE(0xffffffffffffffff, 0x40049409, r5) setsockopt$inet6_tcp_int(r7, 0x6, 0x12, &(0x7f0000000000)=0x7f, 0x4) bind$inet6(r5, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r5, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$SO_BINDTODEVICE(r5, 0x1, 0x19, &(0x7f0000000180)='syz_tun\x00', 0x10) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x400}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r8 = open(&(0x7f0000000440)='./bus\x00', 0x141042, 0x0) ftruncate(r4, 0x800fe) sendfile(r7, r8, 0x0, 0x8000fffffffe) 03:37:46 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x822102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg$netlink(0xffffffffffffffff, &(0x7f0000001dc0)={0x0, 0x0, &(0x7f00000000c0)=[{0x0, 0xfffffffffffffce2}, {0x0, 0x15e}, {0x0, 0x2c3}, {&(0x7f0000000000)=ANY=[@ANYBLOB="b803010000000020000000000000000000"], 0x9c}], 0x4}, 0x0) r0 = gettid() wait4(r0, 0x0, 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x4) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 03:37:46 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x2, 0x2, 0x0) connect$inet(r0, &(0x7f00000002c0)={0x2, 0x4e20, @empty}, 0x10) sendto$inet(r0, &(0x7f0000000280)="dd", 0x1, 0x182c7597b70eb164, 0x0, 0xfffffffffffffe72) sendto$inet(r0, &(0x7f00000000c0)="4bba57bee128b2763efc6fe9a8b3160c8c780ced1240f0c62e5e3eb0279e63f863731bcaa461012bf6eb84ad7ffab75a4a2612e2c8a283a01d606b98b8b4793942e744c5", 0x44, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f0000003c80), 0x38e, 0x62, 0x0) [ 627.101749] FAULT_INJECTION: forcing a failure. [ 627.101749] name failslab, interval 1, probability 0, space 0, times 0 [ 627.113649] overlayfs: unrecognized mount option "sowkdir=//file1\" or missing value [ 627.137320] CPU: 1 PID: 23544 Comm: syz-executor.3 Not tainted 4.14.138 #34 [ 627.144459] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 627.153817] Call Trace: [ 627.156422] dump_stack+0x138/0x19c [ 627.160070] should_fail.cold+0x10f/0x159 [ 627.164227] should_failslab+0xdb/0x130 [ 627.168206] kmem_cache_alloc+0x2d7/0x780 [ 627.172537] ? anon_vma_clone+0x310/0x470 [ 627.176698] anon_vma_fork+0x1ce/0x4d0 [ 627.180595] copy_process.part.0+0x45e2/0x6a00 [ 627.185204] ? __cleanup_sighand+0x50/0x50 [ 627.189440] ? lock_downgrade+0x6e0/0x6e0 [ 627.193602] _do_fork+0x19e/0xce0 [ 627.197064] ? fork_idle+0x280/0x280 [ 627.200877] ? fput+0xd4/0x150 [ 627.204072] ? SyS_write+0x15e/0x230 [ 627.207793] SyS_clone+0x37/0x50 [ 627.211162] ? sys_vfork+0x30/0x30 [ 627.214705] do_syscall_64+0x1e8/0x640 [ 627.218594] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 627.223447] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 627.228632] RIP: 0033:0x459829 [ 627.231817] RSP: 002b:00007f74f3dd6c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 627.239535] RAX: ffffffffffffffda RBX: 00007f74f3dd6c90 RCX: 0000000000459829 03:37:46 executing program 5: syz_open_dev$sndtimer(&(0x7f0000000100)='/dev/snd/timer\x00', 0x0, 0xc2) r0 = memfd_create(&(0x7f0000000040)='\x00\xac=\x9d\xd2\xdb\xe6\xbf\xb4\b\xedcJ\x8e\x84\xd4N\x12\x9b\x1f\t\xbd\x11+\x86T\x16\xa3\xb3\xae0\x9f9?\xefo\xa4k\x012>\xa1\x9c\x86x\x1c\x9f\x84\x195\xde\x97_\t~\xf3Y\x12\"p^\xc1\x0f', 0x0) pipe2(&(0x7f00000001c0)={0xffffffffffffffff}, 0x80000) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000240)='TIPCv2\x00') sendmsg$TIPC_NL_PUBL_GET(r1, &(0x7f00000004c0)={&(0x7f0000000200), 0xc, &(0x7f0000000400)={&(0x7f0000000700)=ANY=[@ANYBLOB="f800b900ee6059aa5bf14ff6a69df6cf78598587885cc2979be4d33804ce45cf25a023e9d85b90b16d1c4f676e9d8d20b58f8357894ddc76b8621dbea8fcf60e000000000000beb107743e7f8356bb1b4c0de66bec6f53d13682abef3e61e52e81ef49b7430113f3811d3f04cf033549732f89d78a64aad3db174f0fa25aae831eb19786", @ANYRES16=r2, @ANYBLOB="00012abd7000fedbdf25070000002400020008000100a400000008000100800000000800010000000000080001000600000068000100080003000000000008000300ff000000380004001400010002004e20e00000020000000000000000200002000a00000000000005ff010000000000000000000000000001060000000c00020008000300f7e50000100001007564703a73797a3100000000140009000800010002000000080002005f03000020000200080002003200000004000400080001000500000008000100fdffffff24000900080001000400000008000200348bffff08000100020000000800010000000100d38e0166af14aef0fed3fe37ccb98b8e1d618758710bcc343515620b7485b2e5d34afd97798864139f9bd4a82584dd5fa513b207b6aed55e6fa9e1a400b4c5cfda809f61fa901ac4e4a13376e03f6d591f4663839b5b00066e998ace"], 0x3}, 0x1, 0x0, 0x0, 0x40000}, 0x20004010) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='Cpuacct.stE\xae\x00', 0x275a, 0x0) r3 = creat(&(0x7f0000000080)='./bus\x00', 0x0) fallocate(r3, 0x0, 0x0, 0x1) read$eventfd(r3, &(0x7f00000003c0), 0x8) fallocate(r0, 0xe, 0x6, 0xffffffffffff5a11) r4 = creat(&(0x7f0000000280)='./bus\x00', 0x80) r5 = socket$inet6(0xa, 0x400000000001, 0x0) r6 = fcntl$getown(r4, 0x9) capget(&(0x7f00000000c0)={0x20080522, r6}, &(0x7f0000000140)={0x1, 0x8000, 0x81, 0x40, 0xfffffffff0520d4f, 0x5}) r7 = dup(r5) ioctl$FICLONE(0xffffffffffffffff, 0x40049409, r5) setsockopt$inet6_tcp_int(r7, 0x6, 0x12, &(0x7f0000000000)=0x7f, 0x4) bind$inet6(r5, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r5, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$SO_BINDTODEVICE(r5, 0x1, 0x19, &(0x7f0000000180)='syz_tun\x00', 0x10) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x400}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r8 = open(&(0x7f0000000440)='./bus\x00', 0x141042, 0x0) ftruncate(r4, 0x800fe) sendfile(r7, r8, 0x0, 0x8000fffffffe) 03:37:46 executing program 4: gettid() gettid() bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x0, 0x9, &(0x7f0000000000)='security\x00', 0xffffffffffffffff}, 0x30) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000080)) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x9, &(0x7f0000000100)='security\x00', 0xffffffffffffffff}, 0x30) prctl$PR_SET_PTRACER(0x59616d61, r0) clone(0x822102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg$netlink(0xffffffffffffffff, &(0x7f0000001dc0)={0x0, 0x0, &(0x7f00000000c0)=[{0x0, 0xfffffffffffffce2}, {0x0, 0x15e}, {0x0, 0x2c3}, {&(0x7f0000000140)=ANY=[@ANYBLOB="b8030100000000200000000000000000009bdf08d6b2068533a9ebac24e95a8f02582f6ecf271cefd6eff7d031970d7a6c1e4d23851096096ead252fa6040ede13861e2823fd387678560eac151a6fe445d6fb51c6f9e59ba7f4c74b79e5d358a3ca96effe77536eb82d0d36484e372a70d8ba65d53b0e2c0722c56037cdb7251207d4afe943dc7950f0ed660eb859af67a6e4a65cb4c311ebb9d38443c68a605b20c8c68cf5d36bc01afbaad00244325b01181d8883867a02afa4327ace0e0379bb51dedc7d1b01bf4e73f7062cbb896bf0b29376215e90bf3aaf904a662bc5d6802a9b5e3972e16724b8f6240bd65e8c37b5d93d3d03cbbf9246ddb7857cb2b8727156de0af3c499d15131b266bf7dee17d7187b83ff35"], 0x9c}], 0x4}, 0x0) r1 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x4) ptrace$cont(0x18, r1, 0x0, 0x0) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r1, 0x0, 0x0) [ 627.246807] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 627.254080] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 627.261354] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f74f3dd76d4 [ 627.268631] R13: 00000000004bfce6 R14: 00000000004d1a38 R15: 0000000000000004 03:37:46 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, &(0x7f0000001000)=ANY=[@ANYBLOB="bf16000000000000b7070000010000004070000000000000bc700000000000009500000000000000"], &(0x7f0000000140)='vS\xfdIG|\x8aL[\xf2\'\x9c\xea\xb1\xc0\xb1\x19\x91\x9d/Q\xd9\xe3T\xce\xdax;\x02%\xc5\x1c\xd5GA\xad[(\xbblZ\x01\x1dF\x92#]%sj\xd0i\xc6C\x1f&\xe2\xc5\xa5z\x7f\xe1 \xfb\xc27\x03\x84\x8e\xef\x82-\xfc$$\xaf\v\xbd\x95\x1e\x0f\xbeVI\xec\r!\f\x86\xf5\xfb[Y\x1e\xd4\xdfc\xb1\xc8\xa2\xc1/5\xffr\x1f\x80@\xb8F\xea\xde\x93\xa1\xcb6\xee\xf2\xce\x95\xf2\xfdxR\x17F\xad\xc1~\xa2\x97=O^o\"\xbb\xa8\x9746'}, 0x48) 03:37:46 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x2, 0x2, 0x0) connect$inet(r0, &(0x7f00000002c0)={0x2, 0x4e20, @empty}, 0x10) sendto$inet(r0, &(0x7f0000000280)="dd", 0x1, 0x182c7597b70eb164, 0x0, 0xfffffffffffffe72) sendto$inet(r0, &(0x7f00000000c0)="4bba57bee128b2763efc6fe9a8b3160c8c780ced1240f0c62e5e3eb0279e63f863731bcaa461012bf6eb84ad7ffab75a4a2612e2c8a283a01d606b98b8b4793942e744c5", 0x44, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f0000003c80), 0x38e, 0x62, 0x0) [ 627.341481] overlayfs: unrecognized mount option "sowkdir=//file1\" or missing value [ 627.350138] protocol 88fb is buggy, dev hsr_slave_0 [ 627.355250] protocol 88fb is buggy, dev hsr_slave_1 [ 627.379135] ptrace attach of "/root/syz-executor.4"[23558] was attempted by "/root/syz-executor.4"[23561] 03:37:46 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca50d5e0bcfe47bf070") mkdir(&(0x7f00000001c0)='./file0\x00', 0x0) mkdir(&(0x7f0000000040)='./file1\x00', 0x0) mount$overlay(0x40000a, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='overlay\x00', 0x0, &(0x7f0000000100)={[{@upperdir={'upperdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './file1'}, 0x5c}], [], 0xf603000000000000}) open(&(0x7f0000000080)='./file1\x00', 0xa381, 0xc0) 03:37:46 executing program 0: r0 = gettid() recvmsg(0xffffffffffffffff, 0x0, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000)) ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, 0x0) fstat(0xffffffffffffffff, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff}) ioctl$TCSETSF(r1, 0x5404, 0x0) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) listen(0xffffffffffffffff, 0x0) open(0x0, 0x0, 0x0) ioctl$KDGKBTYPE(0xffffffffffffffff, 0x4b33, 0x0) getgid() gettid() timer_settime(0x0, 0x0, &(0x7f0000000040)={{0x0, 0x1c9c380}, {0x0, 0x989680}}, 0x0) sendmmsg$inet(0xffffffffffffffff, 0x0, 0x0, 0x0) tkill(r0, 0x13) 03:37:46 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000000200)={0x2, 0x1004e20}, 0x10) connect$inet(0xffffffffffffffff, &(0x7f00000002c0)={0x2, 0x4e20, @empty}, 0x10) sendto$inet(0xffffffffffffffff, &(0x7f0000000280)="dd", 0x1, 0x182c7597b70eb164, 0x0, 0xfffffffffffffe72) sendto$inet(0xffffffffffffffff, &(0x7f00000000c0)="4bba57bee128b2763efc6fe9a8b3160c8c780ced1240f0c62e5e3eb0279e63f863731bcaa461012bf6eb84ad7ffab75a4a2612e2c8a283a01d606b98b8b4793942e744c5", 0x44, 0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003c80), 0x38e, 0x62, 0x0) 03:37:46 executing program 3 (fault-call:6 fault-nth:57): mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000200)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000003c0)='./file0\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffe000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) 03:37:46 executing program 4: r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/load\x00', 0x2, 0x0) r1 = fcntl$getown(r0, 0x9) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x822102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg$netlink(0xffffffffffffffff, &(0x7f0000001dc0)={0x0, 0x0, &(0x7f00000000c0)=[{0x0, 0xfffffffffffffce2}, {0x0, 0x15e}, {0x0, 0x2c3}, {&(0x7f0000000000)=ANY=[@ANYBLOB="b803010000000020000000000000000000"], 0x9c}], 0x4}, 0x0) r2 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r1, 0x10001, 0x58) tkill(r2, 0x4) ptrace$cont(0x18, r2, 0x0, 0x0) ptrace$setregs(0xd, r2, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r2, 0x0, 0x0) 03:37:46 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000001c0)=0x7) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000040)={0x7d}) 03:37:46 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000000200)={0x2, 0x1004e20}, 0x10) connect$inet(0xffffffffffffffff, &(0x7f00000002c0)={0x2, 0x4e20, @empty}, 0x10) sendto$inet(0xffffffffffffffff, &(0x7f0000000280)="dd", 0x1, 0x182c7597b70eb164, 0x0, 0xfffffffffffffe72) sendto$inet(0xffffffffffffffff, &(0x7f00000000c0)="4bba57bee128b2763efc6fe9a8b3160c8c780ced1240f0c62e5e3eb0279e63f863731bcaa461012bf6eb84ad7ffab75a4a2612e2c8a283a01d606b98b8b4793942e744c5", 0x44, 0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003c80), 0x38e, 0x62, 0x0) [ 627.533450] x86/PAT: syz-executor.3:23544 freeing invalid memtype [mem 0x00002000-0x00002fff] [ 627.534472] overlayfs: filesystem on './file0' not supported as upperdir 03:37:46 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x1000, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg$netlink(0xffffffffffffffff, &(0x7f0000001dc0)={0x0, 0x0, &(0x7f00000000c0)=[{0x0, 0xfffffffffffffce2}, {0x0, 0x15e}, {0x0, 0x2c3}, {&(0x7f0000000000)=ANY=[@ANYBLOB="b803010000000020000000000000000000"], 0x9c}], 0x4}, 0x0) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x4) ptrace$cont(0x18, r0, 0x0, 0x0) r1 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/autofs\x00', 0x101000, 0x0) ioctl$UI_SET_FFBIT(r1, 0x4004556b, 0x9) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000100)="5398ecd15c33e4e2d8b890f167302a238e82344dfc82bf80eda5ec024dfc9eb893b5b287c62eda43cad57eace2330cd308289d275a46d47e2606cc504adbaf9330aa2e4d40d837b6b5c2a67a291e2003e45e56e4fa42a9f312ad18fe6e8892494164f82ecd2462f90d07d36800bc91bd6699fb62b4e7dd25222dda51454b2e11757e296eeaf78ed95a7c1ebf55b8fafeccc5d3ff7d00e5d2c8457fecdc2f5d31aa3b94c12a0b26e17ffb82d4fd45e397522095939e02e9340c2f5e913072ba01d9a93328358cca") ptrace$cont(0x7, r0, 0x0, 0x0) [ 627.591492] protocol 88fb is buggy, dev hsr_slave_0 [ 627.597195] protocol 88fb is buggy, dev hsr_slave_1 03:37:46 executing program 5: syz_open_dev$sndtimer(&(0x7f0000000100)='/dev/snd/timer\x00', 0x0, 0xc2) r0 = memfd_create(&(0x7f0000000040)='\x00\xac=\x9d\xd2\xdb\xe6\xbf\xb4\b\xedcJ\x8e\x84\xd4N\x12\x9b\x1f\t\xbd\x11+\x86T\x16\xa3\xb3\xae0\x9f9?\xefo\xa4k\x012>\xa1\x9c\x86x\x1c\x9f\x84\x195\xde\x97_\t~\xf3Y\x12\"p^\xc1\x0f', 0x0) pipe2(&(0x7f00000001c0)={0xffffffffffffffff}, 0x80000) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000240)='TIPCv2\x00') sendmsg$TIPC_NL_PUBL_GET(r1, &(0x7f00000004c0)={&(0x7f0000000200), 0xc, &(0x7f0000000400)={&(0x7f0000000700)=ANY=[@ANYBLOB="f800b900ee6059aa5bf14ff6a69df6cf78598587885cc2979be4d33804ce45cf25a023e9d85b90b16d1c4f676e9d8d20b58f8357894ddc76b8621dbea8fcf60e000000000000beb107743e7f8356bb1b4c0de66bec6f53d13682abef3e61e52e81ef49b7430113f3811d3f04cf033549732f89d78a64aad3db174f0fa25aae831eb197865d", @ANYRES16=r2, @ANYBLOB="00012abd7000fedbdf25070000002400020008000100a400000008000100800000000800010000000000080001000600000068000100080003000000000008000300ff000000380004001400010002004e20e00000020000000000000000200002000a00000000000005ff010000000000000000000000000001060000000c00020008000300f7e50000100001007564703a73797a3100000000140009000800010002000000080002005f03000020000200080002003200000004000400080001000500000008000100fdffffff24000900080001000400000008000200348bffff08000100020000000800010000000100d38e0166af14aef0fed3fe37ccb98b8e1d618758710bcc343515620b7485b2e5d34afd97798864139f9bd4a82584dd5fa513b207b6aed55e6fa9e1a400b4c5cfda809f61fa901ac4e4a13376e03f6d591f4663839b5b00066e998ace"], 0x3}}, 0x20004010) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='Cpuacct.stE\xae\x00', 0x275a, 0x0) r3 = creat(&(0x7f0000000080)='./bus\x00', 0x0) fallocate(r3, 0x0, 0x0, 0x1) read$eventfd(r3, &(0x7f00000003c0), 0x8) fallocate(r0, 0xe, 0x6, 0xffffffffffff5a11) r4 = creat(&(0x7f0000000280)='./bus\x00', 0x80) r5 = socket$inet6(0xa, 0x400000000001, 0x0) r6 = fcntl$getown(r4, 0x9) capget(&(0x7f00000000c0)={0x20080522, r6}, &(0x7f0000000140)={0x1, 0x8000, 0x81, 0x40, 0xfffffffff0520d4f, 0x5}) r7 = dup(r5) ioctl$FICLONE(0xffffffffffffffff, 0x40049409, r5) setsockopt$inet6_tcp_int(r7, 0x6, 0x12, &(0x7f0000000000)=0x7f, 0x4) bind$inet6(r5, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r5, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$SO_BINDTODEVICE(r5, 0x1, 0x19, &(0x7f0000000180)='syz_tun\x00', 0x10) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x400}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r8 = open(&(0x7f0000000440)='./bus\x00', 0x141042, 0x0) ftruncate(r4, 0x800fe) sendfile(r7, r8, 0x0, 0x8000fffffffe) 03:37:46 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca50d5e0bcfe47bf070") prctl$PR_SET_CHILD_SUBREAPER(0x24, 0x1) mkdir(&(0x7f00000001c0)='./file0\x00', 0x0) r1 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f00000002c0)='/selinux/policy\x00', 0x0, 0x0) ioctl$EVIOCGBITKEY(r1, 0x80404521, &(0x7f0000000300)=""/204) r2 = syz_open_dev$mice(&(0x7f0000000080)='/dev/input/mice\x00', 0x0, 0x100) ioctl$EVIOCGBITKEY(r2, 0x80404521, &(0x7f0000000200)=""/132) mkdir(&(0x7f0000000040)='./file0\x00', 0x104) openat$vfio(0xffffffffffffff9c, &(0x7f0000000400)='/dev/vfio/vfio\x00', 0x50000, 0x0) mount$overlay(0x40000a, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='overlay\x00', 0x0, &(0x7f0000000100)={[{@upperdir={'upperdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './file1'}, 0x5c}], [], 0xf603000000000000}) ioctl$SIOCAX25GETINFO(r2, 0x89ed, &(0x7f0000000140)) 03:37:46 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 627.665684] FAULT_INJECTION: forcing a failure. [ 627.665684] name failslab, interval 1, probability 0, space 0, times 0 [ 627.694861] CPU: 1 PID: 23593 Comm: syz-executor.3 Not tainted 4.14.138 #34 [ 627.702012] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 627.711368] Call Trace: [ 627.711388] dump_stack+0x138/0x19c [ 627.711408] should_fail.cold+0x10f/0x159 [ 627.711426] should_failslab+0xdb/0x130 [ 627.711443] kmem_cache_alloc+0x2d7/0x780 [ 627.711454] ? __lock_acquire+0x5f7/0x4620 [ 627.711471] ptlock_alloc+0x20/0x70 [ 627.717684] pte_alloc_one+0x60/0x100 [ 627.717697] copy_huge_pmd+0x7d/0x8c0 [ 627.717713] ? add_mm_counter_fast.part.0+0x30/0x30 [ 627.750368] copy_page_range+0x69a/0x1bd0 [ 627.754533] ? anon_vma_fork+0x358/0x4d0 [ 627.758607] ? find_held_lock+0x35/0x130 03:37:46 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000000200)={0x2, 0x1004e20}, 0x10) connect$inet(0xffffffffffffffff, &(0x7f00000002c0)={0x2, 0x4e20, @empty}, 0x10) sendto$inet(0xffffffffffffffff, &(0x7f0000000280)="dd", 0x1, 0x182c7597b70eb164, 0x0, 0xfffffffffffffe72) sendto$inet(0xffffffffffffffff, &(0x7f00000000c0)="4bba57bee128b2763efc6fe9a8b3160c8c780ced1240f0c62e5e3eb0279e63f863731bcaa461012bf6eb84ad7ffab75a4a2612e2c8a283a01d606b98b8b4793942e744c5", 0x44, 0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003c80), 0x38e, 0x62, 0x0) [ 627.762679] ? vma_compute_subtree_gap+0x190/0x1f0 [ 627.767625] ? __rb_insert_augmented+0x22f/0xdf0 [ 627.772393] ? __pmd_alloc+0x410/0x410 [ 627.776291] ? __vma_link_rb+0x247/0x340 [ 627.780366] copy_process.part.0+0x4764/0x6a00 [ 627.784977] ? __cleanup_sighand+0x50/0x50 [ 627.789218] ? lock_downgrade+0x6e0/0x6e0 [ 627.793373] _do_fork+0x19e/0xce0 [ 627.796834] ? fork_idle+0x280/0x280 [ 627.800991] ? fput+0xd4/0x150 [ 627.804190] ? SyS_write+0x15e/0x230 [ 627.807918] SyS_clone+0x37/0x50 [ 627.811292] ? sys_vfork+0x30/0x30 [ 627.814835] do_syscall_64+0x1e8/0x640 [ 627.818728] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 627.823584] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 627.828774] RIP: 0033:0x459829 [ 627.831963] RSP: 002b:00007f74f3dd6c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 627.839679] RAX: ffffffffffffffda RBX: 00007f74f3dd6c90 RCX: 0000000000459829 [ 627.846952] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 627.854230] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 03:37:46 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x822102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg$netlink(0xffffffffffffffff, &(0x7f0000001dc0)={0x0, 0x0, &(0x7f00000000c0)=[{0x0, 0xfffffffffffffce2}, {0x0, 0x15e}, {0x0, 0x2c3}, {&(0x7f0000000000)=ANY=[@ANYBLOB="b803010000000020000000000000000000"], 0x9c}], 0x4}, 0x0) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x4) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 03:37:46 executing program 5: syz_open_dev$sndtimer(&(0x7f0000000100)='/dev/snd/timer\x00', 0x0, 0xc2) r0 = memfd_create(&(0x7f0000000040)='\x00\xac=\x9d\xd2\xdb\xe6\xbf\xb4\b\xedcJ\x8e\x84\xd4N\x12\x9b\x1f\t\xbd\x11+\x86T\x16\xa3\xb3\xae0\x9f9?\xefo\xa4k\x012>\xa1\x9c\x86x\x1c\x9f\x84\x195\xde\x97_\t~\xf3Y\x12\"p^\xc1\x0f', 0x0) pipe2(&(0x7f00000001c0)={0xffffffffffffffff}, 0x80000) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000240)='TIPCv2\x00') sendmsg$TIPC_NL_PUBL_GET(r1, &(0x7f00000004c0)={&(0x7f0000000200), 0xc, &(0x7f0000000400)={&(0x7f0000000700)=ANY=[@ANYBLOB="f800b900ee6059aa5bf14ff6a69df6cf78598587885cc2979be4d33804ce45cf25a023e9d85b90b16d1c4f676e9d8d20b58f8357894ddc76b8621dbea8fcf60e000000000000beb107743e7f8356bb1b4c0de66bec6f53d13682abef3e61e52e81ef49b7430113f3811d3f04cf033549732f89d78a64aad3db174f0fa25aae831eb197865d", @ANYRES16=r2, @ANYBLOB="00012abd7000fedbdf25070000002400020008000100a400000008000100800000000800010000000000080001000600000068000100080003000000000008000300ff000000380004001400010002004e20e00000020000000000000000200002000a00000000000005ff010000000000000000000000000001060000000c00020008000300f7e50000100001007564703a73797a3100000000140009000800010002000000080002005f03000020000200080002003200000004000400080001000500000008000100fdffffff24000900080001000400000008000200348bffff08000100020000000800010000000100d38e0166af14aef0fed3fe37ccb98b8e1d618758710bcc343515620b7485b2e5d34afd97798864139f9bd4a82584dd5fa513b207b6aed55e6fa9e1a400b4c5cfda809f61fa901ac4e4a13376e03f6d591f4663839b5b00066e998ace"], 0x3}}, 0x20004010) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='Cpuacct.stE\xae\x00', 0x275a, 0x0) r3 = creat(&(0x7f0000000080)='./bus\x00', 0x0) fallocate(r3, 0x0, 0x0, 0x1) read$eventfd(r3, &(0x7f00000003c0), 0x8) fallocate(r0, 0xe, 0x6, 0xffffffffffff5a11) r4 = creat(&(0x7f0000000280)='./bus\x00', 0x80) r5 = socket$inet6(0xa, 0x400000000001, 0x0) r6 = fcntl$getown(r4, 0x9) capget(&(0x7f00000000c0)={0x20080522, r6}, &(0x7f0000000140)={0x1, 0x8000, 0x81, 0x40, 0xfffffffff0520d4f, 0x5}) r7 = dup(r5) ioctl$FICLONE(0xffffffffffffffff, 0x40049409, r5) setsockopt$inet6_tcp_int(r7, 0x6, 0x12, &(0x7f0000000000)=0x7f, 0x4) bind$inet6(r5, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r5, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$SO_BINDTODEVICE(r5, 0x1, 0x19, &(0x7f0000000180)='syz_tun\x00', 0x10) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x400}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r8 = open(&(0x7f0000000440)='./bus\x00', 0x141042, 0x0) ftruncate(r4, 0x800fe) sendfile(r7, r8, 0x0, 0x8000fffffffe) [ 627.861509] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f74f3dd76d4 [ 627.868784] R13: 00000000004bfce6 R14: 00000000004d1a38 R15: 0000000000000004 [ 627.905451] overlayfs: failed to resolve './file1': -2 03:37:46 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x822102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x4) ptrace$cont(0x7, r0, 0x6, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) getresuid(&(0x7f0000000040), &(0x7f0000000080)=0x0, &(0x7f0000000100)) getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f0000000140)={{{@in=@empty, @in6=@mcast1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@remote}, 0x0, @in6=@mcast2}}, &(0x7f0000000240)=0xe8) r4 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dlm-monitor\x00', 0x8400, 0x0) setsockopt$inet6_IPV6_IPSEC_POLICY(r4, 0x29, 0x22, &(0x7f0000000280)={{{@in=@loopback, @in6=@mcast1, 0x4e23, 0x3ff, 0x4e20, 0x1, 0x2, 0x80, 0x80, 0xff, r2, r3}, {0x2, 0x7, 0x0, 0x8, 0x5, 0x5, 0x5, 0x1000}, {0x1, 0x9, 0x5b8d1768, 0x4}, 0xffffffff, 0x6e6bbc, 0x1, 0x0, 0x2, 0x3}, {{@in6=@ipv4={[], [], @multicast2}, 0x4d6, 0x7f}, 0xa, @in=@remote, 0x3502, 0x1, 0x0, 0x7, 0x1, 0x99}}, 0xe8) setreuid(r1, r3) getitimer(0x1, &(0x7f00000000c0)) [ 627.981498] overlayfs: failed to resolve './file1': -2 03:37:47 executing program 3 (fault-call:6 fault-nth:58): mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000200)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000003c0)='./file0\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffe000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) 03:37:47 executing program 0: 03:37:47 executing program 1: r0 = socket$inet(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000200)={0x2, 0x1004e20}, 0x10) connect$inet(r0, &(0x7f00000002c0)={0x2, 0x4e20, @empty}, 0x10) sendto$inet(r0, &(0x7f0000000280)="dd", 0x1, 0x182c7597b70eb164, 0x0, 0xfffffffffffffe72) sendto$inet(r0, &(0x7f00000000c0)="4bba57bee128b2763efc6fe9a8b3160c8c780ced1240f0c62e5e3eb0279e63f863731bcaa461012bf6eb84ad7ffab75a4a2612e2c8a283a01d606b98b8b4793942e744c5", 0x44, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f0000003c80), 0x38e, 0x62, 0x0) 03:37:47 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca50d5e0bcfe47bf070") finit_module(r0, &(0x7f0000000080)='upperdir', 0x2) mkdir(&(0x7f00000001c0)='./file0\x00', 0x0) mkdir(&(0x7f0000000040)='./file1\x00', 0x0) mount$overlay(0x40000a, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='overlay\x00', 0x0, &(0x7f0000000100)={[{@upperdir={'upperdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './file1'}, 0x5c}], [], 0xf603000000000000}) 03:37:47 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x822102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0xffffffffffffffe0, &(0x7f00000000c0)=[{0x0, 0xffffffffffffffbd}, {0x0, 0x15e}, {0x0, 0x2c3}, {&(0x7f0000000440)=ANY=[@ANYRESOCT], 0x9c}], 0x4, 0x0, 0x16b}, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) r0 = gettid() r1 = syz_open_dev$vcsn(&(0x7f0000000000)='/dev/vcs#\x00', 0x1, 0x200) getsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, &(0x7f0000000100)={0x0, @in={{0x2, 0x4e22, @multicast2}}, 0x3, 0x8000, 0x2, 0xfffffffffffffffd, 0x20}, &(0x7f00000001c0)=0x98) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000200)={r2, @in6={{0xa, 0x4e21, 0x4e81f9a, @remote, 0x3}}, 0x6, 0x6, 0xe6, 0x8, 0x20}, 0x98) wait4(0x0, 0x0, 0x80000000, 0x0) setsockopt$inet_sctp6_SCTP_AUTO_ASCONF(r1, 0x84, 0x1e, &(0x7f00000002c0)=0xffffffff, 0x4) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x4) fchmodat(r1, &(0x7f0000000400)='./file0\x00', 0x24) ptrace$cont(0x18, r0, 0x0, 0x0) sched_rr_get_interval(r0, &(0x7f0000000080)) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) setsockopt$CAIFSO_REQ_PARAM(r1, 0x116, 0x80, &(0x7f0000000300)="deed15a5bce1fef66c13f68fd942d943414d68a202a078f11f13c4eec32e3ffec184205b612232f18afd663e661410a2e1e89daa323b324bfd679f87319053094ff5023593bbac24fcf5a75430a85dafa2070f093b34fae0c892542dae919bfec882a39542969a52a0af0f1661d3d3499c1f16ac7e55299f667a6f93fa2f8d14db186656ab66142846f379fa45ef78d63bdbfa8733b1ae62539b1adf8f850136726c99343624330311a1d8ed46927573360e91529f8f8a93bbcae1ae3ad3418591de52788515025312e2b58af2ad85f36d9f5fe69cd57eddbc68ab9ae756bba42781fe50a28cf78979a82abc819cafa51c", 0xffffffb7) ioctl$sock_inet_SIOCDELRT(r1, 0x890c, &(0x7f00000006c0)={0x0, {0x2, 0x4e24, @local}, {0x2, 0x4e23, @rand_addr=0x4}, {0x2, 0x4e21, @multicast1}, 0x10, 0x0, 0x0, 0x0, 0x8, &(0x7f0000000680)='irlan0\x00', 0x8, 0x3, 0x1}) ioctl$FIBMAP(r1, 0x1, &(0x7f00000007c0)=0x1ff) clone(0x3102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) unshare(0x40000000) r3 = syz_open_procfs(0x0, &(0x7f00000002c0)='cmdline\x00') getsockopt$inet_sctp6_SCTP_ADAPTATION_LAYER(r3, 0x84, 0x7, &(0x7f0000000740), &(0x7f0000000780)=0x4) r4 = socket$inet(0x2, 0x4000000000000001, 0x0) writev(r4, &(0x7f0000000040)=[{&(0x7f0000000180)="e6", 0x1}], 0x1) ioctl$EVIOCGVERSION(r1, 0x80044501, &(0x7f0000000480)=""/220) ioctl$VIDIOC_S_PRIORITY(r1, 0x40045644, 0x7fc7af88668fa3a9) sendfile(r4, r3, 0x0, 0x4) getrandom(&(0x7f0000000580)=""/229, 0xe5, 0x1) ptrace$cont(0x1f, r0, 0x80, 0x0) [ 628.027790] x86/PAT: syz-executor.3:23593 freeing invalid memtype [mem 0x00002000-0x00002fff] 03:37:47 executing program 0: 03:37:47 executing program 5: syz_open_dev$sndtimer(&(0x7f0000000100)='/dev/snd/timer\x00', 0x0, 0xc2) r0 = memfd_create(&(0x7f0000000040)='\x00\xac=\x9d\xd2\xdb\xe6\xbf\xb4\b\xedcJ\x8e\x84\xd4N\x12\x9b\x1f\t\xbd\x11+\x86T\x16\xa3\xb3\xae0\x9f9?\xefo\xa4k\x012>\xa1\x9c\x86x\x1c\x9f\x84\x195\xde\x97_\t~\xf3Y\x12\"p^\xc1\x0f', 0x0) pipe2(&(0x7f00000001c0)={0xffffffffffffffff}, 0x80000) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000240)='TIPCv2\x00') sendmsg$TIPC_NL_PUBL_GET(r1, &(0x7f00000004c0)={&(0x7f0000000200), 0xc, &(0x7f0000000400)={&(0x7f0000000700)=ANY=[@ANYBLOB="f800b900ee6059aa5bf14ff6a69df6cf78598587885cc2979be4d33804ce45cf25a023e9d85b90b16d1c4f676e9d8d20b58f8357894ddc76b8621dbea8fcf60e000000000000beb107743e7f8356bb1b4c0de66bec6f53d13682abef3e61e52e81ef49b7430113f3811d3f04cf033549732f89d78a64aad3db174f0fa25aae831eb197865d", @ANYRES16=r2, @ANYBLOB="00012abd7000fedbdf25070000002400020008000100a400000008000100800000000800010000000000080001000600000068000100080003000000000008000300ff000000380004001400010002004e20e00000020000000000000000200002000a00000000000005ff010000000000000000000000000001060000000c00020008000300f7e50000100001007564703a73797a3100000000140009000800010002000000080002005f03000020000200080002003200000004000400080001000500000008000100fdffffff24000900080001000400000008000200348bffff08000100020000000800010000000100d38e0166af14aef0fed3fe37ccb98b8e1d618758710bcc343515620b7485b2e5d34afd97798864139f9bd4a82584dd5fa513b207b6aed55e6fa9e1a400b4c5cfda809f61fa901ac4e4a13376e03f6d591f4663839b5b00066e998ace"], 0x3}}, 0x20004010) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='Cpuacct.stE\xae\x00', 0x275a, 0x0) r3 = creat(&(0x7f0000000080)='./bus\x00', 0x0) fallocate(r3, 0x0, 0x0, 0x1) read$eventfd(r3, &(0x7f00000003c0), 0x8) fallocate(r0, 0xe, 0x6, 0xffffffffffff5a11) r4 = creat(&(0x7f0000000280)='./bus\x00', 0x80) r5 = socket$inet6(0xa, 0x400000000001, 0x0) r6 = fcntl$getown(r4, 0x9) capget(&(0x7f00000000c0)={0x20080522, r6}, &(0x7f0000000140)={0x1, 0x8000, 0x81, 0x40, 0xfffffffff0520d4f, 0x5}) r7 = dup(r5) ioctl$FICLONE(0xffffffffffffffff, 0x40049409, r5) setsockopt$inet6_tcp_int(r7, 0x6, 0x12, &(0x7f0000000000)=0x7f, 0x4) bind$inet6(r5, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r5, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$SO_BINDTODEVICE(r5, 0x1, 0x19, &(0x7f0000000180)='syz_tun\x00', 0x10) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x400}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r8 = open(&(0x7f0000000440)='./bus\x00', 0x141042, 0x0) ftruncate(r4, 0x800fe) sendfile(r7, r8, 0x0, 0x8000fffffffe) 03:37:47 executing program 0: 03:37:47 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) utimes(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)={{0x77359400}, {0x77359400}}) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca50d5e0bcfe47bf070") mkdir(&(0x7f00000001c0)='./file0\x00', 0x0) mkdir(&(0x7f0000000180)='./file0/file0\x00', 0x0) mount$overlay(0x40000a, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='overlay\x00', 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="75707065726469723d2e2f66696c65302c6c6f7765726469723d2e2f88696c65302c776f726b6469723d2e2f66696c65315c00"]) recvmsg(r0, &(0x7f0000000380)={&(0x7f0000000200)=@in={0x2, 0x0, @broadcast}, 0x80, &(0x7f0000000140)=[{&(0x7f0000000280)=""/222, 0xde}], 0x1}, 0x40) [ 628.186763] FAULT_INJECTION: forcing a failure. [ 628.186763] name fail_page_alloc, interval 1, probability 0, space 0, times 0 03:37:47 executing program 1: r0 = socket$inet(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000200)={0x2, 0x1004e20}, 0x10) connect$inet(r0, &(0x7f00000002c0)={0x2, 0x4e20, @empty}, 0x10) sendto$inet(r0, &(0x7f0000000280)="dd", 0x1, 0x182c7597b70eb164, 0x0, 0xfffffffffffffe72) sendto$inet(r0, &(0x7f00000000c0)="4bba57bee128b2763efc6fe9a8b3160c8c780ced1240f0c62e5e3eb0279e63f863731bcaa461012bf6eb84ad7ffab75a4a2612e2c8a283a01d606b98b8b4793942e744c5", 0x44, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f0000003c80), 0x38e, 0x62, 0x0) 03:37:47 executing program 0: 03:37:47 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x822102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg$netlink(0xffffffffffffffff, &(0x7f0000001dc0)={0x0, 0x0, &(0x7f00000000c0)=[{0x0, 0xfffffffffffffce2}, {0x0, 0x15e}, {0x0, 0x2c3}, {&(0x7f0000000000)=ANY=[@ANYBLOB="b803010000000020000000000000000000"], 0x9c}], 0x4}, 0x0) r0 = gettid() tkill(r0, 0x21) wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x4) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) [ 628.288337] CPU: 0 PID: 23635 Comm: syz-executor.3 Not tainted 4.14.138 #34 [ 628.295489] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 628.304845] Call Trace: [ 628.307460] dump_stack+0x138/0x19c [ 628.311105] should_fail.cold+0x10f/0x159 [ 628.315263] ? __might_sleep+0x93/0xb0 [ 628.319160] __alloc_pages_nodemask+0x1d6/0x7a0 [ 628.323834] ? __alloc_pages_slowpath+0x2930/0x2930 [ 628.328891] ? lock_downgrade+0x6e0/0x6e0 [ 628.333057] alloc_pages_current+0xec/0x1e0 [ 628.337387] pte_alloc_one+0x1a/0x100 [ 628.339115] overlayfs: failed to resolve './file1': -2 [ 628.341194] __pte_alloc+0x2a/0x2d0 [ 628.341208] copy_page_range+0x11ba/0x1bd0 [ 628.341220] ? anon_vma_fork+0x358/0x4d0 [ 628.341237] ? vma_compute_subtree_gap+0x190/0x1f0 [ 628.341253] ? __pmd_alloc+0x410/0x410 [ 628.366477] overlayfs: failed to resolve './file1': -2 [ 628.367229] copy_process.part.0+0x4764/0x6a00 [ 628.367261] ? __cleanup_sighand+0x50/0x50 [ 628.381312] ? lock_downgrade+0x6e0/0x6e0 [ 628.385465] _do_fork+0x19e/0xce0 [ 628.388924] ? fork_idle+0x280/0x280 [ 628.392641] ? fput+0xd4/0x150 [ 628.395830] ? SyS_write+0x15e/0x230 [ 628.399553] SyS_clone+0x37/0x50 [ 628.402918] ? sys_vfork+0x30/0x30 [ 628.406465] do_syscall_64+0x1e8/0x640 [ 628.410354] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 628.415204] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 628.420395] RIP: 0033:0x459829 [ 628.423579] RSP: 002b:00007f74f3dd6c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 628.431285] RAX: ffffffffffffffda RBX: 00007f74f3dd6c90 RCX: 0000000000459829 [ 628.438553] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 628.445819] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 628.453081] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f74f3dd76d4 [ 628.453088] R13: 00000000004bfce6 R14: 00000000004d1a38 R15: 0000000000000004 03:37:47 executing program 3 (fault-call:6 fault-nth:59): mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000200)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000003c0)='./file0\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffe000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) 03:37:47 executing program 1: r0 = socket$inet(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000200)={0x2, 0x1004e20}, 0x10) connect$inet(r0, &(0x7f00000002c0)={0x2, 0x4e20, @empty}, 0x10) sendto$inet(r0, &(0x7f0000000280)="dd", 0x1, 0x182c7597b70eb164, 0x0, 0xfffffffffffffe72) sendto$inet(r0, &(0x7f00000000c0)="4bba57bee128b2763efc6fe9a8b3160c8c780ced1240f0c62e5e3eb0279e63f863731bcaa461012bf6eb84ad7ffab75a4a2612e2c8a283a01d606b98b8b4793942e744c5", 0x44, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f0000003c80), 0x38e, 0x62, 0x0) 03:37:47 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca50d5e0bcfe47bf070") mkdir(&(0x7f00000001c0)='./file0\x00', 0x0) mkdir(&(0x7f0000000040)='./file1\x00', 0x0) mount$overlay(0x40000a, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='overlay\x00', 0x0, &(0x7f0000000940)=ANY=[@ANYBLOB="75707065726469723d2e2f66696c65302c6c6f7765726469723d2e2f66696c65302c776f726b6469723d2e2f66696c65315c00ed19695b07ada3093148bd1e10b5a1231f33e18990235ab0108959910387533fc3925e66cab97ba83e5aaadcdab7cd5973d768ae8b5b5cc0ffe883bf92a90667dfb81c31f541681ee714295c5a5260bc6887ad3a0ff20f7379474d435ed41bdce9"]) fstat(r0, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0}) getsockopt$inet_IP_IPSEC_POLICY(r0, 0x0, 0x10, &(0x7f0000000200)={{{@in6=@dev, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@mcast1}, 0x0, @in6}}, &(0x7f0000000300)=0xe8) getresgid(&(0x7f0000000340), &(0x7f0000000380)=0x0, &(0x7f00000003c0)) getgroups(0x6, &(0x7f0000000400)=[0xee00, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0xee00]) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f00000008c0)=@filter={'filter\x00', 0xe, 0x3, 0x47a, [0x0, 0x20000440, 0x20000686, 0x2000075c], 0x0, &(0x7f0000000080), &(0x7f0000000440)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, [{0x5, 0x20, 0x8848, 'ip_vti0\x00', 'ip6erspan0\x00', 'nr0\x00', 'gre0\x00', @remote, [0xff, 0x315d4ab74a2dcec2, 0xff, 0x0, 0xff, 0xff], @remote, [0xff, 0x725eaad113202a51, 0xec5f14ebee98493d, 0x0, 0x725b20522f399d8d, 0xff], 0x9e, 0xe6, 0x216, [@vlan={'vlan\x00', 0x8, {{0x2, 0x5, 0x8809, 0x2, 0x1}}}], [@common=@ERROR={'ERROR\x00', 0x20, {"9702be4ccdf3c0bc0351fc669733eb222b1c4765f827f7e7866576bf3e91"}}], @common=@SECMARK={'SECMARK\x00', 0x108, {{0x1, 0x1f, 'system_u:object_r:inetd_child_exec_t:s0\x00'}}}}]}, {0x0, '\x00', 0x1, 0xffffffffffffffff, 0x1, [{0x17, 0x8, 0x89bf, 'yam0\x00', 'batadv0\x00', 'team0\x00', 'bridge_slave_1\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}, [0xff, 0x0, 0xe6a3c0ab428dbf81, 0x0, 0xff], @dev={[], 0x13}, [0xff, 0x0, 0xff, 0xff, 0xff, 0xff], 0x6e, 0x6e, 0xa6, [], [], @common=@mark={'mark\x00', 0x10, {{0xfffffff0, 0xfffffffffffffffd}}}}]}, {0x0, '\x00', 0x2, 0xffffffffffffffff, 0x1, [{0x9, 0x2, 0x201, 'veth1\x00', 'ip6erspan0\x00', 'team_slave_1\x00', 'bond_slave_1\x00', @dev={[], 0x1c}, [0xff, 0x0, 0xff, 0x0, 0x0, 0xff], @dev={[], 0xe}, [0x0, 0x0, 0xff, 0x0, 0xff], 0xae, 0xde, 0x12e, [@owner={'owner\x00', 0x18, {{r1, r2, r3, r4, 0x7, 0x2}}}], [@common=@CLASSIFY={'CLASSIFY\x00', 0x8, {{0x6}}}], @common=@log={'log\x00', 0x28, {{0x5, "80a9acfd24b0e6841a25b1155743023554b20dd9ecf84c60c49b04765f9c"}}}}]}]}, 0x4f2) 03:37:47 executing program 0: 03:37:47 executing program 5: syz_open_dev$sndtimer(&(0x7f0000000100)='/dev/snd/timer\x00', 0x0, 0xc2) r0 = memfd_create(&(0x7f0000000040)='\x00\xac=\x9d\xd2\xdb\xe6\xbf\xb4\b\xedcJ\x8e\x84\xd4N\x12\x9b\x1f\t\xbd\x11+\x86T\x16\xa3\xb3\xae0\x9f9?\xefo\xa4k\x012>\xa1\x9c\x86x\x1c\x9f\x84\x195\xde\x97_\t~\xf3Y\x12\"p^\xc1\x0f', 0x0) pipe2(&(0x7f00000001c0)={0xffffffffffffffff}, 0x80000) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000240)='TIPCv2\x00') sendmsg$TIPC_NL_PUBL_GET(r1, &(0x7f00000004c0)={&(0x7f0000000200), 0xc, &(0x7f0000000400)={&(0x7f0000000700)=ANY=[@ANYBLOB="f800b900ee6059aa5bf14ff6a69df6cf78598587885cc2979be4d33804ce45cf25a023e9d85b90b16d1c4f676e9d8d20b58f8357894ddc76b8621dbea8fcf60e000000000000beb107743e7f8356bb1b4c0de66bec6f53d13682abef3e61e52e81ef49b7430113f3811d3f04cf033549732f89d78a64aad3db174f0fa25aae831eb197865d", @ANYRES16=r2, @ANYBLOB="00012abd7000fedbdf25070000002400020008000100a400000008000100800000000800010000000000080001000600000068000100080003000000000008000300ff000000380004001400010002004e20e00000020000000000000000200002000a00000000000005ff010000000000000000000000000001060000000c00020008000300f7e50000100001007564703a73797a3100000000140009000800010002000000080002005f03000020000200080002003200000004000400080001000500000008000100fdffffff24000900080001000400000008000200348bffff08000100020000000800010000000100d38e0166af14aef0fed3fe37ccb98b8e1d618758710bcc343515620b7485b2e5d34afd97798864139f9bd4a82584dd5fa513b207b6aed55e6fa9e1a400b4c5cfda809f61fa901ac4e4a13376e03f6d591f4663839b5b00066e998ace"], 0x3}, 0x1, 0x0, 0x0, 0x40000}, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='Cpuacct.stE\xae\x00', 0x275a, 0x0) r3 = creat(&(0x7f0000000080)='./bus\x00', 0x0) fallocate(r3, 0x0, 0x0, 0x1) read$eventfd(r3, &(0x7f00000003c0), 0x8) fallocate(r0, 0xe, 0x6, 0xffffffffffff5a11) r4 = creat(&(0x7f0000000280)='./bus\x00', 0x80) r5 = socket$inet6(0xa, 0x400000000001, 0x0) r6 = fcntl$getown(r4, 0x9) capget(&(0x7f00000000c0)={0x20080522, r6}, &(0x7f0000000140)={0x1, 0x8000, 0x81, 0x40, 0xfffffffff0520d4f, 0x5}) r7 = dup(r5) ioctl$FICLONE(0xffffffffffffffff, 0x40049409, r5) setsockopt$inet6_tcp_int(r7, 0x6, 0x12, &(0x7f0000000000)=0x7f, 0x4) bind$inet6(r5, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r5, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$SO_BINDTODEVICE(r5, 0x1, 0x19, &(0x7f0000000180)='syz_tun\x00', 0x10) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x400}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r8 = open(&(0x7f0000000440)='./bus\x00', 0x141042, 0x0) ftruncate(r4, 0x800fe) sendfile(r7, r8, 0x0, 0x8000fffffffe) 03:37:47 executing program 4: ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000040)) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000080)) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000100)) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000140), &(0x7f0000000180)=0xc) getpgrp(0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, &(0x7f00000001c0)=0x0) prctl$PR_SET_PTRACER(0x59616d61, r0) clone(0x822102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg$netlink(0xffffffffffffffff, &(0x7f0000001dc0)={0x0, 0x0, &(0x7f00000000c0)=[{0x0, 0xfffffffffffffce2}, {0x0, 0x15e}, {0x0, 0x2c3}, {&(0x7f0000000000)=ANY=[@ANYBLOB="b837eb0896050301000000002000000000"], 0x9c}], 0x4}, 0x0) r1 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x4) ptrace$cont(0x18, r1, 0x0, 0x0) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x18, r1, 0x0, 0x0) [ 628.486794] x86/PAT: syz-executor.3:23635 freeing invalid memtype [mem 0x00002000-0x00002fff] 03:37:47 executing program 0: [ 628.585301] overlayfs: filesystem on './file0' not supported as upperdir [ 628.600778] ptrace attach of "/root/syz-executor.4"[23666] was attempted by "/root/syz-executor.4"[23669] [ 628.621812] FAULT_INJECTION: forcing a failure. [ 628.621812] name failslab, interval 1, probability 0, space 0, times 0 [ 628.649344] CPU: 0 PID: 23673 Comm: syz-executor.3 Not tainted 4.14.138 #34 [ 628.656604] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 628.665957] Call Trace: [ 628.668552] dump_stack+0x138/0x19c [ 628.672200] should_fail.cold+0x10f/0x159 [ 628.676371] should_failslab+0xdb/0x130 [ 628.680364] kmem_cache_alloc+0x2d7/0x780 [ 628.684519] ? lock_downgrade+0x6e0/0x6e0 [ 628.688674] ptlock_alloc+0x20/0x70 [ 628.692303] pte_alloc_one+0x60/0x100 [ 628.696105] __pte_alloc+0x2a/0x2d0 [ 628.699735] copy_page_range+0x11ba/0x1bd0 [ 628.703974] ? anon_vma_fork+0x358/0x4d0 [ 628.708042] ? vma_compute_subtree_gap+0x190/0x1f0 [ 628.712980] ? __pmd_alloc+0x410/0x410 [ 628.716873] copy_process.part.0+0x4764/0x6a00 [ 628.721479] ? __cleanup_sighand+0x50/0x50 [ 628.725716] ? lock_downgrade+0x6e0/0x6e0 [ 628.729870] _do_fork+0x19e/0xce0 [ 628.733335] ? fork_idle+0x280/0x280 [ 628.737073] ? fput+0xd4/0x150 [ 628.740275] ? SyS_write+0x15e/0x230 [ 628.743996] SyS_clone+0x37/0x50 [ 628.747366] ? sys_vfork+0x30/0x30 [ 628.750909] do_syscall_64+0x1e8/0x640 [ 628.754794] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 628.759643] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 628.764834] RIP: 0033:0x459829 [ 628.768035] RSP: 002b:00007f74f3dd6c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 628.775742] RAX: ffffffffffffffda RBX: 00007f74f3dd6c90 RCX: 0000000000459829 [ 628.783006] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 628.790275] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 03:37:47 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/autofs\x00', 0x0, 0x0) setsockopt$inet_tcp_TCP_ULP(r1, 0x6, 0x1f, &(0x7f0000000140)='tls\x00', 0x4) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca50d5e0bcfe47bf070") ioctl$TIOCGSID(r1, 0x5429, &(0x7f0000000180)=0x0) sched_getattr(r2, &(0x7f0000000280)={0x30}, 0x28b, 0x0) mkdir(&(0x7f00000001c0)='./file0\x00', 0x0) mkdir(&(0x7f0000000040)='./file1\x00', 0x0) ioctl$SG_GET_RESERVED_SIZE(r1, 0x2272, &(0x7f0000000100)) mount$overlay(0x40000a, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='overlay\x00', 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="75707065726469723d2e2f7a3d0900f4ef88b906066e841de766696c65302c6c6f7765050069723d2e2f66696c65302c776f726b6469723d2e2f66696c65315c00"]) 03:37:47 executing program 1: perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000200)={0x2, 0x1004e20}, 0x10) connect$inet(r0, &(0x7f00000002c0)={0x2, 0x4e20, @empty}, 0x10) sendto$inet(r0, &(0x7f0000000280)="dd", 0x1, 0x182c7597b70eb164, 0x0, 0xfffffffffffffe72) sendto$inet(r0, &(0x7f00000000c0)="4bba57bee128b2763efc6fe9a8b3160c8c780ced1240f0c62e5e3eb0279e63f863731bcaa461012bf6eb84ad7ffab75a4a2612e2c8a283a01d606b98b8b4793942e744c5", 0x44, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f0000003c80), 0x38e, 0x62, 0x0) 03:37:47 executing program 0: 03:37:47 executing program 0: 03:37:47 executing program 0: [ 628.797545] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f74f3dd76d4 [ 628.804816] R13: 00000000004bfce6 R14: 00000000004d1a38 R15: 0000000000000004 03:37:47 executing program 3 (fault-call:6 fault-nth:60): mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000200)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000003c0)='./file0\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffe000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) 03:37:47 executing program 5: syz_open_dev$sndtimer(&(0x7f0000000100)='/dev/snd/timer\x00', 0x0, 0xc2) r0 = memfd_create(&(0x7f0000000040)='\x00\xac=\x9d\xd2\xdb\xe6\xbf\xb4\b\xedcJ\x8e\x84\xd4N\x12\x9b\x1f\t\xbd\x11+\x86T\x16\xa3\xb3\xae0\x9f9?\xefo\xa4k\x012>\xa1\x9c\x86x\x1c\x9f\x84\x195\xde\x97_\t~\xf3Y\x12\"p^\xc1\x0f', 0x0) pipe2(&(0x7f00000001c0)={0xffffffffffffffff}, 0x80000) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000240)='TIPCv2\x00') sendmsg$TIPC_NL_PUBL_GET(r1, &(0x7f00000004c0)={&(0x7f0000000200), 0xc, &(0x7f0000000400)={&(0x7f0000000700)=ANY=[@ANYBLOB="f800b900ee6059aa5bf14ff6a69df6cf78598587885cc2979be4d33804ce45cf25a023e9d85b90b16d1c4f676e9d8d20b58f8357894ddc76b8621dbea8fcf60e000000000000beb107743e7f8356bb1b4c0de66bec6f53d13682abef3e61e52e81ef49b7430113f3811d3f04cf033549732f89d78a64aad3db174f0fa25aae831eb197865d", @ANYRES16=r2, @ANYBLOB="00012abd7000fedbdf25070000002400020008000100a400000008000100800000000800010000000000080001000600000068000100080003000000000008000300ff000000380004001400010002004e20e00000020000000000000000200002000a00000000000005ff010000000000000000000000000001060000000c00020008000300f7e50000100001007564703a73797a3100000000140009000800010002000000080002005f03000020000200080002003200000004000400080001000500000008000100fdffffff24000900080001000400000008000200348bffff08000100020000000800010000000100d38e0166af14aef0fed3fe37ccb98b8e1d618758710bcc343515620b7485b2e5d34afd97798864139f9bd4a82584dd5fa513b207b6aed55e6fa9e1a400b4c5cfda809f61fa901ac4e4a13376e03f6d591f4663839b5b00066e998ace"], 0x3}, 0x1, 0x0, 0x0, 0x40000}, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='Cpuacct.stE\xae\x00', 0x275a, 0x0) r3 = creat(&(0x7f0000000080)='./bus\x00', 0x0) fallocate(r3, 0x0, 0x0, 0x1) read$eventfd(r3, &(0x7f00000003c0), 0x8) fallocate(r0, 0xe, 0x6, 0xffffffffffff5a11) r4 = creat(&(0x7f0000000280)='./bus\x00', 0x80) r5 = socket$inet6(0xa, 0x400000000001, 0x0) r6 = fcntl$getown(r4, 0x9) capget(&(0x7f00000000c0)={0x20080522, r6}, &(0x7f0000000140)={0x1, 0x8000, 0x81, 0x40, 0xfffffffff0520d4f, 0x5}) r7 = dup(r5) ioctl$FICLONE(0xffffffffffffffff, 0x40049409, r5) setsockopt$inet6_tcp_int(r7, 0x6, 0x12, &(0x7f0000000000)=0x7f, 0x4) bind$inet6(r5, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r5, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$SO_BINDTODEVICE(r5, 0x1, 0x19, &(0x7f0000000180)='syz_tun\x00', 0x10) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x400}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r8 = open(&(0x7f0000000440)='./bus\x00', 0x141042, 0x0) ftruncate(r4, 0x800fe) sendfile(r7, r8, 0x0, 0x8000fffffffe) 03:37:47 executing program 0: 03:37:47 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x822102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg$netlink(0xffffffffffffffff, &(0x7f0000001dc0)={0x0, 0x0, &(0x7f00000000c0)=[{0x0, 0xfffffffffffffce2}, {0x0, 0x15e}, {0x0, 0x2c3}, {&(0x7f0000000000)=ANY=[@ANYBLOB="b80302000000cfcf1a0401ab6202000000"], 0x9c}], 0x4}, 0x0) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x4) ptrace$setregs(0xd, r0, 0x6, &(0x7f0000000240)="2d3e3f8c4ea08a4bf51b327ca0fb20eeede99e80cb6a75f93404229adec1858000268f6eb5ee02d6ec8b8fba2ff8e8c22d0ca07d29b888a7b1a320e60ed1b91bdf57f6dcf71189b62205089ea3fc913768bbbe20") ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) r1 = syz_open_dev$mouse(&(0x7f0000000040)='/dev/input/mouse#\x00', 0x5666, 0x10180) getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, &(0x7f0000000100)={{{@in=@broadcast, @in=@loopback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@loopback}, 0x0, @in=@multicast1}}, &(0x7f0000000080)=0xe8) ioctl$SIOCAX25GETUID(r1, 0x89e0, &(0x7f0000000200)={0x3, @null, r2}) ptrace$cont(0x7, r0, 0x0, 0x0) 03:37:47 executing program 1: perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000200)={0x2, 0x1004e20}, 0x10) connect$inet(r0, &(0x7f00000002c0)={0x2, 0x4e20, @empty}, 0x10) sendto$inet(r0, &(0x7f0000000280)="dd", 0x1, 0x182c7597b70eb164, 0x0, 0xfffffffffffffe72) sendto$inet(r0, &(0x7f00000000c0)="4bba57bee128b2763efc6fe9a8b3160c8c780ced1240f0c62e5e3eb0279e63f863731bcaa461012bf6eb84ad7ffab75a4a2612e2c8a283a01d606b98b8b4793942e744c5", 0x44, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f0000003c80), 0x38e, 0x62, 0x0) [ 628.863367] x86/PAT: syz-executor.3:23673 freeing invalid memtype [mem 0x00002000-0x00002fff] 03:37:47 executing program 0: [ 628.928629] overlayfs: missing 'lowerdir' 03:37:47 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca50d5e0bcfe47bf070") mkdir(&(0x7f00000001c0)='./file0\x00', 0x0) mkdir(&(0x7f0000000040)='./file1\x00', 0x0) mount$overlay(0x40000a, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='overlay\x00', 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="75707065726469723d2e8700696c65302c6c6f7765726469721d2e2f66696c65302c776f726b6469723d2e2f66696c65311101276a72905c00"]) 03:37:47 executing program 0: 03:37:48 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x822102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg$netlink(0xffffffffffffffff, &(0x7f0000001dc0)={0x0, 0x0, &(0x7f00000000c0)=[{0x0, 0xfffffffffffffce2}, {0x0, 0x15e}, {0x0, 0x2c3}, {&(0x7f0000000000)=ANY=[@ANYBLOB="b803010000000020000000000000000000"], 0x9c}], 0x4}, 0x0) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x4) ptrace$cont(0x18, r0, 0x0, 0x0) r1 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000040)='/dev/btrfs-control\x00', 0x10000, 0x0) getsockopt$inet_udp_int(r1, 0x11, 0x6f, &(0x7f0000000080), &(0x7f0000000100)=0x4) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) [ 629.025239] FAULT_INJECTION: forcing a failure. [ 629.025239] name failslab, interval 1, probability 0, space 0, times 0 [ 629.041899] overlayfs: missing 'lowerdir' [ 629.085570] CPU: 0 PID: 23702 Comm: syz-executor.3 Not tainted 4.14.138 #34 [ 629.092730] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 629.102085] Call Trace: [ 629.104680] dump_stack+0x138/0x19c [ 629.108314] should_fail.cold+0x10f/0x159 [ 629.112469] should_failslab+0xdb/0x130 [ 629.116449] kmem_cache_alloc+0x2d7/0x780 [ 629.120597] ? __pmd_alloc+0x410/0x410 [ 629.124494] copy_process.part.0+0x444f/0x6a00 [ 629.129104] ? __cleanup_sighand+0x50/0x50 [ 629.133340] ? lock_downgrade+0x6e0/0x6e0 [ 629.137503] _do_fork+0x19e/0xce0 [ 629.140962] ? fork_idle+0x280/0x280 [ 629.144682] ? fput+0xd4/0x150 [ 629.147882] ? SyS_write+0x15e/0x230 [ 629.151601] SyS_clone+0x37/0x50 [ 629.154967] ? sys_vfork+0x30/0x30 [ 629.158507] do_syscall_64+0x1e8/0x640 [ 629.160542] overlayfs: missing 'lowerdir' [ 629.162400] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 629.171471] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 629.176666] RIP: 0033:0x459829 03:37:48 executing program 5: syz_open_dev$sndtimer(&(0x7f0000000100)='/dev/snd/timer\x00', 0x0, 0xc2) r0 = memfd_create(&(0x7f0000000040)='\x00\xac=\x9d\xd2\xdb\xe6\xbf\xb4\b\xedcJ\x8e\x84\xd4N\x12\x9b\x1f\t\xbd\x11+\x86T\x16\xa3\xb3\xae0\x9f9?\xefo\xa4k\x012>\xa1\x9c\x86x\x1c\x9f\x84\x195\xde\x97_\t~\xf3Y\x12\"p^\xc1\x0f', 0x0) pipe2(&(0x7f00000001c0)={0xffffffffffffffff}, 0x80000) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000240)='TIPCv2\x00') sendmsg$TIPC_NL_PUBL_GET(r1, &(0x7f00000004c0)={&(0x7f0000000200), 0xc, &(0x7f0000000400)={&(0x7f0000000700)=ANY=[@ANYBLOB="f800b900ee6059aa5bf14ff6a69df6cf78598587885cc2979be4d33804ce45cf25a023e9d85b90b16d1c4f676e9d8d20b58f8357894ddc76b8621dbea8fcf60e000000000000beb107743e7f8356bb1b4c0de66bec6f53d13682abef3e61e52e81ef49b7430113f3811d3f04cf033549732f89d78a64aad3db174f0fa25aae831eb197865d", @ANYRES16=r2, @ANYBLOB="00012abd7000fedbdf25070000002400020008000100a400000008000100800000000800010000000000080001000600000068000100080003000000000008000300ff000000380004001400010002004e20e00000020000000000000000200002000a00000000000005ff010000000000000000000000000001060000000c00020008000300f7e50000100001007564703a73797a3100000000140009000800010002000000080002005f03000020000200080002003200000004000400080001000500000008000100fdffffff24000900080001000400000008000200348bffff08000100020000000800010000000100d38e0166af14aef0fed3fe37ccb98b8e1d618758710bcc343515620b7485b2e5d34afd97798864139f9bd4a82584dd5fa513b207b6aed55e6fa9e1a400b4c5cfda809f61fa901ac4e4a13376e03f6d591f4663839b5b00066e998ace"], 0x3}, 0x1, 0x0, 0x0, 0x40000}, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='Cpuacct.stE\xae\x00', 0x275a, 0x0) r3 = creat(&(0x7f0000000080)='./bus\x00', 0x0) fallocate(r3, 0x0, 0x0, 0x1) read$eventfd(r3, &(0x7f00000003c0), 0x8) fallocate(r0, 0xe, 0x6, 0xffffffffffff5a11) r4 = creat(&(0x7f0000000280)='./bus\x00', 0x80) r5 = socket$inet6(0xa, 0x400000000001, 0x0) r6 = fcntl$getown(r4, 0x9) capget(&(0x7f00000000c0)={0x20080522, r6}, &(0x7f0000000140)={0x1, 0x8000, 0x81, 0x40, 0xfffffffff0520d4f, 0x5}) r7 = dup(r5) ioctl$FICLONE(0xffffffffffffffff, 0x40049409, r5) setsockopt$inet6_tcp_int(r7, 0x6, 0x12, &(0x7f0000000000)=0x7f, 0x4) bind$inet6(r5, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r5, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$SO_BINDTODEVICE(r5, 0x1, 0x19, &(0x7f0000000180)='syz_tun\x00', 0x10) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x400}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r8 = open(&(0x7f0000000440)='./bus\x00', 0x141042, 0x0) ftruncate(r4, 0x800fe) sendfile(r7, r8, 0x0, 0x8000fffffffe) 03:37:48 executing program 1: perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000200)={0x2, 0x1004e20}, 0x10) connect$inet(r0, &(0x7f00000002c0)={0x2, 0x4e20, @empty}, 0x10) sendto$inet(r0, &(0x7f0000000280)="dd", 0x1, 0x182c7597b70eb164, 0x0, 0xfffffffffffffe72) sendto$inet(r0, &(0x7f00000000c0)="4bba57bee128b2763efc6fe9a8b3160c8c780ced1240f0c62e5e3eb0279e63f863731bcaa461012bf6eb84ad7ffab75a4a2612e2c8a283a01d606b98b8b4793942e744c5", 0x44, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f0000003c80), 0x38e, 0x62, 0x0) 03:37:48 executing program 0: [ 629.179847] RSP: 002b:00007f74f3dd6c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 629.187549] RAX: ffffffffffffffda RBX: 00007f74f3dd6c90 RCX: 0000000000459829 [ 629.194824] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 629.202082] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 629.209351] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f74f3dd76d4 [ 629.216601] R13: 00000000004bfce6 R14: 00000000004d1a38 R15: 0000000000000004 03:37:48 executing program 3 (fault-call:6 fault-nth:61): mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000200)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000003c0)='./file0\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffe000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) 03:37:48 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca50d5e0bcfe47bf070") mkdir(&(0x7f00000001c0)='./file0\x00', 0x0) mkdir(&(0x7f0000000040)='./file1\x00', 0x0) mount$overlay(0x40000a, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='overlay\x00', 0x0, &(0x7f0000000140)={[{@upperdir={'upperdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@nfs_export_off='nfs_export=off', 0x5c}], [], 0xf603000000000000}) 03:37:48 executing program 1: perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000200)={0x2, 0x1004e20}, 0x10) connect$inet(r0, &(0x7f00000002c0)={0x2, 0x4e20, @empty}, 0x10) sendto$inet(r0, &(0x7f0000000280)="dd", 0x1, 0x182c7597b70eb164, 0x0, 0xfffffffffffffe72) sendto$inet(r0, &(0x7f00000000c0)="4bba57bee128b2763efc6fe9a8b3160c8c780ced1240f0c62e5e3eb0279e63f863731bcaa461012bf6eb84ad7ffab75a4a2612e2c8a283a01d606b98b8b4793942e744c5", 0x44, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f0000003c80), 0x38e, 0x62, 0x0) 03:37:48 executing program 0: 03:37:48 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x822102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg$netlink(0xffffffffffffffff, &(0x7f0000001dc0)={0x0, 0x0, &(0x7f00000000c0)=[{0x0, 0xfffffffffffffce2}, {0x0, 0x15e}, {0x0, 0x2c3}, {&(0x7f0000000000)=ANY=[@ANYBLOB="b803010000000020000000000000000000"], 0x9c}], 0x4}, 0x0) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x4) r1 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x3c00000000000000, 0x200500) ioctl$VIDIOC_ENUMOUTPUT(r1, 0xc0485630, &(0x7f0000000100)={0xface, "d689e6dcd4d8c8469d93371b7d7306ffedd0d5123e7e0eb748b86022d6136ae9", 0x1, 0xffffffffffffffff, 0x5, 0x3000000, 0x8}) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) [ 629.297898] x86/PAT: syz-executor.3:23702 freeing invalid memtype [mem 0x00002000-0x00002fff] 03:37:48 executing program 0: [ 629.368581] overlayfs: unrecognized mount option "nfs_export=off\" or missing value 03:37:48 executing program 1: perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000200)={0x2, 0x1004e20}, 0x10) connect$inet(r0, &(0x7f00000002c0)={0x2, 0x4e20, @empty}, 0x10) sendto$inet(r0, &(0x7f0000000280)="dd", 0x1, 0x182c7597b70eb164, 0x0, 0xfffffffffffffe72) sendto$inet(r0, &(0x7f00000000c0)="4bba57bee128b2763efc6fe9a8b3160c8c780ced1240f0c62e5e3eb0279e63f863731bcaa461012bf6eb84ad7ffab75a4a2612e2c8a283a01d606b98b8b4793942e744c5", 0x44, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f0000003c80), 0x38e, 0x62, 0x0) [ 629.417380] overlayfs: unrecognized mount option "nfs_export=off\" or missing value [ 629.436519] FAULT_INJECTION: forcing a failure. [ 629.436519] name failslab, interval 1, probability 0, space 0, times 0 [ 629.463263] CPU: 1 PID: 23736 Comm: syz-executor.3 Not tainted 4.14.138 #34 [ 629.470404] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 629.479761] Call Trace: [ 629.482360] dump_stack+0x138/0x19c [ 629.485997] should_fail.cold+0x10f/0x159 [ 629.490153] should_failslab+0xdb/0x130 [ 629.494134] kmem_cache_alloc+0x2d7/0x780 [ 629.498286] ? __pmd_alloc+0x410/0x410 [ 629.502185] copy_process.part.0+0x444f/0x6a00 [ 629.506797] ? __cleanup_sighand+0x50/0x50 [ 629.511035] ? lock_downgrade+0x6e0/0x6e0 [ 629.515193] _do_fork+0x19e/0xce0 [ 629.518647] ? fork_idle+0x280/0x280 [ 629.522368] ? fput+0xd4/0x150 [ 629.525567] ? SyS_write+0x15e/0x230 [ 629.529286] SyS_clone+0x37/0x50 [ 629.532651] ? sys_vfork+0x30/0x30 [ 629.536198] do_syscall_64+0x1e8/0x640 [ 629.540080] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 629.540098] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 629.540107] RIP: 0033:0x459829 [ 629.540112] RSP: 002b:00007f74f3dd6c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 03:37:48 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x822102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000140)='/dev/audio\x00', 0x45ca19290532cef2, 0x0) r1 = geteuid() r2 = ioctl$TUNGETDEVNETNS(0xffffffffffffffff, 0x54e3, 0x0) r3 = syz_open_dev$sndseq(&(0x7f0000000180)='/dev/snd/seq\x00', 0x0, 0x40) getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, &(0x7f00000001c0)={{{@in=@loopback, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@multicast2}, 0x0, @in=@local}}, &(0x7f00000002c0)=0xe8) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000000300)={{{@in6=@loopback, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@initdev}, 0x0, @in6}}, &(0x7f0000000400)=0xe8) sendmsg$netlink(r0, &(0x7f00000016c0)={0x0, 0x0, &(0x7f0000001680)=[{&(0x7f0000001e00)={0x2320, 0x3c, 0x300, 0x70bd2c, 0x25dfdbfc, "", [@nested={0x1004, 0x8f, [@generic="65a51008c7d12344893dc1af846cd603461722e9e628860d6cdcb01bdc3d4d68cf6a46908c301096a090c058b28ac44cfa0200adac2e0eea3795b3dd5f51a5e80334bfb44a233be9db755c8d8bdc900e36a9d0f1aba155b0f51b32151d19a3189e499e5c31854e46fc000d1a2a6e124724c9aa0da713a1b2e894def6518140771adc5533a426698b5baee8487612de51472ef09432859f58e626c493b632583fd5c0af7aeadcd885218451c2cfc19f0cf62507edc8f2b4cadd6b5be476ff1b4156fa14112d321956c51a4480037876514645d22ecf4ef5ade6c550e0b6a760bdb1b031bf8263c1b2fb8d888ef90c88b491a82766e2afcbe63f9f706a279b7a2e5f8771275d785292e0e5273df223e021cf9c619fd8eab86d15b912fe122e590738671acb42e0c63b70765859ec90c847bcfca8851ddbd09ae195acf2d45385e43be8eb9f2e779984e46b99d5783e122a69035b4f2200123ebfc800eb48bad578d163b5706ed45ade57a7be53fb2ceb5c337ea194382997d8fd1f0615b9cd6ba37e8d85682ecbc7e0a67eb088f648094fded3dd24a0ed39865c3faba5de09aef0f4f2be6cb3db59a1fdd000ee2beec48b6ce7d875b800ccd6deafee78cdd12a33ed5148c636231babdb902fffaf6db7b36d45d726ae8b36c10bf1a6e60933b2c46cd806c378935b22846fac2db48f6fa75a45e74c3cf66ac0a0cc629acd781a40fc4a094a3df519b4b998924a8d4cb7d2cd01ca0fbafc00403e3c83841f06502fd80fbea4506a3e7da1f5e8511a04a81e3162c859327242be40c378e921eb9b9a2f15dca409bb5892422a258c75ff3b73ffeebd188f332f26550f9be42cbfbe78d0790b222145449b7b807885581ebe1b90f34c9c99f5e1c6ba08c29b904894bac67a0f2ec549bf3769bd78b99f7d1a66a57e3a31973db5ff765a5b0fda9b310d839e872848dcd715fcb9cc37826e18e49ac4e36a0d088b4ebc30e51e07ce0663d40b440afa0647c8d6ebc918e7df184efc975ff0dad7d6033fb9868180efe5d290c2787c4c1817916ff43a1df9e885faf25d6c394817ec41484903635f0dcf44670abfd128157b8b45f18e325b6c8411650437d13df1bff720147c0949a98e0ecde212f841d453c55a83bc87fc95579774aa3d8ef245182443f1d59ef87bc159ce62214abdf3253e4cc85271f5aa9f2c43567bbe53d5a29831b2944d28f02d9bfb70161a90e2c50f0c7c4c8d070ce18d143118e40dd9b259558d7f8ab4b225f782abbf8e7d6030513c1361af2c599050b76eff2d0996e4a1cd15b04c0c2562554e901e69a930c1996b102fd44eedc69a10dfedaa285a1a96ddfda514f257e6e9485035523e68e6e2f57b84e14af22b3ae2759f7d3391df44e8dc0182e6528297db82008dbba2b87c82f0427cca8a3fc3a56de6196a859f73d01b9a1826a7d979ecb1c91f14a2b8ea1149372f5123983b2c407f77d2f4eb593b336a5c04869f7162aecb6df5589c9a874f142c77015cfb53a408c18378955eb7006ac6baaf59c46f7b6db5224d679c94ef1e8a2e67221c9eb6af5d4027b4c50aaf631fe910ea9c764da0b8b46c895b30c4fc2299dfc3fb9cc680d1179022044b8f016b93583cb99cd2d6694e4b56544e3dde9a8f5cd056594b05f101bf1f7015b5fd839ac7f3bf65931309e8612826ccf3a2264c489862440ba8ae9cd85616a906f45c930c6596131c010eef6df696175582fd32b07277dd94eccf47202ea1ebb816142adfadf1b4f2a365c6f3c948016096a00000b8281616b497ca71a12ed7dd001c18fb97c3612d962ff5419a9b2d9d521c863e8c733ed01bd7279ff1751bf7683efd57876c47704a797e19bdc245044c513b1cd49c09c29fa545cb5cdc540dd1941c5cd3ecbdcc2054da9b090453f21e63ae3fa94c21dbb5b6cd0e8eb0e697527d97fdac8a265e88d873bcb3fab699e1bf8c6e2250a1ae1eddaa7363a970adcd46cb27ee90ddafbec2a56a567d870816fd01ebefb164da60c8af6770994523dcd61550b59fb97a96c2e426fe6b396726f32d3af33716e15166de8bf95ad86040ca167ae394d25b26399061e86392f594fc69759979c82c000ee8a2c64b2397e036b058a7f5229c23692f78716bb44c67426ebb2f6460b41fadfbaa94965eb1ada2c6635607b834805dc78c0a0c3e07b14e09de95a7a24ed7bf8a10d77898d2b145736d27d4c374225a3f0e82e7f09fd9b33129916ae2e7ed7d0b5d5da69f468732a3bdb4b01f094f5b48fe48decd968a9b1e5b1f795aa4e58ada790fda20ed0a440a87b995fdebfbc95886f9a0f91dc6a4a12f39d8caa6d55acd5f16ee2d21f5e5452ce085ff6c1b1436470eebf984da444727224235e571423a3bc90e7ef1ced1ac5bb05f2dd28f82161703048964ae0a3e376d545569d8d6ea98eb081a9c86100418d66a84b69a06d368e62a1ed582d9aada75805a532c3dc9b36534f293612755a52f364c9e954f5a3ef6158902316f9380af0041278d24294ee88720b2cf020a617b95f874bd080e23d0618900d7faeb5fc59b1261e21c361ea2b3123363455a6f74a9c3a35dc72c80a6efcd1bd0e4f5e6e40469af436a7a6eaf6d9f07b40392df1b465c864cb370d4a65e0735e787325ce6cac7d3a01acce92d1fbccdb2a297b61f80a7f1d3dbcb74153c77720a908397faf86519c223694afb1498625cc4fb299c8049152053738b225bf37972300219c9e9479e1261df922462f8cb19f6a01b14e00e553a4bdd43401d009c547c1156a7d23be2885d91a5c7ea9bdce14508eac294b2dd424b939e92a2a2fc5b137e26697818a294447a371257d8ec1b4e01986b522f1815d1a82030ed3c0991621345579310ad6745b6cad83c3965d946c0481f697ad7ea714b28b922ee47a5fd3dfd9991764ada9c93087ea8c2cacaee74cef398f6399b737e1e8135a9a630cdbaf4e93cd6c4b2456af3ccca86ae52803c9ddc07a18c1973e2ecda64ba074922bec1447cfa7b33475d056a0410b4d8aeeb89639eff473168a6d7f66c266d1cbc802d5dc1cf7eb05eeca3ecad0e29b87efeab6cbd6c88730231eb31ecb472158eed8d937e6736922bb1d032c1a27aac16eeb7cae8f296f95a5f2870f1f983663852bf956f84f4e014c5ec1e600b0ae05f03caeca4bd36abe1e38b46c1076280837541c38c3a87370faba98dc0c397e1a03f5eab68e434b7ca8c88220cdbb230627523dba038a15a4f0d722eaedf0adb3ebdc4a48465a0307e5cbace61a0e770187e2e9c75d252add50a3731d4be7557a91613681d481050ae047a339d7d44a374c8e94e4eeb22776526e35274c90ace8572e92b35db6c130c84610956ccb71de501ec9e1d2e2eb143c1cb73fa178a0a538439563cf0b784426b2e66f404e7aec30db0247600e2646786488b089f8ab3772bf5d621652c46ddde9393bac8de0dae64e3afd56db0f2ed70e159d1f36975a76d09d3ef05b3ea02ff582f39f78a02de73d48291bc93b0c6448d482cbfab26fdee72403c6058d0ac89da2895d3159b64f7fec251be805a142bdea0df2363277bac11c10ca15adbaa9bcd05803a36c8e4ba0848f207f795965db0eb1bd7f4a9d17e8a04e9f672ed38934d8f2f4b3487ec956496df66eefdc22323a46a3d822d780240c24e52159e40739ddad3d01a88d6d07f8c80c0dc55cae616d10b899992a50d343c7e6601f41f8557d18f7d5b6ce2cac97d3be342b1cad65d9d42bca6fede2d215518f418a0fc6b7bed6142bd8747511dcbcd86cb53174aead728becfd6239201481baf9b55e286077e34afd0576d6b1432ade61872b0d0ab5d19681a5f4a4b41ea51628723d4d94a4613d83d8b3469b285ce6b38fb48086a5d3fedcf38ed68d77381d9edfb569d3af96f9adb68a62a4c330fbb10b6bc50768837be8b939a0f63bc2fda31828c005dcb545138f215093f90294334868d7bcd8fa7fbe64db79c85f13b890152f5bfcea2e49f3d2cfc9113f989ded687b224b1ad9a392b938bb68109531611d0e04d6ae5abcdbe05a2bac6cdfdd68a2549ea015e9e6bb2bbc8357be871b577a7e2530922acbebafb08c9e9d4751fc1500191b406b099599a2aa66f4de3db14c00d84a5bf3e2a2cbe7d0cca96286ba2eeaa349c4facd79a679e5bba3b13ded77958917d87546d62449f0ce04f343e26007bc5d97c473e7e55ca57964a0d19fa24f612d9022ad186006036e95e197f13cae49f4d455e9ee391106ec0ee7585ef7a67766f5e62279c92469e8d4d74633d55829f284399f94e52939c016d993b01ed9550e3305115cb39f87dbe3829dfcc1ff36d5a2ebfbdc7e0601edd2e95dd2d3785e6ab068632fec5c08b1e16adce39c7968208fb6190c53b1a6ed14f59e1af83108d4d4781afd58f8b8979d2c7d37026fcbfed49080ff439b2b47cd26f58b235c017ef8198d4339776d17d6eef684b0e05923f25faa1678c7a93cdd2cae80cfae44f20e351e420452f8e3c4fb4d1d9d7e431280ffdc157a5c1bece19e93d09e362480e7020c65f70371de73bfbf034a1606f638911ed000751d3495fb635334686d39668faa3ab602094d4d22e50cbc4fb53af1cbed0d0642e818b0253311f1036608dae881b262ae32d398d7540d906c4514d971c31fdbf2447e6a9fd10b91fdb8a1e5cf26951bbbea8ceaf54b1aeb2be41adfd996c74168539680f9ab003a1f83eb46d07fc49fb4912a3ab9acdd8753ff043ebf4556beb2d97ffa0ef9bca9064d17b77953cf96c6566a2e00a6a986bd4861684060c436f9fee45a9adf856fc27598a429b41010a43f144a516a3de3fb08ea6977d7f21eb33fbc2b8f7f1ba40cdd33424c437cd631d8d8c56b1a16fbf1e96fdbb1d7d78abfcb0989065c6a1ba244e16d4dcbbc6fa5f878bccef736253cd63a6acdbd28228a6b20658f0729716f469921047cce909d03ba7be7f778635d73ad94602533dd5078fe1b8ae4311d848a013ee46eb8f4d70f818b36ef620ca44d3af39862282c4859d684c6c4cba329842d8a2057e759ccc05971ae7231135e5b506669b71be1b1354f3dbc84ed6a4c49843d8ce206cd54c6f98818fae7be7404684120cea8e59690901193189483fecae4ea51291e8b28abbe473032df04c308d141570e38e8d0867d43b1c0c572ebcb7b7679ad2463bed5d276f8879174a6a81874900622262292020da8243da64265b942dc97b44e2765111708630b851c3d5ce96b48972e8d2eedde63860257f4d6cde7e6bf30d033576835f64d6ec9e7912981fe4d1f479aedb5afb25a2a8236bbce53f810f69f8f92320f6c13b819da9338e8cb1ae58649c9e0d72a68b716a84f81e2a2b23986c6443de9689871af50a71b010af9e90500b3f1201f078d982125344cfffe693b9e26dd9643ca0ee1aa1fcccea900586c76f15654d501b6997087c1e000947d1dfafe827222c9312d2f874b401a89e849a57d772ecb3aebfb248cdf40c2d32147187a397765a0b900d9139466bd710500df97064e283bd4cccd74eea077ec29f4c35d71628edcabe166f69b450d30fe8cc75556dc2208c1a10881fef8e46495d6b74cdccbaa85bb91a54694689823567727975f1010b51c11d223f4d64d3adf6d84f74cfe750d1ccf90663f0e48bae62acf27b1f3058bbd314f704543361e6dc386af381709e03e258b1125462bfa2fa9cf3bbdb18e77c7c4f70de5753c47f1276f128f4bf14164b900182b43ba7a3cf941cfcd4445c2b413f4421468dcb7698f0d7970c027453cca7e5b9ff20a2820e3a6ce8c6c9d7"]}, @typed={0x8, 0x2d, @uid=r1}, @typed={0x8, 0x4a, @fd=r2}, @nested={0x1e8, 0x6c, [@generic="ecf5936f8be0e2d3790386f7077b2fb0f69a0ff0f003c3143d295069dc4cea4dad1d13918b4c0594f23281ddb486783dddb3a129b3df77", @generic="aeb34183713fe4343b0ed6fd719c745b560d32fb78d4a3c77575e6fd44f09ba5c9a30f591a6be7f12d5ee9f52ffc9ef1aa3654be48613aff4024b0ebf4a8ff88b1bdca8bb6d2ea500a19eaa8a970053e967e4e5595834805588ace04b4796808b4463f1ddd038471ee052c6248a0cd3f243e740cdd3768e464ce0e2d20399598fddf01", @typed={0x14, 0x23, @str='security#cgroup\x00'}, @typed={0x4, 0x70}, @generic="075d8dde87055871601613c0bec20fdeabf410897a703741d53af00cee44ebb3821c4d272a5d7f3277cd231b12997d88f734a5707c59bc558c56cac70661c369d908e9552da3b12fdf251c546d5270141d3278dedb676f2cfaaea0ddbdcd491c8c9bc94bdf73899667f762b5ea22f5da3c0badfb89ac304ebc29", @typed={0x4, 0x7a}, @typed={0x8, 0x52, @fd=r3}, @typed={0x8, 0x4c, @uid=r4}, @generic="8d5d850c959ef3efbcd22545765f6d93bc72fbcfc2524476fee7df0737b40abef07f72a347bad30fb75934b65ffeec339cfceec48ccd9161987f2ad0b4f3ed5dc0c0a610a2113bf85a3b4da2303486752749b82db8232ba86dc339a5c60382a7e23e6e66843dd585d0d4e9d09e90bbc84357ee2bb3911380cf7ef09183569fbf77"]}, @typed={0x1004, 0x27, @binary="a7e5cf25633b4556ea6a896ffdd5c1ceb32c015a94b41331300ae761c61734065ca3b2b7b1fedc71c03104eb228b1e3c9fb11ce0e50a735a5da2220fea6dab978edd5d2534d5b330c649102528561c5b0faf5545fd4d96bc5cf83417888c72edde4602a4ae4a52f41bb6105d9b509a8936c46225366c2333e97fdd7fd3d96e7c754da6a820d89b8f81856a42bb6432b9228967fb135c608155ea2d3a35a45cd1d4363452fc6927d330eba9f5d250dc0a1fab07fe74e45ac6797b5eb7e26bb26ad27925f82bf33f0efba526594151e5095156aa9d8e2a6d88d60abca89c9673ef9cee66d0c1cc21b27b43bba6baea9fe317f0d82654c522580d5a6838188b6fdb29accc1f5b1053d93e10a678793a9121714b01455cc8063fd61b7603765b62a055b88473baabc7d3f0f219c60cbb28be81cddaf38deceee85f051db76d3fd94566fc304f57b22d8f6cf71faa071f131c13e799b2b18b9f7b37280d79fe303f7188b36185252369ea29ae684934bb0550c945b52e9f5cea30b2e8002cea371ae569a94ef98c2dcfd81e0c75b8bcdf876906217df5644a24b5efaf13b16d26711efa2b5e6427f26c6e68bf55a61b97369c3e87b2fcc73cfe65a6b0d35866a9a729a8d55ec56e674a69641419fd1788e38e75063ea68689794ca39a99161613762a80b1c33d5a00253d4a294f32a684767a2750f825c0403ec4fa3517cb5e131e564215dc0bc351b3e7e5dbecc9d098b53f901d9a2ae01bb7647c504c9ed2b5873452a6d2776da68033f7f9461e7139950867593a2c55f9192d582dc79f96e1a5f85c1289a336e4da1a9cf1189d87ec306bc9bd9cefc6efc6df76f5298d0a9660ba01e20cfdedf7e18ae5c0970b4fc0fff29d8a0ef53938549af5100f2f6068c262f47bfd672d7bceab61b7d423b80973b996858a330300872d7b401b6025677615476347b1ca187bebffffd43b078a8180ce50715bb2beaec8679cd6de338d8515e3402c60471931191bb60e6ea90033ddee0afa9432919a34e94294edd6860558db1baf5e7f2119fad10ddd547b49cd98b4e7add69aba827a27786385d702554bb15ba2f48ee8146eafa42bea1b3a1e3e01491451ef1d182c624493ce35830288b9b516c61d2029b309a3aa8df0b7bfd98afc4361a1da2f563eb3a1e2b5e42931f6ce2afcf876ac947114d4828936c4bce93538de68593de87505293129f7c75a1895ddf70019c905ef1c6ea2c79cb8d106032869c5f436b8a55bc40d67b26155ab22fdc9a0010c458c0fd71ceb8927432fcf6f8a531c642db07f6f4162924edab5c7d4e1e6318ff3259aeb227f388489fde116f83c6a93b3130c79d36c47fb0a342fd6967e1ca8d876d0e60a9938de4f5b996fcbbd324ae3021ce3f8a5c3e69c873c0487c1026ab9405efa50cc5ef00b7a591113a8a3d708aae4be4b7aec67c8c4124cd5c90728eb3a7d1f7e1d0e9f94d2635869318c4dba1f83fc9194c363c6135f0f82b83a867d407c41aa561811778ef75c9d4f966ccd4ea3b9c0a166e23f8b4e3a9d61c6187a808de648672b5f5081eef3ea3d373aa6ca89df3296a78c06d2c540fb2f1b4023c461cffacadf375777b2c0bd12b87d46553bbb40584fd00a78d87a950f46272db2eb7a3547fcbac8aee64e52c2ba2e647254ae6dfd90828455b872a56f2e37001fc91df72d93fd189752b79ad1ac1005e94e28f5b9dff3866b0ade04f01ef57973aa18c8936c3a999442250fced3b69de9860046735b9ad2ca58009d478bddab9bd63f9c02197c7d22116f07874830e5f95cbe20b74274386fc10adc2b248ed6087f20c6d5fc6d3518356efe9378cf9087105b520ca22382d4ffc49f8362a568702df1a592c7a151d10ef34114536e6fbfd46918315b71ed933e56dbbe68913eda2bf735096eff97273925d558e4413ff2e312be4bbc7610ab23e381d352a5ea4af574fb6cb4e58d50e61730194748a268572f047dcd67f00d8d79ddde3c6c87e9ffc8abf817295b07bc391b703e9d65e154ce2f1a702db096d8e347c96f4fa07846d637a3c14d6bb98e97daffad17ac0548fb46eef4ed15ae7449b8b49ab2002257f1f09171b1f98a9473a4f826d69bd538b8807af5c1e6bb910cc610da1842acc0a2ebd09b9ecaa23ae254b9abb98e2a0a17a22e50f33245f6f35638173c5580e47f3e593ccc711985ba4747bfd7a1e381528c0ed006a165eecbed1a3c5046606d1bf48bebf17e1b44ca81d1cd46a785542697687864298ed595b5437e0cafceba2535762267eb46a551ff7e95713b22997672217136c3a9730eefdc80cf7bbc126230ccea504974038d140d200cc56d478708bed07af9ed5f69d06ba0c4891eaa02851c8e45f6e8692ac8744a09ba2ba3c06912db56b5aa415a9be288b91df3c89c365b79c1ae9f89c3217e0415192a58786cdf30c81f30fa8ac6f63fd0db0ed442c525254c65c86e325c7132e1073cde984940627b2ad2042983ea205489874f6d007c35bd6fcc0ae4ce803f3e8b975b2e9f7c521ff48214df5283f0acd858470144352b698b84fc91c402481d25a3a8da381e4cc2387bf88aaa663c384a4cfb4ae6f8486a9be48bfe99c1d0d939cc60b48e5025bdbcd71ce1120caf79e17dc4f028b0e4f5863afedc1dfe7364060b8ddadc78ea5ad6ac51827d230c6c7abb435f4b6f8ea74ff81871a167ab11578b18656fd3f06d254838a31076b2897df25fec19d060224c07e1a07d23d910845e88c233e18d7cd8343f44e9310688e4e522d8cad811727eeecf17b27f24c8ab000686e7f3d28a6cd2820b967324ef600f9e53e521c5bd1806482ba30e3ee239333dd8bf928c1659f2414c1099ddbaca07048a906069be83e60c209ac2888636dd567f8870aae55448b052ae3dd0e0b7d26e93d261c9bdd98219efdfff9b9db220548ef039234117ffceb5465fb448407c94996ca9d0464cccef9d82d03dd70d83047cc5dbba2e262cf0510f73da1386fa6f4c8529efef60f6b9719bbec53ea4ec95661e79a4173b7c2e5415353ac9e4eb8bcc3319445c735c6799c93cfaae4ffc0ecf6e1c75300d3ec3068cddb8f271c5a70df05ac56e896a13ba74ddbd5a0ed118f655913489b0219d96e4fc2f89de3e83be39554879c27e853fc37fa342ab7d5c95f93c0fd51cf1fcbff3324f9f84be633652d2431bfe705f9718b680e95ca896a712b59bbfab786f189644d3c701e335c3f54ed783ffc21d0ac05ba297e56ec86e9c6cb71f68c440a703227ba579fe798cda01315985dd0bd1d0b253e90b0f4bdb720229e9eed30de0e61fcf77ab876319b41585880985322b267840bc841e14ded9cf24fa1951f67387a325c65e5df104f8fb9929fb3011bfd24fb266abe2280fc8d749e37275d60bf48c6a9e96eceeda9c4ae22f9b380ef2575d53606c8cc5c3ea80db7dd86be611ff057545fa4b46f4c8b6861014983c5dc75cb7f2bfd279355d16188146a54c26c624569ed8d2c241a63a87bac4aefebb94586036956c19603624af1e2613000362d0eb1dfdeedda70488e35ecd34639e279e44a62b9c23d209433f69643713700dcb40fddcbc95af7772d7e7c78c19ed3b6f54572689a568a483cab0b73f07063cc7e4877d08469247aedf350d38dbf22727ea27a68085607fad8c9e2b07e8a244f5a1b4f8a96331fc38c042ef37ffb1ef240108aae96023ac412cde7b4ad143c403330bc489a9a53e428da8e12572903510295ba3b4dc7975a2e0ed72ab82bffda22f69391a75fa70929523668c65b50b8f291dbfeb7ade13bf8bf92f6aed54520ba693dd0126316cbac72849c70869e23cdd83c8fec70cd082e5ac3d04e94cd1a2703eec2e1eff5f4c067878ff16e7e48c62fa8b6d39e0ba4b51c237f20313f1cf21442120384c797b80237b8dacc93f5d7e3a1a0bbe4bc47ab8f09d913aef7cdf91b56bd2a9142ccfb2c8d478f1874dca254ecff5b2ea41abfc88096522fde96bf93396a947debeecfc8d2f3d7eca86df099004d99d40ce5683fb270af7cf2576c66fe509b7d832c3c88a0e8b9f0159c4defe5c8f5175e698f76bba5e4f95f5c2ec03ebdfac557284c42ca19854929e669b18798cf84512f661f56c21cc75b2b1b5a35a1c41b77ba7fc66cb7e7c5372518c3a7985f5e8fc9a7b84f6746d4bd4db06d5a422042ef49948957f619514cd92c82bb2f2dfff0091b5e07a3f3b900c07023ce1ba03bf076aace1dd4fc4bc9b83081c20153de6d6a93079ed4f0b0b734f2af9e67948d52a9c7aedfb45e45a71442f8ed1e6e322cd55f8598f619eaccfb5a37886600087024a8bcc88d9ee024c33d25087e508072b4450f86e209eb8aba469fe2191365924c966c0370720b7564aa28e9faf097e026e0b23a02f40e09b72fd067fe281a2c8b2b551308aa81e6e691df20c09dcc01b722d2dc121fbaccc99c2babaf13ec8e8be80bff7d34c8b054a1a128d914851d93d357b6ba99f905983ed1820c01f40f4f12c6f2d4814f49c9dd85b23df7dc0640746276eb420c148130585e4dcb6f220bddc6abbf5255c70d6e4b0be0446b16f2078c3df50a45918009d8cb55b981e428e399605eccf70a13663a6f1bd337962e8571e8c600ec15fcaed4136950fae796ccc97065205179b9d6ce9e461575b95b696a957e899376518d70c8ff71850dd947d422098cb80e8ad396b774d6dd109e7f7c9d17225bfa4bc72be7fa5e4675431bdc9f8850783440e9ff46c5a72f0a4768c9db23a1b1286788fc3aed8fc82fa839286b14df9803e19ad17123d2e461c81a352e26b7a24feff1f88c4b61d088fcd3b01a5b2a94977f2e892b06cdc8074e44689241ad136f7fe7db0bcd470063ed6ca64b9e97426706313f2f2be00ee9678ed537925183a6a630cbd65dab8b0832d9154b30db57a852712621435529c8b182897c90b8b1b1e5ddad0906b59b835344c195b34e343c0b3191719aea1aa14a483a6b8d261822156d9bec33275ae205e4e229d09b38012eb0567c62c7d0c48f4f0c30b739edaf2a173110ce9904bf4dd4b150becfd67c92e4389fe6ff719e29375f8815b29d788ebea1a257b0d743bb6c9d418952fc043add992d3bd8cbb1184abaa1804907bd26f08866db4309d8d1e6387e297948c56b50661a992fbc9d7f2dc21e84ff9c935e192337812c53190a74d2c2cd16dc658d04fa76dcdbd484de0c5a921446a55eee1f10a24e6c6014adaa57d9144d12880998d1d5fc553737549f96a94f9ca0f986e6a93d57460c9a14cc91dde214386a4885518c7419bd322b15a5376afba821348e1cc5453fe3b5b0bd7206b15969065386f6761d8bc32f56aafb8c2fbc53dc6aecc39d738ee959b4113b1efcdc6fe1ffab2fc9d40f3dab66786bcd7bdcafb941870ea437d1e9ec9255facb931cf0eb0d6523215529aff6c6ca02b66af46156767baf9e5968d39a71b297ae450ccca0deb91dbd859f4705d92d5553526578e8b30ef0f28e36b0527dd1cb1fd1e1b2b193f59ece8c40fc55423c8ba707ccefaa42ec19659c2e3d85e5534fdb9b3d0e2776f4d0a80e5e3ce1988711f9f52901283ca8fcf4d5235117a0aaabd2f29c7af638ed65d6496d76b77d67857b8ac5758a0105c3cf65b474df607d0aab88d79082845857cd004ba7c4a449eac8858464285c3101acfe44a2ba05db200061ff93275fcda923930d47320a194fb3a3d4b8e8ee3e92c3cd1dffa09bfcf68a1362136a1daa1bff8d827850d89958cd6070731612bb818d755f0770748bb3ac98c375023a67a85209619aab7f2bd28b7"}, @generic="6b8aa6e29d6f0bd033b986fc6049f306c9807ed4a78640a2dd2ac2e24d46d3ee20e7a9550e4d0815cfacb5725fe8a76a799097b53ba6f0b4fa18a027249bf80dcd8c5065d6781004a2a039d3a76de39828e8b8c00550dbc56cd44db659e28b59cd618973858e5a1f85e25d89b5ce13d3bf5c5c638cda0d469625b5c3c1bfa59a1e6b14431195346489da5e5bef4c38ae0da77106cef1251f40d328b8fab157afe9bb78fd8f96354b249870cb7df61f9e13d56a7ee78c2d980c6607d4447174e7136606fe7800311e4ec51f26400c65cc281b0148f18f445444022a63626b45b9a40b6d763458a2c8d1d7a673ae1a", @typed={0x14, 0x92, @ipv6=@empty}, @typed={0xc, 0x94, @binary="73ced91ed1"}]}, 0x2320}, {&(0x7f0000000440)={0x123c, 0x1f, 0x2, 0x70bd29, 0x25dfdbfd, "", [@nested={0x121c, 0x43, [@typed={0x8, 0x42, @ipv4=@remote}, @typed={0xc, 0x69, @u64=0x76}, @typed={0x8, 0x3b, @uid=r5}, @typed={0xe8, 0x75, @binary="964f310726ac99455f3d61cc79feb8b15a3792b00c5c9e04ae6b8547f7df3523b2d7b3e1dcebbed97858fc08215a88885295ced7be46dddccf3ecbc8b1ca847475d0e26ccb93ce1e37c5f9e373654ed395b80f1d0d09a268a2a4b8d01c9ea7a2b62336fe0c20d875e9c46b954f6ba9f5c61dd7d2986406dc8557f7a439dd3b5c14ade2f1dc736efe2a873e7beed5ed0c70832fccf45c136fcad11464a49ec970da63a251e2b685487397adfead92f1164a8b4d6689dd639510072dd99a55abc00a4c127f195d28945655b32e341b2965787db2b9b745a61ea0ebbb9d86792f0637"}, @typed={0x8, 0x1b, @ipv4=@initdev={0xac, 0x1e, 0x7fff, 0x0}}, @generic="d5c341ab36f83f2ce977f44ccc7eb78923973467ada3789c78da14cd80efb44cafd58ecd6467cd967a5776d62f9c64a72b37acda4ec4dafb4fd9eab94b2add2f741926fd28c1263c3cbb566fc5958f431ba4773659c22b2ac5f72461", @generic="4b873e92ea30301f6dde30e1c8ffc5063192de6335cd587ae5f5a3a63f448a2dd601c9b4f58353220c230b4672ae4e8b26e8ca581d0e85cda794488b5d2a772817d4b039fa867d3c0126eb9370e8da48b9a1913caa3077afa713c5c9c9ec4f720fad30cbe1b63570cb5acc55057f9659f8bd1eef99adea6dae7ec5d2013302cd890bd1fced010cec2ccd4763ff5d631f452ec699a191a26978b628b3140c56cb49b943c1b98bbec1c0cb", @typed={0x1004, 0x85, @binary="37537031a9e286d4c4203f741857895528b0bcccfca064364a4ed6930b23cdf3fdc15f94f9c1aa7897016ff18734131e33f0f983ceda0a9096a0ec969841f461aa29bf075553a733e7d6a52758cca8f43250719169c06e0977c485f6444568c3cf7a3acfe5776b4a4d28721487e8a40b5bc2e16280b79d8636f75c513d471922f9ca6ae82241ec1954d8b34fcd93df6739722717aa95f0700b8a39ff0d903e8d590f2f8efb138d9219d63f39df6153adadb4349e3fb3b0ba075f18d9c0a8d30d4363bed3328ad78efe329a5a4bae5acd5e8af234d12bbb414878e1be095e853cb820295ad2ca2e7783eacc900a7cf444ba5b6daefb87a303caf74c34d804160c284aa8d6ec1af8546c590b228486dbb9c150b099c6ff383903f83c69da90d53c0ee0f663eb9d8c1fd4d0c7069a42b2ff0d643b6777f63145e9e4066b9d1fb78fbcd8d20eb758dd666559e198cc9080204a211d0cd3d40b31577f0b0dd4fb45446c0d643f115875bab84c53535aab12ff3d27f011fe82dc127585d54c624bc2a05a35ac9baeab95ccfb4f1d597afe6e555eb521daadb8d13035f84fe9a88fbe0a2c31978948533f3bf84a1c242f3eafab6b8af0f88dc119be24f839750738dc39a3515a73e2c9e086bcd0130d5d14cae0304ea930818015fe76c88ab869d17b0261a7164f5f4953d316f9b2dc44869a8662a4b49a43ac12e818152777c0812c9c588025369a4bfab3b0fac22deb0d74e266f5a0ad568373f1118b48a5cf6ef38a378723b2cdc8ccc145d4f5296ae77d01095543f6c04ebcd24d9b6a69973dac2bb636185073cdc17bff2ca6bff75ce1775a3030dcffddea9c1ddc1d5d2873d1b874bb52c7ee5aa8cf5197f323655e516df529d961e0758fc0088fdf5e76289f0fc09dbbead2a9fa7314e5765c80756af69053b87a75b83b2b6ce8e5b69b6e60187f1ebc772d54ebb806db1fa8b55083f15a9ec20149b65cb7007e41616998017f25a659d66ff80c67e7960cc05dac4338fb85b3da2b8050177e182250557636c4ab9b36cc726e9a6ad62a18584b4938b47589bfc1e54fba5f5d4ff8bf6c8214f3959132b0add13f2cbe584e07d9142fd9508c1f64ea4a050112c9d483d5be1ab84624c8d2382d117223ace594532a3c521429bbf5dd890a15392792fe87ef23362233b016c0efc640bc1a2c74e68c81678723e414d717d18b724b617ec40d6809c203071df7f83157f528ffa1e4032d9309245418c62694abc88d00ceb43a9b5f4eeb8cc5fe6c956490d0957aa12928ac74fc0432e004eee4581a51147c370527cf636270d3521ea1854d81b1461b8faa399d2a904b3885433712e8f4a4fb95f0febfddd45abf71150354d19c0c7b973fa616b757594c0a82ecbde36f0c204c9e6ea8206186c14c4b669c729c4fc3cc957acc75e385449fcf622613c1e80a5365e60c120714248ab2aa7a7428fe1c2d7f7d868ac071c68f6325f7cd553fb54dd22aab00012dcbd1c1d226d63197a09f4b06f0554a534e2b883aae644e65ce2d9efa2b791a3e315c200eeb03d785227585dad6cdf3c2d3d7de55e491ecf51229dae8ac5a7e5fd1cb828635794c8c39efcefe62b15da06be942e23dcecf10d88d651a2dd622e193e8da7fbdb66ab6323ba4b591e24c13bb3ee2fffb3a2db74e55dee38c4c7800a280ee11feda49705daf6057ff40624dbeee3b7ea2aba92518d403658b6418eaf308d7da2b364d53f5688a19d821bd4aea7f79a5e3b347c4ac8a58dc61008a0053bf1e67631a64e47617ddf22722951ac1edb8344c520d0bafdb4bb33644a33871fca5aa82cec9116cfbae04a90e5cbe71db8b30ebdbddc0ff9b5326d65dfab97e2e77fa32b82b0182ed4958de862c817de24fdaf4772ba8ce644ae73cbcc8b9edb802b25307b0989e83a228b9ec5f6af891ba7007ab705999150b170d867ac501ff9537a4eb6b0125eb7a66071044c965d3dd4b5ab94f0ba7f135f3c735e98bb2dd0defc7d221f94c2aa28fd623b4abeba9220112bb3e5ad9685ed866a7a23bdafcfbfd2c6f20ba39b5dc02c7a12490d22ef33a727d9e56d86672635e1c385a7e15e3647d4390ad52abdd28baa42b3f7e9fd064dafaea87ee54b676a59d202adf4e104a3b5d5471ec59ff55e194e18fef371839b977969ce99de6415497f6e839637206b5fd98289a5a14e9ddc78fdcbeb434b8937672c4a75cf96ee27d681c2f86dfdf0187e859583f4169de2eb646c3001b34dda1c44c4e215bf178400ceecec948eb4c91c7ee7463de175d20420c58bd1b29c614efbaeb046aaf3ac10083f5ab3b34e42faa8c87199391a2cef8415565258d05f92a214ff8162567093e0f9a27a504228c50efaaf3f72548118937b73a18bc541637f027ea25cd09f162e6070cb70d05e94060cf5f4334a55a6a7513b851df8f186533e3139e885d4600f65b54b428b3be0ad746a765d514bbbda344c1f721324c53683ab7c60bffdc85be27581f8d1b45b01cc3930a4858f2b1db69c24e0b856815a3c6cb3c8ba15995830fdd48171302e8f34c49f5e682b7e4b4d774e114b25f23b1fd9ec0a04df6b283e4958f60eee0ca682d3276d28fa0c7529ba92cc292494c95e4b11ba369682f0906e2687f4e41853a632c1382140e5acddb87fe953d599c76cac016155b0158b309fe679df88f265bb69a0813be9780715f80db2710c2f0a928da3f6aee9c877670cc60574531fbad0e9850f5ab938bbbf2ea01997b4d341f53f4da33e210ca77f0b9ec6bc304aed674ca13deb9685b5b77c17cbeb97543da76db7650bb201f6c75a8f0f5cafa1a8a1f5d7aa598a20f66c939a00fe103c9b2c87c9a2c0bfe476f8052b0bef35446a093dd479c2eb3887167495a32495a9f8985216b70f0fb2e8bd764bf7a7ba6234e59a2ce042cc6e967b10217bb95b159c15abead5303ba1163c9bbd95f58420c755cdbc67b4478353023b5f96a5ad968b9bce4a91c6fb0caa7a1acf46720e7bb38eee306fd384af81f411e1b22f7e5de6fd8496d681a0af793314e8db393d68236d1dea9f4dcebdd17683db6fa146b54cdb8b008ea9026b3aff83f5fddaef91b49e969441e99a5e34b778b013df8097d49ce6a89c935b78159853ad64d2a423ca882320c3853251d23340be2b380b2bf9adade7a4da0baec5006b3f660ee6302cbf30a6d191fb46274d29a35f5eff51b69823683e1aed6b2aa8d6f3dc29b32f273a5c0a2e33e9436fea9980e04d52b456d8bb8aa508d90998f7e1f575f1c8aba6fe9c85611ca5b70414429444e93e0d90762f72a2b4a2dbc45bc652bcb799f89a068bf93c20fc05d5624c0dd0cababaa462d22e6c557ca375d89424215af0bf62b4cc72d020e218c3369efb879d0358a81032b6fa857cdce08fc8a362f24dfd82ab9cd30f01ffebecf0812634012b6877fd5917ef6ea8e6fc2acf89ea5dbded382002e82988b58784f592501f227fa8efffa050dad87c8aee92edf0a507f7e44e075e2ed9ed790855de083d014a6c7b9076999476739acd926219ca9da42a60e7534e3f238e5202c4cd0e1da0723de0d2aa633745cb5a62bd24032f27b26eaa22a01d32b2e743992a4948f09b910cf51466880f385f4090b26b79604d1098401b9389e9764b8e8eb1151fadd11d55f64314b60191232eac8e6ea341f0f49ad6af864dc9cc3ce5a94867e5c740cce4351511c03eb9ec05630dea8d57fd161f24b3e2474bf1479e03c9ea7e4748c6f4f957b4db8371dfd3dac6498296a331ff484e323d12f9c6e41357f0b1445cbe07ea132e8662133aa3062888ae271bb821f2be45a9b0cc36f20bf9277a662f97e43988f66a94af24855ff1afb4d8c21d9e2337ce2010245f87fe7f0084a0101355ded1d2ae34a08a8cf24b6ab6e3763ea28fe8ae5128d245316c34264d897bd469774c7263cce835e98d0258b30bf89003e28f694ea510d0198f1a25e4270ea84a33471958b9c60e6f69318df6bdc34fb4c78d47874b847aa112c3f329a498484c81edc98b2eb371fa439f1c4485bcc75d72b583bb87938c7945e9a8120290e046416ed2ee8bd4b9a810522f5bc1f103fc1b6f611bfe62933f654d977b7d954fca65fd6f6cfc44ca5136fbabefe4390162abf7e43a4c902796e7ff08ddc77fd13f9fbe6da4efd7ac92b86f2e536e0be6a691e0af17c2830f40887864867ef1d672d6659074161648da67d49d5babb1204746ee45793ab5913d489680ab4c65d57636336a751a95913c787e47a3e7926e10d88a6eb5ad36906679e2cc90eae4a1972a8d31c640977b3c2d8703a027d729c191974f5a8d459dbd7e8294a8c22e6838f3e23fba198d9d6af821f816992ef68c984aa53832974f06c53749baf7f83fbb553e26dc0dcf1f484374ddbdb758c2b933e52bf8bead1584bf10ad39f507eab8202d18cb0142fdef2679fcd739b50f9a78f18c05a1632842c259ab1ff752fe091071f770544db323e1d0c707b89e2d9fe6098748d337d359024c1b49c1019f07b5b0ade5db7fcec41556924acecc0ab7ef260c27711ccd45eb1054f5a43ae01bcbb3b0ddd1be88724e6305bc838500fb36c8acdc656da44c945242d49462a6199f0bc9c8fb1a997bf38229274e7e651db478708d7ed179a494693f9bf0959a48240700c0c8e7e9a68ef280f3bc931694557026e28277897735450169cfbfbb534a9801e409b1daedaf1e477d7aefbc8b70c2124fee69158bea08a69826bc84d56e6af8d9d8bd2431422fee2d3126aacf93f39f4fbe43007b7c69b257299bb24a05a648f8d0e496a28707c3a922851bdd37996bbdebe15c8d094c6e13d5e20f42d1824a45cbafd28184405058e33717c58657f942f4defec5e7e4fa6ba000eabf7daf94a60c552226e82e90a106885f01cd397c257957e914bdcd68a4ebbf025c26c214880c2ac4dd980a7c16e6a826fb8b2cdfaf4074edfdbfe5ee8351d35f66f8962599213fbedb483032371da5d542017346066912a1716b0c6ff0972fadf4cc222d50651b742203b2cc9d97e74c3c38c32ed343d828621ef3890fe59315fcf9e5e43d08cb41f15bc2a0bd1afff7024190013ca9aaef13843fb983e35055f2cedb372ce57fa58e0a21ac9e3a84cd6d5fcd20a61069239e141ec0d911d2cdc54cc5b9efe7297f2e027019ea2e536d43e15500d64e6e9205252bb085d79ace0fbf6743754b795c54af0152f742dc7ea78d76ca7ced0ab697b8ce0b484112e26d03ad3407120417424ac5a2b1b472ca1ea4a9a8435321d9e137855885a8f1307f2ed6047d7867470f9eaa94a269fb498b4db2c7b5fb347d8737331a6369d4a1377d82ad33fcf398cfce76eda7118f6345707fef08d10498c1275389f338acbd8b02bf69118627e6c6d80d572ebca1e79d1ac8599e7d32615f4258a860c8880307ffe9a0f081dc5a66d524b00c94e69e4cc596c2599aad17d6439ea7352fb109960e0b68fc573316d2a5ad5707f2486e1a7b3f68b60e5f2439f739cd9d33c4dcf164609df98dfa1fa290a5128d7c3877133563b84c5770a0a47313e9e999e9a6b7dbe3391a88195c41236c992b7594163ec1c1b731ee5105365d55a989a3c7b1dd128640a32a014c08c7a6fb3c7eebe28660a2fce24a128f93abfd2cdc4d66cccfc4fd928927e9c460e8fb3e8b1ab4ce68088a93e06ed4f4504bfcce7a84693e1b0d97f89355cdb5f1d7879bfdaa71aa379f76c59202ebc980b4c8e29da7fc4ed0f50525fb5e032b70efc804807b87be7ac47ed4e2796f4c948430a242edcf0e0e5f3f5055b94"}]}, @typed={0x10, 0x63, @str='procvmnet0%\x00'}]}, 0x123c}], 0x2, 0x0, 0x0, 0x801}, 0x4) sendmsg$netlink(0xffffffffffffffff, &(0x7f0000001dc0)={0x0, 0x0, &(0x7f00000000c0)=[{0x0, 0xfffffffffffffce2}, {0x0, 0x15e}, {0x0, 0x2c3}, {&(0x7f0000000000)=ANY=[@ANYBLOB="b803010000000020000000000000000000"], 0x9c}], 0x4}, 0x0) r6 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r6, 0x0, 0x0) tkill(r6, 0x4) ptrace$cont(0x18, r6, 0x0, 0x0) ptrace$setregs(0xd, r6, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r6, 0x0, 0x0) 03:37:48 executing program 5: syz_open_dev$sndtimer(&(0x7f0000000100)='/dev/snd/timer\x00', 0x0, 0xc2) r0 = memfd_create(&(0x7f0000000040)='\x00\xac=\x9d\xd2\xdb\xe6\xbf\xb4\b\xedcJ\x8e\x84\xd4N\x12\x9b\x1f\t\xbd\x11+\x86T\x16\xa3\xb3\xae0\x9f9?\xefo\xa4k\x012>\xa1\x9c\x86x\x1c\x9f\x84\x195\xde\x97_\t~\xf3Y\x12\"p^\xc1\x0f', 0x0) pipe2(&(0x7f00000001c0)={0xffffffffffffffff}, 0x80000) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000240)='TIPCv2\x00') sendmsg$TIPC_NL_PUBL_GET(r1, &(0x7f00000004c0)={&(0x7f0000000200), 0xc, &(0x7f0000000400)={&(0x7f0000000700)=ANY=[@ANYBLOB="f800b900ee6059aa5bf14ff6a69df6cf78598587885cc2979be4d33804ce45cf25a023e9d85b90b16d1c4f676e9d8d20b58f8357894ddc76b8621dbea8fcf60e000000000000beb107743e7f8356bb1b4c0de66bec6f53d13682abef3e61e52e81ef49b7430113f3811d3f04cf033549732f89d78a64aad3db174f0fa25aae831eb197865d", @ANYRES16=r2, @ANYBLOB="00012abd7000fedbdf25070000002400020008000100a400000008000100800000000800010000000000080001000600000068000100080003000000000008000300ff000000380004001400010002004e20e00000020000000000000000200002000a00000000000005ff010000000000000000000000000001060000000c00020008000300f7e50000100001007564703a73797a3100000000140009000800010002000000080002005f03000020000200080002003200000004000400080001000500000008000100fdffffff24000900080001000400000008000200348bffff08000100020000000800010000000100d38e0166af14aef0fed3fe37ccb98b8e1d618758710bcc343515620b7485b2e5d34afd97798864139f9bd4a82584dd5fa513b207b6aed55e6fa9e1a400b4c5cfda809f61fa901ac4e4a13376e03f6d591f4663839b5b00066e998ace"], 0xf8}, 0x1, 0x0, 0x0, 0x40000}, 0x20004010) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x275a, 0x0) r3 = creat(&(0x7f0000000080)='./bus\x00', 0x0) fallocate(r3, 0x0, 0x0, 0x1) read$eventfd(r3, &(0x7f00000003c0), 0x8) fallocate(r0, 0xe, 0x6, 0xffffffffffff5a11) r4 = creat(&(0x7f0000000280)='./bus\x00', 0x80) r5 = socket$inet6(0xa, 0x400000000001, 0x0) r6 = fcntl$getown(r4, 0x9) capget(&(0x7f00000000c0)={0x20080522, r6}, &(0x7f0000000140)={0x1, 0x8000, 0x81, 0x40, 0xfffffffff0520d4f, 0x5}) r7 = dup(r5) ioctl$FICLONE(0xffffffffffffffff, 0x40049409, r5) setsockopt$inet6_tcp_int(r7, 0x6, 0x12, &(0x7f0000000000)=0x7f, 0x4) bind$inet6(r5, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r5, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$SO_BINDTODEVICE(r5, 0x1, 0x19, &(0x7f0000000180)='syz_tun\x00', 0x10) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x400}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r8 = open(&(0x7f0000000440)='./bus\x00', 0x141042, 0x0) ftruncate(r4, 0x800fe) sendfile(r7, r8, 0x0, 0x8000fffffffe) 03:37:48 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = getuid() mount$9p_unix(&(0x7f0000000080)='.\x00', &(0x7f0000000140)='./file1\x00', &(0x7f0000000180)='9p\x00', 0x1008014, &(0x7f0000000200)={'trans=unix,', {[{@debug={'debug', 0x3d, 0x3}}], [{@subj_role={'subj_role', 0x3d, 'lowerdir'}}, {@uid_gt={'uid>', r1}}, {@hash='hash'}]}}) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca50d5e0bcfe47bf070") mkdir(&(0x7f00000001c0)='./file0\x00', 0x0) mkdir(&(0x7f0000000040)='./file1\x00', 0x0) mount$overlay(0x40000a, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='overlay\x00', 0x0, &(0x7f0000000100)={[{@upperdir={'upperdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './file1'}, 0x5c}], [], 0xf603000000000000}) 03:37:48 executing program 0: 03:37:48 executing program 1: perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000200)={0x2, 0x1004e20}, 0x10) connect$inet(r0, &(0x7f00000002c0)={0x2, 0x4e20, @empty}, 0x10) sendto$inet(r0, &(0x7f0000000280)="dd", 0x1, 0x182c7597b70eb164, 0x0, 0xfffffffffffffe72) sendto$inet(r0, &(0x7f00000000c0)="4bba57bee128b2763efc6fe9a8b3160c8c780ced1240f0c62e5e3eb0279e63f863731bcaa461012bf6eb84ad7ffab75a4a2612e2c8a283a01d606b98b8b4793942e744c5", 0x44, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f0000003c80), 0x38e, 0x62, 0x0) [ 629.540122] RAX: ffffffffffffffda RBX: 00007f74f3dd6c90 RCX: 0000000000459829 [ 629.540127] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 629.540132] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 629.540138] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f74f3dd76d4 [ 629.540146] R13: 00000000004bfce6 R14: 00000000004d1a38 R15: 0000000000000004 [ 629.615331] x86/PAT: syz-executor.3:23736 freeing invalid memtype [mem 0x00002000-0x00002fff] 03:37:48 executing program 3 (fault-call:6 fault-nth:62): mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000200)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000003c0)='./file0\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffe000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) 03:37:48 executing program 0: 03:37:48 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x822102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg$netlink(0xffffffffffffffff, &(0x7f0000001dc0)={0x0, 0x0, &(0x7f00000000c0)=[{0x0, 0xfffffffffffffce2}, {0x0, 0x15e}, {0x0, 0x2c3}, {&(0x7f0000000000)=ANY=[@ANYBLOB="b803010000000020000000000000000000"], 0x9c}], 0x4}, 0x0) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0xd1980d483e0693ef, r0, 0x0, 0x0) tkill(r0, 0x4) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 03:37:48 executing program 0: 03:37:48 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000200)={0x2, 0x1004e20}, 0x10) connect$inet(r0, &(0x7f00000002c0)={0x2, 0x4e20, @empty}, 0x10) sendto$inet(r0, &(0x7f0000000280)="dd", 0x1, 0x182c7597b70eb164, 0x0, 0xfffffffffffffe72) sendto$inet(r0, &(0x7f00000000c0)="4bba57bee128b2763efc6fe9a8b3160c8c780ced1240f0c62e5e3eb0279e63f863731bcaa461012bf6eb84ad7ffab75a4a2612e2c8a283a01d606b98b8b4793942e744c5", 0x44, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f0000003c80), 0x38e, 0x62, 0x0) [ 629.693512] 9pnet: p9_fd_create_unix (23757): problem connecting socket: .: -111 [ 629.730255] overlayfs: filesystem on './file0' not supported as upperdir 03:37:48 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca50d5e0bcfe47bf070") mkdir(&(0x7f00000001c0)='./file0\x00', 0x0) pipe2(&(0x7f0000000080)={0xffffffffffffffff}, 0x4800) ioctl$KVM_SET_IDENTITY_MAP_ADDR(r1, 0x4008ae48, &(0x7f0000000140)=0x2001) mkdir(&(0x7f0000000040)='./file1\x00', 0x0) mount$overlay(0x40000a, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='overlay\x00', 0x0, &(0x7f0000000100)={[{@upperdir={'upperdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './file1'}, 0x5c}], [], 0xf603000000000000}) 03:37:48 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000200)={0x2, 0x1004e20}, 0x10) connect$inet(r0, &(0x7f00000002c0)={0x2, 0x4e20, @empty}, 0x10) sendto$inet(r0, &(0x7f0000000280)="dd", 0x1, 0x182c7597b70eb164, 0x0, 0xfffffffffffffe72) sendto$inet(r0, &(0x7f00000000c0)="4bba57bee128b2763efc6fe9a8b3160c8c780ced1240f0c62e5e3eb0279e63f863731bcaa461012bf6eb84ad7ffab75a4a2612e2c8a283a01d606b98b8b4793942e744c50f", 0x45, 0x4000000, &(0x7f00000001c0)={0x2, 0x4e24, @multicast2}, 0x10) recvmmsg(r0, &(0x7f0000003c80), 0x38e, 0x62, 0x0) 03:37:48 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) openat$apparmor_task_exec(0xffffffffffffff9c, &(0x7f0000000180)='/proc/self/attr/exec\x00', 0x2, 0x0) clone(0x822102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg$netlink(0xffffffffffffffff, &(0x7f0000001dc0)={0x0, 0x0, &(0x7f00000000c0)=[{0x0, 0xfffffffffffffce2}, {0x0, 0x15e}, {0x0, 0x2c3}, {&(0x7f0000000000)=ANY=[@ANYBLOB="b803010000000020000000000000000000"], 0x9c}], 0x4}, 0x0) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000140)='/dev/vhost-vsock\x00', 0x2, 0x0) ioctl$VHOST_VSOCK_SET_GUEST_CID(r1, 0x4008af60, &(0x7f0000000040)={@my=0x0}) r2 = socket$vsock_stream(0x28, 0x1, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000580)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) connect$vsock_dgram(r2, &(0x7f0000000640)={0x28, 0x0, 0x0, @my=0x0}, 0x10) shutdown(r2, 0x0) ptrace$setopts(0x4200, r0, 0x20000000fff, 0x10000010c) tkill(r0, 0x4) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) [ 629.844927] FAULT_INJECTION: forcing a failure. [ 629.844927] name failslab, interval 1, probability 0, space 0, times 0 [ 629.883409] CPU: 1 PID: 23768 Comm: syz-executor.3 Not tainted 4.14.138 #34 [ 629.890549] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 629.899913] Call Trace: [ 629.902517] dump_stack+0x138/0x19c [ 629.906156] should_fail.cold+0x10f/0x159 [ 629.910303] should_failslab+0xdb/0x130 [ 629.910314] kmem_cache_alloc+0x2d7/0x780 [ 629.910323] ? __pmd_alloc+0x410/0x410 [ 629.910339] copy_process.part.0+0x444f/0x6a00 [ 629.910369] ? __cleanup_sighand+0x50/0x50 [ 629.931149] ? lock_downgrade+0x6e0/0x6e0 [ 629.935311] _do_fork+0x19e/0xce0 [ 629.938768] ? fork_idle+0x280/0x280 [ 629.942492] ? fput+0xd4/0x150 [ 629.945692] ? SyS_write+0x15e/0x230 [ 629.949410] SyS_clone+0x37/0x50 [ 629.952779] ? sys_vfork+0x30/0x30 [ 629.956330] do_syscall_64+0x1e8/0x640 [ 629.960220] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 629.965071] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 629.970263] RIP: 0033:0x459829 [ 629.973459] RSP: 002b:00007f74f3dd6c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 629.981176] RAX: ffffffffffffffda RBX: 00007f74f3dd6c90 RCX: 0000000000459829 [ 629.988445] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 03:37:48 executing program 5: syz_open_dev$sndtimer(&(0x7f0000000100)='/dev/snd/timer\x00', 0x0, 0xc2) r0 = memfd_create(&(0x7f0000000040)='\x00\xac=\x9d\xd2\xdb\xe6\xbf\xb4\b\xedcJ\x8e\x84\xd4N\x12\x9b\x1f\t\xbd\x11+\x86T\x16\xa3\xb3\xae0\x9f9?\xefo\xa4k\x012>\xa1\x9c\x86x\x1c\x9f\x84\x195\xde\x97_\t~\xf3Y\x12\"p^\xc1\x0f', 0x0) pipe2(&(0x7f00000001c0)={0xffffffffffffffff}, 0x80000) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000240)='TIPCv2\x00') sendmsg$TIPC_NL_PUBL_GET(r1, &(0x7f00000004c0)={&(0x7f0000000200), 0xc, &(0x7f0000000400)={&(0x7f0000000700)=ANY=[@ANYBLOB="f800b900ee6059aa5bf14ff6a69df6cf78598587885cc2979be4d33804ce45cf25a023e9d85b90b16d1c4f676e9d8d20b58f8357894ddc76b8621dbea8fcf60e000000000000beb107743e7f8356bb1b4c0de66bec6f53d13682abef3e61e52e81ef49b7430113f3811d3f04cf033549732f89d78a64aad3db174f0fa25aae831eb197865d", @ANYRES16=r2, @ANYBLOB="00012abd7000fedbdf25070000002400020008000100a400000008000100800000000800010000000000080001000600000068000100080003000000000008000300ff000000380004001400010002004e20e00000020000000000000000200002000a00000000000005ff010000000000000000000000000001060000000c00020008000300f7e50000100001007564703a73797a3100000000140009000800010002000000080002005f03000020000200080002003200000004000400080001000500000008000100fdffffff24000900080001000400000008000200348bffff08000100020000000800010000000100d38e0166af14aef0fed3fe37ccb98b8e1d618758710bcc343515620b7485b2e5d34afd97798864139f9bd4a82584dd5fa513b207b6aed55e6fa9e1a400b4c5cfda809f61fa901ac4e4a13376e03f6d591f4663839b5b00066e998ace"], 0xf8}, 0x1, 0x0, 0x0, 0x40000}, 0x20004010) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x275a, 0x0) r3 = creat(&(0x7f0000000080)='./bus\x00', 0x0) fallocate(r3, 0x0, 0x0, 0x1) read$eventfd(r3, &(0x7f00000003c0), 0x8) fallocate(r0, 0xe, 0x6, 0xffffffffffff5a11) r4 = creat(&(0x7f0000000280)='./bus\x00', 0x80) r5 = socket$inet6(0xa, 0x400000000001, 0x0) r6 = fcntl$getown(r4, 0x9) capget(&(0x7f00000000c0)={0x20080522, r6}, &(0x7f0000000140)={0x1, 0x8000, 0x81, 0x40, 0xfffffffff0520d4f, 0x5}) r7 = dup(r5) ioctl$FICLONE(0xffffffffffffffff, 0x40049409, r5) setsockopt$inet6_tcp_int(r7, 0x6, 0x12, &(0x7f0000000000)=0x7f, 0x4) bind$inet6(r5, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r5, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$SO_BINDTODEVICE(r5, 0x1, 0x19, &(0x7f0000000180)='syz_tun\x00', 0x10) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x400}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r8 = open(&(0x7f0000000440)='./bus\x00', 0x141042, 0x0) ftruncate(r4, 0x800fe) sendfile(r7, r8, 0x0, 0x8000fffffffe) 03:37:48 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000200)={0x2, 0x1004e20}, 0x10) connect$inet(r0, &(0x7f00000002c0)={0x2, 0x4e20, @empty}, 0x10) sendto$inet(r0, &(0x7f0000000280)="dd", 0x1, 0x182c7597b70eb164, 0x0, 0xfffffffffffffe72) sendto$inet(r0, &(0x7f00000000c0)="4bba57bee128b2763efc6fe9a8b3160c8c780ced1240f0c62e5e3eb0279e63f863731bcaa461012bf6eb84ad7ffab75a4a2612e2c8a283a01d606b98b8b4793942e744c5", 0x44, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f0000003c80), 0x38e, 0x62, 0x0) [ 629.995715] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 629.999731] overlayfs: filesystem on './file0' not supported as upperdir [ 630.002985] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f74f3dd76d4 [ 630.002992] R13: 00000000004bfce6 R14: 00000000004d1a38 R15: 0000000000000004 03:37:49 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x2, 0x3, 0x3) connect$inet(r0, &(0x7f0000000080)={0x2, 0x0, @empty}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x0, 0x0, 0x0) setsockopt$SO_TIMESTAMP(r0, 0x1, 0x1d, &(0x7f0000000280)=0x5, 0x4) recvmmsg(r0, &(0x7f0000003c80), 0x38e, 0x62, 0x0) 03:37:49 executing program 0: process_vm_writev(0x0, 0x0, 0x0, &(0x7f0000002880)=[{&(0x7f0000002500)=""/241, 0xf1}], 0x1, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/softnet_stat\x00') preadv(r0, &(0x7f00000017c0), 0x1fe, 0x63) 03:37:49 executing program 3 (fault-call:6 fault-nth:63): mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000200)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f00000003c0)='./file0\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0) mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000ffe000/0x1000)=nil) clone(0x0, 0x0, 0x0, 0x0, 0x0) 03:37:49 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x822102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg$netlink(0xffffffffffffffff, &(0x7f0000001dc0)={0x0, 0x0, &(0x7f00000000c0)=[{0x0, 0xfffffffffffffce2}, {0x0, 0x15e}, {0x0, 0x2c3}, {&(0x7f0000000000)=ANY=[@ANYBLOB="b803012000000020000000000000000000"], 0x9c}], 0x4}, 0x0) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x4) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 03:37:49 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000200)={0x2, 0x1004e20}, 0x10) connect$inet(r0, &(0x7f00000002c0)={0x2, 0x4e20, @empty}, 0x10) sendto$inet(r0, &(0x7f0000000280)="dd", 0x1, 0x182c7597b70eb164, 0x0, 0xfffffffffffffe72) sendto$inet(r0, &(0x7f00000000c0)="4bba57bee128b2763efc6fe9a8b3160c8c780ced1240f0c62e5e3eb0279e63f863731bcaa461012bf6eb84ad7ffab75a4a2612e2c8a283a01d606b98b8b4793942e744c5", 0x44, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f0000003c80), 0x38e, 0x62, 0x0) [ 630.125264] x86/PAT: syz-executor.3:23768 freeing invalid memtype [mem 0x00002000-0x00002fff] 03:37:49 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r1, &(0x7f0000000100)={0xa, 0x0, 0x0, @dev, 0x6}, 0x1c) setsockopt$inet6_mtu(r1, 0x29, 0x17, &(0x7f0000000140)=0x3, 0x2d5) sendmmsg(r1, &(0x7f00000092c0), 0x4ff, 0x0) 03:37:49 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca50d5e0bcfe47bf070") mkdir(&(0x7f00000001c0)='./file0\x00', 0x0) mkdir(&(0x7f0000000040)='./file0\x00', 0x100) mount$overlay(0x40000a, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='overlay\x00', 0x0, &(0x7f0000000100)={[{@upperdir={'upperdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './file1'}, 0x5c}], [], 0xf603000000000000}) 03:37:49 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000200)={0x2, 0x1004e20}, 0x10) connect$inet(r0, &(0x7f00000002c0)={0x2, 0x4e20, @empty}, 0x10) sendto$inet(r0, &(0x7f0000000280)="dd", 0x1, 0x182c7597b70eb164, 0x0, 0xfffffffffffffe72) sendto$inet(r0, &(0x7f00000000c0)="4bba57bee128b2763efc6fe9a8b3160c8c780ced1240f0c62e5e3eb0279e63f863731bcaa461012bf6eb84ad7ffab75a4a2612e2c8a283a01d606b98b8b4793942e744c5", 0x44, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f0000003c80), 0x38e, 0x62, 0x0) [ 630.248532] FAULT_INJECTION: forcing a failure. [ 630.248532] name failslab, interval 1, probability 0, space 0, times 0 [ 630.295739] CPU: 1 PID: 23805 Comm: syz-executor.3 Not tainted 4.14.138 #34 [ 630.302881] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 630.312319] Call Trace: [ 630.314913] dump_stack+0x138/0x19c [ 630.318551] should_fail.cold+0x10f/0x159 [ 630.322707] should_failslab+0xdb/0x130 [ 630.326691] kmem_cache_alloc_trace+0x2e9/0x790 [ 630.331360] ? pat_pagerange_is_ram+0x90/0xf0 [ 630.335861] ? __init_cache_modes+0x240/0x240 [ 630.340367] reserve_memtype+0x164/0x640 [ 630.344432] ? lock_downgrade+0x6e0/0x6e0 [ 630.348588] ? pat_init+0x420/0x420 [ 630.352214] ? __init_cache_modes+0x240/0x240 [ 630.356713] reserve_pfn_range+0x11c/0x390 [ 630.360950] ? arch_io_reserve_memtype_wc+0x80/0x80 [ 630.365961] ? copy_process.part.0+0x444f/0x6a00 [ 630.365972] ? SyS_clone+0x37/0x50 [ 630.365983] ? do_syscall_64+0x1e8/0x640 [ 630.365997] ? entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 630.383680] track_pfn_copy+0x14a/0x190 [ 630.387658] ? reserve_pfn_range+0x390/0x390 [ 630.392072] ? trace_hardirqs_on+0x10/0x10 [ 630.396312] ? __pte_alloc_kernel+0x210/0x210 [ 630.400817] copy_page_range+0x1255/0x1bd0 [ 630.405061] ? save_trace+0x290/0x290 [ 630.407173] overlayfs: failed to resolve './file1': -2 [ 630.408873] ? copy_process.part.0+0x41de/0x6a00 [ 630.408886] ? find_held_lock+0x35/0x130 [ 630.408908] ? __pmd_alloc+0x410/0x410 [ 630.426859] ? __vma_link_rb+0x247/0x340 [ 630.430936] copy_process.part.0+0x4764/0x6a00 [ 630.435551] ? __cleanup_sighand+0x50/0x50 [ 630.439787] ? lock_downgrade+0x6e0/0x6e0 [ 630.443948] _do_fork+0x19e/0xce0 [ 630.447406] ? fork_idle+0x280/0x280 [ 630.451129] ? fput+0xd4/0x150 [ 630.454322] ? SyS_write+0x15e/0x230 [ 630.458042] SyS_clone+0x37/0x50 [ 630.461406] ? sys_vfork+0x30/0x30 [ 630.464958] do_syscall_64+0x1e8/0x640 [ 630.465210] overlayfs: failed to resolve './file1': -2 [ 630.468840] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 630.468867] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 630.468876] RIP: 0033:0x459829 [ 630.468881] RSP: 002b:00007f74f3dd6c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 03:37:49 executing program 5: syz_open_dev$sndtimer(&(0x7f0000000100)='/dev/snd/timer\x00', 0x0, 0xc2) r0 = memfd_create(&(0x7f0000000040)='\x00\xac=\x9d\xd2\xdb\xe6\xbf\xb4\b\xedcJ\x8e\x84\xd4N\x12\x9b\x1f\t\xbd\x11+\x86T\x16\xa3\xb3\xae0\x9f9?\xefo\xa4k\x012>\xa1\x9c\x86x\x1c\x9f\x84\x195\xde\x97_\t~\xf3Y\x12\"p^\xc1\x0f', 0x0) pipe2(&(0x7f00000001c0)={0xffffffffffffffff}, 0x80000) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000240)='TIPCv2\x00') sendmsg$TIPC_NL_PUBL_GET(r1, &(0x7f00000004c0)={&(0x7f0000000200), 0xc, &(0x7f0000000400)={&(0x7f0000000700)=ANY=[@ANYBLOB="f800b900ee6059aa5bf14ff6a69df6cf78598587885cc2979be4d33804ce45cf25a023e9d85b90b16d1c4f676e9d8d20b58f8357894ddc76b8621dbea8fcf60e000000000000beb107743e7f8356bb1b4c0de66bec6f53d13682abef3e61e52e81ef49b7430113f3811d3f04cf033549732f89d78a64aad3db174f0fa25aae831eb197865d", @ANYRES16=r2, @ANYBLOB="00012abd7000fedbdf25070000002400020008000100a400000008000100800000000800010000000000080001000600000068000100080003000000000008000300ff000000380004001400010002004e20e00000020000000000000000200002000a00000000000005ff010000000000000000000000000001060000000c00020008000300f7e50000100001007564703a73797a3100000000140009000800010002000000080002005f03000020000200080002003200000004000400080001000500000008000100fdffffff24000900080001000400000008000200348bffff08000100020000000800010000000100d38e0166af14aef0fed3fe37ccb98b8e1d618758710bcc343515620b7485b2e5d34afd97798864139f9bd4a82584dd5fa513b207b6aed55e6fa9e1a400b4c5cfda809f61fa901ac4e4a13376e03f6d591f4663839b5b00066e998ace"], 0xf8}, 0x1, 0x0, 0x0, 0x40000}, 0x20004010) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x275a, 0x0) r3 = creat(&(0x7f0000000080)='./bus\x00', 0x0) fallocate(r3, 0x0, 0x0, 0x1) read$eventfd(r3, &(0x7f00000003c0), 0x8) fallocate(r0, 0xe, 0x6, 0xffffffffffff5a11) r4 = creat(&(0x7f0000000280)='./bus\x00', 0x80) r5 = socket$inet6(0xa, 0x400000000001, 0x0) r6 = fcntl$getown(r4, 0x9) capget(&(0x7f00000000c0)={0x20080522, r6}, &(0x7f0000000140)={0x1, 0x8000, 0x81, 0x40, 0xfffffffff0520d4f, 0x5}) r7 = dup(r5) ioctl$FICLONE(0xffffffffffffffff, 0x40049409, r5) setsockopt$inet6_tcp_int(r7, 0x6, 0x12, &(0x7f0000000000)=0x7f, 0x4) bind$inet6(r5, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r5, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$SO_BINDTODEVICE(r5, 0x1, 0x19, &(0x7f0000000180)='syz_tun\x00', 0x10) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x400}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r8 = open(&(0x7f0000000440)='./bus\x00', 0x141042, 0x0) ftruncate(r4, 0x800fe) sendfile(r7, r8, 0x0, 0x8000fffffffe) 03:37:49 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x822102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg$netlink(0xffffffffffffffff, &(0x7f0000001dc0)={0x0, 0x0, &(0x7f00000000c0)=[{0x0, 0xfffffffffffffce2}, {0x0, 0x15e}, {0x0, 0x2c3}, {&(0x7f0000000000)=ANY=[@ANYBLOB="b803010000000020000000000000000000"], 0x9c}], 0x4}, 0x0) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x4) ptrace$cont(0x18, r0, 0x0, 0x0) r1 = dup2(0xffffffffffffffff, 0xffffffffffffffff) getsockopt$inet_sctp_SCTP_STATUS(0xffffffffffffffff, 0x84, 0xe, &(0x7f0000000100)={0x0, 0x0, 0x480000000000, 0x6, 0x9, 0x6, 0x4, 0x6, {0x0, @in6={{0xa, 0x4e23, 0x8001, @loopback}}, 0x7fff, 0x2, 0x3, 0x10000, 0xffffffff}}, &(0x7f0000000040)=0xb0) getsockopt$inet_sctp6_SCTP_PR_SUPPORTED(r1, 0x84, 0x71, &(0x7f0000000080)={r2, 0x101}, &(0x7f00000001c0)=0x8) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) [ 630.495034] RAX: ffffffffffffffda RBX: 00007f74f3dd6c90 RCX: 0000000000459829 [ 630.502301] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 630.509572] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 630.516844] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f74f3dd76d4 [ 630.524116] R13: 00000000004bfce6 R14: 00000000004d1a38 R15: 0000000000000004 03:37:49 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000200)={0x2, 0x1004e20}, 0x10) connect$inet(r0, &(0x7f00000002c0)={0x2, 0x4e20, @empty}, 0x10) sendto$inet(r0, &(0x7f0000000280)="dd", 0x1, 0x182c7597b70eb164, 0x0, 0xfffffffffffffe72) sendto$inet(r0, &(0x7f00000000c0)="4bba57bee128b2763efc6fe9a8b3160c8c780ced1240f0c62e5e3eb0279e63f863731bcaa461012bf6eb84ad7ffab75a4a2612e2c8a283a01d606b98b8b4793942e744c5", 0x44, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f0000003c80), 0x38e, 0x62, 0x0) 03:37:49 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca50d5e0bcfe47bf070") mkdir(&(0x7f00000001c0)='./file0\x00', 0x0) mkdir(&(0x7f0000000040)='./file1\x00', 0x0) r1 = dup(r0) openat$fuse(0xffffffffffffff9c, &(0x7f0000000180)='/dev/fuse\x00', 0x2, 0x0) getsockopt$IP6T_SO_GET_REVISION_TARGET(r1, 0x29, 0x45, &(0x7f0000000080)={'ah\x00'}, &(0x7f0000000140)=0x1e) mount$overlay(0x40000a, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='overlay\x00', 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="757074fcfd5af67065726469723d2e6c6f7765736469723d2e2f66696c65302c776f726b6469723d2e2f6669"]) 03:37:49 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000200)={0x2, 0x1004e20}, 0x10) connect$inet(r0, &(0x7f00000002c0)={0x2, 0x4e20, @empty}, 0x10) sendto$inet(r0, &(0x7f0000000280)="dd", 0x1, 0x182c7597b70eb164, 0x0, 0xfffffffffffffe72) sendto$inet(r0, &(0x7f00000000c0)="4bba57bee128b2763efc6fe9a8b3160c8c780ced1240f0c62e5e3eb0279e63f863731bcaa461012bf6eb84ad7ffab75a4a2612e2c8a283a01d606b98b8b4793942e744c5", 0x44, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f0000003c80), 0x38e, 0x62, 0x0) 03:37:49 executing program 5: syz_open_dev$sndtimer(&(0x7f0000000100)='/dev/snd/timer\x00', 0x0, 0xc2) r0 = memfd_create(&(0x7f0000000040)='\x00\xac=\x9d\xd2\xdb\xe6\xbf\xb4\b\xedcJ\x8e\x84\xd4N\x12\x9b\x1f\t\xbd\x11+\x86T\x16\xa3\xb3\xae0\x9f9?\xefo\xa4k\x012>\xa1\x9c\x86x\x1c\x9f\x84\x195\xde\x97_\t~\xf3Y\x12\"p^\xc1\x0f', 0x0) pipe2(&(0x7f00000001c0)={0xffffffffffffffff}, 0x80000) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000240)='TIPCv2\x00') sendmsg$TIPC_NL_PUBL_GET(r1, &(0x7f00000004c0)={&(0x7f0000000200), 0xc, &(0x7f0000000400)={&(0x7f0000000700)=ANY=[@ANYBLOB="f800b900ee6059aa5bf14ff6a69df6cf78598587885cc2979be4d33804ce45cf25a023e9d85b90b16d1c4f676e9d8d20b58f8357894ddc76b8621dbea8fcf60e000000000000beb107743e7f8356bb1b4c0de66bec6f53d13682abef3e61e52e81ef49b7430113f3811d3f04cf033549732f89d78a64aad3db174f0fa25aae831eb197865d", @ANYRES16=r2, @ANYBLOB="00012abd7000fedbdf25070000002400020008000100a400000008000100800000000800010000000000080001000600000068000100080003000000000008000300ff000000380004001400010002004e20e00000020000000000000000200002000a00000000000005ff010000000000000000000000000001060000000c00020008000300f7e50000100001007564703a73797a3100000000140009000800010002000000080002005f03000020000200080002003200000004000400080001000500000008000100fdffffff24000900080001000400000008000200348bffff08000100020000000800010000000100d38e0166af14aef0fed3fe37ccb98b8e1d618758710bcc343515620b7485b2e5d34afd97798864139f9bd4a82584dd5fa513b207b6aed55e6fa9e1a400b4c5cfda809f61fa901ac4e4a13376e03f6d591f4663839b5b00066e998ace"], 0xf8}, 0x1, 0x0, 0x0, 0x40000}, 0x20004010) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='Cpuacct.stE\xae\x00', 0x275a, 0x0) r3 = creat(0x0, 0x0) fallocate(r3, 0x0, 0x0, 0x1) read$eventfd(r3, &(0x7f00000003c0), 0x8) fallocate(r0, 0xe, 0x6, 0xffffffffffff5a11) r4 = creat(&(0x7f0000000280)='./bus\x00', 0x80) r5 = socket$inet6(0xa, 0x400000000001, 0x0) r6 = fcntl$getown(r4, 0x9) capget(&(0x7f00000000c0)={0x20080522, r6}, &(0x7f0000000140)={0x1, 0x8000, 0x81, 0x40, 0xfffffffff0520d4f, 0x5}) r7 = dup(r5) ioctl$FICLONE(0xffffffffffffffff, 0x40049409, r5) setsockopt$inet6_tcp_int(r7, 0x6, 0x12, &(0x7f0000000000)=0x7f, 0x4) bind$inet6(r5, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r5, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$SO_BINDTODEVICE(r5, 0x1, 0x19, &(0x7f0000000180)='syz_tun\x00', 0x10) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x400}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r8 = open(&(0x7f0000000440)='./bus\x00', 0x141042, 0x0) ftruncate(r4, 0x800fe) sendfile(r7, r8, 0x0, 0x8000fffffffe) [ 630.702047] overlayfs: unrecognized mount option "uptZperdir=.lowesdir=./file0" or missing value [ 630.983518] ------------[ cut here ]------------ [ 630.988328] WARNING: CPU: 1 PID: 23805 at arch/x86/mm/pat.c:1020 untrack_pfn+0x1dc/0x220 [ 630.996537] Kernel panic - not syncing: panic_on_warn set ... [ 630.996537] [ 631.003888] CPU: 1 PID: 23805 Comm: syz-executor.3 Not tainted 4.14.138 #34 [ 631.010975] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 631.020326] Call Trace: [ 631.022908] dump_stack+0x138/0x19c [ 631.026521] panic+0x1f2/0x426 [ 631.029698] ? add_taint.cold+0x16/0x16 [ 631.033684] ? untrack_pfn+0x1dc/0x220 [ 631.037550] ? __warn.cold+0x14/0x36 [ 631.041259] ? untrack_pfn+0x1dc/0x220 [ 631.045135] __warn.cold+0x2f/0x36 [ 631.048666] ? ist_end_non_atomic+0x10/0x10 [ 631.052978] ? untrack_pfn+0x1dc/0x220 [ 631.056907] report_bug+0x216/0x254 [ 631.060534] do_error_trap+0x1bb/0x310 [ 631.064413] ? math_error+0x360/0x360 [ 631.068194] ? lock_downgrade+0x6e0/0x6e0 [ 631.072339] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 631.077175] do_invalid_op+0x1b/0x20 [ 631.080882] invalid_op+0x1b/0x40 [ 631.084325] RIP: 0010:untrack_pfn+0x1dc/0x220 [ 631.088794] RSP: 0018:ffff88804fa07948 EFLAGS: 00010246 [ 631.094139] RAX: 0000000000040000 RBX: ffff8880a9bb3e70 RCX: ffffc9000a24f000 [ 631.101395] RDX: 0000000000040000 RSI: ffffffff812a656c RDI: 0000000000000001 [ 631.108652] RBP: ffff88804fa079d8 R08: ffff888097bee300 R09: 0000000000000000 [ 631.115901] R10: 0000000000000000 R11: ffff888097bee300 R12: 1ffff11009f40f2a [ 631.123150] R13: 0000000000000000 R14: 0000000000000000 R15: ffff88804fa079b0 [ 631.130427] ? untrack_pfn+0x1dc/0x220 [ 631.134321] ? untrack_pfn+0x1dc/0x220 [ 631.138189] ? track_pfn_insert+0x150/0x150 [ 631.142493] ? vm_normal_page_pmd+0x360/0x360 [ 631.146973] ? uprobe_munmap+0x94/0x210 [ 631.150939] unmap_single_vma+0x182/0x2c0 [ 631.155079] unmap_vmas+0xac/0x170 [ 631.158601] exit_mmap+0x285/0x4e0 [ 631.162128] ? SyS_munmap+0x30/0x30 [ 631.165764] ? kmem_cache_free+0x244/0x2b0 [ 631.169991] ? __khugepaged_exit+0xcf/0x3d0 [ 631.174297] ? lock_downgrade+0x6e0/0x6e0 [ 631.178429] mmput+0x114/0x440 [ 631.181618] copy_process.part.0+0x4743/0x6a00 [ 631.186203] ? __cleanup_sighand+0x50/0x50 [ 631.190426] ? lock_downgrade+0x6e0/0x6e0 [ 631.194589] _do_fork+0x19e/0xce0 [ 631.198039] ? fork_idle+0x280/0x280 [ 631.201762] ? fput+0xd4/0x150 [ 631.204946] ? SyS_write+0x15e/0x230 [ 631.208643] SyS_clone+0x37/0x50 [ 631.212000] ? sys_vfork+0x30/0x30 [ 631.215531] do_syscall_64+0x1e8/0x640 [ 631.219489] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 631.224317] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 631.229487] RIP: 0033:0x459829 [ 631.232657] RSP: 002b:00007f74f3dd6c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 631.240350] RAX: ffffffffffffffda RBX: 00007f74f3dd6c90 RCX: 0000000000459829 [ 631.247611] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 631.254887] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 631.262145] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f74f3dd76d4 [ 631.269402] R13: 00000000004bfce6 R14: 00000000004d1a38 R15: 0000000000000004 [ 631.277791] Kernel Offset: disabled [ 631.281438] Rebooting in 86400 seconds..