et+0x31/0x40 [ 162.185847] ? zap_class+0x740/0x740 [ 162.189566] ? __f_unlock_pos+0x19/0x20 [ 162.193528] ? lock_downgrade+0x8f0/0x8f0 [ 162.197677] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 162.203207] ? proc_fail_nth_write+0x9e/0x210 [ 162.207703] ? __schedule+0x884/0x1ea0 [ 162.211597] _do_fork+0x291/0x12a0 [ 162.215132] ? fork_idle+0x1a0/0x1a0 [ 162.218835] ? retint_kernel+0x10/0x10 [ 162.222711] ? fsnotify_first_mark+0x350/0x350 [ 162.227280] ? fsnotify+0x14e0/0x14e0 [ 162.231085] ? __sb_end_write+0xac/0xe0 [ 162.235061] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 162.240590] ? fput+0x130/0x1a0 [ 162.243858] ? ksys_write+0x1ae/0x260 [ 162.247660] ? __ia32_sys_read+0xb0/0xb0 [ 162.251734] ? syscall_slow_exit_work+0x500/0x500 [ 162.256598] __x64_sys_clone+0xbf/0x150 [ 162.260588] do_syscall_64+0x1b9/0x820 [ 162.264485] ? syscall_slow_exit_work+0x500/0x500 [ 162.269348] ? syscall_return_slowpath+0x5e0/0x5e0 [ 162.274317] ? syscall_return_slowpath+0x31d/0x5e0 [ 162.279270] ? prepare_exit_to_usermode+0x291/0x3b0 [ 162.284316] ? perf_trace_sys_enter+0xb10/0xb10 [ 162.289005] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 162.293880] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 162.299113] RIP: 0033:0x455ab9 [ 162.302308] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 09:51:35 executing program 2: mkdir(&(0x7f00000003c0)='./control\x00', 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000480)={0xaa}) ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f0000000200)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = creat(&(0x7f0000000040)='./control/file0\x00', 0x0) write$sndseq(r1, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) mkdir(&(0x7f0000000100)='./file0\x00', 0x0) r2 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000140)='/dev/dsp\x00', 0x0, 0x0) pwrite64(r1, &(0x7f0000000080), 0x0, 0x0) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='9p\x00', 0x0, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c}) close(r0) 09:51:35 executing program 1: r0 = memfd_create(&(0x7f0000000100)="885d292b00", 0x0) r1 = epoll_create1(0x80000) write(r0, &(0x7f0000000080)="a8", 0x1) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x11, r0, 0x0) sendfile(r0, r0, &(0x7f0000000040), 0xff8) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000140)={0x8}) renameat(0xffffffffffffffff, &(0x7f0000000000)='.\x00', 0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00') 09:51:35 executing program 3: r0 = perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000140)='/dev/vga_arbiter\x00', 0x8003, 0x0) setsockopt$bt_BT_DEFER_SETUP(r1, 0x112, 0x7, &(0x7f0000000080)=0x6, 0x4) clone(0x0, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) epoll_ctl$EPOLL_CTL_DEL(r1, 0x2, r0) 09:51:35 executing program 5: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = socket$inet(0x2, 0x0, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x80000000000002, &(0x7f0000000000)=0x78, 0x4) bind$inet(r1, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1=0xe0000001}, 0x10) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f00000000c0)={0x1, &(0x7f0000f40ff8)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000040)='dctcp\x00', 0x7fff) sendto$inet(r1, &(0x7f0000a88f88), 0xfffffffffffffe6e, 0x20000000, &(0x7f0000e68000)={0x2, 0x4004e23, @local={0xac, 0x14, 0x14, 0xaa}}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000001800)='nv\x00', 0x3) shutdown(r1, 0x1) 09:51:35 executing program 0: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d34") r1 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x80000000000002, &(0x7f0000000000)=0x78, 0x4) bind$inet(r1, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1=0xe0000001}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000040)='dctcp\x00', 0x7fff) sendto$inet(r1, &(0x7f0000a88f88), 0xfffffffffffffe6e, 0x20000000, &(0x7f0000e68000)={0x2, 0x4004e23, @local={0xac, 0x14, 0x14, 0xaa}}, 0x10) shutdown(r1, 0x1) 09:51:35 executing program 5: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x80000000000002, &(0x7f0000000000)=0x78, 0x4) bind$inet(r1, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1=0xe0000001}, 0x10) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f00000000c0)={0x1, &(0x7f0000f40ff8)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000040)='dctcp\x00', 0x7fff) sendto$inet(r1, &(0x7f0000a88f88), 0xfffffffffffffe6e, 0x20000000, &(0x7f0000e68000)={0x2, 0x4004e23, @local={0xac, 0x14, 0x14, 0xaa}}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000001800)='nv\x00', 0x3) shutdown(r1, 0x1) [ 162.321878] RSP: 002b:00007fc93da34c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 162.329630] RAX: ffffffffffffffda RBX: 00007fc93da356d4 RCX: 0000000000455ab9 [ 162.336921] RDX: 0000000020000240 RSI: 0000000020000140 RDI: 0000000000004000 [ 162.344206] RBP: 000000000072bea0 R08: 00000000200002c0 R09: 0000000000000000 [ 162.351489] R10: 0000000020000280 R11: 0000000000000246 R12: 0000000000000014 [ 162.358778] R13: 00000000004bb85d R14: 00000000004c8d28 R15: 0000000000000007 09:51:35 executing program 6: r0 = syz_open_dev$sndpcmc(&(0x7f0000000040)='/dev/snd/pcmC#D#c\x00', 0x6, 0x200000) ioctl$KVM_ASSIGN_DEV_IRQ(r0, 0x4040ae70, &(0x7f00000000c0)={0x5, 0x7, 0x5ef, 0x600}) open(&(0x7f0000000100)='./file0\x00', 0x80000, 0x92) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x202000, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000080), &(0x7f00000002c0)) 09:51:35 executing program 7: syz_mount_image$vfat(&(0x7f0000000140)='vfat\x00', &(0x7f0000000100)='./file0\x00', 0x10001, 0x0, &(0x7f0000000040), 0x0, &(0x7f0000000240)=ANY=[]) r0 = open(&(0x7f00000001c0)='./file0/file0\x00', 0x3bffa, 0x0) io_setup(0x7, &(0x7f0000000000)=0x0) write$binfmt_elf32(r0, &(0x7f0000000180)=ANY=[@ANYRES64], 0xfffffe45) io_submit(r1, 0x1, &(0x7f0000000400)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r0, &(0x7f00000002c0)="80", 0x1}]) 09:51:35 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000000000, 0x7ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x3, 0x2}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x2, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) r0 = accept4(0xffffffffffffff9c, &(0x7f0000000000)=@pptp={0x0, 0x0, {0x0, @dev}}, &(0x7f0000000080)=0x80, 0x80000) setsockopt$RDS_CANCEL_SENT_TO(r0, 0x114, 0x1, &(0x7f00000000c0)={0x2, 0x4e21, @loopback=0x7f000001}, 0x10) 09:51:35 executing program 6: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x0, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) r0 = syz_open_dev$dmmidi(&(0x7f00000000c0)='/dev/dmmidi#\x00', 0x9, 0x1) ioctl$UFFDIO_UNREGISTER(r0, 0x8010aa01, &(0x7f0000000100)={&(0x7f0000ffc000/0x3000)=nil, 0x3000}) r1 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000040)='/dev/snapshot\x00', 0x0, 0x0) bind$bt_sco(r1, &(0x7f0000000080)={0x1f, {0xc2, 0x7fff, 0x1, 0xffffffffffffff00, 0x81, 0x1f}}, 0x8) [ 162.593688] FAT-fs (loop7): bogus number of reserved sectors [ 162.599632] FAT-fs (loop7): Can't find a valid FAT filesystem 09:51:35 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x0, &(0x7f0000000080), &(0x7f0000000240), &(0x7f0000000040), &(0x7f0000000100)="4090a8180869cbeeccd96fdf6a965c0184086c81150dde7665331c03f54e9a22a3c5e32fc278f503e34e6ae960560fdcbee6af98de74a569c22a7b0000000000") syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x10100) 09:51:35 executing program 1: r0 = memfd_create(&(0x7f0000000140)="885d292b00", 0x0) write$FUSE_LSEEK(r0, &(0x7f0000000100)={0x18, 0xfffffffffffffffe, 0x3, {0xffff}}, 0x18) write(r0, &(0x7f0000000080)="a8", 0x1) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x11, r0, 0x4) sendfile(r0, r0, &(0x7f0000000040), 0xff8) renameat(0xffffffffffffffff, &(0x7f0000000000)='.\x00', 0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00') 09:51:35 executing program 6: clone(0x0, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f0000000000)) 09:51:35 executing program 4 (fault-call:1 fault-nth:8): perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x4000, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) 09:51:35 executing program 1: r0 = memfd_create(&(0x7f0000000100)="885d292b00", 0x0) write(r0, &(0x7f0000000080)="a8", 0x1) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x11, r0, 0x0) sendfile(r0, r0, &(0x7f0000000040), 0xff8) renameat(0xffffffffffffffff, &(0x7f0000000000)='.\x00', 0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00') ioctl$SG_EMULATED_HOST(r0, 0x2203, &(0x7f0000000140)) [ 162.828278] FAULT_INJECTION: forcing a failure. [ 162.828278] name failslab, interval 1, probability 0, space 0, times 0 [ 162.839613] CPU: 0 PID: 9668 Comm: syz-executor4 Not tainted 4.18.0-rc5-next-20180720+ #12 [ 162.848060] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 162.857429] Call Trace: [ 162.860043] dump_stack+0x1c9/0x2b4 [ 162.863705] ? dump_stack_print_info.cold.2+0x52/0x52 [ 162.868925] ? perf_trace_lock+0x49d/0x920 [ 162.873192] should_fail.cold.4+0xa/0x11 [ 162.877282] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 162.882409] ? lock_acquire+0x1e4/0x540 [ 162.886404] ? dup_fd+0x894/0xf60 [ 162.889889] ? lock_downgrade+0x8f0/0x8f0 [ 162.894072] ? kasan_check_read+0x11/0x20 [ 162.898245] ? do_raw_spin_unlock+0xa7/0x2f0 [ 162.902674] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 162.907277] ? memset+0x31/0x40 [ 162.910592] ? lock_acquire+0x1e4/0x540 [ 162.914588] ? fs_reclaim_acquire+0x20/0x20 [ 162.918932] ? lock_downgrade+0x8f0/0x8f0 [ 162.923113] ? check_same_owner+0x340/0x340 [ 162.927466] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 162.933052] ? put_ctx+0xe5/0x140 [ 162.936531] ? rcu_note_context_switch+0x730/0x730 [ 162.941485] ? perf_event_init_task+0x1fa/0x870 [ 162.946180] __should_failslab+0x124/0x180 [ 162.950525] should_failslab+0x9/0x14 [ 162.954343] kmem_cache_alloc+0x2af/0x760 [ 162.958545] ? kmem_cache_alloc+0x2fc/0x760 [ 162.963233] ? __lockdep_init_map+0x105/0x590 [ 162.967758] copy_fs_struct+0x46/0x2d0 [ 162.971668] copy_process.part.41+0x2e1d/0x73d0 09:51:35 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/autofs\x00', 0x4000, 0x0) getsockopt$ARPT_SO_GET_INFO(r0, 0x0, 0x60, &(0x7f0000000080)={'filter\x00'}, &(0x7f0000000100)=0x44) clone(0x0, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) 09:51:35 executing program 2: mkdir(&(0x7f00000003c0)='./control\x00', 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000480)={0xaa}) ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f0000000200)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = creat(&(0x7f0000000040)='./control/file0\x00', 0x0) write$sndseq(r1, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) mkdir(&(0x7f0000000100)='./file0\x00', 0x0) r2 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000140)='/dev/dsp\x00', 0x0, 0x0) pwrite64(r1, &(0x7f0000000080), 0x0, 0x0) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='9p\x00', 0x0, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c}) close(r0) [ 162.976380] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 162.981938] ? perf_swevent_event+0x158/0x2e0 [ 162.986502] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 162.992065] ? perf_tp_event+0x91b/0xc40 [ 162.996176] ? __cleanup_sighand+0x70/0x70 [ 163.000433] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 163.005992] ? perf_tp_event+0x91b/0xc40 [ 163.010851] ? xas_descend+0x20c/0x5f0 [ 163.014772] ? perf_swevent_event+0x2e0/0x2e0 [ 163.019295] ? perf_swevent_event+0x158/0x2e0 [ 163.023812] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 163.029365] ? perf_tp_event+0x91b/0xc40 [ 163.033443] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 163.038479] ? filemap_map_pages+0xca2/0x1990 [ 163.043000] ? perf_swevent_event+0x2e0/0x2e0 [ 163.047518] ? perf_trace_run_bpf_submit+0x269/0x3b0 [ 163.052643] ? perf_trace_run_bpf_submit+0x269/0x3b0 [ 163.057776] ? perf_tp_event+0xc40/0xc40 [ 163.061868] ? perf_trace_run_bpf_submit+0x269/0x3b0 [ 163.066991] ? perf_trace_run_bpf_submit+0x269/0x3b0 [ 163.072111] ? perf_trace_run_bpf_submit+0x270/0x3b0 09:51:36 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x0, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) getrlimit(0xf, &(0x7f0000000040)) [ 163.077237] ? perf_tp_event+0xc40/0xc40 [ 163.081313] ? zap_class+0x740/0x740 [ 163.085049] ? perf_trace_run_bpf_submit+0x269/0x3b0 [ 163.090174] ? perf_trace_run_bpf_submit+0x269/0x3b0 [ 163.095296] ? perf_trace_run_bpf_submit+0x270/0x3b0 [ 163.100414] ? perf_tp_event+0xc40/0xc40 [ 163.104927] ? zap_class+0x740/0x740 [ 163.108661] ? memset+0x31/0x40 [ 163.111960] ? perf_trace_lock+0x49d/0x920 [ 163.116213] ? perf_trace_run_bpf_submit+0x269/0x3b0 [ 163.121335] ? perf_trace_run_bpf_submit+0x270/0x3b0 [ 163.126459] ? zap_class+0x740/0x740 [ 163.130191] ? __check_object_size+0xa3/0x5d7 [ 163.134706] ? memset+0x31/0x40 [ 163.138018] ? zap_class+0x740/0x740 [ 163.141766] ? __f_unlock_pos+0x19/0x20 [ 163.145757] ? lock_downgrade+0x8f0/0x8f0 [ 163.149926] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 163.155483] ? proc_fail_nth_write+0x9e/0x210 [ 163.160006] ? lock_acquire+0x1e4/0x540 [ 163.164003] _do_fork+0x291/0x12a0 [ 163.167567] ? fork_idle+0x1a0/0x1a0 [ 163.171302] ? fsnotify_first_mark+0x350/0x350 [ 163.175903] ? fsnotify+0x14e0/0x14e0 [ 163.179735] ? __sb_end_write+0xac/0xe0 [ 163.183734] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 163.189286] ? fput+0x130/0x1a0 [ 163.193347] ? ksys_write+0x1ae/0x260 [ 163.197689] ? __ia32_sys_read+0xb0/0xb0 [ 163.201768] ? syscall_slow_exit_work+0x500/0x500 [ 163.206641] __x64_sys_clone+0xbf/0x150 [ 163.210646] do_syscall_64+0x1b9/0x820 [ 163.214559] ? finish_task_switch+0x1d3/0x870 [ 163.219070] ? syscall_return_slowpath+0x5e0/0x5e0 [ 163.224014] ? syscall_return_slowpath+0x31d/0x5e0 09:51:36 executing program 5: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x80000000000002, &(0x7f0000000000)=0x78, 0x4) bind$inet(r1, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1=0xe0000001}, 0x10) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f00000000c0)={0x1, &(0x7f0000f40ff8)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000040)='dctcp\x00', 0x7fff) sendto$inet(r1, &(0x7f0000a88f88), 0xfffffffffffffe6e, 0x20000000, &(0x7f0000e68000)={0x2, 0x4004e23, @local={0xac, 0x14, 0x14, 0xaa}}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000001800)='nv\x00', 0x3) shutdown(r1, 0x1) [ 163.228957] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 163.233991] ? prepare_exit_to_usermode+0x291/0x3b0 [ 163.239034] ? perf_trace_sys_enter+0xb10/0xb10 [ 163.243713] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 163.248938] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 163.254147] RIP: 0033:0x455ab9 [ 163.257339] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 09:51:36 executing program 0: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d34") r1 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x80000000000002, &(0x7f0000000000)=0x78, 0x4) bind$inet(r1, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1=0xe0000001}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000040)='dctcp\x00', 0x7fff) sendto$inet(r1, &(0x7f0000a88f88), 0xfffffffffffffe6e, 0x20000000, &(0x7f0000e68000)={0x2, 0x4004e23, @local={0xac, 0x14, 0x14, 0xaa}}, 0x10) shutdown(r1, 0x1) 09:51:36 executing program 6: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x0, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) r0 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='%{cpuset\x00', 0xffffffffffffff9c}, 0x10) getsockopt$inet_sctp6_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, &(0x7f00000002c0)={0x0, 0xea, "8abde94ef0d02e0cfe11ac2630ba13e730544612e20d873016248addf4ae9cd8576bd5c9dd794d4443053a0c3961d23b9ef554c9539e2db37b365dbc57d53b68c85193bccb74b13cf46a118148cbc59086321374f707ce331f4d6e88e1a66fe32fd537619d5a39eeacc370e9249194f735b466d598d286e502081f8dc5e7f53e5d70d96b80dddfcc470faa9ee6ff8b321d3da66e632697c13a8b83cbcb8e5ebd79c9c41113dc3b039c16b7d831448f8b31228ebe69cdbcd64cc49904a9910776070a80e7f3e01b13684d9d21edecc111086e1e11217acf41d00419a731a7c87655a28593ed8a1fdec7c3"}, &(0x7f00000000c0)=0xf2) setsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(r0, 0x84, 0x18, &(0x7f0000000100)={r1, 0x1}, 0x8) [ 163.277258] RSP: 002b:00007fc93da34c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 163.284986] RAX: ffffffffffffffda RBX: 00007fc93da356d4 RCX: 0000000000455ab9 [ 163.292271] RDX: 0000000020000240 RSI: 0000000020000140 RDI: 0000000000004000 [ 163.299555] RBP: 000000000072bea0 R08: 00000000200002c0 R09: 0000000000000000 [ 163.307123] R10: 0000000020000280 R11: 0000000000000246 R12: 0000000000000014 [ 163.314408] R13: 00000000004bb85d R14: 00000000004c8d28 R15: 0000000000000008 09:51:36 executing program 1: r0 = memfd_create(&(0x7f0000000100)="885d292b00", 0x0) write(r0, &(0x7f0000000340)="2cfce4225444432395b32c162d236a0a8be3e499c14efa425dd813f9223f0982ad2176c8b775ef4b674c37fced7df20c05d0fe25cd257bbcee819c288aa70810c4c66a67d96f9e4cca12c75f8761062a62cd9cde7239bc07c3ae9766e2c0928559875ef754aca1a99ea7d7c192626edeb1571846c0399130b20e268b479da1bc908a73b53e666b825cdd9bd33b50fc7b8f14a0fc6c36371169726126bf03c7568afd992b1334fcb0a1b62cf4769aef70ef3bc3decd43b75e3b7aa95a8bc52c304a5b349e278b85a3dfa5ae4277dc7ea566e01fee05dbd6cbd6fd53125e036c1530e6db5768808ef6ea85ea416cf031b826d80ac8575688e77042d2d55277d637b6c25d1a045b43ae39fd4472e15246eef953fe6346f792f1881272a2a89dca5d2b1cb27dd0b7096103bf0b4ae1ab00c196c307f83c18c98a6ee6632738a3594c7208e8b2fc348e2d3299f53644e2c3ffaf9c8740791421779300c6338eae8e0ed4029fad23c5db4864da7fe5c561051ec6e15c01b559f4ca4959379849ab6b64d80ef821e44d6134ce57c53e4c8bebf203a1bdbd0600000009a2f3fa3bb66862a36f", 0x1a2) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000080)={{&(0x7f0000001000/0x1000)=nil, 0x1000}, 0x3}) r1 = geteuid() getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f00000001c0)={0x0, 0x0, 0x0}, &(0x7f0000000200)=0xc) mount$fuse(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='fuse\x00', 0x200000, &(0x7f0000000240)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x2000}, 0x2c, {'user_id', 0x3d, r1}, 0x2c, {'group_id', 0x3d, r2}, 0x2c, {[{@max_read={'max_read', 0x3d, 0x6}, 0x2c}, {@allow_other='allow_other', 0x2c}, {@max_read={'max_read', 0x3d, 0xcf2}, 0x2c}, {@allow_other='allow_other', 0x2c}, {@default_permissions='default_permissions', 0x2c}]}}) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x11, r0, 0x0) sendfile(r0, r0, &(0x7f0000000040), 0xff8) renameat(0xffffffffffffffff, &(0x7f0000000000)='.\x00', 0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00') ioctl$SCSI_IOCTL_TEST_UNIT_READY(r0, 0x2) 09:51:36 executing program 4 (fault-call:1 fault-nth:9): perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x4000, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) [ 163.464604] FAULT_INJECTION: forcing a failure. [ 163.464604] name failslab, interval 1, probability 0, space 0, times 0 [ 163.475932] CPU: 1 PID: 9705 Comm: syz-executor4 Not tainted 4.18.0-rc5-next-20180720+ #12 [ 163.484337] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 163.493696] Call Trace: [ 163.496291] dump_stack+0x1c9/0x2b4 [ 163.500024] ? dump_stack_print_info.cold.2+0x52/0x52 [ 163.505221] ? __save_stack_trace+0x8d/0xf0 [ 163.509554] ? perf_trace_lock+0xde/0x920 [ 163.513713] should_fail.cold.4+0xa/0x11 [ 163.517786] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 163.522901] ? zap_class+0x740/0x740 [ 163.526624] ? kmem_cache_alloc+0x12e/0x760 [ 163.530954] ? copy_process.part.41+0x2e1d/0x73d0 [ 163.535873] ? __x64_sys_clone+0xbf/0x150 [ 163.540030] ? do_syscall_64+0x1b9/0x820 [ 163.544101] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 163.549480] ? percpu_ref_put_many+0x119/0x240 [ 163.554097] ? lock_release+0xa30/0xa30 [ 163.558076] ? lock_acquire+0x1e4/0x540 [ 163.562045] ? fs_reclaim_acquire+0x20/0x20 [ 163.566368] ? lock_downgrade+0x8f0/0x8f0 [ 163.570516] ? copy_fs_struct+0x240/0x2d0 [ 163.574747] ? check_same_owner+0x340/0x340 [ 163.579063] ? kasan_check_read+0x11/0x20 [ 163.583206] ? rcu_note_context_switch+0x730/0x730 [ 163.588161] __should_failslab+0x124/0x180 [ 163.592389] should_failslab+0x9/0x14 [ 163.596185] kmem_cache_alloc+0x2af/0x760 [ 163.600330] ? _raw_spin_unlock+0x22/0x30 [ 163.604476] copy_process.part.41+0x20d5/0x73d0 [ 163.609140] ? zap_class+0x740/0x740 [ 163.612845] ? zap_class+0x740/0x740 [ 163.616549] ? __cleanup_sighand+0x70/0x70 [ 163.620777] ? lock_release+0xa30/0xa30 [ 163.624742] ? xas_descend+0x20c/0x5f0 [ 163.628612] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 163.633618] ? check_pgprot+0xdf/0x180 [ 163.637502] ? put_page+0x280/0x280 [ 163.641119] ? kasan_check_write+0x14/0x20 [ 163.645385] ? alloc_set_pte+0xaf6/0x1790 [ 163.649520] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 163.654609] ? filemap_map_pages+0xca2/0x1990 [ 163.659093] ? trace_hardirqs_on+0x10/0x10 [ 163.663326] ? xa_set_tag+0x40/0x40 [ 163.666941] ? perf_trace_lock+0xde/0x920 [ 163.671075] ? trace_hardirqs_on+0x10/0x10 [ 163.675304] ? trace_hardirqs_on+0x10/0x10 [ 163.679538] ? trace_hardirqs_on+0x10/0x10 [ 163.683758] ? find_get_entries_tag+0x1410/0x1410 [ 163.688585] ? perf_trace_lock+0xde/0x920 [ 163.692715] ? zap_class+0x740/0x740 [ 163.696413] ? zap_class+0x740/0x740 [ 163.700117] ? zap_class+0x740/0x740 [ 163.703813] ? shrink_dcache_sb+0x350/0x350 [ 163.708129] ? perf_trace_lock+0xde/0x920 [ 163.712257] ? lock_acquire+0x1e4/0x540 [ 163.716212] ? __fdget_pos+0x1bb/0x200 [ 163.720086] ? zap_class+0x740/0x740 [ 163.723800] ? lock_release+0xa30/0xa30 [ 163.727787] ? check_same_owner+0x340/0x340 [ 163.732098] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 163.737618] ? _parse_integer+0x13b/0x190 [ 163.741749] ? perf_trace_lock+0xde/0x920 [ 163.745874] ? _kstrtoull+0x188/0x250 [ 163.749655] ? _parse_integer+0x190/0x190 [ 163.753790] ? zap_class+0x740/0x740 [ 163.757496] ? __check_object_size+0xa3/0x5d7 [ 163.762341] ? lock_acquire+0x1e4/0x540 [ 163.766303] ? get_pid_task+0xd8/0x1a0 [ 163.770191] ? perf_trace_lock+0xde/0x920 [ 163.774325] ? lock_release+0xa30/0xa30 [ 163.778312] ? zap_class+0x740/0x740 [ 163.782031] ? vmf_insert_mixed_mkwrite+0xa0/0xa0 [ 163.786862] ? __f_unlock_pos+0x19/0x20 [ 163.790823] ? lock_downgrade+0x8f0/0x8f0 [ 163.794954] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 163.800472] ? proc_fail_nth_write+0x9e/0x210 [ 163.804964] ? lock_acquire+0x1e4/0x540 [ 163.808934] _do_fork+0x291/0x12a0 [ 163.812465] ? fork_idle+0x1a0/0x1a0 [ 163.816163] ? fsnotify_first_mark+0x350/0x350 [ 163.820728] ? fsnotify+0x14e0/0x14e0 [ 163.824527] ? __sb_end_write+0xac/0xe0 [ 163.828494] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 163.834022] ? fput+0x130/0x1a0 [ 163.837292] ? ksys_write+0x1ae/0x260 [ 163.841085] ? __ia32_sys_read+0xb0/0xb0 [ 163.845128] ? syscall_slow_exit_work+0x500/0x500 [ 163.849953] __x64_sys_clone+0xbf/0x150 [ 163.853920] do_syscall_64+0x1b9/0x820 [ 163.857788] ? finish_task_switch+0x1d3/0x870 [ 163.862800] ? syscall_return_slowpath+0x5e0/0x5e0 [ 163.867721] ? syscall_return_slowpath+0x31d/0x5e0 [ 163.872659] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 163.878640] ? prepare_exit_to_usermode+0x291/0x3b0 [ 163.883662] ? perf_trace_sys_enter+0xb10/0xb10 [ 163.888327] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 163.893157] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 163.898330] RIP: 0033:0x455ab9 09:51:36 executing program 7: syz_mount_image$vfat(&(0x7f0000000140)='vfat\x00', &(0x7f0000000100)='./file0\x00', 0x10001, 0x1, &(0x7f0000000040)=[{&(0x7f0000010000)}], 0x0, &(0x7f0000000240)=ANY=[]) r0 = open(&(0x7f00000001c0)='./file0/file0\x00', 0x3bffa, 0x0) io_setup(0x7, &(0x7f0000000000)=0x0) write$binfmt_elf32(r0, &(0x7f0000000180)=ANY=[@ANYRES64], 0xfffffe45) io_submit(r1, 0x1, &(0x7f0000000400)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r0, &(0x7f00000002c0)="80", 0x1}]) 09:51:36 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x0, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000040), &(0x7f0000000080)="7d8ecdef59224b2ef4bdfa4d69dafac716e9328640a7dd7d1e0a0e4c9e407fe68201dac7038f9ff581994f45985b45907acb8113c758a6b4f50af232f2e4f20d1015093358b306a5056d15c814c62f3dba53c5a6ccb32ff3f5f30fe8ab0801b15a33f5b57580531fa7f22f384bad6b6c7b9a91c82c0de663c86efecea8594b7e5805f72bc3fff5073b64e54814e1e5bbfe420b4f") r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x2, 0x505100) ioctl$LOOP_GET_STATUS(r0, 0x4c03, &(0x7f0000000280)) 09:51:36 executing program 6: r0 = syz_open_dev$audion(&(0x7f0000000080)='/dev/audio#\x00', 0x3f, 0x628aaa78c7c1b426) ioctl$PPPIOCGCHAN(r0, 0x80047437, &(0x7f00000000c0)) fchdir(r0) ioctl(r0, 0x9, &(0x7f00000002c0)="4424f9a95d1b3f9c998cf3894cb92aeb5239b41382291b03e48d6df4b300087497fac2bc4100971653c5496dbadc25d65d1c202e2e27b085ad11ff83744765d999b1cf29d366a1e62f57d0f79beb9095f0901db50507c0629bc625d097b057990e971abe5376a3a4432f4560d07332d17168cd8c851a9eafeb1a8520d9713be99006") perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x0, &(0x7f0000000080), &(0x7f0000000040), &(0x7f0000000280), &(0x7f0000000080)) 09:51:36 executing program 1: r0 = memfd_create(&(0x7f0000000100)="885d292b00", 0x0) write(r0, &(0x7f0000000080)="e8", 0xffffffffffffffb3) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x11, r0, 0x0) sendfile(r0, r0, &(0x7f0000000040), 0xff8) setsockopt$inet6_opts(r0, 0x29, 0x3f, &(0x7f00000001c0)=@routing={0x32, 0xe, 0x3, 0x20, 0x0, [@remote={0xfe, 0x80, [], 0xbb}, @remote={0xfe, 0x80, [], 0xbb}, @empty, @remote={0xfe, 0x80, [], 0xbb}, @dev={0xfe, 0x80, [], 0xb}, @dev={0xfe, 0x80, [], 0xa}, @ipv4={[], [0xff, 0xff], @dev={0xac, 0x14, 0x14, 0x21}}]}, 0x78) renameat(0xffffffffffffffff, &(0x7f0000000000)='.\x00', 0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00') getsockopt$inet_sctp_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f0000000140), &(0x7f0000000180)=0x4) 09:51:36 executing program 4 (fault-call:1 fault-nth:10): perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x4000, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) [ 163.901499] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 163.920706] RSP: 002b:00007fc93da34c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 163.928401] RAX: ffffffffffffffda RBX: 00007fc93da356d4 RCX: 0000000000455ab9 [ 163.935663] RDX: 0000000020000240 RSI: 0000000020000140 RDI: 0000000000004000 [ 163.942940] RBP: 000000000072bea0 R08: 00000000200002c0 R09: 0000000000000000 [ 163.950205] R10: 0000000020000280 R11: 0000000000000246 R12: 0000000000000014 [ 163.957458] R13: 00000000004bb85d R14: 00000000004c8d28 R15: 0000000000000009 [ 164.012733] FAULT_INJECTION: forcing a failure. [ 164.012733] name failslab, interval 1, probability 0, space 0, times 0 [ 164.024053] CPU: 0 PID: 9722 Comm: syz-executor4 Not tainted 4.18.0-rc5-next-20180720+ #12 [ 164.032464] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 164.041835] Call Trace: [ 164.044437] dump_stack+0x1c9/0x2b4 [ 164.048087] ? dump_stack_print_info.cold.2+0x52/0x52 [ 164.053297] ? perf_trace_lock+0x49d/0x920 [ 164.057559] should_fail.cold.4+0xa/0x11 [ 164.061637] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 164.066765] ? is_bpf_text_address+0xae/0x170 [ 164.071275] ? lock_downgrade+0x8f0/0x8f0 [ 164.075441] ? lock_release+0xa30/0xa30 [ 164.079438] ? perf_trace_run_bpf_submit+0x269/0x3b0 [ 164.084560] ? rcu_cleanup_dead_rnp+0x200/0x200 [ 164.089257] ? lock_acquire+0x1e4/0x540 [ 164.093256] ? fs_reclaim_acquire+0x20/0x20 [ 164.097596] ? lock_downgrade+0x8f0/0x8f0 [ 164.101771] ? check_same_owner+0x340/0x340 [ 164.106103] ? memset+0x31/0x40 09:51:37 executing program 1: r0 = memfd_create(&(0x7f0000000100)="885d292b00", 0x0) write(r0, &(0x7f0000000080)="17", 0x18e3ef4e785732a5) connect$vsock_dgram(r0, &(0x7f0000000140)={0x28, 0x0, 0xffffffff, @reserved=0x1}, 0x10) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x11, r0, 0x0) sendfile(r0, r0, &(0x7f0000000040), 0xff8) renameat(0xffffffffffffffff, &(0x7f0000000000)='.\x00', 0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00') [ 164.109398] ? rcu_note_context_switch+0x730/0x730 [ 164.114346] __should_failslab+0x124/0x180 [ 164.118598] should_failslab+0x9/0x14 [ 164.122935] kmem_cache_alloc+0x2af/0x760 [ 164.127097] ? zap_class+0x740/0x740 [ 164.130840] ? kmem_cache_alloc+0x12e/0x760 [ 164.135179] ? _do_fork+0x291/0x12a0 [ 164.138908] ? __x64_sys_clone+0xbf/0x150 [ 164.143071] ? do_syscall_64+0x1b9/0x820 [ 164.147153] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 164.152606] copy_signal+0x175/0xcc0 [ 164.156335] ? sighand_ctor+0x50/0x50 09:51:37 executing program 2: mkdir(&(0x7f00000003c0)='./control\x00', 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000480)={0xaa}) ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f0000000200)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = creat(&(0x7f0000000040)='./control/file0\x00', 0x0) write$sndseq(r1, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) mkdir(&(0x7f0000000100)='./file0\x00', 0x0) r2 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000140)='/dev/dsp\x00', 0x0, 0x0) pwrite64(r1, &(0x7f0000000080), 0x0, 0x0) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='9p\x00', 0x0, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c}) close(r0) [ 164.160148] ? lock_downgrade+0x8f0/0x8f0 [ 164.164316] ? lock_release+0xa30/0xa30 [ 164.168305] ? memcg_kmem_get_cache+0x3a9/0x9d0 [ 164.172797] FAT-fs (loop7): bogus number of reserved sectors [ 164.172990] ? mem_cgroup_handle_over_high+0x130/0x130 [ 164.178826] FAT-fs (loop7): Can't find a valid FAT filesystem [ 164.184026] ? fs_reclaim_acquire+0x20/0x20 [ 164.184046] ? lock_downgrade+0x8f0/0x8f0 [ 164.184070] ? lock_acquire+0x1e4/0x540 [ 164.202341] ? copy_process.part.41+0x2254/0x73d0 [ 164.207226] ? lock_downgrade+0x8f0/0x8f0 09:51:37 executing program 3: r0 = creat(&(0x7f0000000040)='./file0\x00', 0x10) setsockopt$inet_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f00000002c0)={@in={{0x2, 0x4e20, @multicast2=0xe0000002}}, 0x2, 0x2, 0x40, "c8020b4a9aaacc22d43de4ed98714a9a60b52c7a62b82efe716255fb2140bb8aeb6b1351b9c7df62a88d70c12d55e388b2136a411487d3cc33f943cef64a0db8be6ae55cb5eda6ea52dd71033427a5c6"}, 0xd8) ioctl$TUNSETVNETBE(r0, 0x400454de, &(0x7f0000000080)) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, r0, 0x0) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x104e21, @local={0xac, 0x14, 0x14, 0xaa}}, 0x10) clone(0x0, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) 09:51:37 executing program 0: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d34") r1 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x80000000000002, &(0x7f0000000000)=0x78, 0x4) bind$inet(r1, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1=0xe0000001}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000040)='dctcp\x00', 0x7fff) sendto$inet(r1, &(0x7f0000a88f88), 0xfffffffffffffe6e, 0x20000000, &(0x7f0000e68000)={0x2, 0x4004e23, @local={0xac, 0x14, 0x14, 0xaa}}, 0x10) shutdown(r1, 0x1) [ 164.211400] ? kasan_check_read+0x11/0x20 [ 164.215559] ? do_raw_spin_unlock+0xa7/0x2f0 [ 164.219983] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 164.224584] ? kasan_check_write+0x14/0x20 [ 164.228835] ? do_raw_spin_lock+0xc1/0x200 [ 164.233090] copy_process.part.41+0x2268/0x73d0 [ 164.237777] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 164.243338] ? perf_swevent_event+0x158/0x2e0 [ 164.247863] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 164.253418] ? perf_tp_event+0x91b/0xc40 [ 164.257518] ? __cleanup_sighand+0x70/0x70 09:51:37 executing program 5: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x80000000000002, &(0x7f0000000000)=0x78, 0x4) bind$inet(r1, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1=0xe0000001}, 0x10) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f00000000c0)={0x1, &(0x7f0000f40ff8)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000040)='dctcp\x00', 0x7fff) sendto$inet(r1, &(0x7f0000a88f88), 0xfffffffffffffe6e, 0x20000000, &(0x7f0000e68000)={0x2, 0x4004e23, @local={0xac, 0x14, 0x14, 0xaa}}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000001800)='nv\x00', 0x3) shutdown(r1, 0x1) [ 164.261772] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 164.267321] ? perf_tp_event+0x91b/0xc40 [ 164.271396] ? xas_descend+0x20c/0x5f0 [ 164.275305] ? perf_swevent_event+0x2e0/0x2e0 [ 164.280614] ? perf_swevent_event+0x158/0x2e0 [ 164.285128] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 164.290683] ? perf_tp_event+0x91b/0xc40 [ 164.294759] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 164.299794] ? filemap_map_pages+0xca2/0x1990 [ 164.304317] ? perf_swevent_event+0x2e0/0x2e0 [ 164.308843] ? perf_trace_run_bpf_submit+0x269/0x3b0 [ 164.313968] ? perf_trace_run_bpf_submit+0x269/0x3b0 [ 164.319095] ? perf_tp_event+0xc40/0xc40 [ 164.323175] ? perf_trace_run_bpf_submit+0x269/0x3b0 [ 164.328298] ? perf_trace_run_bpf_submit+0x269/0x3b0 [ 164.333414] ? perf_trace_run_bpf_submit+0x270/0x3b0 [ 164.338538] ? perf_tp_event+0xc40/0xc40 [ 164.342615] ? zap_class+0x740/0x740 [ 164.346352] ? perf_trace_run_bpf_submit+0x269/0x3b0 [ 164.351472] ? perf_trace_run_bpf_submit+0x269/0x3b0 [ 164.356590] ? perf_trace_run_bpf_submit+0x270/0x3b0 [ 164.361716] ? perf_tp_event+0xc40/0xc40 [ 164.365803] ? zap_class+0x740/0x740 [ 164.369535] ? memset+0x31/0x40 [ 164.372819] ? perf_trace_lock+0x49d/0x920 [ 164.377048] ? perf_trace_run_bpf_submit+0x269/0x3b0 [ 164.382144] ? perf_trace_run_bpf_submit+0x270/0x3b0 [ 164.387246] ? zap_class+0x740/0x740 [ 164.390957] ? __check_object_size+0xa3/0x5d7 [ 164.395445] ? memset+0x31/0x40 [ 164.398739] ? zap_class+0x740/0x740 [ 164.402452] ? __f_unlock_pos+0x19/0x20 [ 164.406414] ? lock_downgrade+0x8f0/0x8f0 [ 164.410553] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 164.416080] ? proc_fail_nth_write+0x9e/0x210 [ 164.420576] ? lock_acquire+0x1e4/0x540 [ 164.424547] _do_fork+0x291/0x12a0 [ 164.428093] ? fork_idle+0x1a0/0x1a0 [ 164.431800] ? fsnotify_first_mark+0x350/0x350 [ 164.436380] ? fsnotify+0x14e0/0x14e0 [ 164.440276] ? __sb_end_write+0xac/0xe0 [ 164.444242] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 164.449767] ? fput+0x130/0x1a0 [ 164.453037] ? ksys_write+0x1ae/0x260 [ 164.456854] ? __ia32_sys_read+0xb0/0xb0 [ 164.460902] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 164.466435] __x64_sys_clone+0xbf/0x150 [ 164.470400] do_syscall_64+0x1b9/0x820 [ 164.474276] ? finish_task_switch+0x1d3/0x870 [ 164.478763] ? syscall_return_slowpath+0x5e0/0x5e0 [ 164.483694] ? syscall_return_slowpath+0x31d/0x5e0 [ 164.489310] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 164.494326] ? prepare_exit_to_usermode+0x291/0x3b0 [ 164.499341] ? perf_trace_sys_enter+0xb10/0xb10 [ 164.504004] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 164.508851] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 164.514030] RIP: 0033:0x455ab9 [ 164.517201] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 164.536581] RSP: 002b:00007fc93da34c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 164.544282] RAX: ffffffffffffffda RBX: 00007fc93da356d4 RCX: 0000000000455ab9 [ 164.551541] RDX: 0000000020000240 RSI: 0000000020000140 RDI: 0000000000004000 09:51:37 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x0, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) r0 = syz_open_dev$sndpcmp(&(0x7f0000000040)='/dev/snd/pcmC#D#p\x00', 0x5, 0x40000) ioctl$RTC_EPOCH_READ(r0, 0x8008700d, &(0x7f0000000080)) [ 164.558805] RBP: 000000000072bea0 R08: 00000000200002c0 R09: 0000000000000000 [ 164.566063] R10: 0000000020000280 R11: 0000000000000246 R12: 0000000000000014 [ 164.573329] R13: 00000000004bb85d R14: 00000000004c8d28 R15: 000000000000000a 09:51:37 executing program 1: r0 = memfd_create(&(0x7f0000000100)="885d292b00", 0x0) write(r0, &(0x7f0000000080)="a8", 0x1) getsockopt$EBT_SO_GET_ENTRIES(r0, 0x0, 0x81, &(0x7f00000011c0)={'nat\x00', 0x0, 0x4, 0x1000, [], 0x7, &(0x7f0000000140)=[{}, {}, {}, {}, {}, {}, {}], &(0x7f00000001c0)=""/4096}, &(0x7f0000001240)=0x78) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x11, r0, 0x0) sendfile(r0, r0, &(0x7f0000000040), 0xff8) renameat(0xffffffffffffffff, &(0x7f0000000000)='.\x00', 0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00') 09:51:37 executing program 6: r0 = perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x0, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000140)='/dev/sequencer2\x00', 0x40100, 0x0) bind$bt_l2cap(r1, &(0x7f0000000200)={0x1f, 0xffffffff, {0x9, 0x8001, 0x8000, 0x7, 0x3, 0x100000001}, 0x6, 0x8000}, 0xe) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000100)=0x0) perf_event_open(&(0x7f0000000080)={0x1, 0x70, 0xd89b, 0x3f, 0x9, 0x5, 0x0, 0xa7, 0x40000, 0x2, 0xfffffffffffffff8, 0xfffffffffffffffd, 0x4, 0x6, 0x40, 0xfffffffffffffe3f, 0x7, 0xfd32, 0x0, 0x1d58, 0x101, 0xb57a, 0x10000, 0x800, 0x4, 0x400, 0x1, 0x6d0, 0x3, 0x4, 0x3ff, 0x3, 0x4, 0x2, 0x1f, 0x2, 0x81, 0x7ff, 0x0, 0xe, 0x3, @perf_bp={&(0x7f0000000040), 0x8}, 0x1, 0xc0, 0xde6, 0x7, 0x0, 0x7ff, 0xcb4a}, r2, 0x2, r0, 0xb) 09:51:37 executing program 4 (fault-call:1 fault-nth:11): perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x4000, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) 09:51:37 executing program 2: mkdir(&(0x7f00000003c0)='./control\x00', 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000480)={0xaa}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000200)={{&(0x7f0000011000/0x3000)=nil, 0x3000}}) r1 = creat(&(0x7f0000000040)='./control/file0\x00', 0x0) write$sndseq(r1, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) mkdir(&(0x7f0000000100)='./file0\x00', 0x0) r2 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000140)='/dev/dsp\x00', 0x0, 0x0) pwrite64(r1, &(0x7f0000000080), 0x0, 0x0) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='9p\x00', 0x0, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c}) close(r0) 09:51:37 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0xff, 0x1) getsockopt$inet_int(r0, 0x0, 0xa, &(0x7f0000000080), &(0x7f00000000c0)=0x4) clone(0x0, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f0000000100)="d8420361dd3232735b31dc65e51f9116e03efb665d69a93b5d742a8e31ac8009e1698cb5fbc899de9d9a573e1763b911de4f450f11731af93fc1caee42c58f7df7163ccd5263a92c94c110b5e9d236c6cc81a1bd42b1c68af34c2e61c1a0aedc5a75dc5f") ioctl$KVM_ASSIGN_DEV_IRQ(r0, 0x4040ae70, &(0x7f0000000200)={0x34fe, 0x4, 0x8, 0x404}) [ 165.017954] FAULT_INJECTION: forcing a failure. [ 165.017954] name failslab, interval 1, probability 0, space 0, times 0 [ 165.030243] CPU: 1 PID: 9776 Comm: syz-executor4 Not tainted 4.18.0-rc5-next-20180720+ #12 [ 165.038655] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 165.048011] Call Trace: [ 165.050611] dump_stack+0x1c9/0x2b4 [ 165.054240] ? dump_stack_print_info.cold.2+0x52/0x52 [ 165.059431] ? perf_trace_lock+0xde/0x920 [ 165.063602] should_fail.cold.4+0xa/0x11 [ 165.067681] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 165.072799] ? kasan_check_read+0x11/0x20 [ 165.076957] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 165.081551] ? kasan_check_write+0x14/0x20 [ 165.085796] ? do_raw_spin_lock+0xc1/0x200 [ 165.090042] ? copy_signal+0xfc/0xcc0 [ 165.093836] ? sighand_ctor+0x50/0x50 [ 165.097648] ? lock_downgrade+0x8f0/0x8f0 [ 165.101922] ? lock_acquire+0x1e4/0x540 [ 165.105912] ? fs_reclaim_acquire+0x20/0x20 [ 165.110241] ? lock_downgrade+0x8f0/0x8f0 [ 165.114396] ? lock_downgrade+0x8f0/0x8f0 [ 165.118559] ? check_same_owner+0x340/0x340 [ 165.122893] ? rcu_note_context_switch+0x730/0x730 [ 165.127836] __should_failslab+0x124/0x180 [ 165.132085] should_failslab+0x9/0x14 [ 165.135890] kmem_cache_alloc+0x2af/0x760 [ 165.140038] ? kasan_check_write+0x14/0x20 [ 165.144264] ? do_raw_spin_lock+0xc1/0x200 [ 165.148497] copy_process.part.41+0x24bc/0x73d0 [ 165.153169] ? zap_class+0x740/0x740 [ 165.156881] ? zap_class+0x740/0x740 [ 165.160591] ? __cleanup_sighand+0x70/0x70 [ 165.164827] ? lock_release+0xa30/0xa30 [ 165.168806] ? xas_descend+0x20c/0x5f0 [ 165.172701] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 165.177721] ? check_pgprot+0xdf/0x180 [ 165.181612] ? put_page+0x280/0x280 [ 165.185249] ? kasan_check_write+0x14/0x20 [ 165.189495] ? alloc_set_pte+0xaf6/0x1790 [ 165.193655] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 165.198677] ? filemap_map_pages+0xca2/0x1990 [ 165.203160] ? trace_hardirqs_on+0x10/0x10 [ 165.207390] ? xa_set_tag+0x40/0x40 [ 165.211013] ? perf_trace_lock+0xde/0x920 [ 165.215150] ? trace_hardirqs_on+0x10/0x10 [ 165.219367] ? trace_hardirqs_on+0x10/0x10 [ 165.223588] ? trace_hardirqs_on+0x10/0x10 [ 165.227829] ? find_get_entries_tag+0x1410/0x1410 [ 165.232657] ? perf_trace_lock+0xde/0x920 [ 165.236789] ? zap_class+0x740/0x740 [ 165.240482] ? zap_class+0x740/0x740 [ 165.244174] ? zap_class+0x740/0x740 [ 165.247870] ? shrink_dcache_sb+0x350/0x350 [ 165.252172] ? perf_trace_lock+0xde/0x920 [ 165.256299] ? lock_acquire+0x1e4/0x540 [ 165.260256] ? __fdget_pos+0x1bb/0x200 [ 165.264145] ? zap_class+0x740/0x740 [ 165.267848] ? lock_release+0xa30/0xa30 [ 165.271805] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 165.277323] ? _parse_integer+0x13b/0x190 [ 165.281453] ? perf_trace_lock+0xde/0x920 [ 165.285582] ? _kstrtoull+0x188/0x250 [ 165.289363] ? _parse_integer+0x190/0x190 [ 165.293494] ? zap_class+0x740/0x740 [ 165.297190] ? __check_object_size+0xa3/0x5d7 [ 165.301673] ? lock_acquire+0x1e4/0x540 [ 165.305629] ? get_pid_task+0xd8/0x1a0 [ 165.309497] ? perf_trace_lock+0xde/0x920 [ 165.313629] ? lock_release+0xa30/0xa30 [ 165.317585] ? zap_class+0x740/0x740 [ 165.321284] ? vmf_insert_mixed_mkwrite+0xa0/0xa0 [ 165.326109] ? __f_unlock_pos+0x19/0x20 [ 165.330065] ? lock_downgrade+0x8f0/0x8f0 [ 165.334212] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 165.339732] ? proc_fail_nth_write+0x9e/0x210 [ 165.344224] ? lock_acquire+0x1e4/0x540 [ 165.348213] _do_fork+0x291/0x12a0 [ 165.351746] ? fork_idle+0x1a0/0x1a0 [ 165.355443] ? fsnotify_first_mark+0x350/0x350 [ 165.360025] ? fsnotify+0x14e0/0x14e0 [ 165.363814] ? __sb_end_write+0xac/0xe0 [ 165.367772] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 165.373292] ? fput+0x130/0x1a0 [ 165.376552] ? ksys_write+0x1ae/0x260 [ 165.380333] ? __ia32_sys_read+0xb0/0xb0 [ 165.384372] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 165.389905] __x64_sys_clone+0xbf/0x150 [ 165.393863] do_syscall_64+0x1b9/0x820 [ 165.397729] ? finish_task_switch+0x1d3/0x870 [ 165.402207] ? syscall_return_slowpath+0x5e0/0x5e0 [ 165.407116] ? syscall_return_slowpath+0x31d/0x5e0 [ 165.412035] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 165.417040] ? prepare_exit_to_usermode+0x291/0x3b0 [ 165.422047] ? perf_trace_sys_enter+0xb10/0xb10 [ 165.426713] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 165.431548] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 165.436721] RIP: 0033:0x455ab9 [ 165.439884] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 165.459057] RSP: 002b:00007fc93da34c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 09:51:38 executing program 7: syz_mount_image$vfat(&(0x7f0000000140)='vfat\x00', &(0x7f0000000100)='./file0\x00', 0x10001, 0x1, &(0x7f0000000040)=[{&(0x7f0000010000)}], 0x0, &(0x7f0000000240)=ANY=[]) r0 = open(&(0x7f00000001c0)='./file0/file0\x00', 0x3bffa, 0x0) io_setup(0x7, &(0x7f0000000000)=0x0) write$binfmt_elf32(r0, &(0x7f0000000180)=ANY=[@ANYRES64], 0xfffffe45) io_submit(r1, 0x1, &(0x7f0000000400)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r0, &(0x7f00000002c0)="80", 0x1}]) 09:51:38 executing program 6: r0 = socket$can_bcm(0x1d, 0x2, 0x2) ioctl$sock_inet_SIOCSIFNETMASK(r0, 0x891c, &(0x7f0000000040)={'bpq0\x00', {0x2, 0x4e22, @rand_addr=0x90000000000000}}) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x0, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) 09:51:38 executing program 1: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000003c0)='cgroup.events\x00', 0x0, 0x0) ioctl$EVIOCGSND(r0, 0x8040451a, &(0x7f0000000400)=""/37) r1 = memfd_create(&(0x7f0000000100)="885d292b00", 0x0) write(r1, &(0x7f0000000080)="a8", 0x1) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x11, r1, 0x0) sendfile(r1, r1, &(0x7f0000000040), 0xff8) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000014c0)={r1, 0x0, 0x1000, 0x57, &(0x7f0000000440)="616d2444387b4010d33601a8456154305b41367832fe81ca5755413447e2859cf9bc94302f19ec36a434033e9824ad12153fa77ee4e54cbc6a74f91fd0582799232eb844edc3a068ad621f17a14e4cd76e595b9bec2723a54dbf60913ae844b6acd20df7b237c0d0d7bfd6eca3e966dcee2a4220b775b53eb7a66abac281dda5184c35445fbf05be4d86f7189e2dfd31eca66206d004136e344296e8a97f4d59d1056e87bb073ab59cbd6abe8a32670ce0a3c09a8d3353848b606ce9bf918b446e10285ce6f4618d1a8985409e16747a44223ea4dd5c230f224a50417e2b883c750fc45712b6cad6410f63609d0ede9c309180ede3382efd8fa043137d665a1a3a00f92dc360d4ad7fd04997cccf96ca8e477e7827e761644c2a5266013f9cc433b81682cb1197848195c6bc2cadf89fb72ade9b6cac86d3ef4c74fd6842d38dba6c0eabc12183a2ac3b30d164e5f837a3620befd6c49991f773553a7dd8558eaaa194c82a2e6c0643da6978b9abc54dcd0b4b1c82e61de98934abfad8203a9e8b30f65fe305f8c6119ed36995e99c23ab61066ab694d371a720448265c5ffcf4c0e7e67b2e3510c9c38cef01e8b29806a37a6002954302ede649c77dd0246126a3bf92f3005099cee90c8f9fd1b50a1e268c47cfccc33f0634eda500900ab559efd6857c649efa8e8b4845e19ce599bb0c114632f23e33092d9762fc0f532d3c5f6394066dd6f7df5acc5501b568cc51581484ca237d698daab4b2f96a5b4d94cee551a53ae74eb35caf94c49ff9fb852241bc7a5e9c62ddc4a313ba33944f49529c381309f137aa5e961a4284b145a762b1c3337edce64ca715f637fe1b159a5c7a6446b17d56dc8f81b9a9cd209b1d0e119c7c7abf9c35b840eb15b3e47bf09623b7a356f1dc21e8d72431e86334fde33aedb452fc2623a0bbda4c2bd82bf5163a5f32d57fc80d4c737e5d1b19c6e29a8a96a8fd5889fccfcc908d96242d653772e5938e92408eeb450406043de343cac5cb1a4e644c143584a8a7bdac169ee17ad233c018a80765b67797e073198fb0003385bd9b724ea7f9c2ede67282aa01f49d06b69d87feefc980162270213768590c773ba61fade619684e1a79bfbd53ede2e4004c4f0225fece9450b1ff9fc8b93327676be9735860b7877d23c14c7177b2e7d6fc0073c40abcf4982d674851517a6b95e9da21ae9fddf0b82664e5a7059e0930c9b4d3413082c3215ac3fa12340ce2bcc7b21981b5f1cd939963c6ae764e5d85e307b5921403b5e53deffe9e7fda827bc430d0e928adb86f213eebcecdf70fcc9d26f9e6bdc2289baf525215d537cb8c7e8f4f32901b4be2740470fbe70d499fbdbcc79367583b39fb010e29e93b14056d3ae3d99af29619ae26a64320c40b79cac555f16c2e07317fe6ccaf48163b70f7332a0bbddcd3e7ed77ea77968b51bace6535cb870bbba08e89261472072249c98b6e48a737504a83a6c4f70b5c1cd7d574f8aa75a93a032497d6499badbfa74f4283ffcb0f6eaf161bdf664e2597b661ea74cbae52547d06dedd5dc7aaa5160a052e1b3706bc57c559b6abf567e8329db924ee039193598477cd0a3bcfb176aa475f97f439fd1e7eff92df63e937ca0b8b1eb9167a91c78f1e96185ae0acf9e8b0dc68a5de475a2487328ac682e473a36e8f67037b2279a4c8a19d91f165dcb2d9ce0fece5c043a139aecc8a2be938e34b0ed0ec39e87c7d811292985378093bf375088e7d0c2fb5eb9721e19c9215d18f13cb0ddceaf94eac09e130e516f79ffe7601dba849df6d64fcf70e8afbbb48f48f9d8a0af7edbec002650e4f78ba44cb25026c14a1dfcde3b0990a1595c49a5866b35cbd4b9e2dd7618ac2159a7113f9aa8d531d66d619c379411bcf7dd85f56a83a7752efd1c8a5dbefa9d3d33338b0926e9e8c38d6ffb0e0d1face6142ae08f4f79b4d293c78fcc21fb87ca38e523baf3e4641bc1d0931cbaafd1fdffdc5ac6d4e56988abf0e0eb84c029b5093a38ed37f70ade7c598cb900dcb42c7a8fa6c84d7159a6664b17cd894053228ce4dd51d2f45042358de9a7fa72b9b322f81861b0e92a0172b079b5be2c96ce8b0eafcdcb4c2b9cd71d0442f88d0e5d95b00e185991c34524a0fa47a170c64086646a2784c68b63c0c282a7ac7d830a1b42e89e523d3f443e931bf8ad23eda076a3a88371fb8d5fd6be22fbbf96257df36770c6e8c5a974e9cd0dc1d99d42e1af30f8e2201a5e2c6f9b4d42a925ecd9f653669fb06ab6a5ed6bcd672b1675740650b796256174b4acd49b31d627b0b9ea1987e7c196a4a3cc75025c562d92d182ace0c41ac3eeb97bcd33de3cd6bc55488f35ae614e78054e0a4df8b5758acb71f3049ac384db547a0caed74f671aa41b28e284a81d1d51afea4762957b87058d1ae2877bbddd1e23bce7828ddfbed64b68762b310c0d86da7c09ba4ab66ed01dc76d11e0f388fbe961aaa7acfcc0126f43bf9b5e33f54815c90766c8a797ddfc21bdd4a3b67639e86c1423f40a9e0d7abc4d6198bb79b3fe0c4c9c80cc93e0d648dfc99c2199447e522d07c04fe2802eab54969135991427aed04c2444cea511b29ec14ecf956c6f478780dff267633ec7213492fde90ec0595ceb55b8775c52f63ac7bc6bee549bc4bb9dd713c630299699b06ec610f38f99d5c182bb1f3c5d37ccd70e82e1c19faab10cecf786ef1a27324cf9e597a79b58444c8a5e2f6366872add849324e666ea41e209726c6750675e874239b3d87004696dd2eda54dd8a731086d91e0abc1aaf8548241619b2f6daa3100308f70e6b288097e15aaf6bc6f226a109628ce566e98c4691bb46dac788e42f74a7c34ecca4c2e68d5b2c94da731f793691271a1a28207427cd3126da2e90b46fc5ddd84003a9e63482d2bf1580d2056e8feae40e8b3470f3980b6d8eea98fb2c6230bf4f807ec34561d6d8ede7820e2bdd271322bf1c8d933a264561fcaf7531215b90d6a8f29f0a533edc7a9eea6fa1e61a9d043010968d8c3929e3b948d04fcaf2de7b7bc68c0c4b43dd4d2190aabfb25e6b2b2949458a73912a3cefdb49cb8f7ca8fad6b8baa2ed8361f1209536758110643e99aee71763726b7cd26da483a38125134516df97ee672b807fd83e8b6ed60ad0b36409483a690665f8ff39f1234ad21c3074f821412e3481031c4f4efe90b3e1991c5df3a6af286f11e83b8889b76d8a4664e39f4e72661b11352c6d29ef7409aa19c96827acdf22f2cd914b1bac25be8041882ca82602d4f2a65c8231b80996c83c77d211f799367833f2c636ed92a49a2fefd7d0a9e7e46008a833bc20c6d9e9fb4e9f4698cb04e7ad754d805e73a3991b96f71109e8514f46dadca4bfe26218d84348fb2aeaa140b866174d160b61ddf81d6fcb899da7d0530ae9e402e7f15be7db8a345e3e82968aa4044104c9582ffb9d9264d4ac541904c8432246712172d4b7d119217fd41469c505066d2609fd4f0a6e8d38a1cf295e346368ed4d60dd12980bfaf100851b76c4af8aa7df982cdb8fbb4bf03c732369d7680d4d457d2d0f44609032d0a7a5d2baa8c96856483651c240f9ed179b0cfa216dd6e0160198770c1a65b378dbf38558b79ab0ffbaa0774893bcf527523389a6bf55c7c6c543d865ae366b1cdd7802a9558930132227601dc2818dbe8b5d294d55431c547c30e0c19b2ebb7170c88f8d5006faed6b9cd08899bbeb734e2450d41664aa789bd40d43643847d416f1f3a6a0aa8d0ff60bff1cc61baa406b835616e5f2312486a64efba56b29188840cb7f7d1a935268701f3d4d510d3c261494a6812b54278864bd8ec7b8ba3699039e35e9aec31d1a1401df0b0ff59c1ebe741bbb2fa371661a93dc8697a71c6b07f99e0f563758b927692ee35fc83e2225c63686fdf5c308d17256035c763d2c4e7d3556d4b6381c35d7a231f3f234014cdc483bc92d96eff72d6935c36559ea08b17dd4fefc036b28680efa818143f8b43210c79da581b31eb9cf730cb36b20417d7ac9fa27d4074a4bf9b6dc6aec2ff9c75197f64d21bc4e7553b461a9ecd07398a1d71ca0a6aae12470000d84c682a5e4fca73f7b0497856648a0469b0e761bc5abefc28a6908ed5c39fb8a3b1cd6bd4e85d868b413d82273d12ebda4e0c89f761c5dd384e5ceb68626cc5f431d8880f90f3b9de16d4c63beae73e62c1223c399e236df9f07b0a40bb4afd1911b75efee6aeaa9912535e2674ada35ea96ecd7249b68d12b054f6e37f3a810255eecbe12e382023e38a4a102e353319e5ac4acd9da778bc75de2f46f04cad7f8ca562116c057ad45d7bae0fdb8cb5373c6586b11e14ea8ff37943ef19bf66e652483484d14e6c24c6ce08db07409eb82165f7f78e1ab6f7d3dbe9eae750b7339369e8a18d588074fa4f1068eac99f9ad1291f2b4601b004c85580e00b65da17944e9ca950688b732b24f11fd4ed5c38650ca180eac97583f25b50ede09f5a57ded41ffb274f1a7895fbcd152fa6056a71884d956a41f188be64b38404652bc7c304de1ecdb6f6a380116af78214577c0b3d6180e4906268b4d0a1cfc585a6f597a367497a046d1583adbcde76fece7a5a80d79869f1567a98721350f2d668476461a32fe1a9d99f5a1ab9e59dd5ed138bdafb83d9ffe1564a6a8c3de4044607db46f69535af5dba34fb2908336bd751e91cde466f06f1aba6ffbcccff8c8c0ff9284dc86dd10e21a5552281b7823ad7ad03c7cd64c7b1e1af58449ac93d3c229a44c25a5ffef9132760f30e4b1c171a055850bcf7fba3e4f5bead8b8b0a08c3dae6f7e3af02948a73c7c85773679b30b635dab387a0584ca9ddab720e7c067078f050c28d63a3ce9e2446ede4106b9109e2ebf7a8c7f298b8099f8db09c6db32c7124c2afe9a6c4a4824b09bf4b80c994ca3e693b3e81010d2f24b2f883eca4e5369cb04b588813b12d270559c9ef56dcf860c208762d14a511827f7e2fa27f47c555c0f6ef7c98b81b995062deb0b654ee5905f4bfe227fc46831b5163ca1eeb13e98b7693ddf82a11a6762522670829177f94b8a3a94e353e3ce5533085e808471ac5f41aa003fe0525317aa3eb357ec69b967efae3bf759b38a2bb38858fc679e5f50585ea956cfa6973d0fd5721cee4115f02d7ba6ef257a7e35bf89ba4bf6769bdc171d0005fa4cd881741414528619715f899918703b7b7e116da4eee78eab9ab01f3c41e1ab1b9b3b2ac3428d66fe7dedc435a76a9870f2d3d9c44fefbf284784f283bece7c9728a5650373fdd4c9d6bc45fed6e1a2463576e9a62141830748ed1c6b1ac25ff4ef8a055bb51b186b6867ac1dc7a6e021a08a5b421cd2afbf3871123eec20f7226b22683991308955bbf01e8783bfc6b9f9eb68da573bb320c26bbeb626239663e0530a9e0d65b4c94ce1cd9fb92c9cce06bfccb17feac9161f99926b82cfbf21db3e322abdf69e0df83b74a95387611551807e2eb509721f57c3f589a3ed92f80d677a84b1069c1fcbef5e7db3500f9374d7817043268c579460f6091ee6a1c60da4f334984c09eadd8c3b31d76001c70cd14a3503a6e752a04e707bb37dd26386e6450b1fcf13fb81e72b3d574775f4c83f0eecece6c99ca47ddd65782d79d965a4955b74a574cae7c74f30d30aa9554fe945e131225d42f4c6e58ea6036e27bd7bf09ca194af2e4fb2e29135a8ad0715c74a6c63442014943ea1d8f7b9fb5efff1911462ab016f39b4e03bba7ccaeffd74e9337c6852d580aa8a8ac1cbd48745fe9", &(0x7f0000001440)=""/87, 0x3}, 0x28) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(r1, 0x84, 0x70, &(0x7f0000000240)={0x0, @in6={{0xa, 0x4e21, 0x9, @loopback={0x0, 0x1}, 0x4}}, [0x4, 0x34b, 0x3, 0x0, 0x6, 0xe5e, 0x12f, 0x14e, 0xffff, 0x2, 0x4, 0x1, 0x7, 0x40e, 0x80000001]}, &(0x7f0000000340)=0x100) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r1, 0x84, 0x72, &(0x7f0000000380)={r2, 0x3, 0x10}, 0xc) renameat(0xffffffffffffffff, &(0x7f0000000000)='.\x00', 0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00') close(r1) flistxattr(r1, &(0x7f0000000140)=""/222, 0xde) 09:51:38 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat(0xffffffffffffffff, &(0x7f0000000040)='./file0\x00', 0x80000, 0x4) getsockopt$bt_rfcomm_RFCOMM_CONNINFO(r0, 0x12, 0x2, &(0x7f0000000080)=""/232, &(0x7f0000000200)=0xe8) clone(0x0, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) 09:51:38 executing program 0: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f76") r1 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x80000000000002, &(0x7f0000000000)=0x78, 0x4) bind$inet(r1, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1=0xe0000001}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000040)='dctcp\x00', 0x7fff) sendto$inet(r1, &(0x7f0000a88f88), 0xfffffffffffffe6e, 0x20000000, &(0x7f0000e68000)={0x2, 0x4004e23, @local={0xac, 0x14, 0x14, 0xaa}}, 0x10) shutdown(r1, 0x1) 09:51:38 executing program 5: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x0, &(0x7f0000000000)=0x78, 0x4) bind$inet(r1, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1=0xe0000001}, 0x10) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f00000000c0)={0x1, &(0x7f0000f40ff8)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000040)='dctcp\x00', 0x7fff) sendto$inet(r1, &(0x7f0000a88f88), 0xfffffffffffffe6e, 0x20000000, &(0x7f0000e68000)={0x2, 0x4004e23, @local={0xac, 0x14, 0x14, 0xaa}}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000001800)='nv\x00', 0x3) shutdown(r1, 0x1) 09:51:38 executing program 2: mkdir(&(0x7f00000003c0)='./control\x00', 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000480)={0xaa}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000200)={{&(0x7f0000011000/0x3000)=nil, 0x3000}}) r1 = creat(&(0x7f0000000040)='./control/file0\x00', 0x0) write$sndseq(r1, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) mkdir(&(0x7f0000000100)='./file0\x00', 0x0) r2 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000140)='/dev/dsp\x00', 0x0, 0x0) pwrite64(r1, &(0x7f0000000080), 0x0, 0x0) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='9p\x00', 0x0, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c}) close(r0) [ 165.466751] RAX: ffffffffffffffda RBX: 00007fc93da356d4 RCX: 0000000000455ab9 [ 165.474002] RDX: 0000000020000240 RSI: 0000000020000140 RDI: 0000000000004000 [ 165.481272] RBP: 000000000072bea0 R08: 00000000200002c0 R09: 0000000000000000 [ 165.488521] R10: 0000000020000280 R11: 0000000000000246 R12: 0000000000000014 [ 165.495771] R13: 00000000004bb85d R14: 00000000004c8d28 R15: 000000000000000b 09:51:38 executing program 4 (fault-call:1 fault-nth:12): perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x4000, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) [ 165.612602] FAULT_INJECTION: forcing a failure. [ 165.612602] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 165.624540] CPU: 1 PID: 9810 Comm: syz-executor4 Not tainted 4.18.0-rc5-next-20180720+ #12 [ 165.632943] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 165.642385] Call Trace: [ 165.644987] dump_stack+0x1c9/0x2b4 [ 165.648625] ? dump_stack_print_info.cold.2+0x52/0x52 [ 165.653826] ? perf_trace_lock+0xde/0x920 [ 165.657983] ? trace_hardirqs_on+0x10/0x10 09:51:38 executing program 6: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$mouse(&(0x7f0000000040)='/dev/input/mouse#\x00', 0x9, 0x2000) socket$inet_smc(0x2b, 0x1, 0x0) getsockopt$inet_sctp_SCTP_PR_SUPPORTED(r0, 0x84, 0x71, &(0x7f00000000c0)={0x0, 0x5}, &(0x7f0000000100)=0x8) setsockopt$inet_sctp_SCTP_ADD_STREAMS(r0, 0x84, 0x79, &(0x7f00000002c0)={r1, 0xffffffffffffffff, 0x5}, 0x8) getsockopt$inet_sctp_SCTP_PARTIAL_DELIVERY_POINT(r0, 0x84, 0x13, &(0x7f0000000140)={r1, 0x400}, &(0x7f0000000200)=0x8) unlinkat(r0, &(0x7f0000000080)='./file0\x00', 0x200) r2 = add_key$keyring(&(0x7f00000003c0)='keyring\x00', &(0x7f0000000400)={0x73, 0x79, 0x7a, 0x3}, 0x0, 0x0, 0xfffffffffffffffd) request_key(&(0x7f0000000300)='trusted\x00', &(0x7f0000000340)={0x73, 0x79, 0x7a, 0x3}, &(0x7f0000000380)='lo\x00', r2) clone(0x0, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) [ 165.662235] should_fail.cold.4+0xa/0x11 [ 165.666313] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 165.671507] ? lock_downgrade+0x8f0/0x8f0 [ 165.675663] ? perf_trace_lock+0xde/0x920 [ 165.679817] ? trace_hardirqs_on+0x10/0x10 [ 165.684060] ? zap_class+0x740/0x740 [ 165.687784] ? lock_downgrade+0x8f0/0x8f0 [ 165.691946] ? lock_acquire+0x1e4/0x540 [ 165.695928] ? fs_reclaim_acquire+0x20/0x20 [ 165.700272] ? lock_downgrade+0x8f0/0x8f0 [ 165.704428] ? trace_hardirqs_on+0x10/0x10 [ 165.708703] ? check_same_owner+0x340/0x340 09:51:38 executing program 3: mprotect(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1000004) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$null(0xffffffffffffff9c, &(0x7f0000000040)='/dev/null\x00', 0x8000000400, 0x0) ioctl$KVM_GET_TSC_KHZ(r0, 0xaea3) clone(0x0, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) ioctl$SNDRV_SEQ_IOCTL_QUERY_NEXT_PORT(r0, 0xc0a85352, &(0x7f00000002c0)={{0x400, 0xfffffffffffffffa}, 'port1\x00', 0x40, 0x100000, 0x93, 0x7f, 0x9, 0x7ff, 0x8, 0x0, 0x6, 0x81}) r1 = add_key$user(&(0x7f0000000080)='user\x00', &(0x7f00000000c0)={0x73, 0x79, 0x7a, 0x3}, &(0x7f00000003c0)="e97de010533bf7b26be9d6c35ecd570924576b00af01eabc6740025f7f39fa455d988b253c96f7348db0fe7c6177e3e9cecf470e52cb04f07ff3285b74dab520f6ba79e04297ff60d6f646545784d4620d03067f32f26bbb213edeef6982c6020f76db6a969a596b37dc478109fa1f9307e2548e12cee389f2aa38e5c29e3669d53d0006fe5fe193888efbfcc95ebdf074bc990bac5bd256535fd071f07a2032db4d3740dc8a8e496bd1b7dfd03c8ec3cf17d7a5978620de8e1ec491bfcb7c1886426b14bb34c98f1ddffd49b4888ac43389869dff18f1c3", 0xd8, 0xfffffffffffffffa) keyctl$update(0x2, r1, 0x0, 0x0) [ 165.713034] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 165.718054] ? rcu_note_context_switch+0x730/0x730 [ 165.722998] __alloc_pages_nodemask+0x36e/0xdb0 [ 165.727679] ? __alloc_pages_slowpath+0x2d00/0x2d00 [ 165.732706] ? rcu_is_watching+0x8c/0x150 [ 165.736873] ? rcu_cleanup_dead_rnp+0x200/0x200 [ 165.741572] ? kernel_text_address+0x79/0xf0 [ 165.745990] ? __kernel_text_address+0xd/0x40 [ 165.750492] ? unwind_get_return_address+0x61/0xa0 [ 165.755440] ? __lockdep_init_map+0x105/0x590 09:51:38 executing program 6: r0 = syz_open_dev$mouse(&(0x7f0000000040)='/dev/input/mouse#\x00', 0x8, 0x4000) write$RDMA_USER_CM_CMD_GET_EVENT(r0, &(0x7f0000000080)={0xc, 0x8, 0xfa00, {&(0x7f00000003c0)}}, 0x10) r1 = perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$inet6_IPV6_IPSEC_POLICY(r0, 0x29, 0x22, &(0x7f0000000540)={{{@in6=@local, @in6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@mcast2}, 0x0, @in6}}, &(0x7f0000000140)=0xe8) ioctl$sock_inet6_SIOCADDRT(r0, 0x890b, &(0x7f0000000640)={@mcast2={0xff, 0x2, [], 0x1}, @remote={0xfe, 0x80, [], 0xbb}, @mcast2={0xff, 0x2, [], 0x1}, 0x45a0, 0x8, 0x1200000, 0x100, 0x6, 0x4000000, r2}) syz_mount_image$reiserfs(&(0x7f0000000200)='reiserfs\x00', &(0x7f00000006c0)='./file0\x00', 0xfffffffffffffff9, 0x2, &(0x7f0000000800)=[{&(0x7f0000000700)="787096a6c9fa10253da91ee418abcab4cd3eb010403ae9", 0x17, 0xbf0}, {&(0x7f0000000740)="b49a8876794d9865835804a8c7f720605a4fc527f3cd1f5143d6a460ed51279121b443e45a1f0ff5951e0973f209e8ce58fe873f1a63f6e4fed8c9ffe32dcff07f7f5ca3e9debcd97c6dabdb982cb66c142ac3983ac64a4a9b7fbb06163bcacad01e5b57f01a76b90caeb9b511d5c91e39df32056d51f8dc193cec70a21ffb9cee3da9bf02f6f6d2f3eef90cdcaa9529874b2549cfd839b7a576d7e64a88606438246396c528cd8e38d30120db4915af209e", 0xb2, 0xfffffffffffffffb}], 0x100000, &(0x7f0000000840)={[{@balloc_noborder='block-allocator=noborder', 0x2c}, {@jqfmt_vfsv0='jqfmt=vfsv0', 0x2c}, {@user_xattr='user_xattr', 0x2c}, {@notail='notail', 0x2c}, {@commit={'commit', 0x3d, 0x20}, 0x2c}, {@balloc_no_unhash_reloc='block-allocator=no_unhashed_relocation', 0x2c}, {@noquota='noquota', 0x2c}]}) r3 = dup3(r1, r1, 0x80000) getsockopt$inet_sctp_SCTP_CONTEXT(r3, 0x84, 0x11, &(0x7f0000000900)={0x0, 0x57b}, &(0x7f0000000940)=0x8) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(r0, 0x84, 0x70, &(0x7f0000000980)={r4, @in={{0x2, 0x4e20, @multicast1=0xe0000001}}, [0x7, 0x6, 0x200, 0x8000000000000000, 0x6, 0x101, 0x7fffffff, 0x68, 0x6, 0x17, 0x60, 0x7, 0xfffffffffffffffe, 0xffff, 0xff]}, &(0x7f0000000a80)=0x100) ioctl$KVM_GET_EMULATED_CPUID(r3, 0xc008ae09, &(0x7f00000002c0)=""/213) setsockopt$ARPT_SO_SET_ADD_COUNTERS(r3, 0x0, 0x61, &(0x7f00000000c0)={'filter\x00', 0x4}, 0x68) clone(0x0, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) [ 165.759951] ? lockdep_init_map+0x9/0x10 [ 165.764024] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 165.769570] alloc_pages_current+0x10c/0x210 [ 165.773990] __get_free_pages+0xc/0x40 [ 165.778506] pgd_alloc+0x76/0x3f0 [ 165.781965] ? copy_process.part.41+0x24bc/0x73d0 [ 165.786820] ? pgd_page_get_mm+0x40/0x40 [ 165.790893] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 165.796269] ? __lockdep_init_map+0x105/0x590 [ 165.800781] mm_init+0x757/0xc70 [ 165.804155] ? list_add_tail_rcu+0x200/0x200 [ 165.808569] ? memcg_kmem_get_cache+0x3a9/0x9d0 [ 165.813242] ? mem_cgroup_handle_over_high+0x130/0x130 [ 165.818554] ? fs_reclaim_acquire+0x20/0x20 [ 165.822881] ? lock_downgrade+0x8f0/0x8f0 [ 165.827039] ? percpu_ref_put_many+0x131/0x240 [ 165.831631] ? mem_cgroup_id_get_online+0x310/0x310 [ 165.836650] ? kasan_unpoison_shadow+0x35/0x50 [ 165.841236] ? kasan_kmalloc+0xc4/0xe0 [ 165.845137] ? kasan_slab_alloc+0x12/0x20 [ 165.849296] ? kmem_cache_alloc+0x2fc/0x760 [ 165.853627] ? kasan_check_write+0x14/0x20 [ 165.857868] ? do_raw_spin_lock+0xc1/0x200 09:51:38 executing program 1: r0 = memfd_create(&(0x7f0000000100)="885d292b00", 0x0) futimesat(r0, &(0x7f0000000180)='./file0\x00', &(0x7f00000001c0)={{0x77359400}, {0x77359400}}) write(r0, &(0x7f0000000080)="a8", 0x1) getresuid(&(0x7f0000000200), &(0x7f0000000240), &(0x7f0000000280)=0x0) r2 = geteuid() stat(&(0x7f00000002c0)='./file0\x00', &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0}) setresuid(r1, r2, r3) mmap(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x2004, 0x11, r0, 0x2) sendfile(r0, r0, &(0x7f0000000040), 0xff8) write(r0, &(0x7f0000000140)="4ec50cf8fde027a4ecacbff1d23a35eb21f4f60c53696fc63a5d3d7d", 0x1c) renameat(0xffffffffffffffff, &(0x7f0000000000)='.\x00', 0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00') [ 165.862115] copy_process.part.41+0x2524/0x73d0 [ 165.866801] ? zap_class+0x740/0x740 [ 165.870520] ? zap_class+0x740/0x740 [ 165.874341] ? __cleanup_sighand+0x70/0x70 [ 165.878585] ? lock_release+0xa30/0xa30 [ 165.882753] ? xas_descend+0x20c/0x5f0 [ 165.886645] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 165.892464] ? check_pgprot+0xdf/0x180 [ 165.896360] ? put_page+0x280/0x280 [ 165.899995] ? kasan_check_write+0x14/0x20 [ 165.904243] ? alloc_set_pte+0xaf6/0x1790 [ 165.908406] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 165.913429] ? filemap_map_pages+0xca2/0x1990 [ 165.917936] ? trace_hardirqs_on+0x10/0x10 [ 165.922179] ? xa_set_tag+0x40/0x40 [ 165.925811] ? perf_trace_lock+0xde/0x920 [ 165.929966] ? trace_hardirqs_on+0x10/0x10 [ 165.934210] ? trace_hardirqs_on+0x10/0x10 [ 165.938456] ? trace_hardirqs_on+0x10/0x10 [ 165.942704] ? find_get_entries_tag+0x1410/0x1410 [ 165.947565] ? perf_trace_lock+0xde/0x920 [ 165.951806] ? zap_class+0x740/0x740 [ 165.955527] ? zap_class+0x740/0x740 [ 165.959241] ? zap_class+0x740/0x740 [ 165.962966] ? shrink_dcache_sb+0x350/0x350 [ 165.967292] ? perf_trace_lock+0xde/0x920 [ 165.971442] ? lock_acquire+0x1e4/0x540 [ 165.975424] ? __fdget_pos+0x1bb/0x200 [ 165.979321] ? zap_class+0x740/0x740 [ 165.983042] ? lock_release+0xa30/0xa30 [ 165.987026] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 165.992571] ? _parse_integer+0x13b/0x190 [ 165.996736] ? perf_trace_lock+0xde/0x920 [ 166.000896] ? _kstrtoull+0x188/0x250 [ 166.004707] ? _parse_integer+0x190/0x190 [ 166.008872] ? zap_class+0x740/0x740 [ 166.012599] ? __check_object_size+0xa3/0x5d7 [ 166.017104] ? lock_acquire+0x1e4/0x540 [ 166.021175] ? get_pid_task+0xd8/0x1a0 [ 166.025072] ? perf_trace_lock+0xde/0x920 [ 166.029318] ? lock_release+0xa30/0xa30 [ 166.033303] ? zap_class+0x740/0x740 [ 166.037033] ? vmf_insert_mixed_mkwrite+0xa0/0xa0 [ 166.041887] ? __f_unlock_pos+0x19/0x20 [ 166.045871] ? lock_downgrade+0x8f0/0x8f0 [ 166.050030] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 166.055577] ? proc_fail_nth_write+0x9e/0x210 [ 166.060086] ? lock_acquire+0x1e4/0x540 [ 166.064072] _do_fork+0x291/0x12a0 [ 166.067619] ? fork_idle+0x1a0/0x1a0 [ 166.071343] ? fsnotify_first_mark+0x350/0x350 [ 166.075930] ? fsnotify+0x14e0/0x14e0 [ 166.079742] ? __sb_end_write+0xac/0xe0 [ 166.083829] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 166.089371] ? fput+0x130/0x1a0 [ 166.092658] ? ksys_write+0x1ae/0x260 [ 166.096465] ? __ia32_sys_read+0xb0/0xb0 [ 166.100533] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 166.106084] __x64_sys_clone+0xbf/0x150 [ 166.110071] do_syscall_64+0x1b9/0x820 [ 166.113963] ? finish_task_switch+0x1d3/0x870 [ 166.118467] ? syscall_return_slowpath+0x5e0/0x5e0 [ 166.123403] ? syscall_return_slowpath+0x31d/0x5e0 [ 166.128343] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 166.133366] ? prepare_exit_to_usermode+0x291/0x3b0 [ 166.138391] ? perf_trace_sys_enter+0xb10/0xb10 [ 166.143158] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 166.148021] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 166.153214] RIP: 0033:0x455ab9 09:51:38 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x20000000, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) 09:51:39 executing program 3: socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000a8eff8)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$sock_int(r1, 0x1, 0x7, &(0x7f0000ac5000), 0x4) sendmmsg$unix(r1, &(0x7f00000bd000), 0x80, 0x0) r2 = memfd_create(&(0x7f0000000080)='dev ', 0x3) write(r2, &(0x7f0000000040)="16", 0x1) sendfile(r1, r2, &(0x7f0000000000), 0xffff) fcntl$addseals(r2, 0x409, 0x8) futex(&(0x7f00000000c0), 0x0, 0x0, &(0x7f0000000100)={0x0, 0x1c9c380}, &(0x7f00000001c0), 0x0) lseek(r2, 0x0, 0x3) close(r0) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x0, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) [ 166.156411] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 166.169000] FAT-fs (loop7): bogus number of reserved sectors [ 166.175701] RSP: 002b:00007fc93da34c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 166.175718] RAX: ffffffffffffffda RBX: 00007fc93da356d4 RCX: 0000000000455ab9 [ 166.175726] RDX: 0000000020000240 RSI: 0000000020000140 RDI: 0000000000004000 [ 166.175734] RBP: 000000000072bea0 R08: 00000000200002c0 R09: 0000000000000000 09:51:39 executing program 2: mkdir(&(0x7f00000003c0)='./control\x00', 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000480)={0xaa}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000200)={{&(0x7f0000011000/0x3000)=nil, 0x3000}}) r1 = creat(&(0x7f0000000040)='./control/file0\x00', 0x0) write$sndseq(r1, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) mkdir(&(0x7f0000000100)='./file0\x00', 0x0) r2 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000140)='/dev/dsp\x00', 0x0, 0x0) pwrite64(r1, &(0x7f0000000080), 0x0, 0x0) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='9p\x00', 0x0, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c}) close(r0) [ 166.175741] R10: 0000000020000280 R11: 0000000000000246 R12: 0000000000000014 [ 166.175749] R13: 00000000004bb85d R14: 00000000004c8d28 R15: 000000000000000c [ 166.225911] FAT-fs (loop7): Can't find a valid FAT filesystem 09:51:39 executing program 4 (fault-call:1 fault-nth:13): perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x4000, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) [ 166.337053] FAULT_INJECTION: forcing a failure. [ 166.337053] name failslab, interval 1, probability 0, space 0, times 0 [ 166.348420] CPU: 1 PID: 9859 Comm: syz-executor4 Not tainted 4.18.0-rc5-next-20180720+ #12 [ 166.356850] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 166.366211] Call Trace: [ 166.368819] dump_stack+0x1c9/0x2b4 [ 166.372462] ? dump_stack_print_info.cold.2+0x52/0x52 [ 166.377701] ? perf_trace_lock+0xde/0x920 [ 166.381869] should_fail.cold.4+0xa/0x11 [ 166.386211] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 166.391363] ? trace_hardirqs_on+0x10/0x10 [ 166.395613] ? rcu_cleanup_dead_rnp+0x200/0x200 [ 166.400299] ? perf_trace_lock+0xde/0x920 [ 166.404463] ? trace_hardirqs_on+0x10/0x10 [ 166.408710] ? zap_class+0x740/0x740 [ 166.412432] ? lock_downgrade+0x8f0/0x8f0 [ 166.416620] ? __lockdep_init_map+0x105/0x590 [ 166.421136] ? lock_acquire+0x1e4/0x540 [ 166.425128] ? fs_reclaim_acquire+0x20/0x20 [ 166.429462] ? lock_downgrade+0x8f0/0x8f0 [ 166.433623] ? pgd_alloc+0x2e1/0x3f0 [ 166.437347] ? check_same_owner+0x340/0x340 [ 166.441684] ? rcu_note_context_switch+0x730/0x730 [ 166.446651] __should_failslab+0x124/0x180 [ 166.450903] should_failslab+0x9/0x14 [ 166.454714] kmem_cache_alloc+0x2af/0x760 [ 166.458878] ? lock_acquire+0x1e4/0x540 [ 166.462871] __khugepaged_enter+0xbe/0x5e0 [ 166.467122] ? khugepaged+0xce0/0xce0 [ 166.470930] ? get_mm_exe_file+0x3a9/0x5c0 [ 166.475183] ? percpu_up_read_preempt_enable.constprop.45+0xc0/0xc0 [ 166.481607] ? down_write_nested+0x93/0x130 [ 166.485939] ? copy_process.part.41+0x25f5/0x73d0 [ 166.490792] ? _down_write_nest_lock+0x130/0x130 [ 166.495560] copy_process.part.41+0x5bff/0x73d0 [ 166.500249] ? zap_class+0x740/0x740 [ 166.504083] ? __cleanup_sighand+0x70/0x70 [ 166.508340] ? lock_release+0xa30/0xa30 [ 166.512342] ? xas_descend+0x20c/0x5f0 [ 166.516258] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 166.521292] ? check_pgprot+0xdf/0x180 [ 166.525189] ? put_page+0x280/0x280 [ 166.528833] ? kasan_check_write+0x14/0x20 [ 166.533107] ? alloc_set_pte+0xaf6/0x1790 [ 166.537289] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 166.542317] ? filemap_map_pages+0xca2/0x1990 [ 166.546830] ? trace_hardirqs_on+0x10/0x10 [ 166.551272] ? xa_set_tag+0x40/0x40 [ 166.554909] ? perf_trace_lock+0xde/0x920 [ 166.559065] ? trace_hardirqs_on+0x10/0x10 [ 166.563310] ? trace_hardirqs_on+0x10/0x10 [ 166.567561] ? trace_hardirqs_on+0x10/0x10 [ 166.572160] ? find_get_entries_tag+0x1410/0x1410 [ 166.577020] ? perf_trace_lock+0xde/0x920 [ 166.581873] ? zap_class+0x740/0x740 [ 166.585596] ? zap_class+0x740/0x740 [ 166.589317] ? zap_class+0x740/0x740 [ 166.593039] ? shrink_dcache_sb+0x350/0x350 [ 166.597373] ? perf_trace_lock+0xde/0x920 [ 166.601531] ? lock_acquire+0x1e4/0x540 [ 166.605517] ? __fdget_pos+0x1bb/0x200 [ 166.609420] ? zap_class+0x740/0x740 [ 166.613139] ? lock_release+0xa30/0xa30 [ 166.617123] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 166.622669] ? _parse_integer+0x13b/0x190 [ 166.626830] ? perf_trace_lock+0xde/0x920 [ 166.631014] ? _kstrtoull+0x188/0x250 [ 166.634835] ? _parse_integer+0x190/0x190 [ 166.639004] ? zap_class+0x740/0x740 [ 166.642730] ? __check_object_size+0xa3/0x5d7 [ 166.647242] ? lock_acquire+0x1e4/0x540 [ 166.651228] ? get_pid_task+0xd8/0x1a0 [ 166.655127] ? perf_trace_lock+0xde/0x920 [ 166.659487] ? lock_release+0xa30/0xa30 [ 166.663470] ? zap_class+0x740/0x740 [ 166.667196] ? vmf_insert_mixed_mkwrite+0xa0/0xa0 [ 166.672070] ? __f_unlock_pos+0x19/0x20 [ 166.676050] ? lock_downgrade+0x8f0/0x8f0 [ 166.680226] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 166.685773] ? proc_fail_nth_write+0x9e/0x210 [ 166.690276] ? lock_acquire+0x1e4/0x540 [ 166.694265] _do_fork+0x291/0x12a0 [ 166.697816] ? fork_idle+0x1a0/0x1a0 [ 166.701578] ? fsnotify_first_mark+0x350/0x350 [ 166.706268] ? fsnotify+0x14e0/0x14e0 [ 166.710087] ? __sb_end_write+0xac/0xe0 [ 166.714079] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 166.719626] ? fput+0x130/0x1a0 [ 166.722917] ? ksys_write+0x1ae/0x260 [ 166.726731] ? __ia32_sys_read+0xb0/0xb0 [ 166.730785] ? syscall_slow_exit_work+0x500/0x500 [ 166.735635] __x64_sys_clone+0xbf/0x150 [ 166.739609] do_syscall_64+0x1b9/0x820 [ 166.743501] ? finish_task_switch+0x1d3/0x870 [ 166.748002] ? syscall_return_slowpath+0x5e0/0x5e0 [ 166.752933] ? syscall_return_slowpath+0x31d/0x5e0 [ 166.757856] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 166.762864] ? prepare_exit_to_usermode+0x291/0x3b0 [ 166.767877] ? perf_trace_sys_enter+0xb10/0xb10 [ 166.772713] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 166.777553] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 166.782943] RIP: 0033:0x455ab9 [ 166.786119] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 166.805294] RSP: 002b:00007fc93da34c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 166.813006] RAX: ffffffffffffffda RBX: 00007fc93da356d4 RCX: 0000000000455ab9 [ 166.820278] RDX: 0000000020000240 RSI: 0000000020000140 RDI: 0000000000004000 [ 166.827547] RBP: 000000000072bea0 R08: 00000000200002c0 R09: 0000000000000000 09:51:39 executing program 7: syz_mount_image$vfat(&(0x7f0000000140)='vfat\x00', &(0x7f0000000100)='./file0\x00', 0x10001, 0x1, &(0x7f0000000040)=[{&(0x7f0000010000)}], 0x0, &(0x7f0000000240)=ANY=[]) r0 = open(&(0x7f00000001c0)='./file0/file0\x00', 0x3bffa, 0x0) io_setup(0x7, &(0x7f0000000000)=0x0) write$binfmt_elf32(r0, &(0x7f0000000180)=ANY=[@ANYRES64], 0xfffffe45) io_submit(r1, 0x1, &(0x7f0000000400)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r0, &(0x7f00000002c0)="80", 0x1}]) 09:51:39 executing program 6: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x0, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f00000000c0)=0x0) perf_event_open(&(0x7f0000000040)={0x3, 0x70, 0x9, 0xfffffffffffffffa, 0x9, 0x5, 0x0, 0x7, 0x80008, 0x1, 0x7, 0x4, 0x7, 0x2f7, 0x1, 0x3, 0xfffffffffffffffc, 0x9, 0x200, 0x7, 0x8, 0x1, 0x5, 0x6, 0x1, 0x1, 0x100000000, 0x101, 0xffffffffffff0001, 0x0, 0x20, 0x664, 0x10001, 0x9, 0x6, 0x6, 0x8, 0x3b41, 0x0, 0xba, 0x0, @perf_config_ext={0x7, 0xffff}, 0x10000, 0x2, 0x7, 0x6, 0x7ff, 0x3, 0x10001}, r0, 0x2, 0xffffffffffffffff, 0xa) 09:51:39 executing program 5: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x0, &(0x7f0000000000)=0x78, 0x4) bind$inet(r1, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1=0xe0000001}, 0x10) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f00000000c0)={0x1, &(0x7f0000f40ff8)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000040)='dctcp\x00', 0x7fff) sendto$inet(r1, &(0x7f0000a88f88), 0xfffffffffffffe6e, 0x20000000, &(0x7f0000e68000)={0x2, 0x4004e23, @local={0xac, 0x14, 0x14, 0xaa}}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000001800)='nv\x00', 0x3) shutdown(r1, 0x1) [ 166.834828] R10: 0000000020000280 R11: 0000000000000246 R12: 0000000000000014 [ 166.842099] R13: 00000000004bb85d R14: 00000000004c8d28 R15: 000000000000000d 09:51:39 executing program 0: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f76") r1 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x80000000000002, &(0x7f0000000000)=0x78, 0x4) bind$inet(r1, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1=0xe0000001}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000040)='dctcp\x00', 0x7fff) sendto$inet(r1, &(0x7f0000a88f88), 0xfffffffffffffe6e, 0x20000000, &(0x7f0000e68000)={0x2, 0x4004e23, @local={0xac, 0x14, 0x14, 0xaa}}, 0x10) shutdown(r1, 0x1) 09:51:39 executing program 1: r0 = memfd_create(&(0x7f0000000100)="885d292b00", 0x0) syz_mount_image$vfat(&(0x7f0000000140)='vfat\x00', &(0x7f0000000180)='./file0\x00', 0x80000000, 0x3, &(0x7f0000000400)=[{&(0x7f00000001c0)="a7eae07775d735bea35d49426ee0d31c8047109db37df9cc1e974449da7f80f253e5f977b2c00970ee44f46dd4781d6b3fd6a33c74bdea28e600dfee18edc392b10df84204039ee5eef3482d0b44832409a9cf9da32ae0268745943902afe22d9b5d10411d348f42c489f0a3703f39562786d2141222981c6a9616c641209fe3f94c4b706ab2886d0f15e9116fe056b98c446eff4cc37e77a1031f5aafd9fa77ef56b94cf0ea93658d5e884ad0642f971f7c99aa88007da2beec6fdfb9f3ae19459c2c55714b17e3d59e85b8fdc2627a7b1a172284b9226a4c4d66aad127126d2788ddcbc0ace1f358a2e4a9b94a5ae4d6b6b385", 0xf4, 0x1}, {&(0x7f00000002c0)="9c2d2ed03d54cd5c5071f0f7864c019a08a06053eb409cf3fb4a3972952ba67f93493ba62d4b33857a79632dc4082db086ae653a59d0259d6aba156099cd230bbaf4894545320f8f1111b29ec1d130a137bc14505c27e26209ea82bc221199c368bf8d57c87413d8783c366e71befcdec76bd699092c8252a8678dcbb10336d1ba9b38c43dcdb43b", 0x88, 0x100}, {&(0x7f0000000380)="f74da8bdf75eedc36595624eadb697227074e1e13dcb5f5278b00196066895317ebf0f9ed9138935806963e386e268480555f9d03b7e2b56421ed8e00b264a6b092c282e5397509dd56a4e0d947b20c10e171616", 0x54, 0x3}], 0x10000, &(0x7f0000000480)={[{@nonumtail='nnonumtail=1', 0x2c}, {@utf8no='utf8=0', 0x2c}]}) write(r0, &(0x7f0000000080)="a8", 0x1) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x11, r0, 0x0) sendfile(r0, r0, &(0x7f0000000040), 0xff8) ioctl$LOOP_SET_STATUS(r0, 0x4c02, &(0x7f00000004c0)={0x0, 0x0, 0x0, 0x0, 0x4, 0x7, 0x0, 0x1, "4ed0d5f13d9188340d679c8e6217e1c26e80318dfdaa252582632a1f9d87e5e7ff8684daefab039e2a53b4c561bd5faec0db78b35566ee65a441f0369578028c", "3519d630b732e95e121bbe48c19bf7d209d2dd440311c3da7fc1b87ac66fe205", [0x57934a58, 0x5]}) renameat(0xffffffffffffffff, &(0x7f0000000000)='.\x00', 0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00') 09:51:39 executing program 2: mkdir(&(0x7f00000003c0)='./control\x00', 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000480)={0xaa}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000200)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = creat(&(0x7f0000000040)='./control/file0\x00', 0x0) write$sndseq(0xffffffffffffffff, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) mkdir(&(0x7f0000000100)='./file0\x00', 0x0) r2 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000140)='/dev/dsp\x00', 0x0, 0x0) pwrite64(r1, &(0x7f0000000080), 0x0, 0x0) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='9p\x00', 0x0, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c}) close(r0) 09:51:39 executing program 4 (fault-call:1 fault-nth:14): perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x4000, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) [ 166.911680] FAULT_INJECTION: forcing a failure. [ 166.911680] name failslab, interval 1, probability 0, space 0, times 0 [ 166.922991] CPU: 1 PID: 9871 Comm: syz-executor4 Not tainted 4.18.0-rc5-next-20180720+ #12 [ 166.931404] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 166.940767] Call Trace: [ 166.943376] dump_stack+0x1c9/0x2b4 [ 166.947018] ? dump_stack_print_info.cold.2+0x52/0x52 [ 166.952227] ? perf_trace_lock+0xde/0x920 [ 166.956398] should_fail.cold.4+0xa/0x11 09:51:39 executing program 6: r0 = perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x0, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) ioctl$sock_inet_SIOCDARP(r0, 0x8953, &(0x7f00000000c0)={{0x2, 0x4e20, @local={0xac, 0x14, 0x14, 0xaa}}, {0x0, @dev={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0x11}}, 0x4, {0x2, 0x4e21, @local={0xac, 0x14, 0x14, 0xaa}}, 'ip6tnl0\x00'}) r1 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vcs\x00', 0x40, 0x0) setsockopt$inet_udp_encap(r1, 0x11, 0x64, &(0x7f0000000080)=0x4, 0x4) [ 166.960476] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 166.965589] ? fs_reclaim_acquire+0x20/0x20 [ 166.969921] ? lock_downgrade+0x8f0/0x8f0 [ 166.974081] ? lock_acquire+0x1e4/0x540 [ 166.978064] ? __khugepaged_enter+0x413/0x5e0 [ 166.982568] ? lock_downgrade+0x8f0/0x8f0 [ 166.986730] ? kasan_check_read+0x11/0x20 [ 166.990893] ? do_raw_spin_unlock+0xa7/0x2f0 [ 166.995316] ? lock_acquire+0x1e4/0x540 [ 166.999277] ? fs_reclaim_acquire+0x20/0x20 [ 167.003589] ? lock_downgrade+0x8f0/0x8f0 [ 167.007737] ? check_same_owner+0x340/0x340 [ 167.012047] ? rcu_note_context_switch+0x730/0x730 [ 167.016980] ? percpu_up_read_preempt_enable.constprop.45+0xc0/0xc0 [ 167.023378] __should_failslab+0x124/0x180 [ 167.028253] should_failslab+0x9/0x14 [ 167.032053] kmem_cache_alloc+0x2af/0x760 [ 167.036194] ? _down_write_nest_lock+0x130/0x130 [ 167.040962] copy_process.part.41+0x2f81/0x73d0 [ 167.045642] ? zap_class+0x740/0x740 [ 167.049352] ? __cleanup_sighand+0x70/0x70 [ 167.053578] ? lock_release+0xa30/0xa30 [ 167.057539] ? xas_descend+0x20c/0x5f0 [ 167.061415] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 167.066426] ? check_pgprot+0xdf/0x180 [ 167.070304] ? put_page+0x280/0x280 [ 167.073939] ? kasan_check_write+0x14/0x20 [ 167.078191] ? alloc_set_pte+0xaf6/0x1790 [ 167.082356] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 167.087367] ? filemap_map_pages+0xca2/0x1990 [ 167.091855] ? trace_hardirqs_on+0x10/0x10 [ 167.096352] ? xa_set_tag+0x40/0x40 [ 167.099971] ? perf_trace_lock+0xde/0x920 [ 167.104120] ? trace_hardirqs_on+0x10/0x10 [ 167.108351] ? trace_hardirqs_on+0x10/0x10 [ 167.112576] ? trace_hardirqs_on+0x10/0x10 [ 167.116805] ? find_get_entries_tag+0x1410/0x1410 [ 167.121653] ? perf_trace_lock+0xde/0x920 [ 167.125801] ? zap_class+0x740/0x740 [ 167.129515] ? zap_class+0x740/0x740 [ 167.133220] ? zap_class+0x740/0x740 [ 167.136924] ? shrink_dcache_sb+0x350/0x350 [ 167.141233] ? perf_trace_lock+0xde/0x920 [ 167.145369] ? lock_acquire+0x1e4/0x540 [ 167.149351] ? __fdget_pos+0x1bb/0x200 [ 167.153226] ? zap_class+0x740/0x740 [ 167.156928] ? lock_release+0xa30/0xa30 [ 167.160893] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 167.166416] ? _parse_integer+0x13b/0x190 [ 167.170553] ? perf_trace_lock+0xde/0x920 [ 167.174699] ? _kstrtoull+0x188/0x250 [ 167.178489] ? _parse_integer+0x190/0x190 [ 167.182622] ? zap_class+0x740/0x740 [ 167.186326] ? __check_object_size+0xa3/0x5d7 [ 167.190823] ? lock_acquire+0x1e4/0x540 [ 167.194797] ? get_pid_task+0xd8/0x1a0 [ 167.198672] ? perf_trace_lock+0xde/0x920 [ 167.202805] ? lock_release+0xa30/0xa30 [ 167.206765] ? zap_class+0x740/0x740 [ 167.210467] ? vmf_insert_mixed_mkwrite+0xa0/0xa0 [ 167.215296] ? __f_unlock_pos+0x19/0x20 [ 167.219258] ? lock_downgrade+0x8f0/0x8f0 [ 167.223394] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 167.228922] ? proc_fail_nth_write+0x9e/0x210 [ 167.233406] ? lock_acquire+0x1e4/0x540 [ 167.237378] _do_fork+0x291/0x12a0 [ 167.240918] ? fork_idle+0x1a0/0x1a0 [ 167.244618] ? fsnotify_first_mark+0x350/0x350 [ 167.249184] ? fsnotify+0x14e0/0x14e0 [ 167.252979] ? __sb_end_write+0xac/0xe0 [ 167.256955] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 167.262496] ? fput+0x130/0x1a0 [ 167.265775] ? ksys_write+0x1ae/0x260 [ 167.269576] ? __ia32_sys_read+0xb0/0xb0 [ 167.273637] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 167.279167] __x64_sys_clone+0xbf/0x150 [ 167.283130] do_syscall_64+0x1b9/0x820 [ 167.287000] ? finish_task_switch+0x1d3/0x870 [ 167.291500] ? syscall_return_slowpath+0x5e0/0x5e0 [ 167.296417] ? syscall_return_slowpath+0x31d/0x5e0 [ 167.301336] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 167.306344] ? prepare_exit_to_usermode+0x291/0x3b0 [ 167.311351] ? perf_trace_sys_enter+0xb10/0xb10 [ 167.316008] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 167.320856] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 167.326032] RIP: 0033:0x455ab9 [ 167.329205] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 167.348409] RSP: 002b:00007fc93da34c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 167.356105] RAX: ffffffffffffffda RBX: 00007fc93da356d4 RCX: 0000000000455ab9 [ 167.363362] RDX: 0000000020000240 RSI: 0000000020000140 RDI: 0000000000004000 [ 167.370621] RBP: 000000000072bea0 R08: 00000000200002c0 R09: 0000000000000000 [ 167.377877] R10: 0000000020000280 R11: 0000000000000246 R12: 0000000000000014 [ 167.385141] R13: 00000000004bb85d R14: 00000000004c8d28 R15: 000000000000000e [ 167.410463] FAT-fs (loop1): Unrecognized mount option "nnonumtail=1" or missing value 09:51:40 executing program 2: mkdir(&(0x7f00000003c0)='./control\x00', 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000480)={0xaa}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000200)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = creat(&(0x7f0000000040)='./control/file0\x00', 0x0) write$sndseq(0xffffffffffffffff, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) mkdir(&(0x7f0000000100)='./file0\x00', 0x0) r2 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000140)='/dev/dsp\x00', 0x0, 0x0) pwrite64(r1, &(0x7f0000000080), 0x0, 0x0) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='9p\x00', 0x0, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c}) close(r0) 09:51:40 executing program 4 (fault-call:1 fault-nth:15): perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x4000, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) [ 167.470417] FAT-fs (loop7): bogus number of reserved sectors [ 167.476390] FAT-fs (loop7): Can't find a valid FAT filesystem [ 167.546785] FAULT_INJECTION: forcing a failure. [ 167.546785] name failslab, interval 1, probability 0, space 0, times 0 [ 167.558244] CPU: 0 PID: 9908 Comm: syz-executor4 Not tainted 4.18.0-rc5-next-20180720+ #12 [ 167.566667] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 167.576044] Call Trace: [ 167.578657] dump_stack+0x1c9/0x2b4 [ 167.582316] ? dump_stack_print_info.cold.2+0x52/0x52 [ 167.587530] ? perf_trace_lock+0x49d/0x920 [ 167.591796] should_fail.cold.4+0xa/0x11 [ 167.595886] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 167.601013] ? kasan_kmalloc+0xc4/0xe0 [ 167.604913] ? kasan_slab_alloc+0x12/0x20 [ 167.609080] ? _do_fork+0x291/0x12a0 [ 167.612810] ? __x64_sys_clone+0xbf/0x150 [ 167.616975] ? do_syscall_64+0x1b9/0x820 [ 167.621059] ? percpu_counter_add_batch+0xf2/0x150 [ 167.626016] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 167.631044] ? __vm_enough_memory+0x590/0x980 [ 167.635566] ? lock_acquire+0x1e4/0x540 [ 167.639558] ? fs_reclaim_acquire+0x20/0x20 [ 167.643894] ? lock_downgrade+0x8f0/0x8f0 [ 167.648056] ? lock_downgrade+0x8f0/0x8f0 [ 167.652235] ? check_same_owner+0x340/0x340 [ 167.656582] ? rcu_note_context_switch+0x730/0x730 [ 167.661539] __should_failslab+0x124/0x180 [ 167.665792] should_failslab+0x9/0x14 [ 167.669605] kmem_cache_alloc+0x2af/0x760 [ 167.673778] ? security_vm_enough_memory_mm+0x9d/0xc0 [ 167.678987] copy_process.part.41+0x2f81/0x73d0 [ 167.683719] ? __cleanup_sighand+0x70/0x70 [ 167.687979] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 167.693534] ? perf_tp_event+0x91b/0xc40 [ 167.697612] ? xas_descend+0x20c/0x5f0 [ 167.701529] ? perf_swevent_event+0x2e0/0x2e0 [ 167.706056] ? perf_swevent_event+0x158/0x2e0 [ 167.710571] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 167.716119] ? perf_tp_event+0x91b/0xc40 [ 167.720190] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 167.725223] ? filemap_map_pages+0xca2/0x1990 [ 167.729739] ? perf_swevent_event+0x2e0/0x2e0 [ 167.734255] ? perf_trace_run_bpf_submit+0x269/0x3b0 [ 167.739385] ? perf_trace_run_bpf_submit+0x269/0x3b0 [ 167.744517] ? perf_tp_event+0xc40/0xc40 [ 167.748600] ? perf_trace_run_bpf_submit+0x269/0x3b0 [ 167.753721] ? perf_trace_run_bpf_submit+0x269/0x3b0 [ 167.758833] ? perf_trace_run_bpf_submit+0x270/0x3b0 [ 167.763960] ? perf_tp_event+0xc40/0xc40 [ 167.768034] ? zap_class+0x740/0x740 [ 167.771767] ? perf_trace_run_bpf_submit+0x269/0x3b0 [ 167.776891] ? perf_trace_run_bpf_submit+0x269/0x3b0 [ 167.782011] ? perf_trace_run_bpf_submit+0x270/0x3b0 [ 167.787137] ? perf_tp_event+0xc40/0xc40 [ 167.791219] ? zap_class+0x740/0x740 [ 167.794947] ? memset+0x31/0x40 [ 167.798246] ? perf_trace_lock+0x49d/0x920 [ 167.802495] ? perf_trace_run_bpf_submit+0x269/0x3b0 [ 167.807621] ? zap_class+0x740/0x740 [ 167.811354] ? __check_object_size+0xa3/0x5d7 [ 167.815874] ? memset+0x31/0x40 [ 167.819186] ? zap_class+0x740/0x740 [ 167.822927] ? __f_unlock_pos+0x19/0x20 [ 167.826913] ? lock_downgrade+0x8f0/0x8f0 [ 167.831064] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 167.836596] ? proc_fail_nth_write+0x9e/0x210 [ 167.841089] ? lock_acquire+0x1e4/0x540 [ 167.845068] _do_fork+0x291/0x12a0 [ 167.848602] ? fork_idle+0x1a0/0x1a0 [ 167.852325] ? fsnotify_first_mark+0x350/0x350 [ 167.856896] ? fsnotify+0x14e0/0x14e0 [ 167.860718] ? __sb_end_write+0xac/0xe0 [ 167.864695] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 167.871995] ? fput+0x130/0x1a0 [ 167.875289] ? ksys_write+0x1ae/0x260 [ 167.879106] ? __ia32_sys_read+0xb0/0xb0 [ 167.883189] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 167.888733] __x64_sys_clone+0xbf/0x150 [ 167.892717] do_syscall_64+0x1b9/0x820 09:51:40 executing program 5: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x0, &(0x7f0000000000)=0x78, 0x4) bind$inet(r1, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1=0xe0000001}, 0x10) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f00000000c0)={0x1, &(0x7f0000f40ff8)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000040)='dctcp\x00', 0x7fff) sendto$inet(r1, &(0x7f0000a88f88), 0xfffffffffffffe6e, 0x20000000, &(0x7f0000e68000)={0x2, 0x4004e23, @local={0xac, 0x14, 0x14, 0xaa}}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000001800)='nv\x00', 0x3) shutdown(r1, 0x1) 09:51:40 executing program 1: r0 = memfd_create(&(0x7f0000000100)="885d292b00", 0x0) write(r0, &(0x7f0000000080)="a0", 0xfffffffffffffff5) accept4$alg(r0, 0x0, 0x0, 0x800) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x8, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="02be1de10c7e386840dbef8ddc4427000000000000002d2c13d8ce49f085e2f593ef14cd0800000000"], 0x56, 0x0, &(0x7f0000000180)="307ca358770cb5d36b550654420f3a6c4fa96ce506699901349baadf507bb9650547742fef1cdae2bc8eae296a816ef2cb747199779e9ef2264a6c59eb759432266304fd6b554070fc75bc61314b4dc7114ce39c0d3f"}) sendfile(r0, r0, &(0x7f0000000040), 0xff8) renameat(r0, &(0x7f0000000000)='.\x00', r0, &(0x7f00000002c0)='./file0\x00') [ 167.896602] ? finish_task_switch+0x1d3/0x870 [ 167.901089] ? syscall_return_slowpath+0x5e0/0x5e0 [ 167.906022] ? syscall_return_slowpath+0x31d/0x5e0 [ 167.910971] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 167.916007] ? prepare_exit_to_usermode+0x291/0x3b0 [ 167.921043] ? perf_trace_sys_enter+0xb10/0xb10 [ 167.925726] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 167.930597] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 167.935795] RIP: 0033:0x455ab9 [ 167.939020] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 167.958571] RSP: 002b:00007fc93da34c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 167.966306] RAX: ffffffffffffffda RBX: 00007fc93da356d4 RCX: 0000000000455ab9 [ 167.973587] RDX: 0000000020000240 RSI: 0000000020000140 RDI: 0000000000004000 [ 167.980869] RBP: 000000000072bea0 R08: 00000000200002c0 R09: 0000000000000000 [ 167.988151] R10: 0000000020000280 R11: 0000000000000246 R12: 0000000000000014 09:51:40 executing program 1: r0 = syz_open_dev$dmmidi(&(0x7f0000000140)='/dev/dmmidi#\x00', 0x7f, 0x400) mmap$binder(&(0x7f0000000000/0x1000)=nil, 0x1000, 0xc, 0x4031, r0, 0x0) r1 = memfd_create(&(0x7f0000000100)="885d292b00", 0x0) write(r1, &(0x7f0000000080)="a8", 0x1) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x11, r1, 0x0) sendfile(r1, r1, &(0x7f0000000040), 0xff8) renameat(0xffffffffffffffff, &(0x7f0000000000)='.\x00', 0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00') [ 167.995434] R13: 00000000004bb85d R14: 00000000004c8d28 R15: 000000000000000f 09:51:41 executing program 2: mkdir(&(0x7f00000003c0)='./control\x00', 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000480)={0xaa}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000200)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = creat(&(0x7f0000000040)='./control/file0\x00', 0x0) write$sndseq(0xffffffffffffffff, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) mkdir(&(0x7f0000000100)='./file0\x00', 0x0) r2 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000140)='/dev/dsp\x00', 0x0, 0x0) pwrite64(r1, &(0x7f0000000080), 0x0, 0x0) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='9p\x00', 0x0, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c}) close(r0) 09:51:41 executing program 0: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f76") r1 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x80000000000002, &(0x7f0000000000)=0x78, 0x4) bind$inet(r1, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1=0xe0000001}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000040)='dctcp\x00', 0x7fff) sendto$inet(r1, &(0x7f0000a88f88), 0xfffffffffffffe6e, 0x20000000, &(0x7f0000e68000)={0x2, 0x4004e23, @local={0xac, 0x14, 0x14, 0xaa}}, 0x10) shutdown(r1, 0x1) 09:51:41 executing program 4 (fault-call:1 fault-nth:16): perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x4000, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) 09:51:41 executing program 3: clone(0x0, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) pipe2(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x84800) getsockopt$kcm_KCM_RECV_DISABLE(r0, 0x119, 0x1, &(0x7f00000000c0), 0xbc) 09:51:41 executing program 7: syz_mount_image$vfat(&(0x7f0000000140)='vfat\x00', &(0x7f0000000100)='./file0\x00', 0x10001, 0x1, &(0x7f0000000040)=[{&(0x7f0000010000)="eb64c86d6b66732e666174", 0xb}], 0x0, &(0x7f0000000240)=ANY=[]) r0 = open(&(0x7f00000001c0)='./file0/file0\x00', 0x3bffa, 0x0) io_setup(0x7, &(0x7f0000000000)=0x0) write$binfmt_elf32(r0, &(0x7f0000000180)=ANY=[@ANYRES64], 0xfffffe45) io_submit(r1, 0x1, &(0x7f0000000400)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r0, &(0x7f00000002c0)="80", 0x1}]) 09:51:41 executing program 6: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040)='/dev/uinput\x00', 0x1, 0x0) ioctl$SNDRV_SEQ_IOCTL_UNSUBSCRIBE_PORT(r0, 0x40505331, &(0x7f0000000080)={{0x1}, {0x20, 0x7f}, 0x5, 0x4, 0x5}) clone(0x0, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) [ 168.195452] FAULT_INJECTION: forcing a failure. [ 168.195452] name failslab, interval 1, probability 0, space 0, times 0 [ 168.206852] CPU: 1 PID: 9936 Comm: syz-executor4 Not tainted 4.18.0-rc5-next-20180720+ #12 [ 168.215256] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 168.224611] Call Trace: [ 168.227210] dump_stack+0x1c9/0x2b4 [ 168.230906] ? dump_stack_print_info.cold.2+0x52/0x52 [ 168.236109] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 168.241139] should_fail.cold.4+0xa/0x11 09:51:41 executing program 6: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x0, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) recvmmsg(0xffffffffffffffff, &(0x7f00000029c0)=[{{&(0x7f0000000040)=@pptp={0x0, 0x0, {0x0, @broadcast}}, 0x80, &(0x7f0000000140)=[{&(0x7f00000000c0)=""/75, 0x4b}, {&(0x7f00000002c0)=""/242, 0xf2}], 0x2, &(0x7f00000003c0)=""/112, 0x70, 0x3}, 0xfffffffffffffff7}, {{&(0x7f0000000440)=@pppol2tpv3in6={0x0, 0x0, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, @loopback}}}, 0x80, &(0x7f0000002840)=[{&(0x7f00000004c0)=""/110, 0x6e}, {&(0x7f0000000540)=""/128, 0x80}, {&(0x7f00000005c0)=""/76, 0x4c}, {&(0x7f0000000200)=""/17, 0x11}, {&(0x7f0000000640)=""/4096, 0x1000}, {&(0x7f0000001640)=""/148, 0x94}, {&(0x7f0000001700)=""/4096, 0x1000}, {&(0x7f0000002700)=""/24, 0x18}, {&(0x7f0000002740)=""/246, 0xf6}], 0x9, &(0x7f0000002900)=""/155, 0x9b, 0x40000}, 0x6}], 0x2, 0x40, &(0x7f0000002a40)) bind$alg(r0, &(0x7f0000002a80)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_nopr_sha256\x00'}, 0x58) [ 168.245213] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 168.250325] ? lock_release+0xa30/0xa30 [ 168.254311] ? kasan_check_read+0x11/0x20 [ 168.258467] ? rcu_is_watching+0x8c/0x150 [ 168.262625] ? rcu_cleanup_dead_rnp+0x200/0x200 [ 168.267297] ? vma_interval_tree_augment_rotate+0x181/0x1e0 [ 168.273015] ? is_bpf_text_address+0xd7/0x170 [ 168.277517] ? kernel_text_address+0x79/0xf0 [ 168.281936] ? __kernel_text_address+0xd/0x40 [ 168.286442] ? unwind_get_return_address+0x61/0xa0 [ 168.291378] ? __save_stack_trace+0x8d/0xf0 [ 168.295705] ? save_stack+0xa9/0xd0 [ 168.299333] ? save_stack+0x43/0xd0 [ 168.302960] ? kasan_kmalloc+0xc4/0xe0 [ 168.306851] __should_failslab+0x124/0x180 [ 168.311085] should_failslab+0x9/0x14 [ 168.314894] kmem_cache_alloc+0x47/0x760 [ 168.318961] ? lock_acquire+0x1e4/0x540 [ 168.322943] ? percpu_ref_put_many+0x119/0x240 [ 168.327540] ? lock_downgrade+0x8f0/0x8f0 [ 168.331692] anon_vma_clone+0x140/0x740 [ 168.335676] ? fs_reclaim_acquire+0x20/0x20 [ 168.340007] ? unlink_anon_vmas+0xa60/0xa60 [ 168.344340] ? dup_userfaultfd+0x775/0x9a0 [ 168.348585] anon_vma_fork+0xf0/0x960 [ 168.352391] ? kasan_unpoison_shadow+0x35/0x50 [ 168.356982] ? anon_vma_clone+0x740/0x740 [ 168.361134] ? kasan_slab_alloc+0x12/0x20 [ 168.365291] ? kmem_cache_alloc+0x2fc/0x760 [ 168.369630] copy_process.part.41+0x6705/0x73d0 [ 168.374321] ? __cleanup_sighand+0x70/0x70 [ 168.378560] ? lock_release+0xa30/0xa30 [ 168.382547] ? xas_descend+0x20c/0x5f0 [ 168.386447] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 168.391468] ? check_pgprot+0xdf/0x180 09:51:41 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000040)='/dev/snapshot\x00', 0x40, 0x0) ioctl$LOOP_CTL_GET_FREE(r0, 0x4c82) clone(0x0, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) ioctl$KVM_GET_MSRS(r0, 0xc008ae88, &(0x7f0000000080)={0x7, 0x0, [{}, {}, {}, {}, {}, {}, {}]}) [ 168.395361] ? put_page+0x280/0x280 [ 168.398987] ? kasan_check_write+0x14/0x20 [ 168.403231] ? alloc_set_pte+0xaf6/0x1790 [ 168.407394] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 168.412422] ? filemap_map_pages+0xca2/0x1990 [ 168.416922] ? trace_hardirqs_on+0x10/0x10 [ 168.421166] ? xa_set_tag+0x40/0x40 [ 168.424792] ? perf_trace_lock+0xde/0x920 [ 168.428943] ? trace_hardirqs_on+0x10/0x10 [ 168.433187] ? trace_hardirqs_on+0x10/0x10 [ 168.437425] ? trace_hardirqs_on+0x10/0x10 [ 168.441668] ? find_get_entries_tag+0x1410/0x1410 09:51:41 executing program 6: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0xffffffffffffffff, &(0x7f0000000100), &(0x7f0000000040), &(0x7f00000002c0), &(0x7f0000000300)="bb7d9e2d7aaa0d12a30221d84a47688df352601ebdc9419631630b063cef1abac41e40e015d22b5becee24dcf17eabac22bcc9e84427ec004bce3a1ca2a38a1bea3690bd676a0ab01c5b9904682a66f8b80000000000000ffffb35f1436e0e342a8508be1b36a0b2c4e6aa6b41696e091c02e3d406f0b73b34c870bed4bd9d2bbc4a06682ba3165805055f44d0837bdb2322fbad566feaeeecc9869dbaed1eebbe0b20722701bdc623fc0fa2dcf28b30fe4d05004426baefcc1a5fec0da9c093fd7db9b7413f922efc8dcf182fa3f7c38e55da337ec045ca7f73ed50c18667a1e0a320d0d86bc2013d94afa9492c6069a7176169221d5e8cae281ee5d3483d8052838e0613d3b3ca3bccf8b6584d990b9100b962b132b33fbf25be1987151172869c6d75b58d31bc5b3f29c6d8b495dc77479369ecc2ec3ab1b9ea") 09:51:41 executing program 1: r0 = memfd_create(&(0x7f0000000100)="885d292b00", 0x0) write(r0, &(0x7f0000000080)="a8", 0x1) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x11, r0, 0x0) sendfile(r0, r0, &(0x7f0000000040)=0x5, 0xff8) renameat(0xffffffffffffffff, &(0x7f0000000000)='.\x00', 0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00') [ 168.446519] ? perf_trace_lock+0xde/0x920 [ 168.450668] ? zap_class+0x740/0x740 [ 168.454382] ? zap_class+0x740/0x740 [ 168.458094] ? zap_class+0x740/0x740 [ 168.461811] ? shrink_dcache_sb+0x350/0x350 [ 168.466139] ? perf_trace_lock+0xde/0x920 [ 168.470294] ? lock_acquire+0x1e4/0x540 [ 168.474267] ? __fdget_pos+0x1bb/0x200 [ 168.478163] ? zap_class+0x740/0x740 [ 168.481878] ? lock_release+0xa30/0xa30 [ 168.485860] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 168.491400] ? _parse_integer+0x13b/0x190 [ 168.495555] ? perf_trace_lock+0xde/0x920 [ 168.499709] ? _kstrtoull+0x188/0x250 [ 168.503514] ? _parse_integer+0x190/0x190 [ 168.507663] ? zap_class+0x740/0x740 [ 168.511385] ? __check_object_size+0xa3/0x5d7 [ 168.515892] ? lock_acquire+0x1e4/0x540 [ 168.519873] ? get_pid_task+0xd8/0x1a0 [ 168.523762] ? perf_trace_lock+0xde/0x920 [ 168.527914] ? lock_release+0xa30/0xa30 [ 168.531894] ? zap_class+0x740/0x740 [ 168.535614] ? vmf_insert_mixed_mkwrite+0xa0/0xa0 [ 168.540458] ? __f_unlock_pos+0x19/0x20 09:51:41 executing program 6: r0 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vga_arbiter\x00', 0x0, 0x0) write$RDMA_USER_CM_CMD_GET_EVENT(r0, &(0x7f0000000080)={0xc, 0x8, 0xfa00, {&(0x7f00000002c0)}}, 0x10) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x2, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x0, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) [ 168.544435] ? lock_downgrade+0x8f0/0x8f0 [ 168.548592] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 168.554136] ? proc_fail_nth_write+0x9e/0x210 [ 168.558639] ? lock_acquire+0x1e4/0x540 [ 168.562623] _do_fork+0x291/0x12a0 [ 168.566174] ? fork_idle+0x1a0/0x1a0 [ 168.569895] ? fsnotify_first_mark+0x350/0x350 [ 168.574486] ? fsnotify+0x14e0/0x14e0 [ 168.578297] ? __sb_end_write+0xac/0xe0 [ 168.582282] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 168.587823] ? fput+0x130/0x1a0 [ 168.591106] ? ksys_write+0x1ae/0x260 [ 168.594908] ? __ia32_sys_read+0xb0/0xb0 [ 168.599237] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 168.605217] __x64_sys_clone+0xbf/0x150 [ 168.609201] do_syscall_64+0x1b9/0x820 [ 168.613126] ? finish_task_switch+0x1d3/0x870 [ 168.617645] ? syscall_return_slowpath+0x5e0/0x5e0 [ 168.622683] ? syscall_return_slowpath+0x31d/0x5e0 [ 168.627627] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 168.632656] ? prepare_exit_to_usermode+0x291/0x3b0 [ 168.637677] ? perf_trace_sys_enter+0xb10/0xb10 [ 168.642372] ? trace_hardirqs_off_thunk+0x1a/0x1c 09:51:41 executing program 3: r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vcs\x00', 0x80000, 0x0) ioctl$SIOCSIFHWADDR(r0, 0x8924, &(0x7f00000000c0)={'\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}}) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) vmsplice(r0, &(0x7f0000000200)=[{&(0x7f00000002c0)="cec2822346df7f8b6cb8d71dd8b310b7b7cc2fbcac0dd4aca3f6b82c614169084437fc42db8e9277585643dde938c376a032af50dd9c9091a8d845643727ea4a26728300851ff51ce253babf111858815c3ee9a8b0a41cce9c044d4f40c2513f8356b91bdbd30e637c738e7e0dbeaf681847b62a22f59245476500b8beb09c2c514f47fa0f4af4f5353b1d97393000fa0962196d474f8e5e6e9670f77021d16f14cffbd677d9e4dd86eca95b52d048ed65f924dd7e52889bbdd9c9283dd6e92beffb7c6002dd8a120cf65bf799ae6b3cac0d6285eb197fb14e265a908a1d0f55ca", 0xe1}, {&(0x7f0000000100)="50efc3c105a6b5f500fcb7da63e5243567ffc50eec3a090410048181cfa4e2e9240a1f4614756d3b492cdacd5b12085bc1eef75717bab066638763dc14ae200242925373220ce3f3ab8fd1f60248ef78e8b3fe7a1ddbd6060f2bbf122e4c63443dfa2def26c0a70fe09b5ead2ce32c0b5b85b8b28fc389047906d73b", 0xffffffffffffff96}, {&(0x7f0000000080)="1af3024424e830c2bfda35d4f50331", 0xf}], 0x3, 0xa) clone(0x0, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) ioctl$PIO_FONTX(r0, 0x4b6c, &(0x7f00000003c0)="1d1ba76f5074e8b631e7ea186827f959c458b133b3965c123202c4db75c8e07dabb4a834074e5b0a253561b28b192573bc87b9ae48c7c1eaee37e0986f1747d2fe6c16350c1b5dd2310fb6b9c8c5f55d3a4c9778d2d3a9192af40e3ff107699415a7eba668c1939696e0d8700101c7e909894bfac7a6bd91dd9273f9c83a2e9e5d1a29ec3573d533fcf9612234c60d2bda3d6fece014a4031182ae5a7495ececbb") openat$tun(0xffffffffffffff9c, &(0x7f0000000480)='/dev/net/tun\x00', 0x101000, 0x0) [ 168.647238] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 168.652427] RIP: 0033:0x455ab9 [ 168.655610] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 168.674919] RSP: 002b:00007fc93da34c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 168.682721] RAX: ffffffffffffffda RBX: 00007fc93da356d4 RCX: 0000000000455ab9 [ 168.689996] RDX: 0000000020000240 RSI: 0000000020000140 RDI: 0000000000004000 09:51:41 executing program 6: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_sys\x00', 0x0, 0x0) ioctl$KVM_SET_LAPIC(r0, 0x4400ae8f, &(0x7f00000002c0)={"9ff60356e42dac1dcb1e46db2f99fafff4fbcaf44a138059caa237d00ae4888e5feb66f4debdc145c73ffee1acd8308f9622716b75def536a20e7773a56d4a81ffb6fb621af4fa924c52454435557db91e259e91970fb2f1629759b1cde7cdbf7eb89de9d857f8e9d0685d95b465e86165d7b4824ca16525696119b55cc6fdedeeb9b951d4b04d1e6c2f80a27dff95ed825e148efc40b6767ae702fe487501732d938118f2e1dc9177511cab28c0741786aa8becd2adde080d560f2394a817d97f51aadaab9059c6ee2dc8734878b6a5e1a64bf9051aeeadf2334cb5d9a5c8caf80e9e50e39d944798b70b8c4baec06948657e5353582d87ee16479feb63ac3f913fbdfccc3761b348bebb7b5a7dae090e1231d46986a0210ede56b2315e6a7d7bd01fedf0f869f043b98e0157a79e75ad4aaa721450e4c2038e62faf14eb4221ac621bf7075221cf192da91d2927af34292b3781bd13639247b4ed3134e8420b0e2b4f46bca8e73372c17cd9f1da954271f99410aa92f63abd2a6f1455eaf14c2ce7ecbe3b5c48283f61041d3429a452a6f0c3ddfdbc321d2376b4c9b3357e2868df014475ff2e82ab9a728bc62fd17849f191d8567976ac334ac5bd5ef9929ac6321d2803c99a0f44707c90dde93afba85def29ad6aa2829d3e0857204970ab333b271f4b87795cfdbaa965b60e4376f1f81d48052581d7affb7e00018662fd891959f15712ff3d9aa40e506a88764e603c0e75ddae775f83801baa801631f63c4aa3e8eecf3cbaea8825bc93770ceb18a494d791a8e3d27c91485868c2793352be06474dff4f4a178d6af4e5dda949c779ec0833ff22e7116ac88c5e5401aea45e898a5c7ef02586b577e6c0d4d781c7bd6fe07eb2359156ffc21b127ab08408d1377fecbeff7a3aab352c975ee4537333af3a9d8ec6791fa69b5ae1dc399fb25d12731da6d1073187ba1a219ec7508251e8724f9515480836b740f8a217bcf2288f2757e5168d320c961c1bd50fe0061e56d74e56203010efd638f0bcb826974d6b3a2e7f51758a9765e8507f11969c7c2afb1ab2ef17dd2d9f30c5dd311caf13773b65de4d06e96abe0a0742fecd9647e684cf37a3d49e8cdd58d1d8206b690dd6c77b7a1d5a3c0ac49325fa644c5aebdb0597c9ae6fffb5d5b00910168dc4fda2cea0e6226f43356603346f56ff8b47f33bda267e20ae918c113fb9d6cd359746af7e4f23aed2d92070574ee4f2d1b1a521e46e8fde0af1e88ddd68bc8483b68c6f671db6712a37153c8509c5853eaff27c7e38df38505a4a5a07e98080b58f2ab69ccf4ddfa6b8c3b472910062caf9dedf86714928bc2eb8eef263a9d57bc1a8a51b36c888097500a92b8de489b6863939ba5e2fd3a79110ec070d213cc7f2dc8223968e5f9114fd0a52a50f6f276b1b68e6508c84fc3f61291dcea78"}) write$binfmt_aout(r0, &(0x7f00000006c0)={{0xcc, 0x9, 0x0, 0x3a2, 0x1bd, 0x7fffffff, 0x44, 0xa2}, "a5ec96408d4ace1e6a9a5f836f9441d245df5aeb73eee83a0868935213d75aa83e121297a5620be7bf4da43c539289e1e185af03302628f7dfefe3d284334f7407bcd72f6b5bb5f3027b123480aa1876ea5bfa66f4a6f452218743fa4b144743b4e86a6dfee241579c3c9e56182ebb2175750c82f77db902313dc11ed6aee0615e8a9c85a7eecbdb84afb509460773d7a10fa1f9", [[], [], [], [], []]}, 0x5b4) r1 = openat$cgroup_subtree(r0, &(0x7f0000000080)='cgroup.subtree_control\x00', 0x2, 0x0) fcntl$getflags(r1, 0x401) ioctl$sock_inet_SIOCGIFDSTADDR(r0, 0x8917, &(0x7f00000000c0)={'ip_vti0\x00', {0x2, 0x4e22, @rand_addr=0x3}}) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x40000, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) [ 168.697276] RBP: 000000000072bea0 R08: 00000000200002c0 R09: 0000000000000000 [ 168.704551] R10: 0000000020000280 R11: 0000000000000246 R12: 0000000000000014 [ 168.711825] R13: 00000000004bb85d R14: 00000000004c8d28 R15: 0000000000000010 [ 168.730774] FAT-fs (loop7): bogus number of reserved sectors [ 168.736784] FAT-fs (loop7): Can't find a valid FAT filesystem 09:51:41 executing program 5: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x80000000000002, &(0x7f0000000000), 0x4) bind$inet(r1, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1=0xe0000001}, 0x10) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f00000000c0)={0x1, &(0x7f0000f40ff8)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000040)='dctcp\x00', 0x7fff) sendto$inet(r1, &(0x7f0000a88f88), 0xfffffffffffffe6e, 0x20000000, &(0x7f0000e68000)={0x2, 0x4004e23, @local={0xac, 0x14, 0x14, 0xaa}}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000001800)='nv\x00', 0x3) shutdown(r1, 0x1) 09:51:41 executing program 2: mkdir(&(0x7f00000003c0)='./control\x00', 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000480)={0xaa}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000200)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = creat(&(0x7f0000000040)='./control/file0\x00', 0x0) write$sndseq(r1, &(0x7f0000011fd2), 0x0) mkdir(&(0x7f0000000100)='./file0\x00', 0x0) r2 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000140)='/dev/dsp\x00', 0x0, 0x0) pwrite64(r1, &(0x7f0000000080), 0x0, 0x0) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='9p\x00', 0x0, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c}) close(r0) 09:51:41 executing program 4 (fault-call:1 fault-nth:17): perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x4000, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) 09:51:41 executing program 6: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x0, &(0x7f0000000040), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) [ 168.870911] FAULT_INJECTION: forcing a failure. [ 168.870911] name failslab, interval 1, probability 0, space 0, times 0 [ 168.882215] CPU: 1 PID: 9994 Comm: syz-executor4 Not tainted 4.18.0-rc5-next-20180720+ #12 [ 168.890622] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 168.900066] Call Trace: [ 168.902665] dump_stack+0x1c9/0x2b4 [ 168.906319] ? dump_stack_print_info.cold.2+0x52/0x52 [ 168.911524] ? __kernel_text_address+0xd/0x40 [ 168.916043] ? unwind_get_return_address+0x61/0xa0 [ 168.920995] should_fail.cold.4+0xa/0x11 [ 168.925076] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 168.930220] ? save_stack+0xa9/0xd0 [ 168.933863] ? kasan_kmalloc+0xc4/0xe0 [ 168.937768] ? kasan_slab_alloc+0x12/0x20 [ 168.941931] ? kmem_cache_alloc+0x12e/0x760 [ 168.946273] ? anon_vma_clone+0x140/0x740 [ 168.950438] ? anon_vma_fork+0xf0/0x960 [ 168.954437] ? copy_process.part.41+0x6705/0x73d0 [ 168.959377] ? _do_fork+0x291/0x12a0 [ 168.963101] ? do_syscall_64+0x1b9/0x820 [ 168.967184] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 168.972570] ? lock_acquire+0x1e4/0x540 [ 168.976559] ? percpu_ref_put_many+0x119/0x240 [ 168.981161] ? lock_downgrade+0x8f0/0x8f0 [ 168.985326] ? lock_release+0xa30/0xa30 [ 168.989317] ? lock_acquire+0x1e4/0x540 [ 168.993314] ? lock_release+0xa30/0xa30 [ 168.997387] ? check_same_owner+0x340/0x340 [ 169.001719] ? percpu_ref_put_many+0x131/0x240 [ 169.006311] ? rcu_note_context_switch+0x730/0x730 [ 169.011259] __should_failslab+0x124/0x180 [ 169.015504] should_failslab+0x9/0x14 [ 169.019319] kmem_cache_alloc+0x47/0x760 [ 169.023394] ? anon_vma_interval_tree_insert+0x26b/0x300 [ 169.029881] anon_vma_clone+0x140/0x740 [ 169.033871] ? unlink_anon_vmas+0xa60/0xa60 [ 169.038206] ? dup_userfaultfd+0x775/0x9a0 [ 169.042475] anon_vma_fork+0xf0/0x960 [ 169.046283] ? kasan_unpoison_shadow+0x35/0x50 [ 169.050868] ? anon_vma_clone+0x740/0x740 [ 169.055220] ? kasan_slab_alloc+0x12/0x20 [ 169.059360] ? kmem_cache_alloc+0x2fc/0x760 [ 169.063677] copy_process.part.41+0x6705/0x73d0 [ 169.068350] ? __cleanup_sighand+0x70/0x70 [ 169.072587] ? lock_release+0xa30/0xa30 [ 169.076546] ? xas_descend+0x20c/0x5f0 [ 169.080419] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 169.085433] ? check_pgprot+0xdf/0x180 [ 169.089312] ? put_page+0x280/0x280 [ 169.092929] ? kasan_check_write+0x14/0x20 [ 169.097160] ? alloc_set_pte+0xaf6/0x1790 [ 169.101303] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 169.106321] ? filemap_map_pages+0xca2/0x1990 [ 169.110815] ? trace_hardirqs_on+0x10/0x10 [ 169.115037] ? xa_set_tag+0x40/0x40 [ 169.118651] ? perf_trace_lock+0xde/0x920 [ 169.122783] ? trace_hardirqs_on+0x10/0x10 [ 169.127009] ? trace_hardirqs_on+0x10/0x10 [ 169.131235] ? trace_hardirqs_on+0x10/0x10 [ 169.135460] ? find_get_entries_tag+0x1410/0x1410 [ 169.140311] ? perf_trace_lock+0xde/0x920 [ 169.144462] ? zap_class+0x740/0x740 [ 169.148161] ? zap_class+0x740/0x740 [ 169.151874] ? zap_class+0x740/0x740 [ 169.155589] ? shrink_dcache_sb+0x350/0x350 [ 169.159898] ? perf_trace_lock+0xde/0x920 [ 169.164038] ? lock_acquire+0x1e4/0x540 [ 169.167998] ? __fdget_pos+0x1bb/0x200 [ 169.171875] ? zap_class+0x740/0x740 [ 169.175575] ? lock_release+0xa30/0xa30 [ 169.179534] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 169.185057] ? _parse_integer+0x13b/0x190 [ 169.189191] ? perf_trace_lock+0xde/0x920 [ 169.193348] ? _kstrtoull+0x188/0x250 [ 169.197140] ? _parse_integer+0x190/0x190 [ 169.201276] ? zap_class+0x740/0x740 [ 169.204999] ? __check_object_size+0xa3/0x5d7 [ 169.209506] ? lock_acquire+0x1e4/0x540 [ 169.213469] ? get_pid_task+0xd8/0x1a0 [ 169.217341] ? perf_trace_lock+0xde/0x920 [ 169.221471] ? lock_release+0xa30/0xa30 [ 169.225430] ? zap_class+0x740/0x740 [ 169.229144] ? vmf_insert_mixed_mkwrite+0xa0/0xa0 [ 169.233981] ? __f_unlock_pos+0x19/0x20 [ 169.237951] ? lock_downgrade+0x8f0/0x8f0 [ 169.242101] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 169.247627] ? proc_fail_nth_write+0x9e/0x210 [ 169.252109] ? lock_acquire+0x1e4/0x540 [ 169.256075] _do_fork+0x291/0x12a0 [ 169.259612] ? fork_idle+0x1a0/0x1a0 [ 169.263402] ? fsnotify_first_mark+0x350/0x350 [ 169.267970] ? fsnotify+0x14e0/0x14e0 [ 169.271765] ? __sb_end_write+0xac/0xe0 [ 169.275730] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 169.281259] ? fput+0x130/0x1a0 [ 169.284527] ? ksys_write+0x1ae/0x260 [ 169.288323] ? __ia32_sys_read+0xb0/0xb0 [ 169.292371] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 169.297899] __x64_sys_clone+0xbf/0x150 [ 169.301876] do_syscall_64+0x1b9/0x820 [ 169.305924] ? finish_task_switch+0x1d3/0x870 [ 169.310420] ? syscall_return_slowpath+0x5e0/0x5e0 [ 169.315336] ? syscall_return_slowpath+0x31d/0x5e0 [ 169.320252] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 169.325263] ? prepare_exit_to_usermode+0x291/0x3b0 [ 169.330278] ? perf_trace_sys_enter+0xb10/0xb10 [ 169.334930] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 169.339890] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 169.345064] RIP: 0033:0x455ab9 [ 169.348405] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 169.367605] RSP: 002b:00007fc93da34c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 169.375303] RAX: ffffffffffffffda RBX: 00007fc93da356d4 RCX: 0000000000455ab9 [ 169.382560] RDX: 0000000020000240 RSI: 0000000020000140 RDI: 0000000000004000 [ 169.389822] RBP: 000000000072bea0 R08: 00000000200002c0 R09: 0000000000000000 [ 169.397074] R10: 0000000020000280 R11: 0000000000000246 R12: 0000000000000014 [ 169.404331] R13: 00000000004bb85d R14: 00000000004c8d28 R15: 0000000000000011 09:51:42 executing program 0: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f7620") r1 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x80000000000002, &(0x7f0000000000)=0x78, 0x4) bind$inet(r1, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1=0xe0000001}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000040)='dctcp\x00', 0x7fff) sendto$inet(r1, &(0x7f0000a88f88), 0xfffffffffffffe6e, 0x20000000, &(0x7f0000e68000)={0x2, 0x4004e23, @local={0xac, 0x14, 0x14, 0xaa}}, 0x10) shutdown(r1, 0x1) 09:51:42 executing program 3: r0 = perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x0, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) r1 = fcntl$getown(r0, 0x9) r2 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000100)='/dev/snapshot\x00', 0x800, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_PORT_INFO(r2, 0xc0a85322, &(0x7f0000000340)) fstat(r2, &(0x7f00000002c0)) ioctl$TCSBRK(r2, 0x5409, 0x3b08) r3 = add_key(&(0x7f0000000140)='rxrpc_s\x00', &(0x7f0000000200)={0x73, 0x79, 0x7a, 0x0}, 0x0, 0x0, 0xfffffffffffffffc) keyctl$describe(0x6, r3, &(0x7f0000000400)=""/183, 0xb7) perf_event_open(&(0x7f0000000080)={0x1, 0x70, 0x9, 0x1, 0x3, 0x8001, 0x0, 0x2410, 0x62, 0x8, 0xff, 0x8000, 0x8, 0x1f, 0x0, 0x7fff, 0x800, 0x6, 0x1, 0x0, 0xbb2, 0x8, 0x22d84, 0x1000, 0x8, 0x9, 0xfffffffffffffffb, 0x1, 0x200, 0x7fff, 0x0, 0x0, 0x1e, 0x23ae, 0x9, 0x24, 0x3, 0x2, 0x0, 0xa815, 0x1, @perf_bp={&(0x7f0000000040), 0x3}, 0x2008, 0x7, 0xffffffffffff9f3b, 0x5, 0x5, 0x401, 0x20}, r1, 0x5, r0, 0x8) 09:51:42 executing program 2: mkdir(&(0x7f00000003c0)='./control\x00', 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000480)={0xaa}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000200)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = creat(&(0x7f0000000040)='./control/file0\x00', 0x0) write$sndseq(r1, &(0x7f0000011fd2), 0x0) mkdir(&(0x7f0000000100)='./file0\x00', 0x0) r2 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000140)='/dev/dsp\x00', 0x0, 0x0) pwrite64(r1, &(0x7f0000000080), 0x0, 0x0) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='9p\x00', 0x0, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c}) close(r0) 09:51:42 executing program 7: syz_mount_image$vfat(&(0x7f0000000140)='vfat\x00', &(0x7f0000000100)='./file0\x00', 0x10001, 0x1, &(0x7f0000000040)=[{&(0x7f0000010000)="eb64c86d6b66732e666174", 0xb}], 0x0, &(0x7f0000000240)=ANY=[]) r0 = open(&(0x7f00000001c0)='./file0/file0\x00', 0x3bffa, 0x0) io_setup(0x7, &(0x7f0000000000)=0x0) write$binfmt_elf32(r0, &(0x7f0000000180)=ANY=[@ANYRES64], 0xfffffe45) io_submit(r1, 0x1, &(0x7f0000000400)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r0, &(0x7f00000002c0)="80", 0x1}]) 09:51:42 executing program 1: r0 = memfd_create(&(0x7f0000000100)="885d292b00", 0x0) write(r0, &(0x7f00000001c0)="c9dc14ec00", 0xfffffffffffffe13) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x11, r0, 0x0) sendfile(r0, r0, &(0x7f0000000040), 0xff8) msync(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x7) write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f0000000140)={0x30, 0x5, 0x0, {0x0, 0x4, 0x400, 0x8}}, 0x30) 09:51:42 executing program 6: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/net/pfkey\x00', 0x80000, 0x0) getsockopt$inet_sctp6_SCTP_GET_PEER_ADDR_INFO(0xffffffffffffffff, 0x84, 0xf, &(0x7f0000000080)={0x0, @in6={{0xa, 0x4e22, 0x1ff, @dev={0xfe, 0x80, [], 0x21}, 0x8}}, 0x6, 0x20, 0x1, 0x1, 0x5}, &(0x7f0000000140)=0x98) setsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(r0, 0x84, 0xa, &(0x7f0000000200)={0x1ff, 0x3c5d1e7a, 0x2, 0x3, 0x10001, 0x9, 0x10001, 0x7, r1}, 0x20) clone(0x0, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f00000002c0)=[@in6={0xa, 0x4e22, 0x4, @local={0xfe, 0x80, [], 0xaa}, 0x3ff}, @in6={0xa, 0x4e21, 0x6, @mcast1={0xff, 0x1, [], 0x1}, 0x1}, @in6={0xa, 0x4e22, 0xfff, @mcast1={0xff, 0x1, [], 0x1}, 0x8a3}, @in={0x2, 0x4e23, @rand_addr=0x7}, @in6={0xa, 0x4e23, 0x77a, @remote={0xfe, 0x80, [], 0xbb}, 0x9}, @in={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1b}}, @in6={0xa, 0x4e24, 0x8001, @dev={0xfe, 0x80, [], 0x14}, 0x17}], 0xac) 09:51:42 executing program 4 (fault-call:1 fault-nth:18): perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x4000, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) 09:51:42 executing program 3: r0 = add_key$keyring(&(0x7f0000000040)='keyring\x00', &(0x7f0000000080)={0x73, 0x79, 0x7a, 0x3}, 0x0, 0x0, 0xfffffffffffffffc) r1 = dup(0xffffffffffffffff) getsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, &(0x7f0000000140)={0x0, 0x3, 0x30}, &(0x7f0000000200)=0xc) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r1, 0x84, 0x72, &(0x7f0000000380)={r2, 0x80000001, 0x30}, 0xc) keyctl$set_timeout(0xf, r0, 0xfffffffffffffffc) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x0, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) r3 = syz_open_dev$mouse(&(0x7f00000000c0)='/dev/input/mouse#\x00', 0x40, 0x4000) sendto$inet(r3, &(0x7f00000002c0)="0eda65bd5b90b13fad19d1b9c37d0f680a90ed514dfc6d65d76e9066243e0eb9c209fe485ea3dc26f2de40d00f1feba5370de08f1347fa12be640ac476719ebf1540c668a8c274c9ce1d738a99082e8ebc51f87f2bb29102c3dc1e9935b0e6b7816d832205a9d1918958938ad2317688d3c84bab83e1f1fa7793cb12a02424c37aaf17679f4ad10099a5937c8da6a94f09a14980de9518aeb428", 0x9a, 0x800, &(0x7f0000000100)={0x2, 0x4e21, @multicast2=0xe0000002}, 0x10) 09:51:42 executing program 1: r0 = memfd_create(&(0x7f0000000100)="885d292b00", 0x0) write(r0, &(0x7f0000000080)="a8", 0x1) r1 = syz_init_net_socket$bt_sco(0x1f, 0x3, 0x6) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$sock_bt_hidp_HIDPCONNADD(r2, 0x800448d2, &(0x7f00000000c0)=ANY=[@ANYRES32, @ANYRES32, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f0000000140)=ANY=[@ANYBLOB="bc4d953ad2366ac785e8f3384092c948e335a499a5f6e6f59041a08281a665e93e3e48ca963c96182556c6dcf5f995177f98a7d531ca9173289ba6ee3c875bb6077a694ea33416aaab2702057ec50dc3e84758ee92e417b2cc71c26537f0167d211a667dac5ec8c492ac7f7cb0b8d74d5d96124e1a3efebd1aeb778eba3bd72b2c09c826000000000000"], @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00']) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x11, r0, 0x0) sendfile(r0, r0, &(0x7f0000000040), 0xff8) getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r0, 0x84, 0x66, &(0x7f0000000200)={0x0, 0x101}, &(0x7f0000000240)=0x8) getsockopt$inet_sctp6_SCTP_RTOINFO(r0, 0x84, 0x0, &(0x7f0000000280)={r3, 0x5, 0x8, 0x3e}, &(0x7f00000002c0)=0x10) renameat(0xffffffffffffffff, &(0x7f0000000000)='.\x00', 0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00') [ 169.682736] FAULT_INJECTION: forcing a failure. [ 169.682736] name failslab, interval 1, probability 0, space 0, times 0 [ 169.694066] CPU: 1 PID: 10028 Comm: syz-executor4 Not tainted 4.18.0-rc5-next-20180720+ #12 [ 169.702568] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 169.711921] Call Trace: [ 169.714522] dump_stack+0x1c9/0x2b4 [ 169.718157] ? dump_stack_print_info.cold.2+0x52/0x52 [ 169.723354] ? __kernel_text_address+0xd/0x40 [ 169.727860] ? unwind_get_return_address+0x61/0xa0 09:51:42 executing program 6: r0 = perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x0, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) fcntl$setlease(r0, 0x400, 0x1) [ 169.732809] should_fail.cold.4+0xa/0x11 [ 169.736890] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 169.742013] ? save_stack+0xa9/0xd0 [ 169.745647] ? kasan_kmalloc+0xc4/0xe0 [ 169.749538] ? kasan_slab_alloc+0x12/0x20 [ 169.753703] ? kmem_cache_alloc+0x12e/0x760 [ 169.758035] ? anon_vma_clone+0x140/0x740 [ 169.762193] ? anon_vma_fork+0xf0/0x960 [ 169.766176] ? copy_process.part.41+0x6705/0x73d0 [ 169.771025] ? _do_fork+0x291/0x12a0 [ 169.774748] ? do_syscall_64+0x1b9/0x820 09:51:42 executing program 5: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x80000000000002, &(0x7f0000000000), 0x4) bind$inet(r1, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1=0xe0000001}, 0x10) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f00000000c0)={0x1, &(0x7f0000f40ff8)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000040)='dctcp\x00', 0x7fff) sendto$inet(r1, &(0x7f0000a88f88), 0xfffffffffffffe6e, 0x20000000, &(0x7f0000e68000)={0x2, 0x4004e23, @local={0xac, 0x14, 0x14, 0xaa}}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000001800)='nv\x00', 0x3) shutdown(r1, 0x1) [ 169.778819] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 169.784201] ? lock_acquire+0x1e4/0x540 [ 169.788197] ? percpu_ref_put_many+0x119/0x240 [ 169.792794] ? lock_downgrade+0x8f0/0x8f0 [ 169.796956] ? lock_release+0xa30/0xa30 [ 169.800943] ? memcg_kmem_get_cache+0x3a9/0x9d0 [ 169.805624] ? mem_cgroup_handle_over_high+0x130/0x130 [ 169.810919] ? lock_acquire+0x1e4/0x540 [ 169.814917] ? percpu_ref_put_many+0x131/0x240 [ 169.819508] ? mem_cgroup_id_get_online+0x310/0x310 [ 169.824531] ? kasan_unpoison_shadow+0x35/0x50 [ 169.829131] __should_failslab+0x124/0x180 [ 169.833377] should_failslab+0x9/0x14 [ 169.837189] kmem_cache_alloc+0x47/0x760 [ 169.841271] ? anon_vma_interval_tree_insert+0x26b/0x300 [ 169.846736] anon_vma_clone+0x140/0x740 [ 169.850788] ? unlink_anon_vmas+0xa60/0xa60 [ 169.855114] ? dup_userfaultfd+0x775/0x9a0 [ 169.859361] anon_vma_fork+0xf0/0x960 [ 169.863149] ? kasan_unpoison_shadow+0x35/0x50 [ 169.867736] ? anon_vma_clone+0x740/0x740 [ 169.871869] ? kasan_slab_alloc+0x12/0x20 [ 169.876000] ? kmem_cache_alloc+0x2fc/0x760 [ 169.880317] copy_process.part.41+0x6705/0x73d0 [ 169.884980] ? __cleanup_sighand+0x70/0x70 [ 169.889200] ? lock_release+0xa30/0xa30 [ 169.893166] ? xas_descend+0x20c/0x5f0 [ 169.897042] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 169.902043] ? check_pgprot+0xdf/0x180 [ 169.905917] ? put_page+0x280/0x280 [ 169.909530] ? kasan_check_write+0x14/0x20 [ 169.913762] ? alloc_set_pte+0xaf6/0x1790 [ 169.917903] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 169.922914] ? filemap_map_pages+0xca2/0x1990 [ 169.927396] ? trace_hardirqs_on+0x10/0x10 [ 169.931618] ? xa_set_tag+0x40/0x40 [ 169.935233] ? perf_trace_lock+0xde/0x920 [ 169.939370] ? trace_hardirqs_on+0x10/0x10 [ 169.943599] ? trace_hardirqs_on+0x10/0x10 [ 169.947818] ? trace_hardirqs_on+0x10/0x10 [ 169.952041] ? find_get_entries_tag+0x1410/0x1410 [ 169.956888] ? perf_trace_lock+0xde/0x920 [ 169.961024] ? zap_class+0x740/0x740 [ 169.964726] ? zap_class+0x740/0x740 [ 169.968432] ? zap_class+0x740/0x740 [ 169.972139] ? shrink_dcache_sb+0x350/0x350 [ 169.976448] ? perf_trace_lock+0xde/0x920 [ 169.980583] ? lock_acquire+0x1e4/0x540 [ 169.984545] ? __fdget_pos+0x1bb/0x200 [ 169.988430] ? zap_class+0x740/0x740 [ 169.992135] ? lock_release+0xa30/0xa30 [ 169.996362] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 170.001885] ? _parse_integer+0x13b/0x190 [ 170.006037] ? perf_trace_lock+0xde/0x920 [ 170.010196] ? _kstrtoull+0x188/0x250 [ 170.013983] ? _parse_integer+0x190/0x190 [ 170.018120] ? zap_class+0x740/0x740 [ 170.021820] ? __check_object_size+0xa3/0x5d7 [ 170.026304] ? lock_acquire+0x1e4/0x540 [ 170.030263] ? get_pid_task+0xd8/0x1a0 [ 170.034145] ? perf_trace_lock+0xde/0x920 [ 170.038276] ? lock_release+0xa30/0xa30 [ 170.042234] ? zap_class+0x740/0x740 [ 170.045936] ? vmf_insert_mixed_mkwrite+0xa0/0xa0 [ 170.050764] ? __f_unlock_pos+0x19/0x20 [ 170.054725] ? lock_downgrade+0x8f0/0x8f0 [ 170.058868] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 170.064400] ? proc_fail_nth_write+0x9e/0x210 [ 170.068882] ? lock_acquire+0x1e4/0x540 [ 170.072858] _do_fork+0x291/0x12a0 [ 170.076384] ? fork_idle+0x1a0/0x1a0 [ 170.080097] ? fsnotify_first_mark+0x350/0x350 [ 170.084673] ? fsnotify+0x14e0/0x14e0 [ 170.088470] ? __sb_end_write+0xac/0xe0 [ 170.092431] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 170.097965] ? fput+0x130/0x1a0 [ 170.101237] ? ksys_write+0x1ae/0x260 [ 170.105028] ? __ia32_sys_read+0xb0/0xb0 [ 170.109597] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 170.115119] __x64_sys_clone+0xbf/0x150 [ 170.119093] do_syscall_64+0x1b9/0x820 [ 170.122971] ? finish_task_switch+0x1d3/0x870 [ 170.127456] ? syscall_return_slowpath+0x5e0/0x5e0 [ 170.132368] ? syscall_return_slowpath+0x31d/0x5e0 [ 170.137279] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 170.142281] ? prepare_exit_to_usermode+0x291/0x3b0 [ 170.147285] ? perf_trace_sys_enter+0xb10/0xb10 [ 170.151943] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 170.156775] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 170.161949] RIP: 0033:0x455ab9 [ 170.165116] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 170.184319] RSP: 002b:00007fc93da34c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 170.192015] RAX: ffffffffffffffda RBX: 00007fc93da356d4 RCX: 0000000000455ab9 [ 170.199272] RDX: 0000000020000240 RSI: 0000000020000140 RDI: 0000000000004000 [ 170.206522] RBP: 000000000072bea0 R08: 00000000200002c0 R09: 0000000000000000 [ 170.213773] R10: 0000000020000280 R11: 0000000000000246 R12: 0000000000000014 [ 170.221027] R13: 00000000004bb85d R14: 00000000004c8d28 R15: 0000000000000012 09:51:43 executing program 2: mkdir(&(0x7f00000003c0)='./control\x00', 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000480)={0xaa}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000200)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = creat(&(0x7f0000000040)='./control/file0\x00', 0x0) write$sndseq(r1, &(0x7f0000011fd2), 0x0) mkdir(&(0x7f0000000100)='./file0\x00', 0x0) r2 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000140)='/dev/dsp\x00', 0x0, 0x0) pwrite64(r1, &(0x7f0000000080), 0x0, 0x0) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='9p\x00', 0x0, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c}) close(r0) [ 170.246517] FAT-fs (loop7): bogus number of reserved sectors [ 170.252443] FAT-fs (loop7): Can't find a valid FAT filesystem 09:51:43 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$usbmon(&(0x7f0000000040)='/dev/usbmon#\x00', 0x80000000, 0xc002) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000200)={r0, 0x0, 0xa9, 0x27, &(0x7f0000000080)="5aef12d553e46b0a31fe8667d7ee804d9b368e9c7734340f760da7e6332d61e754b167fb0525f334bfed0aaaf7970c47c53fabe63a0333a12f043c1c6a6f2ecf0766a02e1c98e8ce5f281ffb6df127b41436b1ac54a8feba6ba159bfa5f09d7a1096abe6ac2bbcc920bca778ec5bc5fd303dbd690bd0992a2e492c1025ca25ae50297ec6054f14a390279d6fa10703a167ed63b947a7bbeaa32c20430279d09413ceed8e6f63d82c3f", &(0x7f0000000140)=""/39, 0x7ff}, 0x28) clone(0x0, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) 09:51:43 executing program 4 (fault-call:1 fault-nth:19): perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x4000, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) 09:51:43 executing program 0: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f7620") r1 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x80000000000002, &(0x7f0000000000)=0x78, 0x4) bind$inet(r1, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1=0xe0000001}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000040)='dctcp\x00', 0x7fff) sendto$inet(r1, &(0x7f0000a88f88), 0xfffffffffffffe6e, 0x20000000, &(0x7f0000e68000)={0x2, 0x4004e23, @local={0xac, 0x14, 0x14, 0xaa}}, 0x10) shutdown(r1, 0x1) [ 170.395519] FAULT_INJECTION: forcing a failure. [ 170.395519] name failslab, interval 1, probability 0, space 0, times 0 [ 170.407029] CPU: 1 PID: 10067 Comm: syz-executor4 Not tainted 4.18.0-rc5-next-20180720+ #12 [ 170.415533] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 170.424891] Call Trace: [ 170.429060] dump_stack+0x1c9/0x2b4 [ 170.432742] ? dump_stack_print_info.cold.2+0x52/0x52 [ 170.437951] ? perf_trace_lock+0xde/0x920 09:51:43 executing program 6: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa9f1}, 0x0, 0xfffffffffffffffc, 0xffffffffffffffff, 0x0) clone(0x0, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) [ 170.442121] should_fail.cold.4+0xa/0x11 [ 170.446212] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 170.451355] ? lock_downgrade+0x8f0/0x8f0 [ 170.455535] ? anon_vma_clone+0x4e0/0x740 [ 170.459732] ? lock_downgrade+0x8f0/0x8f0 [ 170.463903] ? percpu_ref_put_many+0x131/0x240 [ 170.468502] ? lock_acquire+0x1e4/0x540 [ 170.472493] ? fs_reclaim_acquire+0x20/0x20 [ 170.476836] ? lock_downgrade+0x8f0/0x8f0 [ 170.481003] ? check_same_owner+0x340/0x340 [ 170.485346] ? rcu_note_context_switch+0x730/0x730 [ 170.490294] __should_failslab+0x124/0x180 [ 170.494541] should_failslab+0x9/0x14 [ 170.498356] kmem_cache_alloc+0x2af/0x760 [ 170.502515] ? dup_userfaultfd+0x775/0x9a0 [ 170.506765] anon_vma_fork+0x192/0x960 [ 170.510663] ? kasan_unpoison_shadow+0x35/0x50 [ 170.515257] ? anon_vma_clone+0x740/0x740 [ 170.519417] ? kasan_slab_alloc+0x12/0x20 [ 170.523574] ? kmem_cache_alloc+0x2fc/0x760 [ 170.527913] copy_process.part.41+0x6705/0x73d0 [ 170.532609] ? __cleanup_sighand+0x70/0x70 [ 170.536879] ? lock_release+0xa30/0xa30 [ 170.540863] ? xas_descend+0x20c/0x5f0 [ 170.544771] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 170.549799] ? check_pgprot+0xdf/0x180 [ 170.553703] ? put_page+0x280/0x280 [ 170.557342] ? kasan_check_write+0x14/0x20 [ 170.561592] ? alloc_set_pte+0xaf6/0x1790 [ 170.565766] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 170.570793] ? filemap_map_pages+0xca2/0x1990 [ 170.575298] ? trace_hardirqs_on+0x10/0x10 [ 170.579551] ? xa_set_tag+0x40/0x40 [ 170.583188] ? perf_trace_lock+0xde/0x920 [ 170.587347] ? trace_hardirqs_on+0x10/0x10 [ 170.591592] ? trace_hardirqs_on+0x10/0x10 [ 170.595833] ? trace_hardirqs_on+0x10/0x10 [ 170.600081] ? find_get_entries_tag+0x1410/0x1410 [ 170.604939] ? perf_trace_lock+0xde/0x920 [ 170.609095] ? zap_class+0x740/0x740 [ 170.612814] ? zap_class+0x740/0x740 [ 170.616540] ? zap_class+0x740/0x740 [ 170.620257] ? shrink_dcache_sb+0x350/0x350 [ 170.624588] ? perf_trace_lock+0xde/0x920 [ 170.628746] ? lock_acquire+0x1e4/0x540 [ 170.632727] ? __fdget_pos+0x1bb/0x200 [ 170.636619] ? zap_class+0x740/0x740 [ 170.640341] ? lock_release+0xa30/0xa30 09:51:43 executing program 6: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) personality(0x6000007) clone(0x0, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) [ 170.644326] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 170.649869] ? _parse_integer+0x13b/0x190 [ 170.654032] ? perf_trace_lock+0xde/0x920 [ 170.658211] ? _kstrtoull+0x188/0x250 [ 170.662014] ? _parse_integer+0x190/0x190 [ 170.666168] ? zap_class+0x740/0x740 [ 170.669888] ? __check_object_size+0xa3/0x5d7 [ 170.674395] ? lock_acquire+0x1e4/0x540 [ 170.678378] ? get_pid_task+0xd8/0x1a0 [ 170.682270] ? perf_trace_lock+0xde/0x920 [ 170.686429] ? lock_release+0xa30/0xa30 [ 170.690415] ? zap_class+0x740/0x740 [ 170.694144] ? vmf_insert_mixed_mkwrite+0xa0/0xa0 [ 170.698994] ? __f_unlock_pos+0x19/0x20 [ 170.702976] ? lock_downgrade+0x8f0/0x8f0 [ 170.707135] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 170.712679] ? proc_fail_nth_write+0x9e/0x210 [ 170.717186] ? lock_acquire+0x1e4/0x540 [ 170.721172] _do_fork+0x291/0x12a0 [ 170.724719] ? fork_idle+0x1a0/0x1a0 [ 170.728443] ? fsnotify_first_mark+0x350/0x350 [ 170.733037] ? fsnotify+0x14e0/0x14e0 [ 170.736889] ? __sb_end_write+0xac/0xe0 [ 170.740878] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 09:51:43 executing program 1: r0 = memfd_create(&(0x7f0000000100)="885d292b00", 0x0) write(r0, &(0x7f0000000140)='\x00', 0x1) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x11, r0, 0x0) sendfile(r0, r0, &(0x7f0000000040), 0xff8) renameat(0xffffffffffffffff, &(0x7f0000000000)='.\x00', 0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00') dup2(r0, r0) ioctl$TIOCSSOFTCAR(r0, 0x541a, &(0x7f0000000080)) [ 170.746430] ? fput+0x130/0x1a0 [ 170.749721] ? ksys_write+0x1ae/0x260 [ 170.753531] ? __ia32_sys_read+0xb0/0xb0 [ 170.757601] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 170.763146] __x64_sys_clone+0xbf/0x150 [ 170.767131] do_syscall_64+0x1b9/0x820 [ 170.771024] ? finish_task_switch+0x1d3/0x870 [ 170.775528] ? syscall_return_slowpath+0x5e0/0x5e0 [ 170.780468] ? syscall_return_slowpath+0x31d/0x5e0 [ 170.785581] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 170.790611] ? prepare_exit_to_usermode+0x291/0x3b0 [ 170.795637] ? perf_trace_sys_enter+0xb10/0xb10 [ 170.800315] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 170.805173] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 170.810368] RIP: 0033:0x455ab9 [ 170.813553] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 170.833471] RSP: 002b:00007fc93da34c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 170.841185] RAX: ffffffffffffffda RBX: 00007fc93da356d4 RCX: 0000000000455ab9 [ 170.848550] RDX: 0000000020000240 RSI: 0000000020000140 RDI: 0000000000004000 [ 170.855862] RBP: 000000000072bea0 R08: 00000000200002c0 R09: 0000000000000000 [ 170.863140] R10: 0000000020000280 R11: 0000000000000246 R12: 0000000000000014 [ 170.870423] R13: 00000000004bb85d R14: 00000000004c8d28 R15: 0000000000000013 09:51:43 executing program 7: syz_mount_image$vfat(&(0x7f0000000140)='vfat\x00', &(0x7f0000000100)='./file0\x00', 0x10001, 0x1, &(0x7f0000000040)=[{&(0x7f0000010000)="eb64c86d6b66732e666174", 0xb}], 0x0, &(0x7f0000000240)=ANY=[]) r0 = open(&(0x7f00000001c0)='./file0/file0\x00', 0x3bffa, 0x0) io_setup(0x7, &(0x7f0000000000)=0x0) write$binfmt_elf32(r0, &(0x7f0000000180)=ANY=[@ANYRES64], 0xfffffe45) io_submit(r1, 0x1, &(0x7f0000000400)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r0, &(0x7f00000002c0)="80", 0x1}]) 09:51:43 executing program 2: mkdir(&(0x7f00000003c0)='./control\x00', 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000480)={0xaa}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000200)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = creat(&(0x7f0000000040)='./control/file0\x00', 0x0) write$sndseq(r1, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) mkdir(&(0x7f0000000100)='./file0\x00', 0x0) r2 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000140)='/dev/dsp\x00', 0x0, 0x0) pwrite64(0xffffffffffffffff, &(0x7f0000000080), 0x0, 0x0) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='9p\x00', 0x0, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c}) close(r0) 09:51:43 executing program 6: clone(0x0, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) syz_open_procfs(0xffffffffffffffff, &(0x7f00000001c0)='oom_score_adj\x00') r0 = dup2(0xffffffffffffff9c, 0xffffffffffffffff) ioctl$sock_kcm_SIOCKCMCLONE(r0, 0x89e2, &(0x7f0000000200)={0xffffffffffffffff}) openat$mixer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/mixer\x00', 0x200000, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_LOCK(r0, 0x40405514, &(0x7f00000002c0)={0x1, 0x0, 0x80, 0x9, 'syz0\x00', 0xcdac}) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(0xffffffffffffff9c, 0x84, 0x70, &(0x7f0000000040)={0x0, @in={{0x2, 0x4e21, @local={0xac, 0x14, 0x14, 0xaa}}}, [0x2, 0xc6, 0xdf, 0x1000, 0x100000001, 0x7fff, 0x10001, 0x1, 0x1, 0x7, 0x20, 0x6, 0x8, 0x84, 0x2]}, &(0x7f0000000140)=0x100) setsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r1, 0x84, 0xa, &(0x7f0000000180)={0xffffffff80000000, 0x0, 0x2, 0x6, 0xff, 0x6, 0x8, 0x6f78, r2}, 0x20) 09:51:43 executing program 3: r0 = syz_open_dev$vcsa(&(0x7f0000000080)='/dev/vcsa#\x00', 0x7fff, 0x501001) r1 = perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x400, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x3, 0x3}, 0x0, 0xffffffffffffffff, r0, 0x0) clone(0x0, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) ioctl$PERF_EVENT_IOC_QUERY_BPF(r1, 0xc008240a, &(0x7f0000000040)={0x8, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}) 09:51:43 executing program 5: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x80000000000002, &(0x7f0000000000), 0x4) bind$inet(r1, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1=0xe0000001}, 0x10) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f00000000c0)={0x1, &(0x7f0000f40ff8)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000040)='dctcp\x00', 0x7fff) sendto$inet(r1, &(0x7f0000a88f88), 0xfffffffffffffe6e, 0x20000000, &(0x7f0000e68000)={0x2, 0x4004e23, @local={0xac, 0x14, 0x14, 0xaa}}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000001800)='nv\x00', 0x3) shutdown(r1, 0x1) 09:51:44 executing program 4 (fault-call:1 fault-nth:20): perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x4000, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) [ 171.087942] FAT-fs (loop7): bogus number of reserved sectors [ 171.093891] FAT-fs (loop7): Can't find a valid FAT filesystem 09:51:44 executing program 6: socketpair(0x11, 0x80000, 0x8, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$SO_RDS_MSG_RXPATH_LATENCY(r0, 0x114, 0xa, &(0x7f0000000140)={0x2, "20c0"}, 0x3) write$binfmt_aout(r0, &(0x7f0000000700)=ANY=[@ANYBLOB="cc0000006401000002020000000800008f020000080000000000000000000000844d40526a2dcf63e14ef5b8dbdd1bd1e7331a8f7c2508c30bb41462a271b00b31e51d1d522141db8ff5bd247c15a2247e63be64c4c8d72b60f9f2e28745c67e575ac2d30ae7d595fbb18b42a1cbb593a1ddfeaaa77b04d4e1617b202b238dd8874d42df75036537a57b875040a4b274290d975b660fb362bcd024337e72adc88e6b347deb2154ef8639905319e2e68b94cba99e85d113281eaf65624c03fe346d9b082e35cf53df2d808b0b7acf859067f05385cf6cdb10216ba8870463ff30aa4d9f511c96454eb5cd1d6e0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003585197be82e1f724b0e7ea59b7cb4be6ee6348821ac3ae57cf24133207d4a0be091506202"], 0xffffffffffffff4e) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x0, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) ioctl$SG_GET_SG_TABLESIZE(r0, 0x227f, &(0x7f0000000080)) r2 = getpid() getsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f00000002c0)={{{@in6=@mcast1, @in=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@dev}, 0x0, @in=@local}}, &(0x7f0000000200)=0xe8) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f00000003c0)={0x0, 0x0, 0x0}, &(0x7f0000000400)=0xc) sendmsg$unix(r1, &(0x7f0000000480)={&(0x7f00000000c0)=@abs={0x1, 0x0, 0x4e23}, 0x6e, &(0x7f0000000140), 0x0, &(0x7f0000000440)=[@cred={0x20, 0x1, 0x2, r2, r3, r4}, @rights={0x18, 0x1, 0x1, [r1]}], 0x38}, 0x1) [ 171.193931] FAULT_INJECTION: forcing a failure. [ 171.193931] name failslab, interval 1, probability 0, space 0, times 0 [ 171.205823] CPU: 0 PID: 10112 Comm: syz-executor4 Not tainted 4.18.0-rc5-next-20180720+ #12 [ 171.214328] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 171.223683] Call Trace: [ 171.226279] dump_stack+0x1c9/0x2b4 [ 171.229920] ? dump_stack_print_info.cold.2+0x52/0x52 [ 171.235107] ? perf_trace_lock+0x49d/0x920 [ 171.239343] should_fail.cold.4+0xa/0x11 [ 171.243408] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 171.248503] ? save_stack+0xa9/0xd0 [ 171.252121] ? kasan_kmalloc+0xc4/0xe0 [ 171.256010] ? kasan_slab_alloc+0x12/0x20 [ 171.260153] ? anon_vma_fork+0x192/0x960 [ 171.264203] ? copy_process.part.41+0x6705/0x73d0 [ 171.269034] ? _do_fork+0x291/0x12a0 [ 171.272747] ? __x64_sys_clone+0xbf/0x150 [ 171.276887] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 171.282245] ? lock_acquire+0x1e4/0x540 [ 171.286212] ? lock_downgrade+0x8f0/0x8f0 [ 171.290621] ? lock_acquire+0x1e4/0x540 [ 171.294588] ? fs_reclaim_acquire+0x20/0x20 [ 171.298899] ? lock_downgrade+0x8f0/0x8f0 [ 171.303049] ? check_same_owner+0x340/0x340 [ 171.307372] ? rcu_note_context_switch+0x730/0x730 [ 171.312294] ? kasan_unpoison_shadow+0x35/0x50 [ 171.316869] __should_failslab+0x124/0x180 [ 171.321116] should_failslab+0x9/0x14 [ 171.324918] kmem_cache_alloc+0x2af/0x760 [ 171.329063] ? dup_userfaultfd+0x775/0x9a0 [ 171.333287] ? anon_vma_fork+0x192/0x960 [ 171.337339] anon_vma_fork+0x2dc/0x960 [ 171.341230] ? anon_vma_clone+0x740/0x740 [ 171.345370] ? kasan_slab_alloc+0x12/0x20 [ 171.349507] ? kmem_cache_alloc+0x2fc/0x760 [ 171.353832] copy_process.part.41+0x6705/0x73d0 [ 171.358523] ? __cleanup_sighand+0x70/0x70 [ 171.362759] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 171.368288] ? perf_tp_event+0x91b/0xc40 [ 171.372341] ? xas_descend+0x20c/0x5f0 [ 171.376249] ? perf_swevent_event+0x2e0/0x2e0 [ 171.380752] ? perf_swevent_event+0x158/0x2e0 [ 171.385252] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 171.390786] ? perf_tp_event+0x91b/0xc40 [ 171.394842] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 171.399939] ? filemap_map_pages+0xca2/0x1990 [ 171.404436] ? perf_swevent_event+0x2e0/0x2e0 [ 171.408928] ? perf_trace_run_bpf_submit+0x269/0x3b0 [ 171.414031] ? perf_trace_run_bpf_submit+0x269/0x3b0 [ 171.419138] ? perf_tp_event+0xc40/0xc40 [ 171.423196] ? perf_trace_run_bpf_submit+0x269/0x3b0 [ 171.428293] ? perf_trace_run_bpf_submit+0x269/0x3b0 [ 171.433384] ? perf_trace_run_bpf_submit+0x270/0x3b0 [ 171.438494] ? perf_tp_event+0xc40/0xc40 [ 171.442553] ? zap_class+0x740/0x740 [ 171.446261] ? perf_trace_run_bpf_submit+0x269/0x3b0 [ 171.451356] ? perf_trace_run_bpf_submit+0x269/0x3b0 [ 171.456448] ? perf_trace_run_bpf_submit+0x270/0x3b0 [ 171.461550] ? perf_tp_event+0xc40/0xc40 [ 171.465690] ? zap_class+0x740/0x740 [ 171.469397] ? memset+0x31/0x40 [ 171.472671] ? perf_trace_lock+0x49d/0x920 [ 171.476897] ? perf_trace_run_bpf_submit+0x269/0x3b0 [ 171.482003] ? zap_class+0x740/0x740 [ 171.485713] ? __check_object_size+0xa3/0x5d7 [ 171.490635] ? memset+0x31/0x40 [ 171.493918] ? zap_class+0x740/0x740 [ 171.497627] ? __f_unlock_pos+0x19/0x20 [ 171.501591] ? lock_downgrade+0x8f0/0x8f0 [ 171.505733] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 171.511261] ? proc_fail_nth_write+0x9e/0x210 [ 171.515749] ? lock_acquire+0x1e4/0x540 [ 171.519724] _do_fork+0x291/0x12a0 [ 171.523270] ? fork_idle+0x1a0/0x1a0 [ 171.526989] ? fsnotify_first_mark+0x350/0x350 [ 171.531568] ? fsnotify+0x14e0/0x14e0 [ 171.535369] ? __sb_end_write+0xac/0xe0 [ 171.539346] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 171.544872] ? fput+0x130/0x1a0 [ 171.548140] ? ksys_write+0x1ae/0x260 [ 171.551931] ? __ia32_sys_read+0xb0/0xb0 [ 171.555992] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 171.561536] __x64_sys_clone+0xbf/0x150 [ 171.565507] do_syscall_64+0x1b9/0x820 [ 171.569401] ? finish_task_switch+0x1d3/0x870 [ 171.573889] ? syscall_return_slowpath+0x5e0/0x5e0 [ 171.578813] ? syscall_return_slowpath+0x31d/0x5e0 [ 171.583736] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 171.588753] ? prepare_exit_to_usermode+0x291/0x3b0 [ 171.593769] ? perf_trace_sys_enter+0xb10/0xb10 [ 171.598432] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 171.603275] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 171.608468] RIP: 0033:0x455ab9 [ 171.611644] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 171.631023] RSP: 002b:00007fc93da34c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 171.638726] RAX: ffffffffffffffda RBX: 00007fc93da356d4 RCX: 0000000000455ab9 09:51:44 executing program 0: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f7620") r1 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x80000000000002, &(0x7f0000000000)=0x78, 0x4) bind$inet(r1, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1=0xe0000001}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000040)='dctcp\x00', 0x7fff) sendto$inet(r1, &(0x7f0000a88f88), 0xfffffffffffffe6e, 0x20000000, &(0x7f0000e68000)={0x2, 0x4004e23, @local={0xac, 0x14, 0x14, 0xaa}}, 0x10) shutdown(r1, 0x1) 09:51:44 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x0, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) r0 = getpid() ptrace$getenv(0x4201, r0, 0x80, &(0x7f0000000040)) [ 171.645987] RDX: 0000000020000240 RSI: 0000000020000140 RDI: 0000000000004000 [ 171.653251] RBP: 000000000072bea0 R08: 00000000200002c0 R09: 0000000000000000 [ 171.660510] R10: 0000000020000280 R11: 0000000000000246 R12: 0000000000000014 [ 171.667772] R13: 00000000004bb85d R14: 00000000004c8d28 R15: 0000000000000014 09:51:44 executing program 1: r0 = memfd_create(&(0x7f0000000100)="885d292b00", 0x0) write(r0, &(0x7f0000000080)="a8", 0x1) sendto(r0, &(0x7f0000000140)="8fc423bb0e96c1eaac626243293c8fca03243e84b9d027f33d94e52bfca5a2538590b203fbe7e825c1c784dca6670ceaf199ccd96f72a48e2e1cd1e923f4c4", 0x3f, 0x40000, &(0x7f0000000180)=@rc={0x1f, {0x8, 0x7, 0x0, 0x609, 0x5, 0x4}, 0x100}, 0x80) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x11, r0, 0x0) sendfile(r0, r0, &(0x7f0000000040), 0xff8) renameat(0xffffffffffffffff, &(0x7f0000000000)='.\x00', 0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00') 09:51:44 executing program 6: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000040)='/dev/snapshot\x00', 0x8000, 0x0) r0 = syz_open_dev$dspn(&(0x7f00000000c0)='/dev/dsp#\x00', 0x2, 0x10000) ioctl$KVM_XEN_HVM_CONFIG(r0, 0x4038ae7a, &(0x7f0000000140)={0x2, 0xbff, &(0x7f0000000100)="212239eeac58af770a2480efbf6b18a355", &(0x7f00000002c0)="912266a97859b9c31ae17fb78399a23564666e5f08337bcfde06f7645ba78430696305faa4125e3bef25bf47725e4663f0e5a4cfa245207f427e1ee965e76fad5ee01a29f8e2876ec01c0a82dbbee47ad9ac0e5d256018b92a36b872a6db7ff55c9bc5a2c604b9d758123883", 0x11, 0x6c}) ioctl$PIO_UNIMAPCLR(r0, 0x4b68, &(0x7f0000000080)={0x480000000, 0x949, 0x8000}) clone(0x0, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) 09:51:44 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vsock\x00', 0x200, 0x0) write$P9_RLOCK(r0, &(0x7f0000000080)={0x8, 0x35, 0x1, 0x3}, 0x8) clone(0x0, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) 09:51:44 executing program 6: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = shmat(0xffffffffffffffff, &(0x7f0000ff7000/0x7000)=nil, 0x1000) shmdt(r0) clone(0x0, &(0x7f0000000040)="795c14819824ca5745369c957d752348ed314086c5b01eef0d94b359e62b53181424cc5514d41e711b57fc13df7dd7e8829ed3b8795ef0986de18fcc4a36431a2072b70169a5840dc4939413f4a6629094d0027c188c2d622b797076f8fb6cbd3897f826", &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) 09:51:44 executing program 1: r0 = memfd_create(&(0x7f0000000100)="885d292b00", 0x0) write(r0, &(0x7f0000000080)="a8", 0x1) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x11, r0, 0x0) sendfile(r0, r0, &(0x7f0000000040), 0xff8) io_setup(0x6, &(0x7f0000000140)=0x0) io_submit(r1, 0x3, &(0x7f00000003c0)=[&(0x7f00000001c0)={0x0, 0x0, 0x0, 0xf, 0x8, r0, &(0x7f0000000180)="6ae0d4abe030fb65fd09a4c578e11ae812e380a458d0b81d7ec6cd95b0c9e874886ea7d788a3ff", 0x27, 0xc, 0x0, 0x1, r0}, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x6, 0x3, r0, &(0x7f0000000200)="afe517fb44ffc510da0e46a1da5b076db62f5252894935dcb58dc703152dd95a2d7b1835785200cc40c08e43f86aff7a768e71a1d6a61a4268772135b91082f6d7b2bcd065774973e2f4cc89d4c705fc8acc6c4c228911ca1c0368d450421fba8c6d072117c0da2786f3cab1dfaf96bd2609699160f893e878c0ed1cc9d8072bd18773d5612f17bf6d8b4dbb62cdc7ea3794416b74ddc39071c0d2c51f2429495b0b30c604ba9ac7198081e1fe44e1790a05412934cd32998489bb33b2f04416ba42327f3dcdb10fabe72aa6a7679ecd581d5b06973776cf4cadd8dc22", 0xdd, 0x9, 0x0, 0x0, r0}, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x1, r0, &(0x7f0000000340)="dc19b5b7a0a2", 0x6, 0x3ff, 0x0, 0x0, r0}]) renameat(0xffffffffffffffff, &(0x7f0000000000)='.\x00', 0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00') 09:51:44 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x0, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) r0 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv4/vs/sync_retries\x00', 0x2, 0x0) setsockopt$bt_BT_VOICE(r0, 0x112, 0xb, &(0x7f0000000080)=0x8, 0x2) 09:51:44 executing program 4 (fault-call:1 fault-nth:21): perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x4000, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) 09:51:45 executing program 7: syz_mount_image$vfat(&(0x7f0000000140)='vfat\x00', &(0x7f0000000100)='./file0\x00', 0x10001, 0x1, &(0x7f0000000040)=[{&(0x7f0000010000)="eb64c86d6b66732e666174000204410005", 0x11}], 0x0, &(0x7f0000000240)=ANY=[]) r0 = open(&(0x7f00000001c0)='./file0/file0\x00', 0x3bffa, 0x0) io_setup(0x7, &(0x7f0000000000)=0x0) write$binfmt_elf32(r0, &(0x7f0000000180)=ANY=[@ANYRES64], 0xfffffe45) io_submit(r1, 0x1, &(0x7f0000000400)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r0, &(0x7f00000002c0)="80", 0x1}]) [ 172.114641] FAULT_INJECTION: forcing a failure. [ 172.114641] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 172.126674] CPU: 1 PID: 10164 Comm: syz-executor4 Not tainted 4.18.0-rc5-next-20180720+ #12 [ 172.135171] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 172.144558] Call Trace: [ 172.147176] dump_stack+0x1c9/0x2b4 [ 172.150817] ? dump_stack_print_info.cold.2+0x52/0x52 [ 172.156032] ? perf_trace_lock+0xde/0x920 [ 172.160203] should_fail.cold.4+0xa/0x11 [ 172.164283] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 172.169430] ? trace_hardirqs_on+0x10/0x10 [ 172.173687] ? trace_hardirqs_on+0x10/0x10 [ 172.177950] ? trace_hardirqs_on+0x10/0x10 [ 172.182201] ? perf_trace_lock+0xde/0x920 [ 172.186367] ? lock_acquire+0x1e4/0x540 [ 172.190348] ? fs_reclaim_acquire+0x20/0x20 [ 172.194680] ? lock_downgrade+0x8f0/0x8f0 [ 172.198839] ? check_same_owner+0x340/0x340 [ 172.203165] ? rcu_note_context_switch+0x730/0x730 [ 172.208112] __alloc_pages_nodemask+0x36e/0xdb0 [ 172.212794] ? __alloc_pages_slowpath+0x2d00/0x2d00 [ 172.217817] ? trace_hardirqs_on+0x10/0x10 [ 172.222054] ? perf_trace_lock+0xde/0x920 [ 172.226218] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 172.231238] ? bpf_prog_kallsyms_find+0xde/0x4c0 [ 172.236014] ? lock_acquire+0x1e4/0x540 [ 172.239997] ? is_bpf_text_address+0xae/0x170 [ 172.244512] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 172.250061] alloc_pages_current+0x10c/0x210 [ 172.254475] get_zeroed_page+0x14/0x50 [ 172.258368] __pud_alloc+0x3f/0x310 [ 172.262000] ? rcu_cleanup_dead_rnp+0x200/0x200 [ 172.266704] pud_alloc+0xe1/0x150 [ 172.270167] copy_page_range+0x427/0x24c0 [ 172.274319] ? kernel_text_address+0x79/0xf0 [ 172.278733] ? __kernel_text_address+0xd/0x40 [ 172.283239] ? vma_interval_tree_augment_rotate+0x181/0x1e0 [ 172.288961] ? rb_insert_color_cached+0x14c0/0x14c0 [ 172.293980] ? rb_insert_color_cached+0x14c0/0x14c0 [ 172.298999] ? save_stack+0x43/0xd0 [ 172.302631] ? kasan_slab_alloc+0x12/0x20 [ 172.306781] ? __pmd_alloc+0x530/0x530 [ 172.310676] ? perf_trace_lock+0xde/0x920 [ 172.314835] ? do_syscall_64+0x1b9/0x820 [ 172.318905] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 172.324275] ? zap_class+0x740/0x740 [ 172.327991] ? percpu_ref_put_many+0x119/0x240 [ 172.332586] ? lock_downgrade+0x8f0/0x8f0 [ 172.336747] ? anon_vma_fork+0x651/0x960 [ 172.340814] ? lock_downgrade+0x8f0/0x8f0 [ 172.341925] FAT-fs (loop7): invalid media value (0x00) [ 172.344962] ? lock_release+0xa30/0xa30 [ 172.344979] ? percpu_ref_put_many+0x131/0x240 [ 172.344994] ? rcu_note_context_switch+0x730/0x730 [ 172.345019] ? copy_process.part.41+0x3384/0x73d0 [ 172.350305] FAT-fs (loop7): Can't find a valid FAT filesystem [ 172.354257] ? lock_downgrade+0x8f0/0x8f0 [ 172.354274] ? lock_release+0xa30/0xa30 [ 172.354292] ? rcu_note_context_switch+0x730/0x730 [ 172.387540] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 172.393091] ? __vma_link_rb+0x2a4/0x3f0 [ 172.397167] copy_process.part.41+0x5ead/0x73d0 [ 172.401864] ? __cleanup_sighand+0x70/0x70 [ 172.406110] ? lock_release+0xa30/0xa30 [ 172.410083] ? xas_descend+0x20c/0x5f0 [ 172.413956] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 172.418960] ? check_pgprot+0xdf/0x180 [ 172.422833] ? put_page+0x280/0x280 [ 172.426452] ? kasan_check_write+0x14/0x20 [ 172.430671] ? alloc_set_pte+0xaf6/0x1790 [ 172.434814] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 172.439826] ? filemap_map_pages+0xca2/0x1990 [ 172.444305] ? trace_hardirqs_on+0x10/0x10 [ 172.448526] ? xa_set_tag+0x40/0x40 [ 172.452149] ? perf_trace_lock+0xde/0x920 [ 172.456290] ? trace_hardirqs_on+0x10/0x10 [ 172.460510] ? trace_hardirqs_on+0x10/0x10 [ 172.464731] ? trace_hardirqs_on+0x10/0x10 [ 172.468955] ? find_get_entries_tag+0x1410/0x1410 [ 172.473785] ? perf_trace_lock+0xde/0x920 [ 172.477916] ? zap_class+0x740/0x740 [ 172.481625] ? zap_class+0x740/0x740 [ 172.485321] ? zap_class+0x740/0x740 [ 172.489030] ? shrink_dcache_sb+0x350/0x350 [ 172.493352] ? perf_trace_lock+0xde/0x920 [ 172.497572] ? lock_acquire+0x1e4/0x540 [ 172.501531] ? __fdget_pos+0x1bb/0x200 [ 172.505412] ? zap_class+0x740/0x740 [ 172.509116] ? lock_release+0xa30/0xa30 [ 172.513088] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 172.518609] ? _parse_integer+0x13b/0x190 [ 172.522739] ? perf_trace_lock+0xde/0x920 [ 172.526878] ? _kstrtoull+0x188/0x250 [ 172.530662] ? _parse_integer+0x190/0x190 [ 172.534798] ? zap_class+0x740/0x740 [ 172.538494] ? __check_object_size+0xa3/0x5d7 [ 172.542986] ? lock_acquire+0x1e4/0x540 [ 172.546960] ? get_pid_task+0xd8/0x1a0 [ 172.550852] ? perf_trace_lock+0xde/0x920 [ 172.554988] ? lock_release+0xa30/0xa30 [ 172.558974] ? zap_class+0x740/0x740 [ 172.562705] ? vmf_insert_mixed_mkwrite+0xa0/0xa0 [ 172.567585] ? __f_unlock_pos+0x19/0x20 [ 172.571555] ? lock_downgrade+0x8f0/0x8f0 [ 172.575725] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 172.581274] ? proc_fail_nth_write+0x9e/0x210 [ 172.585781] ? lock_acquire+0x1e4/0x540 [ 172.589767] _do_fork+0x291/0x12a0 [ 172.593306] ? fork_idle+0x1a0/0x1a0 [ 172.597013] ? fsnotify_first_mark+0x350/0x350 [ 172.601591] ? fsnotify+0x14e0/0x14e0 [ 172.605380] ? __sb_end_write+0xac/0xe0 [ 172.609352] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 172.614881] ? fput+0x130/0x1a0 [ 172.618155] ? ksys_write+0x1ae/0x260 [ 172.621959] ? __ia32_sys_read+0xb0/0xb0 [ 172.626015] ? syscall_slow_exit_work+0x500/0x500 [ 172.630863] __x64_sys_clone+0xbf/0x150 [ 172.634918] do_syscall_64+0x1b9/0x820 [ 172.638799] ? finish_task_switch+0x1d3/0x870 [ 172.643284] ? syscall_return_slowpath+0x5e0/0x5e0 [ 172.648212] ? syscall_return_slowpath+0x31d/0x5e0 [ 172.653144] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 172.658152] ? prepare_exit_to_usermode+0x291/0x3b0 [ 172.663160] ? perf_trace_sys_enter+0xb10/0xb10 [ 172.667821] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 172.672651] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 172.677829] RIP: 0033:0x455ab9 [ 172.681007] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 172.700193] RSP: 002b:00007fc93da34c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 172.707887] RAX: ffffffffffffffda RBX: 00007fc93da356d4 RCX: 0000000000455ab9 09:51:45 executing program 2: mkdir(&(0x7f00000003c0)='./control\x00', 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000480)={0xaa}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000200)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = creat(&(0x7f0000000040)='./control/file0\x00', 0x0) write$sndseq(r1, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) mkdir(&(0x7f0000000100)='./file0\x00', 0x0) r2 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000140)='/dev/dsp\x00', 0x0, 0x0) pwrite64(r1, &(0x7f0000000080), 0x0, 0x0) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='9p\x00', 0x0, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c}) close(r0) 09:51:45 executing program 5: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x80000000000002, &(0x7f0000000000)=0x78, 0x4) bind$inet(0xffffffffffffffff, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1=0xe0000001}, 0x10) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f00000000c0)={0x1, &(0x7f0000f40ff8)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000040)='dctcp\x00', 0x7fff) sendto$inet(r1, &(0x7f0000a88f88), 0xfffffffffffffe6e, 0x20000000, &(0x7f0000e68000)={0x2, 0x4004e23, @local={0xac, 0x14, 0x14, 0xaa}}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000001800)='nv\x00', 0x3) shutdown(r1, 0x1) 09:51:45 executing program 3: r0 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000040)='/dev/mixer\x00', 0x40, 0x0) getsockopt$inet_mreqn(r0, 0x0, 0x23, &(0x7f0000000080)={@multicast1, @multicast1}, &(0x7f00000000c0)=0xc) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x0, &(0x7f0000000300)="efa2c82d824137e94389f378cd8c9a78732eaa5707", &(0x7f0000000140), &(0x7f0000000280), &(0x7f00000002c0)) 09:51:45 executing program 6: r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x6ef44dbe, 0x10000) ioctl$GIO_FONT(r0, 0x4b60, &(0x7f0000000080)=""/118) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x0, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) 09:51:45 executing program 1: r0 = memfd_create(&(0x7f0000000100)="885d292b00", 0x0) write(r0, &(0x7f0000000080)="a8", 0x1) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1000001, 0x11, r0, 0x0) sendfile(r0, r0, &(0x7f0000000040), 0xff8) renameat(0xffffffffffffffff, &(0x7f0000000000)='.\x00', 0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00') 09:51:45 executing program 0: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = socket$inet(0x2, 0x0, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x80000000000002, &(0x7f0000000000)=0x78, 0x4) bind$inet(r1, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1=0xe0000001}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000040)='dctcp\x00', 0x7fff) sendto$inet(r1, &(0x7f0000a88f88), 0xfffffffffffffe6e, 0x20000000, &(0x7f0000e68000)={0x2, 0x4004e23, @local={0xac, 0x14, 0x14, 0xaa}}, 0x10) shutdown(r1, 0x1) [ 172.715153] RDX: 0000000020000240 RSI: 0000000020000140 RDI: 0000000000004000 [ 172.722416] RBP: 000000000072bea0 R08: 00000000200002c0 R09: 0000000000000000 [ 172.729679] R10: 0000000020000280 R11: 0000000000000246 R12: 0000000000000014 [ 172.737036] R13: 00000000004bb85d R14: 00000000004c8d28 R15: 0000000000000015 09:51:45 executing program 5: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x80000000000002, &(0x7f0000000000)=0x78, 0x4) bind$inet(r1, &(0x7f0000deb000)={0x2, 0x0, @multicast1=0xe0000001}, 0x10) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f00000000c0)={0x1, &(0x7f0000f40ff8)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000040)='dctcp\x00', 0x7fff) sendto$inet(r1, &(0x7f0000a88f88), 0xfffffffffffffe6e, 0x20000000, &(0x7f0000e68000)={0x2, 0x4004e23, @local={0xac, 0x14, 0x14, 0xaa}}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000001800)='nv\x00', 0x3) shutdown(r1, 0x1) 09:51:45 executing program 4 (fault-call:1 fault-nth:22): perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x4000, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) 09:51:45 executing program 0: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x80000000000002, &(0x7f0000000000)=0x78, 0x4) bind$inet(r1, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1=0xe0000001}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000040)='dctcp\x00', 0x7fff) sendto$inet(r1, &(0x7f0000a88f88), 0xfffffffffffffe6e, 0x20000000, &(0x7f0000e68000)={0x2, 0x4004e23, @local={0xac, 0x14, 0x14, 0xaa}}, 0x10) shutdown(r1, 0x1) [ 172.898875] FAULT_INJECTION: forcing a failure. [ 172.898875] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 172.910864] CPU: 0 PID: 10210 Comm: syz-executor4 Not tainted 4.18.0-rc5-next-20180720+ #12 [ 172.919372] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 172.929085] Call Trace: [ 172.931697] dump_stack+0x1c9/0x2b4 [ 172.935353] ? dump_stack_print_info.cold.2+0x52/0x52 [ 172.940573] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 172.946159] should_fail.cold.4+0xa/0x11 [ 172.950375] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 172.955511] ? perf_trace_run_bpf_submit+0x269/0x3b0 [ 172.960640] ? perf_trace_run_bpf_submit+0x270/0x3b0 [ 172.965761] ? lock_acquire+0x1e4/0x540 [ 172.969766] ? perf_tp_event+0xc40/0xc40 [ 172.973850] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 172.979417] ? memset+0x31/0x40 [ 172.982729] ? lock_acquire+0x1e4/0x540 [ 172.986718] ? fs_reclaim_acquire+0x20/0x20 [ 172.991059] ? lock_downgrade+0x8f0/0x8f0 [ 172.995232] ? check_same_owner+0x340/0x340 09:51:45 executing program 1: r0 = memfd_create(&(0x7f0000000100)="885d292b00", 0x0) write(r0, &(0x7f0000000080)="a8", 0x1) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x100000004, 0x5051, r0, 0x0) sendfile(r0, r0, &(0x7f0000000040), 0xff8) renameat(0xffffffffffffffff, &(0x7f0000000000)='.\x00', 0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00') [ 172.999580] ? rcu_note_context_switch+0x730/0x730 [ 173.004550] __alloc_pages_nodemask+0x36e/0xdb0 [ 173.009238] ? __alloc_pages_slowpath+0x2d00/0x2d00 [ 173.014288] ? __alloc_pages_slowpath+0x2d00/0x2d00 [ 173.019350] ? lock_acquire+0x1e4/0x540 [ 173.023350] ? __pud_alloc+0x28b/0x310 [ 173.027277] ? kasan_check_read+0x11/0x20 [ 173.031451] ? do_raw_spin_unlock+0xa7/0x2f0 [ 173.035889] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 173.040511] ? kasan_check_write+0x14/0x20 [ 173.044770] ? do_raw_spin_lock+0xc1/0x200 [ 173.049026] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 173.054941] alloc_pages_current+0x10c/0x210 [ 173.059405] __pmd_alloc+0x3f/0x530 [ 173.063055] copy_page_range+0x186f/0x24c0 [ 173.067310] ? perf_trace_run_bpf_submit+0x269/0x3b0 [ 173.072445] ? perf_tp_event+0xc40/0xc40 [ 173.076615] ? vma_interval_tree_augment_rotate+0x181/0x1e0 [ 173.082354] ? memset+0x31/0x40 [ 173.085662] ? __pmd_alloc+0x530/0x530 [ 173.089566] ? do_syscall_64+0x1b9/0x820 [ 173.093645] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 173.099030] ? zap_class+0x740/0x740 [ 173.102759] ? percpu_ref_put_many+0x119/0x240 [ 173.107358] ? lock_downgrade+0x8f0/0x8f0 [ 173.111538] ? anon_vma_fork+0x651/0x960 [ 173.115622] ? lock_downgrade+0x8f0/0x8f0 [ 173.119792] ? lock_release+0xa30/0xa30 [ 173.123781] ? percpu_ref_put_many+0x131/0x240 [ 173.128376] ? rcu_note_context_switch+0x730/0x730 [ 173.133334] ? copy_process.part.41+0x3384/0x73d0 [ 173.138192] ? lock_downgrade+0x8f0/0x8f0 [ 173.142363] ? lock_release+0xa30/0xa30 09:51:46 executing program 1: openat$cuse(0xffffffffffffff9c, &(0x7f0000000140)='/dev/cuse\x00', 0x40000, 0x0) r0 = memfd_create(&(0x7f0000000100)="885d292b00", 0x0) write(r0, &(0x7f0000000080)="a8", 0x1) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x11, r0, 0x0) sendfile(r0, r0, &(0x7f0000000040), 0xff8) write$FUSE_NOTIFY_DELETE(r0, &(0x7f0000000180)={0x2e, 0x6, 0x0, {0x4, 0x0, 0x5, 0x0, "885d292b00"}}, 0x2e) renameat(0xffffffffffffffff, &(0x7f0000000000)='.\x00', 0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00') [ 173.146361] ? rcu_note_context_switch+0x730/0x730 [ 173.151324] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 173.156879] ? __vma_link_rb+0x2a4/0x3f0 [ 173.160961] copy_process.part.41+0x5ead/0x73d0 [ 173.165682] ? __cleanup_sighand+0x70/0x70 [ 173.169934] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 173.175528] ? perf_tp_event+0x91b/0xc40 [ 173.179604] ? xas_descend+0x20c/0x5f0 [ 173.183518] ? perf_swevent_event+0x2e0/0x2e0 [ 173.188043] ? perf_swevent_event+0x158/0x2e0 [ 173.193385] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 173.198946] ? perf_tp_event+0x91b/0xc40 [ 173.203028] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 173.208067] ? filemap_map_pages+0xca2/0x1990 [ 173.212593] ? perf_swevent_event+0x2e0/0x2e0 [ 173.217116] ? perf_trace_run_bpf_submit+0x269/0x3b0 [ 173.222249] ? perf_trace_run_bpf_submit+0x269/0x3b0 [ 173.227383] ? perf_tp_event+0xc40/0xc40 [ 173.231478] ? perf_trace_run_bpf_submit+0x269/0x3b0 [ 173.236604] ? perf_trace_run_bpf_submit+0x269/0x3b0 [ 173.241719] ? perf_trace_run_bpf_submit+0x270/0x3b0 [ 173.246847] ? perf_tp_event+0xc40/0xc40 [ 173.250921] ? zap_class+0x740/0x740 [ 173.254659] ? perf_trace_run_bpf_submit+0x269/0x3b0 [ 173.259776] ? perf_trace_run_bpf_submit+0x269/0x3b0 [ 173.264893] ? perf_trace_run_bpf_submit+0x270/0x3b0 [ 173.270018] ? perf_tp_event+0xc40/0xc40 [ 173.274096] ? zap_class+0x740/0x740 [ 173.277828] ? memset+0x31/0x40 [ 173.281127] ? perf_trace_lock+0x49d/0x920 [ 173.285378] ? perf_trace_run_bpf_submit+0x269/0x3b0 [ 173.290509] ? zap_class+0x740/0x740 [ 173.294244] ? __check_object_size+0xa3/0x5d7 [ 173.298757] ? memset+0x31/0x40 [ 173.302069] ? zap_class+0x740/0x740 [ 173.305808] ? __f_unlock_pos+0x19/0x20 [ 173.309799] ? lock_downgrade+0x8f0/0x8f0 [ 173.313967] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 173.319524] ? proc_fail_nth_write+0x9e/0x210 [ 173.324131] ? lock_acquire+0x1e4/0x540 [ 173.328132] _do_fork+0x291/0x12a0 [ 173.331693] ? fork_idle+0x1a0/0x1a0 [ 173.335427] ? fsnotify_first_mark+0x350/0x350 [ 173.340044] ? fsnotify+0x14e0/0x14e0 [ 173.343875] ? __sb_end_write+0xac/0xe0 09:51:46 executing program 1: r0 = memfd_create(&(0x7f0000000100)="885d292b00", 0x0) write(r0, &(0x7f0000000080)="a8", 0x1) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x11, r0, 0x0) sendfile(r0, r0, &(0x7f0000000040), 0xff8) renameat(0xffffffffffffffff, &(0x7f0000000000)='.\x00', 0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00') getsockopt$inet_sctp_SCTP_LOCAL_AUTH_CHUNKS(r0, 0x84, 0x1b, &(0x7f0000000140)=ANY=[@ANYRES32=0x0, @ANYBLOB="8a001f0000007a7f5b51db0adc9ab6dd4aa92d9580e51a24c5995243b13f1798950a9e0715371a509c4f253dc1ef25564e32af08c9f98fb29699f78495b16d8e9395ff577ef04c1c86eff05cc2a95ded4da93385dce52c063ad1891ed09cda1c8b1d5695a32494d245d7141ca3329170697c962b16d5519ed3f25a012b21987a78a705761c78ae0d88131e1d163e"], &(0x7f0000000200)=0x92) splice(0xffffffffffffff9c, &(0x7f00000002c0), r0, &(0x7f0000000300), 0x8, 0x9) getsockopt$inet_sctp_SCTP_DELAYED_SACK(r0, 0x84, 0x10, &(0x7f0000000240)=@sack_info={r1, 0xfff, 0x6}, &(0x7f0000000280)=0xc) mknod(&(0x7f0000000340)='./file0\x00', 0x10, 0x49ff8d32) [ 173.347870] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 173.353432] ? fput+0x130/0x1a0 [ 173.356735] ? ksys_write+0x1ae/0x260 [ 173.360641] ? __ia32_sys_read+0xb0/0xb0 [ 173.364720] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 173.370289] __x64_sys_clone+0xbf/0x150 [ 173.374289] do_syscall_64+0x1b9/0x820 [ 173.378191] ? finish_task_switch+0x1d3/0x870 [ 173.382708] ? syscall_return_slowpath+0x5e0/0x5e0 [ 173.387657] ? syscall_return_slowpath+0x31d/0x5e0 [ 173.392602] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 173.397898] ? prepare_exit_to_usermode+0x291/0x3b0 [ 173.402958] ? perf_trace_sys_enter+0xb10/0xb10 [ 173.407648] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 173.412519] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 173.417722] RIP: 0033:0x455ab9 [ 173.420913] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 173.440497] RSP: 002b:00007fc93da34c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 09:51:46 executing program 3: socketpair(0x9, 0x8000f, 0x4, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) getsockopt$inet_sctp_SCTP_PRIMARY_ADDR(0xffffffffffffffff, 0x84, 0x6, &(0x7f0000000080)={0x0, @in6={{0xa, 0x4e21, 0x8, @loopback={0x0, 0x1}, 0x200}}}, &(0x7f0000000140)=0x84) getsockopt$inet_sctp6_SCTP_GET_PEER_ADDRS(r0, 0x84, 0x6c, &(0x7f00000002c0)={r1, 0xcb, "a8f97cfeef05f9e8e6152b58d914e3e1f5c814e9302a616dcd37e261bf815320afb23d05b7ae4a0454060a729f8e8fe5392461d94e96966a616b96d4cafbeb31ce0caf11953f47bec52f3c984cd2dd44736e12941927d2ebb916863cbac30c75ca9fccc3662ac145df5bb9022c7ee56d95cebc06f151e47169af8ce8d86d028a6c79c99cb310456f5acf228ad35653ea48f6bdd190fccd0889cba8881c7547875e1a1b15dd8569ece82b08fe7910abf00b957901c21f134768ffbad5dccb6023703c2660f463a79d930019"}, &(0x7f0000000200)=0xd3) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x0, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) 09:51:46 executing program 5: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x80000000000002, &(0x7f0000000000)=0x78, 0x4) bind$inet(r1, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1=0xe0000001}, 0x10) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f00000000c0)={0x1, &(0x7f0000f40ff8)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000040)='dctcp\x00', 0x7fff) sendto$inet(r1, &(0x7f0000a88f88), 0xfffffffffffffe6e, 0x20000000, &(0x7f0000e68000)={0x2, 0x4004e23, @local={0xac, 0x14, 0x14, 0xaa}}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000001800)='nv\x00', 0x3) shutdown(r1, 0x1) [ 173.448229] RAX: ffffffffffffffda RBX: 00007fc93da356d4 RCX: 0000000000455ab9 [ 173.455511] RDX: 0000000020000240 RSI: 0000000020000140 RDI: 0000000000004000 [ 173.462798] RBP: 000000000072bea0 R08: 00000000200002c0 R09: 0000000000000000 [ 173.470113] R10: 0000000020000280 R11: 0000000000000246 R12: 0000000000000014 [ 173.477397] R13: 00000000004bb85d R14: 00000000004c8d28 R15: 0000000000000016 09:51:46 executing program 6: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x100000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x10000000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndpcmp(&(0x7f0000000040)='/dev/snd/pcmC#D#p\x00', 0x100000000, 0x101000) ioctl$GIO_CMAP(r0, 0x4b70, &(0x7f0000000080)) clone(0x0, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) 09:51:46 executing program 7: syz_mount_image$vfat(&(0x7f0000000140)='vfat\x00', &(0x7f0000000100)='./file0\x00', 0x10001, 0x1, &(0x7f0000000040)=[{&(0x7f0000010000)="eb64c86d6b66732e666174000204410005", 0x11}], 0x0, &(0x7f0000000240)=ANY=[]) r0 = open(&(0x7f00000001c0)='./file0/file0\x00', 0x3bffa, 0x0) io_setup(0x7, &(0x7f0000000000)=0x0) write$binfmt_elf32(r0, &(0x7f0000000180)=ANY=[@ANYRES64], 0xfffffe45) io_submit(r1, 0x1, &(0x7f0000000400)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r0, &(0x7f00000002c0)="80", 0x1}]) [ 173.653923] 9pnet: Insufficient options for proto=fd 09:51:46 executing program 1: r0 = memfd_create(&(0x7f0000000100)="885d292b00", 0x0) write(r0, &(0x7f0000000080)="a8", 0x1) ioctl$SNDRV_TIMER_IOCTL_GINFO(r0, 0xc0f85403, &(0x7f0000000140)={{0x0, 0x3, 0x7fffffff, 0x1, 0xc}, 0x100, 0x1ff, 'id0\x00', 'timer1\x00', 0x0, 0x8, 0x66a, 0x9, 0x100000001}) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x3, 0x11, r0, 0x0) sendfile(r0, r0, &(0x7f0000000040), 0xff8) renameat(0xffffffffffffffff, &(0x7f0000000000)='.\x00', 0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00') ioctl$BLKRRPART(r0, 0x125f, 0x0) 09:51:46 executing program 2: mkdir(&(0x7f00000003c0)='./control\x00', 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000480)={0xaa}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000200)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = creat(&(0x7f0000000040)='./control/file0\x00', 0x0) write$sndseq(r1, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) mkdir(&(0x7f0000000100)='./file0\x00', 0x0) r2 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000140)='/dev/dsp\x00', 0x0, 0x0) pwrite64(r1, &(0x7f0000000080), 0x0, 0x0) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='9p\x00', 0x0, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c}) close(r0) 09:51:46 executing program 4 (fault-call:1 fault-nth:23): perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x4000, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) 09:51:46 executing program 0: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x80000000000002, &(0x7f0000000000)=0x78, 0x4) bind$inet(r1, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1=0xe0000001}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000040)='dctcp\x00', 0x7fff) sendto$inet(r1, &(0x7f0000a88f88), 0xfffffffffffffe6e, 0x20000000, &(0x7f0000e68000)={0x2, 0x4004e23, @local={0xac, 0x14, 0x14, 0xaa}}, 0x10) shutdown(r1, 0x1) [ 173.752989] FAULT_INJECTION: forcing a failure. [ 173.752989] name failslab, interval 1, probability 0, space 0, times 0 [ 173.764286] CPU: 1 PID: 10248 Comm: syz-executor4 Not tainted 4.18.0-rc5-next-20180720+ #12 [ 173.772870] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 173.782230] Call Trace: [ 173.784832] dump_stack+0x1c9/0x2b4 [ 173.788473] ? dump_stack_print_info.cold.2+0x52/0x52 [ 173.793681] ? lock_release+0xa30/0xa30 [ 173.797669] ? perf_trace_lock+0xde/0x920 09:51:46 executing program 6: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x0, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) r0 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/net/pfkey\x00', 0x0, 0x0) connect$nfc_llcp(r0, &(0x7f0000000080)={0x27, 0x0, 0x2, 0x5, 0xffffffffffffff9d, 0x7fff, "125221663b441f65444a712dc9449c89e459313a9a19b867d4d41bb918fba4316f8b3fd3983ac43badddf9c0a0abf410131a7ee29de2bad146de16c3f990c6", 0x31}, 0x60) [ 173.801841] should_fail.cold.4+0xa/0x11 [ 173.806020] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 173.811135] ? percpu_ref_put_many+0x131/0x240 [ 173.815724] ? memcg_kmem_charge_memcg+0x7c/0x120 [ 173.820579] ? mem_cgroup_id_get_online+0x310/0x310 [ 173.825606] ? rcu_note_context_switch+0x730/0x730 [ 173.830549] ? memcg_kmem_charge+0x1c2/0x300 [ 173.834979] ? __alloc_pages_nodemask+0x6e3/0xdb0 [ 173.839835] ? __alloc_pages_slowpath+0x2d00/0x2d00 [ 173.844857] ? lock_acquire+0x1e4/0x540 [ 173.848821] ? fs_reclaim_acquire+0x20/0x20 [ 173.853129] ? lock_downgrade+0x8f0/0x8f0 [ 173.857263] ? check_same_owner+0x340/0x340 [ 173.861569] ? rcu_note_context_switch+0x730/0x730 [ 173.866484] ? kasan_check_read+0x11/0x20 [ 173.870620] __should_failslab+0x124/0x180 [ 173.874841] should_failslab+0x9/0x14 [ 173.878647] kmem_cache_alloc+0x2af/0x760 [ 173.882790] ? alloc_pages_current+0x114/0x210 [ 173.887361] __pmd_alloc+0xc3/0x530 [ 173.890974] copy_page_range+0x186f/0x24c0 [ 173.895193] ? kernel_text_address+0x79/0xf0 [ 173.899587] ? __kernel_text_address+0xd/0x40 [ 173.904071] ? vma_interval_tree_augment_rotate+0x181/0x1e0 [ 173.909774] ? rb_insert_color_cached+0x14c0/0x14c0 [ 173.914772] ? save_stack+0x43/0xd0 [ 173.918383] ? kasan_slab_alloc+0x12/0x20 [ 173.922516] ? __pmd_alloc+0x530/0x530 [ 173.926392] ? perf_trace_lock+0xde/0x920 [ 173.930525] ? do_syscall_64+0x1b9/0x820 [ 173.934576] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 173.939926] ? zap_class+0x740/0x740 [ 173.943628] ? percpu_ref_put_many+0x119/0x240 [ 173.948196] ? lock_downgrade+0x8f0/0x8f0 [ 173.952335] ? anon_vma_fork+0x651/0x960 [ 173.956471] ? lock_downgrade+0x8f0/0x8f0 [ 173.960608] ? lock_release+0xa30/0xa30 [ 173.964579] ? percpu_ref_put_many+0x131/0x240 [ 173.969147] ? rcu_note_context_switch+0x730/0x730 [ 173.974063] ? copy_process.part.41+0x3384/0x73d0 [ 173.978891] ? lock_downgrade+0x8f0/0x8f0 [ 173.983035] ? lock_release+0xa30/0xa30 [ 173.987000] ? rcu_note_context_switch+0x730/0x730 [ 173.991922] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 173.997444] ? __vma_link_rb+0x2a4/0x3f0 [ 174.004789] copy_process.part.41+0x5ead/0x73d0 [ 174.009464] ? __cleanup_sighand+0x70/0x70 [ 174.013683] ? lock_release+0xa30/0xa30 [ 174.017650] ? xas_descend+0x20c/0x5f0 [ 174.021522] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 174.026521] ? check_pgprot+0xdf/0x180 [ 174.030392] ? put_page+0x280/0x280 [ 174.034007] ? kasan_check_write+0x14/0x20 [ 174.038243] ? alloc_set_pte+0xaf6/0x1790 [ 174.042381] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 174.047385] ? filemap_map_pages+0xca2/0x1990 [ 174.051879] ? trace_hardirqs_on+0x10/0x10 [ 174.056108] ? xa_set_tag+0x40/0x40 [ 174.059722] ? perf_trace_lock+0xde/0x920 [ 174.063857] ? trace_hardirqs_on+0x10/0x10 [ 174.068856] ? trace_hardirqs_on+0x10/0x10 [ 174.073077] ? trace_hardirqs_on+0x10/0x10 [ 174.077302] ? find_get_entries_tag+0x1410/0x1410 [ 174.082143] ? perf_trace_lock+0xde/0x920 [ 174.086277] ? zap_class+0x740/0x740 [ 174.089979] ? zap_class+0x740/0x740 [ 174.093679] ? zap_class+0x740/0x740 [ 174.097379] ? shrink_dcache_sb+0x350/0x350 [ 174.101687] ? perf_trace_lock+0xde/0x920 [ 174.105820] ? lock_acquire+0x1e4/0x540 [ 174.109777] ? __fdget_pos+0x1bb/0x200 [ 174.113652] ? zap_class+0x740/0x740 [ 174.122318] ? lock_release+0xa30/0xa30 [ 174.126290] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 174.131817] ? _parse_integer+0x13b/0x190 [ 174.135963] ? perf_trace_lock+0xde/0x920 [ 174.140798] ? _kstrtoull+0x188/0x250 [ 174.144599] ? _parse_integer+0x190/0x190 [ 174.148731] ? zap_class+0x740/0x740 [ 174.152444] ? __check_object_size+0xa3/0x5d7 [ 174.156926] ? lock_acquire+0x1e4/0x540 [ 174.160887] ? get_pid_task+0xd8/0x1a0 [ 174.164769] ? perf_trace_lock+0xde/0x920 [ 174.168901] ? lock_release+0xa30/0xa30 [ 174.172861] ? zap_class+0x740/0x740 [ 174.176563] ? vmf_insert_mixed_mkwrite+0xa0/0xa0 [ 174.181387] ? __f_unlock_pos+0x19/0x20 [ 174.185343] ? lock_downgrade+0x8f0/0x8f0 [ 174.189479] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 174.195005] ? proc_fail_nth_write+0x9e/0x210 [ 174.199489] ? lock_acquire+0x1e4/0x540 [ 174.203456] _do_fork+0x291/0x12a0 [ 174.206989] ? fork_idle+0x1a0/0x1a0 [ 174.210693] ? fsnotify_first_mark+0x350/0x350 [ 174.215261] ? fsnotify+0x14e0/0x14e0 [ 174.219051] ? __sb_end_write+0xac/0xe0 [ 174.223017] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 174.228536] ? fput+0x130/0x1a0 [ 174.231800] ? ksys_write+0x1ae/0x260 [ 174.235600] ? __ia32_sys_read+0xb0/0xb0 [ 174.239649] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 174.245172] __x64_sys_clone+0xbf/0x150 [ 174.249136] do_syscall_64+0x1b9/0x820 [ 174.253009] ? finish_task_switch+0x1d3/0x870 [ 174.257494] ? syscall_return_slowpath+0x5e0/0x5e0 [ 174.262407] ? syscall_return_slowpath+0x31d/0x5e0 [ 174.267322] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 174.272325] ? prepare_exit_to_usermode+0x291/0x3b0 [ 174.277329] ? perf_trace_sys_enter+0xb10/0xb10 [ 174.281981] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 174.286826] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 174.291999] RIP: 0033:0x455ab9 [ 174.295188] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 174.314392] RSP: 002b:00007fc93da34c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 174.322087] RAX: ffffffffffffffda RBX: 00007fc93da356d4 RCX: 0000000000455ab9 [ 174.329357] RDX: 0000000020000240 RSI: 0000000020000140 RDI: 0000000000004000 [ 174.336628] RBP: 000000000072bea0 R08: 00000000200002c0 R09: 0000000000000000 [ 174.343881] R10: 0000000020000280 R11: 0000000000000246 R12: 0000000000000014 [ 174.351135] R13: 00000000004bb85d R14: 00000000004c8d28 R15: 0000000000000017 09:51:47 executing program 4 (fault-call:1 fault-nth:24): perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x4000, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) [ 174.405706] FAT-fs (loop7): invalid media value (0x00) [ 174.411100] FAT-fs (loop7): Can't find a valid FAT filesystem [ 174.429889] FAULT_INJECTION: forcing a failure. [ 174.429889] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 174.441845] CPU: 1 PID: 10266 Comm: syz-executor4 Not tainted 4.18.0-rc5-next-20180720+ #12 [ 174.450352] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 174.459715] Call Trace: [ 174.462329] dump_stack+0x1c9/0x2b4 [ 174.465974] ? dump_stack_print_info.cold.2+0x52/0x52 [ 174.471175] ? perf_trace_lock+0xde/0x920 [ 174.475341] should_fail.cold.4+0xa/0x11 [ 174.479504] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 174.484618] ? kasan_check_read+0x11/0x20 [ 174.488777] ? rcu_is_watching+0x8c/0x150 [ 174.492951] ? trace_hardirqs_on+0x10/0x10 [ 174.497191] ? is_bpf_text_address+0xd7/0x170 [ 174.501719] ? kernel_text_address+0x79/0xf0 09:51:47 executing program 6: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x0, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) clone(0x1000000, &(0x7f0000000040)="f35e370999fd0a23a61e68fc22e47ef9181753b44fcd52c33befc7feb2ed8089ad10867044daf6ebcece99b8af9a265d4aeef14e432acbcdcd84e225e109962a9d5cfe61fe2f1a4f66cff9fa0e60a5d65ece3fa28af1afb0f3ec4baa4e463ecb263910ef9108e8fc6f2d50225c65defc0213e346d9a9299e321758268ee773e4bb2c4251cedd0bcc03a7912554f34327fe14ea90765b07f43239db42fb", &(0x7f0000000100), &(0x7f0000000140), &(0x7f00000002c0)="1a844acca6374558a2a1ac69d5237f9ba402b618fc1cfe821b0b1d83b5726bda9072fc920c20c96789640a3f50e9130892ac513cba751e8d180bfb373f3aecb8a73a4aea2a72b4d606d774e9edccb2ad") [ 174.506137] ? __kernel_text_address+0xd/0x40 [ 174.510647] ? lock_acquire+0x1e4/0x540 [ 174.514642] ? fs_reclaim_acquire+0x20/0x20 [ 174.518973] ? lock_downgrade+0x8f0/0x8f0 [ 174.523133] ? check_same_owner+0x340/0x340 [ 174.527463] ? rcu_note_context_switch+0x730/0x730 [ 174.532415] __alloc_pages_nodemask+0x36e/0xdb0 [ 174.537100] ? __alloc_pages_slowpath+0x2d00/0x2d00 [ 174.542158] ? fs_reclaim_acquire+0x20/0x20 [ 174.546490] ? lock_downgrade+0x8f0/0x8f0 [ 174.550662] ? lock_acquire+0x1e4/0x540 [ 174.554645] ? __pmd_alloc+0x43d/0x530 [ 174.558545] ? lock_downgrade+0x8f0/0x8f0 [ 174.562712] ? kasan_check_read+0x11/0x20 [ 174.566896] ? do_raw_spin_unlock+0xa7/0x2f0 [ 174.571679] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 174.577231] alloc_pages_current+0x10c/0x210 [ 174.581651] ? do_raw_spin_lock+0xc1/0x200 [ 174.585898] pte_alloc_one+0x1b/0x1a0 [ 174.589713] __pte_alloc+0x2a/0x3c0 [ 174.593353] copy_page_range+0x1670/0x24c0 [ 174.597600] ? kernel_text_address+0x79/0xf0 [ 174.602018] ? __kernel_text_address+0xd/0x40 09:51:47 executing program 5: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x80000000000002, &(0x7f0000000000)=0x78, 0x4) bind$inet(r1, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1=0xe0000001}, 0x10) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f00000000c0)={0x1, &(0x7f0000f40ff8)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000040)='dctcp\x00', 0x7fff) sendto$inet(r1, &(0x7f0000a88f88), 0xfffffffffffffe6e, 0x20000000, &(0x7f0000e68000)={0x2, 0x4004e23, @local={0xac, 0x14, 0x14, 0xaa}}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000001800)='nv\x00', 0x3) shutdown(r1, 0x1) [ 174.606546] ? __pmd_alloc+0x530/0x530 [ 174.610449] ? perf_trace_lock+0xde/0x920 [ 174.614604] ? do_syscall_64+0x1b9/0x820 [ 174.618705] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 174.624085] ? zap_class+0x740/0x740 [ 174.627802] ? percpu_ref_put_many+0x119/0x240 [ 174.630345] 9pnet: Insufficient options for proto=fd [ 174.632395] ? lock_downgrade+0x8f0/0x8f0 [ 174.632417] ? anon_vma_fork+0x651/0x960 [ 174.632436] ? lock_downgrade+0x8f0/0x8f0 [ 174.649848] ? lock_release+0xa30/0xa30 09:51:47 executing program 2: mkdir(&(0x7f00000003c0)='./control\x00', 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000480)={0xaa}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000200)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = creat(&(0x7f0000000040)='./control/file0\x00', 0x0) write$sndseq(r1, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) mkdir(&(0x7f0000000100)='./file0\x00', 0x0) r2 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000140)='/dev/dsp\x00', 0x0, 0x0) pwrite64(r1, &(0x7f0000000080), 0x0, 0x0) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='9p\x00', 0x0, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c}) close(r0) [ 174.653840] ? percpu_ref_put_many+0x131/0x240 [ 174.658441] ? rcu_note_context_switch+0x730/0x730 [ 174.663393] ? copy_process.part.41+0x3384/0x73d0 [ 174.668252] ? lock_downgrade+0x8f0/0x8f0 [ 174.672417] ? lock_release+0xa30/0xa30 [ 174.676420] ? rcu_note_context_switch+0x730/0x730 [ 174.681384] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 174.686947] ? __vma_link_rb+0x2a4/0x3f0 [ 174.691115] copy_process.part.41+0x5ead/0x73d0 [ 174.696244] ? __cleanup_sighand+0x70/0x70 [ 174.700489] ? lock_release+0xa30/0xa30 09:51:47 executing program 1: r0 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000140)='/dev/vsock\x00', 0x220000, 0x0) getsockopt$inet_sctp_SCTP_LOCAL_AUTH_CHUNKS(0xffffffffffffffff, 0x84, 0x1b, &(0x7f0000000180)={0x0, 0x17, "5b123473a3530fa462ea17638552dc783a1f6daa4f655a"}, &(0x7f00000001c0)=0x1f) getsockopt$inet_sctp_SCTP_CONTEXT(r0, 0x84, 0x11, &(0x7f0000000200)={r1}, &(0x7f0000000240)=0x8) r2 = memfd_create(&(0x7f0000000100)="885d292b00", 0x0) write(r2, &(0x7f0000000080)="a8", 0x1) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x11, r2, 0x0) sendfile(r2, r2, &(0x7f0000000040), 0xff8) renameat(0xffffffffffffffff, &(0x7f0000000000)='.\x00', 0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00') [ 174.704469] ? xas_descend+0x20c/0x5f0 [ 174.708371] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 174.713398] ? check_pgprot+0xdf/0x180 [ 174.717298] ? put_page+0x280/0x280 [ 174.720941] ? kasan_check_write+0x14/0x20 [ 174.725199] ? alloc_set_pte+0xaf6/0x1790 [ 174.729364] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 174.734403] ? filemap_map_pages+0xca2/0x1990 [ 174.739093] ? trace_hardirqs_on+0x10/0x10 [ 174.743338] ? xa_set_tag+0x40/0x40 [ 174.746978] ? perf_trace_lock+0xde/0x920 [ 174.751138] ? trace_hardirqs_on+0x10/0x10 [ 174.757215] ? trace_hardirqs_on+0x10/0x10 [ 174.761575] ? trace_hardirqs_on+0x10/0x10 [ 174.765828] ? find_get_entries_tag+0x1410/0x1410 [ 174.770692] ? perf_trace_lock+0xde/0x920 [ 174.774854] ? zap_class+0x740/0x740 [ 174.778663] ? zap_class+0x740/0x740 [ 174.782389] ? zap_class+0x740/0x740 [ 174.786114] ? shrink_dcache_sb+0x350/0x350 [ 174.790445] ? perf_trace_lock+0xde/0x920 [ 174.794632] ? lock_acquire+0x1e4/0x540 [ 174.798632] ? __fdget_pos+0x1bb/0x200 [ 174.802531] ? zap_class+0x740/0x740 09:51:47 executing program 0: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x80000000000002, &(0x7f0000000000)=0x78, 0x4) bind$inet(r1, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1=0xe0000001}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000040)='dctcp\x00', 0x7fff) sendto$inet(r1, &(0x7f0000a88f88), 0xfffffffffffffe6e, 0x20000000, &(0x7f0000e68000)={0x2, 0x4004e23, @local={0xac, 0x14, 0x14, 0xaa}}, 0x10) shutdown(r1, 0x1) [ 174.806469] ? lock_release+0xa30/0xa30 [ 174.810480] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 174.816032] ? _parse_integer+0x13b/0x190 [ 174.820197] ? perf_trace_lock+0xde/0x920 [ 174.824355] ? _kstrtoull+0x188/0x250 [ 174.828168] ? _parse_integer+0x190/0x190 [ 174.832347] ? zap_class+0x740/0x740 [ 174.836071] ? __check_object_size+0xa3/0x5d7 [ 174.840611] ? lock_acquire+0x1e4/0x540 [ 174.844682] ? get_pid_task+0xd8/0x1a0 [ 174.848701] ? perf_trace_lock+0xde/0x920 [ 174.852877] ? lock_release+0xa30/0xa30 [ 174.856871] ? zap_class+0x740/0x740 [ 174.860613] ? vmf_insert_mixed_mkwrite+0xa0/0xa0 [ 174.865467] ? __f_unlock_pos+0x19/0x20 [ 174.869450] ? lock_downgrade+0x8f0/0x8f0 [ 174.873617] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 174.879164] ? proc_fail_nth_write+0x9e/0x210 [ 174.883675] ? lock_acquire+0x1e4/0x540 [ 174.887661] _do_fork+0x291/0x12a0 [ 174.891213] ? fork_idle+0x1a0/0x1a0 [ 174.894945] ? fsnotify_first_mark+0x350/0x350 [ 174.899529] ? fsnotify+0x14e0/0x14e0 [ 174.903348] ? __sb_end_write+0xac/0xe0 09:51:47 executing program 6: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x0, &(0x7f0000000080)="508ecaac8a3579", &(0x7f0000000240), &(0x7f00000000c0), &(0x7f0000000100)="a43f433354681b1a8e968c77fc3dfe924a00a0e6eebf8233e39359ffc341e3a236c5c89e8547e3d3bd4feb25f7e792427b1ea2d151cf757e08d3f339e95275a2331ec2b2bfaf411f357caccaa0000000000000000000000000000000") [ 174.907333] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 174.912885] ? fput+0x130/0x1a0 [ 174.916179] ? ksys_write+0x1ae/0x260 [ 174.919991] ? __ia32_sys_read+0xb0/0xb0 [ 174.924060] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 174.929607] __x64_sys_clone+0xbf/0x150 [ 174.933594] do_syscall_64+0x1b9/0x820 [ 174.937496] ? finish_task_switch+0x1d3/0x870 [ 174.942008] ? syscall_return_slowpath+0x5e0/0x5e0 [ 174.946949] ? syscall_return_slowpath+0x31d/0x5e0 [ 174.951894] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 174.956940] ? prepare_exit_to_usermode+0x291/0x3b0 [ 174.961965] ? perf_trace_sys_enter+0xb10/0xb10 [ 174.966645] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 174.971545] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 174.976747] RIP: 0033:0x455ab9 [ 174.979954] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 174.999286] RSP: 002b:00007fc93da34c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 175.007009] RAX: ffffffffffffffda RBX: 00007fc93da356d4 RCX: 0000000000455ab9 [ 175.014318] RDX: 0000000020000240 RSI: 0000000020000140 RDI: 0000000000004000 [ 175.021599] RBP: 000000000072bea0 R08: 00000000200002c0 R09: 0000000000000000 [ 175.029713] R10: 0000000020000280 R11: 0000000000000246 R12: 0000000000000014 [ 175.036995] R13: 00000000004bb85d R14: 00000000004c8d28 R15: 0000000000000018 09:51:48 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = open(&(0x7f0000000040)='./file0\x00', 0x0, 0x0) r1 = syz_open_dev$vcsn(&(0x7f0000000080)='/dev/vcs#\x00', 0x8, 0x501201) ioctl$TUNSETSTEERINGEBPF(r0, 0x800454e0, &(0x7f00000000c0)=r1) clone(0x0, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) 09:51:48 executing program 6: clone(0x0, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) 09:51:48 executing program 4 (fault-call:1 fault-nth:25): perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x4000, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) [ 175.331283] FAULT_INJECTION: forcing a failure. [ 175.331283] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 175.343215] CPU: 1 PID: 10305 Comm: syz-executor4 Not tainted 4.18.0-rc5-next-20180720+ #12 [ 175.351718] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 175.361186] Call Trace: [ 175.363795] dump_stack+0x1c9/0x2b4 [ 175.367441] ? dump_stack_print_info.cold.2+0x52/0x52 [ 175.372643] ? perf_trace_lock+0xde/0x920 [ 175.376814] should_fail.cold.4+0xa/0x11 [ 175.380900] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 175.386020] ? kasan_check_read+0x11/0x20 [ 175.390181] ? rcu_is_watching+0x8c/0x150 [ 175.394353] ? trace_hardirqs_on+0x10/0x10 [ 175.398602] ? is_bpf_text_address+0xd7/0x170 [ 175.403143] ? kernel_text_address+0x79/0xf0 [ 175.407576] ? __kernel_text_address+0xd/0x40 [ 175.412098] ? lock_acquire+0x1e4/0x540 [ 175.416095] ? fs_reclaim_acquire+0x20/0x20 [ 175.420464] ? lock_downgrade+0x8f0/0x8f0 [ 175.424636] ? check_same_owner+0x340/0x340 [ 175.428990] ? rcu_note_context_switch+0x730/0x730 [ 175.433947] __alloc_pages_nodemask+0x36e/0xdb0 [ 175.438634] ? __alloc_pages_slowpath+0x2d00/0x2d00 [ 175.443667] ? fs_reclaim_acquire+0x20/0x20 [ 175.448003] ? lock_downgrade+0x8f0/0x8f0 [ 175.452169] ? lock_acquire+0x1e4/0x540 [ 175.456156] ? __pmd_alloc+0x43d/0x530 [ 175.460056] ? lock_downgrade+0x8f0/0x8f0 [ 175.464225] ? kasan_check_read+0x11/0x20 [ 175.468388] ? do_raw_spin_unlock+0xa7/0x2f0 [ 175.472819] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 175.478382] alloc_pages_current+0x10c/0x210 [ 175.482804] ? do_raw_spin_lock+0xc1/0x200 [ 175.487178] pte_alloc_one+0x1b/0x1a0 [ 175.490976] __pte_alloc+0x2a/0x3c0 [ 175.494597] copy_page_range+0x1670/0x24c0 [ 175.498823] ? kernel_text_address+0x79/0xf0 [ 175.503274] ? __kernel_text_address+0xd/0x40 [ 175.507774] ? __pmd_alloc+0x530/0x530 [ 175.511653] ? perf_trace_lock+0xde/0x920 [ 175.515812] ? do_syscall_64+0x1b9/0x820 [ 175.519889] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 175.525264] ? zap_class+0x740/0x740 [ 175.528978] ? percpu_ref_put_many+0x119/0x240 [ 175.533558] ? lock_downgrade+0x8f0/0x8f0 [ 175.537705] ? anon_vma_fork+0x651/0x960 [ 175.541750] ? lock_downgrade+0x8f0/0x8f0 [ 175.545907] ? lock_release+0xa30/0xa30 [ 175.549872] ? percpu_ref_put_many+0x131/0x240 [ 175.554460] ? rcu_note_context_switch+0x730/0x730 [ 175.559388] ? copy_process.part.41+0x3384/0x73d0 [ 175.564229] ? lock_downgrade+0x8f0/0x8f0 [ 175.568376] ? lock_release+0xa30/0xa30 [ 175.572354] ? rcu_note_context_switch+0x730/0x730 [ 175.577285] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 175.582821] ? __vma_link_rb+0x2a4/0x3f0 [ 175.586879] copy_process.part.41+0x5ead/0x73d0 [ 175.591580] ? __cleanup_sighand+0x70/0x70 [ 175.595823] ? lock_release+0xa30/0xa30 [ 175.599800] ? xas_descend+0x20c/0x5f0 [ 175.603680] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 175.608684] ? check_pgprot+0xdf/0x180 [ 175.612565] ? put_page+0x280/0x280 [ 175.616182] ? kasan_check_write+0x14/0x20 [ 175.620418] ? alloc_set_pte+0xaf6/0x1790 [ 175.624578] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 175.629602] ? filemap_map_pages+0xca2/0x1990 [ 175.634099] ? trace_hardirqs_on+0x10/0x10 [ 175.638344] ? xa_set_tag+0x40/0x40 [ 175.641982] ? perf_trace_lock+0xde/0x920 [ 175.646141] ? trace_hardirqs_on+0x10/0x10 [ 175.650378] ? trace_hardirqs_on+0x10/0x10 [ 175.654606] ? trace_hardirqs_on+0x10/0x10 [ 175.658832] ? find_get_entries_tag+0x1410/0x1410 [ 175.663673] ? perf_trace_lock+0xde/0x920 [ 175.667815] ? zap_class+0x740/0x740 [ 175.671512] ? zap_class+0x740/0x740 [ 175.675215] ? zap_class+0x740/0x740 [ 175.678917] ? shrink_dcache_sb+0x350/0x350 [ 175.683226] ? perf_trace_lock+0xde/0x920 [ 175.687359] ? lock_acquire+0x1e4/0x540 [ 175.691317] ? __fdget_pos+0x1bb/0x200 [ 175.695188] ? zap_class+0x740/0x740 [ 175.698887] ? lock_release+0xa30/0xa30 [ 175.703986] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 175.709520] ? _parse_integer+0x13b/0x190 [ 175.709948] 9pnet: Insufficient options for proto=fd [ 175.713667] ? perf_trace_lock+0xde/0x920 [ 175.713681] ? _kstrtoull+0x188/0x250 [ 175.713695] ? _parse_integer+0x190/0x190 [ 175.713712] ? zap_class+0x740/0x740 [ 175.734518] ? __check_object_size+0xa3/0x5d7 [ 175.739009] ? lock_acquire+0x1e4/0x540 [ 175.743240] ? get_pid_task+0xd8/0x1a0 [ 175.747113] ? perf_trace_lock+0xde/0x920 [ 175.751246] ? lock_release+0xa30/0xa30 [ 175.755210] ? zap_class+0x740/0x740 [ 175.758916] ? vmf_insert_mixed_mkwrite+0xa0/0xa0 [ 175.763757] ? __f_unlock_pos+0x19/0x20 [ 175.767718] ? lock_downgrade+0x8f0/0x8f0 [ 175.771864] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 175.777394] ? proc_fail_nth_write+0x9e/0x210 [ 175.781902] ? lock_acquire+0x1e4/0x540 [ 175.785865] _do_fork+0x291/0x12a0 [ 175.789405] ? fork_idle+0x1a0/0x1a0 [ 175.793119] ? fsnotify_first_mark+0x350/0x350 [ 175.797685] ? fsnotify+0x14e0/0x14e0 [ 175.801472] ? __sb_end_write+0xac/0xe0 [ 175.805430] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 175.810959] ? fput+0x130/0x1a0 [ 175.814238] ? ksys_write+0x1ae/0x260 [ 175.818038] ? __ia32_sys_read+0xb0/0xb0 [ 175.822089] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 175.827634] __x64_sys_clone+0xbf/0x150 [ 175.831608] do_syscall_64+0x1b9/0x820 [ 175.835478] ? finish_task_switch+0x1d3/0x870 [ 175.839968] ? syscall_return_slowpath+0x5e0/0x5e0 [ 175.844887] ? syscall_return_slowpath+0x31d/0x5e0 [ 175.849815] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 175.854838] ? prepare_exit_to_usermode+0x291/0x3b0 [ 175.859863] ? perf_trace_sys_enter+0xb10/0xb10 [ 175.864544] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 175.869396] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 175.874590] RIP: 0033:0x455ab9 [ 175.877772] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 175.897072] RSP: 002b:00007fc93da34c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 175.904877] RAX: ffffffffffffffda RBX: 00007fc93da356d4 RCX: 0000000000455ab9 [ 175.912159] RDX: 0000000020000240 RSI: 0000000020000140 RDI: 0000000000004000 [ 175.919426] RBP: 000000000072bea0 R08: 00000000200002c0 R09: 0000000000000000 [ 175.926679] R10: 0000000020000280 R11: 0000000000000246 R12: 0000000000000014 09:51:48 executing program 7: syz_mount_image$vfat(&(0x7f0000000140)='vfat\x00', &(0x7f0000000100)='./file0\x00', 0x10001, 0x1, &(0x7f0000000040)=[{&(0x7f0000010000)="eb64c86d6b66732e666174000204410005", 0x11}], 0x0, &(0x7f0000000240)=ANY=[]) r0 = open(&(0x7f00000001c0)='./file0/file0\x00', 0x3bffa, 0x0) io_setup(0x7, &(0x7f0000000000)=0x0) write$binfmt_elf32(r0, &(0x7f0000000180)=ANY=[@ANYRES64], 0xfffffe45) io_submit(r1, 0x1, &(0x7f0000000400)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r0, &(0x7f00000002c0)="80", 0x1}]) 09:51:48 executing program 1: r0 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/autofs\x00', 0x74704c14585a2d3a, 0x0) getsockopt$inet_sctp6_SCTP_PR_ASSOC_STATUS(0xffffffffffffff9c, 0x84, 0x73, &(0x7f0000000180)={0x0, 0x9, 0x20, 0x6, 0x3}, &(0x7f0000000200)=0x18) setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r0, 0x84, 0x1f, &(0x7f0000000240)={r1, @in={{0x2, 0x4e22, @loopback=0x7f000001}}, 0xfffffffffffffffc, 0x9}, 0x90) ioctl$TUNSETLINK(r0, 0x400454cd, 0x33f) r2 = memfd_create(&(0x7f0000000100)="885d292b00", 0x0) write(r2, &(0x7f0000000080)="a8", 0x1) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x11, r2, 0x0) ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r2, 0x54a2) write$FUSE_GETXATTR(r2, &(0x7f0000000300)={0x18, 0xffffffffffffffda, 0x3}, 0x18) setsockopt$XDP_RX_RING(r2, 0x11b, 0x2, &(0x7f0000000140)=0x58, 0x4) sendfile(r2, r2, &(0x7f0000000040), 0xff8) lseek(r2, 0x0, 0x0) renameat(0xffffffffffffffff, &(0x7f00000001c0)='.\x00', r2, &(0x7f00000000c0)='./file0\x00') 09:51:48 executing program 6: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$amidi(&(0x7f0000000040)='/dev/amidi#\x00', 0x2, 0x181000) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000080)={0x1b0, @tick=0x7, 0xffffffff, {0x80}, 0x2, 0x4b5ac9ec22d48ba1}) clone(0x0, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) 09:51:48 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800000000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040)='/dev/uinput\x00', 0x20000, 0x0) getsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(0xffffffffffffff9c, 0x84, 0x76, &(0x7f0000000080)={0x0, 0x192}, &(0x7f00000000c0)=0x8) setsockopt$inet_sctp_SCTP_PRIMARY_ADDR(r0, 0x84, 0x6, &(0x7f00000002c0)={r1, @in6={{0xa, 0x4e22, 0xfffffffffffffffe, @remote={0xfe, 0x80, [], 0xbb}, 0x200}}}, 0x84) clone(0x0, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) 09:51:48 executing program 5: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x80000000000002, &(0x7f0000000000)=0x78, 0x4) bind$inet(r1, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1=0xe0000001}, 0x10) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f00000000c0)={0x1, &(0x7f0000f40ff8)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000040)='dctcp\x00', 0x7fff) sendto$inet(r1, &(0x7f0000a88f88), 0xfffffffffffffe6e, 0x20000000, &(0x7f0000e68000)={0x2, 0x4004e23, @local={0xac, 0x14, 0x14, 0xaa}}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000001800)='nv\x00', 0x3) shutdown(r1, 0x1) 09:51:48 executing program 0: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x0, &(0x7f0000000000)=0x78, 0x4) bind$inet(r1, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1=0xe0000001}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000040)='dctcp\x00', 0x7fff) sendto$inet(r1, &(0x7f0000a88f88), 0xfffffffffffffe6e, 0x20000000, &(0x7f0000e68000)={0x2, 0x4004e23, @local={0xac, 0x14, 0x14, 0xaa}}, 0x10) shutdown(r1, 0x1) 09:51:48 executing program 2: mkdir(&(0x7f00000003c0)='./control\x00', 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000480)={0xaa}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000200)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = creat(&(0x7f0000000040)='./control/file0\x00', 0x0) write$sndseq(r1, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) mkdir(&(0x7f0000000100)='./file0\x00', 0x0) r2 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000140)='/dev/dsp\x00', 0x0, 0x0) pwrite64(r1, &(0x7f0000000080), 0x0, 0x0) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='9p\x00', 0x0, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d}, 0x2c}) close(r0) 09:51:48 executing program 4 (fault-call:1 fault-nth:26): perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x4000, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) [ 175.933932] R13: 00000000004bb85d R14: 00000000004c8d28 R15: 0000000000000019 [ 176.002847] FAULT_INJECTION: forcing a failure. [ 176.002847] name failslab, interval 1, probability 0, space 0, times 0 [ 176.014303] CPU: 1 PID: 10338 Comm: syz-executor4 Not tainted 4.18.0-rc5-next-20180720+ #12 [ 176.022910] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 176.032268] Call Trace: [ 176.034877] dump_stack+0x1c9/0x2b4 [ 176.038522] ? dump_stack_print_info.cold.2+0x52/0x52 [ 176.043727] ? perf_trace_lock+0xde/0x920 [ 176.047898] should_fail.cold.4+0xa/0x11 09:51:48 executing program 6: r0 = perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x3ff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x0, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) r1 = dup(r0) setsockopt$inet_tcp_TCP_FASTOPEN_KEY(r1, 0x6, 0x21, &(0x7f0000000040)="ae30f1d4a7a7bd4503e3e5b284479b1e", 0x10) [ 176.051974] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 176.057089] ? anon_vma_fork+0x651/0x960 [ 176.061163] ? percpu_counter_add_batch+0xf2/0x150 [ 176.066105] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 176.071129] ? __vm_enough_memory+0x590/0x980 [ 176.075642] ? lock_acquire+0x1e4/0x540 [ 176.079627] ? fs_reclaim_acquire+0x20/0x20 [ 176.083958] ? lock_downgrade+0x8f0/0x8f0 [ 176.088132] ? lock_downgrade+0x8f0/0x8f0 [ 176.092313] ? check_same_owner+0x340/0x340 [ 176.096642] ? rcu_note_context_switch+0x730/0x730 09:51:49 executing program 3: syz_extract_tcp_res(&(0x7f0000000040), 0xffffffffffffffff, 0x4) r0 = perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = fcntl$getown(r0, 0x9) perf_event_open(&(0x7f0000000280)={0x2, 0x70, 0x100000000, 0x3, 0xdb2, 0x9, 0x0, 0x7, 0x20812, 0x2, 0x615, 0x8, 0x3, 0x2, 0x1, 0x7, 0xffffffff, 0x401, 0x1ae5, 0x81, 0x1, 0x29, 0x6, 0x8, 0x9, 0x74, 0x6d1ca3da, 0x3ff, 0x200, 0x4, 0x3d5, 0x100000001, 0x5, 0x3, 0x7fff, 0x5efd, 0x3ff, 0xfff, 0x0, 0x9, 0x2, @perf_bp={&(0x7f0000000080), 0x3}, 0x80, 0x9, 0x100000000, 0x7, 0x80000000, 0x5, 0xaa}, r1, 0xb, 0xffffffffffffffff, 0x1) openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x400043, 0x0) clone(0x0, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000100), &(0x7f0000000080)) [ 176.101586] __should_failslab+0x124/0x180 [ 176.105827] should_failslab+0x9/0x14 [ 176.109640] kmem_cache_alloc+0x2af/0x760 [ 176.113803] ? security_vm_enough_memory_mm+0x9d/0xc0 [ 176.119005] copy_process.part.41+0x2f81/0x73d0 [ 176.123705] ? __cleanup_sighand+0x70/0x70 [ 176.127953] ? lock_release+0xa30/0xa30 [ 176.131959] ? xas_descend+0x20c/0x5f0 [ 176.135859] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 176.140888] ? check_pgprot+0xdf/0x180 [ 176.144780] ? put_page+0x280/0x280 [ 176.148418] ? kasan_check_write+0x14/0x20 [ 176.152664] ? alloc_set_pte+0xaf6/0x1790 [ 176.156827] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 176.161870] ? filemap_map_pages+0xca2/0x1990 [ 176.166378] ? trace_hardirqs_on+0x10/0x10 [ 176.170645] ? xa_set_tag+0x40/0x40 [ 176.174278] ? perf_trace_lock+0xde/0x920 [ 176.178435] ? trace_hardirqs_on+0x10/0x10 [ 176.182682] ? trace_hardirqs_on+0x10/0x10 [ 176.186927] ? trace_hardirqs_on+0x10/0x10 [ 176.191174] ? find_get_entries_tag+0x1410/0x1410 [ 176.196031] ? perf_trace_lock+0xde/0x920 [ 176.200191] ? zap_class+0x740/0x740 09:51:49 executing program 6: r0 = syz_open_dev$usbmon(&(0x7f0000000040)='/dev/usbmon#\x00', 0x20, 0x30080) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_GET_REG_LIST(r0, 0xc008aeb0, &(0x7f00000002c0)=ANY=[@ANYBLOB="fe02000000000020ed3247e57cb827e23b27e144181854596feffabd547eeda3aee041934d9c97500f713faa1f000000000000009588db10a36e80e7e6c823cb192d0b9f024b9a6c0b7ace02a244b50bcfca1af5fd436c5007d7cd5dda3db1b8f2c9f2516db1b30ba0c89b59ea711e5be0ad666d9e5bffeeac04612c782e5522d2062c581714af88d960e90ab597c5fb7f90413c129d0e31224f4233cec58cd9476fa77d45dd6f183650fb16e9bb2bcf3aa0c9f4b51e47c4b51e7048e06d12076be2a4b85b8ae58c16be645335343b560346e71a7fe0dd3f75267e4fee02b2a848da6ef5373e99a5e68834eda15ba1ddb503016d172dfe42dbf7ebe9c1e701fca118d35666f75251743fb8256b56a624f01901ef7fca5ffb2717bedb20b43b11301fcc8313e41d111659e3657994ddd21965256d6916a001541e4402efe4228e9e6be3cdecc15e89328d92ab9939373cb2214515ad6630d151b4998eef4c1cec62e036b1bfeec4b2c4a574f62a81"]) r1 = msgget$private(0x0, 0x4) msgctl$MSG_INFO(r1, 0xc, &(0x7f0000000080)) clone(0x10000, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) ioctl$RTC_EPOCH_SET(r0, 0x4008700e, 0x4) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f00000000c0)={'team0\x00', 0x0}) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000100)={'eql\x00', r2}) accept$packet(r0, 0x0, &(0x7f0000000080)) 09:51:49 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x0, &(0x7f0000000040)="09f20f9e46606288e315bb406c2ba4ee9f5d053603d62fef726b9182d6f9e487954e24284bced8802abe57cfd453e2882fe92761f3b55b62aaff7744428b0c311e7078c508cb80002f10aa2c3326cee7800212f30e9704a58bdb41cf92238cb4f0ef7d689452b92687549db46c8dfaee", &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000000c0)) [ 176.203908] ? zap_class+0x740/0x740 [ 176.207625] ? zap_class+0x740/0x740 [ 176.211365] ? shrink_dcache_sb+0x350/0x350 [ 176.215689] ? perf_trace_lock+0xde/0x920 [ 176.219855] ? lock_acquire+0x1e4/0x540 [ 176.223832] ? __fdget_pos+0x1bb/0x200 [ 176.227732] ? zap_class+0x740/0x740 [ 176.231454] ? lock_release+0xa30/0xa30 [ 176.235526] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 176.241066] ? _parse_integer+0x13b/0x190 [ 176.245221] ? perf_trace_lock+0xde/0x920 [ 176.249367] ? _kstrtoull+0x188/0x250 09:51:49 executing program 6: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) accept$nfc_llcp(0xffffffffffffffff, 0x0, &(0x7f0000000380)) socket$nl_xfrm(0x10, 0x3, 0x6) socket$key(0xf, 0x3, 0x2) r0 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000400)='/proc/sys/net/ipv4/vs/schedule_icmp\x00', 0x2, 0x0) ioctl$sock_FIOGETOWN(r0, 0x8903, &(0x7f00000003c0)=0x0) ptrace$getregset(0x4204, r1, 0x207, &(0x7f00000000c0)={&(0x7f0000000080)=""/11, 0xb}) r2 = memfd_create(&(0x7f0000000140)='\x00', 0x3) openat$cgroup_int(r2, &(0x7f0000000280)='cpuset.sched_relax_domain_level\x00', 0x2, 0x0) clone(0x10000000, &(0x7f00000002c0)="4daf9ddb17926525e5f08083b46007f1bfc83bac10cdf11c14a5c741fdd50cabbaa4e32d3d70a50ecc049eeaa97adfb070cbd2e49788eb086b0b0baa2cbbab486fafacb208f50e993d9b7e747665d5772751601978da028a2ec5ba8a4140af56e26e3ac09a4321caff5c8614c236e51f8188f9acf4821901e48ad815a33e2f26e4d96008cfa651149b", &(0x7f0000000240), &(0x7f0000000200), &(0x7f0000000140)) [ 176.253171] ? _parse_integer+0x190/0x190 [ 176.257324] ? zap_class+0x740/0x740 [ 176.261048] ? __check_object_size+0xa3/0x5d7 [ 176.265553] ? lock_acquire+0x1e4/0x540 [ 176.269530] ? get_pid_task+0xd8/0x1a0 [ 176.273421] ? perf_trace_lock+0xde/0x920 [ 176.277576] ? lock_release+0xa30/0xa30 [ 176.281559] ? zap_class+0x740/0x740 [ 176.286078] ? vmf_insert_mixed_mkwrite+0xa0/0xa0 [ 176.290932] ? __f_unlock_pos+0x19/0x20 [ 176.294921] ? lock_downgrade+0x8f0/0x8f0 [ 176.299086] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 176.304631] ? proc_fail_nth_write+0x9e/0x210 [ 176.309137] ? lock_acquire+0x1e4/0x540 [ 176.313120] _do_fork+0x291/0x12a0 [ 176.316667] ? fork_idle+0x1a0/0x1a0 [ 176.320388] ? fsnotify_first_mark+0x350/0x350 [ 176.325003] ? fsnotify+0x14e0/0x14e0 [ 176.328815] ? __sb_end_write+0xac/0xe0 [ 176.332826] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 176.338400] ? fput+0x130/0x1a0 [ 176.341717] ? ksys_write+0x1ae/0x260 [ 176.345524] ? __ia32_sys_read+0xb0/0xb0 [ 176.349594] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 176.355140] __x64_sys_clone+0xbf/0x150 [ 176.359119] do_syscall_64+0x1b9/0x820 [ 176.363022] ? finish_task_switch+0x1d3/0x870 [ 176.367521] ? syscall_return_slowpath+0x5e0/0x5e0 [ 176.372453] ? syscall_return_slowpath+0x31d/0x5e0 [ 176.377385] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 176.382406] ? prepare_exit_to_usermode+0x291/0x3b0 [ 176.387429] ? perf_trace_sys_enter+0xb10/0xb10 [ 176.392101] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 176.396953] entry_SYSCALL_64_after_hwframe+0x49/0xbe 09:51:49 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, @perf_bp, 0x0, 0x8000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x0, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) [ 176.402142] RIP: 0033:0x455ab9 [ 176.405323] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 176.424619] RSP: 002b:00007fc93da34c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 176.432341] RAX: ffffffffffffffda RBX: 00007fc93da356d4 RCX: 0000000000455ab9 [ 176.439620] RDX: 0000000020000240 RSI: 0000000020000140 RDI: 0000000000004000 [ 176.446894] RBP: 000000000072bea0 R08: 00000000200002c0 R09: 0000000000000000 09:51:49 executing program 1: r0 = memfd_create(&(0x7f0000000100)="885d292b00", 0x0) write(r0, &(0x7f0000000080)="a8", 0x1) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x11, r0, 0x0) sendfile(r0, r0, &(0x7f0000000140), 0xff8) renameat(0xffffffffffffffff, &(0x7f0000000000)='.\x00', 0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00') write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000180)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000040)={0xffffffffffffffff}, 0x13f}}, 0x20) write$RDMA_USER_CM_CMD_DISCONNECT(r0, &(0x7f00000001c0)={0xa, 0x4, 0xfa00, {r1}}, 0xc) [ 176.454169] R10: 0000000020000280 R11: 0000000000000246 R12: 0000000000000014 [ 176.461446] R13: 00000000004bb85d R14: 00000000004c8d28 R15: 000000000000001a 09:51:49 executing program 6: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rtc0\x00', 0x100, 0x0) ioctl$HDIO_GETGEO(r0, 0x301, &(0x7f0000000080)) clone(0x0, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) [ 176.564192] FAT-fs (loop7): invalid media value (0x00) [ 176.569569] FAT-fs (loop7): Can't find a valid FAT filesystem [ 176.821919] 9pnet: Insufficient options for proto=fd 09:51:49 executing program 7: syz_mount_image$vfat(&(0x7f0000000140)='vfat\x00', &(0x7f0000000100)='./file0\x00', 0x10001, 0x1, &(0x7f0000000040)=[{&(0x7f0000010000)="eb64c86d6b66732e666174000204410005000770", 0x14}], 0x0, &(0x7f0000000240)=ANY=[]) r0 = open(&(0x7f00000001c0)='./file0/file0\x00', 0x3bffa, 0x0) io_setup(0x7, &(0x7f0000000000)=0x0) write$binfmt_elf32(r0, &(0x7f0000000180)=ANY=[@ANYRES64], 0xfffffe45) io_submit(r1, 0x1, &(0x7f0000000400)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r0, &(0x7f00000002c0)="80", 0x1}]) 09:51:49 executing program 4 (fault-call:1 fault-nth:27): perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x4000, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) 09:51:49 executing program 3: r0 = perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x0, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000040)='/dev/zero\x00', 0x10080, 0x0) r2 = openat$null(0xffffffffffffff9c, &(0x7f0000000080)='/dev/null\x00', 0x400000, 0x0) pwritev(r2, &(0x7f0000000200)=[{&(0x7f0000000100)="949e03dcfab3085fefc3", 0xa}, {&(0x7f0000000140)="74d3a9015f19a755", 0x8}], 0x2, 0x0) r3 = msgget$private(0x0, 0x202) msgctl$IPC_STAT(r3, 0x2, &(0x7f00000002c0)=""/134) ioctl$KVM_HYPERV_EVENTFD(r1, 0x4018aebd, &(0x7f00000000c0)={0x2, r2}) fcntl$setflags(r0, 0x2, 0x1) 09:51:49 executing program 5: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x80000000000002, &(0x7f0000000000)=0x78, 0x4) bind$inet(r1, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1=0xe0000001}, 0x10) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f00000000c0)={0x0, &(0x7f0000f40ff8)}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000040)='dctcp\x00', 0x7fff) sendto$inet(r1, &(0x7f0000a88f88), 0xfffffffffffffe6e, 0x20000000, &(0x7f0000e68000)={0x2, 0x4004e23, @local={0xac, 0x14, 0x14, 0xaa}}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000001800)='nv\x00', 0x3) shutdown(r1, 0x1) 09:51:49 executing program 6: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x0, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) r0 = syz_open_dev$adsp(&(0x7f0000000040)='/dev/adsp#\x00', 0x8000, 0xa900) setsockopt$XDP_UMEM_COMPLETION_RING(r0, 0x11b, 0x6, &(0x7f0000000080)=0x240c5, 0x4) ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(r0, 0x4008240b, &(0x7f00000000c0)={0x7, 0x70, 0x3, 0x8001, 0x1b, 0x1, 0x0, 0x2, 0x20, 0x8, 0x8, 0x7, 0xfffffffffffff5d4, 0x100, 0x6, 0x11772e00, 0x8001, 0x0, 0x4, 0x141, 0x100000000, 0xfff, 0x8, 0x9, 0x8, 0x86, 0x2, 0x2, 0x400, 0x2, 0x4, 0xbd, 0x3, 0x7fff, 0x6, 0x2, 0x2, 0x7, 0x0, 0xf9, 0x4, @perf_config_ext={0x80000001, 0x80000000}, 0x0, 0x1f, 0x3, 0x7, 0x2, 0x7fffffff, 0x77}) 09:51:49 executing program 1: r0 = memfd_create(&(0x7f0000000100)="885d292b00", 0x0) write(r0, &(0x7f0000000140), 0xf0b9f037fed44f1) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x11, r0, 0x0) sendfile(r0, r0, &(0x7f0000000040), 0xff8) getsockopt$inet_sctp6_SCTP_PEER_AUTH_CHUNKS(r0, 0x84, 0x1a, &(0x7f0000000140)={0x0, 0x7b, "7f4f5788faebb580f56e6571104031abbe01f1889056232b99f3804d7d45a039a3ec15e76247f90a159ccd359e53fc8f092545d734effa6e27acc2cf307c37ed852b10f175917c50181e811b2f517a69e886d9f0798bd0490b480322dad362c481f5c816774e7b2afbb40f15c5fe156aeaf16aa3605efd16d6139b"}, &(0x7f0000000080)=0x83) ioctl$LOOP_CHANGE_FD(r0, 0x4c06, r0) getsockopt$inet_sctp_SCTP_GET_ASSOC_STATS(r0, 0x84, 0x70, &(0x7f0000000200)={r1, @in6={{0xa, 0x4e21, 0xc1, @remote={0xfe, 0x80, [], 0xbb}, 0x2}}, [0x8, 0x6, 0xb31, 0x8, 0x80f, 0x7fffffff, 0x3, 0x6, 0x5, 0x400, 0x40, 0x7, 0xfffffffffffffffc, 0x7, 0x77]}, &(0x7f0000000300)=0x100) renameat(0xffffffffffffffff, &(0x7f0000000000)='.\x00', 0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00') 09:51:49 executing program 0: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x0, &(0x7f0000000000)=0x78, 0x4) bind$inet(r1, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1=0xe0000001}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000040)='dctcp\x00', 0x7fff) sendto$inet(r1, &(0x7f0000a88f88), 0xfffffffffffffe6e, 0x20000000, &(0x7f0000e68000)={0x2, 0x4004e23, @local={0xac, 0x14, 0x14, 0xaa}}, 0x10) shutdown(r1, 0x1) 09:51:49 executing program 2: mkdir(&(0x7f00000003c0)='./control\x00', 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000480)={0xaa}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000200)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = creat(&(0x7f0000000040)='./control/file0\x00', 0x0) write$sndseq(r1, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) mkdir(&(0x7f0000000100)='./file0\x00', 0x0) r2 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000140)='/dev/dsp\x00', 0x0, 0x0) pwrite64(r1, &(0x7f0000000080), 0x0, 0x0) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='9p\x00', 0x0, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d}, 0x2c}) close(r0) [ 177.031663] FAULT_INJECTION: forcing a failure. [ 177.031663] name failslab, interval 1, probability 0, space 0, times 0 [ 177.042968] CPU: 1 PID: 10405 Comm: syz-executor4 Not tainted 4.18.0-rc5-next-20180720+ #12 [ 177.051467] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 177.060833] Call Trace: [ 177.063432] dump_stack+0x1c9/0x2b4 [ 177.067075] ? dump_stack_print_info.cold.2+0x52/0x52 [ 177.072275] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 177.077307] should_fail.cold.4+0xa/0x11 [ 177.081386] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 177.086525] ? lock_release+0xa30/0xa30 [ 177.090515] ? kasan_check_read+0x11/0x20 [ 177.094674] ? rcu_is_watching+0x8c/0x150 [ 177.098864] ? rcu_cleanup_dead_rnp+0x200/0x200 [ 177.103557] ? is_bpf_text_address+0xd7/0x170 [ 177.108064] ? kernel_text_address+0x79/0xf0 [ 177.112481] ? __kernel_text_address+0xd/0x40 [ 177.116983] ? unwind_get_return_address+0x61/0xa0 [ 177.121919] ? __save_stack_trace+0x8d/0xf0 [ 177.126254] ? save_stack+0xa9/0xd0 09:51:50 executing program 6: perf_event_open(&(0x7f0000000180)={0x2, 0xe, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x3c8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x8, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x0, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) socketpair$inet_udp(0x2, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000140)='/dev/mixer\x00', 0x400, 0x0) ioctl$PPPIOCSMRU(r1, 0x40047452, &(0x7f0000000200)=0x4) ioctl$sock_inet_SIOCDELRT(r0, 0x890c, &(0x7f00000000c0)={0x80, {0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x1f}}, {0x2, 0x4e22, @broadcast=0xffffffff}, {0x2, 0x4e24, @multicast2=0xe0000002}, 0x180, 0x5, 0x415, 0x80, 0x200, &(0x7f0000000080)='ifb0\x00', 0x80, 0x1964, 0x8000000000000000}) [ 177.129887] ? save_stack+0x43/0xd0 [ 177.133513] ? kasan_kmalloc+0xc4/0xe0 [ 177.137408] __should_failslab+0x124/0x180 [ 177.141647] should_failslab+0x9/0x14 [ 177.145456] kmem_cache_alloc+0x47/0x760 [ 177.149527] ? lock_acquire+0x1e4/0x540 [ 177.153512] ? percpu_ref_put_many+0x119/0x240 [ 177.158107] ? lock_downgrade+0x8f0/0x8f0 [ 177.162283] anon_vma_clone+0x140/0x740 [ 177.166277] ? fs_reclaim_acquire+0x20/0x20 [ 177.170613] ? unlink_anon_vmas+0xa60/0xa60 [ 177.174951] ? dup_userfaultfd+0x775/0x9a0 [ 177.179197] anon_vma_fork+0xf0/0x960 [ 177.183003] ? kasan_unpoison_shadow+0x35/0x50 [ 177.187597] ? anon_vma_clone+0x740/0x740 [ 177.191751] ? kasan_slab_alloc+0x12/0x20 [ 177.195921] ? kmem_cache_alloc+0x2fc/0x760 [ 177.200268] copy_process.part.41+0x6705/0x73d0 [ 177.204969] ? __cleanup_sighand+0x70/0x70 [ 177.209220] ? lock_release+0xa30/0xa30 [ 177.213202] ? xas_descend+0x20c/0x5f0 [ 177.217097] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 177.222117] ? check_pgprot+0xdf/0x180 [ 177.226006] ? put_page+0x280/0x280 09:51:50 executing program 6: getsockopt$sock_cred(0xffffffffffffff9c, 0x1, 0x11, &(0x7f0000000040)={0x0, 0x0, 0x0}, &(0x7f0000000080)=0xc) r2 = getegid() getgroups(0x9, &(0x7f00000000c0)=[0xee00, 0x0, 0xee00, 0xffffffffffffffff, 0xffffffffffffffff, 0xee00, 0xee00, 0xee01, 0xffffffffffffffff]) r4 = getgid() r5 = syz_open_dev$evdev(&(0x7f00000002c0)='/dev/input/event#\x00', 0xfff, 0x40) ioctl$EVIOCGID(r5, 0x80084502, &(0x7f0000000300)=""/73) r6 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000380)='/dev/mixer\x00', 0xdde0aff6f1844708, 0x0) ioctl$VHOST_VSOCK_SET_GUEST_CID(r6, 0x4008af60, &(0x7f00000003c0)={@any=0xffffffff}) r7 = getgid() getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100)={0x0, 0x0, 0x0}, &(0x7f0000000140)=0xc) ioctl$IOC_PR_PREEMPT_ABORT(r6, 0x401870cc, &(0x7f00000004c0)={0x1, 0x20, 0xfffffffffffffff8, 0x80000001}) getgroups(0x6, &(0x7f0000000200)=[r1, r2, r3, r4, r7, r8]) perf_event_open(&(0x7f0000000440)={0x0, 0x70, 0x1, 0xd4, 0x6c, 0x200000000000000, 0x0, 0x1, 0x0, 0x4, 0xffffffffffffffc6, 0x3, 0x10000, 0x9, 0x4, 0x7fff, 0x3f, 0x401, 0x3, 0xfff, 0x40, 0x8000, 0xfffffffffffffffc, 0x174000000000000, 0x0, 0x9, 0x3, 0x3, 0x3, 0x7, 0x7, 0x5, 0x5, 0x7, 0x0, 0x0, 0x8, 0x8, 0x0, 0xfff, 0x2, @perf_bp={&(0x7f0000000400), 0xf}, 0x400, 0x3, 0x7f, 0x7, 0x0, 0x9, 0x3}, r0, 0x8, r6, 0x1) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdirat(r6, &(0x7f0000000500)='./file0\x00', 0x88) clone(0x0, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) [ 177.229638] ? kasan_check_write+0x14/0x20 [ 177.233880] ? alloc_set_pte+0xaf6/0x1790 [ 177.238037] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 177.243057] ? filemap_map_pages+0xca2/0x1990 [ 177.247555] ? trace_hardirqs_on+0x10/0x10 [ 177.251798] ? xa_set_tag+0x40/0x40 [ 177.255436] ? perf_trace_lock+0xde/0x920 [ 177.259599] ? trace_hardirqs_on+0x10/0x10 [ 177.263857] ? trace_hardirqs_on+0x10/0x10 [ 177.268100] ? trace_hardirqs_on+0x10/0x10 [ 177.272349] ? find_get_entries_tag+0x1410/0x1410 [ 177.277210] ? perf_trace_lock+0xde/0x920 09:51:50 executing program 6: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socketpair(0x2, 0xb, 0x8, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$KDGKBDIACR(r1, 0x4b4a, &(0x7f00000000c0)=""/27) clone(0x10000000000000, &(0x7f0000000100)="f80795c712609f1d655c992c9dabc5784d21dc851e72adc6656de1d09415c3bbd603a1a3154227323c30806a2e6d3ce5b54e705cee54689bdce8a8", &(0x7f00000002c0), &(0x7f0000000280), &(0x7f0000000300)) splice(r0, &(0x7f0000000140), r0, &(0x7f0000000200), 0x6, 0x1) ustat(0x3fffffff, &(0x7f00000003c0)) getsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r1, 0x84, 0x72, &(0x7f0000000040)={0x0, 0x4}, &(0x7f0000000240)=0xc) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r1, 0x84, 0x7b, &(0x7f0000000300)={r2, 0x8}, 0x8) [ 177.281387] ? zap_class+0x740/0x740 [ 177.285144] ? zap_class+0x740/0x740 [ 177.288876] ? zap_class+0x740/0x740 [ 177.292598] ? shrink_dcache_sb+0x350/0x350 [ 177.296927] ? perf_trace_lock+0xde/0x920 [ 177.301084] ? lock_acquire+0x1e4/0x540 [ 177.305064] ? __fdget_pos+0x1bb/0x200 [ 177.308955] ? zap_class+0x740/0x740 [ 177.312674] ? lock_release+0xa30/0xa30 [ 177.316654] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 177.322197] ? _parse_integer+0x13b/0x190 [ 177.326348] ? perf_trace_lock+0xde/0x920 [ 177.330500] ? _kstrtoull+0x188/0x250 [ 177.334311] ? _parse_integer+0x190/0x190 [ 177.338467] ? zap_class+0x740/0x740 [ 177.342190] ? __check_object_size+0xa3/0x5d7 [ 177.346698] ? lock_acquire+0x1e4/0x540 [ 177.350682] ? get_pid_task+0xd8/0x1a0 [ 177.354574] ? perf_trace_lock+0xde/0x920 [ 177.358728] ? lock_release+0xa30/0xa30 [ 177.362708] ? zap_class+0x740/0x740 [ 177.366431] ? vmf_insert_mixed_mkwrite+0xa0/0xa0 [ 177.371278] ? __f_unlock_pos+0x19/0x20 [ 177.375258] ? lock_downgrade+0x8f0/0x8f0 09:51:50 executing program 6: r0 = perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x0, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000000080)=0x0) socketpair$inet6(0xa, 0x806, 0x4, &(0x7f0000000100)={0xffffffffffffffff}) ioctl$sock_SIOCDELDLCI(r2, 0x8981, &(0x7f0000000140)={'ip6tnl0\x00', 0x6d}) fcntl$setownex(r0, 0xf, &(0x7f00000000c0)={0x0, r1}) write$binfmt_script(r0, &(0x7f0000000040)={'#! ', './file0', [{0x20, '/^'}, {0x20}], 0xa, "d719e65ca357d4bf8981e969dbdf33b125da0e7139a813a0a31ea740d055271ce0a61ad6"}, 0x33) [ 177.379415] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 177.384970] ? proc_fail_nth_write+0x9e/0x210 [ 177.389474] ? lock_acquire+0x1e4/0x540 [ 177.393462] _do_fork+0x291/0x12a0 [ 177.397013] ? fork_idle+0x1a0/0x1a0 [ 177.400734] ? fsnotify_first_mark+0x350/0x350 [ 177.405329] ? fsnotify+0x14e0/0x14e0 [ 177.409145] ? __sb_end_write+0xac/0xe0 [ 177.413127] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 177.418671] ? fput+0x130/0x1a0 [ 177.421966] ? ksys_write+0x1ae/0x260 [ 177.425772] ? __ia32_sys_read+0xb0/0xb0 09:51:50 executing program 1: r0 = memfd_create(&(0x7f0000000100)="885d292b00", 0x0) write(r0, &(0x7f0000000080)="a8", 0x1) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x11, r0, 0x0) sendfile(r0, r0, &(0x7f0000000040), 0xff8) renameat(0xffffffffffffffff, &(0x7f0000000000)='.\x00', 0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00') bpf$MAP_DELETE_ELEM(0x3, &(0x7f00000001c0)={r0, &(0x7f0000000140)="afb9f4ca09ca17f47a34ac5c59e04ba0288bd1dfacad0cd29dd397e7847afd43d50caa79c9795c5cec2f8ed0e7a10e5a0945a699fcd70f4109883c8ac0bfedd50a1232399e187f6a57a23d99e82a44935d583e1047220df4720df3d65f57d04a29c564d8721a2c08b262e164997aada02e18ea37b52c141fd0ea1c"}, 0x10) [ 177.429844] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 177.435391] __x64_sys_clone+0xbf/0x150 [ 177.439374] do_syscall_64+0x1b9/0x820 [ 177.443262] ? finish_task_switch+0x1d3/0x870 [ 177.447762] ? syscall_return_slowpath+0x5e0/0x5e0 [ 177.452698] ? syscall_return_slowpath+0x31d/0x5e0 [ 177.457632] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 177.462652] ? prepare_exit_to_usermode+0x291/0x3b0 [ 177.467683] ? perf_trace_sys_enter+0xb10/0xb10 [ 177.472356] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 177.477213] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 177.482408] RIP: 0033:0x455ab9 [ 177.485617] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 177.504943] RSP: 002b:00007fc93da34c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 177.512667] RAX: ffffffffffffffda RBX: 00007fc93da356d4 RCX: 0000000000455ab9 [ 177.519947] RDX: 0000000020000240 RSI: 0000000020000140 RDI: 0000000000004000 09:51:50 executing program 3: r0 = dup(0xffffffffffffffff) getsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffff9c, 0x84, 0xa, &(0x7f0000000040)={0x8, 0x13fa31e6, 0x0, 0x1, 0x8, 0x7, 0x20, 0x8000, 0x0}, &(0x7f0000000080)=0x20) getsockopt$inet_sctp_SCTP_RESET_STREAMS(r0, 0x84, 0x77, &(0x7f00000000c0)={r1, 0x5d0a, 0x4, [0x8, 0x514c, 0x2, 0x2c8]}, &(0x7f0000000100)=0x10) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x0, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) [ 177.527222] RBP: 000000000072bea0 R08: 00000000200002c0 R09: 0000000000000000 [ 177.534505] R10: 0000000020000280 R11: 0000000000000246 R12: 0000000000000014 [ 177.541780] R13: 00000000004bb85d R14: 00000000004c8d28 R15: 000000000000001b [ 177.568365] FAT-fs (loop7): invalid media value (0x00) [ 177.573787] FAT-fs (loop7): Can't find a valid FAT filesystem 09:51:50 executing program 6: r0 = fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) getsockopt$bt_BT_CHANNEL_POLICY(r0, 0x112, 0xa, &(0x7f0000000040)=0x3f, &(0x7f0000000080)=0x4) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f00000002c0)=@security={'security\x00', 0xe, 0x4, 0x598, 0x250, 0x0, 0x0, 0x0, 0x250, 0x500, 0x500, 0x500, 0x500, 0x500, 0x4, &(0x7f00000000c0), {[{{@ip={@loopback=0x7f000001, @multicast1=0xe0000001, 0xff0000ff, 0xffffff00, 'dummy0\x00', 'vcan0\x00', {0xff}, {0xff}, 0x73, 0x0, 0x42}, 0x0, 0x228, 0x250, 0x0, {}, [@common=@unspec=@connbytes={0x38, 'connbytes\x00', 0x0, {0x0, 0x3ff, 0x1, 0x3}}, @common=@inet=@hashlimit3={0x158, 'hashlimit\x00', 0x3, {'bond_slave_0\x00', {0x4, 0x200, 0x5c, 0xfffffffffffffff9, 0xd6, 0x9, 0x0, 0x92, 0x78, 0x78}, 0x6}}]}, @common=@unspec=@NFQUEUE3={0x28, 'NFQUEUE\x00', 0x3, {0x6, 0x2, 0x1}}}, {{@ip={@multicast1=0xe0000001, @remote={0xac, 0x14, 0x14, 0xbb}, 0xff, 0xff, 'ip6tnl0\x00', 'syzkaller0\x00', {0xff}, {0xff}, 0x37, 0x2, 0x5}, 0x0, 0x100, 0x148, 0x0, {}, [@common=@unspec=@time={0x38, 'time\x00', 0x0, {0x0, 0x7, 0x1217c, 0xf232, 0x3, 0x0, 0x3}}, @common=@ah={0x30, 'ah\x00', 0x0, {0xfffffffffffff000, 0x4, 0x1}}]}, @common=@unspec=@IDLETIMER={0x48, 'IDLETIMER\x00', 0x0, {0x3, 'syz1\x00', 0xf7}}}, {{@ip={@multicast1=0xe0000001, @empty, 0xffffffff, 0xff0000ff, 'bond_slave_1\x00', 'teql0\x00', {}, {0xff}, 0xff, 0x1, 0x1}, 0x0, 0x108, 0x168, 0x0, {}, [@common=@socket0={0x20, 'socket\x00'}, @common=@osf={0x50, 'osf\x00', 0x0, {'syz1\x00', 0x80000001, 0x8, 0x1, 0x1}}]}, @common=@SET={0x60, 'SET\x00', 0x0, {{0x8001, [0xff, 0x0, 0x0, 0x6b, 0x7fffffff, 0x8000], 0x400, 0x5, 0x8}, {0xffffffffffffffff, [0x1, 0x2, 0xffffffffffff25fc, 0x3, 0x3ff, 0x6], 0x800, 0x1, 0x1}}}}], {{[], 0x0, 0x70, 0x98}, {0x28, '\x00', 0x0, 0xfffffffffffffffe}}}}, 0x5f8) clone(0x0, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) 09:51:50 executing program 4 (fault-call:1 fault-nth:28): perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x4000, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) [ 177.869748] 9pnet: Insufficient options for proto=fd [ 177.948431] FAULT_INJECTION: forcing a failure. [ 177.948431] name failslab, interval 1, probability 0, space 0, times 0 [ 177.959805] CPU: 0 PID: 10478 Comm: syz-executor4 Not tainted 4.18.0-rc5-next-20180720+ #12 [ 177.968401] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 177.977772] Call Trace: [ 177.980393] dump_stack+0x1c9/0x2b4 [ 177.984051] ? dump_stack_print_info.cold.2+0x52/0x52 [ 177.989258] ? __kernel_text_address+0xd/0x40 [ 177.993764] ? unwind_get_return_address+0x61/0xa0 [ 177.998782] should_fail.cold.4+0xa/0x11 [ 178.002840] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 178.007949] ? save_stack+0xa9/0xd0 [ 178.011575] ? kasan_kmalloc+0xc4/0xe0 [ 178.015452] ? kasan_slab_alloc+0x12/0x20 [ 178.019602] ? kmem_cache_alloc+0x12e/0x760 [ 178.023942] ? anon_vma_clone+0x140/0x740 [ 178.028092] ? anon_vma_fork+0xf0/0x960 [ 178.032065] ? copy_process.part.41+0x6705/0x73d0 [ 178.036911] ? _do_fork+0x291/0x12a0 [ 178.040635] ? do_syscall_64+0x1b9/0x820 [ 178.044701] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 178.050084] ? lock_acquire+0x1e4/0x540 [ 178.054060] ? percpu_ref_put_many+0x119/0x240 [ 178.058642] ? lock_downgrade+0x8f0/0x8f0 [ 178.062786] ? lock_release+0xa30/0xa30 [ 178.066756] ? lock_acquire+0x1e4/0x540 [ 178.070733] ? lock_release+0xa30/0xa30 [ 178.074715] ? check_same_owner+0x340/0x340 [ 178.079056] ? percpu_ref_put_many+0x131/0x240 [ 178.083982] ? rcu_note_context_switch+0x730/0x730 [ 178.088933] __should_failslab+0x124/0x180 [ 178.093162] should_failslab+0x9/0x14 [ 178.096963] kmem_cache_alloc+0x47/0x760 [ 178.101026] ? anon_vma_interval_tree_insert+0x26b/0x300 [ 178.106485] anon_vma_clone+0x140/0x740 [ 178.110460] ? unlink_anon_vmas+0xa60/0xa60 [ 178.114785] ? dup_userfaultfd+0x775/0x9a0 [ 178.119019] anon_vma_fork+0xf0/0x960 [ 178.122820] ? kasan_unpoison_shadow+0x35/0x50 [ 178.127392] ? anon_vma_clone+0x740/0x740 [ 178.131550] ? kasan_slab_alloc+0x12/0x20 [ 178.135687] ? kmem_cache_alloc+0x2fc/0x760 [ 178.140031] copy_process.part.41+0x6705/0x73d0 [ 178.144716] ? __cleanup_sighand+0x70/0x70 [ 178.149306] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 178.154833] ? perf_tp_event+0x91b/0xc40 [ 178.158884] ? xas_descend+0x20c/0x5f0 [ 178.162780] ? perf_swevent_event+0x2e0/0x2e0 [ 178.167291] ? perf_swevent_event+0x158/0x2e0 [ 178.171791] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 178.177330] ? perf_tp_event+0x91b/0xc40 [ 178.181394] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 178.186405] ? filemap_map_pages+0xca2/0x1990 [ 178.190907] ? perf_swevent_event+0x2e0/0x2e0 [ 178.195420] ? perf_trace_run_bpf_submit+0x269/0x3b0 [ 178.200528] ? perf_trace_run_bpf_submit+0x269/0x3b0 [ 178.211196] ? perf_tp_event+0xc40/0xc40 [ 178.215616] ? perf_trace_run_bpf_submit+0x269/0x3b0 [ 178.220719] ? perf_trace_run_bpf_submit+0x269/0x3b0 [ 178.225812] ? perf_trace_run_bpf_submit+0x270/0x3b0 [ 178.230907] ? perf_tp_event+0xc40/0xc40 [ 178.234960] ? zap_class+0x740/0x740 [ 178.238668] ? perf_trace_run_bpf_submit+0x269/0x3b0 [ 178.243767] ? perf_trace_run_bpf_submit+0x269/0x3b0 [ 178.248871] ? perf_trace_run_bpf_submit+0x270/0x3b0 [ 178.253969] ? perf_tp_event+0xc40/0xc40 [ 178.258031] ? zap_class+0x740/0x740 [ 178.261740] ? memset+0x31/0x40 [ 178.265016] ? perf_trace_lock+0x49d/0x920 [ 178.269247] ? perf_trace_run_bpf_submit+0x269/0x3b0 [ 178.274343] ? zap_class+0x740/0x740 [ 178.278053] ? __check_object_size+0xa3/0x5d7 [ 178.282553] ? memset+0x31/0x40 [ 178.286277] ? zap_class+0x740/0x740 [ 178.289986] ? __f_unlock_pos+0x19/0x20 [ 178.293955] ? lock_downgrade+0x8f0/0x8f0 [ 178.298124] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 178.303663] ? proc_fail_nth_write+0x9e/0x210 [ 178.308149] ? lock_acquire+0x1e4/0x540 [ 178.312131] _do_fork+0x291/0x12a0 [ 178.315665] ? fork_idle+0x1a0/0x1a0 [ 178.319368] ? fsnotify_first_mark+0x350/0x350 [ 178.323937] ? fsnotify+0x14e0/0x14e0 [ 178.327731] ? __sb_end_write+0xac/0xe0 [ 178.331704] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 178.337224] ? fput+0x130/0x1a0 [ 178.340493] ? ksys_write+0x1ae/0x260 [ 178.344290] ? __ia32_sys_read+0xb0/0xb0 [ 178.348340] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 178.353873] __x64_sys_clone+0xbf/0x150 [ 178.357843] do_syscall_64+0x1b9/0x820 [ 178.361718] ? finish_task_switch+0x1d3/0x870 [ 178.366226] ? syscall_return_slowpath+0x5e0/0x5e0 [ 178.371142] ? syscall_return_slowpath+0x31d/0x5e0 [ 178.376060] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 178.381064] ? prepare_exit_to_usermode+0x291/0x3b0 [ 178.386072] ? perf_trace_sys_enter+0xb10/0xb10 [ 178.390732] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 178.395572] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 178.400752] RIP: 0033:0x455ab9 [ 178.403927] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 178.423262] RSP: 002b:00007fc93da34c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 178.430996] RAX: ffffffffffffffda RBX: 00007fc93da356d4 RCX: 0000000000455ab9 [ 178.438281] RDX: 0000000020000240 RSI: 0000000020000140 RDI: 0000000000004000 [ 178.445539] RBP: 000000000072bea0 R08: 00000000200002c0 R09: 0000000000000000 [ 178.452799] R10: 0000000020000280 R11: 0000000000000246 R12: 0000000000000014 [ 178.460060] R13: 00000000004bb85d R14: 00000000004c8d28 R15: 000000000000001c 09:51:51 executing program 0: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x0, &(0x7f0000000000)=0x78, 0x4) bind$inet(r1, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1=0xe0000001}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000040)='dctcp\x00', 0x7fff) sendto$inet(r1, &(0x7f0000a88f88), 0xfffffffffffffe6e, 0x20000000, &(0x7f0000e68000)={0x2, 0x4004e23, @local={0xac, 0x14, 0x14, 0xaa}}, 0x10) shutdown(r1, 0x1) 09:51:51 executing program 3: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = openat$audio(0xffffffffffffff9c, &(0x7f0000000140)='/dev/audio\x00', 0x2, 0x0) ioctl$EVIOCSREP(r1, 0x40084503, &(0x7f0000000200)=[0x77, 0x5dd]) getsockopt$bt_BT_VOICE(r0, 0x112, 0xb, &(0x7f00000000c0)=0x7, &(0x7f0000000100)=0x2) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x0, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) r2 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x200100, 0x0) ioctl$SNDRV_SEQ_IOCTL_QUERY_NEXT_CLIENT(r2, 0xc0bc5351, &(0x7f00000002c0)={0x76f0, 0x0, 'client0\x00', 0x1, "3948e0019c61377c", "c4b319b4cc909526f609ace9c0b9b3e0fb9a86fe541125e26c9e85bc7e90e1f1", 0x8, 0x7b}) ioctl$KVM_SET_VAPIC_ADDR(r2, 0x4008ae93, &(0x7f0000000080)=0x5000) 09:51:51 executing program 1: munlockall() r0 = memfd_create(&(0x7f0000000100)="885d292b00", 0x0) write(r0, &(0x7f0000000080)="a8", 0x1) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x11, r0, 0x0) sendfile(r0, r0, &(0x7f0000000040), 0xff8) renameat(0xffffffffffffffff, &(0x7f0000000000)='.\x00', 0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00') setsockopt$inet6_mtu(r0, 0x29, 0x17, &(0x7f0000000140), 0x4) 09:51:51 executing program 6: r0 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/net/pfkey\x00', 0x10000, 0x0) write$FUSE_NOTIFY_DELETE(r0, &(0x7f0000000080)={0x39f, 0x6, 0x0, {0x1, 0x1, 0xffffffffffffff75, 0x0, "76862af92c8c5175"}}, 0xfffffffffffffe14) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = getpid() ptrace$getenv(0x4201, r1, 0x7, &(0x7f00000000c0)) clone(0x0, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) 09:51:51 executing program 5: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x80000000000002, &(0x7f0000000000)=0x78, 0x4) bind$inet(r1, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1=0xe0000001}, 0x10) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f00000000c0)={0x0, &(0x7f0000f40ff8)}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000040)='dctcp\x00', 0x7fff) sendto$inet(r1, &(0x7f0000a88f88), 0xfffffffffffffe6e, 0x20000000, &(0x7f0000e68000)={0x2, 0x4004e23, @local={0xac, 0x14, 0x14, 0xaa}}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000001800)='nv\x00', 0x3) shutdown(r1, 0x1) 09:51:51 executing program 2: mkdir(&(0x7f00000003c0)='./control\x00', 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000480)={0xaa}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000200)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = creat(&(0x7f0000000040)='./control/file0\x00', 0x0) write$sndseq(r1, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) mkdir(&(0x7f0000000100)='./file0\x00', 0x0) r2 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000140)='/dev/dsp\x00', 0x0, 0x0) pwrite64(r1, &(0x7f0000000080), 0x0, 0x0) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='9p\x00', 0x0, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d}, 0x2c}) close(r0) 09:51:51 executing program 7: syz_mount_image$vfat(&(0x7f0000000140)='vfat\x00', &(0x7f0000000100)='./file0\x00', 0x10001, 0x1, &(0x7f0000000040)=[{&(0x7f0000010000)="eb64c86d6b66732e666174000204410005000770", 0x14}], 0x0, &(0x7f0000000240)=ANY=[]) r0 = open(&(0x7f00000001c0)='./file0/file0\x00', 0x3bffa, 0x0) io_setup(0x7, &(0x7f0000000000)=0x0) write$binfmt_elf32(r0, &(0x7f0000000180)=ANY=[@ANYRES64], 0xfffffe45) io_submit(r1, 0x1, &(0x7f0000000400)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r0, &(0x7f00000002c0)="80", 0x1}]) 09:51:51 executing program 4 (fault-call:1 fault-nth:29): perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x4000, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) [ 178.564621] FAULT_INJECTION: forcing a failure. [ 178.564621] name failslab, interval 1, probability 0, space 0, times 0 [ 178.576050] CPU: 1 PID: 10504 Comm: syz-executor4 Not tainted 4.18.0-rc5-next-20180720+ #12 [ 178.584639] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 178.594002] Call Trace: [ 178.596600] dump_stack+0x1c9/0x2b4 [ 178.600240] ? dump_stack_print_info.cold.2+0x52/0x52 [ 178.605441] ? __kernel_text_address+0xd/0x40 [ 178.609943] ? unwind_get_return_address+0x61/0xa0 [ 178.614886] should_fail.cold.4+0xa/0x11 [ 178.619042] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 178.624148] ? save_stack+0xa9/0xd0 [ 178.627788] ? kasan_kmalloc+0xc4/0xe0 [ 178.631678] ? kasan_slab_alloc+0x12/0x20 [ 178.635834] ? kmem_cache_alloc+0x12e/0x760 [ 178.640164] ? anon_vma_clone+0x140/0x740 [ 178.644319] ? anon_vma_fork+0xf0/0x960 [ 178.648305] ? copy_process.part.41+0x6705/0x73d0 [ 178.653154] ? _do_fork+0x291/0x12a0 [ 178.656875] ? do_syscall_64+0x1b9/0x820 [ 178.660948] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 178.666323] ? lock_acquire+0x1e4/0x540 [ 178.667603] FAT-fs (loop7): invalid media value (0x00) [ 178.670298] ? percpu_ref_put_many+0x119/0x240 [ 178.670318] ? lock_downgrade+0x8f0/0x8f0 [ 178.670335] ? lock_release+0xa30/0xa30 [ 178.670352] ? memcg_kmem_get_cache+0x3a9/0x9d0 [ 178.675632] FAT-fs (loop7): Can't find a valid FAT filesystem [ 178.680188] ? mem_cgroup_handle_over_high+0x130/0x130 [ 178.680202] ? lock_acquire+0x1e4/0x540 [ 178.680221] ? percpu_ref_put_many+0x131/0x240 [ 178.712623] ? mem_cgroup_id_get_online+0x310/0x310 [ 178.717646] ? kasan_unpoison_shadow+0x35/0x50 [ 178.722235] __should_failslab+0x124/0x180 [ 178.726471] should_failslab+0x9/0x14 [ 178.730277] kmem_cache_alloc+0x47/0x760 [ 178.734367] ? anon_vma_interval_tree_insert+0x26b/0x300 [ 178.739825] anon_vma_clone+0x140/0x740 [ 178.743812] ? unlink_anon_vmas+0xa60/0xa60 [ 178.748140] ? dup_userfaultfd+0x775/0x9a0 [ 178.752383] anon_vma_fork+0xf0/0x960 [ 178.756188] ? kasan_unpoison_shadow+0x35/0x50 [ 178.760779] ? anon_vma_clone+0x740/0x740 [ 178.764964] ? kasan_slab_alloc+0x12/0x20 [ 178.769117] ? kmem_cache_alloc+0x2fc/0x760 [ 178.773462] copy_process.part.41+0x6705/0x73d0 [ 178.778153] ? __cleanup_sighand+0x70/0x70 [ 178.782393] ? lock_release+0xa30/0xa30 [ 178.786370] ? xas_descend+0x20c/0x5f0 [ 178.790267] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 178.795288] ? check_pgprot+0xdf/0x180 [ 178.799177] ? put_page+0x280/0x280 [ 178.802821] ? kasan_check_write+0x14/0x20 [ 178.807065] ? alloc_set_pte+0xaf6/0x1790 [ 178.811226] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 178.816249] ? filemap_map_pages+0xca2/0x1990 [ 178.820757] ? trace_hardirqs_on+0x10/0x10 [ 178.824995] ? xa_set_tag+0x40/0x40 [ 178.828626] ? perf_trace_lock+0xde/0x920 [ 178.832782] ? trace_hardirqs_on+0x10/0x10 [ 178.837021] ? trace_hardirqs_on+0x10/0x10 [ 178.841262] ? trace_hardirqs_on+0x10/0x10 [ 178.845525] ? find_get_entries_tag+0x1410/0x1410 [ 178.850375] ? perf_trace_lock+0xde/0x920 [ 178.854524] ? zap_class+0x740/0x740 [ 178.858243] ? zap_class+0x740/0x740 [ 178.861959] ? zap_class+0x740/0x740 [ 178.865691] ? shrink_dcache_sb+0x350/0x350 [ 178.870016] ? perf_trace_lock+0xde/0x920 [ 178.874169] ? lock_acquire+0x1e4/0x540 [ 178.878155] ? __fdget_pos+0x1bb/0x200 [ 178.882044] ? zap_class+0x740/0x740 [ 178.885769] ? lock_release+0xa30/0xa30 [ 178.889749] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 178.895305] ? _parse_integer+0x13b/0x190 [ 178.899458] ? perf_trace_lock+0xde/0x920 [ 178.903609] ? _kstrtoull+0x188/0x250 [ 178.907414] ? _parse_integer+0x190/0x190 [ 178.911565] ? zap_class+0x740/0x740 [ 178.915287] ? __check_object_size+0xa3/0x5d7 [ 178.919800] ? lock_acquire+0x1e4/0x540 [ 178.923784] ? get_pid_task+0xd8/0x1a0 [ 178.927676] ? perf_trace_lock+0xde/0x920 [ 178.931827] ? lock_release+0xa30/0xa30 [ 178.935809] ? zap_class+0x740/0x740 [ 178.939532] ? vmf_insert_mixed_mkwrite+0xa0/0xa0 [ 178.944725] ? __f_unlock_pos+0x19/0x20 [ 178.948723] ? lock_downgrade+0x8f0/0x8f0 [ 178.952969] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 178.958513] ? proc_fail_nth_write+0x9e/0x210 09:51:51 executing program 6: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff}) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffffff, 0x84, 0x1d, &(0x7f0000000080)={0x2, [0x0, 0x0]}, &(0x7f00000000c0)=0xc) setsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(r0, 0x84, 0x18, &(0x7f0000000100)={r1, 0x5}, 0x8) clone(0x0, &(0x7f0000000040), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) 09:51:51 executing program 6: r0 = getpgrp(0x0) waitid(0x1, r0, &(0x7f0000000040), 0x80000000, &(0x7f0000000080)) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x0, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000140)='/dev/hwrng\x00', 0x10000, 0x0) clock_gettime(0x0, &(0x7f0000000200)={0x0, 0x0}) write$sndseq(r1, &(0x7f00000002c0)=[{0x3, 0x4, 0x7, 0x8, @time, {0x5, 0xd7a6}, {0x9, 0x1}, @raw8={"3f2f10a89e719080d8c8989b"}}, {0xef1, 0xfffffffffffffffb, 0x400, 0x7, @time, {0x0, 0x4}, {0x9, 0x2}, @result={0x7ff, 0x7}}, {0x1ff, 0x85, 0xff, 0x3, @time, {0x9, 0x2}, {0xd2, 0x34}, @time=@tick=0x80}, {0x3f, 0x0, 0xfffffffffffff800, 0x4, @tick=0xff, {0x1f, 0xfffffffffffffff9}, {0x6088, 0x10000}, @raw8={"594998e90fa4501e67c99d02"}}, {0x0, 0x8000, 0xff, 0xa7a8, @time={0x0, 0x1c9c380}, {}, {0x4, 0x7fff}, @addr={0x2, 0x4}}, {0x100000000, 0x67c, 0xffff, 0x8, @tick=0x80000000, {0x7fff, 0x81}, {0xf2b9, 0x7}, @note={0x2, 0xfffffffffffffff8, 0x7, 0x9, 0x5}}, {0x3, 0x3c8, 0x9, 0x7fff, @tick=0x9, {0xff, 0x80000001}, {0xfffffffffffffffd, 0x6}, @connect={{0x8, 0x9}, {0x9, 0x9}}}, {0x3f, 0x3, 0x100000001, 0x86c, @tick=0x6, {0x4, 0x584}, {0x4, 0x10000}, @addr={0x1, 0x8}}, {0x200, 0x4, 0x8, 0x5, @time={0x0, 0x1c9c380}, {0x7ff, 0x8}, {0x1, 0x7}, @note={0x80000000, 0xcd, 0x3, 0x0, 0x2}}, {0x8001, 0x7fffffff, 0xd1d1, 0xa832, @tick=0x10001, {0x9, 0x9}, {0x7, 0xff}, @time=@time={r2, r3+10000000}}], 0x1e0) 09:51:51 executing program 6: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x0, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) r0 = syz_open_dev$audion(&(0x7f0000000040)='/dev/audio#\x00', 0xc0000, 0x40000) bind$pptp(r0, &(0x7f0000000080)={0x18, 0x2, {0x0, @local={0xac, 0x14, 0x14, 0xaa}}}, 0x1e) [ 178.963020] ? lock_acquire+0x1e4/0x540 [ 178.967004] _do_fork+0x291/0x12a0 [ 178.970548] ? fork_idle+0x1a0/0x1a0 [ 178.974268] ? fsnotify_first_mark+0x350/0x350 [ 178.978862] ? fsnotify+0x14e0/0x14e0 [ 178.982675] ? __sb_end_write+0xac/0xe0 [ 178.986659] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 178.992198] ? fput+0x130/0x1a0 [ 178.995486] ? ksys_write+0x1ae/0x260 [ 178.999297] ? __ia32_sys_read+0xb0/0xb0 [ 179.003539] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 179.009114] __x64_sys_clone+0xbf/0x150 09:51:51 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vga_arbiter\x00', 0x404000, 0x0) ioctl$EVIOCSABS2F(r0, 0x401845ef, &(0x7f0000000080)={0x8e98af9, 0x4, 0xfffffffffffffff9, 0x937d, 0x10000000000, 0x40}) clone(0x0, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) ioctl$sock_inet_SIOCSIFBRDADDR(r0, 0x891a, &(0x7f00000000c0)={'vcan0\x00', {0x2, 0x4e23, @multicast2=0xe0000002}}) [ 179.013112] do_syscall_64+0x1b9/0x820 [ 179.017005] ? finish_task_switch+0x1d3/0x870 [ 179.021512] ? syscall_return_slowpath+0x5e0/0x5e0 [ 179.027172] ? syscall_return_slowpath+0x31d/0x5e0 [ 179.032111] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 179.037136] ? prepare_exit_to_usermode+0x291/0x3b0 [ 179.042158] ? perf_trace_sys_enter+0xb10/0xb10 [ 179.046836] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 179.051691] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 179.056880] RIP: 0033:0x455ab9 [ 179.060061] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 179.079376] RSP: 002b:00007fc93da34c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 179.087192] RAX: ffffffffffffffda RBX: 00007fc93da356d4 RCX: 0000000000455ab9 [ 179.094464] RDX: 0000000020000240 RSI: 0000000020000140 RDI: 0000000000004000 [ 179.101732] RBP: 000000000072bea0 R08: 00000000200002c0 R09: 0000000000000000 [ 179.109005] R10: 0000000020000280 R11: 0000000000000246 R12: 0000000000000014 09:51:52 executing program 6: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x0, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f0000000040)) r0 = syz_open_dev$admmidi(&(0x7f0000000040)='/dev/admmidi#\x00', 0x401, 0x800) getsockopt$inet_sctp6_SCTP_FRAGMENT_INTERLEAVE(r0, 0x84, 0x12, &(0x7f0000000080), &(0x7f0000000140)=0xffffff12) [ 179.116275] R13: 00000000004bb85d R14: 00000000004c8d28 R15: 000000000000001d 09:51:52 executing program 4 (fault-call:1 fault-nth:30): perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x4000, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) 09:51:52 executing program 1: r0 = memfd_create(&(0x7f0000000280)="2e1b1011019262840c45215e44569136515cdb405ea5000000000000000000b6227d2004d3886081e84cdaef8b0954a42793", 0x2) write(r0, &(0x7f0000000080)="a8", 0x1) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x11, r0, 0x0) sendfile(r0, r0, &(0x7f0000000040), 0xff8) getsockopt$inet_tcp_buf(r0, 0x6, 0x3f, &(0x7f0000000100)=""/179, &(0x7f00000001c0)=0xb3) renameat(0xffffffffffffffff, &(0x7f0000000000)='.\x00', 0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00') [ 179.248311] FAULT_INJECTION: forcing a failure. [ 179.248311] name failslab, interval 1, probability 0, space 0, times 0 [ 179.259731] CPU: 1 PID: 10550 Comm: syz-executor4 Not tainted 4.18.0-rc5-next-20180720+ #12 [ 179.268272] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 179.277633] Call Trace: [ 179.280240] dump_stack+0x1c9/0x2b4 [ 179.283890] ? dump_stack_print_info.cold.2+0x52/0x52 [ 179.289099] ? __kernel_text_address+0xd/0x40 [ 179.293616] ? unwind_get_return_address+0x61/0xa0 [ 179.298569] should_fail.cold.4+0xa/0x11 [ 179.302654] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 179.307780] ? save_stack+0xa9/0xd0 [ 179.311416] ? kasan_kmalloc+0xc4/0xe0 [ 179.315315] ? kasan_slab_alloc+0x12/0x20 [ 179.319470] ? kmem_cache_alloc+0x12e/0x760 [ 179.323799] ? anon_vma_clone+0x140/0x740 [ 179.327954] ? anon_vma_fork+0xf0/0x960 [ 179.331938] ? copy_process.part.41+0x6705/0x73d0 [ 179.336788] ? _do_fork+0x291/0x12a0 [ 179.340513] ? do_syscall_64+0x1b9/0x820 [ 179.344584] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 179.349965] ? lock_acquire+0x1e4/0x540 [ 179.353950] ? percpu_ref_put_many+0x119/0x240 [ 179.358542] ? lock_downgrade+0x8f0/0x8f0 [ 179.362708] ? lock_release+0xa30/0xa30 [ 179.366695] ? memcg_kmem_get_cache+0x3a9/0x9d0 [ 179.371379] ? mem_cgroup_handle_over_high+0x130/0x130 [ 179.376664] ? lock_acquire+0x1e4/0x540 [ 179.380652] ? percpu_ref_put_many+0x131/0x240 [ 179.385243] ? mem_cgroup_id_get_online+0x310/0x310 [ 179.390270] ? kasan_unpoison_shadow+0x35/0x50 [ 179.394863] __should_failslab+0x124/0x180 09:51:52 executing program 6: r0 = perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x0, &(0x7f00000003c0)="8c5e7f76b2728420ed2cf4df6ab09f0c4b98269fd2b3d065532111e22170a33b4b5700305633e6ccba9c19fe26d8889eb1ec3647ba3957d6870b43929eeec7f04061777967b82ffb5a159d2cf5c0899616b06a4062082ff62a1315b648d090cc0a8cf902c8b6ef1ac2d450a38b1a3253d314f8801ee47c5913db82802191ce2206379100704095047a5575fd300f4215d9d88c593496cde085cf30af8f3866c52c10e7732627099370b56edcc6b7cd0f12b7a0fc068b64cd61b5d9336ccc63bf0824c171771486f7093be2aa6757940f8cc771b8c1c44a4dbe0348546de1b9cfa142f85cb49c0e907b53d204df03f60d301484c62b781db6", &(0x7f0000000240), &(0x7f0000000200), &(0x7f00000005c0)="152a34228e9244d31f7c1094586df6b7ff5755f3b883a364cb0100000000000000ceb1825b058caf50172c63f06255aa184a129a594af204deb8f0fb938c46068524debaa5ebf121206bd9ad60a35189340a7fa0febe8abc7ee45dc4cec486df6b762970bcac8145785468f821527cccfdafd6ad54b582d27889a0f2beb7d9567ea447969a4c29361c13d8deab469581d476103f29de866f2ea7fccee56cc07d73924f6c4ca3656478514a0bdeea7b6f815b7b79b97425f40c5ba5c7075e1317123f137c414e643c1023d5f94b832db87f0903e28f18901126d0100635ab6a3414ff4598c0833c90b9ca550fd7760051d7764d783063c024c7918c5f9eee") getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f00000000c0)={0x0}, &(0x7f0000000100)=0xc) perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0x9, 0x7, 0xffff, 0x9, 0x0, 0x0, 0x1422, 0x2, 0x0, 0x7, 0x8000, 0x40, 0x6, 0x3, 0x5, 0x2, 0x80, 0x7, 0x8, 0x40, 0x0, 0x3cb2, 0x9, 0x0, 0x2, 0x4, 0x8, 0x3ff, 0x8, 0x2, 0x7ff, 0x850e, 0x7, 0x0, 0x84c4, 0x0, 0x0, 0x5843a31d, 0x3, @perf_config_ext={0x0, 0x9}, 0x1802, 0x3ff, 0x0, 0x7, 0xad0, 0x5, 0x7}, r1, 0xc, r0, 0x1) [ 179.399104] should_failslab+0x9/0x14 [ 179.402912] kmem_cache_alloc+0x47/0x760 [ 179.406983] ? anon_vma_interval_tree_insert+0x26b/0x300 [ 179.412447] anon_vma_clone+0x140/0x740 [ 179.416444] ? unlink_anon_vmas+0xa60/0xa60 [ 179.420785] ? dup_userfaultfd+0x775/0x9a0 [ 179.425037] anon_vma_fork+0xf0/0x960 [ 179.428847] ? kasan_unpoison_shadow+0x35/0x50 [ 179.433441] ? anon_vma_clone+0x740/0x740 [ 179.437597] ? kasan_slab_alloc+0x12/0x20 [ 179.441759] ? kmem_cache_alloc+0x2fc/0x760 [ 179.446097] copy_process.part.41+0x6705/0x73d0 [ 179.450793] ? __cleanup_sighand+0x70/0x70 [ 179.455041] ? lock_release+0xa30/0xa30 [ 179.459023] ? xas_descend+0x20c/0x5f0 [ 179.462925] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 179.467952] ? check_pgprot+0xdf/0x180 [ 179.471848] ? put_page+0x280/0x280 [ 179.475483] ? kasan_check_write+0x14/0x20 [ 179.479724] ? alloc_set_pte+0xaf6/0x1790 [ 179.483891] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 179.488913] ? filemap_map_pages+0xca2/0x1990 [ 179.493415] ? trace_hardirqs_on+0x10/0x10 [ 179.497660] ? xa_set_tag+0x40/0x40 [ 179.501293] ? perf_trace_lock+0xde/0x920 [ 179.505454] ? trace_hardirqs_on+0x10/0x10 [ 179.509704] ? trace_hardirqs_on+0x10/0x10 [ 179.513951] ? trace_hardirqs_on+0x10/0x10 [ 179.518200] ? find_get_entries_tag+0x1410/0x1410 [ 179.523059] ? perf_trace_lock+0xde/0x920 [ 179.527227] ? zap_class+0x740/0x740 [ 179.530950] ? zap_class+0x740/0x740 [ 179.534672] ? zap_class+0x740/0x740 [ 179.538394] ? shrink_dcache_sb+0x350/0x350 [ 179.542731] ? perf_trace_lock+0xde/0x920 [ 179.546887] ? lock_acquire+0x1e4/0x540 [ 179.550867] ? __fdget_pos+0x1bb/0x200 [ 179.554762] ? zap_class+0x740/0x740 [ 179.558481] ? lock_release+0xa30/0xa30 [ 179.562464] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 179.568013] ? _parse_integer+0x13b/0x190 [ 179.572174] ? perf_trace_lock+0xde/0x920 [ 179.576328] ? _kstrtoull+0x188/0x250 [ 179.580137] ? _parse_integer+0x190/0x190 [ 179.584297] ? zap_class+0x740/0x740 [ 179.588025] ? __check_object_size+0xa3/0x5d7 [ 179.592563] ? lock_acquire+0x1e4/0x540 [ 179.596541] ? get_pid_task+0xd8/0x1a0 [ 179.600437] ? perf_trace_lock+0xde/0x920 [ 179.604704] ? lock_release+0xa30/0xa30 [ 179.608705] ? zap_class+0x740/0x740 [ 179.612435] ? vmf_insert_mixed_mkwrite+0xa0/0xa0 [ 179.617283] ? __f_unlock_pos+0x19/0x20 [ 179.621282] ? lock_downgrade+0x8f0/0x8f0 [ 179.625441] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 179.630986] ? proc_fail_nth_write+0x9e/0x210 [ 179.635494] ? lock_acquire+0x1e4/0x540 [ 179.639490] _do_fork+0x291/0x12a0 [ 179.643046] ? fork_idle+0x1a0/0x1a0 [ 179.646773] ? fsnotify_first_mark+0x350/0x350 [ 179.651376] ? fsnotify+0x14e0/0x14e0 [ 179.656349] ? __sb_end_write+0xac/0xe0 [ 179.660339] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 179.665887] ? fput+0x130/0x1a0 [ 179.669175] ? ksys_write+0x1ae/0x260 [ 179.672981] ? __ia32_sys_read+0xb0/0xb0 [ 179.677048] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 179.682591] __x64_sys_clone+0xbf/0x150 [ 179.686574] do_syscall_64+0x1b9/0x820 [ 179.690464] ? finish_task_switch+0x1d3/0x870 [ 179.694961] ? syscall_return_slowpath+0x5e0/0x5e0 09:51:52 executing program 0: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x80000000000002, &(0x7f0000000000), 0x4) bind$inet(r1, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1=0xe0000001}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000040)='dctcp\x00', 0x7fff) sendto$inet(r1, &(0x7f0000a88f88), 0xfffffffffffffe6e, 0x20000000, &(0x7f0000e68000)={0x2, 0x4004e23, @local={0xac, 0x14, 0x14, 0xaa}}, 0x10) shutdown(r1, 0x1) 09:51:52 executing program 1: r0 = memfd_create(&(0x7f0000000100)="085d182b00", 0x0) write(r0, &(0x7f0000000080)="a8", 0x1) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x11, r0, 0x0) getsockopt$inet_sctp_SCTP_ASSOCINFO(r0, 0x84, 0x1, &(0x7f0000000140)={0x0, 0x7, 0xfff, 0x9, 0x2, 0x5}, &(0x7f0000000180)=0x14) ioctl$ASHMEM_GET_SIZE(r0, 0x7704, 0x0) setsockopt$inet_sctp_SCTP_PR_SUPPORTED(r0, 0x84, 0x71, &(0x7f00000001c0)={r1, 0x81}, 0x8) sendfile(r0, r0, &(0x7f0000000040), 0xff8) renameat(0xffffffffffffffff, &(0x7f0000000000)='.\x00', 0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00') 09:51:52 executing program 3: r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer\x00', 0x20000, 0x0) ioctl$GIO_CMAP(r0, 0x4b70, &(0x7f0000000100)) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x0, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) r1 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000040)='/dev/snapshot\x00', 0x10000, 0x0) write$P9_RCLUNK(r1, &(0x7f0000000140)={0xffd3, 0x79, 0x1}, 0xffffff96) 09:51:52 executing program 6: r0 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv4/vs/sync_retries\x00', 0x2, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x0, &(0x7f0000000200)=0x20, 0x4) setsockopt$IP_VS_SO_SET_FLUSH(r0, 0x0, 0x485, 0x0, 0x0) setsockopt$inet_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000000380)={@in6={{0xa, 0x4e23, 0x6, @empty, 0x3}}, 0x0, 0x5, 0xf6bc, "dc7cf9c5a6c38d512fb86a216ed30cd15e78fce7f3d3a6fae3da1512eb507367b03c6edf6e2102ce840a58d54c78fcb35b994dfa382fc9adc87cec9b8bad36e7259ffbc247568889592cd6063dcd48ee"}, 0xfffffffffffffcd5) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x0, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) sendto$inet(r0, &(0x7f00000002c0)="3f419eaa43f2e3c7e7b3ebfb22f9514a105bdbcacb1a17d6fd723837d3cae5202167c712df13f8a8ddc0f9e918413588b57a5ed441a1bb70f6ef90966482534ebdb3b031ce073e75e88f5161535e15", 0x4f, 0x8010, &(0x7f0000000340)={0x2, 0x4e21, @remote={0xac, 0x14, 0x14, 0xbb}}, 0xfffffffffffffd8d) 09:51:52 executing program 5: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x80000000000002, &(0x7f0000000000)=0x78, 0x4) bind$inet(r1, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1=0xe0000001}, 0x10) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f00000000c0)={0x0, &(0x7f0000f40ff8)}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000040)='dctcp\x00', 0x7fff) sendto$inet(r1, &(0x7f0000a88f88), 0xfffffffffffffe6e, 0x20000000, &(0x7f0000e68000)={0x2, 0x4004e23, @local={0xac, 0x14, 0x14, 0xaa}}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000001800)='nv\x00', 0x3) shutdown(r1, 0x1) [ 179.699908] ? syscall_return_slowpath+0x31d/0x5e0 [ 179.704853] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 179.709878] ? prepare_exit_to_usermode+0x291/0x3b0 [ 179.714901] ? perf_trace_sys_enter+0xb10/0xb10 [ 179.719576] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 179.725995] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 179.731188] RIP: 0033:0x455ab9 09:51:52 executing program 2: mkdir(&(0x7f00000003c0)='./control\x00', 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000480)={0xaa}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000200)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = creat(&(0x7f0000000040)='./control/file0\x00', 0x0) write$sndseq(r1, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) mkdir(&(0x7f0000000100)='./file0\x00', 0x0) r2 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000140)='/dev/dsp\x00', 0x0, 0x0) pwrite64(r1, &(0x7f0000000080), 0x0, 0x0) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='9p\x00', 0x0, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c}) close(0xffffffffffffffff) [ 179.734372] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 179.753662] RSP: 002b:00007fc93da34c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 179.761382] RAX: ffffffffffffffda RBX: 00007fc93da356d4 RCX: 0000000000455ab9 [ 179.768654] RDX: 0000000020000240 RSI: 0000000020000140 RDI: 0000000000004000 [ 179.775926] RBP: 000000000072bea0 R08: 00000000200002c0 R09: 0000000000000000 [ 179.783202] R10: 0000000020000280 R11: 0000000000000246 R12: 0000000000000014 [ 179.790487] R13: 00000000004bb85d R14: 00000000004c8d28 R15: 000000000000001e 09:51:52 executing program 7: syz_mount_image$vfat(&(0x7f0000000140)='vfat\x00', &(0x7f0000000100)='./file0\x00', 0x10001, 0x1, &(0x7f0000000040)=[{&(0x7f0000010000)="eb64c86d6b66732e666174000204410005000770", 0x14}], 0x0, &(0x7f0000000240)=ANY=[]) r0 = open(&(0x7f00000001c0)='./file0/file0\x00', 0x3bffa, 0x0) io_setup(0x7, &(0x7f0000000000)=0x0) write$binfmt_elf32(r0, &(0x7f0000000180)=ANY=[@ANYRES64], 0xfffffe45) io_submit(r1, 0x1, &(0x7f0000000400)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r0, &(0x7f00000002c0)="80", 0x1}]) 09:51:52 executing program 4 (fault-call:1 fault-nth:31): perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x4000, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) [ 179.882524] FAULT_INJECTION: forcing a failure. [ 179.882524] name failslab, interval 1, probability 0, space 0, times 0 [ 179.893823] CPU: 1 PID: 10595 Comm: syz-executor4 Not tainted 4.18.0-rc5-next-20180720+ #12 [ 179.902319] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 179.911678] Call Trace: [ 179.914284] dump_stack+0x1c9/0x2b4 [ 179.917923] ? dump_stack_print_info.cold.2+0x52/0x52 [ 179.923122] ? __kernel_text_address+0xd/0x40 [ 179.927630] ? perf_trace_lock+0xde/0x920 [ 179.931795] should_fail.cold.4+0xa/0x11 [ 179.935870] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 179.940980] ? save_stack+0xa9/0xd0 [ 179.944617] ? kasan_kmalloc+0xc4/0xe0 [ 179.948684] ? kasan_slab_alloc+0x12/0x20 [ 179.952850] ? kmem_cache_alloc+0x12e/0x760 [ 179.957178] ? anon_vma_fork+0x192/0x960 [ 179.961256] ? copy_process.part.41+0x6705/0x73d0 [ 179.966106] ? _do_fork+0x291/0x12a0 [ 179.969829] ? __x64_sys_clone+0xbf/0x150 [ 179.973990] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe 09:51:52 executing program 6: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x0, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rtc0\x00', 0x1, 0x0) r1 = fcntl$getown(r0, 0x9) syz_open_procfs(r1, &(0x7f00000004c0)='net/rt_cache\x00') getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000100)={0x0, @multicast1, @remote}, &(0x7f0000000140)=0xc) getsockopt$inet_IP_IPSEC_POLICY(r0, 0x0, 0x10, &(0x7f00000002c0)={{{@in=@dev, @in6=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@local}, 0x0, @in=@multicast1}}, &(0x7f0000000200)=0xe8) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000003c0)={{{@in=@loopback=0x7f000001, @in6=@loopback={0x0, 0x1}, 0x4e21, 0x2, 0x4e24, 0x8000, 0xa, 0x20, 0x80, 0x2b, r2, r3}, {0x3, 0x54c0227f, 0x0, 0x4e, 0x6, 0xfffffffffffff7b4, 0x0, 0x6fd5fb10}, {0x1, 0x7fff, 0x20, 0x2e5}, 0x6, 0x6e6bb5, 0x2, 0x1, 0x2, 0x3}, {{@in=@loopback=0x7f000001, 0x4d3, 0x32}, 0xa, @in=@rand_addr=0x7f, 0x3505, 0x2, 0x0, 0x503c, 0xb3f, 0xf9b7, 0x7}}, 0xe8) timerfd_settime(r0, 0x0, &(0x7f0000000080)={{0x77359400}, {0x0, 0x1c9c380}}, &(0x7f00000000c0)) [ 179.979366] ? lock_acquire+0x1e4/0x540 [ 179.983361] ? lock_downgrade+0x8f0/0x8f0 [ 179.987520] ? lock_acquire+0x1e4/0x540 [ 179.991504] ? fs_reclaim_acquire+0x20/0x20 [ 179.995929] ? lock_downgrade+0x8f0/0x8f0 [ 180.000087] ? check_same_owner+0x340/0x340 [ 180.004416] ? rcu_note_context_switch+0x730/0x730 [ 180.009348] ? kasan_unpoison_shadow+0x35/0x50 [ 180.013937] __should_failslab+0x124/0x180 [ 180.018179] should_failslab+0x9/0x14 [ 180.021984] kmem_cache_alloc+0x2af/0x760 [ 180.026490] ? dup_userfaultfd+0x775/0x9a0 [ 180.030738] ? anon_vma_fork+0x192/0x960 [ 180.034812] anon_vma_fork+0x2dc/0x960 [ 180.038723] ? anon_vma_clone+0x740/0x740 [ 180.042883] ? kasan_slab_alloc+0x12/0x20 [ 180.047039] ? kmem_cache_alloc+0x2fc/0x760 [ 180.051381] copy_process.part.41+0x6705/0x73d0 [ 180.056096] ? __cleanup_sighand+0x70/0x70 [ 180.060350] ? lock_release+0xa30/0xa30 [ 180.064335] ? xas_descend+0x20c/0x5f0 [ 180.068235] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 180.073261] ? check_pgprot+0xdf/0x180 [ 180.077157] ? put_page+0x280/0x280 09:51:53 executing program 3: socketpair(0x10, 0x7, 0x4, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$RTC_WIE_ON(r0, 0x700f) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x0, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) [ 180.080792] ? kasan_check_write+0x14/0x20 [ 180.085037] ? alloc_set_pte+0xaf6/0x1790 [ 180.089196] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 180.094215] ? filemap_map_pages+0xca2/0x1990 [ 180.098723] ? trace_hardirqs_on+0x10/0x10 [ 180.103048] ? xa_set_tag+0x40/0x40 [ 180.106680] ? perf_trace_lock+0xde/0x920 [ 180.110848] ? trace_hardirqs_on+0x10/0x10 [ 180.115095] ? trace_hardirqs_on+0x10/0x10 [ 180.119350] ? trace_hardirqs_on+0x10/0x10 [ 180.123600] ? find_get_entries_tag+0x1410/0x1410 [ 180.128456] ? perf_trace_lock+0xde/0x920 [ 180.132614] ? zap_class+0x740/0x740 [ 180.136335] ? zap_class+0x740/0x740 [ 180.140064] ? zap_class+0x740/0x740 [ 180.143785] ? shrink_dcache_sb+0x350/0x350 [ 180.148118] ? perf_trace_lock+0xde/0x920 [ 180.152274] ? lock_acquire+0x1e4/0x540 [ 180.156254] ? __fdget_pos+0x1bb/0x200 [ 180.160512] ? zap_class+0x740/0x740 [ 180.164233] ? lock_release+0xa30/0xa30 [ 180.168217] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 180.173761] ? _parse_integer+0x13b/0x190 [ 180.177923] ? perf_trace_lock+0xde/0x920 09:51:53 executing program 6: r0 = perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4ab, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0xfffffffffffffffc, &(0x7f0000000380)="fb98830552a4b383bf6a84873f47e2a51516fd32b4e507e9be6decf7a45710ce87298f0cea21023d54f1c32446e72014352dc06f935aaeb79b54f564e9cd0de80510330837d952470498ab6ed56a56a629090dfe86c3c2385c8ca82430a7dee4cefd1ba90f991b41e835960bfda620829c041d995db297b7731be203194fdf752b2a1f8efb9775a0038c6da7ed058ef68685348121c0ef1e0992e7efa9949643bf676306738b1fa0f70268c83c9f34c5a3f37e1a8c26994acd3a7ec1bf1d6d7fe34830b29048", &(0x7f00000002c0), &(0x7f0000000580), &(0x7f00000002c0)) r1 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000140)='/dev/mixer\x00', 0x2000, 0x0) connect$bt_rfcomm(r1, &(0x7f0000000200)={0x1f, {0xffffffff, 0x58, 0x100000001, 0xfffffffffffffffb, 0x7}, 0x200}, 0xfffffffffffffea0) finit_module(r0, &(0x7f0000000300)='/dev/mixer\x00', 0x2) getsockopt$EBT_SO_GET_INIT_ENTRIES(r1, 0x0, 0x83, &(0x7f0000000240)={'nat\x00', 0x0, 0x4, 0x8e, [], 0xa, &(0x7f0000000040)=[{}, {}, {}, {}, {}, {}, {}, {}, {}, {}], &(0x7f0000000480)=""/142}, &(0x7f0000000100)=0x78) ioctl$VT_GETMODE(r1, 0x5601, &(0x7f0000000340)) 09:51:53 executing program 1: r0 = memfd_create(&(0x7f0000000100)="885d292b00", 0x0) write(r0, &(0x7f0000000080)="a8", 0x1) syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0x40, 0x400) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x11, r0, 0x0) r1 = openat$cgroup_type(r0, &(0x7f0000000180)='cgroup.type\x00', 0x2, 0x0) sendfile(r1, r0, &(0x7f0000000200), 0xfffffffffffffffd) renameat(0xffffffffffffffff, &(0x7f0000000000)='.\x00', 0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00') [ 180.182087] ? _kstrtoull+0x188/0x250 [ 180.185892] ? _parse_integer+0x190/0x190 [ 180.190050] ? zap_class+0x740/0x740 [ 180.193775] ? __check_object_size+0xa3/0x5d7 [ 180.198280] ? lock_acquire+0x1e4/0x540 [ 180.202259] ? get_pid_task+0xd8/0x1a0 [ 180.206153] ? perf_trace_lock+0xde/0x920 [ 180.210306] ? lock_release+0xa30/0xa30 [ 180.214303] ? zap_class+0x740/0x740 [ 180.218026] ? vmf_insert_mixed_mkwrite+0xa0/0xa0 [ 180.222876] ? __f_unlock_pos+0x19/0x20 [ 180.226862] ? lock_downgrade+0x8f0/0x8f0 [ 180.231022] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 180.236572] ? proc_fail_nth_write+0x9e/0x210 [ 180.241081] ? lock_acquire+0x1e4/0x540 [ 180.245067] _do_fork+0x291/0x12a0 [ 180.248633] ? fork_idle+0x1a0/0x1a0 [ 180.252743] ? fsnotify_first_mark+0x350/0x350 [ 180.257326] ? fsnotify+0x14e0/0x14e0 [ 180.261142] ? __sb_end_write+0xac/0xe0 [ 180.265131] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 180.270695] ? fput+0x130/0x1a0 [ 180.273990] ? ksys_write+0x1ae/0x260 [ 180.277797] ? __ia32_sys_read+0xb0/0xb0 09:51:53 executing program 6: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x18, 0xfa00, {0x8000000000002, &(0x7f0000000200), 0x10e, 0x100f}}, 0x20) clone(0x0, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) openat$full(0xffffffffffffff9c, &(0x7f0000000100)='/dev/full\x00', 0x48400, 0x0) 09:51:53 executing program 3: r0 = perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/sys/net/ipv4/vs/sync_refresh_period\x00', 0x2, 0x0) ioctl$TIOCMBIS(r1, 0x5416, &(0x7f0000000200)=0xffffffffffff0001) clone(0x0, &(0x7f00000000c0)="20d721958d967c1ae4a702122c77000011743adf0bb5aed3c6a30b40dbc42ad463244ccec2c05bf892573da9c5d5338d151d7a3648e21532dc1d413ff8977fb10dbff9097601", &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) r2 = syz_open_dev$rtc(&(0x7f0000000040)='/dev/rtc#\x00', 0x800, 0x80) ioctl$RTC_EPOCH_READ(r2, 0x8008700d, &(0x7f0000000080)) ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r2) [ 180.281865] ? syscall_slow_exit_work+0x500/0x500 [ 180.286725] __x64_sys_clone+0xbf/0x150 [ 180.290716] do_syscall_64+0x1b9/0x820 [ 180.294610] ? finish_task_switch+0x1d3/0x870 [ 180.299113] ? syscall_return_slowpath+0x5e0/0x5e0 [ 180.304056] ? syscall_return_slowpath+0x31d/0x5e0 [ 180.308995] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 180.314023] ? prepare_exit_to_usermode+0x291/0x3b0 [ 180.319053] ? perf_trace_sys_enter+0xb10/0xb10 [ 180.323737] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 180.328597] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 180.333790] RIP: 0033:0x455ab9 [ 180.336971] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 180.356267] RSP: 002b:00007fc93da34c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 180.363991] RAX: ffffffffffffffda RBX: 00007fc93da356d4 RCX: 0000000000455ab9 [ 180.371270] RDX: 0000000020000240 RSI: 0000000020000140 RDI: 0000000000004000 09:51:53 executing program 1: r0 = memfd_create(&(0x7f0000000100)="885d292b00", 0x0) write(r0, &(0x7f0000000080)="a8", 0x1) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x11, r0, 0x0) sendfile(r0, r0, &(0x7f0000000040), 0xff8) renameat(0xffffffffffffffff, &(0x7f0000000000)='.\x00', 0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00') fsync(r0) write$cgroup_int(r0, &(0x7f0000000180)=0x5, 0x12) openat$null(0xffffffffffffff9c, &(0x7f0000000140)='/dev/null\x00', 0x2000, 0x0) 09:51:53 executing program 4 (fault-call:1 fault-nth:32): perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x4000, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) [ 180.378547] RBP: 000000000072bea0 R08: 00000000200002c0 R09: 0000000000000000 [ 180.385820] R10: 0000000020000280 R11: 0000000000000246 R12: 0000000000000014 [ 180.393099] R13: 00000000004bb85d R14: 00000000004c8d28 R15: 000000000000001f [ 180.404794] FAT-fs (loop7): invalid media value (0x00) [ 180.410387] FAT-fs (loop7): Can't find a valid FAT filesystem [ 180.478948] FAULT_INJECTION: forcing a failure. [ 180.478948] name failslab, interval 1, probability 0, space 0, times 0 [ 180.490242] CPU: 1 PID: 10638 Comm: syz-executor4 Not tainted 4.18.0-rc5-next-20180720+ #12 [ 180.498733] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 180.508091] Call Trace: [ 180.510728] dump_stack+0x1c9/0x2b4 [ 180.514372] ? dump_stack_print_info.cold.2+0x52/0x52 [ 180.519574] ? __kernel_text_address+0xd/0x40 [ 180.524084] ? perf_trace_lock+0xde/0x920 [ 180.528248] should_fail.cold.4+0xa/0x11 [ 180.532322] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 180.537434] ? save_stack+0xa9/0xd0 [ 180.541072] ? kasan_kmalloc+0xc4/0xe0 [ 180.544969] ? kasan_slab_alloc+0x12/0x20 [ 180.549125] ? kmem_cache_alloc+0x12e/0x760 [ 180.553451] ? anon_vma_fork+0x192/0x960 [ 180.557518] ? copy_process.part.41+0x6705/0x73d0 [ 180.562367] ? _do_fork+0x291/0x12a0 [ 180.566087] ? __x64_sys_clone+0xbf/0x150 [ 180.570251] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 180.575625] ? lock_acquire+0x1e4/0x540 09:51:53 executing program 0: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x80000000000002, &(0x7f0000000000), 0x4) bind$inet(r1, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1=0xe0000001}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000040)='dctcp\x00', 0x7fff) sendto$inet(r1, &(0x7f0000a88f88), 0xfffffffffffffe6e, 0x20000000, &(0x7f0000e68000)={0x2, 0x4004e23, @local={0xac, 0x14, 0x14, 0xaa}}, 0x10) shutdown(r1, 0x1) 09:51:53 executing program 6: r0 = socket$inet(0x2, 0x80006, 0x8000) getsockopt$inet_sctp_SCTP_FRAGMENT_INTERLEAVE(r0, 0x84, 0x12, &(0x7f0000000100), &(0x7f0000000200)=0x4) r1 = perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = fcntl$dupfd(r1, 0x406, r1) getsockopt$EBT_SO_GET_ENTRIES(r2, 0x0, 0x81, &(0x7f00000002c0)={'filter\x00', 0x0, 0x3, 0x0, [], 0x4, &(0x7f00000000c0)=[{}, {}, {}, {}], &(0x7f0000000100)}, &(0x7f0000000140)=0x78) clone(0x0, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) r3 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ppp\x00', 0x101000, 0x0) ioctl$SG_GET_SG_TABLESIZE(r3, 0x227f, &(0x7f0000000080)) [ 180.579607] ? lock_downgrade+0x8f0/0x8f0 [ 180.583768] ? lock_acquire+0x1e4/0x540 [ 180.587750] ? fs_reclaim_acquire+0x20/0x20 [ 180.592082] ? lock_downgrade+0x8f0/0x8f0 [ 180.596329] ? check_same_owner+0x340/0x340 [ 180.600657] ? rcu_note_context_switch+0x730/0x730 [ 180.605592] ? kasan_unpoison_shadow+0x35/0x50 [ 180.610182] __should_failslab+0x124/0x180 [ 180.614421] should_failslab+0x9/0x14 [ 180.618227] kmem_cache_alloc+0x2af/0x760 [ 180.622382] ? dup_userfaultfd+0x775/0x9a0 09:51:53 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x3f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x0, &(0x7f0000000080), &(0x7f0000000240), &(0x7f0000000040), &(0x7f00000002c0)) r0 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000080)='/dev/rfkill\x00', 0x101400, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r0, 0x40082404, &(0x7f0000000100)=0x5) write$FUSE_NOTIFY_INVAL_ENTRY(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="2b0000000300000096ea60cc3ff2ba511dd19ec97b00f7aab6539c89ffffff0000000300000000000a0000"], 0x2b) ioctl$RTC_PIE_OFF(r0, 0x7006) [ 180.626623] ? anon_vma_fork+0x192/0x960 [ 180.630704] anon_vma_fork+0x2dc/0x960 [ 180.634610] ? anon_vma_clone+0x740/0x740 [ 180.638768] ? kasan_slab_alloc+0x12/0x20 [ 180.642926] ? kmem_cache_alloc+0x2fc/0x760 [ 180.647264] copy_process.part.41+0x6705/0x73d0 [ 180.651964] ? __cleanup_sighand+0x70/0x70 [ 180.656229] ? lock_release+0xa30/0xa30 [ 180.660205] ? xas_descend+0x20c/0x5f0 [ 180.664105] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 180.669126] ? check_pgprot+0xdf/0x180 [ 180.673021] ? put_page+0x280/0x280 [ 180.676661] ? kasan_check_write+0x14/0x20 [ 180.680913] ? alloc_set_pte+0xaf6/0x1790 [ 180.685160] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 180.690181] ? filemap_map_pages+0xca2/0x1990 [ 180.694679] ? trace_hardirqs_on+0x10/0x10 [ 180.698922] ? xa_set_tag+0x40/0x40 [ 180.702556] ? perf_trace_lock+0xde/0x920 [ 180.706721] ? trace_hardirqs_on+0x10/0x10 [ 180.711072] ? trace_hardirqs_on+0x10/0x10 [ 180.715312] ? trace_hardirqs_on+0x10/0x10 [ 180.719560] ? find_get_entries_tag+0x1410/0x1410 [ 180.724414] ? perf_trace_lock+0xde/0x920 [ 180.728913] ? zap_class+0x740/0x740 [ 180.732633] ? zap_class+0x740/0x740 [ 180.736354] ? zap_class+0x740/0x740 [ 180.740070] ? shrink_dcache_sb+0x350/0x350 [ 180.744402] ? perf_trace_lock+0xde/0x920 [ 180.748552] ? lock_acquire+0x1e4/0x540 [ 180.752527] ? __fdget_pos+0x1bb/0x200 [ 180.756418] ? zap_class+0x740/0x740 [ 180.760135] ? lock_release+0xa30/0xa30 [ 180.764113] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 180.769748] ? _parse_integer+0x13b/0x190 [ 180.773903] ? perf_trace_lock+0xde/0x920 [ 180.778054] ? _kstrtoull+0x188/0x250 [ 180.781855] ? _parse_integer+0x190/0x190 [ 180.786008] ? zap_class+0x740/0x740 [ 180.789731] ? __check_object_size+0xa3/0x5d7 [ 180.794238] ? lock_acquire+0x1e4/0x540 [ 180.798216] ? get_pid_task+0xd8/0x1a0 [ 180.802111] ? perf_trace_lock+0xde/0x920 [ 180.806272] ? lock_release+0xa30/0xa30 [ 180.810253] ? zap_class+0x740/0x740 [ 180.813978] ? vmf_insert_mixed_mkwrite+0xa0/0xa0 [ 180.818823] ? __f_unlock_pos+0x19/0x20 [ 180.822804] ? lock_downgrade+0x8f0/0x8f0 09:51:53 executing program 5: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x80000000000002, &(0x7f0000000000)=0x78, 0x4) bind$inet(r1, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1=0xe0000001}, 0x10) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f00000000c0)={0x1, &(0x7f0000f40ff8)=[{0x0, 0x0, 0x0, 0xe8}]}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000040)='dctcp\x00', 0x7fff) sendto$inet(r1, &(0x7f0000a88f88), 0xfffffffffffffe6e, 0x20000000, &(0x7f0000e68000)={0x2, 0x4004e23, @local={0xac, 0x14, 0x14, 0xaa}}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000001800)='nv\x00', 0x3) shutdown(r1, 0x1) 09:51:53 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x127c, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x0, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) [ 180.826958] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 180.832502] ? proc_fail_nth_write+0x9e/0x210 [ 180.837004] ? lock_acquire+0x1e4/0x540 [ 180.841007] _do_fork+0x291/0x12a0 [ 180.844555] ? fork_idle+0x1a0/0x1a0 [ 180.848277] ? fsnotify_first_mark+0x350/0x350 [ 180.852862] ? fsnotify+0x14e0/0x14e0 [ 180.856683] ? __sb_end_write+0xac/0xe0 [ 180.860668] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 180.866213] ? fput+0x130/0x1a0 [ 180.869494] ? ksys_write+0x1ae/0x260 [ 180.873395] ? __ia32_sys_read+0xb0/0xb0 [ 180.877462] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 180.883007] __x64_sys_clone+0xbf/0x150 [ 180.886989] do_syscall_64+0x1b9/0x820 [ 180.890883] ? finish_task_switch+0x1d3/0x870 [ 180.895394] ? syscall_return_slowpath+0x5e0/0x5e0 [ 180.900332] ? syscall_return_slowpath+0x31d/0x5e0 [ 180.905265] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 180.910326] ? prepare_exit_to_usermode+0x291/0x3b0 [ 180.915349] ? perf_trace_sys_enter+0xb10/0xb10 [ 180.920024] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 180.924881] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 180.930074] RIP: 0033:0x455ab9 [ 180.933347] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 180.953089] RSP: 002b:00007fc93da34c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 180.960813] RAX: ffffffffffffffda RBX: 00007fc93da356d4 RCX: 0000000000455ab9 [ 180.968092] RDX: 0000000020000240 RSI: 0000000020000140 RDI: 0000000000004000 09:51:53 executing program 2: mkdir(&(0x7f00000003c0)='./control\x00', 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000480)={0xaa}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000200)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = creat(&(0x7f0000000040)='./control/file0\x00', 0x0) write$sndseq(r1, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) mkdir(&(0x7f0000000100)='./file0\x00', 0x0) r2 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000140)='/dev/dsp\x00', 0x0, 0x0) pwrite64(r1, &(0x7f0000000080), 0x0, 0x0) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='9p\x00', 0x0, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c}) close(0xffffffffffffffff) [ 180.975387] RBP: 000000000072bea0 R08: 00000000200002c0 R09: 0000000000000000 [ 180.983096] R10: 0000000020000280 R11: 0000000000000246 R12: 0000000000000014 [ 180.990372] R13: 00000000004bb85d R14: 00000000004c8d28 R15: 0000000000000020 09:51:54 executing program 7: syz_mount_image$vfat(&(0x7f0000000140)='vfat\x00', &(0x7f0000000100)='./file0\x00', 0x10001, 0x1, &(0x7f0000000040)=[{&(0x7f0000010000)="eb64c86d6b66732e66617400020441000500077008", 0x15}], 0x0, &(0x7f0000000240)=ANY=[]) r0 = open(&(0x7f00000001c0)='./file0/file0\x00', 0x3bffa, 0x0) io_setup(0x7, &(0x7f0000000000)=0x0) write$binfmt_elf32(r0, &(0x7f0000000180)=ANY=[@ANYRES64], 0xfffffe45) io_submit(r1, 0x1, &(0x7f0000000400)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r0, &(0x7f00000002c0)="80", 0x1}]) 09:51:54 executing program 6: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$full(0xffffffffffffff9c, &(0x7f0000000080)='/dev/full\x00', 0x20000, 0x0) ioctl$VT_OPENQRY(r0, 0x5600, &(0x7f00000000c0)) clone(0x0, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) r1 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/autofs\x00', 0xa180, 0x0) ioctl$TIOCCBRK(r1, 0x5428) 09:51:54 executing program 4 (fault-call:1 fault-nth:33): perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x4000, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) 09:51:54 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = accept4(0xffffffffffffffff, &(0x7f0000000040)=@in6={0x0, 0x0, 0x0, @mcast2}, &(0x7f00000000c0)=0x80, 0x800) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000240)=[@in={0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0x14}}, @in={0x2, 0x4e22}, @in6={0xa, 0x4e24, 0x7, @mcast2={0xff, 0x2, [], 0x1}, 0x9ee0}], 0x3c) r1 = syz_open_dev$mice(&(0x7f00000003c0)='/dev/input/mice\x00', 0x0, 0x123300) write$P9_ROPEN(r1, &(0x7f0000000400)={0x18, 0x71, 0x1, {{0x43, 0x1}, 0xfd1}}, 0x18) getsockopt$inet_sctp_SCTP_PEER_ADDR_THLDS(0xffffffffffffff9c, 0x84, 0x1f, &(0x7f00000002c0)={0x0, @in6={{0xa, 0x4e21, 0xfffffffffffffff9, @mcast1={0xff, 0x1, [], 0x1}, 0x200}}, 0xfffffffffffffffa, 0x8}, &(0x7f0000000100)=0x90) getsockopt$inet_sctp6_SCTP_RTOINFO(r0, 0x84, 0x0, &(0x7f0000000140)={r2, 0x8, 0x6}, &(0x7f0000000200)=0x124) clone(0x0, &(0x7f0000000140), &(0x7f0000000380), &(0x7f0000000280), &(0x7f00000002c0)) 09:51:54 executing program 1: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000100)='cpuacct.usage_sys\x00', 0x0, 0x0) getsockopt$inet_mreqn(r0, 0x0, 0x24, &(0x7f0000000140)={@local, @rand_addr}, &(0x7f0000000240)=0xc) ioctl$KVM_SET_PIT2(r0, 0x4070aea0, &(0x7f00000001c0)={[{0x3ff, 0x10001, 0xe60, 0x1, 0x9, 0x40, 0x5, 0xfffffffffffffffe, 0xb45, 0x10001, 0xa13, 0xfff, 0x2}, {0x1f, 0x2, 0x5, 0x0, 0x1, 0x2, 0x5, 0xb4d, 0x0, 0x9, 0x4, 0x7, 0x400}, {0x0, 0x10001, 0x80, 0x7, 0x5, 0xb37b, 0xffffffff, 0x7, 0x80000001, 0x0, 0x0, 0x5, 0x1ff}], 0x6}) r1 = memfd_create(&(0x7f00000002c0)="885d292b00", 0xffffffffffffffff) write(r1, &(0x7f0000000480)="e6824e7d530f95a935f294cc54b2db0eb09a5224c60000507b0c48895ab7cbfb5ea5ade59f014f511a280923b957036ca327f835d5f70596ce4521c44e4efef1fc6874b3da4ba9c68649de46e977de2027ab21e8d4af81e2c2ca3be992c73bd5cab7eaf7ff6345820976fe3a7ab08c4b00f14856e9d4d6072669a490841c5761", 0x80) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x11, r1, 0x0) readahead(r0, 0x40, 0x2) sendfile(r1, r1, &(0x7f0000000040), 0xff8) renameat(r1, &(0x7f0000000180)='.\x00', 0xffffffffffffffff, &(0x7f0000000000)='./file0\x00') ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f00000000c0)={0x6, 0x0, 0x5}) 09:51:54 executing program 1: r0 = syz_open_dev$midi(&(0x7f0000000140)='/dev/midi#\x00', 0x5, 0x101000) ioctl$UFFDIO_UNREGISTER(r0, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000001000/0x3000)=nil, 0x3000}) r1 = memfd_create(&(0x7f0000000100)="885d292b00", 0x0) write(r1, &(0x7f0000000080)="a8", 0x1) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x11, r1, 0x0) sendfile(r1, r1, &(0x7f0000000040), 0xff8) accept$packet(r0, 0x0, &(0x7f00000001c0)) renameat(0xffffffffffffffff, &(0x7f0000000000)='.\x00', 0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00') [ 181.366399] FAT-fs (loop7): invalid media value (0x00) [ 181.371797] FAT-fs (loop7): Can't find a valid FAT filesystem [ 181.391816] FAULT_INJECTION: forcing a failure. [ 181.391816] name failslab, interval 1, probability 0, space 0, times 0 [ 181.403116] CPU: 0 PID: 10687 Comm: syz-executor4 Not tainted 4.18.0-rc5-next-20180720+ #12 [ 181.411619] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 181.423058] Call Trace: [ 181.425668] dump_stack+0x1c9/0x2b4 [ 181.429334] ? dump_stack_print_info.cold.2+0x52/0x52 [ 181.434557] ? perf_trace_lock+0x49d/0x920 [ 181.438833] should_fail.cold.4+0xa/0x11 [ 181.442969] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 181.448102] ? kasan_kmalloc+0xc4/0xe0 [ 181.452010] ? kasan_slab_alloc+0x12/0x20 [ 181.456183] ? _do_fork+0x291/0x12a0 [ 181.459915] ? __x64_sys_clone+0xbf/0x150 09:51:54 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x0, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000040)=0x0) ptrace$setregset(0x4205, r0, 0x3, &(0x7f0000000080)={&(0x7f00000002c0)="27e72701e6d54bba8d3b42e1d0e94ab7d9f6a11ffc334b967b666b948d4f1be0bbb4c7d078f2b8de1c1542af50b2f6a80b414d098dc9a6f79c2bd5f6a7d96f943fcb2fb5bf634cb31f8e0ec903f262f130a703d488a42488abfb45994f3c8fb5b8d202ced3447901e6366f009995bd90987bb3e0119bb7a410e446a2fd7734484a5a530392a63c72d6e9671817775b73233f2b061dca15f01a6c45ae8166a1e3a515bf157507b62ff5098eba8b9bc5be7e39360be3485179d61f193db517d65cc3fc02134148408f0cee3a2344dd86a4afac81e72072d854b5f6993e3ef71e41f1314fed7216dfaff693f1420034da042eb4ef104a277988869c9e768021a34d4d6439f08f867bdb637bb8db39875cfa278596b8e5a28db398fefe3b72dd73605c6e471578d63e48e8bb916875c19f1890627dcbe4c3df9a36547a306ae3436bfe9f292c089aec65f651e29c2a065282f59da6c424b5c6b293dc132951f9705000f7668d5b48edfcdd22095e6c4ce211a06c09b58f1ae1de37d78d1880401e3de00e9ade8488140da474659cf8e76fa9a3d141537f10417bc2b5ab6bfd4a7661d2fa96cb1cefc879f5019354259eaf948a67053fdf18f7660c3cb69da472ab6c644b7b05fdfd00bb85a6151b4a88648cbe6cc0f7e76a1b137bf07a75cf0e5f6f402ab3b73eb17629f3bc31c6ddcc528a400f68aa72f88f64a7926d328a259b8891b77465cdad589a92dcaf6c647d44e5cda57f4eba5d4fa09898d398c5c0dbc2121d24b8d0d5861526393f1610429ae97dd82c5ed266a065a2405bf803883602e9cf0edbcadcbc11b6ae6501b3b20c31fa38db141e341e4903067bd343691b79691c9f8c99706f54edd5bee3139bb04946a11762c0a6de696248b696ae882d9ec6683c81a847f8fdf37986ddcb77e92a7e2d1827a72a7fb0387a6b0c75677baf74d38600b6ccc4600ad07eae5d603ba608d5cf1e70407874753b9ae290b45467678d35d983591ade9c7c3d5033620243e8172b8da0b5a2119fcb4812927fd1aee71170529d24ddf1fde20891ed2b8183ae6c31d08253a29196396ab22d7eb0f79fff24deb22927856e354df9cd4fe41ac1c7c257ae1f272fbaac1a65833bd907e1d0b8c096faec5c8ed3bc18764b658a6e9404452ba82a3c0bbf777e0d2e838c1accc59e75b11597f994825b2cdd8d64b6d9e05902436542ad5524e62256ff5a9534296a9b9a0f82c5bbe2b45ba06342ff00d5852f27230852eb1030c187fc0db78db78f39feefc724f4b12c584da0bd004334204588e22e526eaaf0c10fe2e8caa85a20c1949075021a179513c7ea704d1a97abb67d7e573d1dfad0a8cdb03b9e6f632a675e3d55967e99062f73c6f4d37043c5f3653751b52995be90529fe35283f5b015b4c24785046841f90228747f2965f063de9f9fa6a84d05db638c537d45374dc04acd9792298e8f50dc123a5ea53e04f7aa8f34c125d3f16c78bc48653dcdc055afdaacd5cfc765ede7c79874a1c7a02bb20e674c09488b26d5baa5b5224b43f7a2d21ef83c86544a60b8c49b827738970516bd2967c60d81c7651e1b2b3eae075bdef81f5dc18963663ccdff1583e3c7ea3ba81a9853a7753662765f24b9a55bb53c4a41910221735b7079e5e3ec8af6da6492077fedb5b58e4f898d0f1efefd019998dcb76f5ea2ce40dd21a5bd7855e0dd937b7dee5bfe2e41548ceda7311b25d16c2dfb010d6b5916f7ddb5d223d146c7a09e4d15478e5c118c5d10f2eb0cec622bcb3c0761357a7c1e106aab9ddb9465fbc2f111dda874b29c48062a1cbc273faa6f2557aa65170a95294d64a88e38bf42d32c0b1f44a4447ac7947ec25e11882bb1ff7506536fbca55f91ca6e75f8c079781ee25ae4bf96afa9e5f465c409a40b49549b35b6a8596911e7f2cd979933685862efb3d3fb5758c3c0612962be8a85f37760935d65e127e6dd82edcd2e8a99a43ac244c53d6e1d9eb8d61adeb346c97bd6b0c9f2dac0d00a6369e54e85f14809b90f0f50f7e78b46ab82613c0b715e268adb1a9242f306636d692142624447ed019e92b5a229d6124a0f59136562a34f5d3149fb627041556272d7583f2e23583e2cc3956766ce8594450b22c00deb94507a6d952f1912d092313873ef1ab59a752cc870186246c76b8b6c316b096815da8724a593e5ffb7e0b1e0993b7e7cc76af5ff771652a9048c77cb06cb8e56c06c333a920a9918ea0a59722796623e5547bd0658f3520f285541df22383f467ee05fdb5d0c3315d80ed5574463a84ab49759769943fcd6ae4934b2186431c691e6f2408fe635b6fe02c558d3f1f34caac668cd0c19ad4764b39ed79ca7db5f696b9fb02c8dd6e2be665802ccec1a92d3c362d79fad8076f256a7618720a3ea858f0d5a6f08bb830ebde4196652c99bc5ed975ce1f8600e31a21c717c215a63a5af8b02f8f17029ec952dd6434e0d7c3ba305a67f5ed9cf650f07ce8c958970b55a5fa01e05e14cb2711e3be58753156b82052ffce4b9a721ef902e390d87f76d0ad4cf97b1f684ec84e4e04d0fff85e504358652e7e872ec5e11cd066aa7ab78c97761588e0d305fd6b04811ce6b2da4d6b4c297a497f728ddf6665e8ac12e7a5ca8f380d511637ad3f21d73883302378fbe08500fa97b1b022b927e830e18700b41bf8ea4d8262312f2c2ead8a704f29d0536e5d360fd4b7dc523695c1da54b1fcdbc3cc8bf0dd82e2113d05c21537e4bc6836fc23c7fc7b2cb1c0b70f864e76ef9197ff816925de5243efabb88fc4c7442e155c7617f436fe746d8f1d8bc122681f4c2c31f47ecb38fe99f07baff9d68f45040660e0ee1c2b00b8a8a188853ec6cf781402ee433cff455537edd9329c56aaf97069128f835d35b4757e57aa0469c9871efea1c148b10d3917d5475f90b9c8972c08808cefbddf746afb24ee3174d31e9c3283ed45f356a0c348dffe9a58c0cc9bf5d93c4a4e2d2091fb9007d1e4349f1b0b667895a156a55793f5ca4a725190be31cd8ce054024887df149dcbeb4639c350e605bcde2c4cefc00d682650bb9d6e14dddb29bdef88e792e687126d898417feb4b08a4f0ecb9cc9b72ec082526af8ed8e762190e444c10a39f33dd272390a3d8148e9d0a0f80b3bbacfb41e5935c7bcfc5db92973ca32b811ae23eb4d2c78b7d608108c8ba38cc3d82837bf38d0e6f0a84fb8a8b2c907b67236b3d1920dd1649cd7539c47cf8a41deb4cb5c30ca401b6213ada307c75f7696322371fdab852899fe6dc4f3aae10f2aa6737a37e90d2fe1cbe31fc8df4ece1f924840d947ae3e9749efcd22145542ceef1e8becd8fc2938d4ddb2dc20096a4435a4845ab12ab0c0f05e3dfc8595c352482834e402eaa57d8561a894f77dd71ac667876bccb0168085db2e68d348703d64d1245064b84a7fbbf6d9ae82e75a8799ffac76347e411acb463e3efc6f9a6d23e26e86f3cd8761429ff0b4f777bfa15cf95fba6fbc0f152ba553782cd7f12da2ef2e578323a1ff417b93088928ecc2bb73d01733734a1f3d8ce5582144a3073b8e87599a62789c8dd472c3117557188a150372f56cd7ce3b31c9e5b89b2cee56e31c188e31a9611804056cfedf009045a46ce4205bb9314065e192b37fef3b5d7651875a11ad2cd0fcd22272c86cc05d1e82c6541b01aebcf4d1a9c94aeeb7e6219d54dfa89f1ca374e085dac5ddd80da5ee03f0dbea7c75c41308141de29ce08c4f8ddb2a3d30444d83e271f3ed6d56b1e1bbf2f19c66c6367ed1acdcc526bb70201e97d530a37043baa2c3de7d6e7ee9a442eca73c27b5bf4d8a71dbc75911e2c079023a577d6519635ed0f80f923f08270d920f340006e3f6961c8b6d79ebdf4ae078a1799c057fb79bf00bec9ef99e25682ad419b7bc1fa7efe8493654f91c3f6d7548412548eb6c7e3fc43b2a19a9080b6189273916dcd33e5feb2c85d91c776e6bd2eb5dffdc161ea6b2c5102c29654512cbb2f24ae8a4fd783a99d05463fd92abed5806fa69e9bbc56b818d6f48c37df011f7a53d5d7885af469084f80c4763bd54c3415765b7aab17fcd256bb7b39b36344576704fbcb0102c94929359d6b8541c4e0e2a28dbea678aa414c05289eb02f3b43b9e19313ed3712e93e0d0e9cac922d35849d60f5e207aec677f0c4967ccc66c8a933d75def806ad5c8cfac67d4f15d000f5788b6d93dc2ffd0da64d8193b2fb47cb9305f8e4944a57ca63fc29e8477cb971af88ee13f3a623d1733b17a08f220f7733e88ad4703951601dee9a106553d5ae95ce2ac742c0c054958263ebb6531c6b772a68ddca215f0c88200bd8f8fa69c90791cab61f9c897f38c6e72a7af81703434432e6a7e0680f4a80e878c4caf46dedf12e26550d5554247b3115f5fc8593dfb21b006872cd1be6a25dd078ae7589a01099fb065f2aaa0b7f3cc095230e73214b7035de6e141887d031dcdf955d7a75bcbb9f10bcea37004e07040d4d9e741bbb8f5a46c6018b11d9d40ca0109538604bb40730418ba263974de5cac1905d2b8fc8a91f32d2890c5129106be31fff73c34094d5deaaf26b0eb759298255d518809f8b767900794d2418abd0f34f955f8577fcd2019119ac2fef1b74ae42ffe08135bae92a51a40181d2ece132924321d6bc6941eeb83b1460db414c8d1984ec2040068eabe2b3150e94ae3323c825dec5fb50ed6c50672385c20b0cf8f15dbfadbe5613997858ca193f889416fd96badf344ed336da0634a2abcc827c771405cde9776cb9f6618391e089672b4570f04de1df4b929c6623e213e6f7a1b5525cee7075178c38371179eb1fbbe312da993ff232fafe8a4d7dccf30d8fc1e0362f7324f628e1014e24a2f9f46c1447f85dc780faebd4254a5e9fd9f5f4555de2a0f5eafa97b54987f9c75492b91c28f604c6313866349e9a3ca7875d55d2536fbc33d36d39687204d91352c3a727ac7eb0f2e82a2f9b3952f338371c601c8158d69e58f92b75e261f376e911feccf828ff4ea1a09750996dfd795e99596bc5dfc8f0dec306ae6bb2f181aff1215d82921059b42c267ba998f096a257998aff5b3bd7ba9fab4536c4534d6e0987c66aa0d69dc1a20c477afb93e1b9ceaaa38e217f35b3b48824a6f7f4deb31110681b1cd230953c482d0e9bf3e78da6ec7396cc9b692bbc009a9f14962fcb0ce1616acce427a48001910b610df8946617c2f6561edc26aa13630dd4de5635b7c8742fde375d9989f37e3535c965b8fff0e1a817ba78d7e96da8e00bfcbc60429479df0e033ae0f159c26f45073697f9b5b79f4a4184fc1f967a4d266a7e7456f2a34cc91c67c2f42a239f8242e0275011359bb82a305d3ef021264b3cd744e73cf544f1948a95993aa7184609416cb3e38f1a23a8c7e7c0d379d9a5bf1699ba7c695b49a30995a4a1a1a0c6b1b8eac9737732ab12afd53a9536f4f6cd0942734ae9104ee0b3c49c913c5ee2f44268e2b7dac65b320c58aacc6dfb7c7d66ceab014cf6a0082baf0593306fbb58c0100fae39ed073d224713d83ad013aa9895b0daa4a9658296ca19286101c29a582ad805e2cf1a7aa28db82989f9c58a4d81287d1559a135531b09e0fd6932778a12c8244f9835ac10c4f633f9efb8c7a9ef201b3652a8659c58238bfa1f03fe009367e459dc3bfc73b0087d81f980bef24643ecc892288a43b7f70e20b7cae35d8bf418e2e97c3c416debe52b71c4254cd48374593df98fab3b3903157b74eb06cd494c9ae7e5e78f852d5e842f021d6dd425d00c852", 0x1000}) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='hugetlb.2MB.usage_in_bytes\x00', 0x0, 0x0) ioctl$RTC_WIE_ON(r1, 0x700f) [ 181.464089] ? do_syscall_64+0x1b9/0x820 [ 181.468188] ? percpu_counter_add_batch+0xf2/0x150 [ 181.473150] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 181.478194] ? __vm_enough_memory+0x590/0x980 [ 181.482723] ? lock_acquire+0x1e4/0x540 [ 181.486713] ? fs_reclaim_acquire+0x20/0x20 [ 181.491058] ? lock_downgrade+0x8f0/0x8f0 [ 181.495227] ? lock_downgrade+0x8f0/0x8f0 [ 181.499408] ? check_same_owner+0x340/0x340 [ 181.503754] ? rcu_note_context_switch+0x730/0x730 [ 181.508738] __should_failslab+0x124/0x180 [ 181.512999] should_failslab+0x9/0x14 [ 181.516817] kmem_cache_alloc+0x2af/0x760 [ 181.520994] ? security_vm_enough_memory_mm+0x9d/0xc0 [ 181.526211] copy_process.part.41+0x2f81/0x73d0 [ 181.531285] ? __cleanup_sighand+0x70/0x70 [ 181.535545] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 181.541112] ? perf_tp_event+0x91b/0xc40 [ 181.545202] ? xas_descend+0x20c/0x5f0 [ 181.549123] ? perf_swevent_event+0x2e0/0x2e0 [ 181.553654] ? perf_swevent_event+0x158/0x2e0 [ 181.558170] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 09:51:54 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff80000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x0, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) [ 181.563721] ? perf_tp_event+0x91b/0xc40 [ 181.567796] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 181.572838] ? filemap_map_pages+0xca2/0x1990 [ 181.577355] ? perf_swevent_event+0x2e0/0x2e0 [ 181.581874] ? perf_trace_run_bpf_submit+0x269/0x3b0 [ 181.587188] ? perf_trace_run_bpf_submit+0x269/0x3b0 [ 181.592326] ? perf_tp_event+0xc40/0xc40 [ 181.596411] ? perf_trace_run_bpf_submit+0x269/0x3b0 [ 181.601539] ? perf_trace_run_bpf_submit+0x269/0x3b0 [ 181.606668] ? perf_trace_run_bpf_submit+0x270/0x3b0 [ 181.611798] ? perf_tp_event+0xc40/0xc40 09:51:54 executing program 1: r0 = memfd_create(&(0x7f0000000140)="885d292b00", 0x2) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000340)={0xffffffffffffffff}) write(r0, &(0x7f0000000080)="a8", 0x1) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x11, r0, 0x0) syncfs(r0) sendfile(r0, r0, &(0x7f0000000040), 0xff8) clock_gettime(0x0, &(0x7f00000002c0)={0x0, 0x0}) setsockopt$l2tp_PPPOL2TP_SO_RECVSEQ(r0, 0x111, 0x2, 0x1, 0x4) futimesat(r0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000300)={{r2, r3/1000+30000}}) renameat(0xffffffffffffffff, &(0x7f0000000000)='.\x00', 0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00') sendfile(r1, r0, &(0x7f0000000380), 0x0) ioctl$KVM_GET_SREGS(r0, 0x8138ae83, &(0x7f00000003c0)) [ 181.615870] ? zap_class+0x740/0x740 [ 181.619695] ? perf_trace_run_bpf_submit+0x269/0x3b0 [ 181.624836] ? perf_trace_run_bpf_submit+0x269/0x3b0 [ 181.629961] ? perf_trace_run_bpf_submit+0x270/0x3b0 [ 181.635089] ? perf_tp_event+0xc40/0xc40 [ 181.639176] ? zap_class+0x740/0x740 [ 181.642911] ? memset+0x31/0x40 [ 181.646214] ? perf_trace_lock+0x49d/0x920 [ 181.650464] ? perf_trace_run_bpf_submit+0x269/0x3b0 [ 181.655590] ? zap_class+0x740/0x740 [ 181.659327] ? __check_object_size+0xa3/0x5d7 [ 181.663844] ? memset+0x31/0x40 [ 181.667159] ? zap_class+0x740/0x740 [ 181.670900] ? __f_unlock_pos+0x19/0x20 [ 181.674894] ? lock_downgrade+0x8f0/0x8f0 [ 181.679063] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 181.684618] ? proc_fail_nth_write+0x9e/0x210 [ 181.689162] ? lock_acquire+0x1e4/0x540 [ 181.693166] _do_fork+0x291/0x12a0 [ 181.696729] ? fork_idle+0x1a0/0x1a0 [ 181.700464] ? fsnotify_first_mark+0x350/0x350 [ 181.705068] ? fsnotify+0x14e0/0x14e0 [ 181.708901] ? __sb_end_write+0xac/0xe0 09:51:54 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndpcmp(&(0x7f0000000080)='/dev/snd/pcmC#D#p\x00', 0x7ff, 0x4000) getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(0xffffffffffffffff, 0x84, 0x7b, &(0x7f00000000c0)={0x0, 0x3}, &(0x7f0000000100)=0x8) r2 = msgget(0x3, 0x40) msgctl$MSG_INFO(r2, 0xc, &(0x7f00000002c0)=""/71) getsockopt$inet_sctp6_SCTP_RESET_STREAMS(r0, 0x84, 0x77, &(0x7f0000000140)={r1, 0x7, 0x2, [0xbae, 0x8000]}, &(0x7f0000000200)=0xc) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000380)={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000000340)={0xffffffffffffffff}, 0x106, 0x3}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_ROUTE(r0, &(0x7f00000003c0)={0x4, 0x8, 0xfa00, {r3, 0x4}}, 0x10) clone(0x0, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) [ 181.712896] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 181.718446] ? fput+0x130/0x1a0 [ 181.721741] ? ksys_write+0x1ae/0x260 [ 181.725565] ? __ia32_sys_read+0xb0/0xb0 [ 181.729640] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 181.735206] __x64_sys_clone+0xbf/0x150 [ 181.739209] do_syscall_64+0x1b9/0x820 [ 181.743113] ? finish_task_switch+0x1d3/0x870 [ 181.747633] ? syscall_return_slowpath+0x5e0/0x5e0 [ 181.752576] ? syscall_return_slowpath+0x31d/0x5e0 [ 181.757518] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 181.762552] ? prepare_exit_to_usermode+0x291/0x3b0 [ 181.767590] ? perf_trace_sys_enter+0xb10/0xb10 [ 181.772284] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 181.777161] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 181.782358] RIP: 0033:0x455ab9 [ 181.785549] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 181.805213] RSP: 002b:00007fc93da34c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 09:51:54 executing program 0: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x80000000000002, &(0x7f0000000000), 0x4) bind$inet(r1, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1=0xe0000001}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000040)='dctcp\x00', 0x7fff) sendto$inet(r1, &(0x7f0000a88f88), 0xfffffffffffffe6e, 0x20000000, &(0x7f0000e68000)={0x2, 0x4004e23, @local={0xac, 0x14, 0x14, 0xaa}}, 0x10) shutdown(r1, 0x1) 09:51:54 executing program 6: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x0, &(0x7f0000000140), &(0x7f0000000040), &(0x7f0000000280), &(0x7f00000002c0)) r0 = openat$full(0xffffffffffffff9c, &(0x7f0000000200)='/dev/full\x00', 0x220001, 0x0) ioctl$EVIOCGPHYS(r0, 0x80404507, &(0x7f0000000080)=""/178) [ 181.812946] RAX: ffffffffffffffda RBX: 00007fc93da356d4 RCX: 0000000000455ab9 [ 181.820230] RDX: 0000000020000240 RSI: 0000000020000140 RDI: 0000000000004000 [ 181.827511] RBP: 000000000072bea0 R08: 00000000200002c0 R09: 0000000000000000 [ 181.834794] R10: 0000000020000280 R11: 0000000000000246 R12: 0000000000000014 [ 181.842077] R13: 00000000004bb85d R14: 00000000004c8d28 R15: 0000000000000021 09:51:54 executing program 1: r0 = memfd_create(&(0x7f0000000100)="885d292b00", 0x0) write(r0, &(0x7f0000000080)="a8", 0x1) setsockopt$kcm_KCM_RECV_DISABLE(r0, 0x119, 0x1, &(0x7f0000000140)=0x8398, 0x4) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x11, r0, 0x0) sendfile(r0, r0, &(0x7f0000000040), 0xff8) renameat(0xffffffffffffffff, &(0x7f0000000000)='.\x00', 0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00') 09:51:54 executing program 5: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x80000000000002, &(0x7f0000000000)=0x78, 0x4) bind$inet(r1, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1=0xe0000001}, 0x10) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f00000000c0)={0x1, &(0x7f0000f40ff8)=[{0x0, 0x0, 0x0, 0xe8}]}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000040)='dctcp\x00', 0x7fff) sendto$inet(r1, &(0x7f0000a88f88), 0xfffffffffffffe6e, 0x20000000, &(0x7f0000e68000)={0x2, 0x4004e23, @local={0xac, 0x14, 0x14, 0xaa}}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000001800)='nv\x00', 0x3) shutdown(r1, 0x1) 09:51:54 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd62, 0x0, 0x0, 0x0, 0x4000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x0, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000040)='/dev/cuse\x00', 0x8401, 0x0) setsockopt$inet6_int(r0, 0x29, 0x31, &(0x7f0000000140)=0x6, 0x4) setsockopt$XDP_UMEM_REG(r0, 0x11b, 0x4, &(0x7f0000000100)={&(0x7f0000000080)=""/119, 0x4000, 0x21002, 0x935}, 0x18) 09:51:55 executing program 2: mkdir(&(0x7f00000003c0)='./control\x00', 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000480)={0xaa}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000200)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = creat(&(0x7f0000000040)='./control/file0\x00', 0x0) write$sndseq(r1, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) mkdir(&(0x7f0000000100)='./file0\x00', 0x0) r2 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000140)='/dev/dsp\x00', 0x0, 0x0) pwrite64(r1, &(0x7f0000000080), 0x0, 0x0) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='9p\x00', 0x0, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c}) close(0xffffffffffffffff) 09:51:55 executing program 6: r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x4, 0x1a400) getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r0, 0x84, 0x7c, &(0x7f0000000380)={0x0, 0x1, 0xfffffffffffffff7}, &(0x7f00000003c0)=0x8) getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r0, 0x84, 0x6, &(0x7f0000000080)={r1, @in6={{0xa, 0x4e20, 0x9, @dev={0xfe, 0x80, [], 0xe}, 0x4}}}, &(0x7f0000000340)=0xfffffcaa) setsockopt$inet_sctp_SCTP_RTOINFO(r0, 0x84, 0x0, &(0x7f0000000200)={r2, 0x669b, 0x400}, 0x10) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x0, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) ioctl$IOC_PR_PREEMPT(r0, 0x401870cb, &(0x7f0000000140)={0x3, 0x9, 0x0, 0x4}) ioctl$PIO_CMAP(r0, 0x4b71, &(0x7f00000002c0)={0x3ff, 0x7, 0x1af53dae, 0x3, 0x3, 0xffffffffffff0000}) 09:51:55 executing program 4 (fault-call:1 fault-nth:34): perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x4000, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) 09:51:55 executing program 3: r0 = open(&(0x7f00000002c0)='./file0\x00', 0x0, 0x40) setsockopt$inet6_tcp_int(r0, 0x6, 0x15, &(0x7f0000000300)=0x200, 0x4) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$sndpcmc(&(0x7f0000000040)='/dev/snd/pcmC#D#c\x00', 0x101, 0x0) r2 = syz_genetlink_get_family_id$ipvs(&(0x7f00000000c0)='IPVS\x00') sendmsg$IPVS_CMD_FLUSH(r1, &(0x7f0000000200)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x31d9d5060bf24495}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x30, r2, 0x912, 0x70bd2c, 0x25dfdbfe, {0x11}, [@IPVS_CMD_ATTR_SERVICE={0x14, 0x1, [@IPVS_SVC_ATTR_PROTOCOL={0x8, 0x2, 0x11}, @IPVS_SVC_ATTR_AF={0x8, 0x1}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0xfffffffffffff800}]}, 0x30}, 0x1, 0x0, 0x0, 0x8000}, 0x80) clone(0x0, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) 09:51:55 executing program 1: r0 = memfd_create(&(0x7f0000000100)="885d292b00", 0x0) write(r0, &(0x7f0000000080)="a8", 0x1) socket$inet_udplite(0x2, 0x2, 0x88) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x11, r0, 0x0) sendfile(r0, r0, &(0x7f0000000040), 0xff8) renameat(0xffffffffffffffff, &(0x7f0000000000)='.\x00', 0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00') 09:51:55 executing program 7: syz_mount_image$vfat(&(0x7f0000000140)='vfat\x00', &(0x7f0000000100)='./file0\x00', 0x10001, 0x1, &(0x7f0000000040)=[{&(0x7f0000010000)="eb64c86d6b66732e66617400020441000500077008", 0x15}], 0x0, &(0x7f0000000240)=ANY=[]) r0 = open(&(0x7f00000001c0)='./file0/file0\x00', 0x3bffa, 0x0) io_setup(0x7, &(0x7f0000000000)=0x0) write$binfmt_elf32(r0, &(0x7f0000000180)=ANY=[@ANYRES64], 0xfffffe45) io_submit(r1, 0x1, &(0x7f0000000400)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r0, &(0x7f00000002c0)="80", 0x1}]) 09:51:55 executing program 0: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x80000000000002, &(0x7f0000000000)=0x78, 0x4) bind$inet(0xffffffffffffffff, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1=0xe0000001}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000040)='dctcp\x00', 0x7fff) sendto$inet(r1, &(0x7f0000a88f88), 0xfffffffffffffe6e, 0x20000000, &(0x7f0000e68000)={0x2, 0x4004e23, @local={0xac, 0x14, 0x14, 0xaa}}, 0x10) shutdown(r1, 0x1) 09:51:55 executing program 5: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x80000000000002, &(0x7f0000000000)=0x78, 0x4) bind$inet(r1, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1=0xe0000001}, 0x10) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f00000000c0)={0x1, &(0x7f0000f40ff8)=[{0x0, 0x0, 0x0, 0xe8}]}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000040)='dctcp\x00', 0x7fff) sendto$inet(r1, &(0x7f0000a88f88), 0xfffffffffffffe6e, 0x20000000, &(0x7f0000e68000)={0x2, 0x4004e23, @local={0xac, 0x14, 0x14, 0xaa}}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000001800)='nv\x00', 0x3) shutdown(r1, 0x1) [ 182.967207] FAT-fs (loop7): invalid media value (0x00) [ 182.972608] FAT-fs (loop7): Can't find a valid FAT filesystem 09:51:55 executing program 0: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x80000000000002, &(0x7f0000000000)=0x78, 0x4) bind$inet(r1, &(0x7f0000deb000)={0x2, 0x0, @multicast1=0xe0000001}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000040)='dctcp\x00', 0x7fff) sendto$inet(r1, &(0x7f0000a88f88), 0xfffffffffffffe6e, 0x20000000, &(0x7f0000e68000)={0x2, 0x4004e23, @local={0xac, 0x14, 0x14, 0xaa}}, 0x10) shutdown(r1, 0x1) 09:51:55 executing program 6: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x40000000000003e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x0, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) r0 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv4/vs/sloppy_sctp\x00', 0x2, 0x0) finit_module(r0, &(0x7f00000000c0)='\x00', 0x3) setsockopt$netlink_NETLINK_LISTEN_ALL_NSID(r0, 0x10e, 0x8, &(0x7f0000000100)=0xfffffffffffffffe, 0xfffffffffffffd8c) 09:51:56 executing program 0: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x80000000000002, &(0x7f0000000000)=0x78, 0x4) bind$inet(r1, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1=0xe0000001}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, &(0x7f0000000040)='dctcp\x00', 0x7fff) sendto$inet(r1, &(0x7f0000a88f88), 0xfffffffffffffe6e, 0x20000000, &(0x7f0000e68000)={0x2, 0x4004e23, @local={0xac, 0x14, 0x14, 0xaa}}, 0x10) shutdown(r1, 0x1) [ 183.161923] FAULT_INJECTION: forcing a failure. [ 183.161923] name failslab, interval 1, probability 0, space 0, times 0 [ 183.173402] CPU: 0 PID: 10795 Comm: syz-executor4 Not tainted 4.18.0-rc5-next-20180720+ #12 [ 183.181914] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 183.192134] Call Trace: [ 183.194750] dump_stack+0x1c9/0x2b4 [ 183.198410] ? dump_stack_print_info.cold.2+0x52/0x52 [ 183.203631] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 183.208690] should_fail.cold.4+0xa/0x11 [ 183.212786] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 183.217921] ? lock_release+0xa30/0xa30 [ 183.221958] ? kasan_check_read+0x11/0x20 [ 183.226568] ? rcu_is_watching+0x8c/0x150 [ 183.230741] ? rcu_cleanup_dead_rnp+0x200/0x200 [ 183.235441] ? is_bpf_text_address+0xd7/0x170 [ 183.239961] ? kernel_text_address+0x79/0xf0 [ 183.244429] ? __kernel_text_address+0xd/0x40 [ 183.248962] ? unwind_get_return_address+0x61/0xa0 [ 183.253917] ? __save_stack_trace+0x8d/0xf0 [ 183.258281] ? save_stack+0xa9/0xd0 [ 183.261931] ? save_stack+0x43/0xd0 [ 183.265577] ? kasan_kmalloc+0xc4/0xe0 [ 183.269491] __should_failslab+0x124/0x180 [ 183.273749] should_failslab+0x9/0x14 [ 183.277662] kmem_cache_alloc+0x47/0x760 [ 183.282018] ? lock_acquire+0x1e4/0x540 [ 183.286016] ? percpu_ref_put_many+0x119/0x240 [ 183.290624] ? lock_downgrade+0x8f0/0x8f0 [ 183.294810] anon_vma_clone+0x140/0x740 [ 183.298812] ? fs_reclaim_acquire+0x20/0x20 [ 183.303162] ? unlink_anon_vmas+0xa60/0xa60 [ 183.307513] ? dup_userfaultfd+0x775/0x9a0 [ 183.311776] anon_vma_fork+0xf0/0x960 [ 183.315597] ? kasan_unpoison_shadow+0x35/0x50 [ 183.320207] ? anon_vma_clone+0x740/0x740 [ 183.324383] ? kasan_slab_alloc+0x12/0x20 [ 183.328553] ? kmem_cache_alloc+0x2fc/0x760 [ 183.332912] copy_process.part.41+0x6705/0x73d0 [ 183.337643] ? __cleanup_sighand+0x70/0x70 [ 183.341912] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 183.347468] ? perf_tp_event+0x91b/0xc40 [ 183.351547] ? xas_descend+0x20c/0x5f0 [ 183.355468] ? perf_swevent_event+0x2e0/0x2e0 [ 183.360001] ? perf_swevent_event+0x158/0x2e0 [ 183.364524] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 183.370101] ? perf_tp_event+0x91b/0xc40 [ 183.374185] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 183.379313] ? filemap_map_pages+0xca2/0x1990 [ 183.383836] ? perf_swevent_event+0x2e0/0x2e0 [ 183.388378] ? perf_trace_run_bpf_submit+0x269/0x3b0 [ 183.393508] ? perf_trace_run_bpf_submit+0x269/0x3b0 [ 183.398649] ? perf_tp_event+0xc40/0xc40 [ 183.402740] ? perf_trace_run_bpf_submit+0x269/0x3b0 [ 183.407865] ? perf_trace_run_bpf_submit+0x269/0x3b0 [ 183.412989] ? perf_trace_run_bpf_submit+0x270/0x3b0 [ 183.418125] ? perf_tp_event+0xc40/0xc40 [ 183.422204] ? zap_class+0x740/0x740 [ 183.425952] ? perf_trace_run_bpf_submit+0x269/0x3b0 [ 183.431090] ? perf_trace_run_bpf_submit+0x269/0x3b0 [ 183.436223] ? perf_trace_run_bpf_submit+0x270/0x3b0 [ 183.441353] ? perf_tp_event+0xc40/0xc40 [ 183.445708] ? zap_class+0x740/0x740 [ 183.449450] ? memset+0x31/0x40 [ 183.452776] ? perf_trace_lock+0x49d/0x920 [ 183.457213] ? perf_trace_run_bpf_submit+0x269/0x3b0 [ 183.462345] ? zap_class+0x740/0x740 [ 183.466126] ? __check_object_size+0xa3/0x5d7 [ 183.470655] ? memset+0x31/0x40 [ 183.476837] ? zap_class+0x740/0x740 [ 183.480604] ? __f_unlock_pos+0x19/0x20 [ 183.484611] ? lock_downgrade+0x8f0/0x8f0 [ 183.488779] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 183.494335] ? proc_fail_nth_write+0x9e/0x210 [ 183.498865] ? lock_acquire+0x1e4/0x540 [ 183.502865] _do_fork+0x291/0x12a0 [ 183.506512] ? fork_idle+0x1a0/0x1a0 [ 183.510261] ? fsnotify_first_mark+0x350/0x350 [ 183.514876] ? fsnotify+0x14e0/0x14e0 [ 183.518704] ? __sb_end_write+0xac/0xe0 [ 183.522821] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 183.528390] ? fput+0x130/0x1a0 [ 183.531704] ? ksys_write+0x1ae/0x260 [ 183.535523] ? __ia32_sys_read+0xb0/0xb0 [ 183.539602] ? syscall_slow_exit_work+0x500/0x500 [ 183.544465] __x64_sys_clone+0xbf/0x150 [ 183.548479] do_syscall_64+0x1b9/0x820 [ 183.552380] ? finish_task_switch+0x1d3/0x870 [ 183.556891] ? syscall_return_slowpath+0x5e0/0x5e0 [ 183.561837] ? syscall_return_slowpath+0x31d/0x5e0 [ 183.566925] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 183.571975] ? prepare_exit_to_usermode+0x291/0x3b0 [ 183.577031] ? perf_trace_sys_enter+0xb10/0xb10 [ 183.581810] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 183.586685] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 183.592318] RIP: 0033:0x455ab9 09:51:56 executing program 1: r0 = syz_open_dev$amidi(&(0x7f0000001580)='/dev/amidi#\x00', 0x3, 0x101880) recvmsg$kcm(0xffffffffffffffff, &(0x7f0000001440)={&(0x7f0000000280)=@can={0x0, 0x0}, 0x80, &(0x7f0000000400)=[{&(0x7f0000000300)=""/169, 0xa9}, {&(0x7f00000003c0)=""/41, 0x29}], 0x2, &(0x7f0000000440)=""/4096, 0x1000, 0x4}, 0x10020) sendmsg$nl_route(r0, &(0x7f0000001500)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x2000400}, 0xc, &(0x7f00000014c0)={&(0x7f0000001480)=ANY=[@ANYBLOB="340000001200020025bd7000fbdbdf2507000000", @ANYRES32=r1, @ANYBLOB="000400001001000004001400080010000500001408001b00e0ffffff"], 0x34}, 0x1, 0x0, 0x0, 0x10}, 0x4000000) r2 = memfd_create(&(0x7f0000000100)="885d292b00", 0x0) write(r2, &(0x7f0000000080)="a8", 0x1) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x11, r2, 0x0) sendfile(r2, r2, &(0x7f0000000040), 0xff8) getsockopt$inet_sctp6_SCTP_RTOINFO(r2, 0x84, 0x0, &(0x7f00000001c0)={0x0, 0xffffffff, 0x7fc, 0x2}, &(0x7f0000000200)=0x10) getsockopt$inet_sctp_SCTP_RTOINFO(r0, 0x84, 0x0, &(0x7f0000000240)={r3, 0x7f, 0xc3ce}, &(0x7f0000001540)=0x10) renameat(0xffffffffffffffff, &(0x7f0000000000)='.\x00', 0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00') 09:51:56 executing program 3: r0 = perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) readlink(&(0x7f0000000080)='./file0\x00', &(0x7f00000002c0)=""/4096, 0x1000) r1 = fcntl$dupfd(r0, 0x0, r0) setsockopt$inet_sctp6_SCTP_INITMSG(r1, 0x84, 0x2, &(0x7f0000000040)={0x6, 0x8, 0x1f}, 0x8) clone(0x0, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) 09:51:56 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$usbmon(&(0x7f0000000040)='/dev/usbmon#\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_CLIENT_INFO(r0, 0xc0bc5310, &(0x7f0000000080)) clone(0x0, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) dup(r0) 09:51:56 executing program 1: r0 = memfd_create(&(0x7f0000000100)="885d292b00", 0x0) write(r0, &(0x7f0000000080)="a8", 0x1) ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000000180)=0x1) ioctl$FS_IOC_FSSETXATTR(r0, 0x401c5820, &(0x7f0000000000)={0x800, 0x6, 0x8, 0x40, 0x7}) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x11, r0, 0x0) sendfile(r0, r0, &(0x7f0000000040), 0xff8) r1 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140)='/dev/snapshot\x00', 0x800, 0x0) openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vhost-vsock\x00', 0x2, 0x0) renameat(r1, &(0x7f0000000280)='.\x00', r0, &(0x7f00000002c0)='./file0\x00') [ 183.595508] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 183.615075] RSP: 002b:00007fc93da34c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 183.622816] RAX: ffffffffffffffda RBX: 00007fc93da356d4 RCX: 0000000000455ab9 [ 183.630196] RDX: 0000000020000240 RSI: 0000000020000140 RDI: 0000000000004000 [ 183.637931] RBP: 000000000072bea0 R08: 00000000200002c0 R09: 0000000000000000 [ 183.645221] R10: 0000000020000280 R11: 0000000000000246 R12: 0000000000000014 [ 183.652509] R13: 00000000004bb85d R14: 00000000004c8d28 R15: 0000000000000022 09:51:56 executing program 6: r0 = perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x0, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$LOOP_SET_STATUS(r1, 0x4c02, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x6, 0xa, 0xf, 0x19, "56758bf01911b368734e3d4b14f731e1ca7cc14086e968bc6ae8c45d5429463e9ec12643fabfa3f5dee195353b8b60724bc0fbe0bbac1e72574a09fc3993649a", "df98a7170956b0852082399f04dc0f71aeeabf1aa6b1bbb3f201c2a634f61c82", [0x8, 0x7]}) r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000040)='/dev/hwrng\x00', 0x20000, 0x0) ioctl$RTC_AIE_OFF(r2, 0x7002) 09:51:57 executing program 0: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x80000000000002, &(0x7f0000000000)=0x78, 0x4) bind$inet(r1, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1=0xe0000001}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, &(0x7f0000000040)='dctcp\x00', 0x7fff) sendto$inet(r1, &(0x7f0000a88f88), 0xfffffffffffffe6e, 0x20000000, &(0x7f0000e68000)={0x2, 0x4004e23, @local={0xac, 0x14, 0x14, 0xaa}}, 0x10) shutdown(r1, 0x1) 09:51:57 executing program 3: getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000040)={0x0, 0x0, 0x0}, &(0x7f0000000080)=0xc) lstat(&(0x7f00000000c0)='./file0\x00', &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) setregid(r0, r1) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x0, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) 09:51:57 executing program 7: syz_mount_image$vfat(&(0x7f0000000140)='vfat\x00', &(0x7f0000000100)='./file0\x00', 0x10001, 0x1, &(0x7f0000000040)=[{&(0x7f0000010000)="eb64c86d6b66732e66617400020441000500077008", 0x15}], 0x0, &(0x7f0000000240)=ANY=[]) r0 = open(&(0x7f00000001c0)='./file0/file0\x00', 0x3bffa, 0x0) io_setup(0x7, &(0x7f0000000000)=0x0) write$binfmt_elf32(r0, &(0x7f0000000180)=ANY=[@ANYRES64], 0xfffffe45) io_submit(r1, 0x1, &(0x7f0000000400)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r0, &(0x7f00000002c0)="80", 0x1}]) 09:51:57 executing program 5: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x80000000000002, &(0x7f0000000000)=0x78, 0x4) bind$inet(r1, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1=0xe0000001}, 0x10) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f00000000c0)={0x1, &(0x7f0000f40ff8)=[{0x6}]}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000040)='dctcp\x00', 0x7fff) sendto$inet(r1, &(0x7f0000a88f88), 0xfffffffffffffe6e, 0x20000000, &(0x7f0000e68000)={0x2, 0x4004e23, @local={0xac, 0x14, 0x14, 0xaa}}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000001800)='nv\x00', 0x3) shutdown(r1, 0x1) 09:51:57 executing program 4 (fault-call:1 fault-nth:35): perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x4000, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) 09:51:57 executing program 6: r0 = perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ppp\x00', 0x400000, 0x0) ioctl$ASHMEM_SET_SIZE(r1, 0x40087703, 0xfffffffffffffff9) getresuid(&(0x7f0000000080), &(0x7f00000000c0)=0x0, &(0x7f0000000100)) socketpair$inet_smc(0x2b, 0x1, 0x0, &(0x7f00000003c0)) r3 = getegid() syz_kvm_setup_cpu$x86(r1, r1, &(0x7f0000fe7000/0x18000)=nil, &(0x7f0000000200)=[@text16={0x10, &(0x7f0000000140)="b82d018ed00f013c0f32ba400066b80000000066ef0f6b4a00676c0f35baa10066edb86c008ee80f0118", 0x2a}], 0x1, 0x19, &(0x7f0000000380)=[@cr4={0x1, 0x2c}, @cstype3={0x5, 0xa}], 0x2) ioctl$PERF_EVENT_IOC_ID(r0, 0x80082407, &(0x7f0000000400)) write$P9_RGETATTR(r1, &(0x7f00000002c0)={0xa0, 0x19, 0x100000000002, {0x103, {0xf2}, 0x20, r2, r3, 0x9, 0x6, 0x1f, 0x4, 0x5, 0x4e, 0x8001, 0x5, 0x3, 0x4, 0xaca3, 0x7, 0x8ba3, 0xa6ae, 0x9}}, 0xa0) clone(0x0, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) 09:51:57 executing program 1: r0 = memfd_create(&(0x7f0000000100)="885d292b00", 0x0) write(r0, &(0x7f0000000080)="a8", 0xffffff6a) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x11, r0, 0x0) sendfile(r0, r0, &(0x7f0000000040), 0xff8) renameat(0xffffffffffffffff, &(0x7f0000000000)='.\x00', 0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00') 09:51:57 executing program 2: socket$kcm(0x11, 0x2, 0x300) socket$kcm(0x11, 0x2, 0x300) socketpair$inet6_dccp(0xa, 0x6, 0x0, &(0x7f0000000000)) r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)="2f02726f75702e7374617000", 0x2761, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(r0, 0x40286608, 0x20000000) [ 184.888650] FAULT_INJECTION: forcing a failure. [ 184.888650] name failslab, interval 1, probability 0, space 0, times 0 [ 184.899955] CPU: 1 PID: 10842 Comm: syz-executor4 Not tainted 4.18.0-rc5-next-20180720+ #12 [ 184.908462] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 184.917853] Call Trace: [ 184.920460] dump_stack+0x1c9/0x2b4 [ 184.924111] ? dump_stack_print_info.cold.2+0x52/0x52 [ 184.929321] ? __kernel_text_address+0xd/0x40 [ 184.933840] ? unwind_get_return_address+0x61/0xa0 [ 184.938796] should_fail.cold.4+0xa/0x11 [ 184.942891] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 184.948281] ? save_stack+0xa9/0xd0 [ 184.951925] ? kasan_kmalloc+0xc4/0xe0 [ 184.955834] ? kasan_slab_alloc+0x12/0x20 [ 184.960004] ? kmem_cache_alloc+0x12e/0x760 [ 184.964347] ? anon_vma_clone+0x140/0x740 [ 184.968523] ? anon_vma_fork+0xf0/0x960 [ 184.972537] ? copy_process.part.41+0x6705/0x73d0 [ 184.977400] ? _do_fork+0x291/0x12a0 [ 184.981130] ? do_syscall_64+0x1b9/0x820 [ 184.985216] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 184.990692] ? lock_acquire+0x1e4/0x540 [ 184.994709] ? percpu_ref_put_many+0x119/0x240 [ 184.999312] ? lock_downgrade+0x8f0/0x8f0 [ 185.003480] ? lock_release+0xa30/0xa30 [ 185.007498] ? lock_acquire+0x1e4/0x540 [ 185.011510] ? lock_release+0xa30/0xa30 [ 185.015509] ? check_same_owner+0x340/0x340 [ 185.019850] ? percpu_ref_put_many+0x131/0x240 [ 185.025537] ? rcu_note_context_switch+0x730/0x730 [ 185.030492] __should_failslab+0x124/0x180 [ 185.034750] should_failslab+0x9/0x14 [ 185.038570] kmem_cache_alloc+0x47/0x760 [ 185.042650] ? anon_vma_interval_tree_insert+0x26b/0x300 [ 185.048123] anon_vma_clone+0x140/0x740 [ 185.052121] ? unlink_anon_vmas+0xa60/0xa60 [ 185.056463] ? dup_userfaultfd+0x775/0x9a0 [ 185.060715] anon_vma_fork+0xf0/0x960 [ 185.064966] ? kasan_unpoison_shadow+0x35/0x50 [ 185.069575] ? anon_vma_clone+0x740/0x740 [ 185.073741] ? kasan_slab_alloc+0x12/0x20 [ 185.077907] ? kmem_cache_alloc+0x2fc/0x760 [ 185.082254] copy_process.part.41+0x6705/0x73d0 09:51:57 executing program 3: r0 = syz_open_dev$audion(&(0x7f0000000040)='/dev/audio#\x00', 0x7, 0x84000) connect$pppoe(r0, &(0x7f0000000080)={0x18, 0x0, {0x1, @dev={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0x18}, 'gre0\x00'}}, 0x1e) perf_event_open(&(0x7f0000000180)={0x7, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400000, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x0, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) 09:51:57 executing program 6: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040)='/dev/uinput\x00', 0x80, 0x0) bind$nfc_llcp(r0, &(0x7f0000000080)={0x27, 0x0, 0x1, 0x0, 0xe4f8, 0x8, "5094a0d3b3821ddf324da3b8d5d25c8497f1f3e669c1af419782b780e8cab60f0b06ca553784f6583d580f3107cab029ba3a8264b74673997d9f3b1b8b39e8", 0xb}, 0x60) clone(0x0, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) setsockopt$inet_mreq(r0, 0x0, 0x23, &(0x7f0000000100)={@loopback=0x7f000001, @rand_addr=0xfffffffffffffff9}, 0x8) [ 185.086957] ? __cleanup_sighand+0x70/0x70 [ 185.091212] ? lock_release+0xa30/0xa30 [ 185.095200] ? xas_descend+0x20c/0x5f0 [ 185.099115] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 185.104153] ? check_pgprot+0xdf/0x180 [ 185.108052] ? put_page+0x280/0x280 [ 185.111691] ? kasan_check_write+0x14/0x20 [ 185.115947] ? alloc_set_pte+0xaf6/0x1790 [ 185.120119] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 185.125153] ? filemap_map_pages+0xca2/0x1990 [ 185.129671] ? trace_hardirqs_on+0x10/0x10 [ 185.133923] ? xa_set_tag+0x40/0x40 [ 185.135086] FAT-fs (loop7): invalid media value (0x00) [ 185.137558] ? perf_trace_lock+0xde/0x920 [ 185.137577] ? trace_hardirqs_on+0x10/0x10 [ 185.137595] ? trace_hardirqs_on+0x10/0x10 [ 185.137609] ? trace_hardirqs_on+0x10/0x10 [ 185.137630] ? find_get_entries_tag+0x1410/0x1410 [ 185.143015] FAT-fs (loop7): Can't find a valid FAT filesystem [ 185.147128] ? perf_trace_lock+0xde/0x920 [ 185.147142] ? zap_class+0x740/0x740 [ 185.147160] ? zap_class+0x740/0x740 [ 185.182325] ? zap_class+0x740/0x740 [ 185.186075] ? shrink_dcache_sb+0x350/0x350 [ 185.190415] ? perf_trace_lock+0xde/0x920 [ 185.194567] ? lock_acquire+0x1e4/0x540 [ 185.198558] ? __fdget_pos+0x1bb/0x200 [ 185.202441] ? zap_class+0x740/0x740 [ 185.206148] ? lock_release+0xa30/0xa30 [ 185.210115] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 185.215640] ? _parse_integer+0x13b/0x190 [ 185.219773] ? perf_trace_lock+0xde/0x920 [ 185.223923] ? _kstrtoull+0x188/0x250 [ 185.227721] ? _parse_integer+0x190/0x190 [ 185.231871] ? zap_class+0x740/0x740 [ 185.235582] ? __check_object_size+0xa3/0x5d7 [ 185.240077] ? lock_acquire+0x1e4/0x540 [ 185.244156] ? get_pid_task+0xd8/0x1a0 [ 185.248031] ? perf_trace_lock+0xde/0x920 [ 185.252190] ? lock_release+0xa30/0xa30 [ 185.256158] ? zap_class+0x740/0x740 [ 185.259872] ? vmf_insert_mixed_mkwrite+0xa0/0xa0 [ 185.264705] ? __f_unlock_pos+0x19/0x20 [ 185.268677] ? lock_downgrade+0x8f0/0x8f0 [ 185.272820] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 185.278361] ? proc_fail_nth_write+0x9e/0x210 [ 185.282858] ? lock_acquire+0x1e4/0x540 [ 185.286836] _do_fork+0x291/0x12a0 [ 185.290374] ? fork_idle+0x1a0/0x1a0 [ 185.294077] ? fsnotify_first_mark+0x350/0x350 [ 185.298648] ? fsnotify+0x14e0/0x14e0 [ 185.302446] ? __sb_end_write+0xac/0xe0 [ 185.306428] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 185.311967] ? fput+0x130/0x1a0 [ 185.315232] ? ksys_write+0x1ae/0x260 [ 185.319022] ? __ia32_sys_read+0xb0/0xb0 [ 185.323073] ? syscall_slow_exit_work+0x500/0x500 [ 185.327928] __x64_sys_clone+0xbf/0x150 [ 185.331888] do_syscall_64+0x1b9/0x820 [ 185.335759] ? finish_task_switch+0x1d3/0x870 [ 185.340241] ? syscall_return_slowpath+0x5e0/0x5e0 [ 185.345157] ? syscall_return_slowpath+0x31d/0x5e0 [ 185.350085] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 185.355102] ? prepare_exit_to_usermode+0x291/0x3b0 [ 185.360109] ? perf_trace_sys_enter+0xb10/0xb10 [ 185.364765] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 185.369603] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 185.374782] RIP: 0033:0x455ab9 [ 185.377967] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 185.397174] RSP: 002b:00007fc93da34c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 185.404882] RAX: ffffffffffffffda RBX: 00007fc93da356d4 RCX: 0000000000455ab9 [ 185.412151] RDX: 0000000020000240 RSI: 0000000020000140 RDI: 0000000000004000 [ 185.419407] RBP: 000000000072bea0 R08: 00000000200002c0 R09: 0000000000000000 [ 185.426782] R10: 0000000020000280 R11: 0000000000000246 R12: 0000000000000014 [ 185.434037] R13: 00000000004bb85d R14: 00000000004c8d28 R15: 0000000000000023 09:51:58 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x0, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) open$dir(&(0x7f0000000040)='./file0\x00', 0x400280, 0x1) [ 185.447508] EXT4-fs warning (device sda1): verify_group_input:104: Cannot add at group 21 (only 16 groups) 09:51:58 executing program 6: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$dmmidi(&(0x7f0000000040)='/dev/dmmidi#\x00', 0xfff, 0x40) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffff9c, &(0x7f00000000c0)={0x0, 0x18, 0xfa00, {0x4, &(0x7f0000000080)={0xffffffffffffffff}, 0x106, 0x5}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_ADDR(r0, &(0x7f00000002c0)={0x15, 0x110, 0xfa00, {r1, 0x0, 0x0, 0x0, 0x0, @ib={0x1b, 0x4, 0x8, {"d30d08814d8af6ac4ab84f7052f07ef9"}, 0x100000001, 0x5, 0x35}, @in6={0xa, 0x4e21, 0x7fff, @ipv4={[], [0xff, 0xff], @rand_addr=0x7f}, 0x74dc}}}, 0x118) clone(0x0, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) 09:51:58 executing program 4 (fault-call:1 fault-nth:36): perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x4000, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) [ 185.508201] EXT4-fs warning (device sda1): verify_group_input:104: Cannot add at group 23 (only 16 groups) [ 185.572929] FAULT_INJECTION: forcing a failure. [ 185.572929] name failslab, interval 1, probability 0, space 0, times 0 [ 185.584287] CPU: 1 PID: 10884 Comm: syz-executor4 Not tainted 4.18.0-rc5-next-20180720+ #12 [ 185.592813] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 185.602180] Call Trace: [ 185.604791] dump_stack+0x1c9/0x2b4 [ 185.609570] ? dump_stack_print_info.cold.2+0x52/0x52 [ 185.614782] ? __kernel_text_address+0xd/0x40 [ 185.619301] ? unwind_get_return_address+0x61/0xa0 [ 185.624251] should_fail.cold.4+0xa/0x11 [ 185.628336] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 185.633459] ? save_stack+0xa9/0xd0 [ 185.637140] ? kasan_kmalloc+0xc4/0xe0 [ 185.641044] ? kasan_slab_alloc+0x12/0x20 [ 185.645208] ? kmem_cache_alloc+0x12e/0x760 [ 185.649549] ? anon_vma_clone+0x140/0x740 [ 185.653711] ? anon_vma_fork+0xf0/0x960 [ 185.657704] ? copy_process.part.41+0x6705/0x73d0 [ 185.662569] ? _do_fork+0x291/0x12a0 [ 185.666303] ? do_syscall_64+0x1b9/0x820 [ 185.670380] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 185.675762] ? lock_acquire+0x1e4/0x540 [ 185.679758] ? percpu_ref_put_many+0x119/0x240 [ 185.684360] ? lock_downgrade+0x8f0/0x8f0 [ 185.688530] ? lock_release+0xa30/0xa30 [ 185.692522] ? memcg_kmem_get_cache+0x3a9/0x9d0 [ 185.697211] ? mem_cgroup_handle_over_high+0x130/0x130 [ 185.702510] ? lock_acquire+0x1e4/0x540 [ 185.706530] ? percpu_ref_put_many+0x131/0x240 [ 185.711129] ? mem_cgroup_id_get_online+0x310/0x310 [ 185.716162] ? kasan_unpoison_shadow+0x35/0x50 [ 185.720772] __should_failslab+0x124/0x180 [ 185.725018] should_failslab+0x9/0x14 [ 185.728841] kmem_cache_alloc+0x47/0x760 [ 185.732917] ? anon_vma_interval_tree_insert+0x26b/0x300 [ 185.738391] anon_vma_clone+0x140/0x740 [ 185.742387] ? unlink_anon_vmas+0xa60/0xa60 [ 185.746728] ? dup_userfaultfd+0x775/0x9a0 [ 185.750981] anon_vma_fork+0xf0/0x960 [ 185.754791] ? kasan_unpoison_shadow+0x35/0x50 [ 185.759387] ? anon_vma_clone+0x740/0x740 [ 185.763547] ? kasan_slab_alloc+0x12/0x20 [ 185.767706] ? kmem_cache_alloc+0x2fc/0x760 [ 185.772067] copy_process.part.41+0x6705/0x73d0 [ 185.776767] ? __cleanup_sighand+0x70/0x70 [ 185.781031] ? lock_release+0xa30/0xa30 [ 185.785044] ? xas_descend+0x20c/0x5f0 [ 185.788947] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 185.793975] ? check_pgprot+0xdf/0x180 [ 185.797884] ? put_page+0x280/0x280 [ 185.802394] ? kasan_check_write+0x14/0x20 [ 185.806654] ? alloc_set_pte+0xaf6/0x1790 [ 185.810826] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 185.815866] ? filemap_map_pages+0xca2/0x1990 [ 185.820376] ? trace_hardirqs_on+0x10/0x10 [ 185.824976] ? xa_set_tag+0x40/0x40 [ 185.828699] ? perf_trace_lock+0xde/0x920 [ 185.832899] ? trace_hardirqs_on+0x10/0x10 [ 185.837163] ? trace_hardirqs_on+0x10/0x10 [ 185.841425] ? trace_hardirqs_on+0x10/0x10 [ 185.845680] ? find_get_entries_tag+0x1410/0x1410 [ 185.850545] ? perf_trace_lock+0xde/0x920 [ 185.854721] ? zap_class+0x740/0x740 [ 185.858445] ? zap_class+0x740/0x740 [ 185.862169] ? zap_class+0x740/0x740 [ 185.865892] ? shrink_dcache_sb+0x350/0x350 [ 185.870225] ? perf_trace_lock+0xde/0x920 09:51:58 executing program 6: r0 = getpgrp(0x0) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8400, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x358f}, r0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$sndpcmc(&(0x7f0000000040)='/dev/snd/pcmC#D#c\x00', 0x20, 0x100) bind$inet(r1, &(0x7f0000000080)={0x2, 0x4e23, @remote={0xac, 0x14, 0x14, 0xbb}}, 0x10) clone(0x0, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) 09:51:58 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x0, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) 09:51:58 executing program 0: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x80000000000002, &(0x7f0000000000)=0x78, 0x4) bind$inet(r1, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1=0xe0000001}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, &(0x7f0000000040)='dctcp\x00', 0x7fff) sendto$inet(r1, &(0x7f0000a88f88), 0xfffffffffffffe6e, 0x20000000, &(0x7f0000e68000)={0x2, 0x4004e23, @local={0xac, 0x14, 0x14, 0xaa}}, 0x10) shutdown(r1, 0x1) [ 185.874384] ? lock_acquire+0x1e4/0x540 [ 185.878367] ? __fdget_pos+0x1bb/0x200 [ 185.882267] ? zap_class+0x740/0x740 [ 185.885988] ? lock_release+0xa30/0xa30 [ 185.889973] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 185.895519] ? _parse_integer+0x13b/0x190 [ 185.899676] ? perf_trace_lock+0xde/0x920 [ 185.903828] ? _kstrtoull+0x188/0x250 [ 185.907638] ? _parse_integer+0x190/0x190 [ 185.911817] ? zap_class+0x740/0x740 [ 185.915548] ? __check_object_size+0xa3/0x5d7 [ 185.920149] ? lock_acquire+0x1e4/0x540 [ 185.924168] ? get_pid_task+0xd8/0x1a0 [ 185.928062] ? perf_trace_lock+0xde/0x920 [ 185.932221] ? lock_release+0xa30/0xa30 [ 185.936226] ? zap_class+0x740/0x740 [ 185.940388] ? vmf_insert_mixed_mkwrite+0xa0/0xa0 [ 185.945237] ? __f_unlock_pos+0x19/0x20 [ 185.949223] ? lock_downgrade+0x8f0/0x8f0 [ 185.953381] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 185.958933] ? proc_fail_nth_write+0x9e/0x210 [ 185.963476] ? lock_acquire+0x1e4/0x540 [ 185.967489] _do_fork+0x291/0x12a0 [ 185.971042] ? fork_idle+0x1a0/0x1a0 09:51:58 executing program 1: r0 = memfd_create(&(0x7f0000000100)="885d292b00", 0x0) write(r0, &(0x7f0000000080)="a8", 0x1) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x11, r0, 0x0) sendfile(r0, r0, &(0x7f0000000040), 0xff8) renameat(0xffffffffffffffff, &(0x7f0000000000)='.\x00', 0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00') 09:51:58 executing program 6: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x0, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000000c0)) r0 = syz_open_dev$mice(&(0x7f0000000040)='/dev/input/mice\x00', 0x0, 0x88000) write$P9_RLOPEN(r0, &(0x7f0000000080)={0x18, 0xd, 0x9, {{0x10, 0x0, 0x8}, 0x7}}, 0x18) [ 185.974764] ? fsnotify_first_mark+0x350/0x350 [ 185.979354] ? fsnotify+0x14e0/0x14e0 [ 185.983212] ? __sb_end_write+0xac/0xe0 [ 185.987202] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 185.992751] ? fput+0x130/0x1a0 [ 185.996039] ? ksys_write+0x1ae/0x260 [ 186.000395] ? __ia32_sys_read+0xb0/0xb0 [ 186.004459] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 186.010102] __x64_sys_clone+0xbf/0x150 [ 186.014106] do_syscall_64+0x1b9/0x820 [ 186.018002] ? finish_task_switch+0x1d3/0x870 [ 186.022509] ? syscall_return_slowpath+0x5e0/0x5e0 [ 186.027455] ? syscall_return_slowpath+0x31d/0x5e0 [ 186.032407] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 186.037439] ? prepare_exit_to_usermode+0x291/0x3b0 [ 186.042499] ? perf_trace_sys_enter+0xb10/0xb10 [ 186.047196] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 186.052091] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 186.057301] RIP: 0033:0x455ab9 [ 186.060496] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 186.079988] RSP: 002b:00007fc93da34c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 186.087716] RAX: ffffffffffffffda RBX: 00007fc93da356d4 RCX: 0000000000455ab9 [ 186.095102] RDX: 0000000020000240 RSI: 0000000020000140 RDI: 0000000000004000 [ 186.102469] RBP: 000000000072bea0 R08: 00000000200002c0 R09: 0000000000000000 [ 186.109757] R10: 0000000020000280 R11: 0000000000000246 R12: 0000000000000014 [ 186.117057] R13: 00000000004bb85d R14: 00000000004c8d28 R15: 0000000000000024 09:51:59 executing program 7: syz_mount_image$vfat(&(0x7f0000000140)='vfat\x00', &(0x7f0000000100)='./file0\x00', 0x10001, 0x1, &(0x7f0000000040)=[{&(0x7f0000010000)="eb64c86d6b66732e66617400020441000500077008f8", 0x16}], 0x0, &(0x7f0000000240)=ANY=[]) r0 = open(&(0x7f00000001c0)='./file0/file0\x00', 0x0, 0x0) io_setup(0x7, &(0x7f0000000000)=0x0) write$binfmt_elf32(r0, &(0x7f0000000180)=ANY=[@ANYRES64], 0xfffffe45) io_submit(r1, 0x1, &(0x7f0000000400)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r0, &(0x7f00000002c0)="80", 0x1}]) [ 186.261483] FAT-fs (loop7): Directory bread(block 128) failed [ 186.270231] FAT-fs (loop7): Directory bread(block 129) failed [ 186.282414] FAT-fs (loop7): Directory bread(block 130) failed [ 186.291786] FAT-fs (loop7): Directory bread(block 131) failed [ 186.298415] FAT-fs (loop7): Directory bread(block 132) failed [ 186.304832] FAT-fs (loop7): Directory bread(block 133) failed 09:51:59 executing program 5: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x80000000000002, &(0x7f0000000000)=0x78, 0x4) bind$inet(r1, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1=0xe0000001}, 0x10) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f00000000c0)={0x1, &(0x7f0000f40ff8)=[{0x6}]}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000040)='dctcp\x00', 0x7fff) sendto$inet(r1, &(0x7f0000a88f88), 0xfffffffffffffe6e, 0x20000000, &(0x7f0000e68000)={0x2, 0x4004e23, @local={0xac, 0x14, 0x14, 0xaa}}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000001800)='nv\x00', 0x3) shutdown(r1, 0x1) 09:51:59 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x0, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffff9c, 0x89e2, &(0x7f0000000040)={0xffffffffffffff9c}) connect$netlink(r0, &(0x7f0000000080)=@unspec, 0xc) 09:51:59 executing program 2: mkdirat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x0) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000840)='/dev/hwrng\x00', 0x2, 0x0) setsockopt$inet_mreq(r0, 0x0, 0x24, &(0x7f0000000880)={@empty, @local={0xac, 0x14, 0x14, 0xaa}}, 0x8) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000280)='/proc/self/net/pfkey\x00', 0x8000, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r1, 0x29, 0x40, &(0x7f0000000340)=@security={'security\x00', 0xe, 0x4, 0x478, 0x3a8, 0x0, 0x2b8, 0x2b8, 0x2b8, 0x3a8, 0x3a8, 0x3a8, 0x3a8, 0x3a8, 0x4, &(0x7f0000000300), {[{{@uncond, 0x0, 0x128, 0x170, 0x0, {}, [@common=@srh={0x30, 'srh\x00', 0x0, {0x87, 0x8e, 0x6, 0xafa8, 0x1, 0x8, 0x100}}, @common=@ah={0x30, 'ah\x00', 0x0, {0x4d6, 0x4d2, 0x1, 0x5, 0x3}}]}, @common=@inet=@TEE={0x48, 'TEE\x00', 0x1, {@ipv4, 'bcsh0\x00'}}}, {{@uncond, 0x0, 0x118, 0x148, 0x0, {}, [@common=@icmp6={0x28, 'icmp6\x00', 0x0, {0xd, 0x46e6, 0xffffffffffffffff, 0x1}}, @common=@eui64={0x28, 'eui64\x00'}]}, @common=@inet=@SET2={0x30, 'SET\x00', 0x2, {{0x2d, 0x23, 0x9}, {0x1, 0x1, 0x10001}, 0x3, 0x7fffffff}}}, {{@ipv6={@dev={0xfe, 0x80, [], 0x10}, @local={0xfe, 0x80, [], 0xaa}, [0xffffffff, 0xff, 0x0, 0xffffffff], [0xffffff00, 0xffffffff, 0xffffffff, 0xffffffff], 'ifb0\x00', 'bpq0\x00', {0xff}, {0xff}, 0x88, 0x92, 0x0, 0x1}, 0x0, 0xc8, 0xf0}, @common=@inet=@SET1={0x28, 'SET\x00', 0x1, {{0x0, 0x0, 0x2a1b}, {0x0, 0x0, 0x6}}}}], {{[], 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x0, 0xfffffffffffffffe}}}}, 0x4d8) mount$fuse(0x20000000, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='fuse\x00', 0x7a04, &(0x7f00000001c0)=ANY=[]) r2 = open(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) fchmod(r2, 0x20) setsockopt$inet_mreq(r2, 0x0, 0x20, &(0x7f0000000140)={@multicast2=0xe0000002}, 0x8) r3 = mq_open(&(0x7f00000001c0)="e32b00", 0x40, 0x4, &(0x7f0000000200)={0x7, 0x827, 0x7, 0x2, 0x60000000, 0x0, 0x101, 0x80000001}) fcntl$getownex(r3, 0x10, &(0x7f0000000240)) mkdirat(r2, &(0x7f0000000100)='./file0\x00', 0x0) ioctl$VT_WAITACTIVE(r2, 0x5607) 09:51:59 executing program 6: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x0, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) 09:51:59 executing program 4 (fault-call:1 fault-nth:37): perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x4000, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) 09:51:59 executing program 1: r0 = memfd_create(&(0x7f0000000100)="885d292b00", 0x0) write(r0, &(0x7f0000000080)="a8", 0x1) write$binfmt_script(r0, &(0x7f0000000140)={'#! ', './file0', [{0x20, '^\''}, {0x20, 'lo@:\''}], 0xa, "8a115d8b35b3022e7df3c55a50e13ded328736db727eda89fd1de15a980c5debce5b2deb7c191b91603a668d5abe56c1c487e7abc5d4a061f100ff8bb50d1d00ac0fb9386aee82e8d3d2012c6eeebd9ad20c0eb4176e52e195b70baba800bc64197769506aa8984945b3662d3000c4cf03f823eb2c9637e1780fb1ad572ba76e8ab2e3c415ba3bee8e077bfc4e04b0e3d60ba591748eeb906eb43c46e9bc65f72539c1eab8"}, 0xb9) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x11, r0, 0x0) sendfile(r0, r0, &(0x7f0000000040), 0xff8) renameat(0xffffffffffffffff, &(0x7f0000000000)='.\x00', 0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00') [ 186.317408] FAT-fs (loop7): Directory bread(block 134) failed [ 186.326800] FAT-fs (loop7): Directory bread(block 135) failed [ 186.336812] FAT-fs (loop7): Directory bread(block 136) failed [ 186.343576] FAT-fs (loop7): Directory bread(block 137) failed [ 186.357553] FAULT_INJECTION: forcing a failure. 09:51:59 executing program 2: r0 = socket$inet6(0xa, 0x1000000000003, 0x100000003) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = socket$nl_generic(0xa, 0x5, 0x84) ioctl$sock_SIOCETHTOOL(r1, 0x89f0, &(0x7f0000000140)={"62726964676530000000008000", &(0x7f0000000100)=@ethtool_cmd={0x7, 0x0, 0x709000, 0x0, 0x0, 0x0, 0x2}}) [ 186.357553] name failslab, interval 1, probability 0, space 0, times 0 [ 186.368976] CPU: 1 PID: 10933 Comm: syz-executor4 Not tainted 4.18.0-rc5-next-20180720+ #12 [ 186.377482] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 186.386841] Call Trace: [ 186.389444] dump_stack+0x1c9/0x2b4 [ 186.393191] ? dump_stack_print_info.cold.2+0x52/0x52 [ 186.398398] ? perf_trace_lock+0xde/0x920 [ 186.402568] should_fail.cold.4+0xa/0x11 [ 186.406646] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 186.411772] ? lock_downgrade+0x8f0/0x8f0 09:51:59 executing program 6: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='mounts\x00') ioctl$KVM_GET_EMULATED_CPUID(r0, 0xc008ae09, &(0x7f0000000080)=""/172) clone(0x0, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) [ 186.415940] ? anon_vma_clone+0x4e0/0x740 [ 186.420103] ? lock_downgrade+0x8f0/0x8f0 [ 186.424268] ? percpu_ref_put_many+0x131/0x240 [ 186.428904] ? lock_acquire+0x1e4/0x540 [ 186.434996] ? fs_reclaim_acquire+0x20/0x20 [ 186.439341] ? lock_downgrade+0x8f0/0x8f0 [ 186.443514] ? check_same_owner+0x340/0x340 [ 186.447854] ? rcu_note_context_switch+0x730/0x730 [ 186.452807] __should_failslab+0x124/0x180 [ 186.457071] should_failslab+0x9/0x14 [ 186.460885] kmem_cache_alloc+0x2af/0x760 09:51:59 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffff259, 0x0, 0x0, 0x10000, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7dc345d9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x200000, 0x7}, 0x0, 0xffffffffffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x0, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) [ 186.465050] ? dup_userfaultfd+0x775/0x9a0 [ 186.469305] anon_vma_fork+0x192/0x960 [ 186.473206] ? kasan_unpoison_shadow+0x35/0x50 [ 186.477804] ? anon_vma_clone+0x740/0x740 [ 186.481968] ? kasan_slab_alloc+0x12/0x20 [ 186.486127] ? kmem_cache_alloc+0x2fc/0x760 [ 186.490472] copy_process.part.41+0x6705/0x73d0 [ 186.495174] ? __cleanup_sighand+0x70/0x70 [ 186.499427] ? lock_release+0xa30/0xa30 [ 186.503520] ? xas_descend+0x20c/0x5f0 [ 186.507431] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 186.512475] ? check_pgprot+0xdf/0x180 [ 186.516375] ? put_page+0x280/0x280 [ 186.520024] ? kasan_check_write+0x14/0x20 [ 186.524291] ? alloc_set_pte+0xaf6/0x1790 [ 186.528456] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 186.533500] ? filemap_map_pages+0xca2/0x1990 [ 186.537995] ? trace_hardirqs_on+0x10/0x10 [ 186.542226] ? xa_set_tag+0x40/0x40 [ 186.545845] ? perf_trace_lock+0xde/0x920 [ 186.550020] ? trace_hardirqs_on+0x10/0x10 [ 186.554767] ? trace_hardirqs_on+0x10/0x10 [ 186.558992] ? trace_hardirqs_on+0x10/0x10 [ 186.563221] ? find_get_entries_tag+0x1410/0x1410 [ 186.568064] ? perf_trace_lock+0xde/0x920 [ 186.572201] ? zap_class+0x740/0x740 [ 186.575917] ? zap_class+0x740/0x740 [ 186.579897] ? zap_class+0x740/0x740 [ 186.583603] ? shrink_dcache_sb+0x350/0x350 [ 186.587912] ? perf_trace_lock+0xde/0x920 [ 186.592047] ? lock_acquire+0x1e4/0x540 [ 186.596025] ? __fdget_pos+0x1bb/0x200 [ 186.599900] ? zap_class+0x740/0x740 [ 186.603950] ? lock_release+0xa30/0xa30 [ 186.607920] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 186.613443] ? _parse_integer+0x13b/0x190 [ 186.617587] ? perf_trace_lock+0xde/0x920 [ 186.621723] ? _kstrtoull+0x188/0x250 [ 186.625509] ? _parse_integer+0x190/0x190 [ 186.629653] ? zap_class+0x740/0x740 [ 186.633352] ? __check_object_size+0xa3/0x5d7 [ 186.637840] ? lock_acquire+0x1e4/0x540 [ 186.641801] ? get_pid_task+0xd8/0x1a0 [ 186.645676] ? perf_trace_lock+0xde/0x920 [ 186.649824] ? lock_release+0xa30/0xa30 [ 186.653787] ? zap_class+0x740/0x740 [ 186.657679] ? vmf_insert_mixed_mkwrite+0xa0/0xa0 [ 186.662512] ? __f_unlock_pos+0x19/0x20 [ 186.666479] ? lock_downgrade+0x8f0/0x8f0 [ 186.670617] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 186.676143] ? proc_fail_nth_write+0x9e/0x210 [ 186.680630] ? lock_acquire+0x1e4/0x540 [ 186.684595] _do_fork+0x291/0x12a0 [ 186.688126] ? fork_idle+0x1a0/0x1a0 [ 186.691842] ? fsnotify_first_mark+0x350/0x350 [ 186.696412] ? fsnotify+0x14e0/0x14e0 [ 186.700208] ? __sb_end_write+0xac/0xe0 [ 186.704182] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 186.709723] ? fput+0x130/0x1a0 [ 186.713001] ? ksys_write+0x1ae/0x260 [ 186.716794] ? __ia32_sys_read+0xb0/0xb0 [ 186.720843] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 186.726379] __x64_sys_clone+0xbf/0x150 [ 186.730354] do_syscall_64+0x1b9/0x820 [ 186.734227] ? finish_task_switch+0x1d3/0x870 [ 186.738724] ? syscall_return_slowpath+0x5e0/0x5e0 [ 186.743651] ? syscall_return_slowpath+0x31d/0x5e0 [ 186.748568] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 186.753572] ? prepare_exit_to_usermode+0x291/0x3b0 [ 186.758585] ? perf_trace_sys_enter+0xb10/0xb10 [ 186.763253] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 186.768088] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 186.773261] RIP: 0033:0x455ab9 [ 186.776443] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 186.795657] RSP: 002b:00007fc93da34c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 186.803372] RAX: ffffffffffffffda RBX: 00007fc93da356d4 RCX: 0000000000455ab9 [ 186.810637] RDX: 0000000020000240 RSI: 0000000020000140 RDI: 0000000000004000 [ 186.817904] RBP: 000000000072bea0 R08: 00000000200002c0 R09: 0000000000000000 [ 186.825172] R10: 0000000020000280 R11: 0000000000000246 R12: 0000000000000014 [ 186.832428] R13: 00000000004bb85d R14: 00000000004c8d28 R15: 0000000000000025 09:51:59 executing program 7: syz_mount_image$vfat(&(0x7f0000000140)='vfat\x00', &(0x7f0000000100)='./file0\x00', 0x10001, 0x1, &(0x7f0000000040)=[{&(0x7f0000010000)="eb64c86d6b66732e66617400020441000500077008f8", 0x16}], 0x0, &(0x7f0000000240)=ANY=[]) r0 = open(&(0x7f00000001c0)='./file0/file0\x00', 0x3bffa, 0x0) io_setup(0x0, &(0x7f0000000000)=0x0) write$binfmt_elf32(r0, &(0x7f0000000180)=ANY=[@ANYRES64], 0xfffffe45) io_submit(r1, 0x1, &(0x7f0000000400)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r0, &(0x7f00000002c0)="80", 0x1}]) 09:51:59 executing program 2: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000100)="025cc83d6d345f8f762070") r1 = socket(0x10, 0x80002, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="200000002100010100050000000000000a0000000000f4ff0000000000000000"], 0x1}, 0x1}, 0x0) sendmmsg$alg(r1, &(0x7f0000000140)=[{0x0, 0x0, &(0x7f0000000100), 0x0, &(0x7f0000000100)}], 0x492492492492805, 0x0) 09:51:59 executing program 1: r0 = memfd_create(&(0x7f0000000100)="885d292b00", 0x0) write(r0, &(0x7f0000000080)="a8", 0x1) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x11, r0, 0x0) sendfile(r0, r0, &(0x7f0000000040), 0xff8) ioctl$SG_SET_COMMAND_Q(r0, 0x2271, &(0x7f0000000180)) r1 = fcntl$getown(r0, 0x9) fcntl$setownex(r0, 0xf, &(0x7f0000000140)={0x1, r1}) renameat(0xffffffffffffffff, &(0x7f0000000000)='.\x00', 0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00') 09:51:59 executing program 0: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x80000000000002, &(0x7f0000000000)=0x78, 0x4) bind$inet(r1, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1=0xe0000001}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000040)='dctcp\x00', 0x7fff) sendto$inet(0xffffffffffffffff, &(0x7f0000a88f88), 0xfffffffffffffe6e, 0x20000000, &(0x7f0000e68000)={0x2, 0x4004e23, @local={0xac, 0x14, 0x14, 0xaa}}, 0x10) shutdown(r1, 0x1) 09:51:59 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$amidi(&(0x7f0000000040)='/dev/amidi#\x00', 0x3ff, 0x0) ioctl$KVM_GET_CLOCK(r0, 0x8030ae7c, &(0x7f0000000080)) clone(0x0, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) 09:51:59 executing program 6: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000, 0x3, 0x0, 0x8, 0x0, 0x2000000000000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x0, &(0x7f0000000040)="edd358d65feb7a324d4116616b674549c8a40528098ca43a86befd45855f2596a8063cd546bc7ea045f33574a75d55495e391b0ba6fabb8f41a1ade4f0c8827a88e02694e5d5c48c0adabff0fcbb3a923ec60c4b0f6c31199c949c5a3785e73dbbf6a75eaf9f23ab8b71e8ed6fd5c24793d59c63de8a6d33a9f34d33fea3d9758d13bcc8f3dae2f762277d9803b78ce938b38a9810424ef09fa16c2bd96ce260cb7395dda5f644834f3b86e779889eda49eaa622a72c6435ecb8cf6d8564", &(0x7f0000000300), &(0x7f0000000340), &(0x7f00000002c0)="1acab8af1a6250863476f0ff70dc93fdc2d3b28549a911848c2790cf5f97aa73eb6c8f67e21d136438ccd06e6eb258c3b487755260370432cbe6") [ 186.997572] FAT-fs (loop7): Directory bread(block 128) failed [ 187.031410] FAT-fs (loop7): Directory bread(block 129) failed 09:52:00 executing program 0: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x80000000000002, &(0x7f0000000000)=0x78, 0x4) bind$inet(r1, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1=0xe0000001}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000040)='dctcp\x00', 0x7fff) sendto$inet(r1, &(0x7f0000a88f88), 0xfffffffffffffe6e, 0x0, &(0x7f0000e68000)={0x2, 0x4004e23, @local={0xac, 0x14, 0x14, 0xaa}}, 0x10) shutdown(r1, 0x1) [ 187.064807] FAT-fs (loop7): Directory bread(block 130) failed [ 187.086524] FAT-fs (loop7): Directory bread(block 131) failed [ 187.115378] FAT-fs (loop7): Directory bread(block 132) failed [ 187.137562] FAT-fs (loop7): Directory bread(block 133) failed [ 187.168673] FAT-fs (loop7): Directory bread(block 134) failed [ 187.185811] FAT-fs (loop7): Directory bread(block 135) failed [ 187.194979] FAT-fs (loop7): Directory bread(block 136) failed [ 187.222351] FAT-fs (loop7): Directory bread(block 137) failed [ 187.285311] attempt to access beyond end of device [ 187.290290] loop7: rw=2049, want=290, limit=128 [ 187.294984] buffer_io_error: 14 callbacks suppressed [ 187.294997] Buffer I/O error on dev loop7, logical block 289, lost async page write [ 187.307920] attempt to access beyond end of device [ 187.312861] loop7: rw=2049, want=291, limit=128 [ 187.317563] Buffer I/O error on dev loop7, logical block 290, lost async page write [ 187.325694] attempt to access beyond end of device [ 187.330672] loop7: rw=2049, want=292, limit=128 09:52:00 executing program 5: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x80000000000002, &(0x7f0000000000)=0x78, 0x4) bind$inet(r1, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1=0xe0000001}, 0x10) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f00000000c0)={0x1, &(0x7f0000f40ff8)=[{0x6}]}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000040)='dctcp\x00', 0x7fff) sendto$inet(r1, &(0x7f0000a88f88), 0xfffffffffffffe6e, 0x20000000, &(0x7f0000e68000)={0x2, 0x4004e23, @local={0xac, 0x14, 0x14, 0xaa}}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000001800)='nv\x00', 0x3) shutdown(r1, 0x1) 09:52:00 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x1, &(0x7f00000002c0)="2ac9f9fde1dc5e135b2573660608bd524bc3cd7000a523a2652a5faf94e7d67feae76e1b9c05d5684d3d7cb1ff1ba5e52e37a708b17472092470354ba2f9b3bd9cc4ec566791dbcf4f475915449788c3cf89097ebf7ea268890d015539e329a56e5eb008d6cc6355d8775d75b86f6d479f6a95031122ed0d2d8f8985fe6ff5a76eae94e893f140c0d0b5f09b8134d7ab435a6d801b8b2caf066e5688d79d1739b6b881a3790c62ee5c061cc98d9aaa0013f1", &(0x7f0000000240), &(0x7f0000000280), &(0x7f0000000080)="3cd061ea4c1653e0f1abd1faae25e867a2dafbac9731429f577de18ef5ff816300119824026fe8043967aeb7dd6f58fef24ec658c6cf1d9d0bb329cb3802477dcaacc801a6efa01ecc53008cea0c0f8456a0738c10e5481505cbea775134160cddc054c2b60625734b510d4491d1d78f714f793629853b754ad2da7e73dff5ac7723ee37655412f57f5553b72918382f77f4c19a7f9343b273627b7dd86cebcbe1d3d777dbdfe60cb56ac72d2a62218cc568c989e845fa0e032c4b86353c2b4057ba05ebf0a6bf93de14bc6767799fc5f80e1e4e43ecf7a1791e3b3e402982189c9845154ff01745a92026dfd09194") 09:52:00 executing program 0: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x80000000000002, &(0x7f0000000000)=0x78, 0x4) bind$inet(r1, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1=0xe0000001}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000040)='dctcp\x00', 0x7fff) sendto$inet(r1, &(0x7f0000a88f88), 0xfffffffffffffe6e, 0x0, &(0x7f0000e68000)={0x2, 0x4004e23, @local={0xac, 0x14, 0x14, 0xaa}}, 0x10) shutdown(r1, 0x1) 09:52:00 executing program 6: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x2, 0x0) clone(0x0, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) r0 = memfd_create(&(0x7f0000000400), 0x3) bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000200)={r0, &(0x7f0000000100)="0981319fcb8045a8729299f0978db957cc865d989c7928d67ebb3535d47427ff9e0925d918a9d6107b09bd8e13d839a8d9b911de6c27da53763b56e9bca1f1b27537a70304036573113016d11f3a3fcb6ba93e56", &(0x7f00000002c0)=""/178}, 0x18) ioctl$sock_inet_tcp_SIOCOUTQ(r0, 0x5411, &(0x7f00000000c0)) socket$kcm(0x29, 0x7, 0x0) 09:52:00 executing program 2: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000200)="025cc83d6d345f8f762070") mknod(&(0x7f0000000040)='./file0\x00', 0x40, 0x0) clone(0x200, &(0x7f0000b6b000), &(0x7f0000744000), &(0x7f00000000c0), &(0x7f0000000200)) execve(&(0x7f0000000000)='./file0\x00', &(0x7f0000000440), &(0x7f00000007c0)) 09:52:00 executing program 1: r0 = memfd_create(&(0x7f0000000100)="880d26a06e", 0x6) write(r0, &(0x7f0000000080)="a8", 0x1) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x11, r0, 0x0) getsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(r0, 0x84, 0x18, &(0x7f0000000380)={0x0, 0x200}, &(0x7f00000003c0)=0x8) setsockopt$inet_sctp6_SCTP_RTOINFO(r0, 0x84, 0x0, &(0x7f0000000400)={r1, 0x5, 0x6f13, 0x5}, 0x10) getsockopt$inet_sctp6_SCTP_RTOINFO(r0, 0x84, 0x0, &(0x7f0000000140)={0x0, 0x5}, &(0x7f0000000180)=0x140) sendto$inet6(r0, &(0x7f0000000280)="a159e921bdb2ff41c31b26391b6d49b0f0cb2c48f694091627a5e477043c5ca3ca6399fd9287d9eb837bdf8f04877041f8222b1367d3805e44439e824a5ad51ab1b11142c63fc8d5022e55f10d2db1b8f58d2f9e6da71438b3e462be81ecf43f7d0eb5a85369acfad19961741cc1ac741ab79a00c61bf22f4b3a1eb2bd5b32a6ed452873803ed79331df8e18a702c04e212cb76b5fec87523d15528d1e5cae056e16382a02bfe674f4f7d336cf7ee1f52966b2a2a6aba6a6316881566270b897e6680a3fbad2ea749956b95025a7db7c2bbdd42488dbfa324b", 0xd9, 0x44, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r0, 0x84, 0x1f, &(0x7f00000001c0)={r2, @in6={{0xa, 0x4e23, 0x9ba2, @local={0xfe, 0x80, [], 0xaa}, 0x2400000000000000}}, 0x4403, 0x1}, 0x90) sendfile(r0, r0, &(0x7f0000000040), 0xff8) bind$vsock_stream(r0, &(0x7f0000000440)={0x28, 0x0, 0x2711, @reserved=0x1}, 0x10) renameat(0xffffffffffffffff, &(0x7f0000000000)='.\x00', 0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00') 09:52:00 executing program 4 (fault-call:1 fault-nth:38): perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x4000, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) [ 187.335391] Buffer I/O error on dev loop7, logical block 291, lost async page write [ 187.343519] attempt to access beyond end of device [ 187.348494] loop7: rw=2049, want=293, limit=128 [ 187.353191] Buffer I/O error on dev loop7, logical block 292, lost async page write [ 187.373685] FAULT_INJECTION: forcing a failure. [ 187.373685] name failslab, interval 1, probability 0, space 0, times 0 [ 187.384961] CPU: 1 PID: 11005 Comm: syz-executor4 Not tainted 4.18.0-rc5-next-20180720+ #12 [ 187.393472] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 187.403449] Call Trace: [ 187.406094] dump_stack+0x1c9/0x2b4 [ 187.409718] ? dump_stack_print_info.cold.2+0x52/0x52 [ 187.414919] ? __kernel_text_address+0xd/0x40 [ 187.419512] ? perf_trace_lock+0xde/0x920 [ 187.423668] should_fail.cold.4+0xa/0x11 [ 187.427724] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 187.432814] ? save_stack+0xa9/0xd0 [ 187.436441] ? kasan_kmalloc+0xc4/0xe0 [ 187.440312] ? kasan_slab_alloc+0x12/0x20 [ 187.444448] ? kmem_cache_alloc+0x12e/0x760 [ 187.448760] ? anon_vma_fork+0x192/0x960 [ 187.452824] ? copy_process.part.41+0x6705/0x73d0 [ 187.457651] ? _do_fork+0x291/0x12a0 [ 187.461351] ? __x64_sys_clone+0xbf/0x150 [ 187.465500] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 187.470870] ? lock_acquire+0x1e4/0x540 [ 187.474845] ? lock_downgrade+0x8f0/0x8f0 [ 187.478994] ? lock_acquire+0x1e4/0x540 [ 187.482964] ? fs_reclaim_acquire+0x20/0x20 [ 187.487535] ? lock_downgrade+0x8f0/0x8f0 [ 187.491674] ? check_same_owner+0x340/0x340 [ 187.495983] ? rcu_note_context_switch+0x730/0x730 [ 187.500901] ? kasan_unpoison_shadow+0x35/0x50 [ 187.505473] __should_failslab+0x124/0x180 [ 187.509706] should_failslab+0x9/0x14 [ 187.513497] kmem_cache_alloc+0x2af/0x760 [ 187.517634] ? dup_userfaultfd+0x775/0x9a0 [ 187.521865] ? anon_vma_fork+0x192/0x960 [ 187.526102] anon_vma_fork+0x2dc/0x960 [ 187.529994] ? anon_vma_clone+0x740/0x740 [ 187.534136] ? kasan_slab_alloc+0x12/0x20 [ 187.538279] ? kmem_cache_alloc+0x2fc/0x760 [ 187.542602] copy_process.part.41+0x6705/0x73d0 [ 187.547965] ? __cleanup_sighand+0x70/0x70 [ 187.552190] ? lock_release+0xa30/0xa30 [ 187.556153] ? xas_descend+0x20c/0x5f0 [ 187.560031] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 187.565037] ? check_pgprot+0xdf/0x180 [ 187.568908] ? put_page+0x280/0x280 [ 187.572522] ? kasan_check_write+0x14/0x20 [ 187.577006] ? alloc_set_pte+0xaf6/0x1790 [ 187.581145] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 187.586158] ? filemap_map_pages+0xca2/0x1990 [ 187.590736] ? trace_hardirqs_on+0x10/0x10 [ 187.594957] ? xa_set_tag+0x40/0x40 [ 187.598598] ? perf_trace_lock+0xde/0x920 [ 187.602732] ? trace_hardirqs_on+0x10/0x10 [ 187.606957] ? trace_hardirqs_on+0x10/0x10 [ 187.611179] ? trace_hardirqs_on+0x10/0x10 [ 187.615490] ? find_get_entries_tag+0x1410/0x1410 [ 187.620332] ? perf_trace_lock+0xde/0x920 [ 187.624473] ? zap_class+0x740/0x740 [ 187.628173] ? zap_class+0x740/0x740 [ 187.631868] ? zap_class+0x740/0x740 [ 187.635566] ? shrink_dcache_sb+0x350/0x350 [ 187.639883] ? perf_trace_lock+0xde/0x920 [ 187.644038] ? lock_acquire+0x1e4/0x540 [ 187.647997] ? __fdget_pos+0x1bb/0x200 [ 187.651874] ? zap_class+0x740/0x740 [ 187.655586] ? lock_release+0xa30/0xa30 [ 187.659549] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 187.665169] ? _parse_integer+0x13b/0x190 [ 187.669313] ? perf_trace_lock+0xde/0x920 [ 187.673531] ? _kstrtoull+0x188/0x250 [ 187.677313] ? _parse_integer+0x190/0x190 [ 187.681446] ? zap_class+0x740/0x740 [ 187.685149] ? __check_object_size+0xa3/0x5d7 [ 187.689641] ? lock_acquire+0x1e4/0x540 [ 187.693639] ? get_pid_task+0xd8/0x1a0 [ 187.697511] ? perf_trace_lock+0xde/0x920 [ 187.701647] ? lock_release+0xa30/0xa30 [ 187.705608] ? zap_class+0x740/0x740 [ 187.709321] ? vmf_insert_mixed_mkwrite+0xa0/0xa0 [ 187.714157] ? __f_unlock_pos+0x19/0x20 [ 187.718118] ? lock_downgrade+0x8f0/0x8f0 [ 187.722263] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 187.727790] ? proc_fail_nth_write+0x9e/0x210 [ 187.732272] ? lock_acquire+0x1e4/0x540 [ 187.736237] _do_fork+0x291/0x12a0 [ 187.739764] ? fork_idle+0x1a0/0x1a0 [ 187.743465] ? fsnotify_first_mark+0x350/0x350 [ 187.748044] ? fsnotify+0x14e0/0x14e0 [ 187.751833] ? __sb_end_write+0xac/0xe0 [ 187.755815] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 187.761335] ? fput+0x130/0x1a0 [ 187.764602] ? ksys_write+0x1ae/0x260 [ 187.768389] ? __ia32_sys_read+0xb0/0xb0 [ 187.772437] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 187.777973] __x64_sys_clone+0xbf/0x150 [ 187.781939] do_syscall_64+0x1b9/0x820 [ 187.785832] ? finish_task_switch+0x1d3/0x870 [ 187.790313] ? syscall_return_slowpath+0x5e0/0x5e0 [ 187.795228] ? syscall_return_slowpath+0x31d/0x5e0 [ 187.800156] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 187.805161] ? prepare_exit_to_usermode+0x291/0x3b0 [ 187.810642] ? perf_trace_sys_enter+0xb10/0xb10 [ 187.815300] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 187.820136] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 187.825308] RIP: 0033:0x455ab9 [ 187.828476] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 187.847683] RSP: 002b:00007fc93da34c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 187.855379] RAX: ffffffffffffffda RBX: 00007fc93da356d4 RCX: 0000000000455ab9 [ 187.862633] RDX: 0000000020000240 RSI: 0000000020000140 RDI: 0000000000004000 [ 187.869887] RBP: 000000000072bea0 R08: 00000000200002c0 R09: 0000000000000000 [ 187.877142] R10: 0000000020000280 R11: 0000000000000246 R12: 0000000000000014 [ 187.884398] R13: 00000000004bb85d R14: 00000000004c8d28 R15: 0000000000000026 09:52:00 executing program 0: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x80000000000002, &(0x7f0000000000)=0x78, 0x4) bind$inet(r1, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1=0xe0000001}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000040)='dctcp\x00', 0x7fff) sendto$inet(r1, &(0x7f0000a88f88), 0xfffffffffffffe6e, 0x0, &(0x7f0000e68000)={0x2, 0x4004e23, @local={0xac, 0x14, 0x14, 0xaa}}, 0x10) shutdown(r1, 0x1) 09:52:00 executing program 1: r0 = memfd_create(&(0x7f0000000100)="885d292b00", 0x0) write(r0, &(0x7f0000000080)="a8", 0x1) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x11, r0, 0x0) sendfile(r0, r0, &(0x7f0000000040), 0xff8) sendto$llc(r0, &(0x7f0000000200)="f94b7df5067a5b3c498454d43e3000f1176e6af9be3de2b246a9d4ce6c6ed94cc753e61d0aa712a0142666", 0x2b, 0x24004050, &(0x7f0000000240)={0x1a, 0x32d, 0x7, 0x4, 0x80000001, 0x3ff, @remote={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xbb}}, 0x10) renameat(0xffffffffffffffff, &(0x7f0000000000)='.\x00', 0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00') prctl$seccomp(0x16, 0x1, &(0x7f00000001c0)={0x5, &(0x7f0000000180)=[{0x7f, 0x100000000, 0x9, 0x8}, {0x0, 0x3, 0x6, 0x1}, {0xfffffffffffffff9, 0x5, 0x7, 0x1}, {0x1, 0x40, 0x1, 0x3ff}, {0x2, 0x1, 0x3, 0x484}]}) io_setup(0x9, &(0x7f0000000140)) [ 187.915965] attempt to access beyond end of device [ 187.921068] loop7: rw=2049, want=310, limit=128 [ 187.925802] Buffer I/O error on dev loop7, logical block 309, lost async page write [ 187.977750] attempt to access beyond end of device [ 187.982800] loop7: rw=2049, want=311, limit=128 [ 187.987546] Buffer I/O error on dev loop7, logical block 310, lost async page write [ 187.997853] attempt to access beyond end of device [ 188.002945] loop7: rw=2049, want=312, limit=128 [ 188.007747] Buffer I/O error on dev loop7, logical block 311, lost async page write [ 188.017170] attempt to access beyond end of device [ 188.022389] loop7: rw=2049, want=313, limit=128 [ 188.027143] Buffer I/O error on dev loop7, logical block 312, lost async page write [ 188.040555] attempt to access beyond end of device [ 188.045684] loop7: rw=2049, want=2157, limit=128 09:52:01 executing program 7: syz_mount_image$vfat(&(0x7f0000000140)='vfat\x00', &(0x7f0000000100)='./file0\x00', 0x10001, 0x1, &(0x7f0000000040)=[{&(0x7f0000010000)="eb64c86d6b66732e66617400020441000500077008f8", 0x16}], 0x0, &(0x7f0000000240)=ANY=[]) r0 = open(&(0x7f00000001c0)='./file0/file0\x00', 0x3bffa, 0x0) io_setup(0x7, &(0x7f0000000000)=0x0) write$binfmt_elf32(0xffffffffffffffff, &(0x7f0000000180)=ANY=[@ANYRES64], 0xfffffe45) io_submit(r1, 0x1, &(0x7f0000000400)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r0, &(0x7f00000002c0)="80", 0x1}]) 09:52:01 executing program 0: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x80000000000002, &(0x7f0000000000)=0x78, 0x4) bind$inet(r1, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1=0xe0000001}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000040)='dctcp\x00', 0x7fff) sendto$inet(r1, &(0x7f0000a88f88), 0xfffffffffffffe6e, 0x20000000, &(0x7f0000e68000)={0x2, 0x0, @local={0xac, 0x14, 0x14, 0xaa}}, 0x10) shutdown(r1, 0x1) 09:52:01 executing program 6: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x0, 0x200000000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) munmap(&(0x7f0000ffc000/0x3000)=nil, 0x3000) clone(0x0, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) 09:52:01 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x0, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) r0 = syz_open_dev$mice(&(0x7f0000000040)='/dev/input/mice\x00', 0x0, 0x52000) exit(0x3f) ioctl$VHOST_VSOCK_SET_GUEST_CID(r0, 0x4008af60, &(0x7f0000000080)={@my=0x0}) 09:52:01 executing program 2: r0 = socket$kcm(0x11, 0x2, 0x300) perf_event_open(&(0x7f000025c000)={0x2, 0x41, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f000031f000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000025c000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0) close(r0) 09:52:01 executing program 4 (fault-call:1 fault-nth:39): perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x4000, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) 09:52:01 executing program 0: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x80000000000002, &(0x7f0000000000)=0x78, 0x4) bind$inet(r1, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1=0xe0000001}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000040)='dctcp\x00', 0x7fff) sendto$inet(r1, &(0x7f0000a88f88), 0xfffffffffffffe6e, 0x20000000, &(0x7f0000e68000)={0x2, 0x4004e23, @local={0xac, 0x14, 0x14, 0xaa}}, 0x10) shutdown(0xffffffffffffffff, 0x1) [ 188.230009] FAULT_INJECTION: forcing a failure. [ 188.230009] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 188.242112] CPU: 0 PID: 11061 Comm: syz-executor4 Not tainted 4.18.0-rc5-next-20180720+ #12 [ 188.250620] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 188.259992] Call Trace: [ 188.262610] dump_stack+0x1c9/0x2b4 [ 188.266268] ? dump_stack_print_info.cold.2+0x52/0x52 [ 188.271610] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 09:52:01 executing program 5: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x80000000000002, &(0x7f0000000000)=0x78, 0x4) bind$inet(r1, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1=0xe0000001}, 0x10) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f00000000c0)={0x1, &(0x7f0000f40ff8)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, &(0x7f0000000040)='dctcp\x00', 0x7fff) sendto$inet(r1, &(0x7f0000a88f88), 0xfffffffffffffe6e, 0x20000000, &(0x7f0000e68000)={0x2, 0x4004e23, @local={0xac, 0x14, 0x14, 0xaa}}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000001800)='nv\x00', 0x3) shutdown(r1, 0x1) 09:52:01 executing program 2: r0 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000240)='/proc/self/net/pfkey\x00', 0x0, 0x0) fcntl$setlease(r0, 0x400, 0x0) fcntl$setlease(r0, 0x400, 0x1) [ 188.277179] should_fail.cold.4+0xa/0x11 [ 188.281262] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 188.286395] ? perf_swevent_event+0x2e0/0x2e0 [ 188.290917] ? memset+0x31/0x40 [ 188.294213] ? perf_trace_run_bpf_submit+0x269/0x3b0 [ 188.299352] ? lock_acquire+0x1e4/0x540 [ 188.303357] ? fs_reclaim_acquire+0x20/0x20 [ 188.307701] ? lock_downgrade+0x8f0/0x8f0 [ 188.311877] ? check_same_owner+0x340/0x340 [ 188.315311] FAT-fs (loop7): Directory bread(block 128) failed [ 188.316241] ? perf_trace_lock+0x49d/0x920 [ 188.316265] ? rcu_note_context_switch+0x730/0x730 [ 188.316298] __alloc_pages_nodemask+0x36e/0xdb0 [ 188.333877] FAT-fs (loop7): Directory bread(block 129) failed [ 188.336362] ? __alloc_pages_slowpath+0x2d00/0x2d00 [ 188.336420] ? perf_trace_run_bpf_submit+0x269/0x3b0 [ 188.352393] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 188.357963] alloc_pages_current+0x10c/0x210 [ 188.362396] pte_alloc_one+0x1b/0x1a0 [ 188.366220] __pte_alloc+0x2a/0x3c0 [ 188.369849] copy_page_range+0x1670/0x24c0 [ 188.374107] ? __pmd_alloc+0x530/0x530 [ 188.377988] ? _do_fork+0x291/0x12a0 [ 188.381692] ? __x64_sys_clone+0xbf/0x150 [ 188.385830] ? do_syscall_64+0x1b9/0x820 [ 188.389923] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 188.395283] ? lock_acquire+0x1e4/0x540 [ 188.399247] ? percpu_ref_put_many+0x119/0x240 [ 188.403834] ? lock_downgrade+0x8f0/0x8f0 [ 188.407984] ? anon_vma_fork+0x651/0x960 [ 188.412123] ? lock_downgrade+0x8f0/0x8f0 [ 188.416264] ? lock_release+0xa30/0xa30 [ 188.420231] ? percpu_ref_put_many+0x131/0x240 [ 188.424802] ? rcu_note_context_switch+0x730/0x730 [ 188.429742] ? up_write+0x7b/0x220 [ 188.433273] ? up_read+0x110/0x110 [ 188.436802] ? anon_vma_interval_tree_insert+0x26b/0x300 [ 188.442256] ? anon_vma_clone+0x740/0x740 [ 188.446400] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 188.451413] ? __vma_link_rb+0x2a4/0x3f0 [ 188.455470] copy_process.part.41+0x5ead/0x73d0 [ 188.460156] ? __cleanup_sighand+0x70/0x70 [ 188.464393] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 188.469922] ? perf_tp_event+0x91b/0xc40 [ 188.473983] ? event_sched_in.isra.110+0x78f/0xff0 [ 188.478916] ? perf_swevent_event+0x2e0/0x2e0 [ 188.483412] ? perf_swevent_event+0x158/0x2e0 [ 188.487901] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 188.493428] ? perf_tp_event+0x91b/0xc40 [ 188.497480] ? perf_trace_lock+0x49d/0x920 [ 188.501710] ? perf_swevent_event+0x2e0/0x2e0 [ 188.506202] ? perf_trace_run_bpf_submit+0x269/0x3b0 [ 188.511299] ? perf_trace_run_bpf_submit+0x269/0x3b0 [ 188.516402] ? perf_tp_event+0xc40/0xc40 [ 188.520458] ? perf_trace_run_bpf_submit+0x269/0x3b0 [ 188.525556] ? perf_trace_run_bpf_submit+0x269/0x3b0 [ 188.530650] ? perf_trace_run_bpf_submit+0x270/0x3b0 [ 188.535751] ? perf_tp_event+0xc40/0xc40 [ 188.539809] ? zap_class+0x740/0x740 [ 188.543530] ? perf_trace_run_bpf_submit+0x269/0x3b0 [ 188.548635] ? perf_trace_run_bpf_submit+0x269/0x3b0 [ 188.553734] ? perf_trace_run_bpf_submit+0x270/0x3b0 [ 188.558832] ? perf_tp_event+0xc40/0xc40 [ 188.562892] ? zap_class+0x740/0x740 [ 188.566608] ? memset+0x31/0x40 [ 188.569886] ? perf_trace_lock+0x49d/0x920 [ 188.574113] ? perf_trace_run_bpf_submit+0x269/0x3b0 [ 188.579219] ? zap_class+0x740/0x740 [ 188.582937] ? __check_object_size+0xa3/0x5d7 [ 188.587424] ? memset+0x31/0x40 [ 188.590705] ? zap_class+0x740/0x740 [ 188.594416] ? __f_unlock_pos+0x19/0x20 [ 188.598390] ? lock_downgrade+0x8f0/0x8f0 [ 188.602534] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 188.608068] ? proc_fail_nth_write+0x9e/0x210 [ 188.612554] ? __schedule+0x884/0x1ea0 [ 188.616446] _do_fork+0x291/0x12a0 [ 188.619983] ? fork_idle+0x1a0/0x1a0 [ 188.623705] ? fsnotify_first_mark+0x350/0x350 [ 188.628281] ? fsnotify+0x14e0/0x14e0 [ 188.632082] ? __sb_end_write+0xac/0xe0 [ 188.636055] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 188.641579] ? fput+0x130/0x1a0 [ 188.644851] ? ksys_write+0x1ae/0x260 [ 188.648986] ? __ia32_sys_read+0xb0/0xb0 [ 188.653039] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 188.658583] __x64_sys_clone+0xbf/0x150 [ 188.662569] do_syscall_64+0x1b9/0x820 [ 188.666446] ? syscall_slow_exit_work+0x500/0x500 [ 188.671289] ? syscall_return_slowpath+0x5e0/0x5e0 [ 188.676209] ? syscall_return_slowpath+0x31d/0x5e0 [ 188.681132] ? prepare_exit_to_usermode+0x291/0x3b0 [ 188.686139] ? perf_trace_sys_enter+0xb10/0xb10 [ 188.690808] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 188.695673] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 188.700851] RIP: 0033:0x455ab9 [ 188.704030] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 188.723400] RSP: 002b:00007fc93da34c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 188.731104] RAX: ffffffffffffffda RBX: 00007fc93da356d4 RCX: 0000000000455ab9 [ 188.738371] RDX: 0000000020000240 RSI: 0000000020000140 RDI: 0000000000004000 [ 188.745641] RBP: 000000000072bea0 R08: 00000000200002c0 R09: 0000000000000000 [ 188.752910] R10: 0000000020000280 R11: 0000000000000246 R12: 0000000000000014 [ 188.760167] R13: 00000000004bb85d R14: 00000000004c8d28 R15: 0000000000000027 09:52:01 executing program 2: mkdir(&(0x7f0000000240)='./file0\x00', 0x0) mount$bpf(0x20000000, &(0x7f0000000100)='./file0\x00', &(0x7f0000000140)='bpf\x00', 0x2001001, &(0x7f0000000000)=ANY=[@ANYBLOB='/']) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f00000001c0)={0xffffffffffffff9c}) sendmsg$kcm(r0, &(0x7f0000001840)={&(0x7f0000000280)=@pppoe={0x18, 0x0, {0x1, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, 'syzkaller1\x00'}}, 0x80, &(0x7f0000000700)=[{&(0x7f0000000300)="0b2863a8d3641bb9f185c33bce9c1095d81fc47580f653a2d57f5259d912d4d572547b0b56aa28ed032657056784c1d24bec9a345bfdcd87c9a459bc97c56b77c8149df90452618fb292b21108451d57cc4241c4ed8588488666f20a", 0x5c}, {&(0x7f0000000380)="34e8a4744fc54fd9d68bc255d4055b11d280efc96eb3066af400f1a3bebc0cab0c8cab94dcdb0f2b3841ce9f20b13d7ce751f58eb7b7d5426f7a00de6bc00d90c95431b0d71b0b71053406cdf0fbcff0ffb587f1a1539479ea0b8f7e276a3f270281c7094df5010803c4834ce39b7cfb1ccc3248be61ab01b470d8aea8b0321dcfb6ff86828282693daaaa9f27b007c335de5c8bb11fe18545aa82f4e8d819136052e92724e482db6faa5f7cc9bd11e03e57c150fe26c0a030fee9049c416ece4aeee1508138728d", 0xc8}, {&(0x7f0000000500)="3ce1aca447658ca74fdc71f94638a6d745b3f64d88c803b9e215b4ca549a628ab5fae029b68f6573ba016f0fb667165a61cff19bb499acb23832223fe401a04788943bc25a9a2da24908ea2676d17d88e65ac05182a3787dd47c0463bce367fca4661cc80a82642f40860151db72663111304d10deae91c392632b9edd4edd187acca12ffa0b201b65694b95cee6187aa074b00b3a56932c8376499cdad22eb8d83dcad9b8762b2fb50b7c6003dac06c0176b5a718f827ea45c8244898b01fcc35a98f95d17876b5424ebf", 0xcb}], 0x3, &(0x7f0000000780)=[{0x1010, 0x109, 0xc90a, "dd8a3a7f7a365ee0d7b9c20f833a6a1308ce1fddb2ed01e451845225517874f0a857a8639f59011ef3f549c093bb7d12f7b01c0a13aeea1a8b7f7c582310370b0a8999b2da77e74e3bd866589d62b3b34508cf8446d532ec5d9cae9573dcdffaedc0d6009a8f3e5f0239f8592cc61513ee3049f7a6b5c1bd69800f1fb20188fab3006a4638bf92cc20ebc29e0d225740cf4a124017ba1af632f98cf1cc39dd5d536950d9e7ae29555c276bcd7c9e9021d4af8cf28d59a6cc39ac021e10c902c875d34fdeec217fc7089b3f548d8842537d2d6ec09e7ace890330629696390cba8d0890646ce9fddd8418adecea811533a7814f444a0b571f31b4e827efcd7504d1b7befdebc95753f5bd7360912d62ca37e1edf762e2320247f482cd91e869ab9a0a20fb50181e13149f9431d3e23b0754d3f686b27d717bea942543ccb3d7e27b4246ebf02c298a8f3c8ab7aeb73dba8254257384092fc08c06b21ecfc89268bfc268d35e064134631343c78d9ac725c312086eb1ba5c740992cecad2a27c5761ae5516903f08ceac5a2beb302a7f94f74cb0daf3214762da4d5f47b5b6f0243612c2808e0327bf105d5ab53a5b0e7dfe4bb778fd5612533f78ac19b0d7a6bb62a73de4fafda7fa51a2bf986fe457a73e197931c999171d5d9468189fab600292a5b4ba03014a0c4568058d3fca5d3c813b842cc567db324e7f438a6f224f79a9568be01ed963577d085f25826866d85a696a39a56e1efb45c182f9e90196db6ea3e5063c37eb823b26fb57669274032c480ff39ecccd45254df06993cf579a17b41c6196491aeba1b8e9c516877da47a025c92ba5dc725ac6d293f9ba4721a45bdd4a0aae3e907794f15365939dc9b37df9f1ac060eb93b8b638943f028a6f7d6b76a8c8b2d84f6a525362854fb573087eb869c57a5a934e28b34ffc68368a1d90fe8a51db70823a40a6fcaa686a352d05970856c1f0845bbef2cd921a56fb3dd54c51073cb6158d38d1d8e0c5ea94ecab9ee499bcba117b60c1719af8df0ba8a85fb2f05b6637081f33763af7eb2f4da4e5cc751ef87d05d15ad2c71c27b1a5d2146bdaefbd385aba4cc029ff4423293548183ac4a69d037f2770ef8431dbabaa48575a25352797841610812b551409dd6383800ac1efb29ebd9190734d020bbcac7bdc9ba9515dd339daeaa802ff1b67f8666dee684ba08ae0d9928c8b4e5b3800485c12b1bde320cdbb6dfe6fa9fc33b53682dce530fbfc1ca71fc3e576a557daef33df73ff324ce70c777b0adf4373f228263a2ec3e3909620165d3131b54f6aa895ee05ead0d8df62063923b9de43048393819bfc89ed5f76c53dd12af895d9f60f98f553989f8680685940190d4644fd0b63b1bfa75c03a37b5d1d4b4341c22f23a28b666ca74cf29c1a8cd657598253d337bd40856867e92c2b1c2242102574cf9cdd08da6087952ed59926fd5c4a12c2ed43fdb006d4fd97cfbba6ca661a4316e1bff73fc2189754462c6ff525db11f0714392bbff9cb6bbe12ee8b9be976785cb160658b72bfc5ceeafce3d90e972e3b8cef7d1a05ea9fc3a22ab55a7471640d145e55400af6242f964e6b8c571a5b67b0ef67f6519b6bc04dade4de239f16d6e5e2157f653833993c611bfb54a78bb0024994d22b57bdbcf1522935fd589714026d07bcd55ada79301ab3312e224065d14b157f9187b0679546876b3e3ae667d88154c9e24b8afa1d8080997af9956fa2bad0ad034c583f3c8bd8583ef0db0e4b21c12fbbe89f330d126c9fbaa87aa7e36d98f1ff6485ad2a4aa6756e4d42e44baf8802b65125297614927d9197b36c02139c7cd2e19af84d0d7fb49ae524e7902d03582dfb5c38164a752694ab3ffd0f33a580134b38f3351d41855d7cb6c56a84cb2ef75d7ada7117b8d9f8a0c867d481cd8b28af218839f55a151fcc461a0f128b21d6087a8405d4be19ebf81dbe66f48657b709ee773d51090011ccbcbeca2a57a95759be21219e3bcb166bafc2f5d11bf1488e4f68795d2cd6c3027146452816d86fca024dece31898bc64277d98cc65a5ca6e83933e25ce4345a3e37b71bf7d225b485797622519b2ce9668b4cae83116846437c94187e5fe386e378cafa5dfaf1ddac408dd20c3177ac1547dea896aca81bd5e62461867633a44075af6806b16f81fd827d8b83ed6bda7856ca4143e5e0a22a4f23c159de00cf28142b14b9d94d4d9672f09ede1e4047bab50038aa2d38265a12e0cca7e914986e558a375fe2a4f3d0cd1c0aa92d9ba8ab032a962db41ad8a202c9c9548cb31359a96386237c5f48b8c7b2aa9cb1eb63beb1a49da22f861af75764e728b2fbe1d5639bdeae0b7e13c4e513e3ca356c120d3d0e7f5ea4174b317d11fad2a15418ec851235b5c9ea10e4d3a655d262b7de13e0e35c2322cb2ff9da468a23d8d0a20614bdbfe1c60abee9e19d199b2256da11ba45ae9a5debdc718a53557033d51d57d4ea6d067a65eb80d642a5d833aa5c42e39c644780af6db97b56b0656b06001d566daf24630156c369e7cf95995858aa9e8961c000c9eb8876d7e60237d11941f6dedf8de2099952cc272bcaf08e9a26223fd91e8a0d13d1893bad24620d4df79f681d4aa5ecc1198ae30796a2949b42ec8b63c77ed9ed4ea272c67100126fd6efbe221759192c2a396412f12da52f4a19cb9d4df0ab79f83d988aa6e6603db237b375d3240e3bdd79bb0b3a91fcafe0a656d636b03f31a2f837e8fb1f0d387f63e55a324e1aeff8d88e8d88722b619f69ce2f0e6853dd296872fbf7245e7b40b4d10b0e418353d83a37926bc198527eed8306245d36a9a65db6adaa9c3e21a5fd5cea2830d286bf84a33712219a8f198732fb2c1b0249e2076c14734464d270a7361ed1cd7d4f9197498739f1324978f7e33409800ae98ff64b44b4c9f4978f62ba8033e6b54f65ff9928822e2038a48da462f1f6294d15e6e5a58bae777113f11d9dd31067b9545f5b47de9c0e2295d647ffc9f3c1c1a83eec6a7dca47d411f155921536ffd670cb2ef6b4dcda8ac6a0310208f7fb447c4efbbdf1f2fdcd43762e84769a3e41ece8db77a8e62d1af3b3705da20c4b684dbe4662f44e296b056bdeb6b8dba410ffbf02e01697c7b83ba9fa130f4c26bcf2c2a2e2193b86850a03f0f1ac6eb00ca5dc120fade2881d2de451733b955b7baa3c225f4467a36db619cb3211a370fb8eb94081e316af4b5fb47dbb8f407b0403d07f76d9663a86152cbde8c4172ce61c885d3f772b2277b2530459419dfd772ad8226d5f0a94385d35b7c4fa143ff4cb2d10e7660aa40551d41054dd1fc326dab9540a5c574c780d8efbabdc57e1a924588cbdd9350ab955b056641d837d2034aa0fc1b3e59c2c7903856b63cb4a842a8f0e8203d623f2739a521592df22884d47b2302d85f61b80a480bee512914d11a379c5ad7f8d24f0824f4c0f84ad0fca2895ffd9b53325b95cd0bb038fce65f331c6dc0588ea6c5791cfa53491c9f2b3728574e128069ea8facc116c297951f656d49310be6ad09fd5a03de257e7a9493d66b8f60d203a55e05a249849d039f466485cf0411684140def02e251d413f3c6a13ca1f04f2eaf440faf09aa3074dd925d07e805c7d9f0e35bcb5018f4554e8f845463d5a7622b845f129bc4f1d6b1616b8e2ff75c1226e03bdc2231bde55182dbbb83a52c4a03aebf3984b0a682ab7df0662bf6e665ff3f8a28c6dfa0c4b1906c00013d087a608ccf28329bd30fb87e3148b3e52e15245c378feb6db5da7a76d4c24cf86db3542d1b86fc472f8787e770345f4ebe9aa9250772b40e5fa634f649047425f1a0160d1f235c773d016e266f749be8d8c8fb015b99afc45176a3e09c44a74c5dfc5ead23e5dc346839bee1693951bbb2cd3fd9fcd409686ef59ff114c6860e8cad46cd5a17d72098d49124b50e9e232713edc53efc31e3b21ef83ac93dab1aac1ceff2c3a8de8661d4d2f6a6b8d369a98ad8a9571efc306722367f7576436e8ad2dce0d5083a01249a31619f3137ebf3d4477df79aa8f63f9c13d3c1aff5d265132cf1134d7f922c4c9f9203bed232f18bfe806a4e7a00b5a9532bf3cacc667cfc92bc274e40f2c6bd4c0ed0e32c24b5bbce64e610c63012fde8daec9152471e8c4bdc2132a32b6280078b5d3accf0fdbf886582f9a5bf6e0940dbf1cc8babc7cb29a5d0e4c996b883fec1b3223a7edf47516c713da7d99872ac7de7235a381551cb816cbe65f9487b06b162a01acb3ed197b1c2b5c4febcb680701297bf47d73271bf98e2e79ab57f9919b7c24513327c3096196a9b852f63fc27248ec4d249e170bd81418cff49a650be17cec6958604adbf98f839a7781446576b87e0da075285a4bbc44876825d790a138535ad3e2aa87d1db75f22ab6dd89819963e572648b5a1a28fe4783033025c2fb2f00c567a201bf4f59e54a5201241cfa5af2161a0cf0e3073f8aa74923cb132dbcf94406ce0ed8878673547154dd06234b9d387e03f2e7781d4b706c35f53681c89af5a446d87b843636110b302e346e1dff93a016e479f07aa4b41198731421dc37211c70bb3ce96c36a5a69146bc2b56042f93fd32094a3d87ae950f1ddc69b08884d3aad0310582c1ad4c3f2da74ae98887e93feb237befcf486449ef1a472e67ee2805779314df14641ea75e31d2be737b3488950ba76e1d9869e896c9cbf779c9b44e2cb573006dd75ec86ec02bf1b2492e4b1d0a4742da2e137f6af91bc4392a7462c8278c42cb66b224f8dd09993c15b85f80394f4d7f8f63c928da6b8b9666b140ef39ed3739697296ecb99dbcd9c28466ce3c3d37cff287716b9f9a20e58ac3949272d2ca460cdaa12b128764a5a661d4db5f6c27a8bcf7976ec029920aca7ce5e36c8207814531a9721025eefeec2863680d438d58fadb04606a11813d0843982d89619075ff595457bfb0f84406ea38433020e888927a777e44feed915fec7a4b9305ad4ea78d12bdd6f19e327159916ce35b4838e9adb4f5014409f964707f881acdc7d6afec71f8fbd301dad490c26285dfbe4a9ca3fab290558aac67f05b5fb8d6150794b321b7190f6f88ded67c64f8abc2a4f597c9ee98c1d8a59f5299574866973ea5961a7084751031ac51906c4645f5ee135053b064f16adc63d8b1b126d2f7a075bf363b61b6a8a0348dbd28f352ad2bc3ce7e7869a607153a1d50504dcfd7bf5146ecf8141d97d16aa31dd04eb75a227bd47b526375d2388840e9a6a6d56e425f9a7128f8340f146f55d7000c6ac99a8485676c7d3f36a4668e3a22b76728c7bb0c0f115ab513974715447b24c8fc47bf231467756cba3c4ad4e910dab6944d09e7478da1808c160f53df51c3a0512daaed72494faf8c93d6b8220cf11981594429dbf9531f439d997b54e98885628bf8485f962ad81a22f7554bff4be21653f13deab6dde659ba30653254a9f66dc39ca3d10e20c997f46c79b6ad6a8b6d7fe134b56129724a509ecf4dccd32825df92ef7524c7a2dcfe69b1d92381255a6a0ccabe85932374e610fc7dbd6884f0800a5e45f0076930725472aa62ac03c0748a9c3d4ea45b584033852a6a97909a05c2c0a1e613d846c255dd6b355c9172c0e490cd485bfcb1e7e0d7d112e5f454edb628b34b8483ca75c5a03510ed4394330d1b62210a2a190938cd5c665fef272b4f3c67aeab8b9a9e5aebb7b74def1ef912504e36eeea02509e1fa0487cf26f4134a15617a7438b5692f5473be3db31a66f546f927f2e9e6"}], 0x1010, 0x4000840}, 0x24008004) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.net/syz1\x00', 0x1ff) mount$bpf(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='bpf\x00', 0x80020, &(0x7f0000000180)) 09:52:01 executing program 6: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x0, &(0x7f00000002c0)="af33ff7607b262ac1d19160f932db7b0e9284673974369d91ddfbc1b166db416264f57f953952b2def562e4a282d690433aaf1db1ec0c0a311f4dac1b16c9f789ae7d20e1f732356a494ec0000004018000000d0253da1a131bbf3d2b9ad5ec43609a3017f1dcdf9aa0285494de0062f0270178733814e32cb978b6a85e17af7b12fe42b974a48d6bd21acde2b3b63a287994250e4014944ee89d1268986a53c7d1cc4bc3a42950a93fde50e315b588d88cefd3884faa1039331d66a186824169eea446b55a22d11f4f6450dd70a063945640ce9e29b7529205963af0cf7667efb39954cc953411dd009bf472ce9e3d8f46cca2322f5210000000000000000000000000000", &(0x7f0000000240), &(0x7f00000000c0), &(0x7f0000000080)) [ 188.770901] audit: type=1326 audit(1532080321.177:3): auid=4294967295 uid=0 gid=0 ses=4294967295 pid=11029 comm="syz-executor1" exe="/root/syz-executor1" sig=9 arch=c000003e syscall=202 compat=0 ip=0x455ab9 code=0x0 [ 188.798434] FAT-fs (loop7): Directory bread(block 130) failed [ 188.814766] FAT-fs (loop7): Directory bread(block 131) failed [ 188.822950] FAT-fs (loop7): Directory bread(block 132) failed 09:52:01 executing program 1: r0 = memfd_create(&(0x7f0000000140)='eth0!\x00', 0x0) write(r0, &(0x7f0000000080)="a8", 0x1) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x11, r0, 0x0) sendfile(r0, r0, &(0x7f0000000040), 0xff8) renameat(0xffffffffffffffff, &(0x7f0000000000)='.\x00', 0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00') [ 188.829525] audit: type=1326 audit(1532080321.742:4): auid=4294967295 uid=0 gid=0 ses=4294967295 pid=11029 comm="syz-executor1" exe="/root/syz-executor1" sig=9 arch=c000003e syscall=202 compat=0 ip=0x455ab9 code=0x0 [ 188.850404] FAT-fs (loop7): Directory bread(block 133) failed [ 188.856553] FAT-fs (loop7): Directory bread(block 134) failed [ 188.862679] FAT-fs (loop7): Directory bread(block 135) failed [ 188.868887] FAT-fs (loop7): Directory bread(block 136) failed 09:52:01 executing program 4 (fault-call:1 fault-nth:40): perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x4000, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) [ 188.880960] FAT-fs (loop7): Directory bread(block 137) failed [ 188.889826] EXT4-fs (sda1): re-mounted. Opts: [ 188.905172] FAULT_INJECTION: forcing a failure. [ 188.905172] name failslab, interval 1, probability 0, space 0, times 0 [ 188.916484] CPU: 1 PID: 11084 Comm: syz-executor4 Not tainted 4.18.0-rc5-next-20180720+ #12 09:52:01 executing program 6: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x0, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) iopl(0x0) sigaltstack(&(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000040)) 09:52:01 executing program 2: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x0, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) [ 188.924974] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 188.934331] Call Trace: [ 188.936930] dump_stack+0x1c9/0x2b4 [ 188.940569] ? dump_stack_print_info.cold.2+0x52/0x52 [ 188.945772] ? perf_trace_lock+0xde/0x920 [ 188.950110] should_fail.cold.4+0xa/0x11 [ 188.954188] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 188.959295] ? percpu_ref_put_many+0x131/0x240 [ 188.963874] ? mem_cgroup_id_get_online+0x310/0x310 [ 188.968883] ? check_same_owner+0x340/0x340 [ 188.973204] ? rcu_note_context_switch+0x730/0x730 [ 188.978129] ? lock_acquire+0x1e4/0x540 [ 188.982105] ? fs_reclaim_acquire+0x20/0x20 [ 188.986424] ? lock_downgrade+0x8f0/0x8f0 [ 188.990562] ? check_same_owner+0x340/0x340 [ 188.994883] ? rcu_note_context_switch+0x730/0x730 [ 188.999800] __should_failslab+0x124/0x180 [ 189.004024] should_failslab+0x9/0x14 [ 189.007823] kmem_cache_alloc+0x2af/0x760 [ 189.011973] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 189.017510] ptlock_alloc+0x20/0x80 [ 189.021131] pte_alloc_one+0x6b/0x1a0 [ 189.025796] __pte_alloc+0x2a/0x3c0 [ 189.029422] copy_page_range+0x1670/0x24c0 [ 189.033647] ? kernel_text_address+0x79/0xf0 [ 189.038041] ? __kernel_text_address+0xd/0x40 [ 189.042526] ? save_stack+0xa9/0xd0 [ 189.046144] ? __pmd_alloc+0x530/0x530 [ 189.050032] ? _do_fork+0x291/0x12a0 [ 189.053731] ? __x64_sys_clone+0xbf/0x150 [ 189.057867] ? do_syscall_64+0x1b9/0x820 [ 189.061927] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 189.067279] ? lock_acquire+0x1e4/0x540 [ 189.071238] ? percpu_ref_put_many+0x119/0x240 [ 189.075804] ? lock_downgrade+0x8f0/0x8f0 [ 189.079940] ? anon_vma_fork+0x651/0x960 [ 189.083986] ? lock_downgrade+0x8f0/0x8f0 [ 189.088122] ? lock_release+0xa30/0xa30 [ 189.092090] ? percpu_ref_put_many+0x131/0x240 [ 189.096658] ? rcu_note_context_switch+0x730/0x730 [ 189.101588] ? up_write+0x7b/0x220 [ 189.105111] ? up_read+0x110/0x110 [ 189.108636] ? anon_vma_interval_tree_insert+0x26b/0x300 [ 189.114076] ? anon_vma_clone+0x740/0x740 [ 189.118211] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 189.123212] ? __vma_link_rb+0x2a4/0x3f0 [ 189.127263] copy_process.part.41+0x5ead/0x73d0 [ 189.131928] ? __cleanup_sighand+0x70/0x70 [ 189.136148] ? lock_release+0xa30/0xa30 [ 189.140106] ? xas_descend+0x20c/0x5f0 [ 189.143979] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 189.148980] ? check_pgprot+0xdf/0x180 [ 189.152852] ? put_page+0x280/0x280 [ 189.156464] ? kasan_check_write+0x14/0x20 [ 189.160698] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 189.166233] ? alloc_set_pte+0xaf6/0x1790 [ 189.170374] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 189.175380] ? filemap_map_pages+0xca2/0x1990 [ 189.179873] ? trace_hardirqs_on+0x10/0x10 [ 189.184094] ? xa_set_tag+0x40/0x40 [ 189.187707] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 189.192719] ? visit_groups_merge+0x541/0x6c0 [ 189.197236] ? trace_hardirqs_on+0x10/0x10 [ 189.201466] ? trace_hardirqs_on+0x10/0x10 [ 189.205688] ? find_get_entries_tag+0x1410/0x1410 [ 189.210517] ? visit_groups_merge+0x6c0/0x6c0 [ 189.215187] ? perf_trace_lock+0xde/0x920 [ 189.219320] ? zap_class+0x740/0x740 [ 189.223023] ? zap_class+0x740/0x740 [ 189.226724] ? zap_class+0x740/0x740 [ 189.230423] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 189.235963] ? __perf_event_task_sched_in+0x24f/0xbb0 [ 189.241136] ? perf_trace_lock+0xde/0x920 [ 189.245269] ? lock_acquire+0x1e4/0x540 [ 189.249229] ? __fdget_pos+0x1bb/0x200 [ 189.253111] ? zap_class+0x740/0x740 [ 189.256809] ? lock_release+0xa30/0xa30 [ 189.260769] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 189.266304] ? _parse_integer+0x13b/0x190 [ 189.270438] ? perf_trace_lock+0xde/0x920 [ 189.274569] ? _kstrtoull+0x188/0x250 [ 189.278360] ? _parse_integer+0x190/0x190 [ 189.282507] ? zap_class+0x740/0x740 [ 189.286220] ? __check_object_size+0xa3/0x5d7 [ 189.290704] ? lock_acquire+0x1e4/0x540 [ 189.294664] ? get_pid_task+0xd8/0x1a0 [ 189.298538] ? perf_trace_lock+0xde/0x920 [ 189.302671] ? lock_release+0xa30/0xa30 [ 189.306630] ? zap_class+0x740/0x740 [ 189.310343] ? vmf_insert_mixed_mkwrite+0xa0/0xa0 [ 189.315284] ? __f_unlock_pos+0x19/0x20 [ 189.319242] ? lock_downgrade+0x8f0/0x8f0 [ 189.323381] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 189.328904] ? proc_fail_nth_write+0x9e/0x210 [ 189.333387] ? lock_acquire+0x1e4/0x540 [ 189.337354] _do_fork+0x291/0x12a0 [ 189.340883] ? fork_idle+0x1a0/0x1a0 [ 189.344595] ? fsnotify_first_mark+0x350/0x350 [ 189.349173] ? fsnotify+0x14e0/0x14e0 [ 189.352978] ? __sb_end_write+0xac/0xe0 [ 189.356952] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 189.362473] ? fput+0x130/0x1a0 [ 189.365742] ? ksys_write+0x1ae/0x260 [ 189.369541] ? __ia32_sys_read+0xb0/0xb0 [ 189.373588] ? syscall_slow_exit_work+0x500/0x500 [ 189.378416] __x64_sys_clone+0xbf/0x150 [ 189.382378] do_syscall_64+0x1b9/0x820 [ 189.386247] ? finish_task_switch+0x1d3/0x870 [ 189.390725] ? syscall_return_slowpath+0x5e0/0x5e0 [ 189.395640] ? syscall_return_slowpath+0x31d/0x5e0 [ 189.400563] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 189.405572] ? prepare_exit_to_usermode+0x291/0x3b0 [ 189.410574] ? perf_trace_sys_enter+0xb10/0xb10 [ 189.415227] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 189.420088] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 189.425270] RIP: 0033:0x455ab9 [ 189.428441] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 189.447645] RSP: 002b:00007fc93da34c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 189.455340] RAX: ffffffffffffffda RBX: 00007fc93da356d4 RCX: 0000000000455ab9 [ 189.462703] RDX: 0000000020000240 RSI: 0000000020000140 RDI: 0000000000004000 [ 189.469966] RBP: 000000000072bea0 R08: 00000000200002c0 R09: 0000000000000000 [ 189.477231] R10: 0000000020000280 R11: 0000000000000246 R12: 0000000000000014 09:52:02 executing program 7: syz_mount_image$vfat(&(0x7f0000000140)='vfat\x00', &(0x7f0000000100)='./file0\x00', 0x10001, 0x1, &(0x7f0000000040)=[{&(0x7f0000010000)="eb64c86d6b66732e66617400020441000500077008f8", 0x16}], 0x0, &(0x7f0000000240)=ANY=[]) r0 = open(&(0x7f00000001c0)='./file0/file0\x00', 0x3bffa, 0x0) io_setup(0x7, &(0x7f0000000000)=0x0) write$binfmt_elf32(0xffffffffffffffff, &(0x7f0000000180)=ANY=[@ANYRES64], 0xfffffe45) io_submit(r1, 0x1, &(0x7f0000000400)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r0, &(0x7f00000002c0)="80", 0x1}]) [ 189.484496] R13: 00000000004bb85d R14: 00000000004c8d28 R15: 0000000000000028 [ 189.504629] attempt to access beyond end of device [ 189.509674] loop7: rw=2049, want=310, limit=128 09:52:02 executing program 0: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x80000000000002, &(0x7f0000000000)=0x78, 0x4) bind$inet(r1, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1=0xe0000001}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000040)='dctcp\x00', 0x7fff) sendto$inet(r1, &(0x7f0000a88f88), 0xfffffffffffffe6e, 0x20000000, &(0x7f0000e68000)={0x2, 0x4004e23, @local={0xac, 0x14, 0x14, 0xaa}}, 0x10) shutdown(0xffffffffffffffff, 0x1) 09:52:02 executing program 4 (fault-call:1 fault-nth:41): perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x4000, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) [ 189.616216] FAT-fs (loop7): Directory bread(block 128) failed [ 189.648213] FAT-fs (loop7): Directory bread(block 129) failed 09:52:02 executing program 2: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x0, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) [ 189.670760] FAT-fs (loop7): Directory bread(block 130) failed [ 189.692659] FAT-fs (loop7): Directory bread(block 131) failed [ 189.709865] FAT-fs (loop7): Directory bread(block 132) failed 09:52:02 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f0000000040)={0xffffffffffffff9c}) getsockopt$inet_sctp6_SCTP_GET_PEER_ADDR_INFO(0xffffffffffffff9c, 0x84, 0xf, &(0x7f0000000080)={0x0, @in6={{0xa, 0x4e20, 0x8, @loopback={0x0, 0x1}, 0x7}}, 0x2e, 0x8, 0x6, 0xff, 0x200}, &(0x7f0000000140)=0x98) getsockopt$inet_sctp6_SCTP_MAXSEG(r0, 0x84, 0xd, &(0x7f0000000200)=@assoc_value={r1, 0x8}, &(0x7f00000002c0)=0x8) clone(0x0, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) 09:52:02 executing program 6: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x4040000, &(0x7f0000000380)="91874b3d372d526e97880a68ac6d528c25031d9ffad227b9c66d3a3e9182a6cf189567a8784491c54af5e49c568321fcf350ac4976c19a9e68b8a23847157fea0faf77d05bed624fbc76fe5b230b77389c1c31d14e9ed6cda205148a7e33a1be8554abc89d4f9081ace6a6ca051832785e457f2d316ea6bbca200b5e2639a34858df4d0ca76271cb0aa006ce68f7a2c9f9039c8af608930a7b7a9877fda083c40c8bb58ba42481ca84375cb118b64acaa35a0b28e164140f7ec2599427a4a7f10858fd3e858651fbffce86f4283d91668ff35bc05fe8f1c2adc1149e22794be6020f84ddd8ba4e1101c96011c1cca281c84bd2018d7c3e", &(0x7f0000000240), &(0x7f0000000540), &(0x7f0000000500)) mprotect(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x8) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000040)='/dev/hwrng\x00', 0x1a3140, 0x0) getsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(0xffffffffffffffff, 0x84, 0x13, &(0x7f0000000080)={0x0, 0x2}, &(0x7f00000000c0)=0x8) getsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(0xffffffffffffff9c, 0x84, 0x76, &(0x7f0000000100)={0x0, 0x8}, &(0x7f0000000140)=0x8) getsockopt$inet_sctp6_SCTP_STATUS(r0, 0x84, 0xe, &(0x7f00000002c0)={r1, 0x7, 0x0, 0x7ff, 0x3f, 0x2, 0x73, 0x8000, {r2, @in6={{0xa, 0x4e22, 0x1, @loopback={0x0, 0x1}, 0xed3}}, 0x3, 0x4, 0x100000001, 0x0, 0x2}}, &(0x7f0000000200)=0xb0) [ 189.733651] FAT-fs (loop7): Directory bread(block 133) failed [ 189.751160] FAT-fs (loop7): Directory bread(block 134) failed 09:52:02 executing program 5: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x80000000000002, &(0x7f0000000000)=0x78, 0x4) bind$inet(r1, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1=0xe0000001}, 0x10) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f00000000c0)={0x1, &(0x7f0000f40ff8)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, &(0x7f0000000040)='dctcp\x00', 0x7fff) sendto$inet(r1, &(0x7f0000a88f88), 0xfffffffffffffe6e, 0x20000000, &(0x7f0000e68000)={0x2, 0x4004e23, @local={0xac, 0x14, 0x14, 0xaa}}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000001800)='nv\x00', 0x3) shutdown(r1, 0x1) [ 189.774473] FAT-fs (loop7): Directory bread(block 135) failed [ 189.801827] FAT-fs (loop7): Directory bread(block 136) failed [ 189.812277] FAT-fs (loop7): Directory bread(block 137) failed 09:52:02 executing program 1: r0 = memfd_create(&(0x7f0000000280)="090091535ac3683c9320b2ff74f31eef86066e9f68ba833257295acffc46cd54c4c2f09cbb964a6f81176ec65431bb9bed9dfc9802eea75fc5de6c59ac5b5f03f85406a25a2e87a4a81268d8ea0e8eb67f5950a5842fdd361eca20a1f57772debbdede648fbf09cebc894d3d7462afa48fd50dd216eae2b7330b62f746ebd034e55b317509c6c438ca19db7cf3", 0x1) write(r0, &(0x7f0000000080)="a8", 0x1) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x11, r0, 0x0) ioctl$EVIOCGNAME(r0, 0x80404506, &(0x7f0000000180)=""/174) sendfile(r0, r0, &(0x7f0000000040), 0xff8) ioctl$KVM_SET_USER_MEMORY_REGION(r0, 0x4020ae46, &(0x7f0000000140)={0x10201, 0x1, 0x0, 0x1000, &(0x7f0000ffc000/0x1000)=nil}) msync(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x6) fsync(r0) renameat(0xffffffffffffffff, &(0x7f0000000000)='.\x00', 0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00') [ 189.858246] attempt to access beyond end of device [ 189.863272] loop7: rw=2049, want=310, limit=128 [ 189.878718] FAULT_INJECTION: forcing a failure. [ 189.878718] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 189.890641] CPU: 0 PID: 11118 Comm: syz-executor4 Not tainted 4.18.0-rc5-next-20180720+ #12 [ 189.899170] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 189.908613] Call Trace: [ 189.911226] dump_stack+0x1c9/0x2b4 [ 189.914886] ? dump_stack_print_info.cold.2+0x52/0x52 [ 189.920099] ? lock_downgrade+0x8f0/0x8f0 [ 189.924300] should_fail.cold.4+0xa/0x11 [ 189.928387] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 189.933525] ? perf_trace_run_bpf_submit+0x270/0x3b0 [ 189.938658] ? perf_trace_run_bpf_submit+0x269/0x3b0 [ 189.943785] ? perf_trace_run_bpf_submit+0x270/0x3b0 [ 189.948952] ? lock_acquire+0x1e4/0x540 [ 189.952941] ? fs_reclaim_acquire+0x20/0x20 [ 189.957285] ? lock_downgrade+0x8f0/0x8f0 [ 189.961458] ? check_same_owner+0x340/0x340 [ 189.965792] ? perf_trace_lock+0x49d/0x920 [ 189.970052] ? rcu_note_context_switch+0x730/0x730 [ 189.975015] __alloc_pages_nodemask+0x36e/0xdb0 [ 189.979710] ? __alloc_pages_slowpath+0x2d00/0x2d00 [ 189.984739] ? fs_reclaim_acquire+0x20/0x20 [ 189.989074] ? lock_downgrade+0x8f0/0x8f0 [ 189.993241] ? lock_release+0xa30/0xa30 [ 189.997253] ? lock_acquire+0x1e4/0x540 [ 190.001242] ? copy_page_range+0x159a/0x24c0 [ 190.005655] ? lock_downgrade+0x8f0/0x8f0 [ 190.009835] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 190.015375] alloc_pages_current+0x10c/0x210 [ 190.019789] pte_alloc_one+0x1b/0x1a0 [ 190.023586] __pte_alloc+0x2a/0x3c0 [ 190.027207] copy_page_range+0x1670/0x24c0 [ 190.031463] ? __pmd_alloc+0x530/0x530 [ 190.035340] ? _do_fork+0x291/0x12a0 [ 190.039047] ? do_syscall_64+0x1b9/0x820 [ 190.043100] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 190.048458] ? lock_acquire+0x1e4/0x540 [ 190.052425] ? percpu_ref_put_many+0x119/0x240 [ 190.057001] ? lock_downgrade+0x8f0/0x8f0 [ 190.061160] ? anon_vma_fork+0x651/0x960 [ 190.065226] ? lock_downgrade+0x8f0/0x8f0 [ 190.069371] ? lock_release+0xa30/0xa30 [ 190.073357] ? percpu_ref_put_many+0x131/0x240 [ 190.077943] ? rcu_note_context_switch+0x730/0x730 [ 190.082885] ? up_write+0x7b/0x220 [ 190.086415] ? up_read+0x110/0x110 [ 190.089960] ? anon_vma_interval_tree_insert+0x26b/0x300 [ 190.095428] ? anon_vma_clone+0x740/0x740 [ 190.099571] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 190.104583] ? __vma_link_rb+0x2a4/0x3f0 [ 190.108654] copy_process.part.41+0x5ead/0x73d0 [ 190.113346] ? __cleanup_sighand+0x70/0x70 [ 190.117575] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 190.123110] ? perf_tp_event+0x91b/0xc40 [ 190.127162] ? xas_descend+0x20c/0x5f0 [ 190.131048] ? perf_swevent_event+0x2e0/0x2e0 [ 190.135556] ? perf_swevent_event+0x158/0x2e0 [ 190.140043] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 190.145573] ? perf_tp_event+0x91b/0xc40 [ 190.149639] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 190.154657] ? filemap_map_pages+0xca2/0x1990 [ 190.159153] ? perf_swevent_event+0x2e0/0x2e0 [ 190.163650] ? perf_trace_run_bpf_submit+0x269/0x3b0 [ 190.168763] ? perf_trace_run_bpf_submit+0x269/0x3b0 [ 190.173870] ? perf_tp_event+0xc40/0xc40 [ 190.177934] ? perf_trace_run_bpf_submit+0x269/0x3b0 [ 190.183031] ? perf_trace_run_bpf_submit+0x269/0x3b0 [ 190.188125] ? perf_trace_run_bpf_submit+0x270/0x3b0 [ 190.193223] ? perf_tp_event+0xc40/0xc40 [ 190.197278] ? zap_class+0x740/0x740 [ 190.200989] ? perf_trace_run_bpf_submit+0x269/0x3b0 [ 190.206091] ? perf_trace_run_bpf_submit+0x269/0x3b0 [ 190.211189] ? perf_trace_run_bpf_submit+0x270/0x3b0 [ 190.216300] ? perf_tp_event+0xc40/0xc40 [ 190.220355] ? zap_class+0x740/0x740 [ 190.224064] ? memset+0x31/0x40 [ 190.227338] ? perf_trace_lock+0x49d/0x920 [ 190.231565] ? perf_trace_run_bpf_submit+0x269/0x3b0 [ 190.236665] ? zap_class+0x740/0x740 [ 190.240371] ? __check_object_size+0xa3/0x5d7 [ 190.244861] ? memset+0x31/0x40 [ 190.248144] ? zap_class+0x740/0x740 [ 190.251861] ? __f_unlock_pos+0x19/0x20 [ 190.255845] ? lock_downgrade+0x8f0/0x8f0 [ 190.260007] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 190.265542] ? proc_fail_nth_write+0x9e/0x210 [ 190.270044] ? lock_acquire+0x1e4/0x540 [ 190.274022] _do_fork+0x291/0x12a0 [ 190.277558] ? fork_idle+0x1a0/0x1a0 [ 190.281274] ? fsnotify_first_mark+0x350/0x350 [ 190.285847] ? fsnotify+0x14e0/0x14e0 [ 190.289647] ? __sb_end_write+0xac/0xe0 [ 190.293631] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 190.299174] ? fput+0x130/0x1a0 [ 190.302456] ? ksys_write+0x1ae/0x260 [ 190.306261] ? __ia32_sys_read+0xb0/0xb0 [ 190.310325] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 190.315875] __x64_sys_clone+0xbf/0x150 [ 190.319852] do_syscall_64+0x1b9/0x820 [ 190.323728] ? finish_task_switch+0x1d3/0x870 [ 190.328226] ? syscall_return_slowpath+0x5e0/0x5e0 [ 190.333160] ? syscall_return_slowpath+0x31d/0x5e0 [ 190.338082] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 190.343093] ? prepare_exit_to_usermode+0x291/0x3b0 [ 190.348102] ? perf_trace_sys_enter+0xb10/0xb10 [ 190.352767] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 190.357609] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 190.362787] RIP: 0033:0x455ab9 [ 190.365965] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 190.385357] RSP: 002b:00007fc93da34c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 190.393059] RAX: ffffffffffffffda RBX: 00007fc93da356d4 RCX: 0000000000455ab9 [ 190.400321] RDX: 0000000020000240 RSI: 0000000020000140 RDI: 0000000000004000 09:52:03 executing program 2: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x0, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) 09:52:03 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x0, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) epoll_create1(0x80000) [ 190.407581] RBP: 000000000072bea0 R08: 00000000200002c0 R09: 0000000000000000 [ 190.414840] R10: 0000000020000280 R11: 0000000000000246 R12: 0000000000000014 [ 190.422102] R13: 00000000004bb85d R14: 00000000004c8d28 R15: 0000000000000029 09:52:03 executing program 7: syz_mount_image$vfat(&(0x7f0000000140)='vfat\x00', &(0x7f0000000100)='./file0\x00', 0x10001, 0x1, &(0x7f0000000040)=[{&(0x7f0000010000)="eb64c86d6b66732e66617400020441000500077008f8", 0x16}], 0x0, &(0x7f0000000240)=ANY=[]) r0 = open(&(0x7f00000001c0)='./file0/file0\x00', 0x3bffa, 0x0) io_setup(0x7, &(0x7f0000000000)=0x0) write$binfmt_elf32(0xffffffffffffffff, &(0x7f0000000180)=ANY=[@ANYRES64], 0xfffffe45) io_submit(r1, 0x1, &(0x7f0000000400)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r0, &(0x7f00000002c0)="80", 0x1}]) 09:52:03 executing program 1: r0 = memfd_create(&(0x7f0000000100)="885d292b00", 0x0) write(r0, &(0x7f0000000080)="a8", 0x1) setsockopt$inet_sctp6_SCTP_RESET_ASSOC(r0, 0x84, 0x78, &(0x7f0000000280), 0x4) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x11, r0, 0x0) sendfile(r0, r0, &(0x7f0000000040), 0xff8) renameat(0xffffffffffffffff, &(0x7f0000000000)='.\x00', 0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00') 09:52:03 executing program 6: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = shmget(0x0, 0x2000, 0x411, &(0x7f0000ffc000/0x2000)=nil) shmctl$IPC_INFO(r0, 0x3, &(0x7f0000000040)=""/16) clone(0x0, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) [ 190.543349] FAT-fs (loop7): Directory bread(block 128) failed [ 190.566356] FAT-fs (loop7): Directory bread(block 129) failed [ 190.572785] FAT-fs (loop7): Directory bread(block 130) failed [ 190.579079] FAT-fs (loop7): Directory bread(block 131) failed [ 190.585194] FAT-fs (loop7): Directory bread(block 132) failed 09:52:03 executing program 0: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x80000000000002, &(0x7f0000000000)=0x78, 0x4) bind$inet(r1, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1=0xe0000001}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000040)='dctcp\x00', 0x7fff) sendto$inet(r1, &(0x7f0000a88f88), 0xfffffffffffffe6e, 0x20000000, &(0x7f0000e68000)={0x2, 0x4004e23, @local={0xac, 0x14, 0x14, 0xaa}}, 0x10) shutdown(0xffffffffffffffff, 0x1) [ 190.593063] FAT-fs (loop7): Directory bread(block 133) failed [ 190.599172] FAT-fs (loop7): Directory bread(block 134) failed [ 190.605398] FAT-fs (loop7): Directory bread(block 135) failed [ 190.611559] FAT-fs (loop7): Directory bread(block 136) failed [ 190.622848] FAT-fs (loop7): Directory bread(block 137) failed 09:52:03 executing program 2: clone(0x0, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) [ 190.653462] attempt to access beyond end of device [ 190.658544] loop7: rw=2049, want=310, limit=128 09:52:03 executing program 6: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x0, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000000040)={{{@in6, @in6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@remote}, 0x0, @in=@remote}}, &(0x7f0000000140)=0xe8) ioprio_get$uid(0x0, r0) 09:52:03 executing program 7: syz_mount_image$vfat(&(0x7f0000000140)='vfat\x00', &(0x7f0000000100)='./file0\x00', 0x10001, 0x1, &(0x7f0000000040)=[{&(0x7f0000010000)="eb64c86d6b66732e66617400020441000500077008f8", 0x16}], 0x0, &(0x7f0000000240)=ANY=[]) r0 = open(&(0x7f00000001c0)='./file0/file0\x00', 0x3bffa, 0x0) io_setup(0x7, &(0x7f0000000000)=0x0) write$binfmt_elf32(r0, &(0x7f0000000180)=ANY=[], 0x0) io_submit(r1, 0x1, &(0x7f0000000400)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r0, &(0x7f00000002c0)="80", 0x1}]) 09:52:03 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000140)='/dev/rtc0\x00', 0x200000, 0x0) ioctl$TUNSETPERSIST(r0, 0x400454cb, 0x0) clone(0x0, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) [ 190.775757] FAT-fs (loop7): Directory bread(block 128) failed [ 190.810098] FAT-fs (loop7): Directory bread(block 129) failed [ 190.833806] FAT-fs (loop7): Directory bread(block 130) failed [ 190.855737] FAT-fs (loop7): Directory bread(block 131) failed 09:52:03 executing program 4 (fault-call:1 fault-nth:42): perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x4000, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) 09:52:03 executing program 2: clone(0x0, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) 09:52:03 executing program 3: r0 = perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$vcsn(&(0x7f0000000100)='/dev/vcs#\x00', 0x7, 0x8000) ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r1) clone(0x0, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) r2 = accept4$nfc_llcp(0xffffffffffffffff, &(0x7f0000000040), &(0x7f00000000c0)=0x60, 0x80000) setsockopt(r2, 0x8001, 0xfffffffffffffffe, &(0x7f00000002c0)="0423ba110f9d778dbe661ead84dd0693dbe1b89887a0d38da6345ea2e445a2eb4ac8532e55f60e75542b9da424c2c705f91a7feffe424e31cf5885225248089364cf331f2822033c223e8e52db81ec16fc31a3930b82bde7c2f4d66ac784e8e6ea1461b3fe83b38fe28b9b82aa0b49fd5ef6980a23c732eb08554f1546bb17c417a8c94c5dc4dac842535ecbce37895917ff4ea5d78cb492d8d3d436b16328b4c3453442752e5b7a96313e7c86df6d59dc7ba7b32d3b6be064343d0f3da413e78cbcc679a590c1d88c6832212b8ae13dcb577610b62c231c4f82041f301fc3ce702abaf97efbc51e624aa9ec15b0c4fd1fde3245b7144ef5c9", 0xf9) r3 = syz_genetlink_get_family_id$team(&(0x7f0000000200)='team\x00') accept$packet(r1, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @random}, &(0x7f0000000400)=0x14) getsockopt$inet6_IPV6_IPSEC_POLICY(r1, 0x29, 0x22, &(0x7f0000000b40)={{{@in6=@ipv4={[], [], @loopback}, @in6=@ipv4={[], [], @multicast1}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@rand_addr}, 0x0, @in6=@mcast2}}, &(0x7f0000000c40)=0xe8) getsockopt$inet_mreqn(r1, 0x0, 0x20, &(0x7f0000000c80)={@remote, @local, 0x0}, &(0x7f0000000cc0)=0xc) getsockopt$inet_pktinfo(r1, 0x0, 0x8, &(0x7f0000000d00)={0x0, @rand_addr, @multicast1}, &(0x7f0000000d40)=0xc) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000d80)={'vcan0\x00', 0x0}) ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, &(0x7f0000000dc0)={'vcan0\x00', 0x0}) getsockname$packet(r1, &(0x7f0000002500)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @broadcast}, &(0x7f0000002540)=0x14) sendmsg$TEAM_CMD_OPTIONS_GET(r1, &(0x7f00000028c0)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x8084000}, 0xc, &(0x7f0000002880)={&(0x7f0000002580)={0x2d8, r3, 0x602, 0x70bd26, 0x25dfdbfd, {0x2}, [{{0x8, 0x1, r4}, {0xb8, 0x2, [{0x74, 0x1, @bpf_hash_func={{0x24, 0x1, 'bpf_hash_func\x00'}, {0x8, 0x3, 0xb}, {0x44, 0x4, [{0x7fff, 0xff, 0x3, 0x1}, {0x10, 0x10000, 0x84, 0x3}, {0x100000001, 0x1, 0x8587, 0x9}, {0xffffffffffffffc0, 0x0, 0xffffffffffffff80}, {0x9, 0x3ff, 0x7fff, 0x5}, {0x9, 0x5, 0x7, 0x9}, {0x7fffffff, 0x0, 0x7, 0xb}, {0x7, 0x20, 0x8, 0x101}]}}}, {0x40, 0x1, @lb_hash_stats={{{0x24, 0x1, 'lb_hash_stats\x00'}, {0x8, 0x3, 0xb}, {0x8, 0x4, 0x3}}, {0x8, 0x7}}}]}}, {{0x8, 0x1, r5}, {0x78, 0x2, [{0x3c, 0x1, @enabled={{{0x24, 0x1, 'enabled\x00'}, {0x8, 0x3, 0x6}, {0x4, 0x4}}, {0x8, 0x6, r6}}}, {0x38, 0x1, @lb_stats_refresh_interval={{0x24, 0x1, 'lb_stats_refresh_interval\x00'}, {0x8, 0x3, 0x3}, {0x8, 0x4, 0xfffffffeffffffff}}}]}}, {{0x8, 0x1, r7}, {0x17c, 0x2, [{0x40, 0x1, @lb_hash_stats={{{0x24, 0x1, 'lb_hash_stats\x00'}, {0x8, 0x3, 0xb}, {0x8, 0x4, 0x80000001}}, {0x8, 0x7}}}, {0x4c, 0x1, @lb_tx_method={{0x24, 0x1, 'lb_tx_method\x00'}, {0x8, 0x3, 0x5}, {0x1c, 0x4, 'hash_to_port_mapping\x00'}}}, {0x3c, 0x1, @enabled={{{0x24, 0x1, 'enabled\x00'}, {0x8, 0x3, 0x6}, {0x4, 0x4}}, {0x8, 0x6, r8}}}, {0x38, 0x1, @activeport={{0x24, 0x1, 'activeport\x00'}, {0x8, 0x3, 0x3}, {0x8, 0x4, r9}}}, {0x3c, 0x1, @name={{0x24, 0x1, 'mode\x00'}, {0x8, 0x3, 0x5}, {0xc, 0x4, 'random\x00'}}}, {0x3c, 0x1, @user_linkup_enabled={{{0x24, 0x1, 'user_linkup_enabled\x00'}, {0x8, 0x3, 0x6}, {0x4, 0x4}}, {0x8, 0x6, r10}}}]}}]}, 0x2d8}, 0x1, 0x0, 0x0, 0x8854}, 0x4004000) 09:52:03 executing program 6: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ppp\x00', 0x101000, 0x0) getsockopt$inet_sctp6_SCTP_HMAC_IDENT(r0, 0x84, 0x16, &(0x7f0000000040)=ANY=[@ANYBLOB="e3796f08020000b93973fc0f7aa7290781000f00000700"], &(0x7f0000000200)=0x14) clone(0x0, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000300)='/dev/dsp\x00', 0x1017ff, 0x0) accept4$inet(r1, 0x0, &(0x7f00000002c0), 0x800) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_STATUS(r1, 0xc05c5340, &(0x7f0000000080)={0x80, 0x81, 0x200, {0x77359400}, 0x2, 0x1}) 09:52:03 executing program 5: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x80000000000002, &(0x7f0000000000)=0x78, 0x4) bind$inet(r1, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1=0xe0000001}, 0x10) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f00000000c0)={0x1, &(0x7f0000f40ff8)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, &(0x7f0000000040)='dctcp\x00', 0x7fff) sendto$inet(r1, &(0x7f0000a88f88), 0xfffffffffffffe6e, 0x20000000, &(0x7f0000e68000)={0x2, 0x4004e23, @local={0xac, 0x14, 0x14, 0xaa}}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000001800)='nv\x00', 0x3) shutdown(r1, 0x1) [ 190.878549] FAT-fs (loop7): Directory bread(block 132) failed [ 190.895829] FAT-fs (loop7): Directory bread(block 133) failed [ 190.919137] FAT-fs (loop7): Directory bread(block 134) failed 09:52:03 executing program 1: r0 = memfd_create(&(0x7f0000000100)="885d292b00", 0x0) write(r0, &(0x7f0000000080)="a8", 0x1) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x11, r0, 0x0) getsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000140)={{{@in6=@local, @in6=@mcast1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@multicast2}, 0x0, @in=@multicast2}}, &(0x7f0000000240)=0xe8) ioctl$sock_inet6_SIOCDIFADDR(r0, 0x8936, &(0x7f0000000280)={@mcast1={0xff, 0x1, [], 0x1}, 0x0, r1}) clock_gettime(0x0, &(0x7f00000002c0)={0x0, 0x0}) clock_nanosleep(0x2, 0x1, &(0x7f0000000300)={r2, r3+30000000}, 0x0) sendfile(r0, r0, &(0x7f0000000040), 0xff8) renameat(0xffffffffffffffff, &(0x7f0000000000)='.\x00', 0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00') ioctl$BLKTRACETEARDOWN(r0, 0x1276, 0x0) 09:52:03 executing program 2: clone(0x0, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) [ 190.949127] FAT-fs (loop7): Directory bread(block 135) failed [ 190.955856] FAT-fs (loop7): Directory bread(block 136) failed [ 190.985547] FAT-fs (loop7): Directory bread(block 137) failed [ 191.025981] attempt to access beyond end of device [ 191.031036] loop7: rw=2049, want=310, limit=128 09:52:04 executing program 7: syz_mount_image$vfat(&(0x7f0000000140)='vfat\x00', &(0x7f0000000100)='./file0\x00', 0x10001, 0x1, &(0x7f0000000040)=[{&(0x7f0000010000)="eb64c86d6b66732e66617400020441000500077008f8", 0x16}], 0x0, &(0x7f0000000240)=ANY=[]) r0 = open(&(0x7f00000001c0)='./file0/file0\x00', 0x3bffa, 0x0) io_setup(0x7, &(0x7f0000000000)=0x0) write$binfmt_elf32(r0, &(0x7f0000000180)=ANY=[], 0x0) io_submit(r1, 0x1, &(0x7f0000000400)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r0, &(0x7f00000002c0)="80", 0x1}]) 09:52:04 executing program 2: perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x0, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) 09:52:04 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffff9c, 0x89e2, &(0x7f0000000040)={0xffffffffffffffff}) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(0xffffffffffffff9c, 0x84, 0x66, &(0x7f0000000080)={0x0, 0x9}, &(0x7f00000000c0)=0x8) getsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(r0, 0x84, 0xa, &(0x7f0000000100)={0x4, 0x452, 0x9, 0x40, 0x200, 0x8, 0x5, 0x3, r1}, &(0x7f0000000140)=0x20) clone(0x0, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) [ 191.142797] FAT-fs (loop7): Directory bread(block 128) failed [ 191.172102] FAT-fs (loop7): Directory bread(block 129) failed 09:52:04 executing program 6: r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/audio\x00', 0x8080, 0x0) getsockopt$inet_sctp_SCTP_GET_LOCAL_ADDRS(0xffffffffffffff9c, 0x84, 0x6d, &(0x7f0000000080)={0x0, 0xb, "8a016ecd48d1000d3d2057"}, &(0x7f00000000c0)=0x13) getsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r0, 0x84, 0x72, &(0x7f0000000100)={r1, 0x80000000, 0x30}, &(0x7f0000000140)=0xc) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x0, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) [ 191.190321] FAT-fs (loop7): Directory bread(block 130) failed [ 191.200200] FAT-fs (loop7): Directory bread(block 131) failed [ 191.213210] FAT-fs (loop7): Directory bread(block 132) failed [ 191.236635] FAT-fs (loop7): Directory bread(block 133) failed [ 191.264200] FAT-fs (loop7): Directory bread(block 134) failed [ 191.284550] FAT-fs (loop7): Directory bread(block 135) failed [ 191.301301] FAT-fs (loop7): Directory bread(block 136) failed [ 191.309743] FAT-fs (loop7): Directory bread(block 137) failed [ 191.332363] FAULT_INJECTION: forcing a failure. [ 191.332363] name failslab, interval 1, probability 0, space 0, times 0 [ 191.342379] attempt to access beyond end of device [ 191.343647] CPU: 1 PID: 11246 Comm: syz-executor4 Not tainted 4.18.0-rc5-next-20180720+ #12 [ 191.348579] loop7: rw=2049, want=310, limit=128 [ 191.357042] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 191.357048] Call Trace: [ 191.357073] dump_stack+0x1c9/0x2b4 [ 191.357091] ? dump_stack_print_info.cold.2+0x52/0x52 [ 191.357111] ? perf_trace_lock+0xde/0x920 [ 191.357131] should_fail.cold.4+0xa/0x11 [ 191.357148] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 191.357164] ? percpu_ref_put_many+0x131/0x240 [ 191.357177] ? mem_cgroup_id_get_online+0x310/0x310 [ 191.357188] ? check_same_owner+0x340/0x340 [ 191.357206] ? rcu_note_context_switch+0x730/0x730 [ 191.414711] ? lock_acquire+0x1e4/0x540 [ 191.418697] ? fs_reclaim_acquire+0x20/0x20 [ 191.423032] ? lock_downgrade+0x8f0/0x8f0 [ 191.427177] ? check_same_owner+0x340/0x340 [ 191.431497] ? rcu_note_context_switch+0x730/0x730 [ 191.436425] __should_failslab+0x124/0x180 [ 191.440653] should_failslab+0x9/0x14 [ 191.444448] kmem_cache_alloc+0x2af/0x760 [ 191.448585] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 191.454112] ptlock_alloc+0x20/0x80 [ 191.457738] pte_alloc_one+0x6b/0x1a0 [ 191.461528] __pte_alloc+0x2a/0x3c0 [ 191.465141] copy_page_range+0x1670/0x24c0 [ 191.469360] ? kernel_text_address+0x79/0xf0 [ 191.473765] ? __pmd_alloc+0x530/0x530 [ 191.477638] ? _do_fork+0x291/0x12a0 [ 191.481335] ? do_syscall_64+0x1b9/0x820 [ 191.485383] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 191.490751] ? lock_acquire+0x1e4/0x540 [ 191.494718] ? percpu_ref_put_many+0x119/0x240 [ 191.499289] ? lock_downgrade+0x8f0/0x8f0 [ 191.503424] ? anon_vma_fork+0x651/0x960 [ 191.507468] ? lock_downgrade+0x8f0/0x8f0 [ 191.511612] ? lock_release+0xa30/0xa30 [ 191.515579] ? percpu_ref_put_many+0x131/0x240 [ 191.520147] ? rcu_note_context_switch+0x730/0x730 [ 191.525067] ? up_write+0x7b/0x220 [ 191.528591] ? up_read+0x110/0x110 [ 191.532115] ? anon_vma_interval_tree_insert+0x26b/0x300 [ 191.537554] ? anon_vma_clone+0x740/0x740 [ 191.541689] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 191.546717] ? __vma_link_rb+0x2a4/0x3f0 [ 191.550780] copy_process.part.41+0x5ead/0x73d0 [ 191.555459] ? __cleanup_sighand+0x70/0x70 [ 191.559687] ? lock_release+0xa30/0xa30 09:52:04 executing program 0: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x80000000000002, &(0x7f0000000000)=0x78, 0x4) bind$inet(r1, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1=0xe0000001}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000040)='dctcp\x00', 0x7fff) sendto$inet(r1, &(0x7f0000a88f88), 0xfffffffffffffe6e, 0x20000000, &(0x7f0000e68000)={0x2, 0x4004e23, @local={0xac, 0x14, 0x14, 0xaa}}, 0x10) shutdown(r1, 0x0) 09:52:04 executing program 2: perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x0, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) 09:52:04 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x0, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000080)='cpuset.effective_cpus\x00', 0x0, 0x0) ioctl$SNDRV_RAWMIDI_IOCTL_INFO(r0, 0x810c5701, &(0x7f00000002c0)) r1 = msgget(0x1, 0x2) msgctl$IPC_INFO(r1, 0x3, &(0x7f0000000040)=""/60) 09:52:04 executing program 6: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x0, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000140), &(0x7f00000002c0)) r0 = syz_open_dev$amidi(&(0x7f0000000040)='/dev/amidi#\x00', 0x61b, 0x80200) r1 = getpgid(0x0) perf_event_open(&(0x7f00000000c0)={0x3, 0x70, 0x8000, 0x8000, 0x4, 0x5, 0x0, 0x0, 0x20, 0x6, 0x77, 0x5, 0x3, 0xceee, 0x3ff, 0x7ff, 0x10001, 0x4, 0xa25b, 0x0, 0xde7a, 0x4, 0x1, 0x9, 0x1c000000000000, 0x1, 0x1, 0x5, 0x7f, 0xfffffffffffffffe, 0x6008, 0xfffffffffffffffa, 0xffff, 0x3, 0x7, 0xffffffffffffffff, 0x8, 0x8, 0x0, 0x6, 0x0, @perf_config_ext={0x5, 0x100000000}, 0x2080, 0x80000001, 0x1e6, 0x5, 0x0, 0x2, 0xe003}, r1, 0x10, r0, 0x2) setsockopt$inet_sctp6_SCTP_I_WANT_MAPPED_V4_ADDR(r0, 0x84, 0xc, &(0x7f0000000080)=0x4, 0x4) 09:52:04 executing program 1: r0 = memfd_create(&(0x7f0000000100)="885d292b00", 0x0) write(r0, &(0x7f0000000080)="a8", 0x1) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x11, r0, 0x0) ioctl$KDGKBDIACR(r0, 0x4b4a, &(0x7f0000000180)=""/150) sendfile(r0, r0, &(0x7f0000000040), 0xff8) setsockopt$SO_VM_SOCKETS_BUFFER_MAX_SIZE(r0, 0x28, 0x2, &(0x7f0000000000)=0x6, 0x8) timer_create(0x399b09b470cb5d62, &(0x7f0000000240)={0x0, 0x12, 0x2}, &(0x7f0000000280)=0x0) timer_gettime(r1, &(0x7f00000002c0)) renameat(0xffffffffffffffff, &(0x7f0000000140)='.\x00', r0, &(0x7f00000000c0)='./file0\x00') [ 191.563648] ? xas_descend+0x20c/0x5f0 [ 191.567521] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 191.572531] ? check_pgprot+0xdf/0x180 [ 191.576402] ? put_page+0x280/0x280 [ 191.580016] ? kasan_check_write+0x14/0x20 [ 191.584241] ? alloc_set_pte+0xaf6/0x1790 [ 191.588378] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 191.593379] ? filemap_map_pages+0xca2/0x1990 [ 191.597879] ? trace_hardirqs_on+0x10/0x10 [ 191.602110] ? xa_set_tag+0x40/0x40 [ 191.605748] ? perf_trace_lock+0xde/0x920 [ 191.609906] ? trace_hardirqs_on+0x10/0x10 [ 191.614143] ? trace_hardirqs_on+0x10/0x10 [ 191.618379] ? trace_hardirqs_on+0x10/0x10 [ 191.622623] ? find_get_entries_tag+0x1410/0x1410 [ 191.627478] ? perf_trace_lock+0xde/0x920 [ 191.631638] ? zap_class+0x740/0x740 [ 191.635364] ? zap_class+0x740/0x740 [ 191.639086] ? zap_class+0x740/0x740 [ 191.642808] ? shrink_dcache_sb+0x350/0x350 [ 191.647132] ? perf_trace_lock+0xde/0x920 [ 191.651293] ? lock_acquire+0x1e4/0x540 [ 191.655281] ? __fdget_pos+0x1bb/0x200 [ 191.659176] ? zap_class+0x740/0x740 [ 191.662897] ? lock_release+0xa30/0xa30 [ 191.666878] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 191.672420] ? _parse_integer+0x13b/0x190 [ 191.676574] ? perf_trace_lock+0xde/0x920 [ 191.680724] ? _kstrtoull+0x188/0x250 [ 191.684533] ? _parse_integer+0x190/0x190 [ 191.689034] ? zap_class+0x740/0x740 [ 191.692755] ? __check_object_size+0xa3/0x5d7 [ 191.697258] ? lock_acquire+0x1e4/0x540 [ 191.701242] ? get_pid_task+0xd8/0x1a0 [ 191.705143] ? perf_trace_lock+0xde/0x920 [ 191.709297] ? lock_release+0xa30/0xa30 [ 191.713881] ? zap_class+0x740/0x740 [ 191.717606] ? vmf_insert_mixed_mkwrite+0xa0/0xa0 [ 191.722453] ? __f_unlock_pos+0x19/0x20 [ 191.726435] ? lock_downgrade+0x8f0/0x8f0 [ 191.730588] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 191.736129] ? proc_fail_nth_write+0x9e/0x210 [ 191.740636] ? lock_acquire+0x1e4/0x540 [ 191.744618] _do_fork+0x291/0x12a0 [ 191.748166] ? fork_idle+0x1a0/0x1a0 [ 191.751888] ? fsnotify_first_mark+0x350/0x350 [ 191.756476] ? fsnotify+0x14e0/0x14e0 [ 191.760295] ? __sb_end_write+0xac/0xe0 [ 191.764280] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 191.769817] ? fput+0x130/0x1a0 [ 191.773098] ? ksys_write+0x1ae/0x260 [ 191.776904] ? __ia32_sys_read+0xb0/0xb0 [ 191.780965] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 191.786508] __x64_sys_clone+0xbf/0x150 [ 191.790484] do_syscall_64+0x1b9/0x820 [ 191.794375] ? syscall_return_slowpath+0x5e0/0x5e0 [ 191.799314] ? syscall_return_slowpath+0x31d/0x5e0 [ 191.804261] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 191.809304] ? prepare_exit_to_usermode+0x291/0x3b0 [ 191.814327] ? perf_trace_sys_enter+0xb10/0xb10 [ 191.819002] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 191.823861] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 191.829050] RIP: 0033:0x455ab9 [ 191.832252] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 191.851562] RSP: 002b:00007fc93da34c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 191.859309] RAX: ffffffffffffffda RBX: 00007fc93da356d4 RCX: 0000000000455ab9 [ 191.866582] RDX: 0000000020000240 RSI: 0000000020000140 RDI: 0000000000004000 [ 191.873851] RBP: 000000000072bea0 R08: 00000000200002c0 R09: 0000000000000000 [ 191.881124] R10: 0000000020000280 R11: 0000000000000246 R12: 0000000000000014 [ 191.888486] R13: 00000000004bb85d R14: 00000000004c8d28 R15: 000000000000002a 09:52:04 executing program 4 (fault-call:1 fault-nth:43): perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x4000, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) 09:52:04 executing program 6: r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vcs\x00', 0x8000, 0x0) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$int_in(r0, 0x0, &(0x7f0000000080)=0x10000) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r0, &(0x7f00000000c0)={0x11}) clone(0x0, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) ioctl$TUNSETNOCSUM(r0, 0x400454c8, 0x0) ioctl$UFFDIO_ZEROPAGE(r0, 0xc020aa04, &(0x7f0000000100)={{&(0x7f0000ffc000/0x4000)=nil, 0x4000}}) 09:52:04 executing program 5: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x80000000000002, &(0x7f0000000000)=0x78, 0x4) bind$inet(r1, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1=0xe0000001}, 0x10) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f00000000c0)={0x1, &(0x7f0000f40ff8)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000040)='dctcp\x00', 0x7fff) sendto$inet(0xffffffffffffffff, &(0x7f0000a88f88), 0xfffffffffffffe6e, 0x20000000, &(0x7f0000e68000)={0x2, 0x4004e23, @local={0xac, 0x14, 0x14, 0xaa}}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000001800)='nv\x00', 0x3) shutdown(r1, 0x1) 09:52:04 executing program 7: syz_mount_image$vfat(&(0x7f0000000140)='vfat\x00', &(0x7f0000000100)='./file0\x00', 0x10001, 0x1, &(0x7f0000000040)=[{&(0x7f0000010000)="eb64c86d6b66732e66617400020441000500077008f8", 0x16}], 0x0, &(0x7f0000000240)=ANY=[]) r0 = open(&(0x7f00000001c0)='./file0/file0\x00', 0x3bffa, 0x0) io_setup(0x7, &(0x7f0000000000)=0x0) write$binfmt_elf32(r0, &(0x7f0000000180)=ANY=[], 0x0) io_submit(r1, 0x1, &(0x7f0000000400)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r0, &(0x7f00000002c0)="80", 0x1}]) 09:52:04 executing program 2: perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x0, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) 09:52:04 executing program 1: r0 = memfd_create(&(0x7f0000000280)='md5sumsecurity\x00', 0x0) r1 = msgget$private(0x0, 0x44) msgrcv(r1, &(0x7f0000000400)=ANY=[@ANYBLOB="30000018e2ff4100fc0729446d4e7c718167"], 0x12, 0x3, 0x3000) write(r0, &(0x7f0000000080)="a8", 0xffffffffffffffc9) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x110, r0, 0x0) r2 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000180)='IPVS\x00') sendmsg$IPVS_CMD_SET_SERVICE(r0, &(0x7f0000000340)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x80000018}, 0xc, &(0x7f0000000300)={&(0x7f0000000440)=ANY=[@ANYBLOB="28010000", @ANYRES16=r2, @ANYBLOB="00012bbd7000fedbdf25020000004400020008000500ff03000014000100e000000200000000000000000000000008000300010000001400010000000000000000000000000000000001cd545d1a3508000900ff0f0000080005000400000008000500ff030000080006000300000034000200080009000600000008000600ff0f00000800050004000000080002004e230000080009000100000008000300000000005400010008000500020000000c00070008000000020000000c00070010000000030000000c0007000400000026000000080005000300000008000200ff0000000c00070010000000040000000800060077727200040001002c0002000800070004000000080005000600000008000700ffffffff08000800010000000800050001000000dc2781e61db8380347dbc0c6cce3b292e4cd824d32266180247edfb2f6bf3d078d953d49a6622155360d23438e65c12dfe0db450daf5edbce643a8eec540db3df8508ae4e07ed23b1befdb2a509bb212005d83382c781b440d006a0183131969ce10e93bdbf1fedf982474b133f84422a8b0793febe25a00cec61100a53c757f1d5c3c65496d09dc0e0f6cfbe801fffaa36c807d00e65ad507c737e3c635179ecb91f4587c942dbce570e42b5c4fcd25f217c18307c121c925461c154dfee42b896089a4efb930b43ce4ca6dceb94e5bc437b88f1dccde7a53235ce870f14f10256b08b817bf2317869c77f080a619b293992dac1f0593837faaae47dcace21e"], 0x128}, 0x1, 0x0, 0x0, 0x48041}, 0x81) sendfile(r0, r0, &(0x7f0000000040), 0xff8) pwrite64(r0, &(0x7f0000000380)="d1943da449bf34c3d32a073ea22016110cf48ae6dafed267c179afa806932c574077a9fd5bd2a46eed641c5b02af97bf2c6a4ce4a6913e5451f160100f4cf7c943b8a94dbe8fef9ed4450524d3eed66728226304784fcb36704de26a995941a8a4a5ccc55498e1f52a58dca47d2e9bd37bb716619769514d2f27eef813abb749", 0x80, 0x0) renameat(0xffffffffffffffff, &(0x7f0000000000)='.\x00', 0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00') ioctl$SNDRV_SEQ_IOCTL_RUNNING_MODE(r0, 0xc0105303, &(0x7f00000001c0)={0x7, 0x80, 0x1}) [ 192.007651] FAULT_INJECTION: forcing a failure. [ 192.007651] name failslab, interval 1, probability 0, space 0, times 0 [ 192.018943] CPU: 1 PID: 11288 Comm: syz-executor4 Not tainted 4.18.0-rc5-next-20180720+ #12 [ 192.018953] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 192.018958] Call Trace: [ 192.018986] dump_stack+0x1c9/0x2b4 [ 192.043597] ? dump_stack_print_info.cold.2+0x52/0x52 [ 192.048787] ? perf_trace_lock+0xde/0x920 [ 192.052929] should_fail.cold.4+0xa/0x11 [ 192.056976] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 192.062070] ? anon_vma_fork+0x651/0x960 [ 192.066133] ? percpu_counter_add_batch+0xf2/0x150 [ 192.071053] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 192.076056] ? __vm_enough_memory+0x590/0x980 [ 192.080556] ? lock_acquire+0x1e4/0x540 [ 192.084550] ? fs_reclaim_acquire+0x20/0x20 [ 192.088858] ? lock_downgrade+0x8f0/0x8f0 [ 192.093007] ? up_write+0x7b/0x220 [ 192.096538] ? check_same_owner+0x340/0x340 [ 192.100846] ? rcu_note_context_switch+0x730/0x730 [ 192.105763] __should_failslab+0x124/0x180 [ 192.109984] should_failslab+0x9/0x14 [ 192.113773] kmem_cache_alloc+0x2af/0x760 [ 192.117907] ? security_vm_enough_memory_mm+0x9d/0xc0 [ 192.123095] copy_process.part.41+0x2f81/0x73d0 [ 192.127761] ? __cleanup_sighand+0x70/0x70 [ 192.131994] ? lock_release+0xa30/0xa30 [ 192.135959] ? xas_descend+0x20c/0x5f0 [ 192.139834] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 192.144858] ? check_pgprot+0xdf/0x180 [ 192.148738] ? put_page+0x280/0x280 [ 192.152362] ? kasan_check_write+0x14/0x20 [ 192.156589] ? alloc_set_pte+0xaf6/0x1790 [ 192.160825] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 192.165832] ? filemap_map_pages+0xca2/0x1990 [ 192.170312] ? trace_hardirqs_on+0x10/0x10 [ 192.174532] ? xa_set_tag+0x40/0x40 [ 192.178158] ? kasan_check_write+0x14/0x20 [ 192.182382] ? trace_hardirqs_on+0x10/0x10 [ 192.186702] ? trace_hardirqs_on+0x10/0x10 [ 192.190923] ? trace_hardirqs_on+0x10/0x10 [ 192.195147] ? find_get_entries_tag+0x1410/0x1410 [ 192.199979] ? perf_trace_lock+0xde/0x920 [ 192.204126] ? zap_class+0x740/0x740 [ 192.207834] ? zap_class+0x740/0x740 [ 192.211533] ? zap_class+0x740/0x740 [ 192.215231] ? shrink_dcache_sb+0x350/0x350 [ 192.219542] ? perf_trace_lock+0xde/0x920 [ 192.223676] ? lock_acquire+0x1e4/0x540 [ 192.227632] ? __fdget_pos+0x1bb/0x200 [ 192.231506] ? zap_class+0x740/0x740 [ 192.235208] ? lock_release+0xa30/0xa30 [ 192.239181] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 192.244721] ? _parse_integer+0x13b/0x190 [ 192.248857] ? perf_trace_lock+0xde/0x920 [ 192.252990] ? _kstrtoull+0x188/0x250 [ 192.256778] ? _parse_integer+0x190/0x190 [ 192.260911] ? zap_class+0x740/0x740 [ 192.264612] ? __check_object_size+0xa3/0x5d7 [ 192.269097] ? lock_acquire+0x1e4/0x540 [ 192.273054] ? get_pid_task+0xd8/0x1a0 [ 192.276925] ? perf_trace_lock+0xde/0x920 [ 192.281059] ? lock_release+0xa30/0xa30 [ 192.285022] ? zap_class+0x740/0x740 [ 192.288727] ? vmf_insert_mixed_mkwrite+0xa0/0xa0 [ 192.293565] ? __f_unlock_pos+0x19/0x20 [ 192.297527] ? lock_downgrade+0x8f0/0x8f0 [ 192.301675] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 192.307197] ? proc_fail_nth_write+0x9e/0x210 [ 192.311679] ? lock_acquire+0x1e4/0x540 [ 192.315642] _do_fork+0x291/0x12a0 [ 192.319177] ? fork_idle+0x1a0/0x1a0 [ 192.322876] ? fsnotify_first_mark+0x350/0x350 [ 192.327447] ? fsnotify+0x14e0/0x14e0 [ 192.331241] ? __sb_end_write+0xac/0xe0 [ 192.335203] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 192.340725] ? fput+0x130/0x1a0 [ 192.343988] ? ksys_write+0x1ae/0x260 [ 192.347777] ? __ia32_sys_read+0xb0/0xb0 [ 192.351828] ? syscall_slow_exit_work+0x500/0x500 [ 192.356660] __x64_sys_clone+0xbf/0x150 [ 192.360622] do_syscall_64+0x1b9/0x820 [ 192.364496] ? finish_task_switch+0x1d3/0x870 [ 192.368979] ? syscall_return_slowpath+0x5e0/0x5e0 [ 192.373905] ? syscall_return_slowpath+0x31d/0x5e0 [ 192.378824] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 192.383827] ? prepare_exit_to_usermode+0x291/0x3b0 [ 192.388828] ? perf_trace_sys_enter+0xb10/0xb10 [ 192.393494] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 192.398328] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 192.403504] RIP: 0033:0x455ab9 [ 192.406673] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 192.425869] RSP: 002b:00007fc93da34c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 192.433574] RAX: ffffffffffffffda RBX: 00007fc93da356d4 RCX: 0000000000455ab9 [ 192.440827] RDX: 0000000020000240 RSI: 0000000020000140 RDI: 0000000000004000 [ 192.448080] RBP: 000000000072bea0 R08: 00000000200002c0 R09: 0000000000000000 09:52:05 executing program 3: r0 = perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv4/vs/am_droprate\x00', 0x2, 0x0) ioctl$PIO_FONTX(r1, 0x4b6c, &(0x7f0000000080)="606b7df523011645d8f1f01531f322ca6fdfaf1d89ea9a5de54abe68803395d88d0a6718b78b7872b585956ec9137ea5861e974df39d7238cba19a79e5c9c57f5df82fe1a654038aa801598269") sync_file_range(r1, 0x8b, 0x3, 0x0) epoll_ctl$EPOLL_CTL_DEL(r1, 0x2, r0) clone(0x0, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) [ 192.455336] R10: 0000000020000280 R11: 0000000000000246 R12: 0000000000000014 [ 192.462587] R13: 00000000004bb85d R14: 00000000004c8d28 R15: 000000000000002b [ 192.497173] FAT-fs (loop7): Directory bread(block 128) failed 09:52:05 executing program 2: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x0, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) [ 192.513950] FAT-fs (loop7): Directory bread(block 129) failed [ 192.520255] FAT-fs (loop7): Directory bread(block 130) failed [ 192.520275] FAT-fs (loop7): Directory bread(block 131) failed [ 192.520292] FAT-fs (loop7): Directory bread(block 132) failed [ 192.520310] FAT-fs (loop7): Directory bread(block 133) failed [ 192.520327] FAT-fs (loop7): Directory bread(block 134) failed 09:52:05 executing program 6: socketpair$inet6_dccp(0xa, 0x6, 0x0, &(0x7f0000000040)) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x0, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) [ 192.520345] FAT-fs (loop7): Directory bread(block 135) failed [ 192.520443] FAT-fs (loop7): Directory bread(block 136) failed [ 192.520463] FAT-fs (loop7): Directory bread(block 137) failed [ 192.540055] attempt to access beyond end of device [ 192.582616] loop7: rw=2049, want=310, limit=128 09:52:05 executing program 4 (fault-call:1 fault-nth:44): perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x4000, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) 09:52:05 executing program 3: r0 = perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x0, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ppp\x00', 0x400, 0x0) getsockopt$inet_sctp_SCTP_STATUS(r0, 0x84, 0xe, &(0x7f00000002c0)={0x0, 0x3, 0x1, 0x7, 0x7fffffff, 0x1, 0xffffffffffffffff, 0x54, {0x0, @in6={{0xa, 0x4e20, 0x2, @remote={0xfe, 0x80, [], 0xbb}, 0x10000}}, 0x2, 0x5, 0x2, 0x0, 0x7}}, &(0x7f0000000100)=0xb0) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER(r1, 0x84, 0x7b, &(0x7f0000000140)={r2, 0x9}, 0x8) pipe2(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80000) ioctl$VHOST_GET_VRING_ENDIAN(r3, 0x4008af14, &(0x7f0000000080)={0x1, 0x56393456}) [ 192.684388] FAULT_INJECTION: forcing a failure. [ 192.684388] name failslab, interval 1, probability 0, space 0, times 0 [ 192.695780] CPU: 0 PID: 11314 Comm: syz-executor4 Not tainted 4.18.0-rc5-next-20180720+ #12 [ 192.704286] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 192.713659] Call Trace: [ 192.716272] dump_stack+0x1c9/0x2b4 [ 192.719932] ? dump_stack_print_info.cold.2+0x52/0x52 [ 192.725148] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 192.730418] should_fail.cold.4+0xa/0x11 [ 192.734507] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 192.739638] ? lock_release+0xa30/0xa30 [ 192.743640] ? kasan_check_read+0x11/0x20 [ 192.747810] ? rcu_is_watching+0x8c/0x150 [ 192.751978] ? rcu_cleanup_dead_rnp+0x200/0x200 [ 192.756678] ? is_bpf_text_address+0xd7/0x170 [ 192.761215] ? kernel_text_address+0x79/0xf0 [ 192.765648] ? __kernel_text_address+0xd/0x40 [ 192.770173] ? unwind_get_return_address+0x61/0xa0 [ 192.775105] ? __save_stack_trace+0x8d/0xf0 [ 192.779437] ? save_stack+0xa9/0xd0 [ 192.783060] ? save_stack+0x43/0xd0 [ 192.786677] ? kasan_kmalloc+0xc4/0xe0 [ 192.790584] __should_failslab+0x124/0x180 [ 192.794816] should_failslab+0x9/0x14 [ 192.798611] kmem_cache_alloc+0x47/0x760 [ 192.802661] ? lock_acquire+0x1e4/0x540 [ 192.806649] ? percpu_ref_put_many+0x119/0x240 [ 192.811225] ? lock_downgrade+0x8f0/0x8f0 [ 192.815368] anon_vma_clone+0x140/0x740 [ 192.819334] ? fs_reclaim_acquire+0x20/0x20 [ 192.823649] ? unlink_anon_vmas+0xa60/0xa60 [ 192.827975] ? dup_userfaultfd+0x775/0x9a0 [ 192.832204] anon_vma_fork+0xf0/0x960 [ 192.836008] ? kasan_unpoison_shadow+0x35/0x50 [ 192.840596] ? anon_vma_clone+0x740/0x740 [ 192.844753] ? kasan_slab_alloc+0x12/0x20 [ 192.848891] ? kmem_cache_alloc+0x2fc/0x760 [ 192.853212] copy_process.part.41+0x6705/0x73d0 [ 192.857900] ? __cleanup_sighand+0x70/0x70 [ 192.862126] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 192.867667] ? perf_tp_event+0x91b/0xc40 [ 192.871722] ? xas_descend+0x20c/0x5f0 [ 192.875625] ? perf_swevent_event+0x2e0/0x2e0 [ 192.880121] ? perf_swevent_event+0x158/0x2e0 [ 192.884607] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 192.890135] ? perf_tp_event+0x91b/0xc40 [ 192.894183] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 192.899198] ? filemap_map_pages+0xca2/0x1990 [ 192.903702] ? perf_swevent_event+0x2e0/0x2e0 [ 192.908200] ? perf_trace_run_bpf_submit+0x269/0x3b0 [ 192.913314] ? perf_trace_run_bpf_submit+0x269/0x3b0 [ 192.918416] ? perf_tp_event+0xc40/0xc40 [ 192.922474] ? perf_trace_run_bpf_submit+0x269/0x3b0 [ 192.927571] ? perf_trace_run_bpf_submit+0x269/0x3b0 [ 192.932672] ? perf_trace_run_bpf_submit+0x270/0x3b0 [ 192.937771] ? perf_tp_event+0xc40/0xc40 [ 192.941825] ? zap_class+0x740/0x740 [ 192.945554] ? perf_trace_run_bpf_submit+0x269/0x3b0 [ 192.950654] ? perf_trace_run_bpf_submit+0x269/0x3b0 [ 192.955750] ? perf_trace_run_bpf_submit+0x270/0x3b0 [ 192.960862] ? perf_tp_event+0xc40/0xc40 [ 192.964917] ? zap_class+0x740/0x740 [ 192.968653] ? memset+0x31/0x40 [ 192.971929] ? perf_trace_lock+0x49d/0x920 [ 192.976155] ? perf_trace_run_bpf_submit+0x269/0x3b0 [ 192.981264] ? zap_class+0x740/0x740 [ 192.984973] ? __check_object_size+0xa3/0x5d7 [ 192.989464] ? memset+0x31/0x40 [ 192.992752] ? zap_class+0x740/0x740 [ 192.996462] ? __f_unlock_pos+0x19/0x20 [ 193.000661] ? lock_downgrade+0x8f0/0x8f0 [ 193.004806] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 193.010344] ? proc_fail_nth_write+0x9e/0x210 [ 193.014837] ? lock_acquire+0x1e4/0x540 [ 193.018809] _do_fork+0x291/0x12a0 [ 193.022344] ? fork_idle+0x1a0/0x1a0 [ 193.026058] ? fsnotify_first_mark+0x350/0x350 [ 193.030650] ? fsnotify+0x14e0/0x14e0 [ 193.034453] ? __sb_end_write+0xac/0xe0 [ 193.038423] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 193.043950] ? fput+0x130/0x1a0 [ 193.047220] ? ksys_write+0x1ae/0x260 [ 193.051016] ? __ia32_sys_read+0xb0/0xb0 [ 193.055069] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 193.060603] __x64_sys_clone+0xbf/0x150 [ 193.064585] do_syscall_64+0x1b9/0x820 [ 193.068462] ? finish_task_switch+0x1d3/0x870 [ 193.072950] ? syscall_return_slowpath+0x5e0/0x5e0 [ 193.077869] ? syscall_return_slowpath+0x31d/0x5e0 [ 193.082788] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 193.087793] ? prepare_exit_to_usermode+0x291/0x3b0 [ 193.092824] ? perf_trace_sys_enter+0xb10/0xb10 [ 193.097489] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 193.102329] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 193.107518] RIP: 0033:0x455ab9 [ 193.110694] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 09:52:05 executing program 0: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x80000000000002, &(0x7f0000000000)=0x78, 0x4) bind$inet(r1, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1=0xe0000001}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000040)='dctcp\x00', 0x7fff) sendto$inet(r1, &(0x7f0000a88f88), 0xfffffffffffffe6e, 0x20000000, &(0x7f0000e68000)={0x2, 0x4004e23, @local={0xac, 0x14, 0x14, 0xaa}}, 0x10) shutdown(r1, 0x0) 09:52:05 executing program 2: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x0, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) 09:52:05 executing program 5: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x80000000000002, &(0x7f0000000000)=0x78, 0x4) bind$inet(r1, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1=0xe0000001}, 0x10) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f00000000c0)={0x1, &(0x7f0000f40ff8)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000040)='dctcp\x00', 0x7fff) sendto$inet(r1, &(0x7f0000a88f88), 0xfffffffffffffe6e, 0x0, &(0x7f0000e68000)={0x2, 0x4004e23, @local={0xac, 0x14, 0x14, 0xaa}}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000001800)='nv\x00', 0x3) shutdown(r1, 0x1) 09:52:06 executing program 7: syz_mount_image$vfat(&(0x7f0000000140)='vfat\x00', &(0x7f0000000100)='./file0\x00', 0x10001, 0x1, &(0x7f0000000040)=[{&(0x7f0000010000)="eb64c86d6b66732e66617400020441000500077008f8", 0x16}], 0x0, &(0x7f0000000240)=ANY=[]) r0 = open(&(0x7f00000001c0)='./file0/file0\x00', 0x3bffa, 0x0) io_setup(0x7, &(0x7f0000000000)=0x0) write$binfmt_elf32(r0, &(0x7f0000000180)=ANY=[@ANYRES64], 0xfffffe45) io_submit(0x0, 0x1, &(0x7f0000000400)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r0, &(0x7f00000002c0)="80", 0x1}]) [ 193.130074] RSP: 002b:00007fc93da34c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 193.137775] RAX: ffffffffffffffda RBX: 00007fc93da356d4 RCX: 0000000000455ab9 [ 193.145032] RDX: 0000000020000240 RSI: 0000000020000140 RDI: 0000000000004000 [ 193.152291] RBP: 000000000072bea0 R08: 00000000200002c0 R09: 0000000000000000 [ 193.159549] R10: 0000000020000280 R11: 0000000000000246 R12: 0000000000000014 [ 193.166806] R13: 00000000004bb85d R14: 00000000004c8d28 R15: 000000000000002c 09:52:06 executing program 6: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuacct.stat\x00', 0x0, 0x0) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r0, 0x84, 0x1d, &(0x7f0000000080)={0x7, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, &(0x7f00000000c0)=0x20) clone(0x0, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) getsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r0, 0x84, 0x72, &(0x7f0000000040)={r1, 0x6, 0x30}, &(0x7f0000000140)=0xc) 09:52:06 executing program 2: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x0, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) [ 193.263362] FAT-fs (loop7): Directory bread(block 128) failed [ 193.291571] FAT-fs (loop7): Directory bread(block 129) failed 09:52:06 executing program 3: socketpair(0xb, 0x2, 0x8001, &(0x7f0000000040)={0xffffffffffffffff}) ioctl$KVM_GET_PIT2(r0, 0x8070ae9f, &(0x7f0000000080)) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x0, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) 09:52:06 executing program 2: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x0, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) [ 193.309569] FAT-fs (loop7): Directory bread(block 130) failed [ 193.331688] FAT-fs (loop7): Directory bread(block 131) failed [ 193.350531] FAT-fs (loop7): Directory bread(block 132) failed 09:52:06 executing program 6: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$fuse(0xffffffffffffff9c, &(0x7f0000000040)='/dev/fuse\x00', 0x2, 0x0) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='net/sco\x00') getsockopt$inet_sctp6_SCTP_STATUS(0xffffffffffffffff, 0x84, 0xe, &(0x7f00000000c0)={0x0, 0x26ea, 0x1f, 0x7fff, 0x2, 0x200, 0x0, 0x2, {0x0, @in6={{0xa, 0x4e24, 0x9ad, @mcast2={0xff, 0x2, [], 0x1}, 0xe09b}}, 0x1, 0x5, 0x11, 0x8, 0x8c9a}}, &(0x7f0000000200)=0xb0) getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(0xffffffffffffffff, 0x84, 0xf, &(0x7f00000002c0)={0x0, @in={{0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0xa}}}, 0xfffffffffffffff9, 0x24, 0x2, 0x3, 0xffffffff}, &(0x7f0000000380)=0x98) getsockopt$inet_sctp_SCTP_STATUS(r0, 0x84, 0xe, &(0x7f00000003c0)={r1, 0x3, 0x4, 0xffffffffffffff8a, 0x9, 0x5, 0xd8, 0x9, {r2, @in={{0x2, 0x4e21, @remote={0xac, 0x14, 0x14, 0xbb}}}, 0x1, 0x3, 0x99a, 0x3f, 0x8}}, &(0x7f0000000480)=0xb0) ioctl$SNDRV_SEQ_IOCTL_GET_PORT_INFO(r0, 0xc0a85322, &(0x7f00000004c0)) clone(0x0, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) [ 193.375904] FAT-fs (loop7): Directory bread(block 133) failed [ 193.395625] FAT-fs (loop7): Directory bread(block 134) failed [ 193.411506] FAT-fs (loop7): Directory bread(block 135) failed 09:52:06 executing program 2: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x0, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) [ 193.420596] FAT-fs (loop7): Directory bread(block 136) failed [ 193.431205] FAT-fs (loop7): Directory bread(block 137) failed 09:52:06 executing program 1: r0 = memfd_create(&(0x7f0000000100)="885d292b00", 0x0) write(r0, &(0x7f0000000080)="a8", 0x1) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x11, r0, 0x0) sendfile(r0, r0, &(0x7f0000000040), 0xff8) renameat(0xffffffffffffffff, &(0x7f0000000000)='.\x00', r0, &(0x7f00000000c0)='\x00') ioctl$RTC_PIE_ON(r0, 0x7005) 09:52:06 executing program 5: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x80000000000002, &(0x7f0000000000)=0x78, 0x4) bind$inet(r1, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1=0xe0000001}, 0x10) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f00000000c0)={0x1, &(0x7f0000f40ff8)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000040)='dctcp\x00', 0x7fff) sendto$inet(r1, &(0x7f0000a88f88), 0xfffffffffffffe6e, 0x0, &(0x7f0000e68000)={0x2, 0x4004e23, @local={0xac, 0x14, 0x14, 0xaa}}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000001800)='nv\x00', 0x3) shutdown(r1, 0x1) 09:52:06 executing program 4 (fault-call:1 fault-nth:45): perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x4000, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) 09:52:06 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$TIOCGSID(0xffffffffffffff9c, 0x5429, &(0x7f00000000c0)=0x0) ptrace$getenv(0x4201, r0, 0x39, &(0x7f0000000100)) init_module(&(0x7f0000000040)='.\x00', 0x2, &(0x7f0000000080)='\x00') clone(0x0, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) 09:52:06 executing program 6: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getuid() clone(0x0, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) [ 193.580277] FAULT_INJECTION: forcing a failure. [ 193.580277] name failslab, interval 1, probability 0, space 0, times 0 [ 193.591568] CPU: 1 PID: 11382 Comm: syz-executor4 Not tainted 4.18.0-rc5-next-20180720+ #12 [ 193.600061] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 193.609415] Call Trace: [ 193.612041] dump_stack+0x1c9/0x2b4 [ 193.615685] ? dump_stack_print_info.cold.2+0x52/0x52 [ 193.620884] ? __kernel_text_address+0xd/0x40 [ 193.625385] ? unwind_get_return_address+0x61/0xa0 [ 193.630349] should_fail.cold.4+0xa/0x11 [ 193.634441] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 193.638616] attempt to access beyond end of device [ 193.639544] ? save_stack+0xa9/0xd0 [ 193.639559] ? kasan_kmalloc+0xc4/0xe0 [ 193.639575] ? kasan_slab_alloc+0x12/0x20 [ 193.644521] loop7: rw=2049, want=310, limit=128 [ 193.648104] ? kmem_cache_alloc+0x12e/0x760 [ 193.648119] ? anon_vma_clone+0x140/0x740 [ 193.648135] ? anon_vma_fork+0xf0/0x960 09:52:06 executing program 2: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x0, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) [ 193.652030] Buffer I/O error on dev loop7, logical block 309, lost async page write [ 193.656129] ? copy_process.part.41+0x6705/0x73d0 [ 193.656140] ? _do_fork+0x291/0x12a0 [ 193.656158] ? do_syscall_64+0x1b9/0x820 [ 193.682394] attempt to access beyond end of device [ 193.686281] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 193.686300] ? lock_acquire+0x1e4/0x540 [ 193.686310] ? percpu_ref_put_many+0x119/0x240 [ 193.686322] ? lock_downgrade+0x8f0/0x8f0 [ 193.686335] ? lock_release+0xa30/0xa30 [ 193.686350] ? lock_acquire+0x1e4/0x540 [ 193.686371] ? lock_release+0xa30/0xa30 [ 193.690086] loop7: rw=2049, want=311, limit=128 [ 193.694108] ? check_same_owner+0x340/0x340 [ 193.694121] ? percpu_ref_put_many+0x131/0x240 [ 193.694138] ? rcu_note_context_switch+0x730/0x730 [ 193.699070] Buffer I/O error on dev loop7, logical block 310, lost async page write [ 193.704389] __should_failslab+0x124/0x180 [ 193.704406] should_failslab+0x9/0x14 [ 193.763153] kmem_cache_alloc+0x47/0x760 [ 193.767227] ? anon_vma_interval_tree_insert+0x26b/0x300 [ 193.772689] anon_vma_clone+0x140/0x740 [ 193.776670] ? unlink_anon_vmas+0xa60/0xa60 [ 193.777513] attempt to access beyond end of device [ 193.780991] ? dup_userfaultfd+0x775/0x9a0 [ 193.781009] anon_vma_fork+0xf0/0x960 [ 193.781022] ? kasan_unpoison_shadow+0x35/0x50 [ 193.781038] ? anon_vma_clone+0x740/0x740 [ 193.781055] ? kasan_slab_alloc+0x12/0x20 [ 193.786031] loop7: rw=2049, want=312, limit=128 [ 193.790213] ? kmem_cache_alloc+0x2fc/0x760 [ 193.790233] copy_process.part.41+0x6705/0x73d0 [ 193.790263] ? __cleanup_sighand+0x70/0x70 09:52:06 executing program 0: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x80000000000002, &(0x7f0000000000)=0x78, 0x4) bind$inet(r1, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1=0xe0000001}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000040)='dctcp\x00', 0x7fff) sendto$inet(r1, &(0x7f0000a88f88), 0xfffffffffffffe6e, 0x20000000, &(0x7f0000e68000)={0x2, 0x4004e23, @local={0xac, 0x14, 0x14, 0xaa}}, 0x10) shutdown(r1, 0x0) 09:52:06 executing program 5: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x80000000000002, &(0x7f0000000000)=0x78, 0x4) bind$inet(r1, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1=0xe0000001}, 0x10) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f00000000c0)={0x1, &(0x7f0000f40ff8)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000040)='dctcp\x00', 0x7fff) sendto$inet(r1, &(0x7f0000a88f88), 0xfffffffffffffe6e, 0x0, &(0x7f0000e68000)={0x2, 0x4004e23, @local={0xac, 0x14, 0x14, 0xaa}}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000001800)='nv\x00', 0x3) shutdown(r1, 0x1) [ 193.794053] Buffer I/O error on dev loop7, logical block 311, lost async page write [ 193.798602] ? lock_release+0xa30/0xa30 [ 193.798619] ? xas_descend+0x20c/0x5f0 [ 193.840422] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 193.845440] ? check_pgprot+0xdf/0x180 [ 193.849328] ? put_page+0x280/0x280 [ 193.853041] ? kasan_check_write+0x14/0x20 [ 193.857280] ? alloc_set_pte+0xaf6/0x1790 [ 193.861442] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 193.866465] ? filemap_map_pages+0xca2/0x1990 [ 193.870967] ? trace_hardirqs_on+0x10/0x10 [ 193.875212] ? xa_set_tag+0x40/0x40 [ 193.878843] ? perf_trace_lock+0xde/0x920 [ 193.882994] ? trace_hardirqs_on+0x10/0x10 [ 193.887243] ? trace_hardirqs_on+0x10/0x10 [ 193.891485] ? trace_hardirqs_on+0x10/0x10 [ 193.895728] ? find_get_entries_tag+0x1410/0x1410 [ 193.900585] ? perf_trace_lock+0xde/0x920 [ 193.904728] ? zap_class+0x740/0x740 [ 193.908428] ? zap_class+0x740/0x740 [ 193.912127] ? zap_class+0x740/0x740 [ 193.915828] ? shrink_dcache_sb+0x350/0x350 [ 193.920136] ? perf_trace_lock+0xde/0x920 [ 193.924268] ? lock_acquire+0x1e4/0x540 [ 193.928225] ? __fdget_pos+0x1bb/0x200 [ 193.932095] ? zap_class+0x740/0x740 [ 193.935794] ? lock_release+0xa30/0xa30 [ 193.939757] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 193.945290] ? _parse_integer+0x13b/0x190 [ 193.949431] ? perf_trace_lock+0xde/0x920 [ 193.953562] ? _kstrtoull+0x188/0x250 [ 193.957347] ? _parse_integer+0x190/0x190 [ 193.961481] ? zap_class+0x740/0x740 [ 193.965203] ? __check_object_size+0xa3/0x5d7 [ 193.969701] ? lock_acquire+0x1e4/0x540 [ 193.973658] ? get_pid_task+0xd8/0x1a0 [ 193.977538] ? perf_trace_lock+0xde/0x920 [ 193.981667] ? lock_release+0xa30/0xa30 [ 193.985624] ? zap_class+0x740/0x740 [ 193.989325] ? vmf_insert_mixed_mkwrite+0xa0/0xa0 [ 193.994149] ? __f_unlock_pos+0x19/0x20 [ 193.998106] ? lock_downgrade+0x8f0/0x8f0 [ 194.002238] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 194.007759] ? proc_fail_nth_write+0x9e/0x210 [ 194.012237] ? lock_acquire+0x1e4/0x540 [ 194.016203] _do_fork+0x291/0x12a0 [ 194.019729] ? fork_idle+0x1a0/0x1a0 [ 194.023431] ? fsnotify_first_mark+0x350/0x350 [ 194.028004] ? fsnotify+0x14e0/0x14e0 [ 194.031801] ? __sb_end_write+0xac/0xe0 [ 194.035762] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 194.041282] ? fput+0x130/0x1a0 [ 194.044552] ? ksys_write+0x1ae/0x260 [ 194.048338] ? __ia32_sys_read+0xb0/0xb0 [ 194.052381] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 194.057901] __x64_sys_clone+0xbf/0x150 [ 194.061865] do_syscall_64+0x1b9/0x820 [ 194.065747] ? syscall_slow_exit_work+0x500/0x500 [ 194.070576] ? syscall_return_slowpath+0x5e0/0x5e0 [ 194.075490] ? syscall_return_slowpath+0x31d/0x5e0 [ 194.080412] ? prepare_exit_to_usermode+0x291/0x3b0 [ 194.085411] ? perf_trace_sys_enter+0xb10/0xb10 [ 194.090074] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 194.094906] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 194.100077] RIP: 0033:0x455ab9 [ 194.103251] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 194.122445] RSP: 002b:00007fc93da34c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 09:52:06 executing program 6: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rtc0\x00', 0x0, 0x0) setsockopt$bt_rfcomm_RFCOMM_LM(r0, 0x12, 0x3, &(0x7f0000000140)=0x20, 0xaafe650bf7904d61) clone(0x0, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) socket$bt_rfcomm(0x1f, 0x1, 0x3) [ 194.130144] RAX: ffffffffffffffda RBX: 00007fc93da356d4 RCX: 0000000000455ab9 [ 194.137400] RDX: 0000000020000240 RSI: 0000000020000140 RDI: 0000000000004000 [ 194.144650] RBP: 000000000072bea0 R08: 00000000200002c0 R09: 0000000000000000 [ 194.151900] R10: 0000000020000280 R11: 0000000000000246 R12: 0000000000000014 [ 194.159149] R13: 00000000004bb85d R14: 00000000004c8d28 R15: 000000000000002d [ 194.204000] attempt to access beyond end of device [ 194.209115] loop7: rw=2049, want=313, limit=128 [ 194.213822] Buffer I/O error on dev loop7, logical block 312, lost async page write [ 194.276308] attempt to access beyond end of device [ 194.281332] loop7: rw=2049, want=326, limit=128 [ 194.286047] Buffer I/O error on dev loop7, logical block 325, lost async page write [ 194.329615] attempt to access beyond end of device [ 194.334637] loop7: rw=2049, want=327, limit=128 [ 194.339347] Buffer I/O error on dev loop7, logical block 326, lost async page write [ 194.355380] attempt to access beyond end of device [ 194.368855] loop7: rw=2049, want=328, limit=128 09:52:07 executing program 7: syz_mount_image$vfat(&(0x7f0000000140)='vfat\x00', &(0x7f0000000100)='./file0\x00', 0x10001, 0x1, &(0x7f0000000040)=[{&(0x7f0000010000)="eb64c86d6b66732e66617400020441000500077008f8", 0x16}], 0x0, &(0x7f0000000240)=ANY=[]) r0 = open(&(0x7f00000001c0)='./file0/file0\x00', 0x3bffa, 0x0) io_setup(0x7, &(0x7f0000000000)=0x0) write$binfmt_elf32(r0, &(0x7f0000000180)=ANY=[@ANYRES64], 0xfffffe45) io_submit(r1, 0x0, &(0x7f0000000400)) 09:52:07 executing program 1: r0 = memfd_create(&(0x7f0000000100)="885d292b00", 0xffffffffffffffff) write(r0, &(0x7f0000000080)="a8", 0x1) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x11, r0, 0x0) sendfile(r0, r0, &(0x7f0000000040), 0xff8) renameat(0xffffffffffffffff, &(0x7f0000000000)='.\x00', 0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00') 09:52:07 executing program 2: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x0, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) 09:52:07 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x0, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) socket$nl_netfilter(0x10, 0x3, 0xc) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) setsockopt$netlink_NETLINK_LISTEN_ALL_NSID(r0, 0x10e, 0x8, &(0x7f00000000c0)=0x3, 0xe3f3624cf25cd2e) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rfkill\x00', 0x0, 0x0) ioctl$EVIOCSABS3F(r1, 0x401845ff, &(0x7f0000000080)={0x100000000000cd8, 0x7fffffff, 0x7fff, 0x6, 0x3, 0x1e49}) 09:52:07 executing program 4 (fault-call:1 fault-nth:46): perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x4000, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) 09:52:07 executing program 6: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x0, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000040), &(0x7f00000002c0)) 09:52:07 executing program 5: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x80000000000002, &(0x7f0000000000)=0x78, 0x4) bind$inet(r1, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1=0xe0000001}, 0x10) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f00000000c0)={0x1, &(0x7f0000f40ff8)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000040)='dctcp\x00', 0x7fff) sendto$inet(r1, &(0x7f0000a88f88), 0xfffffffffffffe6e, 0x20000000, &(0x7f0000e68000)={0x2, 0x0, @local={0xac, 0x14, 0x14, 0xaa}}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000001800)='nv\x00', 0x3) shutdown(r1, 0x1) [ 194.373542] Buffer I/O error on dev loop7, logical block 327, lost async page write [ 194.381512] attempt to access beyond end of device [ 194.386479] loop7: rw=2049, want=329, limit=128 [ 194.391194] Buffer I/O error on dev loop7, logical block 328, lost async page write [ 194.402084] attempt to access beyond end of device [ 194.407069] loop7: rw=2049, want=2153, limit=128 [ 194.457484] FAULT_INJECTION: forcing a failure. [ 194.457484] name failslab, interval 1, probability 0, space 0, times 0 [ 194.468769] CPU: 1 PID: 11428 Comm: syz-executor4 Not tainted 4.18.0-rc5-next-20180720+ #12 [ 194.477263] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 194.486617] Call Trace: [ 194.489216] dump_stack+0x1c9/0x2b4 [ 194.492855] ? dump_stack_print_info.cold.2+0x52/0x52 [ 194.498055] ? __kernel_text_address+0xd/0x40 [ 194.502556] ? unwind_get_return_address+0x61/0xa0 [ 194.507495] should_fail.cold.4+0xa/0x11 [ 194.511561] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 194.516669] ? save_stack+0xa9/0xd0 [ 194.520300] ? kasan_kmalloc+0xc4/0xe0 [ 194.524187] ? kasan_slab_alloc+0x12/0x20 [ 194.528338] ? kmem_cache_alloc+0x12e/0x760 [ 194.532661] ? anon_vma_clone+0x140/0x740 [ 194.536894] ? anon_vma_fork+0xf0/0x960 [ 194.540872] ? copy_process.part.41+0x6705/0x73d0 [ 194.545716] ? _do_fork+0x291/0x12a0 [ 194.549434] ? do_syscall_64+0x1b9/0x820 [ 194.553505] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 194.558875] ? lock_acquire+0x1e4/0x540 [ 194.562855] ? percpu_ref_put_many+0x119/0x240 [ 194.567445] ? lock_downgrade+0x8f0/0x8f0 [ 194.571601] ? lock_release+0xa30/0xa30 [ 194.575577] ? memcg_kmem_get_cache+0x3a9/0x9d0 [ 194.580252] ? mem_cgroup_handle_over_high+0x130/0x130 [ 194.585532] ? lock_acquire+0x1e4/0x540 [ 194.589512] ? percpu_ref_put_many+0x131/0x240 [ 194.594096] ? mem_cgroup_id_get_online+0x310/0x310 [ 194.599115] ? kasan_unpoison_shadow+0x35/0x50 [ 194.603691] __should_failslab+0x124/0x180 [ 194.607909] should_failslab+0x9/0x14 [ 194.611693] kmem_cache_alloc+0x47/0x760 [ 194.615737] ? anon_vma_interval_tree_insert+0x26b/0x300 [ 194.621194] anon_vma_clone+0x140/0x740 [ 194.625160] ? unlink_anon_vmas+0xa60/0xa60 [ 194.629469] ? dup_userfaultfd+0x775/0x9a0 [ 194.633686] anon_vma_fork+0xf0/0x960 [ 194.637467] ? kasan_unpoison_shadow+0x35/0x50 [ 194.642034] ? anon_vma_clone+0x740/0x740 [ 194.646193] ? kasan_slab_alloc+0x12/0x20 [ 194.650325] ? kmem_cache_alloc+0x2fc/0x760 [ 194.654633] copy_process.part.41+0x6705/0x73d0 [ 194.659298] ? __cleanup_sighand+0x70/0x70 [ 194.663517] ? lock_release+0xa30/0xa30 [ 194.667475] ? xas_descend+0x20c/0x5f0 [ 194.671346] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 194.676343] ? check_pgprot+0xdf/0x180 [ 194.680220] ? put_page+0x280/0x280 [ 194.683829] ? kasan_check_write+0x14/0x20 [ 194.688049] ? alloc_set_pte+0xaf6/0x1790 [ 194.692183] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 194.697180] ? filemap_map_pages+0xca2/0x1990 [ 194.701659] ? trace_hardirqs_on+0x10/0x10 [ 194.705874] ? xa_set_tag+0x40/0x40 [ 194.709486] ? perf_trace_lock+0xde/0x920 [ 194.713619] ? trace_hardirqs_on+0x10/0x10 [ 194.717838] ? trace_hardirqs_on+0x10/0x10 [ 194.722058] ? trace_hardirqs_on+0x10/0x10 [ 194.726278] ? find_get_entries_tag+0x1410/0x1410 [ 194.731107] ? perf_trace_lock+0xde/0x920 [ 194.735340] ? zap_class+0x740/0x740 [ 194.739037] ? zap_class+0x740/0x740 [ 194.742732] ? zap_class+0x740/0x740 [ 194.746431] ? shrink_dcache_sb+0x350/0x350 [ 194.750747] ? perf_trace_lock+0xde/0x920 [ 194.754876] ? lock_acquire+0x1e4/0x540 [ 194.758830] ? __fdget_pos+0x1bb/0x200 [ 194.762698] ? zap_class+0x740/0x740 [ 194.766396] ? lock_release+0xa30/0xa30 [ 194.770358] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 194.775880] ? _parse_integer+0x13b/0x190 [ 194.780015] ? perf_trace_lock+0xde/0x920 [ 194.784149] ? _kstrtoull+0x188/0x250 [ 194.787933] ? _parse_integer+0x190/0x190 [ 194.792072] ? zap_class+0x740/0x740 [ 194.795770] ? __check_object_size+0xa3/0x5d7 [ 194.800253] ? lock_acquire+0x1e4/0x540 [ 194.804210] ? get_pid_task+0xd8/0x1a0 [ 194.808089] ? perf_trace_lock+0xde/0x920 [ 194.812220] ? lock_release+0xa30/0xa30 [ 194.816175] ? zap_class+0x740/0x740 [ 194.819873] ? vmf_insert_mixed_mkwrite+0xa0/0xa0 [ 194.824695] ? __f_unlock_pos+0x19/0x20 [ 194.828651] ? lock_downgrade+0x8f0/0x8f0 [ 194.832794] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 194.838316] ? proc_fail_nth_write+0x9e/0x210 [ 194.842801] ? lock_acquire+0x1e4/0x540 [ 194.846764] _do_fork+0x291/0x12a0 [ 194.850288] ? fork_idle+0x1a0/0x1a0 [ 194.853985] ? fsnotify_first_mark+0x350/0x350 [ 194.858554] ? fsnotify+0x14e0/0x14e0 [ 194.862342] ? __sb_end_write+0xac/0xe0 [ 194.866305] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 194.871826] ? fput+0x130/0x1a0 [ 194.875086] ? ksys_write+0x1ae/0x260 [ 194.878868] ? __ia32_sys_read+0xb0/0xb0 [ 194.882912] ? syscall_slow_exit_work+0x500/0x500 [ 194.887738] __x64_sys_clone+0xbf/0x150 [ 194.891696] do_syscall_64+0x1b9/0x820 [ 194.895563] ? finish_task_switch+0x1d3/0x870 [ 194.900040] ? syscall_return_slowpath+0x5e0/0x5e0 [ 194.904952] ? syscall_return_slowpath+0x31d/0x5e0 [ 194.909861] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 194.914862] ? prepare_exit_to_usermode+0x291/0x3b0 [ 194.919859] ? perf_trace_sys_enter+0xb10/0xb10 [ 194.924513] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 194.929344] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 194.934528] RIP: 0033:0x455ab9 [ 194.937695] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 09:52:07 executing program 6: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x0, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) 09:52:07 executing program 3: r0 = perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x0, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040)='/dev/uinput\x00', 0x200000, 0x0) r2 = dup(r0) ioctl$VHOST_SET_VRING_CALL(r1, 0x4008af21, &(0x7f0000000080)={0x1, r2}) 09:52:07 executing program 1: r0 = memfd_create(&(0x7f0000000100)="885d292b00", 0x0) write(r0, &(0x7f0000000080)="a8", 0x100000193) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x11, r0, 0x0) sendfile(r0, r0, &(0x7f0000000040), 0xff8) renameat(0xffffffffffffffff, &(0x7f0000000000)='.\x00', 0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00') pwritev(r0, &(0x7f0000000140), 0x0, 0x0) 09:52:07 executing program 2: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x0, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) [ 194.956891] RSP: 002b:00007fc93da34c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 194.964582] RAX: ffffffffffffffda RBX: 00007fc93da356d4 RCX: 0000000000455ab9 [ 194.971834] RDX: 0000000020000240 RSI: 0000000020000140 RDI: 0000000000004000 [ 194.979084] RBP: 000000000072bea0 R08: 00000000200002c0 R09: 0000000000000000 [ 194.986334] R10: 0000000020000280 R11: 0000000000000246 R12: 0000000000000014 [ 194.993589] R13: 00000000004bb85d R14: 00000000004c8d28 R15: 000000000000002e 09:52:08 executing program 5: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x80000000000002, &(0x7f0000000000)=0x78, 0x4) bind$inet(r1, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1=0xe0000001}, 0x10) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f00000000c0)={0x1, &(0x7f0000f40ff8)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000040)='dctcp\x00', 0x7fff) sendto$inet(r1, &(0x7f0000a88f88), 0xfffffffffffffe6e, 0x20000000, &(0x7f0000e68000)={0x2, 0x4004e23, @local={0xac, 0x14, 0x14, 0xaa}}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, &(0x7f0000001800)='nv\x00', 0x3) shutdown(r1, 0x1) 09:52:08 executing program 4 (fault-call:1 fault-nth:47): perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x4000, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) 09:52:08 executing program 6: ioctl$TIOCGSID(0xffffffffffffff9c, 0x5429, &(0x7f0000000480)=0x0) r1 = perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x4, 0x0, 0x4, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x800000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000}, r0, 0xffffffffffffffff, 0xffffffffffffff9c, 0x2) r2 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000040)='/dev/cuse\x00', 0x20001, 0x0) getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, &(0x7f0000000080)={0x0, 0x5}, &(0x7f00000000c0)=0x8) perf_event_open(&(0x7f00000005c0)={0x2, 0x70, 0x8, 0x5, 0x7, 0x2, 0x0, 0x8, 0x8000, 0x0, 0x9, 0x1126174, 0x9, 0x7, 0x80000000, 0x0, 0x1, 0xffffffffffffffff, 0x6, 0x0, 0x13f, 0x7, 0x401, 0x5, 0x5dc, 0x2, 0x1, 0x5, 0x2, 0x0, 0x20, 0xffffffffffffff01, 0xfffffffffffffe00, 0x6, 0x5, 0xf5e, 0x6, 0x5, 0x0, 0x400, 0x2, @perf_bp={&(0x7f0000000140), 0x4}, 0x1000, 0xffffffff, 0x9, 0x5, 0x4, 0x568, 0x3ff}, r0, 0x4, r1, 0x1) getpeername$netlink(r2, &(0x7f00000004c0), &(0x7f0000000500)=0xc) timer_create(0x7, &(0x7f0000000400)={0x0, 0x20, 0x4, @thr={&(0x7f0000000300)="23e02e9e6dc116358ed23ff63710733863eb2983eeef2c0fe4f073", &(0x7f0000000340)="56c4dc03c7c2e3d2cd401f2fd2d76dfddb67b874e78d9256fe5ae1ed7e284c0342d0c17c008cad02ec88fba66d490f09a7e3dc373829a43bcff296680827026606d3288a07bfee98414477e3b18d9e5d3414240d5314e9e95bd0db6e77f7cba10a420f91bdc48488724794ed67ae6a92ba36774d60e7df39cb8cf8acc55cc1b89a19680b9163e69207567ccb9cde335b7a182685461443bcb4c50c62d3d6721959b60895b406a25fa1cefddb"}}, &(0x7f0000000440)=0x0) timer_getoverrun(r4) ioctl$TUNSETSTEERINGEBPF(r2, 0x800454e0, &(0x7f0000000540)=r2) getsockopt$inet_sctp_SCTP_PR_SUPPORTED(r2, 0x84, 0x71, &(0x7f0000000100)={r3, 0x2}, &(0x7f0000000580)=0x8) clone(0x0, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) socketpair$inet_udplite(0x2, 0x2, 0x88, &(0x7f0000000200)) ioctl$SCSI_IOCTL_STOP_UNIT(r2, 0x6) bind$llc(r2, &(0x7f00000002c0)={0x1a, 0xffff, 0x1133, 0x4, 0x8, 0x6, @broadcast=[0xff, 0xff, 0xff, 0xff, 0xff, 0xff]}, 0x10) 09:52:08 executing program 2: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x0, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) [ 195.204123] FAULT_INJECTION: forcing a failure. [ 195.204123] name failslab, interval 1, probability 0, space 0, times 0 [ 195.215504] CPU: 0 PID: 11463 Comm: syz-executor4 Not tainted 4.18.0-rc5-next-20180720+ #12 [ 195.224003] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 195.233367] Call Trace: [ 195.235972] dump_stack+0x1c9/0x2b4 [ 195.239624] ? dump_stack_print_info.cold.2+0x52/0x52 [ 195.244848] ? perf_trace_lock+0x49d/0x920 [ 195.249109] should_fail.cold.4+0xa/0x11 [ 195.253195] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 195.258322] ? lock_downgrade+0x8f0/0x8f0 [ 195.262511] ? anon_vma_clone+0x4e0/0x740 [ 195.266680] ? lock_downgrade+0x8f0/0x8f0 [ 195.270855] ? percpu_ref_put_many+0x131/0x240 [ 195.275465] ? lock_acquire+0x1e4/0x540 [ 195.279458] ? fs_reclaim_acquire+0x20/0x20 [ 195.283794] ? lock_downgrade+0x8f0/0x8f0 [ 195.287967] ? check_same_owner+0x340/0x340 [ 195.292309] ? rcu_note_context_switch+0x730/0x730 [ 195.297258] __should_failslab+0x124/0x180 [ 195.301510] should_failslab+0x9/0x14 [ 195.305330] kmem_cache_alloc+0x2af/0x760 [ 195.309499] ? dup_userfaultfd+0x775/0x9a0 [ 195.313754] anon_vma_fork+0x192/0x960 [ 195.317653] ? kasan_unpoison_shadow+0x35/0x50 [ 195.322257] ? anon_vma_clone+0x740/0x740 [ 195.326424] ? kasan_slab_alloc+0x12/0x20 [ 195.330584] ? kmem_cache_alloc+0x2fc/0x760 [ 195.334921] copy_process.part.41+0x6705/0x73d0 [ 195.339649] ? __cleanup_sighand+0x70/0x70 [ 195.343902] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 195.349456] ? perf_tp_event+0x91b/0xc40 09:52:08 executing program 2: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x0, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) [ 195.353531] ? xas_descend+0x20c/0x5f0 [ 195.357442] ? perf_swevent_event+0x2e0/0x2e0 [ 195.361968] ? perf_swevent_event+0x158/0x2e0 [ 195.366480] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 195.372030] ? perf_tp_event+0x91b/0xc40 [ 195.376103] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 195.381132] ? filemap_map_pages+0xca2/0x1990 [ 195.385656] ? perf_swevent_event+0x2e0/0x2e0 [ 195.390172] ? perf_trace_run_bpf_submit+0x269/0x3b0 [ 195.395278] ? perf_trace_run_bpf_submit+0x269/0x3b0 [ 195.400375] ? perf_tp_event+0xc40/0xc40 [ 195.404428] ? perf_trace_run_bpf_submit+0x269/0x3b0 [ 195.409520] ? perf_trace_run_bpf_submit+0x269/0x3b0 [ 195.414608] ? perf_trace_run_bpf_submit+0x270/0x3b0 [ 195.419710] ? perf_tp_event+0xc40/0xc40 [ 195.423761] ? zap_class+0x740/0x740 [ 195.427465] ? perf_trace_run_bpf_submit+0x269/0x3b0 [ 195.432553] ? perf_trace_run_bpf_submit+0x269/0x3b0 [ 195.437643] ? perf_trace_run_bpf_submit+0x270/0x3b0 [ 195.442735] ? perf_tp_event+0xc40/0xc40 [ 195.446786] ? zap_class+0x740/0x740 [ 195.450491] ? memset+0x31/0x40 [ 195.453782] ? perf_trace_lock+0x49d/0x920 [ 195.458021] ? perf_trace_run_bpf_submit+0x269/0x3b0 [ 195.463120] ? zap_class+0x740/0x740 [ 195.466827] ? __check_object_size+0xa3/0x5d7 [ 195.471322] ? memset+0x31/0x40 [ 195.474603] ? zap_class+0x740/0x740 [ 195.478317] ? __f_unlock_pos+0x19/0x20 [ 195.482276] ? lock_downgrade+0x8f0/0x8f0 [ 195.486422] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 195.491944] ? proc_fail_nth_write+0x9e/0x210 [ 195.496428] ? lock_acquire+0x1e4/0x540 [ 195.500412] _do_fork+0x291/0x12a0 [ 195.503945] ? fork_idle+0x1a0/0x1a0 [ 195.507646] ? fsnotify_first_mark+0x350/0x350 [ 195.512222] ? fsnotify+0x14e0/0x14e0 [ 195.516036] ? __sb_end_write+0xac/0xe0 [ 195.520000] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 195.525528] ? fput+0x130/0x1a0 [ 195.528794] ? ksys_write+0x1ae/0x260 [ 195.532581] ? __ia32_sys_read+0xb0/0xb0 [ 195.536629] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 195.542157] __x64_sys_clone+0xbf/0x150 [ 195.546125] do_syscall_64+0x1b9/0x820 [ 195.549996] ? finish_task_switch+0x1d3/0x870 [ 195.554485] ? syscall_return_slowpath+0x5e0/0x5e0 [ 195.559400] ? syscall_return_slowpath+0x31d/0x5e0 [ 195.564330] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 195.569337] ? prepare_exit_to_usermode+0x291/0x3b0 [ 195.574353] ? perf_trace_sys_enter+0xb10/0xb10 [ 195.579030] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 195.583870] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 195.589069] RIP: 0033:0x455ab9 [ 195.592244] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 195.611578] RSP: 002b:00007fc93da34c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 195.619280] RAX: ffffffffffffffda RBX: 00007fc93da356d4 RCX: 0000000000455ab9 [ 195.626535] RDX: 0000000020000240 RSI: 0000000020000140 RDI: 0000000000004000 [ 195.633786] RBP: 000000000072bea0 R08: 00000000200002c0 R09: 0000000000000000 [ 195.641048] R10: 0000000020000280 R11: 0000000000000246 R12: 0000000000000014 [ 195.648301] R13: 00000000004bb85d R14: 00000000004c8d28 R15: 000000000000002f [ 195.760276] FAT-fs (loop7): Directory bread(block 128) failed [ 195.767619] FAT-fs (loop7): Directory bread(block 129) failed [ 195.778907] FAT-fs (loop7): Directory bread(block 130) failed [ 195.784912] FAT-fs (loop7): Directory bread(block 131) failed [ 195.790864] FAT-fs (loop7): Directory bread(block 132) failed [ 195.796809] FAT-fs (loop7): Directory bread(block 133) failed [ 195.802845] FAT-fs (loop7): Directory bread(block 134) failed [ 195.808768] FAT-fs (loop7): Directory bread(block 135) failed [ 195.814766] FAT-fs (loop7): Directory bread(block 136) failed [ 195.820681] FAT-fs (loop7): Directory bread(block 137) failed [ 195.852626] attempt to access beyond end of device [ 195.857623] loop7: rw=2049, want=310, limit=128 [ 195.862312] Buffer I/O error on dev loop7, logical block 309, lost async page write [ 195.870146] attempt to access beyond end of device [ 195.875087] loop7: rw=2049, want=311, limit=128 [ 195.879769] Buffer I/O error on dev loop7, logical block 310, lost async page write [ 195.887613] attempt to access beyond end of device [ 195.892547] loop7: rw=2049, want=312, limit=128 [ 195.897241] attempt to access beyond end of device [ 195.902195] loop7: rw=2049, want=313, limit=128 [ 195.906916] attempt to access beyond end of device [ 195.911861] loop7: rw=2049, want=326, limit=128 [ 195.916566] attempt to access beyond end of device [ 195.921506] loop7: rw=2049, want=327, limit=128 [ 195.926232] attempt to access beyond end of device [ 195.931181] loop7: rw=2049, want=328, limit=128 [ 195.936156] attempt to access beyond end of device [ 195.941090] loop7: rw=2049, want=329, limit=128 [ 195.946734] attempt to access beyond end of device 09:52:08 executing program 0: syz_mount_image$vfat(&(0x7f0000000140)='vfat\x00', &(0x7f0000000100)='./file0\x00', 0x10001, 0x1, &(0x7f0000000040)=[{&(0x7f0000010000)="eb64c86d6b66732e66617400020441000500077008f8", 0x16}], 0x0, &(0x7f0000000240)=ANY=[]) r0 = open(&(0x7f00000001c0)='./file0/file0\x00', 0x3bffa, 0x0) io_setup(0x7, &(0x7f0000000000)=0x0) write$binfmt_elf32(r0, &(0x7f0000000180)=ANY=[], 0x0) io_submit(r1, 0x1, &(0x7f0000000400)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r0, &(0x7f00000002c0)="80", 0x1}]) 09:52:08 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0xffffffffffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x0, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) r0 = syz_open_dev$mouse(&(0x7f0000000040)='/dev/input/mouse#\x00', 0x3000000000000, 0x40) ioctl$SNDRV_TIMER_IOCTL_STATUS(r0, 0x80605414, &(0x7f0000000080)=""/190) semget(0x3, 0x2, 0x80) 09:52:08 executing program 1: r0 = memfd_create(&(0x7f0000000100)="885d292b00", 0x0) write(r0, &(0x7f0000000080)="a8", 0xffffff42) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x11, r0, 0x0) setsockopt$inet_sctp6_SCTP_FRAGMENT_INTERLEAVE(r0, 0x84, 0x12, &(0x7f0000000180)=0xc99, 0x1) ioctl$BLKBSZSET(r0, 0x40081271, &(0x7f0000000140)=0xec) sendfile(r0, r0, &(0x7f0000000040), 0xff8) renameat(0xffffffffffffffff, &(0x7f0000000000)='.\x00', 0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00') 09:52:08 executing program 7: syz_mount_image$vfat(&(0x7f0000000140)='vfat\x00', &(0x7f0000000100)='./file0\x00', 0x10001, 0x1, &(0x7f0000000040)=[{&(0x7f0000010000)="eb64c86d6b66732e66617400020441000500077008f8", 0x16}], 0x0, &(0x7f0000000240)=ANY=[]) r0 = open(&(0x7f00000001c0)='./file0/file0\x00', 0x3bffa, 0x0) io_setup(0x7, &(0x7f0000000000)=0x0) write$binfmt_elf32(r0, &(0x7f0000000180)=ANY=[@ANYRES64], 0xfffffe45) io_submit(r1, 0x0, &(0x7f0000000400)) 09:52:08 executing program 6: r0 = syz_open_pts(0xffffffffffffffff, 0x2000) ioctl$TIOCNXCL(r0, 0x540d) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x0, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) 09:52:08 executing program 5: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x80000000000002, &(0x7f0000000000)=0x78, 0x4) bind$inet(r1, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1=0xe0000001}, 0x10) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f00000000c0)={0x1, &(0x7f0000f40ff8)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000040)='dctcp\x00', 0x7fff) sendto$inet(r1, &(0x7f0000a88f88), 0xfffffffffffffe6e, 0x20000000, &(0x7f0000e68000)={0x2, 0x4004e23, @local={0xac, 0x14, 0x14, 0xaa}}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, &(0x7f0000001800)='nv\x00', 0x3) shutdown(r1, 0x1) 09:52:08 executing program 2: ioctl$TIOCGSID(0xffffffffffffff9c, 0x5429, &(0x7f0000000480)=0x0) r1 = perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x4, 0x0, 0x4, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x800000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000}, r0, 0xffffffffffffffff, 0xffffffffffffff9c, 0x2) r2 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000040)='/dev/cuse\x00', 0x20001, 0x0) getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, &(0x7f0000000080)={0x0, 0x5}, &(0x7f00000000c0)=0x8) perf_event_open(&(0x7f00000005c0)={0x2, 0x70, 0x8, 0x5, 0x7, 0x2, 0x0, 0x8, 0x8000, 0x0, 0x9, 0x1126174, 0x9, 0x7, 0x80000000, 0x0, 0x1, 0xffffffffffffffff, 0x6, 0x0, 0x13f, 0x7, 0x401, 0x5, 0x5dc, 0x2, 0x1, 0x5, 0x2, 0x0, 0x20, 0xffffffffffffff01, 0xfffffffffffffe00, 0x6, 0x5, 0xf5e, 0x6, 0x5, 0x0, 0x400, 0x2, @perf_bp={&(0x7f0000000140), 0x4}, 0x1000, 0xffffffff, 0x9, 0x5, 0x4, 0x568, 0x3ff}, r0, 0x4, r1, 0x1) getpeername$netlink(r2, &(0x7f00000004c0), &(0x7f0000000500)=0xc) timer_create(0x7, &(0x7f0000000400)={0x0, 0x20, 0x4, @thr={&(0x7f0000000300)="23e02e9e6dc116358ed23ff63710733863eb2983eeef2c0fe4f073", &(0x7f0000000340)="56c4dc03c7c2e3d2cd401f2fd2d76dfddb67b874e78d9256fe5ae1ed7e284c0342d0c17c008cad02ec88fba66d490f09a7e3dc373829a43bcff296680827026606d3288a07bfee98414477e3b18d9e5d3414240d5314e9e95bd0db6e77f7cba10a420f91bdc48488724794ed67ae6a92ba36774d60e7df39cb8cf8acc55cc1b89a19680b9163e69207567ccb9cde335b7a182685461443bcb4c50c62d3d6721959b60895b406a25fa1cefddb"}}, &(0x7f0000000440)=0x0) timer_getoverrun(r4) ioctl$TUNSETSTEERINGEBPF(r2, 0x800454e0, &(0x7f0000000540)=r2) getsockopt$inet_sctp_SCTP_PR_SUPPORTED(r2, 0x84, 0x71, &(0x7f0000000100)={r3, 0x2}, &(0x7f0000000580)=0x8) clone(0x0, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) socketpair$inet_udplite(0x2, 0x2, 0x88, &(0x7f0000000200)) ioctl$SCSI_IOCTL_STOP_UNIT(r2, 0x6) bind$llc(r2, &(0x7f00000002c0)={0x1a, 0xffff, 0x1133, 0x4, 0x8, 0x6, @broadcast=[0xff, 0xff, 0xff, 0xff, 0xff, 0xff]}, 0x10) 09:52:08 executing program 4 (fault-call:1 fault-nth:48): perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x4000, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) [ 195.951756] loop7: rw=2049, want=2153, limit=128 [ 196.018364] FAT-fs (loop0): Directory bread(block 128) failed [ 196.046745] FAT-fs (loop0): Directory bread(block 129) failed 09:52:09 executing program 6: r0 = accept4(0xffffffffffffff9c, &(0x7f0000000040)=@rc, &(0x7f00000000c0)=0x80, 0x80800) getsockopt$inet_sctp_SCTP_AUTH_ACTIVE_KEY(r0, 0x84, 0x18, &(0x7f0000000140)={0x0, 0x1}, &(0x7f0000000200)=0x8) setsockopt$inet_sctp6_SCTP_AUTH_DEACTIVATE_KEY(r0, 0x84, 0x23, &(0x7f0000000240)={r1, 0x401}, 0x8) setsockopt$inet_sctp6_SCTP_EVENTS(r0, 0x84, 0xb, &(0x7f0000000100)={0x3, 0xfff, 0x100, 0x5, 0x2b, 0x81, 0x0, 0x2, 0x8000, 0xff, 0xc}, 0xb) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$inet6_buf(r0, 0x29, 0x44, &(0x7f0000000280)=""/157, &(0x7f0000000340)=0x9d) [ 196.071221] FAT-fs (loop0): Directory bread(block 130) failed [ 196.089757] FAT-fs (loop0): Directory bread(block 131) failed [ 196.106566] FAT-fs (loop7): Directory bread(block 128) failed [ 196.109034] FAT-fs (loop0): Directory bread(block 132) failed 09:52:09 executing program 2: r0 = memfd_create(&(0x7f0000000100)="885d292b00", 0x0) write(r0, &(0x7f0000000080)="a8", 0x1) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x11, r0, 0x0) sendfile(r0, r0, &(0x7f0000000040), 0xff8) renameat(0xffffffffffffffff, &(0x7f0000000000)='.\x00', 0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00') getsockopt$inet_sctp_SCTP_LOCAL_AUTH_CHUNKS(r0, 0x84, 0x1b, &(0x7f0000000140)=ANY=[@ANYRES32=0x0, @ANYBLOB="8a001f0000007a7f5b51db0adc9ab6dd4aa92d9580e51a24c5995243b13f1798950a9e0715371a509c4f253dc1ef25564e32af08c9f98fb29699f78495b16d8e9395ff577ef04c1c86eff05cc2a95ded4da93385dce52c063ad1891ed09cda1c8b1d5695a32494d245d7141ca3329170697c962b16d5519ed3f25a012b21987a78a705761c78ae0d88131e1d163e"], &(0x7f0000000200)=0x92) splice(0xffffffffffffff9c, &(0x7f00000002c0), r0, &(0x7f0000000300), 0x8, 0x9) getsockopt$inet_sctp_SCTP_DELAYED_SACK(r0, 0x84, 0x10, &(0x7f0000000240)=@sack_info={r1, 0xfff, 0x6}, &(0x7f0000000280)=0xc) mknod(&(0x7f0000000340)='./file0\x00', 0x10, 0x49ff8d32) [ 196.136736] FAT-fs (loop0): Directory bread(block 133) failed [ 196.144767] FAT-fs (loop0): Directory bread(block 134) failed [ 196.149789] FAT-fs (loop7): Directory bread(block 129) failed 09:52:09 executing program 6: mkdir(&(0x7f00000003c0)='./control\x00', 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000480)={0xaa}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000200)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = creat(&(0x7f0000000040)='./control/file0\x00', 0x0) write$sndseq(r1, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) mkdir(&(0x7f0000000100)='./file0\x00', 0x0) r2 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000140)='/dev/dsp\x00', 0x0, 0x0) pwrite64(0xffffffffffffffff, &(0x7f0000000080), 0x0, 0x0) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='9p\x00', 0x0, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c}) close(r0) 09:52:09 executing program 3: r0 = gettid() ptrace$getsig(0x4202, r0, 0x9, &(0x7f00000000c0)) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x3}, r0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$audio(0xffffffffffffff9c, &(0x7f0000000100)='/dev/audio\x00', 0x10000, 0x0) ioctl$ASHMEM_SET_PROT_MASK(r1, 0x40087705, &(0x7f0000000140)={0x2, 0x3}) clone(0x0, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) timer_create(0x7, &(0x7f0000000040)={0x0, 0x11, 0x0, @tid=r0}, &(0x7f0000000080)) [ 196.176956] FAT-fs (loop0): Directory bread(block 135) failed [ 196.182066] FAT-fs (loop7): Directory bread(block 130) failed [ 196.191386] FAT-fs (loop0): Directory bread(block 136) failed [ 196.211715] FAT-fs (loop7): Directory bread(block 131) failed [ 196.216195] FAT-fs (loop0): Directory bread(block 137) failed [ 196.223678] FAT-fs (loop7): Directory bread(block 132) failed [ 196.224440] FAULT_INJECTION: forcing a failure. [ 196.224440] name failslab, interval 1, probability 0, space 0, times 0 [ 196.234578] FAT-fs (loop7): Directory bread(block 133) failed [ 196.240829] CPU: 1 PID: 11503 Comm: syz-executor4 Not tainted 4.18.0-rc5-next-20180720+ #12 [ 196.255179] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 196.264533] Call Trace: [ 196.267132] dump_stack+0x1c9/0x2b4 [ 196.270770] ? dump_stack_print_info.cold.2+0x52/0x52 [ 196.275970] ? __kernel_text_address+0xd/0x40 [ 196.276358] FAT-fs (loop7): Directory bread(block 134) failed [ 196.280472] ? perf_trace_lock+0xde/0x920 [ 196.280495] should_fail.cold.4+0xa/0x11 [ 196.280514] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 196.293800] attempt to access beyond end of device [ 196.294925] ? save_stack+0xa9/0xd0 [ 196.294939] ? kasan_kmalloc+0xc4/0xe0 [ 196.294949] ? kasan_slab_alloc+0x12/0x20 [ 196.294966] ? kmem_cache_alloc+0x12e/0x760 [ 196.300064] loop0: rw=2049, want=310, limit=128 [ 196.304965] ? anon_vma_fork+0x192/0x960 [ 196.304979] ? copy_process.part.41+0x6705/0x73d0 [ 196.304995] ? _do_fork+0x291/0x12a0 [ 196.309207] FAT-fs (loop7): Directory bread(block 135) failed [ 196.312559] ? __x64_sys_clone+0xbf/0x150 [ 196.312578] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 196.312600] ? lock_acquire+0x1e4/0x540 [ 196.321308] FAT-fs (loop7): Directory bread(block 136) failed [ 196.325733] ? lock_downgrade+0x8f0/0x8f0 [ 196.325752] ? lock_acquire+0x1e4/0x540 [ 196.325769] ? fs_reclaim_acquire+0x20/0x20 [ 196.330731] FAT-fs (loop7): Directory bread(block 137) failed [ 196.334655] ? lock_downgrade+0x8f0/0x8f0 [ 196.334675] ? check_same_owner+0x340/0x340 [ 196.334693] ? rcu_note_context_switch+0x730/0x730 [ 196.395264] ? kasan_unpoison_shadow+0x35/0x50 [ 196.399858] __should_failslab+0x124/0x180 [ 196.404537] should_failslab+0x9/0x14 [ 196.408347] kmem_cache_alloc+0x2af/0x760 [ 196.412504] ? dup_userfaultfd+0x775/0x9a0 [ 196.416743] ? anon_vma_fork+0x192/0x960 [ 196.420808] anon_vma_fork+0x2dc/0x960 [ 196.424700] ? anon_vma_clone+0x740/0x740 [ 196.428852] ? kasan_slab_alloc+0x12/0x20 [ 196.433006] ? kmem_cache_alloc+0x2fc/0x760 [ 196.437344] copy_process.part.41+0x6705/0x73d0 [ 196.442031] ? __cleanup_sighand+0x70/0x70 [ 196.446270] ? lock_release+0xa30/0xa30 [ 196.450277] ? xas_descend+0x20c/0x5f0 [ 196.454180] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 196.459199] ? check_pgprot+0xdf/0x180 [ 196.463091] ? put_page+0x280/0x280 [ 196.466719] ? kasan_check_write+0x14/0x20 [ 196.470961] ? alloc_set_pte+0xaf6/0x1790 [ 196.475124] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 196.480141] ? filemap_map_pages+0xca2/0x1990 [ 196.484641] ? trace_hardirqs_on+0x10/0x10 [ 196.488879] ? xa_set_tag+0x40/0x40 [ 196.492507] ? perf_trace_lock+0xde/0x920 [ 196.496661] ? trace_hardirqs_on+0x10/0x10 [ 196.500904] ? trace_hardirqs_on+0x10/0x10 [ 196.505142] ? trace_hardirqs_on+0x10/0x10 [ 196.509385] ? find_get_entries_tag+0x1410/0x1410 [ 196.514235] ? perf_trace_lock+0xde/0x920 [ 196.518387] ? zap_class+0x740/0x740 [ 196.522108] ? zap_class+0x740/0x740 [ 196.525857] ? zap_class+0x740/0x740 [ 196.529575] ? shrink_dcache_sb+0x350/0x350 [ 196.533903] ? perf_trace_lock+0xde/0x920 [ 196.538052] ? lock_acquire+0x1e4/0x540 [ 196.542032] ? __fdget_pos+0x1bb/0x200 [ 196.545923] ? zap_class+0x740/0x740 [ 196.549643] ? lock_release+0xa30/0xa30 [ 196.555016] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 196.560556] ? _parse_integer+0x13b/0x190 [ 196.564710] ? perf_trace_lock+0xde/0x920 [ 196.568862] ? _kstrtoull+0x188/0x250 [ 196.572670] ? _parse_integer+0x190/0x190 [ 196.576822] ? zap_class+0x740/0x740 [ 196.580542] ? __check_object_size+0xa3/0x5d7 [ 196.585062] ? lock_acquire+0x1e4/0x540 [ 196.589044] ? get_pid_task+0xd8/0x1a0 [ 196.592940] ? perf_trace_lock+0xde/0x920 [ 196.597098] ? lock_release+0xa30/0xa30 [ 196.601082] ? zap_class+0x740/0x740 [ 196.604803] ? vmf_insert_mixed_mkwrite+0xa0/0xa0 [ 196.609648] ? __f_unlock_pos+0x19/0x20 [ 196.613623] ? lock_downgrade+0x8f0/0x8f0 [ 196.617778] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 196.623319] ? proc_fail_nth_write+0x9e/0x210 [ 196.627819] ? lock_acquire+0x1e4/0x540 [ 196.629038] attempt to access beyond end of device [ 196.631800] _do_fork+0x291/0x12a0 [ 196.631820] ? fork_idle+0x1a0/0x1a0 [ 196.631836] ? fsnotify_first_mark+0x350/0x350 [ 196.631851] ? fsnotify+0x14e0/0x14e0 [ 196.636778] loop7: rw=2049, want=310, limit=128 [ 196.640295] ? __sb_end_write+0xac/0xe0 [ 196.640315] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 196.645676] attempt to access beyond end of device [ 196.648563] ? fput+0x130/0x1a0 [ 196.648578] ? ksys_write+0x1ae/0x260 [ 196.648595] ? __ia32_sys_read+0xb0/0xb0 [ 196.648611] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 196.648629] __x64_sys_clone+0xbf/0x150 [ 196.652420] loop7: rw=2049, want=311, limit=128 [ 196.657081] do_syscall_64+0x1b9/0x820 [ 196.657098] ? finish_task_switch+0x1d3/0x870 [ 196.661485] attempt to access beyond end of device [ 196.666565] ? syscall_return_slowpath+0x5e0/0x5e0 [ 196.666581] ? syscall_return_slowpath+0x31d/0x5e0 [ 196.666597] ? prepare_exit_to_usermode+0x3b0/0x3b0 09:52:09 executing program 2: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f7620") r1 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x80000000000002, &(0x7f0000000000)=0x78, 0x4) bind$inet(r1, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1=0xe0000001}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000040)='dctcp\x00', 0x7fff) sendto$inet(r1, &(0x7f0000a88f88), 0xfffffffffffffe6e, 0x20000000, &(0x7f0000e68000)={0x2, 0x4004e23, @local={0xac, 0x14, 0x14, 0xaa}}, 0x10) shutdown(r1, 0x1) 09:52:09 executing program 1: r0 = memfd_create(&(0x7f0000000100)="885d292b00", 0x20000000000002) write(r0, &(0x7f0000000080)="a8", 0x1) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x11, r0, 0x0) sendfile(r0, r0, &(0x7f0000000040), 0xff8) renameat(0xffffffffffffffff, &(0x7f0000000000)='.\x00', 0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00') [ 196.666612] ? prepare_exit_to_usermode+0x291/0x3b0 [ 196.666629] ? perf_trace_sys_enter+0xb10/0xb10 [ 196.671541] loop7: rw=2049, want=312, limit=128 [ 196.674807] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 196.674831] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 196.679024] attempt to access beyond end of device [ 196.682639] RIP: 0033:0x455ab9 [ 196.682643] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 [ 196.688222] loop7: rw=2049, want=313, limit=128 [ 196.692154] 00 00 00 00 66 90 [ 196.697209] attempt to access beyond end of device [ 196.700695] 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 [ 196.705260] loop7: rw=2049, want=326, limit=128 [ 196.710156] c8 4c 8b 4c 24 08 [ 196.715457] attempt to access beyond end of device [ 196.719993] 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 [ 196.725074] loop7: rw=2049, want=327, limit=128 [ 196.730051] 00 00 00 00 [ 196.730080] RSP: 002b:00007fc93da34c68 EFLAGS: 00000246 [ 196.735909] attempt to access beyond end of device [ 196.740078] ORIG_RAX: 0000000000000038 09:52:09 executing program 5: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x80000000000002, &(0x7f0000000000)=0x78, 0x4) bind$inet(r1, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1=0xe0000001}, 0x10) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f00000000c0)={0x1, &(0x7f0000f40ff8)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000040)='dctcp\x00', 0x7fff) sendto$inet(r1, &(0x7f0000a88f88), 0xfffffffffffffe6e, 0x20000000, &(0x7f0000e68000)={0x2, 0x4004e23, @local={0xac, 0x14, 0x14, 0xaa}}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, &(0x7f0000001800)='nv\x00', 0x3) shutdown(r1, 0x1) [ 196.740087] RAX: ffffffffffffffda RBX: 00007fc93da356d4 RCX: 0000000000455ab9 [ 196.740096] RDX: 0000000020000240 RSI: 0000000020000140 RDI: 0000000000004000 [ 196.740105] RBP: 000000000072bea0 R08: 00000000200002c0 R09: 0000000000000000 [ 196.740113] R10: 0000000020000280 R11: 0000000000000246 R12: 0000000000000014 [ 196.740122] R13: 00000000004bb85d R14: 00000000004c8d28 R15: 0000000000000030 [ 196.860433] loop7: rw=2049, want=328, limit=128 09:52:09 executing program 0: socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000a8eff8)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$sock_int(r1, 0x1, 0x7, &(0x7f0000ac5000), 0x4) sendmmsg$unix(r1, &(0x7f00000bd000), 0x80, 0x0) r2 = memfd_create(&(0x7f0000000080)='dev ', 0x3) write(r2, &(0x7f0000000040)="16", 0x1) sendfile(r1, r2, &(0x7f0000000000), 0xffff) fcntl$addseals(r2, 0x409, 0x8) futex(&(0x7f00000000c0), 0x0, 0x0, &(0x7f0000000100)={0x0, 0x1c9c380}, &(0x7f00000001c0), 0x0) lseek(r2, 0x0, 0x3) close(r0) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x0, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) 09:52:09 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x1000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x0, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vcs\x00', 0x400, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffff9c, &(0x7f00000000c0)={0x0, 0x18, 0xfa00, {0x4, &(0x7f0000000080)={0xffffffffffffffff}, 0x106, 0x100f}}, 0x20) write$RDMA_USER_CM_CMD_BIND(r0, &(0x7f00000002c0)={0x14, 0x88, 0xfa00, {r1, 0x1c, 0x0, @in6={0xa, 0x4e20, 0x80000000, @local={0xfe, 0x80, [], 0xaa}, 0xfffffffffffff7a5}}}, 0x90) 09:52:09 executing program 4 (fault-call:1 fault-nth:49): perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x4000, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) [ 196.876658] attempt to access beyond end of device [ 196.881751] loop7: rw=2049, want=329, limit=128 [ 196.907147] attempt to access beyond end of device [ 196.912241] loop7: rw=2049, want=2153, limit=128 09:52:09 executing program 7: syz_mount_image$vfat(&(0x7f0000000140)='vfat\x00', &(0x7f0000000100)='./file0\x00', 0x10001, 0x1, &(0x7f0000000040)=[{&(0x7f0000010000)="eb64c86d6b66732e66617400020441000500077008f8", 0x16}], 0x0, &(0x7f0000000240)=ANY=[]) r0 = open(&(0x7f00000001c0)='./file0/file0\x00', 0x3bffa, 0x0) io_setup(0x7, &(0x7f0000000000)=0x0) write$binfmt_elf32(r0, &(0x7f0000000180)=ANY=[@ANYRES64], 0xfffffe45) io_submit(r1, 0x0, &(0x7f0000000400)) [ 196.996020] FAULT_INJECTION: forcing a failure. [ 196.996020] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 197.007984] CPU: 0 PID: 11559 Comm: syz-executor4 Not tainted 4.18.0-rc5-next-20180720+ #12 [ 197.016488] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 197.025854] Call Trace: [ 197.028463] dump_stack+0x1c9/0x2b4 [ 197.032118] ? dump_stack_print_info.cold.2+0x52/0x52 [ 197.037330] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 197.043014] should_fail.cold.4+0xa/0x11 [ 197.047098] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 197.052242] ? perf_swevent_event+0x2e0/0x2e0 [ 197.056760] ? memset+0x31/0x40 [ 197.060060] ? perf_trace_run_bpf_submit+0x269/0x3b0 [ 197.065216] ? lock_acquire+0x1e4/0x540 [ 197.065235] ? fs_reclaim_acquire+0x20/0x20 [ 197.065254] ? lock_downgrade+0x8f0/0x8f0 [ 197.065278] ? check_same_owner+0x340/0x340 [ 197.065293] ? perf_trace_lock+0x49d/0x920 [ 197.065312] ? rcu_note_context_switch+0x730/0x730 [ 197.065342] __alloc_pages_nodemask+0x36e/0xdb0 [ 197.065364] ? __alloc_pages_slowpath+0x2d00/0x2d00 [ 197.065421] ? perf_trace_run_bpf_submit+0x269/0x3b0 [ 197.065445] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 197.065467] alloc_pages_current+0x10c/0x210 [ 197.065492] pte_alloc_one+0x1b/0x1a0 [ 197.065515] __pte_alloc+0x2a/0x3c0 [ 197.065537] copy_page_range+0x1670/0x24c0 [ 197.065602] ? __pmd_alloc+0x530/0x530 [ 197.065618] ? _do_fork+0x291/0x12a0 [ 197.065634] ? __x64_sys_clone+0xbf/0x150 [ 197.065650] ? do_syscall_64+0x1b9/0x820 09:52:10 executing program 3: r0 = perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x0, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) r1 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000040)='/dev/cuse\x00', 0x80000, 0x0) ioctl$sock_inet_tcp_SIOCINQ(r1, 0x541b, &(0x7f0000000080)) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000200)={0x0}, &(0x7f00000002c0)=0xc) perf_event_open(&(0x7f0000000100)={0x0, 0x70, 0x2, 0x87, 0x1, 0x8, 0x0, 0x100000001, 0x80000, 0x1, 0xffffffff, 0x7fffffff, 0x5, 0xffffffffffffbf27, 0x0, 0x4, 0xfffffffffffff67c, 0xfffffffffffffc01, 0x100000001, 0x0, 0x0, 0x5b380800, 0x0, 0xb2f, 0x1, 0x9, 0x3, 0x8ac1, 0x3, 0xffff, 0x6, 0x0, 0x5, 0xfffffffffffffff8, 0x8, 0x1c, 0x8, 0x4, 0x0, 0xbd50, 0x1, @perf_bp={&(0x7f00000000c0), 0x1}, 0x8000, 0x54d9, 0x200, 0x5, 0x200, 0xb35, 0x1ff}, r2, 0x10, r0, 0x1) 09:52:10 executing program 1: r0 = memfd_create(&(0x7f0000000100)="885d292b00", 0x0) write(r0, &(0x7f0000000080)="a8", 0x1) write$P9_RXATTRCREATE(r0, &(0x7f0000000140)={0x7, 0x21, 0x1}, 0x7) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x11, r0, 0x0) sendfile(r0, r0, &(0x7f0000000040), 0xff8) renameat(0xffffffffffffffff, &(0x7f0000000000)='.\x00', 0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00') setsockopt$sock_int(r0, 0x1, 0x6, &(0x7f0000000200)=0x2, 0x4) bind$unix(r0, &(0x7f0000000180)=@abs={0x1, 0x0, 0x4e24}, 0x6e) ioctl$GIO_CMAP(r0, 0x4b70, &(0x7f0000000240)) [ 197.065668] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 197.065689] ? lock_acquire+0x1e4/0x540 [ 197.065704] ? percpu_ref_put_many+0x119/0x240 [ 197.065721] ? lock_downgrade+0x8f0/0x8f0 [ 197.065750] ? anon_vma_fork+0x651/0x960 [ 197.065766] ? lock_downgrade+0x8f0/0x8f0 [ 197.065787] ? lock_release+0xa30/0xa30 [ 197.065803] ? percpu_ref_put_many+0x131/0x240 [ 197.065819] ? rcu_note_context_switch+0x730/0x730 [ 197.065846] ? up_write+0x7b/0x220 [ 197.065861] ? up_read+0x110/0x110 09:52:10 executing program 3: r0 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vga_arbiter\x00', 0x40, 0x0) setsockopt$inet_sctp6_SCTP_ADAPTATION_LAYER(r0, 0x84, 0x7, &(0x7f0000000100)={0xfffffffffffffff7}, 0x4) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$mixer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/mixer\x00', 0x400000, 0x0) ioctl$TCSETA(r1, 0x5406, &(0x7f0000000080)={0x80, 0x8001, 0xffffffffffffffff, 0x2, 0x10001, 0x7, 0x8, 0xfffffffffffffffd, 0x2, 0x6}) ioctl$SNDRV_TIMER_IOCTL_PVERSION(r0, 0x80045400, &(0x7f0000000300)) getpeername$packet(r1, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @random}, &(0x7f0000000200)=0x14) ioctl$sock_inet_SIOCGIFPFLAGS(r0, 0x8935, &(0x7f0000000340)={'syzkaller1\x00', 0x1000}) ioctl$ifreq_SIOCGIFINDEX_team(r1, 0x8933, &(0x7f00000002c0)={'team0\x00', r2}) clone(0x0, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) [ 197.065879] ? anon_vma_interval_tree_insert+0x26b/0x300 [ 197.065903] ? anon_vma_fork+0x138/0x960 [ 197.065923] ? anon_vma_clone+0x740/0x740 [ 197.065943] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 197.065962] ? __vma_link_rb+0x2a4/0x3f0 [ 197.065985] copy_process.part.41+0x5ead/0x73d0 [ 197.066037] ? __cleanup_sighand+0x70/0x70 [ 197.066055] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 197.066071] ? perf_tp_event+0x91b/0xc40 [ 197.066086] ? xas_descend+0x20c/0x5f0 [ 197.066112] ? perf_swevent_event+0x2e0/0x2e0 [ 197.066144] ? perf_swevent_event+0x158/0x2e0 09:52:10 executing program 3: r0 = perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x0, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) ioctl$PERF_EVENT_IOC_ID(r0, 0x80082407, &(0x7f00000000c0)) ioctl(r0, 0x7fff, &(0x7f00000002c0)="904c9bf4e5d00f613f3862139d126d3225e2838c2c3312239efd094d7c5351beef87cf1aace1d0a637ab66a93416903abb6c862274f1e76c712e1a16cba9f7409f4650e999194f9c6ab999a50ae03a2ca6d5ac1833483cf9ea44c067aaa60ad47a0639ac2202c4cca846308275b1dcd903b190f9a83a91bc60c8b65e7ac85ee15245c5722d13e1215061e22efc6fd4") ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(r0, 0x4008240b, &(0x7f0000000040)={0x7, 0x70, 0x8, 0x7fff, 0xffff, 0x0, 0x0, 0x58, 0x1000, 0x3, 0xffff, 0x6, 0x6, 0x2, 0x2, 0x9, 0x3, 0x73235ad1, 0x4, 0x8000, 0x1, 0x401, 0x3, 0xfff, 0x200, 0x1f, 0xfff, 0x4, 0x3, 0x9, 0xa3, 0x7, 0x80, 0xff, 0xc2, 0x7f, 0x40, 0x200, 0x0, 0x7, 0x2, @perf_config_ext={0xff}, 0x20000, 0x4, 0x1, 0x2, 0x2, 0x7, 0x20000}) [ 197.066163] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 197.066178] ? perf_tp_event+0x91b/0xc40 [ 197.066192] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 197.066209] ? filemap_map_pages+0xca2/0x1990 [ 197.066234] ? perf_swevent_event+0x2e0/0x2e0 [ 197.066257] ? perf_trace_run_bpf_submit+0x269/0x3b0 [ 197.066279] ? perf_trace_run_bpf_submit+0x269/0x3b0 [ 197.066306] ? perf_tp_event+0xc40/0xc40 [ 197.066329] ? perf_trace_run_bpf_submit+0x269/0x3b0 [ 197.066350] ? perf_trace_run_bpf_submit+0x269/0x3b0 [ 197.066367] ? perf_trace_run_bpf_submit+0x270/0x3b0 [ 197.066391] ? perf_tp_event+0xc40/0xc40 [ 197.066409] ? zap_class+0x740/0x740 [ 197.066434] ? perf_trace_run_bpf_submit+0x269/0x3b0 [ 197.066453] ? perf_trace_run_bpf_submit+0x269/0x3b0 [ 197.066470] ? perf_trace_run_bpf_submit+0x270/0x3b0 [ 197.066496] ? perf_tp_event+0xc40/0xc40 [ 197.066516] ? zap_class+0x740/0x740 [ 197.066537] ? memset+0x31/0x40 [ 197.066570] ? perf_trace_lock+0x49d/0x920 [ 197.066592] ? perf_trace_run_bpf_submit+0x269/0x3b0 [ 197.066619] ? zap_class+0x740/0x740 [ 197.066643] ? __check_object_size+0xa3/0x5d7 [ 197.350939] ? memset+0x31/0x40 [ 197.354267] ? zap_class+0x740/0x740 [ 197.358010] ? __f_unlock_pos+0x19/0x20 [ 197.362003] ? lock_downgrade+0x8f0/0x8f0 [ 197.366185] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 197.371537] FAT-fs (loop7): Directory bread(block 128) failed [ 197.371741] ? proc_fail_nth_write+0x9e/0x210 [ 197.371764] ? lock_acquire+0x1e4/0x540 [ 197.386130] _do_fork+0x291/0x12a0 [ 197.389694] ? fork_idle+0x1a0/0x1a0 [ 197.391623] FAT-fs (loop7): Directory bread(block 129) failed [ 197.393440] ? fsnotify_first_mark+0x350/0x350 [ 197.393463] ? fsnotify+0x14e0/0x14e0 [ 197.393495] ? __sb_end_write+0xac/0xe0 [ 197.393518] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 197.416672] FAT-fs (loop7): Directory bread(block 130) failed [ 197.417234] ? fput+0x130/0x1a0 [ 197.417253] ? ksys_write+0x1ae/0x260 [ 197.430232] ? __ia32_sys_read+0xb0/0xb0 [ 197.434311] ? syscall_slow_exit_work+0x500/0x500 [ 197.439177] __x64_sys_clone+0xbf/0x150 09:52:10 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x0, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) [ 197.439261] FAT-fs (loop7): Directory bread(block 131) failed [ 197.443162] do_syscall_64+0x1b9/0x820 [ 197.443179] ? finish_task_switch+0x1d3/0x870 [ 197.443199] ? syscall_return_slowpath+0x5e0/0x5e0 [ 197.443217] ? syscall_return_slowpath+0x31d/0x5e0 [ 197.443237] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 197.472339] ? prepare_exit_to_usermode+0x291/0x3b0 [ 197.472421] FAT-fs (loop7): Directory bread(block 132) failed [ 197.477367] ? perf_trace_sys_enter+0xb10/0xb10 [ 197.477389] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 197.477420] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 197.477433] RIP: 0033:0x455ab9 [ 197.477438] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 197.515121] FAT-fs (loop7): Directory bread(block 133) failed [ 197.520764] RSP: 002b:00007fc93da34c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 197.520784] RAX: ffffffffffffffda RBX: 00007fc93da356d4 RCX: 0000000000455ab9 09:52:10 executing program 1: r0 = memfd_create(&(0x7f0000000100)="885d292b00", 0x0) write(r0, &(0x7f0000000080)="a8", 0x1) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x11, r0, 0x0) accept$alg(r0, 0x0, 0x0) sendfile(r0, r0, &(0x7f0000000180), 0xff8) renameat(0xffffffffffffffff, &(0x7f0000000000)='.\x00', 0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00') ioctl$ASHMEM_GET_PIN_STATUS(r0, 0x7709, 0x0) socketpair$inet_sctp(0x2, 0x5, 0x84, &(0x7f0000000140)={0xffffffffffffffff}) listen(r1, 0xfffffffffffffffb) [ 197.520795] RDX: 0000000020000240 RSI: 0000000020000140 RDI: 0000000000004000 [ 197.520805] RBP: 000000000072bea0 R08: 00000000200002c0 R09: 0000000000000000 [ 197.520816] R10: 0000000020000280 R11: 0000000000000246 R12: 0000000000000014 [ 197.520826] R13: 00000000004bb85d R14: 00000000004c8d28 R15: 0000000000000031 [ 197.573364] FAT-fs (loop7): Directory bread(block 134) failed [ 197.584123] FAT-fs (loop7): Directory bread(block 135) failed 09:52:10 executing program 4 (fault-call:1 fault-nth:50): perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x4000, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) [ 197.597541] FAT-fs (loop7): Directory bread(block 136) failed [ 197.615378] FAT-fs (loop7): Directory bread(block 137) failed [ 197.657388] FAULT_INJECTION: forcing a failure. [ 197.657388] name failslab, interval 1, probability 0, space 0, times 0 [ 197.668855] CPU: 0 PID: 11606 Comm: syz-executor4 Not tainted 4.18.0-rc5-next-20180720+ #12 [ 197.677378] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 197.686753] Call Trace: [ 197.689375] dump_stack+0x1c9/0x2b4 [ 197.693056] ? dump_stack_print_info.cold.2+0x52/0x52 [ 197.698279] ? perf_trace_lock+0x49d/0x920 [ 197.702567] should_fail.cold.4+0xa/0x11 [ 197.706411] attempt to access beyond end of device [ 197.706650] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 197.711610] loop7: rw=2049, want=310, limit=128 [ 197.716691] ? percpu_ref_put_many+0x131/0x240 [ 197.716712] ? check_same_owner+0x340/0x340 [ 197.728166] attempt to access beyond end of device [ 197.730265] ? perf_trace_lock+0x49d/0x920 [ 197.730286] ? rcu_note_context_switch+0x730/0x730 [ 197.730331] ? lock_acquire+0x1e4/0x540 [ 197.735244] loop7: rw=2049, want=311, limit=128 [ 197.739459] ? fs_reclaim_acquire+0x20/0x20 [ 197.739476] ? lock_downgrade+0x8f0/0x8f0 [ 197.739505] ? check_same_owner+0x340/0x340 [ 197.744964] attempt to access beyond end of device [ 197.748388] ? rcu_note_context_switch+0x730/0x730 [ 197.748413] __should_failslab+0x124/0x180 [ 197.748434] should_failslab+0x9/0x14 [ 197.753104] loop7: rw=2049, want=312, limit=128 [ 197.757405] kmem_cache_alloc+0x2af/0x760 [ 197.757425] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 197.757452] ptlock_alloc+0x20/0x80 [ 197.762033] attempt to access beyond end of device [ 197.765880] pte_alloc_one+0x6b/0x1a0 [ 197.765901] __pte_alloc+0x2a/0x3c0 [ 197.765924] copy_page_range+0x1670/0x24c0 [ 197.770859] loop7: rw=2049, want=313, limit=128 [ 197.775811] ? __pmd_alloc+0x530/0x530 [ 197.788822] attempt to access beyond end of device [ 197.792608] ? _do_fork+0x291/0x12a0 [ 197.792624] ? __x64_sys_clone+0xbf/0x150 [ 197.792640] ? do_syscall_64+0x1b9/0x820 [ 197.792659] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 197.792681] ? lock_acquire+0x1e4/0x540 [ 197.798221] loop7: rw=2049, want=326, limit=128 [ 197.801837] ? percpu_ref_put_many+0x119/0x240 [ 197.801854] ? lock_downgrade+0x8f0/0x8f0 [ 197.801886] ? anon_vma_fork+0x651/0x960 [ 197.807379] attempt to access beyond end of device [ 197.810590] ? lock_downgrade+0x8f0/0x8f0 [ 197.810615] ? lock_release+0xa30/0xa30 [ 197.810632] ? percpu_ref_put_many+0x131/0x240 [ 197.814267] loop7: rw=2049, want=327, limit=128 [ 197.818475] ? rcu_note_context_switch+0x730/0x730 [ 197.818506] ? up_write+0x7b/0x220 [ 197.823682] attempt to access beyond end of device [ 197.827051] ? up_read+0x110/0x110 [ 197.827073] ? anon_vma_interval_tree_insert+0x26b/0x300 [ 197.827101] ? anon_vma_fork+0x138/0x960 [ 197.832050] loop7: rw=2049, want=328, limit=128 [ 197.835729] ? anon_vma_clone+0x740/0x740 [ 197.835753] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 197.840778] attempt to access beyond end of device [ 197.843949] ? __vma_link_rb+0x2a4/0x3f0 [ 197.843976] copy_process.part.41+0x5ead/0x73d0 [ 197.844028] ? __cleanup_sighand+0x70/0x70 [ 197.849417] loop7: rw=2049, want=329, limit=128 [ 197.853308] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 197.853324] ? perf_tp_event+0x91b/0xc40 [ 197.853343] ? xas_descend+0x20c/0x5f0 [ 197.885685] attempt to access beyond end of device [ 197.888369] ? perf_swevent_event+0x2e0/0x2e0 [ 197.888398] ? perf_swevent_event+0x158/0x2e0 [ 197.893067] loop7: rw=2049, want=2153, limit=128 [ 197.898068] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 197.898083] ? perf_tp_event+0x91b/0xc40 [ 197.898100] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 198.002590] ? filemap_map_pages+0xca2/0x1990 [ 198.007111] ? perf_swevent_event+0x2e0/0x2e0 [ 198.011658] ? perf_trace_run_bpf_submit+0x269/0x3b0 [ 198.016782] ? perf_trace_run_bpf_submit+0x269/0x3b0 [ 198.021918] ? perf_tp_event+0xc40/0xc40 [ 198.026004] ? perf_trace_run_bpf_submit+0x269/0x3b0 [ 198.031133] ? perf_trace_run_bpf_submit+0x269/0x3b0 [ 198.036255] ? perf_trace_run_bpf_submit+0x270/0x3b0 [ 198.041383] ? perf_tp_event+0xc40/0xc40 [ 198.045461] ? zap_class+0x740/0x740 [ 198.049225] ? perf_trace_run_bpf_submit+0x269/0x3b0 [ 198.054375] ? perf_trace_run_bpf_submit+0x269/0x3b0 [ 198.059500] ? perf_trace_run_bpf_submit+0x270/0x3b0 [ 198.064637] ? perf_tp_event+0xc40/0xc40 [ 198.068725] ? zap_class+0x740/0x740 [ 198.072461] ? memset+0x31/0x40 [ 198.075771] ? perf_trace_lock+0x49d/0x920 [ 198.080009] ? perf_trace_run_bpf_submit+0x269/0x3b0 [ 198.085119] ? zap_class+0x740/0x740 [ 198.088838] ? __check_object_size+0xa3/0x5d7 [ 198.093326] ? memset+0x31/0x40 [ 198.096605] ? zap_class+0x740/0x740 [ 198.100324] ? __f_unlock_pos+0x19/0x20 [ 198.104289] ? lock_downgrade+0x8f0/0x8f0 [ 198.108429] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 198.113965] ? proc_fail_nth_write+0x9e/0x210 [ 198.118455] ? lock_acquire+0x1e4/0x540 [ 198.122429] _do_fork+0x291/0x12a0 [ 198.125970] ? fork_idle+0x1a0/0x1a0 [ 198.129683] ? fsnotify_first_mark+0x350/0x350 [ 198.134257] ? fsnotify+0x14e0/0x14e0 [ 198.138074] ? __sb_end_write+0xac/0xe0 [ 198.142060] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 198.147593] ? fput+0x130/0x1a0 [ 198.150886] ? ksys_write+0x1ae/0x260 [ 198.154693] ? __ia32_sys_read+0xb0/0xb0 [ 198.158758] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 198.164294] __x64_sys_clone+0xbf/0x150 [ 198.168393] do_syscall_64+0x1b9/0x820 [ 198.172270] ? finish_task_switch+0x1d3/0x870 [ 198.176767] ? syscall_return_slowpath+0x5e0/0x5e0 [ 198.181693] ? syscall_return_slowpath+0x31d/0x5e0 [ 198.186620] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 198.191644] ? prepare_exit_to_usermode+0x291/0x3b0 [ 198.196658] ? perf_trace_sys_enter+0xb10/0xb10 [ 198.201318] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 198.206162] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 198.211336] RIP: 0033:0x455ab9 [ 198.214507] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 198.233800] RSP: 002b:00007fc93da34c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 198.241508] RAX: ffffffffffffffda RBX: 00007fc93da356d4 RCX: 0000000000455ab9 [ 198.248790] RDX: 0000000020000240 RSI: 0000000020000140 RDI: 0000000000004000 [ 198.256076] RBP: 000000000072bea0 R08: 00000000200002c0 R09: 0000000000000000 [ 198.263342] R10: 0000000020000280 R11: 0000000000000246 R12: 0000000000000014 [ 198.270602] R13: 00000000004bb85d R14: 00000000004c8d28 R15: 0000000000000032 09:52:11 executing program 6: mkdir(&(0x7f00000003c0)='./control\x00', 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000480)={0xaa}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000200)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = creat(&(0x7f0000000040)='./control/file0\x00', 0x0) write$sndseq(r1, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) mkdir(&(0x7f0000000100)='./file0\x00', 0x0) r2 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000140)='/dev/dsp\x00', 0x0, 0x0) pwrite64(0xffffffffffffffff, &(0x7f0000000080), 0x0, 0x0) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='9p\x00', 0x0, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c}) close(r0) 09:52:11 executing program 2: r0 = perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x0, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) ioctl$sock_inet_SIOCDARP(r0, 0x8953, &(0x7f00000000c0)={{0x2, 0x4e20, @local={0xac, 0x14, 0x14, 0xaa}}, {0x0, @dev={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0x11}}, 0x4, {0x2, 0x4e21, @local={0xac, 0x14, 0x14, 0xaa}}, 'ip6tnl0\x00'}) r1 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vcs\x00', 0x40, 0x0) setsockopt$inet_udp_encap(r1, 0x11, 0x64, &(0x7f0000000080)=0x4, 0x4) 09:52:11 executing program 3: r0 = syz_open_dev$sndpcmc(&(0x7f0000000040)='/dev/snd/pcmC#D#c\x00', 0x100000000, 0x8b52088f6a8233de) ioctl$SCSI_IOCTL_START_UNIT(r0, 0x5) ioctl$SCSI_IOCTL_PROBE_HOST(r0, 0x5385, &(0x7f0000000080)={0x40, ""/64}) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x0, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) 09:52:11 executing program 5: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x80000000000002, &(0x7f0000000000)=0x78, 0x4) bind$inet(r1, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1=0xe0000001}, 0x10) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f00000000c0)={0x1, &(0x7f0000f40ff8)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000040)='dctcp\x00', 0x7fff) sendto$inet(r1, &(0x7f0000a88f88), 0xfffffffffffffe6e, 0x20000000, &(0x7f0000e68000)={0x2, 0x4004e23, @local={0xac, 0x14, 0x14, 0xaa}}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000001800)='nv\x00', 0x3) shutdown(0xffffffffffffffff, 0x1) 09:52:11 executing program 1: r0 = memfd_create(&(0x7f0000000100)="885d292b00", 0x0) write(r0, &(0x7f0000000080)="a8", 0x1) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x11, r0, 0x0) sendfile(r0, r0, &(0x7f0000000040), 0xff8) renameat(0xffffffffffffffff, &(0x7f0000000000)='.\x00', 0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00') 09:52:11 executing program 0: syz_mount_image$vfat(&(0x7f0000000140)='vfat\x00', &(0x7f0000000100)='./file0\x00', 0x10001, 0x1, &(0x7f0000000040)=[{&(0x7f0000010000)}], 0x0, &(0x7f0000000240)=ANY=[]) r0 = open(&(0x7f00000001c0)='./file0/file0\x00', 0x3bffa, 0x0) io_setup(0x7, &(0x7f0000000000)=0x0) write$binfmt_elf32(r0, &(0x7f0000000180)=ANY=[@ANYRES64], 0xfffffe45) io_submit(r1, 0x1, &(0x7f0000000400)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r0, &(0x7f00000002c0)="80", 0x1}]) 09:52:11 executing program 7: syz_mount_image$vfat(&(0x7f0000000140)='vfat\x00', &(0x7f0000000100)='./file0\x00', 0x10001, 0x1, &(0x7f0000000040)=[{&(0x7f0000010000)="eb64c86d6b66732e66617400020441000500077008f8", 0x16}], 0x0, &(0x7f0000000240)=ANY=[]) r0 = open(&(0x7f00000001c0)='./file0/file0\x00', 0x3bffa, 0x0) io_setup(0x7, &(0x7f0000000000)=0x0) write$binfmt_elf32(r0, &(0x7f0000000180)=ANY=[@ANYRES64], 0xfffffe45) io_submit(r1, 0x1, &(0x7f0000000400)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, r0, &(0x7f00000002c0)="80", 0x1}]) 09:52:11 executing program 4 (fault-call:1 fault-nth:51): perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x4000, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) [ 198.593605] FAULT_INJECTION: forcing a failure. [ 198.593605] name failslab, interval 1, probability 0, space 0, times 0 [ 198.603956] FAT-fs (loop7): Directory bread(block 128) failed [ 198.604903] CPU: 0 PID: 11627 Comm: syz-executor4 Not tainted 4.18.0-rc5-next-20180720+ #12 [ 198.617610] FAT-fs (loop7): Directory bread(block 129) failed [ 198.619252] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 198.619259] Call Trace: [ 198.619286] dump_stack+0x1c9/0x2b4 [ 198.619310] ? dump_stack_print_info.cold.2+0x52/0x52 [ 198.632536] FAT-fs (loop7): Directory bread(block 130) failed [ 198.634564] ? perf_trace_lock+0x49d/0x920 [ 198.634596] should_fail.cold.4+0xa/0x11 [ 198.634619] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 198.641313] FAT-fs (loop7): Directory bread(block 131) failed [ 198.645989] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 198.646014] ? kasan_check_write+0x14/0x20 [ 198.646030] ? do_raw_spin_lock+0xc1/0x200 [ 198.646052] ? trace_hardirqs_on+0xd/0x10 [ 198.662825] FAT-fs (loop7): Directory bread(block 132) failed 09:52:11 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x0, &(0x7f0000000040)="83358bb0b87d3b08db9cb3afab532c579ab3067882d407688d2d179a715c03271c1917d48fe50e2ae99a66a6466c3566a1493c56248f0b1f2b7c2e884a4513e197ab586b", &(0x7f00000000c0), &(0x7f0000000100), &(0x7f00000002c0)="7a5e166af3dbe2e3b02af7a16f3e84e94a08188dfebaff6737c1503d16f2ae0fa18067f7bce141cc7cd3acc318de70d67a6ab3f554ed787aebc5eec81ef2a5044d00e818c194fb38472ab902f0331a91fa6bb99a9a745128772ec184d9171ad2b505260dae5df1a43bf7a6d4e76fb1528b8aff746728b717ffbab48325ba45bba11a10f4225dd71b030cfc95754db2f0d52154") clone(0x0, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) [ 198.665296] ? percpu_counter_add_batch+0xf2/0x150 [ 198.665322] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 198.665338] ? __vm_enough_memory+0x590/0x980 [ 198.680510] FAT-fs (loop7): Directory bread(block 133) failed [ 198.684255] ? lock_acquire+0x1e4/0x540 [ 198.684272] ? fs_reclaim_acquire+0x20/0x20 [ 198.684289] ? lock_downgrade+0x8f0/0x8f0 [ 198.695308] FAT-fs (loop7): Directory bread(block 134) failed [ 198.699207] ? up_write+0x7b/0x220 [ 198.699237] ? check_same_owner+0x340/0x340 [ 198.699258] ? rcu_note_context_switch+0x730/0x730 [ 198.713189] FAT-fs (loop7): Directory bread(block 135) failed [ 198.714610] ? anon_vma_fork+0x138/0x960 [ 198.714637] __should_failslab+0x124/0x180 [ 198.714659] should_failslab+0x9/0x14 [ 198.718811] FAT-fs (loop7): Directory bread(block 136) failed [ 198.722924] kmem_cache_alloc+0x2af/0x760 [ 198.722952] ? security_vm_enough_memory_mm+0x9d/0xc0 [ 198.722981] copy_process.part.41+0x2f81/0x73d0 [ 198.727540] FAT-fs (loop7): Directory bread(block 137) failed [ 198.733049] ? __cleanup_sighand+0x70/0x70 [ 198.733069] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 198.733088] ? perf_tp_event+0x91b/0xc40 [ 198.803192] ? xas_descend+0x20c/0x5f0 [ 198.807081] ? perf_swevent_event+0x2e0/0x2e0 [ 198.811588] ? perf_swevent_event+0x158/0x2e0 [ 198.816086] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 198.821622] ? perf_tp_event+0x91b/0xc40 [ 198.825674] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 198.830691] ? filemap_map_pages+0xca2/0x1990 [ 198.835185] ? perf_swevent_event+0x2e0/0x2e0 [ 198.839675] ? perf_trace_run_bpf_submit+0x269/0x3b0 [ 198.844782] ? perf_trace_run_bpf_submit+0x269/0x3b0 [ 198.849895] ? perf_tp_event+0xc40/0xc40 [ 198.853953] ? perf_trace_run_bpf_submit+0x269/0x3b0 [ 198.859051] ? perf_trace_run_bpf_submit+0x269/0x3b0 [ 198.864147] ? perf_trace_run_bpf_submit+0x270/0x3b0 [ 198.869247] ? perf_tp_event+0xc40/0xc40 [ 198.873316] ? zap_class+0x740/0x740 [ 198.877042] ? perf_trace_run_bpf_submit+0x269/0x3b0 [ 198.882234] ? perf_trace_run_bpf_submit+0x269/0x3b0 [ 198.887338] ? perf_trace_run_bpf_submit+0x270/0x3b0 [ 198.892438] ? perf_tp_event+0xc40/0xc40 [ 198.896511] ? zap_class+0x740/0x740 [ 198.900216] ? memset+0x31/0x40 [ 198.903665] ? perf_trace_lock+0x49d/0x920 [ 198.907890] ? perf_trace_run_bpf_submit+0x269/0x3b0 [ 198.912987] ? zap_class+0x740/0x740 [ 198.916699] ? __check_object_size+0xa3/0x5d7 [ 198.921199] ? memset+0x31/0x40 [ 198.924482] ? zap_class+0x740/0x740 [ 198.928202] ? __f_unlock_pos+0x19/0x20 [ 198.932166] ? lock_downgrade+0x8f0/0x8f0 [ 198.936311] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 198.941850] ? proc_fail_nth_write+0x9e/0x210 [ 198.946353] ? lock_acquire+0x1e4/0x540 [ 198.950327] _do_fork+0x291/0x12a0 [ 198.953865] ? fork_idle+0x1a0/0x1a0 [ 198.957573] ? fsnotify_first_mark+0x350/0x350 [ 198.962159] ? fsnotify+0x14e0/0x14e0 [ 198.965959] ? __sb_end_write+0xac/0xe0 [ 198.969925] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 198.975450] ? fput+0x130/0x1a0 [ 198.978719] ? ksys_write+0x1ae/0x260 [ 198.982511] ? __ia32_sys_read+0xb0/0xb0 [ 198.986559] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 198.992092] __x64_sys_clone+0xbf/0x150 [ 198.996061] do_syscall_64+0x1b9/0x820 [ 198.999938] ? finish_task_switch+0x1d3/0x870 [ 199.004425] ? syscall_return_slowpath+0x5e0/0x5e0 [ 199.009347] ? syscall_return_slowpath+0x31d/0x5e0 [ 199.014267] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 199.019275] ? prepare_exit_to_usermode+0x291/0x3b0 [ 199.024312] ? perf_trace_sys_enter+0xb10/0xb10 [ 199.028974] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 199.033828] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 199.039007] RIP: 0033:0x455ab9 [ 199.042184] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 199.061569] RSP: 002b:00007fc93da34c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 199.069290] RAX: ffffffffffffffda RBX: 00007fc93da356d4 RCX: 0000000000455ab9 [ 199.076546] RDX: 0000000020000240 RSI: 0000000020000140 RDI: 0000000000004000 [ 199.083805] RBP: 000000000072bea0 R08: 00000000200002c0 R09: 0000000000000000 [ 199.091063] R10: 0000000020000280 R11: 0000000000000246 R12: 0000000000000014 [ 199.098332] R13: 00000000004bb85d R14: 00000000004c8d28 R15: 0000000000000033 [ 199.118231] FAT-fs (loop0): bogus number of reserved sectors [ 199.124119] FAT-fs (loop0): Can't find a valid FAT filesystem 09:52:12 executing program 4 (fault-call:1 fault-nth:52): perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x4000, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) 09:52:12 executing program 2: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x0, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) getrlimit(0xf, &(0x7f0000000040)) 09:52:12 executing program 3: r0 = perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_INFO(r0, 0xc08c5335, &(0x7f00000002c0)={0x8000000000, 0x3, 0x1, 'queue1\x00', 0x7}) write$binfmt_misc(r0, &(0x7f0000000140)={'syz0', "e59d34a79d9e8cca081c45091d79bbd6dac374fd2e4f279ce8cb255309"}, 0x1c) clone(0x0, &(0x7f0000000140), &(0x7f0000000040), &(0x7f0000000280), &(0x7f0000000080)) [ 199.295612] attempt to access beyond end of device [ 199.300650] loop7: rw=2049, want=310, limit=128 [ 199.305350] buffer_io_error: 22 callbacks suppressed [ 199.305360] Buffer I/O error on dev loop7, logical block 309, lost async page write [ 199.355282] attempt to access beyond end of device [ 199.360348] loop7: rw=2049, want=311, limit=128 [ 199.365096] Buffer I/O error on dev loop7, logical block 310, lost async page write 09:52:12 executing program 2: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f7620") r1 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x80000000000002, &(0x7f0000000000)=0x78, 0x4) bind$inet(r1, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1=0xe0000001}, 0x10) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f00000000c0)={0x1, &(0x7f0000f40ff8)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000040)='dctcp\x00', 0x7fff) sendto$inet(r1, &(0x7f0000a88f88), 0xfffffffffffffe6e, 0x20000000, &(0x7f0000e68000)={0x2, 0x4004e23, @local={0xac, 0x14, 0x14, 0xaa}}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000001800)='nv\x00', 0x3) shutdown(r1, 0x1) 09:52:12 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x0, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000040)='/dev/hwrng\x00', 0x2, 0x0) getsockopt$inet_sctp6_SCTP_INITMSG(r0, 0x84, 0x2, &(0x7f0000000080), &(0x7f00000000c0)=0x8) [ 199.405049] attempt to access beyond end of device [ 199.410081] loop7: rw=2049, want=312, limit=128 [ 199.414811] Buffer I/O error on dev loop7, logical block 311, lost async page write [ 199.425544] attempt to access beyond end of device [ 199.430603] loop7: rw=2049, want=313, limit=128 [ 199.435312] Buffer I/O error on dev loop7, logical block 312, lost async page write 09:52:12 executing program 1: r0 = memfd_create(&(0x7f0000000100)="885d292b00", 0x0) write(r0, &(0x7f0000000080)="a8", 0x1) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x11, r0, 0x0) sendfile(r0, r0, &(0x7f0000000040), 0xff8) getsockopt$inet_sctp_SCTP_PR_ASSOC_STATUS(r0, 0x84, 0x73, &(0x7f0000000140)={0x0, 0x101, 0x30, 0x9, 0x8}, &(0x7f0000000180)=0x18) getsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x75, &(0x7f00000001c0)={r1, 0x3}, &(0x7f0000000200)=0x8) renameat(0xffffffffffffffff, &(0x7f0000000000)='.\x00', 0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00') 09:52:12 executing program 5: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x80000000000002, &(0x7f0000000000)=0x78, 0x4) bind$inet(r1, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1=0xe0000001}, 0x10) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f00000000c0)={0x1, &(0x7f0000f40ff8)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000040)='dctcp\x00', 0x7fff) sendto$inet(r1, &(0x7f0000a88f88), 0xfffffffffffffe6e, 0x20000000, &(0x7f0000e68000)={0x2, 0x4004e23, @local={0xac, 0x14, 0x14, 0xaa}}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000001800)='nv\x00', 0x3) shutdown(r1, 0x0) [ 199.530084] attempt to access beyond end of device [ 199.535180] loop7: rw=2049, want=326, limit=128 [ 199.539899] Buffer I/O error on dev loop7, logical block 325, lost async page write [ 199.591632] attempt to access beyond end of device [ 199.598273] loop7: rw=2049, want=327, limit=128 [ 199.604577] Buffer I/O error on dev loop7, logical block 326, lost async page write [ 199.640621] attempt to access beyond end of device [ 199.645664] loop7: rw=2049, want=328, limit=128 [ 199.650398] Buffer I/O error on dev loop7, logical block 327, lost async page write [ 199.686550] FAULT_INJECTION: forcing a failure. [ 199.686550] name failslab, interval 1, probability 0, space 0, times 0 [ 199.696927] attempt to access beyond end of device [ 199.697854] CPU: 1 PID: 11675 Comm: syz-executor4 Not tainted 4.18.0-rc5-next-20180720+ #12 [ 199.702787] loop7: rw=2049, want=329, limit=128 [ 199.711227] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 199.711233] Call Trace: [ 199.711258] dump_stack+0x1c9/0x2b4 [ 199.711277] ? dump_stack_print_info.cold.2+0x52/0x52 [ 199.711297] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 199.711320] should_fail.cold.4+0xa/0x11 [ 199.716027] Buffer I/O error on dev loop7, logical block 328, lost async page write [ 199.725341] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 199.725363] ? lock_release+0xa30/0xa30 [ 199.735812] attempt to access beyond end of device [ 199.736736] ? kasan_check_read+0x11/0x20 [ 199.736756] ? rcu_is_watching+0x8c/0x150 [ 199.741782] loop7: rw=2049, want=2153, limit=128 [ 199.745799] ? rcu_cleanup_dead_rnp+0x200/0x200 [ 199.745814] ? is_bpf_text_address+0xd7/0x170 [ 199.745828] ? kernel_text_address+0x79/0xf0 [ 199.745840] ? __kernel_text_address+0xd/0x40 [ 199.745852] ? unwind_get_return_address+0x61/0xa0 [ 199.745865] ? __save_stack_trace+0x8d/0xf0 [ 199.745885] ? save_stack+0xa9/0xd0 [ 199.811345] ? save_stack+0x43/0xd0 [ 199.814960] ? kasan_kmalloc+0xc4/0xe0 [ 199.818831] __should_failslab+0x124/0x180 [ 199.823066] should_failslab+0x9/0x14 [ 199.826852] kmem_cache_alloc+0x47/0x760 [ 199.830898] ? lock_acquire+0x1e4/0x540 [ 199.834854] ? percpu_ref_put_many+0x119/0x240 [ 199.839423] ? lock_downgrade+0x8f0/0x8f0 [ 199.843556] anon_vma_clone+0x140/0x740 [ 199.847514] ? fs_reclaim_acquire+0x20/0x20 [ 199.851821] ? unlink_anon_vmas+0xa60/0xa60 [ 199.856131] ? dup_userfaultfd+0x775/0x9a0 [ 199.860362] anon_vma_fork+0xf0/0x960 [ 199.864149] ? kasan_unpoison_shadow+0x35/0x50 [ 199.868718] ? anon_vma_clone+0x740/0x740 [ 199.872849] ? kasan_slab_alloc+0x12/0x20 [ 199.876982] ? kmem_cache_alloc+0x2fc/0x760 [ 199.881293] copy_process.part.41+0x6705/0x73d0 [ 199.885959] ? __cleanup_sighand+0x70/0x70 [ 199.890177] ? lock_release+0xa30/0xa30 [ 199.894136] ? xas_descend+0x20c/0x5f0 [ 199.898015] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 199.903022] ? check_pgprot+0xdf/0x180 [ 199.906895] ? put_page+0x280/0x280 [ 199.910507] ? kasan_check_write+0x14/0x20 [ 199.914730] ? alloc_set_pte+0xaf6/0x1790 [ 199.918869] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 199.923870] ? filemap_map_pages+0xca2/0x1990 [ 199.928349] ? trace_hardirqs_on+0x10/0x10 [ 199.932571] ? xa_set_tag+0x40/0x40 [ 199.936185] ? perf_trace_lock+0xde/0x920 [ 199.940322] ? trace_hardirqs_on+0x10/0x10 [ 199.944544] ? trace_hardirqs_on+0x10/0x10 [ 199.948763] ? trace_hardirqs_on+0x10/0x10 [ 199.952987] ? find_get_entries_tag+0x1410/0x1410 [ 199.957822] ? perf_trace_lock+0xde/0x920 [ 199.961963] ? zap_class+0x740/0x740 [ 199.965661] ? zap_class+0x740/0x740 [ 199.969359] ? zap_class+0x740/0x740 [ 199.973060] ? shrink_dcache_sb+0x350/0x350 [ 199.977371] ? perf_trace_lock+0xde/0x920 [ 199.981502] ? lock_acquire+0x1e4/0x540 [ 199.985459] ? __fdget_pos+0x1bb/0x200 [ 199.989334] ? zap_class+0x740/0x740 [ 199.993036] ? lock_release+0xa30/0xa30 [ 199.996998] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 200.002522] ? _parse_integer+0x13b/0x190 [ 200.006654] ? perf_trace_lock+0xde/0x920 [ 200.010796] ? _kstrtoull+0x188/0x250 [ 200.014583] ? _parse_integer+0x190/0x190 [ 200.018715] ? zap_class+0x740/0x740 [ 200.022415] ? __check_object_size+0xa3/0x5d7 [ 200.026917] ? lock_acquire+0x1e4/0x540 [ 200.030885] ? get_pid_task+0xd8/0x1a0 [ 200.034755] ? perf_trace_lock+0xde/0x920 [ 200.038888] ? lock_release+0xa30/0xa30 [ 200.042847] ? zap_class+0x740/0x740 [ 200.046553] ? vmf_insert_mixed_mkwrite+0xa0/0xa0 [ 200.051382] ? __f_unlock_pos+0x19/0x20 [ 200.055341] ? lock_downgrade+0x8f0/0x8f0 [ 200.059477] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 200.065010] ? proc_fail_nth_write+0x9e/0x210 [ 200.069504] ? lock_acquire+0x1e4/0x540 [ 200.073483] _do_fork+0x291/0x12a0 [ 200.077015] ? fork_idle+0x1a0/0x1a0 [ 200.080718] ? fsnotify_first_mark+0x350/0x350 [ 200.085285] ? fsnotify+0x14e0/0x14e0 [ 200.089075] ? __sb_end_write+0xac/0xe0 [ 200.093039] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 200.098562] ? fput+0x130/0x1a0 [ 200.101841] ? ksys_write+0x1ae/0x260 [ 200.105629] ? __ia32_sys_read+0xb0/0xb0 [ 200.109675] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 200.115199] __x64_sys_clone+0xbf/0x150 [ 200.119160] do_syscall_64+0x1b9/0x820 [ 200.123034] ? syscall_return_slowpath+0x5e0/0x5e0 [ 200.127968] ? syscall_return_slowpath+0x31d/0x5e0 [ 200.132886] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 200.137888] ? prepare_exit_to_usermode+0x291/0x3b0 [ 200.142888] ? perf_trace_sys_enter+0xb10/0xb10 [ 200.148413] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 200.153246] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 200.158432] RIP: 0033:0x455ab9 [ 200.161613] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 200.180806] RSP: 002b:00007fc93da34c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 200.188500] RAX: ffffffffffffffda RBX: 00007fc93da356d4 RCX: 0000000000455ab9 [ 200.195755] RDX: 0000000020000240 RSI: 0000000020000140 RDI: 0000000000004000 [ 200.203027] RBP: 000000000072bea0 R08: 00000000200002c0 R09: 0000000000000000 [ 200.210280] R10: 0000000020000280 R11: 0000000000000246 R12: 0000000000000014 [ 200.217535] R13: 00000000004bb85d R14: 00000000004c8d28 R15: 0000000000000034 09:52:13 executing program 6: mkdir(&(0x7f00000003c0)='./control\x00', 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000480)={0xaa}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000200)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = creat(&(0x7f0000000040)='./control/file0\x00', 0x0) write$sndseq(r1, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) mkdir(&(0x7f0000000100)='./file0\x00', 0x0) r2 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000140)='/dev/dsp\x00', 0x0, 0x0) pwrite64(0xffffffffffffffff, &(0x7f0000000080), 0x0, 0x0) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='9p\x00', 0x0, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c}) close(r0) 09:52:13 executing program 0: ioctl$sock_FIOGETOWN(0xffffffffffffff9c, 0x8903, &(0x7f0000000200)=0x0) r1 = perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x10000000000000, 0x0, 0x0, 0x0, 0x3, 0x31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x1}, r0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer\x00', 0x8800, 0x0) lstat(&(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0}) fstat(r1, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) setsockopt$inet6_IPV6_ADDRFORM(r2, 0x29, 0x1, &(0x7f0000000140)=0x2, 0x4) write$P9_RGETATTR(r2, &(0x7f0000000340)={0xa0, 0x19, 0x2, {0x1, {0xa, 0x0, 0x7}, 0x4, r3, r4, 0x4, 0x0, 0x2, 0x2, 0xa210, 0xffffffffffffff0d, 0x2, 0x20, 0xc, 0x2, 0xfa4, 0xffffffff, 0x9, 0x4, 0x9}}, 0xa0) clone(0x0, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) 09:52:13 executing program 3: r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x7ff, 0x101000) getsockopt$inet6_tcp_buf(r0, 0x6, 0x1f, &(0x7f0000000080)=""/18, &(0x7f00000000c0)=0x12) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x0, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) setsockopt$XDP_UMEM_REG(r0, 0x11b, 0x4, &(0x7f0000000200)={&(0x7f0000000100)=""/118, 0x23000, 0x1000, 0x80}, 0x18) ioctl$KVM_GET_DIRTY_LOG(r0, 0x4010ae42, &(0x7f00000002c0)={0x10200, 0x0, &(0x7f0000ffd000/0x2000)=nil}) 09:52:13 executing program 7: syz_mount_image$vfat(&(0x7f0000000140)='vfat\x00', &(0x7f0000000100)='./file0\x00', 0x10001, 0x1, &(0x7f0000000040)=[{&(0x7f0000010000)="eb64c86d6b66732e66617400020441000500077008f8", 0x16}], 0x0, &(0x7f0000000240)=ANY=[]) r0 = open(&(0x7f00000001c0)='./file0/file0\x00', 0x3bffa, 0x0) io_setup(0x7, &(0x7f0000000000)=0x0) write$binfmt_elf32(r0, &(0x7f0000000180)=ANY=[@ANYRES64], 0xfffffe45) io_submit(r1, 0x1, &(0x7f0000000400)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, r0, &(0x7f00000002c0)="80", 0x1}]) 09:52:13 executing program 1: r0 = memfd_create(&(0x7f0000000100)="885d292b00", 0x0) write(r0, &(0x7f0000000140)="a8", 0x1) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x11, r0, 0x0) sendfile(r0, r0, &(0x7f0000000040), 0xff8) renameat(0xffffffffffffffff, &(0x7f0000000000)='.\x00', 0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00') 09:52:13 executing program 4 (fault-call:1 fault-nth:53): perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x4000, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) 09:52:13 executing program 2 (fault-call:1 fault-nth:0): perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x0, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) [ 200.436629] FAULT_INJECTION: forcing a failure. [ 200.436629] name failslab, interval 1, probability 0, space 0, times 0 [ 200.447915] CPU: 1 PID: 11704 Comm: syz-executor4 Not tainted 4.18.0-rc5-next-20180720+ #12 [ 200.451180] FAULT_INJECTION: forcing a failure. [ 200.451180] name failslab, interval 1, probability 0, space 0, times 0 [ 200.456412] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 200.456418] Call Trace: [ 200.456442] dump_stack+0x1c9/0x2b4 [ 200.456460] ? dump_stack_print_info.cold.2+0x52/0x52 [ 200.456478] ? perf_trace_lock+0xde/0x920 [ 200.456498] should_fail.cold.4+0xa/0x11 [ 200.456523] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 200.501667] ? lock_downgrade+0x8f0/0x8f0 [ 200.505815] ? anon_vma_clone+0x4e0/0x740 [ 200.509956] ? lock_downgrade+0x8f0/0x8f0 [ 200.514097] ? lock_release+0xa30/0xa30 [ 200.518063] ? percpu_ref_put_many+0x131/0x240 [ 200.522640] ? lock_acquire+0x1e4/0x540 [ 200.526604] ? fs_reclaim_acquire+0x20/0x20 [ 200.530914] ? lock_downgrade+0x8f0/0x8f0 [ 200.535058] ? check_same_owner+0x340/0x340 [ 200.539382] ? rcu_note_context_switch+0x730/0x730 [ 200.544306] __should_failslab+0x124/0x180 [ 200.548529] should_failslab+0x9/0x14 [ 200.552322] kmem_cache_alloc+0x2af/0x760 [ 200.556467] ? dup_userfaultfd+0x775/0x9a0 [ 200.560698] anon_vma_fork+0x192/0x960 [ 200.564575] ? kasan_unpoison_shadow+0x35/0x50 [ 200.569160] ? anon_vma_clone+0x740/0x740 [ 200.573303] ? kasan_slab_alloc+0x12/0x20 [ 200.577444] ? kmem_cache_alloc+0x2fc/0x760 [ 200.581763] copy_process.part.41+0x6705/0x73d0 [ 200.586437] ? __cleanup_sighand+0x70/0x70 [ 200.590661] ? lock_release+0xa30/0xa30 [ 200.594627] ? xas_descend+0x20c/0x5f0 [ 200.598521] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 200.603552] ? check_pgprot+0xdf/0x180 [ 200.607430] ? put_page+0x280/0x280 [ 200.611048] ? kasan_check_write+0x14/0x20 [ 200.615278] ? alloc_set_pte+0xaf6/0x1790 [ 200.619421] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 200.624439] ? filemap_map_pages+0xca2/0x1990 [ 200.628932] ? trace_hardirqs_on+0x10/0x10 [ 200.633170] ? xa_set_tag+0x40/0x40 [ 200.636788] ? perf_trace_lock+0xde/0x920 [ 200.640936] ? trace_hardirqs_on+0x10/0x10 [ 200.645165] ? trace_hardirqs_on+0x10/0x10 [ 200.649392] ? trace_hardirqs_on+0x10/0x10 [ 200.653625] ? find_get_entries_tag+0x1410/0x1410 [ 200.658466] ? perf_trace_lock+0xde/0x920 [ 200.662607] ? zap_class+0x740/0x740 [ 200.666313] ? zap_class+0x740/0x740 [ 200.670020] ? zap_class+0x740/0x740 [ 200.673729] ? shrink_dcache_sb+0x350/0x350 [ 200.678044] ? perf_trace_lock+0xde/0x920 [ 200.682186] ? lock_acquire+0x1e4/0x540 [ 200.686150] ? __fdget_pos+0x1bb/0x200 [ 200.690032] ? zap_class+0x740/0x740 [ 200.693737] ? lock_release+0xa30/0xa30 [ 200.697704] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 200.703231] ? _parse_integer+0x13b/0x190 [ 200.707470] ? perf_trace_lock+0xde/0x920 [ 200.711607] ? _kstrtoull+0x188/0x250 [ 200.715408] ? _parse_integer+0x190/0x190 [ 200.719590] ? zap_class+0x740/0x740 [ 200.723298] ? __check_object_size+0xa3/0x5d7 [ 200.727787] ? lock_acquire+0x1e4/0x540 [ 200.731763] ? get_pid_task+0xd8/0x1a0 [ 200.735646] ? perf_trace_lock+0xde/0x920 [ 200.740136] ? lock_release+0xa30/0xa30 [ 200.744103] ? zap_class+0x740/0x740 [ 200.749547] ? vmf_insert_mixed_mkwrite+0xa0/0xa0 [ 200.754380] ? __f_unlock_pos+0x19/0x20 [ 200.758347] ? lock_downgrade+0x8f0/0x8f0 [ 200.762488] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 200.768021] ? proc_fail_nth_write+0x9e/0x210 [ 200.772528] ? lock_acquire+0x1e4/0x540 [ 200.776501] _do_fork+0x291/0x12a0 [ 200.780037] ? fork_idle+0x1a0/0x1a0 [ 200.783756] ? fsnotify_first_mark+0x350/0x350 [ 200.788330] ? fsnotify+0x14e0/0x14e0 [ 200.792127] ? __sb_end_write+0xac/0xe0 [ 200.796096] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 200.801622] ? fput+0x130/0x1a0 [ 200.804892] ? ksys_write+0x1ae/0x260 [ 200.808687] ? __ia32_sys_read+0xb0/0xb0 [ 200.812751] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 200.818286] __x64_sys_clone+0xbf/0x150 [ 200.822266] do_syscall_64+0x1b9/0x820 [ 200.826146] ? syscall_return_slowpath+0x5e0/0x5e0 [ 200.831068] ? syscall_return_slowpath+0x31d/0x5e0 [ 200.835991] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 200.841003] ? prepare_exit_to_usermode+0x291/0x3b0 [ 200.846015] ? perf_trace_sys_enter+0xb10/0xb10 [ 200.850681] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 200.855524] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 200.860704] RIP: 0033:0x455ab9 [ 200.863876] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 200.883146] RSP: 002b:00007fc93da34c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 200.890846] RAX: ffffffffffffffda RBX: 00007fc93da356d4 RCX: 0000000000455ab9 [ 200.898105] RDX: 0000000020000240 RSI: 0000000020000140 RDI: 0000000000004000 [ 200.905451] RBP: 000000000072bea0 R08: 00000000200002c0 R09: 0000000000000000 [ 200.912709] R10: 0000000020000280 R11: 0000000000000246 R12: 0000000000000014 [ 200.919969] R13: 00000000004bb85d R14: 00000000004c8d28 R15: 0000000000000035 [ 200.927426] CPU: 0 PID: 11708 Comm: syz-executor2 Not tainted 4.18.0-rc5-next-20180720+ #12 [ 200.935937] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 200.945307] Call Trace: [ 200.947915] dump_stack+0x1c9/0x2b4 [ 200.951574] ? dump_stack_print_info.cold.2+0x52/0x52 [ 200.956806] ? perf_trace_lock+0x49d/0x920 [ 200.961074] should_fail.cold.4+0xa/0x11 [ 200.965166] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 200.970289] ? zap_class+0x740/0x740 [ 200.974020] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 200.979571] ? tracing_generic_entry_update+0x18e/0x200 09:52:13 executing program 3: syz_open_dev$admmidi(&(0x7f00000000c0)='/dev/admmidi#\x00', 0xde, 0x18200) r0 = perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$SNDRV_SEQ_IOCTL_GET_SUBSCRIPTION(r1, 0xc0505350, &(0x7f0000000040)={{0x7, 0x7}, {0x100000001, 0x7fffffff}, 0x80000000, 0x1, 0x800}) clone(0x0, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) [ 200.984953] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 200.990526] ? perf_tp_event+0x91b/0xc40 [ 200.994606] ? lock_acquire+0x1e4/0x540 [ 200.998602] ? lock_acquire+0x1e4/0x540 [ 201.002590] ? fs_reclaim_acquire+0x20/0x20 [ 201.006927] ? lock_downgrade+0x8f0/0x8f0 [ 201.011089] ? perf_log_itrace_start+0x1dd/0x550 [ 201.015869] ? lock_downgrade+0x8f0/0x8f0 [ 201.020040] ? check_same_owner+0x340/0x340 [ 201.025551] ? rcu_note_context_switch+0x730/0x730 [ 201.030504] ? tracing_generic_entry_update+0x18e/0x200 09:52:14 executing program 4 (fault-call:1 fault-nth:54): perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x4000, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) [ 201.035896] __should_failslab+0x124/0x180 [ 201.040158] should_failslab+0x9/0x14 [ 201.043982] kmem_cache_alloc_node+0x272/0x780 [ 201.048790] copy_process.part.41+0x176a/0x73d0 [ 201.053493] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 201.059054] ? perf_swevent_event+0x158/0x2e0 [ 201.063574] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 201.069135] ? perf_tp_event+0x91b/0xc40 [ 201.073232] ? perf_swevent_event+0x2e0/0x2e0 [ 201.077757] ? __cleanup_sighand+0x70/0x70 [ 201.082016] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 09:52:14 executing program 5: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x80000000000002, &(0x7f0000000000)=0x78, 0x4) bind$inet(r1, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1=0xe0000001}, 0x10) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f00000000c0)={0x1, &(0x7f0000f40ff8)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000040)='dctcp\x00', 0x7fff) sendto$inet(r1, &(0x7f0000a88f88), 0xfffffffffffffe6e, 0x20000000, &(0x7f0000e68000)={0x2, 0x4004e23, @local={0xac, 0x14, 0x14, 0xaa}}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000001800)='nv\x00', 0x3) shutdown(r1, 0x0) [ 201.087593] ? perf_tp_event+0x91b/0xc40 [ 201.091673] ? xas_descend+0x20c/0x5f0 [ 201.095690] ? perf_swevent_event+0x2e0/0x2e0 [ 201.100245] ? perf_swevent_event+0x158/0x2e0 [ 201.104853] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 201.110416] ? perf_tp_event+0x91b/0xc40 [ 201.114506] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 201.119586] ? filemap_map_pages+0xca2/0x1990 [ 201.124111] ? perf_swevent_event+0x2e0/0x2e0 [ 201.126147] FAULT_INJECTION: forcing a failure. [ 201.126147] name failslab, interval 1, probability 0, space 0, times 0 [ 201.128638] ? perf_trace_run_bpf_submit+0x269/0x3b0 [ 201.128661] ? perf_trace_run_bpf_submit+0x269/0x3b0 [ 201.128690] ? perf_tp_event+0xc40/0xc40 [ 201.154117] ? perf_trace_run_bpf_submit+0x269/0x3b0 [ 201.159236] ? perf_trace_run_bpf_submit+0x269/0x3b0 [ 201.164338] ? perf_trace_run_bpf_submit+0x270/0x3b0 [ 201.169456] ? perf_tp_event+0xc40/0xc40 [ 201.173527] ? zap_class+0x740/0x740 [ 201.177246] ? perf_trace_run_bpf_submit+0x269/0x3b0 [ 201.182347] ? perf_trace_run_bpf_submit+0x269/0x3b0 [ 201.187446] ? perf_trace_run_bpf_submit+0x270/0x3b0 [ 201.193458] ? perf_tp_event+0xc40/0xc40 [ 201.197535] ? zap_class+0x740/0x740 [ 201.201250] ? memset+0x31/0x40 [ 201.204543] ? perf_trace_lock+0x49d/0x920 [ 201.208797] ? perf_trace_run_bpf_submit+0x269/0x3b0 [ 201.213899] ? perf_trace_run_bpf_submit+0x270/0x3b0 [ 201.219020] ? zap_class+0x740/0x740 [ 201.222739] ? __check_object_size+0xa3/0x5d7 [ 201.227241] ? memset+0x31/0x40 [ 201.230535] ? zap_class+0x740/0x740 [ 201.234255] ? __f_unlock_pos+0x19/0x20 [ 201.238229] ? lock_downgrade+0x8f0/0x8f0 [ 201.242380] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 201.247926] ? proc_fail_nth_write+0x9e/0x210 [ 201.252433] ? lock_acquire+0x1e4/0x540 [ 201.256425] _do_fork+0x291/0x12a0 [ 201.259998] ? fork_idle+0x1a0/0x1a0 [ 201.263739] ? fsnotify_first_mark+0x350/0x350 [ 201.268324] ? fsnotify+0x14e0/0x14e0 [ 201.272140] ? __sb_end_write+0xac/0xe0 [ 201.276294] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 201.281842] ? fput+0x130/0x1a0 [ 201.285122] ? ksys_write+0x1ae/0x260 [ 201.288939] ? __ia32_sys_read+0xb0/0xb0 [ 201.293005] ? syscall_slow_exit_work+0x500/0x500 [ 201.297856] __x64_sys_clone+0xbf/0x150 [ 201.301846] do_syscall_64+0x1b9/0x820 [ 201.305728] ? syscall_slow_exit_work+0x500/0x500 [ 201.310572] ? syscall_return_slowpath+0x5e0/0x5e0 [ 201.315504] ? syscall_return_slowpath+0x31d/0x5e0 [ 201.320439] ? prepare_exit_to_usermode+0x291/0x3b0 [ 201.325460] ? perf_trace_sys_enter+0xb10/0xb10 [ 201.330134] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 201.334993] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 201.340200] RIP: 0033:0x455ab9 [ 201.343383] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 201.362857] RSP: 002b:00007fbdd02a4c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 201.370574] RAX: ffffffffffffffda RBX: 00007fbdd02a56d4 RCX: 0000000000455ab9 [ 201.377852] RDX: 0000000020000240 RSI: 0000000020000140 RDI: 0000000000000000 [ 201.385120] RBP: 000000000072bea0 R08: 00000000200002c0 R09: 0000000000000000 [ 201.392387] R10: 0000000020000280 R11: 0000000000000246 R12: 0000000000000014 [ 201.399657] R13: 00000000004bb85d R14: 00000000004c8d28 R15: 0000000000000000 [ 201.406952] CPU: 1 PID: 11720 Comm: syz-executor4 Not tainted 4.18.0-rc5-next-20180720+ #12 [ 201.415458] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 201.424823] Call Trace: [ 201.427425] dump_stack+0x1c9/0x2b4 [ 201.431067] ? dump_stack_print_info.cold.2+0x52/0x52 [ 201.436284] ? perf_trace_lock+0xde/0x920 [ 201.440449] should_fail.cold.4+0xa/0x11 [ 201.444564] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 201.449682] ? lock_downgrade+0x8f0/0x8f0 [ 201.453845] ? anon_vma_clone+0x4e0/0x740 [ 201.458005] ? lock_downgrade+0x8f0/0x8f0 [ 201.462163] ? lock_release+0xa30/0xa30 [ 201.466145] ? percpu_ref_put_many+0x131/0x240 [ 201.470740] ? lock_acquire+0x1e4/0x540 [ 201.474723] ? fs_reclaim_acquire+0x20/0x20 [ 201.479058] ? lock_downgrade+0x8f0/0x8f0 [ 201.483216] ? check_same_owner+0x340/0x340 [ 201.487545] ? rcu_note_context_switch+0x730/0x730 [ 201.492484] __should_failslab+0x124/0x180 [ 201.496726] should_failslab+0x9/0x14 [ 201.500536] kmem_cache_alloc+0x2af/0x760 [ 201.502563] FAT-fs (loop7): Directory bread(block 128) failed [ 201.504690] ? dup_userfaultfd+0x775/0x9a0 [ 201.504708] anon_vma_fork+0x192/0x960 [ 201.504719] ? kasan_unpoison_shadow+0x35/0x50 [ 201.504736] ? anon_vma_clone+0x740/0x740 [ 201.527419] ? kasan_slab_alloc+0x12/0x20 [ 201.531556] ? kmem_cache_alloc+0x2fc/0x760 [ 201.535874] copy_process.part.41+0x6705/0x73d0 [ 201.540545] ? __cleanup_sighand+0x70/0x70 [ 201.544768] ? lock_release+0xa30/0xa30 [ 201.548728] ? xas_descend+0x20c/0x5f0 [ 201.552629] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 201.557649] ? check_pgprot+0xdf/0x180 [ 201.561525] ? put_page+0x280/0x280 [ 201.565144] ? kasan_check_write+0x14/0x20 [ 201.569461] ? alloc_set_pte+0xaf6/0x1790 [ 201.573604] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 201.578607] ? filemap_map_pages+0xca2/0x1990 [ 201.583090] ? trace_hardirqs_on+0x10/0x10 [ 201.587315] ? xa_set_tag+0x40/0x40 [ 201.590928] ? perf_trace_lock+0xde/0x920 [ 201.595063] ? trace_hardirqs_on+0x10/0x10 [ 201.599289] ? trace_hardirqs_on+0x10/0x10 [ 201.603515] ? trace_hardirqs_on+0x10/0x10 [ 201.607829] ? find_get_entries_tag+0x1410/0x1410 [ 201.612662] ? perf_trace_lock+0xde/0x920 [ 201.616797] ? zap_class+0x740/0x740 [ 201.620512] ? zap_class+0x740/0x740 [ 201.624214] ? zap_class+0x740/0x740 [ 201.627916] ? shrink_dcache_sb+0x350/0x350 [ 201.632227] ? perf_trace_lock+0xde/0x920 [ 201.636361] ? lock_acquire+0x1e4/0x540 [ 201.640322] ? __fdget_pos+0x1bb/0x200 [ 201.644196] ? zap_class+0x740/0x740 [ 201.647900] ? lock_release+0xa30/0xa30 [ 201.651864] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 201.657393] ? _parse_integer+0x13b/0x190 [ 201.661542] ? perf_trace_lock+0xde/0x920 [ 201.665691] ? _kstrtoull+0x188/0x250 [ 201.669493] ? _parse_integer+0x190/0x190 [ 201.673634] ? zap_class+0x740/0x740 [ 201.677338] ? __check_object_size+0xa3/0x5d7 [ 201.681826] ? lock_acquire+0x1e4/0x540 [ 201.685797] ? get_pid_task+0xd8/0x1a0 [ 201.689693] ? perf_trace_lock+0xde/0x920 [ 201.693830] ? lock_release+0xa30/0xa30 [ 201.697792] ? zap_class+0x740/0x740 [ 201.701506] ? vmf_insert_mixed_mkwrite+0xa0/0xa0 [ 201.706348] ? __f_unlock_pos+0x19/0x20 [ 201.710310] ? lock_downgrade+0x8f0/0x8f0 [ 201.714446] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 201.719982] ? proc_fail_nth_write+0x9e/0x210 [ 201.724482] ? lock_acquire+0x1e4/0x540 [ 201.728447] _do_fork+0x291/0x12a0 [ 201.731978] ? fork_idle+0x1a0/0x1a0 [ 201.735682] ? fsnotify_first_mark+0x350/0x350 [ 201.740254] ? fsnotify+0x14e0/0x14e0 [ 201.744050] ? __sb_end_write+0xac/0xe0 [ 201.748035] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 201.753561] ? fput+0x130/0x1a0 [ 201.756847] ? ksys_write+0x1ae/0x260 [ 201.760647] ? __ia32_sys_read+0xb0/0xb0 [ 201.764697] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 201.770241] __x64_sys_clone+0xbf/0x150 [ 201.774206] do_syscall_64+0x1b9/0x820 [ 201.778082] ? finish_task_switch+0x1d3/0x870 [ 201.782574] ? syscall_return_slowpath+0x5e0/0x5e0 [ 201.787502] ? syscall_return_slowpath+0x31d/0x5e0 [ 201.792417] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 201.797420] ? prepare_exit_to_usermode+0x291/0x3b0 [ 201.802424] ? perf_trace_sys_enter+0xb10/0xb10 [ 201.807081] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 201.811927] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 201.817105] RIP: 0033:0x455ab9 [ 201.820277] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 201.839914] RSP: 002b:00007fc93da34c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 201.847626] RAX: ffffffffffffffda RBX: 00007fc93da356d4 RCX: 0000000000455ab9 [ 201.854896] RDX: 0000000020000240 RSI: 0000000020000140 RDI: 0000000000004000 [ 201.862166] RBP: 000000000072bea0 R08: 00000000200002c0 R09: 0000000000000000 [ 201.869423] R10: 0000000020000280 R11: 0000000000000246 R12: 0000000000000014 [ 201.876681] R13: 00000000004bb85d R14: 00000000004c8d28 R15: 0000000000000036 [ 201.904091] FAT-fs (loop7): Directory bread(block 129) failed [ 201.920048] FAT-fs (loop7): Directory bread(block 130) failed [ 201.935441] FAT-fs (loop7): Directory bread(block 131) failed 09:52:14 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x0, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) r0 = syz_open_dev$audion(&(0x7f0000000040)='/dev/audio#\x00', 0x0, 0x2000) accept$nfc_llcp(r0, 0x0, &(0x7f0000000080)) ioctl$TIOCGPGRP(r0, 0x540f, &(0x7f00000000c0)=0x0) sched_setparam(r1, &(0x7f0000000100)=0x3) ioctl$EVIOCGKEYCODE_V2(r0, 0x80284504, &(0x7f00000002c0)=""/225) r2 = semget$private(0x0, 0x2, 0x105) semctl$GETZCNT(r2, 0x2, 0xf, &(0x7f00000003c0)=""/245) utime(&(0x7f0000000140)='./file0\x00', &(0x7f0000000200)={0x78, 0x70}) 09:52:14 executing program 0: ioctl$sock_FIOGETOWN(0xffffffffffffff9c, 0x8903, &(0x7f0000000200)=0x0) r1 = perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x10000000000000, 0x0, 0x0, 0x0, 0x3, 0x31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x1}, r0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer\x00', 0x8800, 0x0) lstat(&(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0}) fstat(r1, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) setsockopt$inet6_IPV6_ADDRFORM(r2, 0x29, 0x1, &(0x7f0000000140)=0x2, 0x4) write$P9_RGETATTR(r2, &(0x7f0000000340)={0xa0, 0x19, 0x2, {0x1, {0xa, 0x0, 0x7}, 0x4, r3, r4, 0x4, 0x0, 0x2, 0x2, 0xa210, 0xffffffffffffff0d, 0x2, 0x20, 0xc, 0x2, 0xfa4, 0xffffffff, 0x9, 0x4, 0x9}}, 0xa0) clone(0x0, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) 09:52:14 executing program 2: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x0, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) 09:52:14 executing program 1 (fault-call:6 fault-nth:0): r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x80000000000002, &(0x7f0000000000)=0x78, 0x4) bind$inet(r1, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1=0xe0000001}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000040)='dctcp\x00', 0x7fff) sendto$inet(r1, &(0x7f0000a88f88), 0xfffffffffffffe6e, 0x20000000, &(0x7f0000e68000)={0x2, 0x4004e23, @local={0xac, 0x14, 0x14, 0xaa}}, 0x10) shutdown(r1, 0x1) [ 201.950837] FAT-fs (loop7): Directory bread(block 132) failed [ 201.963669] FAT-fs (loop7): Directory bread(block 133) failed [ 201.973509] FAT-fs (loop7): Directory bread(block 134) failed 09:52:14 executing program 4 (fault-call:1 fault-nth:55): perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x4000, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) [ 202.008953] FAT-fs (loop7): Directory bread(block 135) failed [ 202.037684] FAT-fs (loop7): Directory bread(block 136) failed [ 202.048176] FAULT_INJECTION: forcing a failure. [ 202.048176] name failslab, interval 1, probability 0, space 0, times 0 [ 202.057986] FAT-fs (loop7): Directory bread(block 137) failed [ 202.059473] CPU: 1 PID: 11746 Comm: syz-executor1 Not tainted 4.18.0-rc5-next-20180720+ #12 [ 202.067826] FAULT_INJECTION: forcing a failure. [ 202.067826] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 202.073826] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 202.073832] Call Trace: [ 202.073854] dump_stack+0x1c9/0x2b4 [ 202.073880] ? dump_stack_print_info.cold.2+0x52/0x52 [ 202.073899] ? perf_trace_lock+0xde/0x920 [ 202.073919] should_fail.cold.4+0xa/0x11 [ 202.073943] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 202.119667] ? kasan_check_write+0x14/0x20 [ 202.123912] ? alloc_set_pte+0xaf6/0x1790 [ 202.128054] ? trace_hardirqs_on+0x10/0x10 [ 202.132297] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 202.137322] ? filemap_map_pages+0xca2/0x1990 [ 202.141831] ? lock_acquire+0x1e4/0x540 [ 202.145800] ? fs_reclaim_acquire+0x20/0x20 [ 202.150114] ? lock_downgrade+0x8f0/0x8f0 [ 202.154272] ? check_same_owner+0x340/0x340 [ 202.158587] ? rcu_note_context_switch+0x730/0x730 [ 202.163509] __should_failslab+0x124/0x180 [ 202.167737] should_failslab+0x9/0x14 [ 202.171529] kmem_cache_alloc_trace+0x2cb/0x780 [ 202.176206] tcp_sendmsg_locked+0x303b/0x3f20 [ 202.180707] ? perf_trace_lock+0xde/0x920 [ 202.184891] ? lock_acquire+0x1e4/0x540 [ 202.188874] ? perf_trace_lock+0xde/0x920 [ 202.193018] ? tcp_sendpage+0x60/0x60 [ 202.196817] ? zap_class+0x740/0x740 [ 202.200538] ? __fget+0x4d5/0x740 [ 202.203993] ? lock_acquire+0x1e4/0x540 [ 202.207968] ? tcp_sendmsg+0x21/0x50 [ 202.211677] ? lock_release+0xa30/0xa30 [ 202.215643] ? kasan_check_read+0x11/0x20 [ 202.219783] ? do_raw_spin_unlock+0xa7/0x2f0 [ 202.224198] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 202.228774] ? kasan_check_write+0x14/0x20 [ 202.233022] ? lock_sock_nested+0x9f/0x120 [ 202.237250] ? trace_hardirqs_on+0xd/0x10 [ 202.241405] ? __local_bh_enable_ip+0x161/0x230 [ 202.246331] tcp_sendmsg+0x2f/0x50 [ 202.249894] inet_sendmsg+0x1a1/0x690 [ 202.253690] ? ipip_gro_receive+0x100/0x100 [ 202.258022] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 202.263560] ? security_socket_sendmsg+0x94/0xc0 [ 202.268326] ? ipip_gro_receive+0x100/0x100 [ 202.272651] sock_sendmsg+0xd5/0x120 [ 202.276371] __sys_sendto+0x3d7/0x670 [ 202.280170] ? __ia32_sys_getpeername+0xb0/0xb0 [ 202.285093] ? vfs_write+0x2f3/0x560 [ 202.288802] ? wait_for_completion+0x8d0/0x8d0 [ 202.293377] ? lock_release+0xa30/0xa30 [ 202.297347] ? fsnotify_first_mark+0x350/0x350 [ 202.301924] ? fsnotify+0x14e0/0x14e0 [ 202.305725] ? __sb_end_write+0xac/0xe0 [ 202.309695] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 202.315222] ? fput+0x130/0x1a0 [ 202.318493] ? ksys_write+0x1ae/0x260 [ 202.322289] ? __ia32_sys_read+0xb0/0xb0 [ 202.326344] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 202.331883] __x64_sys_sendto+0xe1/0x1a0 [ 202.335945] do_syscall_64+0x1b9/0x820 [ 202.339836] ? finish_task_switch+0x1d3/0x870 [ 202.344331] ? syscall_return_slowpath+0x5e0/0x5e0 [ 202.349253] ? syscall_return_slowpath+0x31d/0x5e0 [ 202.354189] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 202.359211] ? prepare_exit_to_usermode+0x291/0x3b0 [ 202.364225] ? perf_trace_sys_enter+0xb10/0xb10 [ 202.368888] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 202.373827] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 202.379011] RIP: 0033:0x455ab9 [ 202.382188] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 202.401450] RSP: 002b:00007fb68228dc68 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 202.409158] RAX: ffffffffffffffda RBX: 00007fb68228e6d4 RCX: 0000000000455ab9 [ 202.416417] RDX: fffffffffffffe6e RSI: 0000000020a88f88 RDI: 0000000000000014 [ 202.423678] RBP: 000000000072bea0 R08: 0000000020e68000 R09: 0000000000000010 [ 202.430955] R10: 0000000020000000 R11: 0000000000000246 R12: 0000000000000015 [ 202.438232] R13: 00000000004c1158 R14: 00000000004d1848 R15: 0000000000000000 [ 202.445512] CPU: 0 PID: 11749 Comm: syz-executor4 Not tainted 4.18.0-rc5-next-20180720+ #12 [ 202.454027] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 202.463404] Call Trace: [ 202.466011] dump_stack+0x1c9/0x2b4 [ 202.469666] ? dump_stack_print_info.cold.2+0x52/0x52 [ 202.474901] should_fail.cold.4+0xa/0x11 [ 202.478995] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 202.484125] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 202.489691] ? perf_tp_event+0x91b/0xc40 [ 202.494152] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 202.499725] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 202.505291] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 202.510856] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 202.516413] ? perf_tp_event+0x91b/0xc40 [ 202.520496] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 202.526058] ? lock_acquire+0x1e4/0x540 [ 202.530055] ? fs_reclaim_acquire+0x20/0x20 [ 202.534396] ? lock_downgrade+0x8f0/0x8f0 [ 202.538571] ? check_same_owner+0x340/0x340 [ 202.542905] ? perf_swevent_event+0x2e0/0x2e0 [ 202.547415] ? perf_trace_run_bpf_submit+0x269/0x3b0 [ 202.552529] ? rcu_note_context_switch+0x730/0x730 [ 202.557468] ? memset+0x31/0x40 [ 202.560774] __alloc_pages_nodemask+0x36e/0xdb0 [ 202.565469] ? __alloc_pages_slowpath+0x2d00/0x2d00 [ 202.570588] ? memset+0x31/0x40 [ 202.573886] ? perf_trace_lock+0x49d/0x920 [ 202.578139] ? perf_trace_run_bpf_submit+0x270/0x3b0 [ 202.583267] ? zap_class+0x740/0x740 [ 202.587019] ? perf_trace_run_bpf_submit+0x269/0x3b0 [ 202.592145] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 202.597712] alloc_pages_current+0x10c/0x210 [ 202.602150] pte_alloc_one+0x1b/0x1a0 [ 202.605972] copy_huge_pmd+0x144/0xd80 09:52:15 executing program 0: ioctl$sock_FIOGETOWN(0xffffffffffffff9c, 0x8903, &(0x7f0000000200)=0x0) r1 = perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x10000000000000, 0x0, 0x0, 0x0, 0x3, 0x31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x1}, r0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer\x00', 0x8800, 0x0) lstat(&(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0}) fstat(r1, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) setsockopt$inet6_IPV6_ADDRFORM(r2, 0x29, 0x1, &(0x7f0000000140)=0x2, 0x4) write$P9_RGETATTR(r2, &(0x7f0000000340)={0xa0, 0x19, 0x2, {0x1, {0xa, 0x0, 0x7}, 0x4, r3, r4, 0x4, 0x0, 0x2, 0x2, 0xa210, 0xffffffffffffff0d, 0x2, 0x20, 0xc, 0x2, 0xfa4, 0xffffffff, 0x9, 0x4, 0x9}}, 0xa0) clone(0x0, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) [ 202.609883] ? follow_devmap_pmd+0x530/0x530 [ 202.614314] ? perf_trace_run_bpf_submit+0x269/0x3b0 [ 202.619531] ? perf_trace_run_bpf_submit+0x269/0x3b0 [ 202.624650] ? perf_trace_run_bpf_submit+0x270/0x3b0 [ 202.629779] ? pmd_val+0x88/0x100 [ 202.633252] ? add_mm_counter_fast+0xd0/0xd0 [ 202.639772] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 202.645348] copy_page_range+0x914/0x24c0 [ 202.649555] ? save_stack+0x43/0xd0 [ 202.653228] ? __pmd_alloc+0x530/0x530 [ 202.657139] ? _do_fork+0x291/0x12a0 [ 202.660869] ? __x64_sys_clone+0xbf/0x150 [ 202.665036] ? do_syscall_64+0x1b9/0x820 [ 202.669112] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 202.674508] ? lock_acquire+0x1e4/0x540 [ 202.678507] ? percpu_ref_put_many+0x119/0x240 [ 202.683114] ? lock_downgrade+0x8f0/0x8f0 [ 202.687298] ? anon_vma_fork+0x651/0x960 [ 202.691389] ? lock_downgrade+0x8f0/0x8f0 [ 202.695594] ? lock_release+0xa30/0xa30 [ 202.699594] ? percpu_ref_put_many+0x131/0x240 [ 202.704200] ? rcu_note_context_switch+0x730/0x730 [ 202.709167] ? up_write+0x7b/0x220 [ 202.712727] ? up_read+0x110/0x110 [ 202.716291] ? anon_vma_interval_tree_insert+0x26b/0x300 [ 202.721778] ? anon_vma_clone+0x740/0x740 [ 202.725957] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 202.731023] ? __vma_link_rb+0x2a4/0x3f0 [ 202.735120] copy_process.part.41+0x5ead/0x73d0 [ 202.739844] ? __cleanup_sighand+0x70/0x70 [ 202.744103] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 202.749657] ? perf_tp_event+0x91b/0xc40 [ 202.753740] ? xas_descend+0x20c/0x5f0 [ 202.757657] ? perf_swevent_event+0x2e0/0x2e0 [ 202.762195] ? perf_swevent_event+0x158/0x2e0 [ 202.766713] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 202.772271] ? perf_tp_event+0x91b/0xc40 [ 202.776358] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 202.781399] ? filemap_map_pages+0xca2/0x1990 [ 202.785927] ? perf_swevent_event+0x2e0/0x2e0 [ 202.790457] ? perf_trace_run_bpf_submit+0x269/0x3b0 [ 202.795598] ? perf_trace_run_bpf_submit+0x269/0x3b0 [ 202.800737] ? perf_tp_event+0xc40/0xc40 [ 202.804828] ? perf_trace_run_bpf_submit+0x269/0x3b0 [ 202.809963] ? perf_trace_run_bpf_submit+0x269/0x3b0 [ 202.815092] ? perf_trace_run_bpf_submit+0x270/0x3b0 [ 202.820233] ? perf_tp_event+0xc40/0xc40 [ 202.824322] ? zap_class+0x740/0x740 [ 202.828068] ? perf_trace_run_bpf_submit+0x269/0x3b0 [ 202.833163] ? perf_trace_run_bpf_submit+0x269/0x3b0 [ 202.838256] ? perf_trace_run_bpf_submit+0x270/0x3b0 [ 202.843365] ? perf_tp_event+0xc40/0xc40 [ 202.847424] ? zap_class+0x740/0x740 [ 202.851144] ? memset+0x31/0x40 [ 202.854436] ? perf_trace_lock+0x49d/0x920 [ 202.858682] ? perf_trace_run_bpf_submit+0x269/0x3b0 [ 202.863812] ? zap_class+0x740/0x740 [ 202.867538] ? __check_object_size+0xa3/0x5d7 [ 202.872044] ? memset+0x31/0x40 [ 202.875349] ? zap_class+0x740/0x740 [ 202.879083] ? __f_unlock_pos+0x19/0x20 [ 202.883055] ? lock_downgrade+0x8f0/0x8f0 [ 202.887201] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 202.892742] ? proc_fail_nth_write+0x9e/0x210 [ 202.897237] ? lock_acquire+0x1e4/0x540 [ 202.901210] _do_fork+0x291/0x12a0 [ 202.904758] ? fork_idle+0x1a0/0x1a0 [ 202.908477] ? fsnotify_first_mark+0x350/0x350 [ 202.913056] ? fsnotify+0x14e0/0x14e0 [ 202.916860] ? __sb_end_write+0xac/0xe0 [ 202.920839] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 202.926367] ? fput+0x130/0x1a0 [ 202.929649] ? ksys_write+0x1ae/0x260 [ 202.933627] ? __ia32_sys_read+0xb0/0xb0 [ 202.937684] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 202.943244] __x64_sys_clone+0xbf/0x150 [ 202.947241] do_syscall_64+0x1b9/0x820 [ 202.951118] ? finish_task_switch+0x1d3/0x870 [ 202.955608] ? syscall_return_slowpath+0x5e0/0x5e0 [ 202.960543] ? syscall_return_slowpath+0x31d/0x5e0 [ 202.965467] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 202.970478] ? prepare_exit_to_usermode+0x291/0x3b0 [ 202.975490] ? perf_trace_sys_enter+0xb10/0xb10 [ 202.980155] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 202.984998] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 202.990197] RIP: 0033:0x455ab9 [ 202.993371] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 203.012662] RSP: 002b:00007fc93da34c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 203.020368] RAX: ffffffffffffffda RBX: 00007fc93da356d4 RCX: 0000000000455ab9 [ 203.027636] RDX: 0000000020000240 RSI: 0000000020000140 RDI: 0000000000004000 [ 203.034909] RBP: 000000000072bea0 R08: 00000000200002c0 R09: 0000000000000000 [ 203.042171] R10: 0000000020000280 R11: 0000000000000246 R12: 0000000000000014 [ 203.049449] R13: 00000000004bb85d R14: 00000000004c8d28 R15: 0000000000000037 09:52:17 executing program 6: mkdir(&(0x7f00000003c0)='./control\x00', 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000480)={0xaa}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000200)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = creat(&(0x7f0000000040)='./control/file0\x00', 0x0) write$sndseq(r1, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) mkdir(&(0x7f0000000100)='./file0\x00', 0x0) r2 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000140)='/dev/dsp\x00', 0x0, 0x0) pwrite64(0xffffffffffffffff, &(0x7f0000000080), 0x0, 0x0) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='9p\x00', 0x0, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c}) 09:52:17 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400000000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xfffffffffffffffc) 09:52:17 executing program 2: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x1df60000, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) 09:52:17 executing program 0: ioctl$sock_FIOGETOWN(0xffffffffffffff9c, 0x8903, &(0x7f0000000200)=0x0) r1 = perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x10000000000000, 0x0, 0x0, 0x0, 0x3, 0x31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x1}, r0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer\x00', 0x8800, 0x0) lstat(&(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)) fstat(r1, &(0x7f00000002c0)) setsockopt$inet6_IPV6_ADDRFORM(r2, 0x29, 0x1, &(0x7f0000000140)=0x2, 0x4) clone(0x0, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) 09:52:17 executing program 1 (fault-call:6 fault-nth:1): r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x80000000000002, &(0x7f0000000000)=0x78, 0x4) bind$inet(r1, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1=0xe0000001}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000040)='dctcp\x00', 0x7fff) sendto$inet(r1, &(0x7f0000a88f88), 0xfffffffffffffe6e, 0x20000000, &(0x7f0000e68000)={0x2, 0x4004e23, @local={0xac, 0x14, 0x14, 0xaa}}, 0x10) shutdown(r1, 0x1) 09:52:17 executing program 5: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x80000000000002, &(0x7f0000000000)=0x78, 0x4) bind$inet(r1, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1=0xe0000001}, 0x10) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f00000000c0)={0x1, &(0x7f0000f40ff8)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000040)='dctcp\x00', 0x7fff) sendto$inet(r1, &(0x7f0000a88f88), 0xfffffffffffffe6e, 0x20000000, &(0x7f0000e68000)={0x2, 0x4004e23, @local={0xac, 0x14, 0x14, 0xaa}}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000001800)='nv\x00', 0x3) shutdown(r1, 0x0) 09:52:17 executing program 7: syz_mount_image$vfat(&(0x7f0000000140)='vfat\x00', &(0x7f0000000100)='./file0\x00', 0x10001, 0x1, &(0x7f0000000040)=[{&(0x7f0000010000)="eb64c86d6b66732e66617400020441000500077008f8", 0x16}], 0x0, &(0x7f0000000240)=ANY=[]) r0 = open(&(0x7f00000001c0)='./file0/file0\x00', 0x3bffa, 0x0) io_setup(0x7, &(0x7f0000000000)=0x0) write$binfmt_elf32(r0, &(0x7f0000000180)=ANY=[@ANYRES64], 0xfffffe45) io_submit(r1, 0x1, &(0x7f0000000400)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, r0, &(0x7f00000002c0)="80", 0x1}]) 09:52:17 executing program 4 (fault-call:1 fault-nth:56): perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x4000, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) [ 204.134202] FAULT_INJECTION: forcing a failure. [ 204.134202] name failslab, interval 1, probability 0, space 0, times 0 [ 204.139231] FAULT_INJECTION: forcing a failure. [ 204.139231] name failslab, interval 1, probability 0, space 0, times 0 [ 204.145696] CPU: 1 PID: 11788 Comm: syz-executor4 Not tainted 4.18.0-rc5-next-20180720+ #12 [ 204.145716] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 204.174747] Call Trace: [ 204.177341] dump_stack+0x1c9/0x2b4 [ 204.180971] ? dump_stack_print_info.cold.2+0x52/0x52 [ 204.186162] ? perf_trace_lock+0xde/0x920 [ 204.190312] should_fail.cold.4+0xa/0x11 [ 204.194372] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 204.199473] ? percpu_ref_put_many+0x131/0x240 [ 204.204051] ? mem_cgroup_id_get_online+0x310/0x310 [ 204.209072] ? check_same_owner+0x340/0x340 [ 204.213405] ? rcu_note_context_switch+0x730/0x730 [ 204.218358] ? lock_acquire+0x1e4/0x540 [ 204.222338] ? fs_reclaim_acquire+0x20/0x20 [ 204.226666] ? lock_downgrade+0x8f0/0x8f0 [ 204.230821] ? check_same_owner+0x340/0x340 [ 204.235146] ? rcu_note_context_switch+0x730/0x730 [ 204.240071] __should_failslab+0x124/0x180 [ 204.244302] should_failslab+0x9/0x14 [ 204.248201] kmem_cache_alloc+0x2af/0x760 [ 204.252346] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 204.258232] ptlock_alloc+0x20/0x80 [ 204.261873] pte_alloc_one+0x6b/0x1a0 [ 204.265666] copy_huge_pmd+0x144/0xd80 [ 204.269548] ? follow_devmap_pmd+0x530/0x530 [ 204.273947] ? is_bpf_text_address+0xae/0x170 [ 204.278435] ? lock_downgrade+0x8f0/0x8f0 [ 204.282579] ? lock_release+0xa30/0xa30 [ 204.286551] ? pmd_val+0x88/0x100 [ 204.289997] ? add_mm_counter_fast+0xd0/0xd0 [ 204.294416] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 204.299946] copy_page_range+0x914/0x24c0 [ 204.304090] ? kernel_text_address+0x79/0xf0 [ 204.308491] ? __kernel_text_address+0xd/0x40 [ 204.312998] ? save_stack+0xa9/0xd0 [ 204.316620] ? save_stack+0x43/0xd0 [ 204.320242] ? __pmd_alloc+0x530/0x530 [ 204.324120] ? _do_fork+0x291/0x12a0 [ 204.327827] ? __x64_sys_clone+0xbf/0x150 [ 204.331970] ? do_syscall_64+0x1b9/0x820 [ 204.336028] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 204.341389] ? lock_acquire+0x1e4/0x540 [ 204.345360] ? percpu_ref_put_many+0x119/0x240 [ 204.349933] ? lock_downgrade+0x8f0/0x8f0 [ 204.354078] ? anon_vma_fork+0x651/0x960 [ 204.358141] ? lock_downgrade+0x8f0/0x8f0 [ 204.362285] ? lock_release+0xa30/0xa30 [ 204.366264] ? percpu_ref_put_many+0x131/0x240 [ 204.370839] ? rcu_note_context_switch+0x730/0x730 [ 204.375764] ? up_write+0x7b/0x220 [ 204.379299] ? up_read+0x110/0x110 [ 204.382843] ? anon_vma_interval_tree_insert+0x26b/0x300 [ 204.388290] ? anon_vma_clone+0x740/0x740 [ 204.392438] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 204.397459] ? __vma_link_rb+0x2a4/0x3f0 [ 204.401515] copy_process.part.41+0x5ead/0x73d0 [ 204.406191] ? __cleanup_sighand+0x70/0x70 [ 204.410418] ? lock_release+0xa30/0xa30 [ 204.414382] ? xas_descend+0x20c/0x5f0 [ 204.418266] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 204.423276] ? check_pgprot+0xdf/0x180 [ 204.427156] ? put_page+0x280/0x280 [ 204.430780] ? kasan_check_write+0x14/0x20 [ 204.435011] ? alloc_set_pte+0xaf6/0x1790 [ 204.439156] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 204.444164] ? filemap_map_pages+0xca2/0x1990 [ 204.448651] ? trace_hardirqs_on+0x10/0x10 [ 204.452877] ? xa_set_tag+0x40/0x40 [ 204.456495] ? perf_trace_lock+0xde/0x920 [ 204.460638] ? trace_hardirqs_on+0x10/0x10 [ 204.464866] ? trace_hardirqs_on+0x10/0x10 [ 204.469094] ? trace_hardirqs_on+0x10/0x10 [ 204.473323] ? find_get_entries_tag+0x1410/0x1410 [ 204.478162] ? perf_trace_lock+0xde/0x920 [ 204.482303] ? zap_class+0x740/0x740 [ 204.486013] ? zap_class+0x740/0x740 [ 204.489720] ? zap_class+0x740/0x740 [ 204.493438] ? shrink_dcache_sb+0x350/0x350 [ 204.497759] ? perf_trace_lock+0xde/0x920 [ 204.501905] ? lock_acquire+0x1e4/0x540 [ 204.505867] ? __fdget_pos+0x1bb/0x200 [ 204.509745] ? zap_class+0x740/0x740 [ 204.513456] ? lock_release+0xa30/0xa30 [ 204.517422] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 204.522951] ? _parse_integer+0x13b/0x190 [ 204.527094] ? perf_trace_lock+0xde/0x920 [ 204.531233] ? _kstrtoull+0x188/0x250 [ 204.535025] ? _parse_integer+0x190/0x190 [ 204.539163] ? zap_class+0x740/0x740 [ 204.542883] ? __check_object_size+0xa3/0x5d7 [ 204.547394] ? lock_acquire+0x1e4/0x540 [ 204.551374] ? get_pid_task+0xd8/0x1a0 [ 204.555249] ? perf_trace_lock+0xde/0x920 [ 204.559391] ? lock_release+0xa30/0xa30 [ 204.563356] ? zap_class+0x740/0x740 [ 204.567064] ? vmf_insert_mixed_mkwrite+0xa0/0xa0 [ 204.572052] ? __f_unlock_pos+0x19/0x20 [ 204.576018] ? lock_downgrade+0x8f0/0x8f0 [ 204.580162] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 204.585694] ? proc_fail_nth_write+0x9e/0x210 [ 204.590190] ? lock_acquire+0x1e4/0x540 [ 204.594161] _do_fork+0x291/0x12a0 [ 204.597696] ? fork_idle+0x1a0/0x1a0 [ 204.601420] ? fsnotify_first_mark+0x350/0x350 [ 204.605996] ? fsnotify+0x14e0/0x14e0 [ 204.609801] ? __sb_end_write+0xac/0xe0 [ 204.613789] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 204.619317] ? fput+0x130/0x1a0 [ 204.622589] ? ksys_write+0x1ae/0x260 [ 204.626381] ? __ia32_sys_read+0xb0/0xb0 [ 204.630432] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 204.635979] __x64_sys_clone+0xbf/0x150 [ 204.639946] do_syscall_64+0x1b9/0x820 [ 204.643824] ? finish_task_switch+0x1d3/0x870 [ 204.648309] ? syscall_return_slowpath+0x5e0/0x5e0 [ 204.653231] ? syscall_return_slowpath+0x31d/0x5e0 [ 204.658153] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 204.663177] ? prepare_exit_to_usermode+0x291/0x3b0 [ 204.668186] ? perf_trace_sys_enter+0xb10/0xb10 [ 204.672850] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 204.677690] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 204.682897] RIP: 0033:0x455ab9 [ 204.686073] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 204.705316] RSP: 002b:00007fc93da34c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 204.713015] RAX: ffffffffffffffda RBX: 00007fc93da356d4 RCX: 0000000000455ab9 [ 204.720275] RDX: 0000000020000240 RSI: 0000000020000140 RDI: 0000000000004000 [ 204.727533] RBP: 000000000072bea0 R08: 00000000200002c0 R09: 0000000000000000 [ 204.734930] R10: 0000000020000280 R11: 0000000000000246 R12: 0000000000000014 [ 204.742190] R13: 00000000004bb85d R14: 00000000004c8d28 R15: 0000000000000038 [ 204.749469] CPU: 0 PID: 11785 Comm: syz-executor1 Not tainted 4.18.0-rc5-next-20180720+ #12 [ 204.757963] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 204.767315] Call Trace: [ 204.769904] dump_stack+0x1c9/0x2b4 [ 204.773527] ? dump_stack_print_info.cold.2+0x52/0x52 [ 204.779075] ? kasan_check_read+0x11/0x20 [ 204.783212] should_fail.cold.4+0xa/0x11 [ 204.787259] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 204.792356] ? fib_insert_alias+0x1200/0x1200 [ 204.796841] ? __save_stack_trace+0x8d/0xf0 [ 204.801152] ? trace_hardirqs_on+0x10/0x10 [ 204.805372] ? perf_trace_lock+0xde/0x920 [ 204.809678] ? trace_hardirqs_on+0x10/0x10 [ 204.813909] ? perf_trace_lock+0xde/0x920 [ 204.818052] ? kasan_slab_alloc+0x12/0x20 [ 204.822195] ? kmem_cache_alloc+0x12e/0x760 [ 204.826499] ? __d_alloc+0xc8/0xd50 [ 204.830109] ? d_alloc+0x96/0x380 [ 204.833548] ? lookup_open+0x560/0x1b90 [ 204.837509] ? zap_class+0x740/0x740 [ 204.841206] ? perf_trace_lock+0xde/0x920 [ 204.845344] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 204.850865] ? find_exception+0x517/0xc50 [ 204.855015] ? trace_hardirqs_on+0x10/0x10 [ 204.859241] __should_failslab+0x124/0x180 [ 204.863464] should_failslab+0x9/0x14 [ 204.867250] kmem_cache_alloc+0x47/0x760 [ 204.871307] ? trace_hardirqs_on+0x10/0x10 [ 204.875533] dst_alloc+0xbb/0x1d0 [ 204.878979] rt_dst_alloc+0x102/0x520 [ 204.882769] ? fnhe_flush_routes+0x480/0x480 [ 204.887166] ? __unlock_page_memcg+0x53/0x100 [ 204.891660] ? lock_downgrade+0x8f0/0x8f0 [ 204.895812] ip_route_output_key_hash_rcu+0xa5b/0x3500 [ 204.901079] ? ip_route_input_noref+0x270/0x270 [ 204.905733] ? lock_acquire+0x1e4/0x540 [ 204.909692] ? is_bpf_text_address+0xae/0x170 [ 204.914172] ? lock_downgrade+0x8f0/0x8f0 [ 204.918307] ? lock_release+0xa30/0xa30 [ 204.922279] ? lock_acquire+0x1e4/0x540 [ 204.926240] ? ip_route_output_key_hash+0x1ab/0x3b0 [ 204.931249] ? lock_release+0xa30/0xa30 [ 204.935214] ? is_bpf_text_address+0xd7/0x170 [ 204.939696] ? kernel_text_address+0x79/0xf0 [ 204.944094] ? __kernel_text_address+0xd/0x40 [ 204.948577] ? unwind_get_return_address+0x61/0xa0 [ 204.953497] ip_route_output_key_hash+0x242/0x3b0 [ 204.958331] ? ip_route_output_key_hash_rcu+0x3500/0x3500 [ 204.963858] ? save_stack+0xa9/0xd0 [ 204.967473] ? save_stack+0x43/0xd0 [ 204.971104] tcp_v4_connect+0x12bf/0x1dc0 [ 204.975252] ? tcp_v4_parse_md5_keys+0x340/0x340 [ 204.979999] ? lock_acquire+0x1e4/0x540 [ 204.983975] __inet_stream_connect+0x964/0x1150 [ 204.988634] ? lock_release+0xa30/0xa30 [ 204.992597] ? inet_dgram_connect+0x2e0/0x2e0 [ 204.997093] ? kasan_unpoison_shadow+0x35/0x50 [ 205.001658] ? kasan_kmalloc+0xc4/0xe0 [ 205.005546] ? kmem_cache_alloc_trace+0x318/0x780 [ 205.010379] tcp_sendmsg_locked+0x28b7/0x3f20 [ 205.014864] ? perf_trace_lock+0xde/0x920 [ 205.019014] ? lock_acquire+0x1e4/0x540 [ 205.022992] ? perf_trace_lock+0xde/0x920 [ 205.027160] ? tcp_sendpage+0x60/0x60 [ 205.030952] ? zap_class+0x740/0x740 [ 205.034652] ? __fget+0x4d5/0x740 [ 205.038117] ? lock_acquire+0x1e4/0x540 [ 205.042078] ? tcp_sendmsg+0x21/0x50 [ 205.045780] ? lock_release+0xa30/0xa30 [ 205.049740] ? kasan_check_read+0x11/0x20 [ 205.053874] ? do_raw_spin_unlock+0xa7/0x2f0 [ 205.058276] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 205.062848] ? kasan_check_write+0x14/0x20 [ 205.067073] ? lock_sock_nested+0x9f/0x120 [ 205.071294] ? trace_hardirqs_on+0xd/0x10 [ 205.075431] ? __local_bh_enable_ip+0x161/0x230 [ 205.080093] tcp_sendmsg+0x2f/0x50 [ 205.083626] inet_sendmsg+0x1a1/0x690 [ 205.087413] ? ipip_gro_receive+0x100/0x100 [ 205.091726] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 205.097256] ? security_socket_sendmsg+0x94/0xc0 [ 205.102014] ? ipip_gro_receive+0x100/0x100 [ 205.106323] sock_sendmsg+0xd5/0x120 [ 205.110027] __sys_sendto+0x3d7/0x670 [ 205.113818] ? __ia32_sys_getpeername+0xb0/0xb0 [ 205.118475] ? vfs_write+0x2f3/0x560 [ 205.122178] ? wait_for_completion+0x8d0/0x8d0 [ 205.126746] ? lock_release+0xa30/0xa30 [ 205.130736] ? fsnotify_first_mark+0x350/0x350 [ 205.135310] ? fsnotify+0x14e0/0x14e0 [ 205.139102] ? __sb_end_write+0xac/0xe0 [ 205.143070] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 205.150256] ? fput+0x130/0x1a0 [ 205.153536] ? ksys_write+0x1ae/0x260 [ 205.157326] ? __ia32_sys_read+0xb0/0xb0 [ 205.161386] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 205.166913] __x64_sys_sendto+0xe1/0x1a0 [ 205.170977] do_syscall_64+0x1b9/0x820 [ 205.174851] ? finish_task_switch+0x1d3/0x870 [ 205.179333] ? syscall_return_slowpath+0x5e0/0x5e0 [ 205.184253] ? syscall_return_slowpath+0x31d/0x5e0 [ 205.189169] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 205.195057] ? prepare_exit_to_usermode+0x291/0x3b0 [ 205.200066] ? perf_trace_sys_enter+0xb10/0xb10 [ 205.204720] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 205.209550] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 205.214736] RIP: 0033:0x455ab9 [ 205.217904] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 205.237114] RSP: 002b:00007fb68228dc68 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 205.244808] RAX: ffffffffffffffda RBX: 00007fb68228e6d4 RCX: 0000000000455ab9 [ 205.252062] RDX: fffffffffffffe6e RSI: 0000000020a88f88 RDI: 0000000000000014 [ 205.259316] RBP: 000000000072bea0 R08: 0000000020e68000 R09: 0000000000000010 [ 205.266568] R10: 0000000020000000 R11: 0000000000000246 R12: 0000000000000015 [ 205.273823] R13: 00000000004c1158 R14: 00000000004d1848 R15: 0000000000000001 09:52:18 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x82, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffff2260, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_bp, 0x0, 0x0, 0x9}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x0, &(0x7f0000000080)="e0e46d6df8af72f20d07032dbd7446671ff812c320954123953e9566853c01aca3d2", &(0x7f0000000040), &(0x7f0000000280), &(0x7f00000002c0)) 09:52:18 executing program 0: ioctl$sock_FIOGETOWN(0xffffffffffffff9c, 0x8903, &(0x7f0000000200)=0x0) r1 = perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x10000000000000, 0x0, 0x0, 0x0, 0x3, 0x31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x1}, r0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer\x00', 0x8800, 0x0) lstat(&(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)) fstat(r1, &(0x7f00000002c0)) clone(0x0, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) 09:52:18 executing program 4 (fault-call:1 fault-nth:57): perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x4000, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) 09:52:18 executing program 1 (fault-call:6 fault-nth:2): r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x80000000000002, &(0x7f0000000000)=0x78, 0x4) bind$inet(r1, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1=0xe0000001}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000040)='dctcp\x00', 0x7fff) sendto$inet(r1, &(0x7f0000a88f88), 0xfffffffffffffe6e, 0x20000000, &(0x7f0000e68000)={0x2, 0x4004e23, @local={0xac, 0x14, 0x14, 0xaa}}, 0x10) shutdown(r1, 0x1) [ 205.347653] FAT-fs (loop7): Directory bread(block 128) failed [ 205.393397] FAULT_INJECTION: forcing a failure. [ 205.393397] name failslab, interval 1, probability 0, space 0, times 0 [ 205.404683] CPU: 1 PID: 11803 Comm: syz-executor4 Not tainted 4.18.0-rc5-next-20180720+ #12 [ 205.408691] FAT-fs (loop7): Directory bread(block 129) failed [ 205.413171] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 205.413178] Call Trace: [ 205.413201] dump_stack+0x1c9/0x2b4 [ 205.413217] ? dump_stack_print_info.cold.2+0x52/0x52 [ 205.413237] ? perf_trace_lock+0xde/0x920 [ 205.426547] FAULT_INJECTION: forcing a failure. [ 205.426547] name failslab, interval 1, probability 0, space 0, times 0 [ 205.428479] should_fail.cold.4+0xa/0x11 [ 205.428498] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 205.428517] ? anon_vma_fork+0x651/0x960 [ 205.468342] ? lock_downgrade+0x8f0/0x8f0 [ 205.472503] ? lock_release+0xa30/0xa30 [ 205.476484] ? percpu_ref_put_many+0x131/0x240 [ 205.481321] ? lock_acquire+0x1e4/0x540 [ 205.485303] ? fs_reclaim_acquire+0x20/0x20 [ 205.489617] ? lock_downgrade+0x8f0/0x8f0 [ 205.493760] ? up_write+0x7b/0x220 [ 205.497295] ? check_same_owner+0x340/0x340 [ 205.501607] ? rcu_note_context_switch+0x730/0x730 [ 205.506530] __should_failslab+0x124/0x180 [ 205.510777] should_failslab+0x9/0x14 [ 205.514578] kmem_cache_alloc+0x2af/0x760 [ 205.518715] ? __vma_link_rb+0x2a4/0x3f0 [ 205.522771] copy_process.part.41+0x2f81/0x73d0 [ 205.527443] ? __cleanup_sighand+0x70/0x70 [ 205.531667] ? lock_release+0xa30/0xa30 [ 205.535630] ? xas_descend+0x20c/0x5f0 [ 205.539510] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 205.544515] ? check_pgprot+0xdf/0x180 [ 205.548390] ? put_page+0x280/0x280 [ 205.552030] ? kasan_check_write+0x14/0x20 [ 205.556260] ? alloc_set_pte+0xaf6/0x1790 [ 205.560403] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 205.565412] ? filemap_map_pages+0xca2/0x1990 [ 205.569899] ? trace_hardirqs_on+0x10/0x10 [ 205.574126] ? xa_set_tag+0x40/0x40 [ 205.577744] ? perf_trace_lock+0xde/0x920 [ 205.581886] ? trace_hardirqs_on+0x10/0x10 [ 205.586129] ? trace_hardirqs_on+0x10/0x10 [ 205.590355] ? trace_hardirqs_on+0x10/0x10 [ 205.594586] ? find_get_entries_tag+0x1410/0x1410 [ 205.599441] ? perf_trace_lock+0xde/0x920 [ 205.603577] ? zap_class+0x740/0x740 [ 205.607281] ? zap_class+0x740/0x740 [ 205.610984] ? zap_class+0x740/0x740 [ 205.614702] ? shrink_dcache_sb+0x350/0x350 [ 205.619024] ? perf_trace_lock+0xde/0x920 [ 205.623163] ? lock_acquire+0x1e4/0x540 [ 205.627125] ? __fdget_pos+0x1bb/0x200 [ 205.631006] ? zap_class+0x740/0x740 [ 205.634711] ? lock_release+0xa30/0xa30 [ 205.638683] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 205.644221] ? _parse_integer+0x13b/0x190 [ 205.648365] ? perf_trace_lock+0xde/0x920 [ 205.652502] ? _kstrtoull+0x188/0x250 [ 205.656295] ? _parse_integer+0x190/0x190 [ 205.660435] ? zap_class+0x740/0x740 [ 205.664146] ? __check_object_size+0xa3/0x5d7 [ 205.668636] ? lock_acquire+0x1e4/0x540 [ 205.672599] ? get_pid_task+0xd8/0x1a0 [ 205.676479] ? perf_trace_lock+0xde/0x920 [ 205.680622] ? lock_release+0xa30/0xa30 [ 205.684590] ? zap_class+0x740/0x740 [ 205.688302] ? vmf_insert_mixed_mkwrite+0xa0/0xa0 [ 205.693139] ? __f_unlock_pos+0x19/0x20 [ 205.697108] ? lock_downgrade+0x8f0/0x8f0 [ 205.701248] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 205.706778] ? proc_fail_nth_write+0x9e/0x210 [ 205.711268] ? lock_acquire+0x1e4/0x540 [ 205.715236] _do_fork+0x291/0x12a0 [ 205.718768] ? fork_idle+0x1a0/0x1a0 [ 205.722485] ? fsnotify_first_mark+0x350/0x350 [ 205.727056] ? fsnotify+0x14e0/0x14e0 [ 205.730853] ? __sb_end_write+0xac/0xe0 [ 205.734821] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 205.740347] ? fput+0x130/0x1a0 [ 205.743616] ? ksys_write+0x1ae/0x260 [ 205.747409] ? __ia32_sys_read+0xb0/0xb0 [ 205.751476] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 205.757014] __x64_sys_clone+0xbf/0x150 [ 205.760982] do_syscall_64+0x1b9/0x820 [ 205.764860] ? finish_task_switch+0x1d3/0x870 [ 205.769344] ? syscall_return_slowpath+0x5e0/0x5e0 [ 205.774263] ? syscall_return_slowpath+0x31d/0x5e0 [ 205.779184] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 205.784190] ? prepare_exit_to_usermode+0x291/0x3b0 [ 205.789198] ? perf_trace_sys_enter+0xb10/0xb10 [ 205.793856] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 205.798697] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 205.803882] RIP: 0033:0x455ab9 [ 205.807057] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 205.826313] RSP: 002b:00007fc93da34c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 205.834027] RAX: ffffffffffffffda RBX: 00007fc93da356d4 RCX: 0000000000455ab9 [ 205.841288] RDX: 0000000020000240 RSI: 0000000020000140 RDI: 0000000000004000 [ 205.848547] RBP: 000000000072bea0 R08: 00000000200002c0 R09: 0000000000000000 [ 205.855822] R10: 0000000020000280 R11: 0000000000000246 R12: 0000000000000014 [ 205.863087] R13: 00000000004bb85d R14: 00000000004c8d28 R15: 0000000000000039 [ 205.870377] CPU: 0 PID: 11806 Comm: syz-executor1 Not tainted 4.18.0-rc5-next-20180720+ #12 [ 205.878881] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 205.888258] Call Trace: [ 205.890861] dump_stack+0x1c9/0x2b4 09:52:18 executing program 2: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x2020000000000, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) [ 205.894682] ? dump_stack_print_info.cold.2+0x52/0x52 [ 205.899888] ? kernel_text_address+0x79/0xf0 [ 205.904321] should_fail.cold.4+0xa/0x11 [ 205.908405] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 205.913528] ? fib_insert_alias+0x1200/0x1200 [ 205.918064] ? zap_class+0x740/0x740 [ 205.921793] ? lock_acquire+0x1e4/0x540 [ 205.925776] ? lock_downgrade+0x8f0/0x8f0 [ 205.929933] ? trace_hardirqs_on+0x10/0x10 [ 205.934173] ? perf_trace_lock+0xde/0x920 [ 205.938326] ? zap_class+0x740/0x740 09:52:18 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x0, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) 09:52:18 executing program 0: ioctl$sock_FIOGETOWN(0xffffffffffffff9c, 0x8903, &(0x7f0000000200)=0x0) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x10000000000000, 0x0, 0x0, 0x0, 0x3, 0x31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x1}, r0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer\x00', 0x8800, 0x0) lstat(&(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)) clone(0x0, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) [ 205.942040] ? __debug_object_init+0x581/0x12e0 [ 205.946713] ? lock_downgrade+0x8f0/0x8f0 [ 205.950866] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 205.956410] ? find_exception+0x517/0xc50 [ 205.960564] ? __ip_dev_find+0x1f8/0x670 [ 205.964634] __should_failslab+0x124/0x180 [ 205.968883] should_failslab+0x9/0x14 [ 205.972714] kmem_cache_alloc+0x47/0x760 [ 205.976795] dst_alloc+0xbb/0x1d0 [ 205.980257] rt_dst_alloc+0x102/0x520 [ 205.984069] ? fnhe_flush_routes+0x480/0x480 [ 205.984991] FAT-fs (loop7): Directory bread(block 130) failed [ 205.988487] ? lock_acquire+0x1e4/0x540 [ 205.988505] ? debug_object_active_state+0x2f5/0x4d0 [ 206.003463] ip_route_output_key_hash_rcu+0xa5b/0x3500 [ 206.008762] ? ip_route_input_noref+0x270/0x270 [ 206.013445] ? do_raw_spin_lock+0xc1/0x200 [ 206.017717] ? trace_hardirqs_on+0xd/0x10 [ 206.021885] ? debug_object_active_state+0x2f5/0x4d0 [ 206.027003] ? kasan_check_read+0x11/0x20 [ 206.031163] ? rcu_is_watching+0x8c/0x150 [ 206.035322] ? lock_acquire+0x1e4/0x540 [ 206.039315] ? ip_route_output_key_hash+0x1ab/0x3b0 [ 206.044347] ? lock_release+0xa30/0xa30 [ 206.048345] ? kernel_text_address+0x79/0xf0 [ 206.052772] ip_route_output_key_hash+0x242/0x3b0 [ 206.057635] ? ip_route_output_key_hash_rcu+0x3500/0x3500 [ 206.063187] ? ip_route_output_key_hash+0x29b/0x3b0 [ 206.063543] FAT-fs (loop7): Directory bread(block 131) failed [ 206.068224] ? ip_route_output_key_hash_rcu+0x3500/0x3500 [ 206.068244] ip_route_output_flow+0x28/0xc0 [ 206.068262] tcp_v4_connect+0x835/0x1dc0 [ 206.088050] ? tcp_v4_parse_md5_keys+0x340/0x340 09:52:19 executing program 4 (fault-call:1 fault-nth:58): perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x4000, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) [ 206.092825] ? lock_acquire+0x1e4/0x540 [ 206.096818] __inet_stream_connect+0x964/0x1150 [ 206.101502] ? lock_release+0xa30/0xa30 [ 206.105496] ? inet_dgram_connect+0x2e0/0x2e0 [ 206.110007] ? kasan_unpoison_shadow+0x35/0x50 [ 206.114629] ? kasan_kmalloc+0xc4/0xe0 [ 206.118534] ? kmem_cache_alloc_trace+0x318/0x780 [ 206.123400] tcp_sendmsg_locked+0x28b7/0x3f20 [ 206.127908] ? perf_trace_lock+0xde/0x920 [ 206.127988] FAT-fs (loop7): Directory bread(block 132) failed [ 206.132058] ? lock_acquire+0x1e4/0x540 [ 206.132080] ? perf_trace_lock+0xde/0x920 [ 206.132098] ? tcp_sendpage+0x60/0x60 [ 206.149867] ? zap_class+0x740/0x740 [ 206.153600] ? __fget+0x4d5/0x740 [ 206.157076] ? lock_acquire+0x1e4/0x540 [ 206.161063] ? tcp_sendmsg+0x21/0x50 [ 206.164796] ? lock_release+0xa30/0xa30 [ 206.168788] ? kasan_check_read+0x11/0x20 [ 206.171202] FAULT_INJECTION: forcing a failure. [ 206.171202] name failslab, interval 1, probability 0, space 0, times 0 [ 206.172937] ? do_raw_spin_unlock+0xa7/0x2f0 [ 206.172951] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 206.172976] ? kasan_check_write+0x14/0x20 [ 206.197419] ? lock_sock_nested+0x9f/0x120 [ 206.201649] ? trace_hardirqs_on+0xd/0x10 [ 206.205788] ? __local_bh_enable_ip+0x161/0x230 [ 206.210451] tcp_sendmsg+0x2f/0x50 [ 206.213987] inet_sendmsg+0x1a1/0x690 [ 206.217782] ? ipip_gro_receive+0x100/0x100 [ 206.222098] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 206.227625] ? security_socket_sendmsg+0x94/0xc0 [ 206.232372] ? ipip_gro_receive+0x100/0x100 [ 206.236692] sock_sendmsg+0xd5/0x120 [ 206.240402] __sys_sendto+0x3d7/0x670 [ 206.244197] ? __ia32_sys_getpeername+0xb0/0xb0 [ 206.248870] ? vfs_write+0x2f3/0x560 [ 206.252576] ? wait_for_completion+0x8d0/0x8d0 [ 206.257149] ? lock_release+0xa30/0xa30 [ 206.261116] ? fsnotify_first_mark+0x350/0x350 [ 206.265687] ? fsnotify+0x14e0/0x14e0 [ 206.269484] ? __sb_end_write+0xac/0xe0 [ 206.273451] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 206.278981] ? fput+0x130/0x1a0 [ 206.282251] ? ksys_write+0x1ae/0x260 [ 206.286045] ? __ia32_sys_read+0xb0/0xb0 [ 206.290103] ? syscall_slow_exit_work+0x500/0x500 [ 206.294950] __x64_sys_sendto+0xe1/0x1a0 [ 206.299008] do_syscall_64+0x1b9/0x820 [ 206.302901] ? finish_task_switch+0x1d3/0x870 [ 206.307398] ? syscall_return_slowpath+0x5e0/0x5e0 [ 206.312326] ? syscall_return_slowpath+0x31d/0x5e0 [ 206.317254] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 206.322279] ? prepare_exit_to_usermode+0x291/0x3b0 [ 206.327292] ? perf_trace_sys_enter+0xb10/0xb10 [ 206.331961] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 206.336809] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 206.342264] RIP: 0033:0x455ab9 [ 206.345456] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 206.364717] RSP: 002b:00007fb68228dc68 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 206.372425] RAX: ffffffffffffffda RBX: 00007fb68228e6d4 RCX: 0000000000455ab9 [ 206.379689] RDX: fffffffffffffe6e RSI: 0000000020a88f88 RDI: 0000000000000014 [ 206.386967] RBP: 000000000072bea0 R08: 0000000020e68000 R09: 0000000000000010 [ 206.394228] R10: 0000000020000000 R11: 0000000000000246 R12: 0000000000000015 [ 206.401491] R13: 00000000004c1158 R14: 00000000004d1848 R15: 0000000000000002 [ 206.408770] CPU: 1 PID: 11824 Comm: syz-executor4 Not tainted 4.18.0-rc5-next-20180720+ #12 [ 206.417270] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 206.427584] Call Trace: [ 206.430223] dump_stack+0x1c9/0x2b4 [ 206.433866] ? dump_stack_print_info.cold.2+0x52/0x52 [ 206.439085] ? perf_trace_lock+0xde/0x920 [ 206.443253] should_fail.cold.4+0xa/0x11 09:52:19 executing program 6: mkdir(&(0x7f00000003c0)='./control\x00', 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000480)={0xaa}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000200)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = creat(&(0x7f0000000040)='./control/file0\x00', 0x0) write$sndseq(r1, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) mkdir(&(0x7f0000000100)='./file0\x00', 0x0) r2 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000140)='/dev/dsp\x00', 0x0, 0x0) pwrite64(0xffffffffffffffff, &(0x7f0000000080), 0x0, 0x0) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='9p\x00', 0x0, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c}) 09:52:19 executing program 5 (fault-call:9 fault-nth:0): r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x80000000000002, &(0x7f0000000000)=0x78, 0x4) bind$inet(r1, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1=0xe0000001}, 0x10) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f00000000c0)={0x1, &(0x7f0000f40ff8)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000040)='dctcp\x00', 0x7fff) sendto$inet(r1, &(0x7f0000a88f88), 0xfffffffffffffe6e, 0x20000000, &(0x7f0000e68000)={0x2, 0x4004e23, @local={0xac, 0x14, 0x14, 0xaa}}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000001800)='nv\x00', 0x3) shutdown(r1, 0x1) 09:52:19 executing program 2: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0xf61d00000000, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) [ 206.447717] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 206.452834] ? save_stack+0xa9/0xd0 [ 206.456475] ? kasan_kmalloc+0xc4/0xe0 [ 206.460372] ? kasan_slab_alloc+0x12/0x20 [ 206.464536] ? kmem_cache_alloc+0x12e/0x760 [ 206.468871] ? copy_process.part.41+0x2f81/0x73d0 [ 206.473733] ? _do_fork+0x291/0x12a0 [ 206.475413] FAT-fs (loop7): Directory bread(block 133) failed [ 206.477465] ? __x64_sys_clone+0xbf/0x150 [ 206.477479] ? do_syscall_64+0x1b9/0x820 [ 206.477499] ? percpu_counter_add_batch+0xf2/0x150 [ 206.496494] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 206.501522] ? __vm_enough_memory+0x590/0x980 [ 206.506042] ? lock_acquire+0x1e4/0x540 [ 206.510040] ? fs_reclaim_acquire+0x20/0x20 [ 206.514378] ? lock_downgrade+0x8f0/0x8f0 [ 206.518563] ? lock_downgrade+0x8f0/0x8f0 [ 206.522732] ? check_same_owner+0x340/0x340 [ 206.527067] ? rcu_note_context_switch+0x730/0x730 [ 206.531037] FAT-fs (loop7): Directory bread(block 134) failed [ 206.532022] __should_failslab+0x124/0x180 [ 206.532035] should_failslab+0x9/0x14 09:52:19 executing program 3: r0 = perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x8, 0x0, 0x0, 0x400, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xda, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xffffffff, 0x80000001}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer\x00', 0x40000, 0x0) epoll_ctl$EPOLL_CTL_MOD(r1, 0x3, r0, &(0x7f0000000040)={0x20000000}) clone(0x0, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) 09:52:19 executing program 1 (fault-call:6 fault-nth:3): r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x80000000000002, &(0x7f0000000000)=0x78, 0x4) bind$inet(r1, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1=0xe0000001}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000040)='dctcp\x00', 0x7fff) sendto$inet(r1, &(0x7f0000a88f88), 0xfffffffffffffe6e, 0x20000000, &(0x7f0000e68000)={0x2, 0x4004e23, @local={0xac, 0x14, 0x14, 0xaa}}, 0x10) shutdown(r1, 0x1) [ 206.532054] kmem_cache_alloc+0x2af/0x760 [ 206.550115] ? security_vm_enough_memory_mm+0x9d/0xc0 [ 206.555330] copy_process.part.41+0x2f81/0x73d0 [ 206.560035] ? __cleanup_sighand+0x70/0x70 [ 206.564290] ? lock_release+0xa30/0xa30 [ 206.567011] FAT-fs (loop7): Directory bread(block 135) failed [ 206.568272] ? xas_descend+0x20c/0x5f0 [ 206.568293] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 206.568305] ? check_pgprot+0xdf/0x180 [ 206.568320] ? put_page+0x280/0x280 [ 206.590590] ? kasan_check_write+0x14/0x20 [ 206.594846] ? alloc_set_pte+0xaf6/0x1790 [ 206.599018] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 206.604053] ? filemap_map_pages+0xca2/0x1990 [ 206.608578] ? trace_hardirqs_on+0x10/0x10 [ 206.610178] FAT-fs (loop7): Directory bread(block 136) failed [ 206.612818] ? xa_set_tag+0x40/0x40 [ 206.612836] ? perf_trace_lock+0xde/0x920 [ 206.612852] ? trace_hardirqs_on+0x10/0x10 [ 206.612869] ? trace_hardirqs_on+0x10/0x10 [ 206.634962] ? trace_hardirqs_on+0x10/0x10 [ 206.639233] ? find_get_entries_tag+0x1410/0x1410 [ 206.642258] FAULT_INJECTION: forcing a failure. [ 206.642258] name failslab, interval 1, probability 0, space 0, times 0 [ 206.644101] ? perf_trace_lock+0xde/0x920 [ 206.644117] ? zap_class+0x740/0x740 [ 206.644141] ? zap_class+0x740/0x740 [ 206.666845] ? zap_class+0x740/0x740 [ 206.670554] ? shrink_dcache_sb+0x350/0x350 [ 206.674868] ? perf_trace_lock+0xde/0x920 [ 206.679012] ? lock_acquire+0x1e4/0x540 [ 206.682981] ? __fdget_pos+0x1bb/0x200 [ 206.686865] ? zap_class+0x740/0x740 [ 206.690574] ? lock_release+0xa30/0xa30 [ 206.694561] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 206.700095] ? _parse_integer+0x13b/0x190 [ 206.704241] ? perf_trace_lock+0xde/0x920 [ 206.708380] ? _kstrtoull+0x188/0x250 [ 206.712173] ? _parse_integer+0x190/0x190 [ 206.716315] ? zap_class+0x740/0x740 [ 206.720028] ? __check_object_size+0xa3/0x5d7 [ 206.724520] ? lock_acquire+0x1e4/0x540 [ 206.728484] ? get_pid_task+0xd8/0x1a0 [ 206.732369] ? perf_trace_lock+0xde/0x920 [ 206.736518] ? lock_release+0xa30/0xa30 [ 206.740488] ? zap_class+0x740/0x740 [ 206.744226] ? vmf_insert_mixed_mkwrite+0xa0/0xa0 [ 206.749067] ? __f_unlock_pos+0x19/0x20 [ 206.753049] ? lock_downgrade+0x8f0/0x8f0 [ 206.757193] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 206.762737] ? proc_fail_nth_write+0x9e/0x210 [ 206.767227] ? lock_acquire+0x1e4/0x540 [ 206.771216] _do_fork+0x291/0x12a0 [ 206.774754] ? fork_idle+0x1a0/0x1a0 [ 206.778463] ? fsnotify_first_mark+0x350/0x350 [ 206.783039] ? fsnotify+0x14e0/0x14e0 [ 206.786839] ? __sb_end_write+0xac/0xe0 [ 206.790812] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 206.796345] ? fput+0x130/0x1a0 [ 206.799617] ? ksys_write+0x1ae/0x260 [ 206.803410] ? __ia32_sys_read+0xb0/0xb0 [ 206.807470] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 206.813005] __x64_sys_clone+0xbf/0x150 [ 206.816976] do_syscall_64+0x1b9/0x820 [ 206.820853] ? finish_task_switch+0x1d3/0x870 [ 206.825341] ? syscall_return_slowpath+0x5e0/0x5e0 [ 206.830262] ? syscall_return_slowpath+0x31d/0x5e0 [ 206.835185] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 206.840207] ? prepare_exit_to_usermode+0x291/0x3b0 [ 206.845213] ? perf_trace_sys_enter+0xb10/0xb10 [ 206.849880] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 206.854746] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 206.859931] RIP: 0033:0x455ab9 [ 206.863104] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 206.882351] RSP: 002b:00007fc93da34c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 206.890069] RAX: ffffffffffffffda RBX: 00007fc93da356d4 RCX: 0000000000455ab9 [ 206.897348] RDX: 0000000020000240 RSI: 0000000020000140 RDI: 0000000000004000 [ 206.904613] RBP: 000000000072bea0 R08: 00000000200002c0 R09: 0000000000000000 [ 206.911877] R10: 0000000020000280 R11: 0000000000000246 R12: 0000000000000014 [ 206.919154] R13: 00000000004bb85d R14: 00000000004c8d28 R15: 000000000000003a [ 206.926434] CPU: 0 PID: 11837 Comm: syz-executor1 Not tainted 4.18.0-rc5-next-20180720+ #12 [ 206.934968] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 206.944345] Call Trace: [ 206.946948] dump_stack+0x1c9/0x2b4 [ 206.950584] ? dump_stack_print_info.cold.2+0x52/0x52 [ 206.955774] should_fail.cold.4+0xa/0x11 [ 206.959827] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 206.964933] ? fib_insert_alias+0x1200/0x1200 [ 206.969429] ? zap_class+0x740/0x740 [ 206.973151] ? lock_acquire+0x1e4/0x540 [ 206.977115] ? lock_downgrade+0x8f0/0x8f0 [ 206.981253] ? trace_hardirqs_on+0x10/0x10 [ 206.985488] ? perf_trace_lock+0xde/0x920 [ 206.989639] ? zap_class+0x740/0x740 [ 206.993340] ? __debug_object_init+0x581/0x12e0 [ 206.997996] ? lock_downgrade+0x8f0/0x8f0 [ 207.002158] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 207.007692] ? find_exception+0x517/0xc50 [ 207.011828] ? __ip_dev_find+0x1f8/0x670 [ 207.015877] __should_failslab+0x124/0x180 [ 207.020100] should_failslab+0x9/0x14 [ 207.023897] kmem_cache_alloc+0x47/0x760 [ 207.027949] dst_alloc+0xbb/0x1d0 [ 207.031405] rt_dst_alloc+0x102/0x520 [ 207.035221] ? fnhe_flush_routes+0x480/0x480 [ 207.039620] ? lock_acquire+0x1e4/0x540 [ 207.043577] ? debug_object_active_state+0x2f5/0x4d0 [ 207.048668] ip_route_output_key_hash_rcu+0xa5b/0x3500 [ 207.053954] ? ip_route_input_noref+0x270/0x270 [ 207.058614] ? do_raw_spin_lock+0xc1/0x200 [ 207.062839] ? trace_hardirqs_on+0xd/0x10 [ 207.066977] ? debug_object_active_state+0x2f5/0x4d0 [ 207.072086] ? kasan_check_read+0x11/0x20 [ 207.076232] ? rcu_is_watching+0x8c/0x150 [ 207.080383] ? lock_acquire+0x1e4/0x540 [ 207.084438] ? ip_route_output_key_hash+0x1ab/0x3b0 [ 207.089443] ? lock_release+0xa30/0xa30 [ 207.093421] ? kernel_text_address+0x79/0xf0 [ 207.097836] ip_route_output_key_hash+0x242/0x3b0 [ 207.102675] ? ip_route_output_key_hash_rcu+0x3500/0x3500 [ 207.108207] ? ip_route_output_key_hash+0x29b/0x3b0 [ 207.113217] ? ip_route_output_key_hash_rcu+0x3500/0x3500 [ 207.118750] ip_route_output_flow+0x28/0xc0 [ 207.123061] tcp_v4_connect+0x835/0x1dc0 [ 207.127115] ? tcp_v4_parse_md5_keys+0x340/0x340 [ 207.131873] ? lock_acquire+0x1e4/0x540 [ 207.135850] __inet_stream_connect+0x964/0x1150 [ 207.140521] ? lock_release+0xa30/0xa30 [ 207.144495] ? inet_dgram_connect+0x2e0/0x2e0 [ 207.148992] ? kasan_unpoison_shadow+0x35/0x50 [ 207.153585] ? kasan_kmalloc+0xc4/0xe0 [ 207.157481] ? kmem_cache_alloc_trace+0x318/0x780 [ 207.162332] tcp_sendmsg_locked+0x28b7/0x3f20 [ 207.166829] ? perf_trace_lock+0xde/0x920 [ 207.171076] ? lock_acquire+0x1e4/0x540 [ 207.175047] ? perf_trace_lock+0xde/0x920 [ 207.179189] ? tcp_sendpage+0x60/0x60 [ 207.182981] ? zap_class+0x740/0x740 [ 207.186684] ? __fget+0x4d5/0x740 [ 207.190133] ? lock_acquire+0x1e4/0x540 [ 207.194909] ? tcp_sendmsg+0x21/0x50 [ 207.198618] ? lock_release+0xa30/0xa30 [ 207.202578] ? kasan_check_read+0x11/0x20 [ 207.206710] ? do_raw_spin_unlock+0xa7/0x2f0 [ 207.211107] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 207.215677] ? kasan_check_write+0x14/0x20 [ 207.219897] ? lock_sock_nested+0x9f/0x120 [ 207.224118] ? trace_hardirqs_on+0xd/0x10 [ 207.228259] ? __local_bh_enable_ip+0x161/0x230 [ 207.232934] tcp_sendmsg+0x2f/0x50 [ 207.236486] inet_sendmsg+0x1a1/0x690 [ 207.240283] ? ipip_gro_receive+0x100/0x100 [ 207.244592] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 207.250126] ? security_socket_sendmsg+0x94/0xc0 [ 207.254879] ? ipip_gro_receive+0x100/0x100 [ 207.259190] sock_sendmsg+0xd5/0x120 [ 207.262888] __sys_sendto+0x3d7/0x670 [ 207.266684] ? __ia32_sys_getpeername+0xb0/0xb0 [ 207.271353] ? vfs_write+0x2f3/0x560 [ 207.275055] ? wait_for_completion+0x8d0/0x8d0 [ 207.279623] ? lock_release+0xa30/0xa30 [ 207.283585] ? fsnotify_first_mark+0x350/0x350 [ 207.288154] ? fsnotify+0x14e0/0x14e0 [ 207.293209] ? __sb_end_write+0xac/0xe0 [ 207.297177] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 207.302701] ? fput+0x130/0x1a0 [ 207.305979] ? ksys_write+0x1ae/0x260 [ 207.309778] ? __ia32_sys_read+0xb0/0xb0 [ 207.313829] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 207.319359] __x64_sys_sendto+0xe1/0x1a0 [ 207.324104] do_syscall_64+0x1b9/0x820 [ 207.327973] ? finish_task_switch+0x1d3/0x870 [ 207.332464] ? syscall_return_slowpath+0x5e0/0x5e0 [ 207.337396] ? syscall_return_slowpath+0x31d/0x5e0 [ 207.342309] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 207.347327] ? prepare_exit_to_usermode+0x291/0x3b0 [ 207.352331] ? perf_trace_sys_enter+0xb10/0xb10 [ 207.356998] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 207.361847] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 207.367037] RIP: 0033:0x455ab9 [ 207.370210] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 207.389503] RSP: 002b:00007fb68228dc68 EFLAGS: 00000246 ORIG_RAX: 000000000000002c 09:52:20 executing program 0: ioctl$sock_FIOGETOWN(0xffffffffffffff9c, 0x8903, &(0x7f0000000200)=0x0) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x10000000000000, 0x0, 0x0, 0x0, 0x3, 0x31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x1}, r0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer\x00', 0x8800, 0x0) clone(0x0, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) [ 207.397206] RAX: ffffffffffffffda RBX: 00007fb68228e6d4 RCX: 0000000000455ab9 [ 207.404475] RDX: fffffffffffffe6e RSI: 0000000020a88f88 RDI: 0000000000000014 [ 207.411729] RBP: 000000000072bea0 R08: 0000000020e68000 R09: 0000000000000010 [ 207.418984] R10: 0000000020000000 R11: 0000000000000246 R12: 0000000000000015 [ 207.426249] R13: 00000000004c1158 R14: 00000000004d1848 R15: 0000000000000003 [ 207.444148] FAT-fs (loop7): Directory bread(block 137) failed 09:52:20 executing program 7: syz_mount_image$vfat(&(0x7f0000000140)='vfat\x00', &(0x7f0000000100)='./file0\x00', 0x10001, 0x1, &(0x7f0000000040)=[{&(0x7f0000010000)="eb64c86d6b66732e66617400020441000500077008f8", 0x16}], 0x0, &(0x7f0000000240)=ANY=[]) r0 = open(&(0x7f00000001c0)='./file0/file0\x00', 0x3bffa, 0x0) io_setup(0x7, &(0x7f0000000000)=0x0) write$binfmt_elf32(r0, &(0x7f0000000180)=ANY=[@ANYRES64], 0xfffffe45) io_submit(r1, 0x1, &(0x7f0000000400)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0xffffffffffffffff, &(0x7f00000002c0)="80", 0x1}]) 09:52:20 executing program 2: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x11000000, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) 09:52:20 executing program 3: munlockall() syz_emit_ethernet(0x22, &(0x7f0000000000)={@local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xf}, [{[], {0x8100, 0x5, 0x2, 0x3}}], {@can={0xc, {{0x4, 0x1, 0x196, 0x2}, 0x4, 0x0, 0x0, 0x0, "cd8984e4988e188e"}}}}, &(0x7f0000000040)={0x0, 0x3, [0xb0f, 0xa77, 0x43e, 0x947]}) clone(0x0, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) 09:52:20 executing program 0: ioctl$sock_FIOGETOWN(0xffffffffffffff9c, 0x8903, &(0x7f0000000200)=0x0) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x10000000000000, 0x0, 0x0, 0x0, 0x3, 0x31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x1}, r0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x0, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) [ 207.571683] FAT-fs (loop7): Directory bread(block 128) failed [ 207.593041] FAT-fs (loop7): Directory bread(block 129) failed [ 207.608182] FAT-fs (loop7): Directory bread(block 130) failed 09:52:20 executing program 2: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x10000000000, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) [ 207.619181] FAT-fs (loop7): Directory bread(block 131) failed [ 207.637644] FAT-fs (loop7): Directory bread(block 132) failed [ 207.657071] FAT-fs (loop7): Directory bread(block 133) failed 09:52:20 executing program 0: ioctl$sock_FIOGETOWN(0xffffffffffffff9c, 0x8903, &(0x7f0000000200)) clone(0x0, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) 09:52:20 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000001}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x0, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) 09:52:20 executing program 2: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x2001000000000, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) [ 207.672792] FAT-fs (loop7): Directory bread(block 134) failed [ 207.684440] FAT-fs (loop7): Directory bread(block 135) failed [ 207.697332] FAT-fs (loop7): Directory bread(block 136) failed [ 207.714338] FAT-fs (loop7): Directory bread(block 137) failed 09:52:20 executing program 5: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x80000000000002, &(0x7f0000000000)=0x78, 0x4) bind$inet(r1, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1=0xe0000001}, 0x10) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f00000000c0)={0x1, &(0x7f0000f40ff8)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000040)='dctcp\x00', 0x7fff) sendto$inet(r1, &(0x7f0000a88f88), 0xfffffffffffffe6e, 0x20000000, &(0x7f0000e68000)={0x2, 0x4004e23, @local={0xac, 0x14, 0x14, 0xaa}}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000001800)='nv\x00', 0x3) shutdown(r1, 0x1) 09:52:20 executing program 4 (fault-call:1 fault-nth:59): perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x4000, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) [ 207.832538] FAULT_INJECTION: forcing a failure. [ 207.832538] name failslab, interval 1, probability 0, space 0, times 0 [ 207.844481] CPU: 1 PID: 11892 Comm: syz-executor4 Not tainted 4.18.0-rc5-next-20180720+ #12 [ 207.853064] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 207.862426] Call Trace: [ 207.865027] dump_stack+0x1c9/0x2b4 [ 207.868675] ? dump_stack_print_info.cold.2+0x52/0x52 [ 207.869670] attempt to access beyond end of device [ 207.873871] ? perf_trace_lock+0xde/0x920 [ 207.873894] should_fail.cold.4+0xa/0x11 [ 207.873912] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 207.878865] loop7: rw=2049, want=310, limit=128 [ 207.882975] ? save_stack+0xa9/0xd0 [ 207.882991] ? kasan_kmalloc+0xc4/0xe0 [ 207.883003] ? kasan_slab_alloc+0x12/0x20 [ 207.883023] ? kmem_cache_alloc+0x12e/0x760 [ 207.887081] Buffer I/O error on dev loop7, logical block 309, lost async page write [ 207.892171] ? copy_process.part.41+0x2f81/0x73d0 [ 207.892185] ? _do_fork+0x291/0x12a0 [ 207.892202] ? __x64_sys_clone+0xbf/0x150 [ 207.899821] attempt to access beyond end of device [ 207.900467] ? do_syscall_64+0x1b9/0x820 [ 207.900485] ? percpu_counter_add_batch+0xf2/0x150 [ 207.900504] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 207.904412] loop7: rw=2049, want=311, limit=128 [ 207.908515] ? __vm_enough_memory+0x590/0x980 [ 207.908533] ? lock_acquire+0x1e4/0x540 [ 207.908549] ? fs_reclaim_acquire+0x20/0x20 [ 207.912884] Buffer I/O error on dev loop7, logical block 310, lost async page write [ 207.920638] ? lock_downgrade+0x8f0/0x8f0 [ 207.920663] ? lock_downgrade+0x8f0/0x8f0 [ 207.925623] attempt to access beyond end of device [ 207.929187] ? check_same_owner+0x340/0x340 [ 207.929204] ? rcu_note_context_switch+0x730/0x730 [ 207.929220] __should_failslab+0x124/0x180 [ 207.929235] should_failslab+0x9/0x14 [ 207.933377] loop7: rw=2049, want=312, limit=128 [ 207.938291] kmem_cache_alloc+0x2af/0x760 [ 207.938309] ? security_vm_enough_memory_mm+0x9d/0xc0 [ 207.938328] copy_process.part.41+0x2f81/0x73d0 [ 207.942384] Buffer I/O error on dev loop7, logical block 311, lost async page write [ 207.947295] ? __cleanup_sighand+0x70/0x70 [ 207.947308] ? lock_release+0xa30/0xa30 [ 207.947321] ? xas_descend+0x20c/0x5f0 [ 207.947336] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 207.947348] ? check_pgprot+0xdf/0x180 [ 207.947359] ? put_page+0x280/0x280 [ 207.947373] ? kasan_check_write+0x14/0x20 [ 207.947391] ? alloc_set_pte+0xaf6/0x1790 [ 208.067066] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 208.072081] ? filemap_map_pages+0xca2/0x1990 [ 208.076564] ? trace_hardirqs_on+0x10/0x10 [ 208.080787] ? xa_set_tag+0x40/0x40 [ 208.084400] ? perf_trace_lock+0xde/0x920 [ 208.088536] ? trace_hardirqs_on+0x10/0x10 [ 208.092773] ? trace_hardirqs_on+0x10/0x10 [ 208.096995] ? trace_hardirqs_on+0x10/0x10 [ 208.101224] ? find_get_entries_tag+0x1410/0x1410 [ 208.106057] ? perf_trace_lock+0xde/0x920 [ 208.110203] ? zap_class+0x740/0x740 [ 208.113919] ? zap_class+0x740/0x740 [ 208.117617] ? zap_class+0x740/0x740 [ 208.121323] ? shrink_dcache_sb+0x350/0x350 [ 208.125656] ? perf_trace_lock+0xde/0x920 [ 208.129790] ? lock_acquire+0x1e4/0x540 [ 208.133747] ? __fdget_pos+0x1bb/0x200 [ 208.137621] ? zap_class+0x740/0x740 [ 208.141338] ? lock_release+0xa30/0xa30 [ 208.145301] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 208.150837] ? _parse_integer+0x13b/0x190 [ 208.154980] ? perf_trace_lock+0xde/0x920 [ 208.159116] ? _kstrtoull+0x188/0x250 [ 208.162907] ? _parse_integer+0x190/0x190 [ 208.167041] ? zap_class+0x740/0x740 [ 208.170747] ? __check_object_size+0xa3/0x5d7 [ 208.175245] ? lock_acquire+0x1e4/0x540 [ 208.179553] ? get_pid_task+0xd8/0x1a0 [ 208.183426] ? perf_trace_lock+0xde/0x920 [ 208.187573] ? lock_release+0xa30/0xa30 [ 208.191534] ? zap_class+0x740/0x740 [ 208.195237] ? vmf_insert_mixed_mkwrite+0xa0/0xa0 [ 208.200065] ? __f_unlock_pos+0x19/0x20 [ 208.204028] ? lock_downgrade+0x8f0/0x8f0 [ 208.208165] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 208.213691] ? proc_fail_nth_write+0x9e/0x210 [ 208.218174] ? lock_acquire+0x1e4/0x540 [ 208.222140] _do_fork+0x291/0x12a0 [ 208.225670] ? fork_idle+0x1a0/0x1a0 [ 208.229382] ? fsnotify_first_mark+0x350/0x350 [ 208.233952] ? fsnotify+0x14e0/0x14e0 [ 208.237752] ? __sb_end_write+0xac/0xe0 [ 208.241719] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 208.247244] ? fput+0x130/0x1a0 [ 208.250510] ? ksys_write+0x1ae/0x260 [ 208.254299] ? __ia32_sys_read+0xb0/0xb0 [ 208.258363] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 208.263890] __x64_sys_clone+0xbf/0x150 [ 208.267863] do_syscall_64+0x1b9/0x820 [ 208.271750] ? finish_task_switch+0x1d3/0x870 [ 208.276236] ? syscall_return_slowpath+0x5e0/0x5e0 [ 208.281155] ? syscall_return_slowpath+0x31d/0x5e0 [ 208.286077] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 208.291087] ? prepare_exit_to_usermode+0x291/0x3b0 [ 208.296092] ? perf_trace_sys_enter+0xb10/0xb10 [ 208.300751] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 208.305584] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 208.310768] RIP: 0033:0x455ab9 [ 208.313939] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 208.333155] RSP: 002b:00007fc93da34c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 208.340865] RAX: ffffffffffffffda RBX: 00007fc93da356d4 RCX: 0000000000455ab9 [ 208.348124] RDX: 0000000020000240 RSI: 0000000020000140 RDI: 0000000000004000 [ 208.355395] RBP: 000000000072bea0 R08: 00000000200002c0 R09: 0000000000000000 [ 208.362659] R10: 0000000020000280 R11: 0000000000000246 R12: 0000000000000014 [ 208.369926] R13: 00000000004bb85d R14: 00000000004c8d28 R15: 000000000000003b [ 208.378312] attempt to access beyond end of device [ 208.383314] loop7: rw=2049, want=313, limit=128 [ 208.388065] Buffer I/O error on dev loop7, logical block 312, lost async page write [ 208.400900] attempt to access beyond end of device [ 208.405901] loop7: rw=2049, want=326, limit=128 [ 208.410670] Buffer I/O error on dev loop7, logical block 325, lost async page write [ 208.418613] attempt to access beyond end of device [ 208.423676] loop7: rw=2049, want=327, limit=128 [ 208.428372] Buffer I/O error on dev loop7, logical block 326, lost async page write 09:52:21 executing program 6: mkdir(&(0x7f00000003c0)='./control\x00', 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000480)={0xaa}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000200)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = creat(&(0x7f0000000040)='./control/file0\x00', 0x0) write$sndseq(r1, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) mkdir(&(0x7f0000000100)='./file0\x00', 0x0) r2 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000140)='/dev/dsp\x00', 0x0, 0x0) pwrite64(0xffffffffffffffff, &(0x7f0000000080), 0x0, 0x0) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='9p\x00', 0x0, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c}) 09:52:21 executing program 0: ioctl$sock_FIOGETOWN(0xffffffffffffff9c, 0x8903, &(0x7f0000000200)) clone(0x0, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) 09:52:21 executing program 1: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x80000000000002, &(0x7f0000000000)=0x78, 0x4) bind$inet(r1, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1=0xe0000001}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000040)='dctcp\x00', 0x7fff) sendto$inet(r1, &(0x7f0000a88f88), 0xfffffffffffffe6e, 0x20000000, &(0x7f0000e68000)={0x2, 0x4004e23, @local={0xac, 0x14, 0x14, 0xaa}}, 0x10) shutdown(r1, 0x1) 09:52:21 executing program 2: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x400000000000, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) 09:52:21 executing program 4 (fault-call:1 fault-nth:60): perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x4000, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) 09:52:21 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0xfffffffffffffffa, &(0x7f00000002c0)="d746cf903281c42066a237a0a8a3eadfe245f747b85b32e1c571edeb0a364a0b6b600ae529a9934f8d6d8a6135ae3411db270f938d20e8c2a214aa015bbdd5a2309c66a1d29e344d378b29b0351e95610e1a35236947", &(0x7f0000000100), &(0x7f00000000c0), &(0x7f0000000040)) r0 = semget(0x1, 0x6, 0x8) semctl$SETALL(r0, 0x0, 0x11, &(0x7f0000000040)=[0x2, 0x7, 0x3ff, 0x6cb8, 0x42, 0x10001, 0x8000]) [ 208.455716] attempt to access beyond end of device [ 208.460825] loop7: rw=2049, want=328, limit=128 [ 208.465514] Buffer I/O error on dev loop7, logical block 327, lost async page write [ 208.530613] attempt to access beyond end of device [ 208.535730] loop7: rw=2049, want=329, limit=128 [ 208.540439] Buffer I/O error on dev loop7, logical block 328, lost async page write [ 208.547838] FAULT_INJECTION: forcing a failure. [ 208.547838] name failslab, interval 1, probability 0, space 0, times 0 [ 208.559512] CPU: 1 PID: 11915 Comm: syz-executor4 Not tainted 4.18.0-rc5-next-20180720+ #12 [ 208.568006] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 208.577362] Call Trace: [ 208.579966] dump_stack+0x1c9/0x2b4 [ 208.583608] ? dump_stack_print_info.cold.2+0x52/0x52 [ 208.588819] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 208.593854] should_fail.cold.4+0xa/0x11 [ 208.597390] attempt to access beyond end of device [ 208.597931] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 208.602898] loop7: rw=2049, want=2153, limit=128 [ 208.608076] ? lock_release+0xa30/0xa30 [ 208.608092] ? kasan_check_read+0x11/0x20 [ 208.608112] ? rcu_is_watching+0x8c/0x150 [ 208.625101] ? rcu_cleanup_dead_rnp+0x200/0x200 [ 208.629790] ? is_bpf_text_address+0xd7/0x170 [ 208.634291] ? kernel_text_address+0x79/0xf0 [ 208.638699] ? __kernel_text_address+0xd/0x40 [ 208.643187] ? unwind_get_return_address+0x61/0xa0 [ 208.648102] ? __save_stack_trace+0x8d/0xf0 [ 208.652412] ? save_stack+0xa9/0xd0 [ 208.656046] ? save_stack+0x43/0xd0 [ 208.659663] ? kasan_kmalloc+0xc4/0xe0 [ 208.663536] __should_failslab+0x124/0x180 [ 208.667754] should_failslab+0x9/0x14 [ 208.671538] kmem_cache_alloc+0x47/0x760 [ 208.675586] ? lock_acquire+0x1e4/0x540 [ 208.679545] ? percpu_ref_put_many+0x119/0x240 [ 208.684118] ? lock_downgrade+0x8f0/0x8f0 [ 208.688257] anon_vma_clone+0x140/0x740 [ 208.692222] ? fs_reclaim_acquire+0x20/0x20 [ 208.696529] ? unlink_anon_vmas+0xa60/0xa60 [ 208.700855] ? dup_userfaultfd+0x775/0x9a0 [ 208.705078] anon_vma_fork+0xf0/0x960 [ 208.708870] ? kasan_unpoison_shadow+0x35/0x50 [ 208.713447] ? anon_vma_clone+0x740/0x740 [ 208.717592] ? kasan_slab_alloc+0x12/0x20 [ 208.721739] ? kmem_cache_alloc+0x2fc/0x760 [ 208.726057] copy_process.part.41+0x6705/0x73d0 [ 208.730738] ? __cleanup_sighand+0x70/0x70 [ 208.734963] ? lock_release+0xa30/0xa30 [ 208.738952] ? xas_descend+0x20c/0x5f0 [ 208.742849] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 208.747862] ? check_pgprot+0xdf/0x180 [ 208.751743] ? put_page+0x280/0x280 [ 208.755380] ? kasan_check_write+0x14/0x20 [ 208.759620] ? alloc_set_pte+0xaf6/0x1790 [ 208.763778] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 208.768804] ? filemap_map_pages+0xca2/0x1990 [ 208.773316] ? trace_hardirqs_on+0x10/0x10 [ 208.777563] ? xa_set_tag+0x40/0x40 [ 208.781200] ? perf_trace_lock+0xde/0x920 [ 208.785357] ? trace_hardirqs_on+0x10/0x10 [ 208.789604] ? trace_hardirqs_on+0x10/0x10 [ 208.793858] ? trace_hardirqs_on+0x10/0x10 [ 208.798105] ? find_get_entries_tag+0x1410/0x1410 [ 208.802964] ? perf_trace_lock+0xde/0x920 [ 208.807121] ? zap_class+0x740/0x740 [ 208.810844] ? zap_class+0x740/0x740 [ 208.814556] ? zap_class+0x740/0x740 [ 208.818275] ? shrink_dcache_sb+0x350/0x350 [ 208.822595] ? perf_trace_lock+0xde/0x920 [ 208.826835] ? lock_acquire+0x1e4/0x540 [ 208.830814] ? __fdget_pos+0x1bb/0x200 [ 208.834697] ? zap_class+0x740/0x740 [ 208.838415] ? lock_release+0xa30/0xa30 [ 208.842396] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 208.847915] ? _parse_integer+0x13b/0x190 [ 208.852056] ? perf_trace_lock+0xde/0x920 [ 208.856190] ? _kstrtoull+0x188/0x250 [ 208.859976] ? _parse_integer+0x190/0x190 [ 208.864120] ? zap_class+0x740/0x740 [ 208.867841] ? __check_object_size+0xa3/0x5d7 [ 208.872330] ? lock_acquire+0x1e4/0x540 [ 208.876288] ? get_pid_task+0xd8/0x1a0 [ 208.880167] ? perf_trace_lock+0xde/0x920 [ 208.884303] ? lock_release+0xa30/0xa30 [ 208.888261] ? zap_class+0x740/0x740 [ 208.891972] ? vmf_insert_mixed_mkwrite+0xa0/0xa0 [ 208.896811] ? __f_unlock_pos+0x19/0x20 [ 208.900774] ? lock_downgrade+0x8f0/0x8f0 [ 208.904909] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 208.910433] ? proc_fail_nth_write+0x9e/0x210 [ 208.914937] ? lock_acquire+0x1e4/0x540 [ 208.918900] _do_fork+0x291/0x12a0 [ 208.922430] ? fork_idle+0x1a0/0x1a0 [ 208.926140] ? fsnotify_first_mark+0x350/0x350 [ 208.930705] ? fsnotify+0x14e0/0x14e0 [ 208.934493] ? __sb_end_write+0xac/0xe0 [ 208.938453] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 208.943987] ? fput+0x130/0x1a0 [ 208.947278] ? ksys_write+0x1ae/0x260 [ 208.951071] ? __ia32_sys_read+0xb0/0xb0 [ 208.955119] ? syscall_slow_exit_work+0x500/0x500 [ 208.960057] __x64_sys_clone+0xbf/0x150 [ 208.964042] do_syscall_64+0x1b9/0x820 [ 208.967927] ? finish_task_switch+0x1d3/0x870 [ 208.972426] ? syscall_return_slowpath+0x5e0/0x5e0 [ 208.977340] ? syscall_return_slowpath+0x31d/0x5e0 [ 208.982267] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 208.987270] ? prepare_exit_to_usermode+0x291/0x3b0 [ 208.992270] ? perf_trace_sys_enter+0xb10/0xb10 [ 208.996923] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 209.001757] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 209.006941] RIP: 0033:0x455ab9 [ 209.010110] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 09:52:22 executing program 0: ioctl$sock_FIOGETOWN(0xffffffffffffff9c, 0x8903, &(0x7f0000000200)) clone(0x0, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) 09:52:22 executing program 3: clone(0x0, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) ioctl$sock_SIOCGPGRP(0xffffffffffffff9c, 0x8904, &(0x7f0000000000)=0x0) r1 = getpid() setpgid(r0, r1) 09:52:22 executing program 2: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x20010, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) 09:52:22 executing program 7: syz_mount_image$vfat(&(0x7f0000000140)='vfat\x00', &(0x7f0000000100)='./file0\x00', 0x10001, 0x1, &(0x7f0000000040)=[{&(0x7f0000010000)="eb64c86d6b66732e66617400020441000500077008f8", 0x16}], 0x0, &(0x7f0000000240)=ANY=[]) r0 = open(&(0x7f00000001c0)='./file0/file0\x00', 0x3bffa, 0x0) io_setup(0x7, &(0x7f0000000000)=0x0) write$binfmt_elf32(r0, &(0x7f0000000180)=ANY=[@ANYRES64], 0xfffffe45) io_submit(r1, 0x1, &(0x7f0000000400)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r0, &(0x7f00000002c0)}]) 09:52:22 executing program 5: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x80000000000002, &(0x7f0000000000)=0x78, 0x4) bind$inet(r1, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1=0xe0000001}, 0x10) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f00000000c0)={0x1, &(0x7f0000f40ff8)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000040)='dctcp\x00', 0x7fff) sendto$inet(r1, &(0x7f0000a88f88), 0xfffffffffffffe6e, 0x20000000, &(0x7f0000e68000)={0x2, 0x4004e23, @local={0xac, 0x14, 0x14, 0xaa}}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000001800)='nv\x00', 0x3) shutdown(r1, 0x16) 09:52:22 executing program 4 (fault-call:1 fault-nth:61): perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x4000, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) [ 209.029970] RSP: 002b:00007fc93da34c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 209.037679] RAX: ffffffffffffffda RBX: 00007fc93da356d4 RCX: 0000000000455ab9 [ 209.044934] RDX: 0000000020000240 RSI: 0000000020000140 RDI: 0000000000004000 [ 209.052189] RBP: 000000000072bea0 R08: 00000000200002c0 R09: 0000000000000000 [ 209.059454] R10: 0000000020000280 R11: 0000000000000246 R12: 0000000000000014 [ 209.066712] R13: 00000000004bb85d R14: 00000000004c8d28 R15: 000000000000003c 09:52:22 executing program 2: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x1000000, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) 09:52:22 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) exit_group(0x58) r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000040)='/dev/snapshot\x00', 0x80, 0x0) ioctl$KDGKBSENT(r0, 0x4b48, &(0x7f0000000080)={0x101, 0x0, 0x5}) clone(0x0, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) 09:52:22 executing program 0: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x10000000000000, 0x0, 0x0, 0x0, 0x3, 0x31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x0, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) [ 209.166252] FAULT_INJECTION: forcing a failure. [ 209.166252] name failslab, interval 1, probability 0, space 0, times 0 [ 209.177571] CPU: 0 PID: 11940 Comm: syz-executor4 Not tainted 4.18.0-rc5-next-20180720+ #12 [ 209.186067] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 209.196331] Call Trace: [ 209.198942] dump_stack+0x1c9/0x2b4 [ 209.202614] ? dump_stack_print_info.cold.2+0x52/0x52 [ 209.207848] ? perf_trace_lock+0x49d/0x920 [ 209.212125] should_fail.cold.4+0xa/0x11 09:52:22 executing program 2: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x80000, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) [ 209.216221] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 209.221349] ? save_stack+0xa9/0xd0 [ 209.225000] ? kasan_kmalloc+0xc4/0xe0 [ 209.228903] ? kasan_slab_alloc+0x12/0x20 [ 209.233066] ? anon_vma_fork+0x192/0x960 [ 209.237152] ? copy_process.part.41+0x6705/0x73d0 [ 209.242010] ? _do_fork+0x291/0x12a0 [ 209.245755] ? __x64_sys_clone+0xbf/0x150 [ 209.249938] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 209.255344] ? lock_acquire+0x1e4/0x540 [ 209.259336] ? lock_downgrade+0x8f0/0x8f0 [ 209.263513] ? lock_acquire+0x1e4/0x540 [ 209.267506] ? fs_reclaim_acquire+0x20/0x20 [ 209.271844] ? lock_downgrade+0x8f0/0x8f0 [ 209.276019] ? check_same_owner+0x340/0x340 [ 209.280369] ? rcu_note_context_switch+0x730/0x730 [ 209.285332] ? kasan_unpoison_shadow+0x35/0x50 [ 209.289959] __should_failslab+0x124/0x180 [ 209.294220] should_failslab+0x9/0x14 [ 209.298045] kmem_cache_alloc+0x2af/0x760 [ 209.302223] ? dup_userfaultfd+0x775/0x9a0 [ 209.306474] ? anon_vma_fork+0x192/0x960 [ 209.310559] anon_vma_fork+0x2dc/0x960 [ 209.314472] ? anon_vma_clone+0x740/0x740 [ 209.318634] ? kasan_slab_alloc+0x12/0x20 [ 209.322803] ? kmem_cache_alloc+0x2fc/0x760 [ 209.327160] copy_process.part.41+0x6705/0x73d0 [ 209.331887] ? __cleanup_sighand+0x70/0x70 [ 209.336164] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 209.341720] ? perf_tp_event+0x91b/0xc40 [ 209.345796] ? xas_descend+0x20c/0x5f0 [ 209.349712] ? perf_swevent_event+0x2e0/0x2e0 [ 209.354249] ? perf_swevent_event+0x158/0x2e0 [ 209.358770] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 209.359495] FAT-fs (loop7): Directory bread(block 128) failed [ 209.364319] ? perf_tp_event+0x91b/0xc40 [ 209.364338] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 209.364356] ? filemap_map_pages+0xca2/0x1990 [ 209.364380] ? perf_swevent_event+0x2e0/0x2e0 [ 209.370424] FAT-fs (loop7): Directory bread(block 129) failed [ 209.374315] ? perf_trace_run_bpf_submit+0x269/0x3b0 [ 209.374340] ? perf_trace_run_bpf_submit+0x269/0x3b0 [ 209.374373] ? perf_tp_event+0xc40/0xc40 [ 209.379517] FAT-fs (loop7): Directory bread(block 130) failed [ 209.383858] ? perf_trace_run_bpf_submit+0x269/0x3b0 [ 209.383880] ? perf_trace_run_bpf_submit+0x269/0x3b0 [ 209.383900] ? perf_trace_run_bpf_submit+0x270/0x3b0 [ 209.388526] FAT-fs (loop7): Directory bread(block 131) failed [ 209.394265] ? perf_tp_event+0xc40/0xc40 [ 209.394285] ? zap_class+0x740/0x740 [ 209.394310] ? perf_trace_run_bpf_submit+0x269/0x3b0 [ 209.399501] FAT-fs (loop7): Directory bread(block 132) failed [ 209.404477] ? perf_trace_run_bpf_submit+0x269/0x3b0 [ 209.404496] ? perf_trace_run_bpf_submit+0x270/0x3b0 [ 209.404523] ? perf_tp_event+0xc40/0xc40 [ 209.408673] FAT-fs (loop7): Directory bread(block 133) failed [ 209.414456] ? zap_class+0x740/0x740 [ 209.414478] ? memset+0x31/0x40 [ 209.414501] ? perf_trace_lock+0x49d/0x920 [ 209.419705] FAT-fs (loop7): Directory bread(block 134) failed [ 209.424673] ? perf_trace_run_bpf_submit+0x269/0x3b0 [ 209.424699] ? zap_class+0x740/0x740 [ 209.424724] ? __check_object_size+0xa3/0x5d7 [ 209.429918] FAT-fs (loop7): Directory bread(block 135) failed [ 209.435676] ? memset+0x31/0x40 [ 209.435717] ? zap_class+0x740/0x740 [ 209.439955] FAT-fs (loop7): Directory bread(block 136) failed [ 209.443481] ? __f_unlock_pos+0x19/0x20 [ 209.443499] ? lock_downgrade+0x8f0/0x8f0 [ 209.443521] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 209.448732] FAT-fs (loop7): Directory bread(block 137) failed [ 209.454489] ? proc_fail_nth_write+0x9e/0x210 [ 209.454515] ? lock_acquire+0x1e4/0x540 [ 209.454545] _do_fork+0x291/0x12a0 [ 209.500588] attempt to access beyond end of device [ 209.505021] ? fork_idle+0x1a0/0x1a0 [ 209.505045] ? fsnotify_first_mark+0x350/0x350 [ 209.505063] ? fsnotify+0x14e0/0x14e0 [ 209.510950] loop7: rw=2049, want=310, limit=128 [ 209.514227] ? __sb_end_write+0xac/0xe0 [ 209.517928] Buffer I/O error on dev loop7, logical block 309, lost async page write [ 209.523804] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 209.523821] ? fput+0x130/0x1a0 [ 209.527974] attempt to access beyond end of device [ 209.531938] ? ksys_write+0x1ae/0x260 [ 209.531959] ? __ia32_sys_read+0xb0/0xb0 [ 209.531976] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 209.532003] __x64_sys_clone+0xbf/0x150 [ 209.537521] loop7: rw=2049, want=311, limit=128 [ 209.543383] do_syscall_64+0x1b9/0x820 [ 209.543400] ? finish_task_switch+0x1d3/0x870 [ 209.547879] Buffer I/O error on dev loop7, logical block 310, lost async page write [ 209.551828] ? syscall_return_slowpath+0x5e0/0x5e0 [ 209.551847] ? syscall_return_slowpath+0x31d/0x5e0 [ 209.555523] attempt to access beyond end of device [ 209.560276] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 209.560296] ? prepare_exit_to_usermode+0x291/0x3b0 [ 209.560315] ? perf_trace_sys_enter+0xb10/0xb10 [ 209.560334] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 209.564046] loop7: rw=2049, want=312, limit=128 [ 209.568616] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 209.568632] RIP: 0033:0x455ab9 [ 209.572570] attempt to access beyond end of device [ 209.577063] Code: 1d ba fb ff c3 66 2e 0f [ 209.581087] loop7: rw=2049, want=313, limit=128 [ 209.588847] 1f 84 00 00 [ 209.594538] attempt to access beyond end of device [ 209.597634] 00 00 00 66 90 48 89 f8 48 89 f7 [ 209.602615] loop7: rw=2049, want=326, limit=128 [ 209.606376] 48 89 d6 48 [ 209.610593] attempt to access beyond end of device [ 209.615948] 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f [ 209.619999] loop7: rw=2049, want=327, limit=128 [ 209.624641] 05 <48> 3d 01 [ 209.628691] attempt to access beyond end of device [ 209.632994] f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f [ 209.640853] loop7: rw=2049, want=328, limit=128 [ 209.645745] 1f 84 00 00 [ 209.650831] attempt to access beyond end of device [ 209.655574] 00 00 [ 209.655592] RSP: 002b:00007fc93da34c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 209.655612] RAX: ffffffffffffffda RBX: 00007fc93da356d4 RCX: 0000000000455ab9 [ 209.655622] RDX: 0000000020000240 RSI: 0000000020000140 RDI: 0000000000004000 [ 209.655631] RBP: 000000000072bea0 R08: 00000000200002c0 R09: 0000000000000000 [ 209.655643] R10: 0000000020000280 R11: 0000000000000246 R12: 0000000000000014 [ 209.660655] loop7: rw=2049, want=329, limit=128 [ 209.665636] R13: 00000000004bb85d R14: 00000000004c8d28 R15: 000000000000003d [ 209.829813] attempt to access beyond end of device [ 209.834809] loop7: rw=2049, want=2153, limit=128 09:52:23 executing program 4 (fault-call:1 fault-nth:62): perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x4000, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) 09:52:23 executing program 5: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x80000000000002, &(0x7f0000000000)=0x78, 0x4) bind$inet(r1, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1=0xe0000001}, 0x10) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f00000000c0)={0x1, &(0x7f0000f40ff8)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000040)='dctcp\x00', 0x7fff) sendto$inet(r1, &(0x7f0000a88f88), 0xfffffffffffffe6e, 0x20000000, &(0x7f0000e68000)={0x2, 0x4004e23, @local={0xac, 0x14, 0x14, 0xaa}}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000001800)='nv\x00', 0x3) shutdown(r1, 0x4) 09:52:23 executing program 1: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x80000000000002, &(0x7f0000000000)=0x78, 0x4) bind$inet(r1, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1=0xe0000001}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000040)='dctcp\x00', 0x7fff) sendto$inet(r1, &(0x7f0000a88f88), 0xfffffffffffffe6e, 0x20a00000, &(0x7f0000e68000)={0x2, 0x4004e23, @local={0xac, 0x14, 0x14, 0xaa}}, 0x10) shutdown(r1, 0x1) 09:52:23 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x0, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) readlink(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)=""/164, 0xa4) 09:52:23 executing program 2: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x1b12720000, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) 09:52:23 executing program 0: perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x10000000000000, 0x0, 0x0, 0x0, 0x3, 0x31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x0, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) 09:52:23 executing program 6: mkdir(&(0x7f00000003c0)='./control\x00', 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000480)={0xaa}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000200)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = creat(&(0x7f0000000040)='./control/file0\x00', 0x0) write$sndseq(r1, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) mkdir(&(0x7f0000000100)='./file0\x00', 0x0) openat$dsp(0xffffffffffffff9c, &(0x7f0000000140)='/dev/dsp\x00', 0x0, 0x0) pwrite64(0xffffffffffffffff, &(0x7f0000000080), 0x0, 0x0) close(r0) 09:52:23 executing program 7: syz_mount_image$vfat(&(0x7f0000000140)='vfat\x00', &(0x7f0000000100)='./file0\x00', 0x10001, 0x1, &(0x7f0000000040)=[{&(0x7f0000010000)="eb64c86d6b66732e66617400020441000500077008f8", 0x16}], 0x0, &(0x7f0000000240)=ANY=[]) r0 = open(&(0x7f00000001c0)='./file0/file0\x00', 0x3bffa, 0x0) io_setup(0x7, &(0x7f0000000000)=0x0) write$binfmt_elf32(r0, &(0x7f0000000180)=ANY=[@ANYRES64], 0xfffffe45) io_submit(r1, 0x1, &(0x7f0000000400)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r0, &(0x7f00000002c0)}]) [ 210.738275] FAULT_INJECTION: forcing a failure. [ 210.738275] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 210.748432] FAT-fs (loop7): Directory bread(block 128) failed [ 210.750294] CPU: 0 PID: 11971 Comm: syz-executor4 Not tainted 4.18.0-rc5-next-20180720+ #12 [ 210.763337] FAT-fs (loop7): Directory bread(block 129) failed [ 210.764601] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 210.764609] Call Trace: [ 210.764636] dump_stack+0x1c9/0x2b4 [ 210.764657] ? dump_stack_print_info.cold.2+0x52/0x52 [ 210.777007] FAT-fs (loop7): Directory bread(block 130) failed [ 210.779899] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 210.779930] should_fail.cold.4+0xa/0x11 [ 210.787482] FAT-fs (loop7): Directory bread(block 131) failed [ 210.791313] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 210.791335] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 210.791355] ? perf_tp_event+0x91b/0xc40 [ 210.802902] FAT-fs (loop7): Directory bread(block 132) failed [ 210.806843] ? perf_swevent_event+0x2e0/0x2e0 09:52:23 executing program 2: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x1ff000, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) [ 210.806860] ? perf_trace_run_bpf_submit+0x269/0x3b0 [ 210.806878] ? memset+0x31/0x40 [ 210.815135] FAT-fs (loop7): Directory bread(block 133) failed [ 210.817846] ? perf_trace_run_bpf_submit+0x269/0x3b0 [ 210.817876] ? lock_acquire+0x1e4/0x540 [ 210.817895] ? fs_reclaim_acquire+0x20/0x20 [ 210.823515] FAT-fs (loop7): Directory bread(block 134) failed [ 210.827456] ? lock_downgrade+0x8f0/0x8f0 [ 210.827484] ? check_same_owner+0x340/0x340 [ 210.827507] ? rcu_note_context_switch+0x730/0x730 [ 210.833550] FAT-fs (loop7): Directory bread(block 135) failed [ 210.837859] __alloc_pages_nodemask+0x36e/0xdb0 [ 210.837883] ? __alloc_pages_slowpath+0x2d00/0x2d00 [ 210.837903] ? perf_trace_run_bpf_submit+0x269/0x3b0 [ 210.843207] FAT-fs (loop7): Directory bread(block 136) failed [ 210.846246] ? perf_trace_run_bpf_submit+0x270/0x3b0 [ 210.846282] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 210.846298] ? bpf_prog_kallsyms_find+0xde/0x4c0 [ 210.852279] FAT-fs (loop7): Directory bread(block 137) failed [ 210.857268] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 210.857289] alloc_pages_current+0x10c/0x210 [ 210.857308] ? perf_trace_run_bpf_submit+0x270/0x3b0 [ 210.946939] get_zeroed_page+0x14/0x50 [ 210.950821] __pud_alloc+0x3f/0x310 [ 210.954436] ? perf_tp_event+0xc40/0xc40 [ 210.958493] pud_alloc+0xe1/0x150 [ 210.961941] copy_page_range+0x427/0x24c0 [ 210.966085] ? vma_compute_subtree_gap+0x160/0x240 [ 210.971007] ? vma_gap_callbacks_rotate+0x62/0x80 [ 210.975857] ? rb_insert_color_cached+0x14c0/0x14c0 [ 210.980866] ? save_stack+0x43/0xd0 [ 210.984484] ? kasan_slab_alloc+0x12/0x20 [ 210.988622] ? __pmd_alloc+0x530/0x530 [ 210.992502] ? _do_fork+0x291/0x12a0 [ 210.996207] ? __x64_sys_clone+0xbf/0x150 [ 211.000352] ? do_syscall_64+0x1b9/0x820 [ 211.004404] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 211.009768] ? lock_acquire+0x1e4/0x540 [ 211.013729] ? percpu_ref_put_many+0x119/0x240 [ 211.018300] ? lock_downgrade+0x8f0/0x8f0 [ 211.022461] ? anon_vma_fork+0x651/0x960 [ 211.026530] ? lock_downgrade+0x8f0/0x8f0 [ 211.030676] ? lock_release+0xa30/0xa30 [ 211.034641] ? percpu_ref_put_many+0x131/0x240 [ 211.039224] ? rcu_note_context_switch+0x730/0x730 [ 211.044419] ? up_write+0x7b/0x220 [ 211.047951] ? up_read+0x110/0x110 [ 211.051485] ? anon_vma_interval_tree_insert+0x26b/0x300 [ 211.057136] ? anon_vma_clone+0x740/0x740 [ 211.061282] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 211.066293] ? __vma_link_rb+0x2a4/0x3f0 [ 211.070352] copy_process.part.41+0x5ead/0x73d0 [ 211.075047] ? __cleanup_sighand+0x70/0x70 [ 211.079282] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 211.084812] ? perf_tp_event+0x91b/0xc40 [ 211.088872] ? xas_descend+0x20c/0x5f0 [ 211.092766] ? perf_swevent_event+0x2e0/0x2e0 [ 211.097273] ? perf_swevent_event+0x158/0x2e0 [ 211.101770] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 211.107301] ? perf_tp_event+0x91b/0xc40 [ 211.111361] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 211.116369] ? filemap_map_pages+0xca2/0x1990 [ 211.120894] ? perf_swevent_event+0x2e0/0x2e0 [ 211.125385] ? perf_trace_run_bpf_submit+0x269/0x3b0 [ 211.130491] ? perf_trace_run_bpf_submit+0x269/0x3b0 [ 211.135604] ? perf_tp_event+0xc40/0xc40 [ 211.139673] ? perf_trace_run_bpf_submit+0x269/0x3b0 [ 211.144770] ? perf_trace_run_bpf_submit+0x269/0x3b0 [ 211.149872] ? perf_trace_run_bpf_submit+0x270/0x3b0 [ 211.154969] ? perf_tp_event+0xc40/0xc40 [ 211.159027] ? zap_class+0x740/0x740 [ 211.162738] ? perf_trace_run_bpf_submit+0x269/0x3b0 [ 211.167833] ? perf_trace_run_bpf_submit+0x269/0x3b0 [ 211.172924] ? perf_trace_run_bpf_submit+0x270/0x3b0 [ 211.178127] ? perf_tp_event+0xc40/0xc40 [ 211.182193] ? zap_class+0x740/0x740 [ 211.185899] ? memset+0x31/0x40 [ 211.189176] ? perf_trace_lock+0x49d/0x920 [ 211.194277] ? perf_trace_run_bpf_submit+0x269/0x3b0 [ 211.199377] ? zap_class+0x740/0x740 [ 211.203084] ? __check_object_size+0xa3/0x5d7 [ 211.207572] ? memset+0x31/0x40 [ 211.210857] ? zap_class+0x740/0x740 [ 211.214613] ? __f_unlock_pos+0x19/0x20 [ 211.218575] ? lock_downgrade+0x8f0/0x8f0 [ 211.222715] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 211.228245] ? proc_fail_nth_write+0x9e/0x210 [ 211.232742] ? lock_acquire+0x1e4/0x540 [ 211.236735] _do_fork+0x291/0x12a0 [ 211.240293] ? fork_idle+0x1a0/0x1a0 [ 211.244005] ? fsnotify_first_mark+0x350/0x350 [ 211.248590] ? fsnotify+0x14e0/0x14e0 [ 211.252419] ? __sb_end_write+0xac/0xe0 [ 211.256411] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 211.261946] ? fput+0x130/0x1a0 [ 211.265215] ? ksys_write+0x1ae/0x260 [ 211.269022] ? __ia32_sys_read+0xb0/0xb0 [ 211.273088] ? syscall_slow_exit_work+0x500/0x500 [ 211.277928] __x64_sys_clone+0xbf/0x150 [ 211.281899] do_syscall_64+0x1b9/0x820 [ 211.285779] ? finish_task_switch+0x1d3/0x870 [ 211.290280] ? syscall_return_slowpath+0x5e0/0x5e0 [ 211.295205] ? syscall_return_slowpath+0x31d/0x5e0 [ 211.300134] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 211.305143] ? prepare_exit_to_usermode+0x291/0x3b0 [ 211.310156] ? perf_trace_sys_enter+0xb10/0xb10 [ 211.314835] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 211.319689] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 211.324871] RIP: 0033:0x455ab9 [ 211.328050] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 211.347424] RSP: 002b:00007fc93da34c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 211.355142] RAX: ffffffffffffffda RBX: 00007fc93da356d4 RCX: 0000000000455ab9 [ 211.362408] RDX: 0000000020000240 RSI: 0000000020000140 RDI: 0000000000004000 [ 211.369669] RBP: 000000000072bea0 R08: 00000000200002c0 R09: 0000000000000000 [ 211.376927] R10: 0000000020000280 R11: 0000000000000246 R12: 0000000000000014 [ 211.384190] R13: 00000000004bb85d R14: 00000000004c8d28 R15: 000000000000003e 09:52:24 executing program 0: perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x10000000000000, 0x0, 0x0, 0x0, 0x3, 0x31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x0, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) 09:52:24 executing program 2: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x400000, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) 09:52:24 executing program 3: r0 = perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$FIBMAP(r0, 0x1, &(0x7f0000000040)=0x10000009) clone(0x0, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) 09:52:24 executing program 0: perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x10000000000000, 0x0, 0x0, 0x0, 0x3, 0x31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x0, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) 09:52:24 executing program 1: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x80000000000002, &(0x7f0000000000)=0x78, 0x4) bind$inet(r1, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1=0xe0000001}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000040)='dctcp\x00', 0x7fff) sendto$inet(r1, &(0x7f0000a88f88), 0xfffffffffffffe6e, 0x20000017, &(0x7f0000e68000)={0x2, 0x4004e23, @local={0xac, 0x14, 0x14, 0xaa}}, 0x10) shutdown(r1, 0x1) 09:52:24 executing program 2: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x200000000000000, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) [ 211.547869] attempt to access beyond end of device [ 211.552920] loop7: rw=2049, want=310, limit=128 [ 211.579678] attempt to access beyond end of device [ 211.584825] loop7: rw=2049, want=311, limit=128 09:52:24 executing program 4: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x4000, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) [ 211.624859] attempt to access beyond end of device [ 211.629910] loop7: rw=2049, want=312, limit=128 [ 211.642911] attempt to access beyond end of device [ 211.648055] loop7: rw=2049, want=313, limit=128 [ 211.671412] attempt to access beyond end of device [ 211.676447] loop7: rw=2049, want=326, limit=128 [ 211.703251] attempt to access beyond end of device [ 211.708293] loop7: rw=2049, want=327, limit=128 [ 211.738056] attempt to access beyond end of device [ 211.743110] loop7: rw=2049, want=328, limit=128 [ 211.764334] attempt to access beyond end of device [ 211.769463] loop7: rw=2049, want=329, limit=128 [ 211.776470] attempt to access beyond end of device [ 211.781608] loop7: rw=2049, want=2153, limit=128 09:52:25 executing program 6: mkdir(&(0x7f00000003c0)='./control\x00', 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000480)={0xaa}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000200)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = creat(&(0x7f0000000040)='./control/file0\x00', 0x0) write$sndseq(r1, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) mkdir(&(0x7f0000000100)='./file0\x00', 0x0) openat$dsp(0xffffffffffffff9c, &(0x7f0000000140)='/dev/dsp\x00', 0x0, 0x0) pwrite64(0xffffffffffffffff, &(0x7f0000000080), 0x0, 0x0) close(r0) 09:52:25 executing program 0: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000000000000, 0x0, 0x0, 0x0, 0x3, 0x31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x0, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) 09:52:25 executing program 2: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x4000, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) 09:52:25 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socketpair$inet_icmp_raw(0x2, 0x3, 0x1, &(0x7f0000000040)={0xffffffffffffffff}) setsockopt$IP_VS_SO_SET_EDITDEST(r0, 0x0, 0x489, &(0x7f0000000080)={{0xff, @dev={0xac, 0x14, 0x14, 0xf}, 0x4e24, 0x2, 'sh\x00', 0x10, 0x6, 0x13}, {@dev={0xac, 0x14, 0x14, 0xf}, 0x4e22, 0x3, 0x7ff, 0x3f}}, 0x44) clone(0x0, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) 09:52:25 executing program 7: syz_mount_image$vfat(&(0x7f0000000140)='vfat\x00', &(0x7f0000000100)='./file0\x00', 0x10001, 0x1, &(0x7f0000000040)=[{&(0x7f0000010000)="eb64c86d6b66732e66617400020441000500077008f8", 0x16}], 0x0, &(0x7f0000000240)=ANY=[]) r0 = open(&(0x7f00000001c0)='./file0/file0\x00', 0x3bffa, 0x0) io_setup(0x7, &(0x7f0000000000)=0x0) write$binfmt_elf32(r0, &(0x7f0000000180)=ANY=[@ANYRES64], 0xfffffe45) io_submit(r1, 0x1, &(0x7f0000000400)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r0, &(0x7f00000002c0)}]) 09:52:25 executing program 5: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x80000000000002, &(0x7f0000000000)=0x78, 0x4) bind$inet(r1, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1=0xe0000001}, 0x10) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f00000000c0)={0x1, &(0x7f0000f40ff8)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000040)='dctcp\x00', 0x7fff) sendto$inet(r1, &(0x7f0000a88f88), 0xfffffffffffffe6e, 0x20000000, &(0x7f0000e68000)={0x2, 0x4004e23, @local={0xac, 0x14, 0x14, 0xaa}}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000001800)='nv\x00', 0x3) shutdown(r1, 0xa) 09:52:25 executing program 4: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x4002, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) [ 212.287998] FAT-fs (loop7): Directory bread(block 128) failed [ 212.311861] FAT-fs (loop7): Directory bread(block 129) failed [ 212.330161] FAT-fs (loop7): Directory bread(block 130) failed 09:52:25 executing program 4: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x60dd00, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) 09:52:25 executing program 0: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000000000000, 0x0, 0x0, 0x0, 0x3, 0x31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x0, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) 09:52:25 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x0, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) 09:52:25 executing program 2: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x8000000, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) [ 212.347681] FAT-fs (loop7): Directory bread(block 131) failed [ 212.363948] FAT-fs (loop7): Directory bread(block 132) failed [ 212.385287] FAT-fs (loop7): Directory bread(block 133) failed [ 212.423543] FAT-fs (loop7): Directory bread(block 134) failed [ 212.438705] FAT-fs (loop7): Directory bread(block 135) failed [ 212.451887] FAT-fs (loop7): Directory bread(block 136) failed 09:52:25 executing program 1: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x80000000000002, &(0x7f0000000000)=0x78, 0x4) bind$inet(r1, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1=0xe0000001}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000040)='dctcp\x00', 0x7fff) sendto$inet(r1, &(0x7f0000a88f88), 0xfffffffffffffe6e, 0xdc190000, &(0x7f0000e68000)={0x2, 0x4004e23, @local={0xac, 0x14, 0x14, 0xaa}}, 0x10) shutdown(r1, 0x1) 09:52:25 executing program 4: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x4008, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) [ 212.468506] FAT-fs (loop7): Directory bread(block 137) failed 09:52:25 executing program 0: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000000000000, 0x0, 0x0, 0x0, 0x3, 0x31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x0, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) 09:52:25 executing program 2: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x20200, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) 09:52:25 executing program 1: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x80000000000002, &(0x7f0000000000)=0x78, 0x4) bind$inet(r1, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1=0xe0000001}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000040)='dctcp\x00', 0x7fff) sendto$inet(r1, &(0x7f0000a88f88), 0xfffffffffffffe6e, 0x486b0000, &(0x7f0000e68000)={0x2, 0x4004e23, @local={0xac, 0x14, 0x14, 0xaa}}, 0x10) shutdown(r1, 0x1) [ 212.634650] attempt to access beyond end of device [ 212.639705] loop7: rw=2049, want=310, limit=128 [ 212.660520] attempt to access beyond end of device [ 212.665587] loop7: rw=2049, want=311, limit=128 [ 212.675869] attempt to access beyond end of device [ 212.680983] loop7: rw=2049, want=312, limit=128 [ 212.685829] attempt to access beyond end of device [ 212.690912] loop7: rw=2049, want=313, limit=128 [ 212.695847] attempt to access beyond end of device [ 212.700874] loop7: rw=2049, want=326, limit=128 [ 212.708041] attempt to access beyond end of device [ 212.713061] loop7: rw=2049, want=327, limit=128 [ 212.719245] attempt to access beyond end of device [ 212.724321] loop7: rw=2049, want=328, limit=128 [ 212.729134] attempt to access beyond end of device [ 212.734151] loop7: rw=2049, want=329, limit=128 [ 212.739848] attempt to access beyond end of device [ 212.744808] loop7: rw=2049, want=2153, limit=128 09:52:26 executing program 6: mkdir(&(0x7f00000003c0)='./control\x00', 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000480)={0xaa}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000200)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = creat(&(0x7f0000000040)='./control/file0\x00', 0x0) write$sndseq(r1, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) mkdir(&(0x7f0000000100)='./file0\x00', 0x0) openat$dsp(0xffffffffffffff9c, &(0x7f0000000140)='/dev/dsp\x00', 0x0, 0x0) pwrite64(0xffffffffffffffff, &(0x7f0000000080), 0x0, 0x0) close(r0) 09:52:26 executing program 3 (fault-call:9 fault-nth:0): mkdir(&(0x7f00000003c0)='./control\x00', 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000480)={0xaa}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000200)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = creat(&(0x7f0000000040)='./control/file0\x00', 0x0) write$sndseq(r1, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) mkdir(&(0x7f0000000100)='./file0\x00', 0x0) r2 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000140)='/dev/dsp\x00', 0x0, 0x0) pwrite64(r1, &(0x7f0000000080), 0x0, 0x0) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='9p\x00', 0x0, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c}) close(r0) 09:52:26 executing program 4: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000040)='/dev/zero\x00', 0x800, 0x0) getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r0, 0x84, 0x22, &(0x7f00000000c0)={0x40, 0x820d, 0x1, 0x1, 0x0}, &(0x7f0000000100)=0x10) r2 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000200)='/dev/snapshot\x00', 0x127400, 0x0) setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r0, 0x84, 0x76, &(0x7f0000000140)={r1, 0x1f}, 0x5) ioctl$KVM_GET_VCPU_EVENTS(r0, 0x8040ae9f, &(0x7f0000000080)) clone(0x4000, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) setsockopt$inet6_MRT6_DEL_MFC_PROXY(r2, 0x29, 0xd3, &(0x7f00000002c0)={{0xa, 0x4e21, 0x2, @empty, 0x6}, {0xa, 0x4e23, 0xc848, @ipv4={[], [0xff, 0xff], @local={0xac, 0x14, 0x14, 0xaa}}, 0x3}, 0x20, [0xfff, 0x6, 0x200, 0x800000000000000, 0x6e, 0x5, 0x8, 0x7]}, 0x5c) 09:52:26 executing program 0: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x0, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) 09:52:26 executing program 2: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x100000000000000, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) 09:52:26 executing program 5: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x80000000000002, &(0x7f0000000000)=0x78, 0x4) bind$inet(r1, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1=0xe0000001}, 0x10) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f00000000c0)={0x1, &(0x7f0000f40ff8)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000040)='dctcp\x00', 0x7fff) sendto$inet(r1, &(0x7f0000a88f88), 0xfffffffffffffe6e, 0x20000000, &(0x7f0000e68000)={0x2, 0x4004e23, @local={0xac, 0x14, 0x14, 0xaa}}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000001800)='nv\x00', 0x3) shutdown(r1, 0x2) 09:52:26 executing program 1: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x80000000000002, &(0x7f0000000000)=0x78, 0x4) bind$inet(r1, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1=0xe0000001}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000040)='dctcp\x00', 0x7fff) sendto$inet(r1, &(0x7f0000a88f88), 0xfffffffffffffe6e, 0x200003e8, &(0x7f0000e68000)={0x2, 0x4004e23, @local={0xac, 0x14, 0x14, 0xaa}}, 0x10) shutdown(r1, 0x1) 09:52:26 executing program 7 (fault-call:4 fault-nth:0): syz_mount_image$vfat(&(0x7f0000000140)='vfat\x00', &(0x7f0000000100)='./file0\x00', 0x10001, 0x1, &(0x7f0000000040)=[{&(0x7f0000010000)="eb64c86d6b66732e66617400020441000500077008f8", 0x16}], 0x0, &(0x7f0000000240)=ANY=[]) r0 = open(&(0x7f00000001c0)='./file0/file0\x00', 0x3bffa, 0x0) io_setup(0x7, &(0x7f0000000000)=0x0) write$binfmt_elf32(r0, &(0x7f0000000180)=ANY=[@ANYRES64], 0xfffffe45) io_submit(r1, 0x1, &(0x7f0000000400)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r0, &(0x7f00000002c0)="80", 0x1}]) 09:52:26 executing program 2: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x3f00, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) 09:52:26 executing program 0: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x0, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) 09:52:26 executing program 4: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) lstat(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)) clone(0x4000, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rtc0\x00', 0x105240, 0x0) ioctl$TUNSETVNETLE(r0, 0x400454dc, &(0x7f0000000140)) 09:52:26 executing program 2: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x72121b000000, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) 09:52:26 executing program 1: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x80000000000002, &(0x7f0000000000)=0x78, 0x4) bind$inet(r1, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1=0xe0000001}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000040)='dctcp\x00', 0x7fff) sendto$inet(r1, &(0x7f0000a88f88), 0xfffffffffffffe6e, 0x20000007, &(0x7f0000e68000)={0x2, 0x4004e23, @local={0xac, 0x14, 0x14, 0xaa}}, 0x10) shutdown(r1, 0x1) [ 213.294753] FAT-fs (loop7): Directory bread(block 128) failed [ 213.317554] FAT-fs (loop7): Directory bread(block 129) failed 09:52:26 executing program 0: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x0, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) [ 213.357212] FAT-fs (loop7): Directory bread(block 130) failed [ 213.379873] FAT-fs (loop7): Directory bread(block 131) failed 09:52:26 executing program 2: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x1f000000, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) 09:52:26 executing program 4: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x4000, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) [ 213.408247] FAT-fs (loop7): Directory bread(block 132) failed [ 213.439132] FAT-fs (loop7): Directory bread(block 133) failed [ 213.462279] FAT-fs (loop7): Directory bread(block 134) failed [ 213.478456] FAT-fs (loop7): Directory bread(block 135) failed [ 213.508315] FAT-fs (loop7): Directory bread(block 136) failed [ 213.516417] FAT-fs (loop7): Directory bread(block 137) failed [ 213.574972] attempt to access beyond end of device [ 213.579954] loop7: rw=2049, want=310, limit=128 [ 213.584739] buffer_io_error: 22 callbacks suppressed [ 213.584747] Buffer I/O error on dev loop7, logical block 309, lost async page write [ 213.598046] attempt to access beyond end of device [ 213.603010] loop7: rw=2049, want=311, limit=128 [ 213.607727] Buffer I/O error on dev loop7, logical block 310, lost async page write [ 213.615766] attempt to access beyond end of device [ 213.620728] loop7: rw=2049, want=312, limit=128 [ 213.625413] Buffer I/O error on dev loop7, logical block 311, lost async page write [ 213.633390] attempt to access beyond end of device [ 213.638613] loop7: rw=2049, want=313, limit=128 [ 213.643332] Buffer I/O error on dev loop7, logical block 312, lost async page write [ 213.651570] attempt to access beyond end of device [ 213.656542] loop7: rw=2049, want=326, limit=128 [ 213.661225] Buffer I/O error on dev loop7, logical block 325, lost async page write [ 213.669327] attempt to access beyond end of device [ 213.674289] loop7: rw=2049, want=327, limit=128 [ 213.678974] Buffer I/O error on dev loop7, logical block 326, lost async page write [ 213.687205] attempt to access beyond end of device [ 213.692170] loop7: rw=2049, want=328, limit=128 [ 213.696857] Buffer I/O error on dev loop7, logical block 327, lost async page write [ 213.704674] attempt to access beyond end of device [ 213.709619] loop7: rw=2049, want=329, limit=128 [ 213.714295] Buffer I/O error on dev loop7, logical block 328, lost async page write [ 213.723053] attempt to access beyond end of device [ 213.728044] loop7: rw=2049, want=2153, limit=128 [ 213.736116] FAULT_INJECTION: forcing a failure. [ 213.736116] name failslab, interval 1, probability 0, space 0, times 0 [ 213.747385] CPU: 1 PID: 12130 Comm: syz-executor7 Not tainted 4.18.0-rc5-next-20180720+ #12 [ 213.755881] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 213.765226] Call Trace: [ 213.767803] dump_stack+0x1c9/0x2b4 [ 213.771432] ? dump_stack_print_info.cold.2+0x52/0x52 [ 213.776619] ? handle_mm_fault+0x55d/0xc80 [ 213.780838] should_fail.cold.4+0xa/0x11 [ 213.784899] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 213.790001] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 213.795528] ? __do_page_fault+0x449/0xe50 [ 213.799779] ? trace_hardirqs_on+0x10/0x10 [ 213.804003] ? lock_release+0xa30/0xa30 [ 213.807981] ? do_page_fault+0xf6/0x8c0 [ 213.811956] ? vmalloc_sync_all+0x30/0x30 [ 213.816091] ? lock_acquire+0x1e4/0x540 [ 213.820056] ? fs_reclaim_acquire+0x20/0x20 [ 213.824368] ? lock_downgrade+0x8f0/0x8f0 [ 213.828507] ? check_same_owner+0x340/0x340 [ 213.832822] ? lock_release+0xa30/0xa30 [ 213.836781] ? check_same_owner+0x340/0x340 [ 213.841097] ? rcu_note_context_switch+0x730/0x730 [ 213.846020] __should_failslab+0x124/0x180 [ 213.850246] should_failslab+0x9/0x14 [ 213.854042] kmem_cache_alloc+0x2af/0x760 [ 213.858204] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 213.863740] ? _copy_from_user+0xdf/0x150 [ 213.867878] io_submit_one+0x194/0xe20 [ 213.871754] ? aio_read+0x490/0x490 [ 213.875380] ? lock_release+0xa30/0xa30 [ 213.879347] ? check_same_owner+0x340/0x340 [ 213.883668] ? fsnotify_first_mark+0x350/0x350 [ 213.888254] ? __fsnotify_parent+0xcc/0x420 [ 213.892572] __x64_sys_io_submit+0x1b7/0x550 [ 213.896970] ? __ia32_sys_io_destroy+0x550/0x550 [ 213.901718] ? __ia32_sys_read+0xb0/0xb0 [ 213.905763] ? exit_aio+0x560/0x560 [ 213.909374] do_syscall_64+0x1b9/0x820 [ 213.913240] ? __ia32_sys_io_destroy+0x550/0x550 [ 213.917980] ? do_syscall_64+0x1b9/0x820 [ 213.922033] ? finish_task_switch+0x1d3/0x870 [ 213.926514] ? syscall_return_slowpath+0x5e0/0x5e0 [ 213.931433] ? syscall_return_slowpath+0x31d/0x5e0 [ 213.936360] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 213.941376] ? prepare_exit_to_usermode+0x291/0x3b0 [ 213.946398] ? perf_trace_sys_enter+0xb10/0xb10 [ 213.951092] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 213.955943] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 213.961129] RIP: 0033:0x455ab9 [ 213.964306] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 213.983461] RSP: 002b:00007ff0242c5c68 EFLAGS: 00000246 ORIG_RAX: 00000000000000d1 [ 213.991170] RAX: ffffffffffffffda RBX: 00007ff0242c66d4 RCX: 0000000000455ab9 [ 213.998425] RDX: 0000000020000400 RSI: 0000000000000001 RDI: 00007ff0242a5000 [ 214.005686] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 214.012940] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000014 [ 214.020195] R13: 00000000004bc522 R14: 00000000004cab40 R15: 0000000000000000 09:52:26 executing program 6: mkdir(&(0x7f00000003c0)='./control\x00', 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000480)={0xaa}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000200)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = creat(&(0x7f0000000040)='./control/file0\x00', 0x0) write$sndseq(r1, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) mkdir(&(0x7f0000000100)='./file0\x00', 0x0) r2 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000140)='/dev/dsp\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='9p\x00', 0x0, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c}) close(r0) 09:52:27 executing program 3: mkdir(&(0x7f00000003c0)='./control\x00', 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000480)={0xaa}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000200)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = creat(&(0x7f0000000040)='./control/file0\x00', 0x0) write$sndseq(r1, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) mkdir(&(0x7f0000000100)='./file0\x00', 0x0) r2 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000140)='/dev/dsp\x00', 0x0, 0x0) pwrite64(r1, &(0x7f0000000080), 0x0, 0x0) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='9p\x00', 0x0, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c}) close(r0) 09:52:27 executing program 0: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x0, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) 09:52:27 executing program 4: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x4000, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) memfd_create(&(0x7f0000000040)='\x00', 0x2) 09:52:27 executing program 2: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x7fa29bb65000, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) 09:52:27 executing program 7 (fault-call:4 fault-nth:1): syz_mount_image$vfat(&(0x7f0000000140)='vfat\x00', &(0x7f0000000100)='./file0\x00', 0x10001, 0x1, &(0x7f0000000040)=[{&(0x7f0000010000)="eb64c86d6b66732e66617400020441000500077008f8", 0x16}], 0x0, &(0x7f0000000240)=ANY=[]) r0 = open(&(0x7f00000001c0)='./file0/file0\x00', 0x3bffa, 0x0) io_setup(0x7, &(0x7f0000000000)=0x0) write$binfmt_elf32(r0, &(0x7f0000000180)=ANY=[@ANYRES64], 0xfffffe45) io_submit(r1, 0x1, &(0x7f0000000400)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r0, &(0x7f00000002c0)="80", 0x1}]) 09:52:27 executing program 5: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x80000000000002, &(0x7f0000000000)=0x78, 0x4) bind$inet(r1, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1=0xe0000001}, 0x10) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f00000000c0)={0x1, &(0x7f0000f40ff8)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000040)='dctcp\x00', 0x7fff) sendto$inet(r1, &(0x7f0000a88f88), 0xfffffffffffffe6e, 0x20000000, &(0x7f0000e68000)={0x2, 0x4004e23, @local={0xac, 0x14, 0x14, 0xaa}}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000001800)='nv\x00', 0x3) shutdown(r1, 0x3) 09:52:27 executing program 1: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x80000000000002, &(0x7f0000000000)=0x78, 0x4) bind$inet(r1, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1=0xe0000001}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000040)='dctcp\x00', 0x7fff) sendto$inet(r1, &(0x7f0000a88f88), 0xfffffffffffffe6e, 0x20001c02, &(0x7f0000e68000)={0x2, 0x4004e23, @local={0xac, 0x14, 0x14, 0xaa}}, 0x10) shutdown(r1, 0x1) [ 214.519498] FAT-fs (loop7): Directory bread(block 128) failed [ 214.548496] FAT-fs (loop7): Directory bread(block 129) failed [ 214.563635] FAT-fs (loop7): Directory bread(block 130) failed 09:52:27 executing program 0: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x0, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) 09:52:27 executing program 2: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0xfffffff4, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) [ 214.569725] FAT-fs (loop7): Directory bread(block 131) failed [ 214.576293] FAT-fs (loop7): Directory bread(block 132) failed [ 214.582506] FAT-fs (loop7): Directory bread(block 133) failed [ 214.588865] FAT-fs (loop7): Directory bread(block 134) failed [ 214.594934] FAT-fs (loop7): Directory bread(block 135) failed [ 214.601399] FAT-fs (loop7): Directory bread(block 136) failed [ 214.607503] FAT-fs (loop7): Directory bread(block 137) failed 09:52:27 executing program 4: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = creat(&(0x7f0000000040)='./file0\x00', 0x59) ioctl$SNDRV_CTL_IOCTL_PCM_NEXT_DEVICE(r0, 0x80045530, &(0x7f0000000080)=""/43) clone(0x4000, &(0x7f0000000140), &(0x7f0000000240), &(0x7f00000000c0), &(0x7f0000000040)) socket$inet6(0xa, 0x4, 0x20) 09:52:27 executing program 2: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x11, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) 09:52:27 executing program 0: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x0, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) [ 214.756108] attempt to access beyond end of device [ 214.761167] loop7: rw=2049, want=310, limit=128 [ 214.765880] Buffer I/O error on dev loop7, logical block 309, lost async page write 09:52:27 executing program 2: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0xffffffff00000000, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) 09:52:27 executing program 0: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x0, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) 09:52:27 executing program 4: mlock(&(0x7f0000ffc000/0x3000)=nil, 0x3000) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x4000, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) [ 214.800460] attempt to access beyond end of device [ 214.805492] loop7: rw=2049, want=311, limit=128 [ 214.810207] Buffer I/O error on dev loop7, logical block 310, lost async page write [ 214.819109] attempt to access beyond end of device [ 214.824155] loop7: rw=2049, want=312, limit=128 [ 214.875148] attempt to access beyond end of device [ 214.880263] loop7: rw=2049, want=313, limit=128 [ 214.900517] attempt to access beyond end of device [ 214.905539] loop7: rw=2049, want=326, limit=128 [ 214.918868] attempt to access beyond end of device [ 214.923924] loop7: rw=2049, want=327, limit=128 [ 214.933748] attempt to access beyond end of device [ 214.938853] loop7: rw=2049, want=328, limit=128 [ 214.944929] attempt to access beyond end of device [ 214.949968] loop7: rw=2049, want=329, limit=128 [ 214.965353] attempt to access beyond end of device [ 214.970364] loop7: rw=2049, want=2153, limit=128 [ 214.983733] FAULT_INJECTION: forcing a failure. [ 214.983733] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 214.995656] CPU: 1 PID: 12189 Comm: syz-executor7 Not tainted 4.18.0-rc5-next-20180720+ #12 [ 215.004142] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 215.013484] Call Trace: [ 215.016071] dump_stack+0x1c9/0x2b4 [ 215.019688] ? dump_stack_print_info.cold.2+0x52/0x52 [ 215.025506] ? mem_cgroup_id_get_many+0x160/0x160 [ 215.030339] should_fail.cold.4+0xa/0x11 [ 215.034391] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 215.039482] ? lock_downgrade+0x8f0/0x8f0 [ 215.043631] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 215.049177] ? xas_start+0x23d/0x740 [ 215.052895] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 215.058419] ? find_get_entry+0xa6d/0x1120 [ 215.062643] ? lock_downgrade+0x8f0/0x8f0 [ 215.066801] ? lock_release+0xa30/0xa30 [ 215.070764] ? __unlock_page_memcg+0x72/0x100 [ 215.075251] ? lock_acquire+0x1e4/0x540 [ 215.079211] ? fs_reclaim_acquire+0x20/0x20 [ 215.083517] ? lock_downgrade+0x8f0/0x8f0 [ 215.087662] ? check_same_owner+0x340/0x340 [ 215.091968] ? rcu_note_context_switch+0x730/0x730 [ 215.096895] __alloc_pages_nodemask+0x36e/0xdb0 [ 215.101571] ? __alloc_pages_slowpath+0x2d00/0x2d00 [ 215.106581] ? lock_release+0xa30/0xa30 [ 215.110544] ? xas_create_range+0x4d0/0x4d0 [ 215.114855] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 215.119858] ? put_page+0x280/0x280 [ 215.123471] ? kasan_check_write+0x14/0x20 [ 215.127690] ? alloc_set_pte+0xaf6/0x1790 [ 215.131827] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 215.137388] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 215.142934] alloc_pages_current+0x10c/0x210 [ 215.147330] __page_cache_alloc+0x398/0x5e0 [ 215.151636] ? __wake_up_common_lock+0x1d0/0x330 [ 215.156380] ? lock_downgrade+0x8f0/0x8f0 [ 215.160537] ? filemap_range_has_page+0x4c0/0x4c0 [ 215.165385] pagecache_get_page+0x3a1/0xe40 [ 215.169704] ? find_get_pages_contig+0x1890/0x1890 [ 215.174621] ? find_get_entries_tag+0x1410/0x1410 [ 215.179452] ? __wake_up_common_lock+0x1d0/0x330 [ 215.184222] ? trace_hardirqs_on+0x10/0x10 [ 215.188449] ? lockdep_init_map+0x9/0x10 [ 215.192502] ? kasan_check_write+0x14/0x20 [ 215.196720] ? __init_rwsem+0x1cc/0x2a0 [ 215.200684] ? trace_hardirqs_on+0x10/0x10 [ 215.204914] ? trace_hardirqs_on+0x10/0x10 [ 215.209151] ? trace_hardirqs_on+0x10/0x10 [ 215.213376] ? trace_hardirqs_on+0x10/0x10 [ 215.217594] ? _raw_spin_unlock+0x22/0x30 [ 215.221743] grab_cache_page_write_begin+0x6f/0xa0 [ 215.226663] block_write_begin+0xae/0x370 [ 215.230798] ? fat_add_cluster+0x150/0x150 [ 215.235024] ? __block_write_begin+0x40/0x40 [ 215.239419] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 215.243988] ? kasan_check_read+0x11/0x20 [ 215.248121] ? do_raw_spin_unlock+0xa7/0x2f0 [ 215.252523] cont_write_begin+0x567/0x860 [ 215.256665] ? lock_downgrade+0x8f0/0x8f0 [ 215.260796] ? fat_add_cluster+0x150/0x150 [ 215.265021] ? __handle_mm_fault+0x976/0x44a0 [ 215.269506] ? block_write_begin+0x370/0x370 [ 215.273896] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 215.278900] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 215.284423] ? iov_iter_fault_in_readable+0x23d/0x460 [ 215.289601] ? copy_page_from_iter+0x890/0x890 [ 215.294171] ? __sanitizer_cov_trace_cmp8+0x10/0x20 [ 215.299183] ? ktime_get_coarse_real_ts64+0x243/0x3a0 [ 215.304373] fat_write_begin+0x8d/0x120 [ 215.308342] ? fat_add_cluster+0x150/0x150 [ 215.312568] generic_perform_write+0x3ae/0x6c0 [ 215.317149] ? add_page_wait_queue+0x2c0/0x2c0 [ 215.321731] ? current_time+0x1b0/0x1b0 [ 215.325709] ? down_write+0x8f/0x130 [ 215.329413] __generic_file_write_iter+0x26e/0x630 [ 215.334331] ? aio_write+0x4ce/0x610 [ 215.338045] generic_file_write_iter+0x438/0x870 [ 215.342801] ? __generic_file_write_iter+0x630/0x630 [ 215.347900] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 215.353776] ? __sb_start_write+0x17f/0x300 [ 215.358093] aio_write+0x3b1/0x610 [ 215.361620] ? aio_complete_rw+0x620/0x620 [ 215.365857] ? lock_downgrade+0x8f0/0x8f0 [ 215.370008] ? check_same_owner+0x340/0x340 [ 215.374334] ? lock_release+0xa30/0xa30 [ 215.378322] io_submit_one+0x997/0xe20 [ 215.382214] ? aio_read+0x490/0x490 [ 215.385849] ? check_same_owner+0x340/0x340 [ 215.390178] ? fsnotify_first_mark+0x350/0x350 [ 215.394762] ? __fsnotify_parent+0xcc/0x420 [ 215.399086] __x64_sys_io_submit+0x1b7/0x550 [ 215.403482] ? __ia32_sys_io_destroy+0x550/0x550 [ 215.408223] ? __ia32_sys_read+0xb0/0xb0 [ 215.412270] ? syscall_slow_exit_work+0x500/0x500 [ 215.417098] do_syscall_64+0x1b9/0x820 [ 215.420976] ? __ia32_sys_io_destroy+0x550/0x550 [ 215.425730] ? do_syscall_64+0x1b9/0x820 [ 215.429789] ? finish_task_switch+0x1d3/0x870 [ 215.434284] ? syscall_return_slowpath+0x5e0/0x5e0 [ 215.439202] ? syscall_return_slowpath+0x31d/0x5e0 [ 215.444114] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 215.449121] ? prepare_exit_to_usermode+0x291/0x3b0 [ 215.454126] ? perf_trace_sys_enter+0xb10/0xb10 [ 215.458779] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 215.463620] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 215.468794] RIP: 0033:0x455ab9 [ 215.471963] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 215.491309] RSP: 002b:00007ff0242c5c68 EFLAGS: 00000246 ORIG_RAX: 00000000000000d1 [ 215.499029] RAX: ffffffffffffffda RBX: 00007ff0242c66d4 RCX: 0000000000455ab9 [ 215.506282] RDX: 0000000020000400 RSI: 0000000000000001 RDI: 00007ff0242a5000 [ 215.513541] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 215.520801] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000014 [ 215.528052] R13: 00000000004bc522 R14: 00000000004cab40 R15: 0000000000000001 09:52:28 executing program 6: mkdir(&(0x7f00000003c0)='./control\x00', 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000480)={0xaa}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000200)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = creat(&(0x7f0000000040)='./control/file0\x00', 0x0) write$sndseq(r1, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='9p\x00', 0x0, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c}) close(r0) 09:52:29 executing program 4: r0 = perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x4, 0x4, 0x0, 0x0, 0x4, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfe00000000, 0x0, 0x0, 0xd2, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf3d, 0x0, 0x7, 0x0, 0x0, 0x0, @perf_config_ext={0x9, 0x3}, 0x0, 0x800, 0x0, 0x7}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$inet_tcp(0x2, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$inet_group_source_req(r1, 0x0, 0x2e, &(0x7f00000002c0)={0xfffffffffffffffc, {{0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x15}}}, {{0x2, 0x4e24, @multicast1=0xe0000001}}}, 0x108) clone(0x4000, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) r2 = dup2(r0, r0) ioctl$SIOCSIFMTU(r2, 0x8922, &(0x7f0000000040)={'veth1_to_team\x00', 0xda}) 09:52:29 executing program 2: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x8000000000000, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) 09:52:29 executing program 0: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x31}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x0, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) 09:52:29 executing program 1: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x80000000000002, &(0x7f0000000000)=0x78, 0x4) bind$inet(r1, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1=0xe0000001}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000040)='dctcp\x00', 0x7fff) sendto$inet(r1, &(0x7f0000a88f88), 0xfffffffffffffe6e, 0x200000c9, &(0x7f0000e68000)={0x2, 0x4004e23, @local={0xac, 0x14, 0x14, 0xaa}}, 0x10) shutdown(r1, 0x1) 09:52:29 executing program 7 (fault-call:4 fault-nth:2): syz_mount_image$vfat(&(0x7f0000000140)='vfat\x00', &(0x7f0000000100)='./file0\x00', 0x10001, 0x1, &(0x7f0000000040)=[{&(0x7f0000010000)="eb64c86d6b66732e66617400020441000500077008f8", 0x16}], 0x0, &(0x7f0000000240)=ANY=[]) r0 = open(&(0x7f00000001c0)='./file0/file0\x00', 0x3bffa, 0x0) io_setup(0x7, &(0x7f0000000000)=0x0) write$binfmt_elf32(r0, &(0x7f0000000180)=ANY=[@ANYRES64], 0xfffffe45) io_submit(r1, 0x1, &(0x7f0000000400)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r0, &(0x7f00000002c0)="80", 0x1}]) 09:52:29 executing program 5: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x80000000000002, &(0x7f0000000000)=0x78, 0x4) bind$inet(r1, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1=0xe0000001}, 0x10) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f00000000c0)={0x1, &(0x7f0000f40ff8)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000040)='dctcp\x00', 0x7fff) sendto$inet(r1, &(0x7f0000a88f88), 0xfffffffffffffe6e, 0x20000000, &(0x7f0000e68000)={0x2, 0x4004e23, @local={0xac, 0x14, 0x14, 0xaa}}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000001800)='nv\x00', 0x3) shutdown(r1, 0x7) 09:52:29 executing program 3: mkdir(&(0x7f00000003c0)='./control\x00', 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000480)={0xaa}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000200)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = creat(&(0x7f0000000040)='./control/file0\x00', 0x0) write$sndseq(r1, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) mkdir(&(0x7f0000000100)='./file0\x00', 0x0) r2 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000140)='/dev/dsp\x00', 0x0, 0x0) pwrite64(r1, &(0x7f0000000080), 0x20000080, 0x0) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='9p\x00', 0x0, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c}) close(r0) 09:52:29 executing program 0: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x31}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x0, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) 09:52:29 executing program 1: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x80000000000002, &(0x7f0000000000)=0x78, 0x4) bind$inet(r1, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1=0xe0000001}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000040)='dctcp\x00', 0x7fff) sendto$inet(r1, &(0x7f0000a88f88), 0xfffffffffffffe6e, 0x2000000d, &(0x7f0000e68000)={0x2, 0x4004e23, @local={0xac, 0x14, 0x14, 0xaa}}, 0x10) shutdown(r1, 0x1) 09:52:29 executing program 2: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x70630100000000, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) [ 216.477469] FAT-fs (loop7): Directory bread(block 128) failed [ 216.496716] FAT-fs (loop7): Directory bread(block 129) failed [ 216.512142] FAT-fs (loop7): Directory bread(block 130) failed 09:52:29 executing program 4: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x4000, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/packet\x00') semget$private(0x0, 0x3, 0x240) getsockopt$bt_BT_RCVMTU(r0, 0x112, 0xd, &(0x7f0000000080), &(0x7f00000000c0)=0x2) [ 216.560884] FAT-fs (loop7): Directory bread(block 131) failed [ 216.580365] FAT-fs (loop7): Directory bread(block 132) failed [ 216.601194] FAT-fs (loop7): Directory bread(block 133) failed 09:52:29 executing program 2: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x2000000, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) 09:52:29 executing program 0: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x31}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x0, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) [ 216.618172] FAT-fs (loop7): Directory bread(block 134) failed [ 216.636643] FAT-fs (loop7): Directory bread(block 135) failed [ 216.656523] FAT-fs (loop7): Directory bread(block 136) failed [ 216.664598] FAT-fs (loop7): Directory bread(block 137) failed [ 216.694398] 9pnet: Insufficient options for proto=fd 09:52:29 executing program 6: mkdir(&(0x7f00000003c0)='./control\x00', 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000480)={0xaa}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000200)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = creat(&(0x7f0000000040)='./control/file0\x00', 0x0) write$sndseq(r1, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='9p\x00', 0x0, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c}) close(r0) 09:52:29 executing program 4: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x4000, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000040)='/dev/zero\x00', 0x200400, 0x0) connect$vsock_dgram(r0, &(0x7f0000000080)={0x28, 0x0, 0x0, @any=0xffffffff}, 0x10) 09:52:29 executing program 2: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x3f000000, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) 09:52:29 executing program 0 (fault-call:1 fault-nth:0): perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x31}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x0, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) [ 216.786923] attempt to access beyond end of device [ 216.791983] loop7: rw=2049, want=310, limit=128 [ 216.801985] attempt to access beyond end of device [ 216.807009] loop7: rw=2049, want=311, limit=128 [ 216.812222] attempt to access beyond end of device [ 216.817253] loop7: rw=2049, want=312, limit=128 [ 216.822240] attempt to access beyond end of device [ 216.827227] loop7: rw=2049, want=313, limit=128 [ 216.832342] attempt to access beyond end of device [ 216.837367] loop7: rw=2049, want=326, limit=128 [ 216.843182] attempt to access beyond end of device [ 216.848207] loop7: rw=2049, want=327, limit=128 [ 216.854499] attempt to access beyond end of device [ 216.859539] loop7: rw=2049, want=328, limit=128 [ 216.871911] attempt to access beyond end of device [ 216.876986] loop7: rw=2049, want=329, limit=128 [ 216.882695] FAULT_INJECTION: forcing a failure. [ 216.882695] name failslab, interval 1, probability 0, space 0, times 0 [ 216.894162] CPU: 1 PID: 12319 Comm: syz-executor0 Not tainted 4.18.0-rc5-next-20180720+ #12 [ 216.899383] attempt to access beyond end of device [ 216.902653] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 216.902658] Call Trace: [ 216.902684] dump_stack+0x1c9/0x2b4 [ 216.902702] ? dump_stack_print_info.cold.2+0x52/0x52 [ 216.902722] ? kmem_cache_alloc+0x12e/0x760 [ 216.907653] loop7: rw=2049, want=2153, limit=128 [ 216.916980] ? __d_alloc+0xc8/0xd50 [ 216.916996] ? perf_trace_lock+0xde/0x920 [ 216.917022] should_fail.cold.4+0xa/0x11 [ 216.949280] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 216.954406] ? zap_class+0x740/0x740 [ 216.958141] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 216.963164] ? bpf_prog_kallsyms_find+0xde/0x4c0 [ 216.967942] ? lock_acquire+0x1e4/0x540 [ 216.971939] ? lock_acquire+0x1e4/0x540 [ 216.975926] ? fs_reclaim_acquire+0x20/0x20 [ 216.980256] ? lock_downgrade+0x8f0/0x8f0 09:52:29 executing program 2: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x1100, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) [ 216.984410] ? lock_downgrade+0x8f0/0x8f0 [ 216.988563] ? check_same_owner+0x340/0x340 [ 216.992892] ? rcu_note_context_switch+0x730/0x730 [ 216.997855] ? kasan_check_read+0x11/0x20 [ 217.002009] __should_failslab+0x124/0x180 [ 217.004771] FAULT_INJECTION: forcing a failure. [ 217.004771] name failslab, interval 1, probability 0, space 0, times 0 [ 217.006241] should_failslab+0x9/0x14 [ 217.006258] kmem_cache_alloc_node+0x272/0x780 [ 217.006275] ? __unlock_page_memcg+0x72/0x100 [ 217.006288] ? unlock_page_memcg+0x2c/0x40 [ 217.006314] copy_process.part.41+0x176a/0x73d0 [ 217.040021] ? zap_class+0x740/0x740 [ 217.043725] ? zap_class+0x740/0x740 [ 217.047431] ? perf_trace_lock+0xde/0x920 [ 217.051574] ? __cleanup_sighand+0x70/0x70 [ 217.055796] ? lock_release+0xa30/0xa30 [ 217.059760] ? xas_descend+0x20c/0x5f0 [ 217.063639] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 217.068644] ? check_pgprot+0xdf/0x180 [ 217.072520] ? put_page+0x280/0x280 [ 217.076137] ? kasan_check_write+0x14/0x20 [ 217.080372] ? alloc_set_pte+0xaf6/0x1790 [ 217.084513] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 217.089518] ? filemap_map_pages+0xca2/0x1990 [ 217.094010] ? trace_hardirqs_on+0x10/0x10 [ 217.098237] ? xa_set_tag+0x40/0x40 [ 217.101863] ? perf_trace_lock+0xde/0x920 [ 217.106000] ? trace_hardirqs_on+0x10/0x10 [ 217.110240] ? trace_hardirqs_on+0x10/0x10 [ 217.114463] ? trace_hardirqs_on+0x10/0x10 [ 217.118690] ? find_get_entries_tag+0x1410/0x1410 [ 217.123524] ? trace_hardirqs_on+0x10/0x10 [ 217.127746] ? perf_trace_lock+0xde/0x920 [ 217.131896] ? zap_class+0x740/0x740 [ 217.135599] ? zap_class+0x740/0x740 [ 217.139305] ? zap_class+0x740/0x740 [ 217.143021] ? shrink_dcache_sb+0x350/0x350 [ 217.147333] ? perf_trace_lock+0xde/0x920 [ 217.151472] ? lock_acquire+0x1e4/0x540 [ 217.155433] ? __fdget_pos+0x1bb/0x200 [ 217.159330] ? zap_class+0x740/0x740 [ 217.163032] ? lock_release+0xa30/0xa30 [ 217.166993] ? check_same_owner+0x340/0x340 [ 217.171307] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 217.176833] ? _parse_integer+0x13b/0x190 [ 217.180972] ? perf_trace_lock+0xde/0x920 [ 217.185105] ? _kstrtoull+0x188/0x250 [ 217.188894] ? _parse_integer+0x190/0x190 [ 217.193046] ? zap_class+0x740/0x740 [ 217.196755] ? __check_object_size+0xa3/0x5d7 [ 217.201247] ? lock_acquire+0x1e4/0x540 [ 217.205213] ? get_pid_task+0xd8/0x1a0 [ 217.209088] ? perf_trace_lock+0xde/0x920 [ 217.213246] ? lock_release+0xa30/0xa30 [ 217.217217] ? zap_class+0x740/0x740 [ 217.221015] ? vmf_insert_mixed_mkwrite+0xa0/0xa0 [ 217.225849] ? __f_unlock_pos+0x19/0x20 [ 217.229899] ? lock_downgrade+0x8f0/0x8f0 [ 217.234039] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 217.239567] ? proc_fail_nth_write+0x9e/0x210 [ 217.244067] ? lock_acquire+0x1e4/0x540 [ 217.248036] _do_fork+0x291/0x12a0 [ 217.251569] ? fork_idle+0x1a0/0x1a0 [ 217.255272] ? fsnotify_first_mark+0x350/0x350 [ 217.259848] ? fsnotify+0x14e0/0x14e0 [ 217.263644] ? __sb_end_write+0xac/0xe0 [ 217.267619] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 217.273146] ? fput+0x130/0x1a0 [ 217.276415] ? ksys_write+0x1ae/0x260 [ 217.280216] ? __ia32_sys_read+0xb0/0xb0 [ 217.284274] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 217.289819] __x64_sys_clone+0xbf/0x150 [ 217.293784] do_syscall_64+0x1b9/0x820 [ 217.297669] ? finish_task_switch+0x1d3/0x870 [ 217.302154] ? syscall_return_slowpath+0x5e0/0x5e0 [ 217.307071] ? syscall_return_slowpath+0x31d/0x5e0 [ 217.311990] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 217.316994] ? prepare_exit_to_usermode+0x291/0x3b0 [ 217.322000] ? perf_trace_sys_enter+0xb10/0xb10 [ 217.326659] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 217.331493] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 217.336669] RIP: 0033:0x455ab9 [ 217.339839] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 217.359092] RSP: 002b:00007f5327fa9c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 217.366806] RAX: ffffffffffffffda RBX: 00007f5327faa6d4 RCX: 0000000000455ab9 [ 217.374063] RDX: 0000000020000240 RSI: 0000000020000140 RDI: 0000000000000000 [ 217.381319] RBP: 000000000072bea0 R08: 00000000200002c0 R09: 0000000000000000 [ 217.388582] R10: 0000000020000280 R11: 0000000000000246 R12: 0000000000000014 [ 217.395837] R13: 00000000004bb85d R14: 00000000004c8d28 R15: 0000000000000000 [ 217.403111] CPU: 0 PID: 12261 Comm: syz-executor7 Not tainted 4.18.0-rc5-next-20180720+ #12 [ 217.411611] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 217.420966] Call Trace: [ 217.423563] dump_stack+0x1c9/0x2b4 [ 217.427209] ? dump_stack_print_info.cold.2+0x52/0x52 [ 217.432410] ? zap_class+0x740/0x740 [ 217.436135] ? zap_class+0x740/0x740 [ 217.439857] should_fail.cold.4+0xa/0x11 [ 217.443921] ? __getblk_gfp+0x10a/0xb10 [ 217.447906] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 217.453014] ? trace_hardirqs_on+0x10/0x10 [ 217.457257] ? xas_create_range+0x4d0/0x4d0 [ 217.461584] ? __getblk_gfp+0x10a/0xb10 [ 217.465571] ? block_invalidatepage+0x520/0x520 [ 217.470249] ? __find_get_block+0xe60/0xe60 [ 217.474668] ? check_same_owner+0x340/0x340 [ 217.479026] ? perf_trace_lock+0xde/0x920 [ 217.483185] ? zap_class+0x740/0x740 [ 217.486905] ? find_get_pages_range+0x9ee/0x1510 [ 217.491668] ? lock_downgrade+0x8f0/0x8f0 [ 217.495826] ? xa_set_tag+0x40/0x40 [ 217.499500] __should_failslab+0x124/0x180 [ 217.503748] should_failslab+0x9/0x14 [ 217.507567] kmem_cache_alloc+0x47/0x760 [ 217.511635] ? rcu_note_context_switch+0x730/0x730 [ 217.516596] ? mempool_free+0x370/0x370 [ 217.520576] mempool_alloc_slab+0x44/0x60 [ 217.524727] mempool_alloc+0x193/0x4b0 [ 217.528616] ? mempool_destroy+0x30/0x30 [ 217.532664] ? zap_class+0x740/0x740 [ 217.536367] ? perf_trace_lock+0xde/0x920 [ 217.540506] ? find_get_pages_range_tag+0xfa0/0x1590 [ 217.545600] bio_alloc_bioset+0x3a8/0x700 [ 217.549732] ? bvec_alloc+0x2d0/0x2d0 [ 217.553528] ? replace_page_cache_page+0xfa0/0xfa0 [ 217.558443] mpage_alloc.isra.8+0x3d/0x270 [ 217.562663] __mpage_writepage+0x155b/0x1a80 [ 217.567069] ? clean_buffers+0x300/0x300 [ 217.571119] ? clear_page_dirty_for_io+0x385/0x1240 [ 217.576123] ? balance_dirty_pages_ratelimited+0x2200/0x2200 [ 217.581906] ? trace_hardirqs_on+0xd/0x10 [ 217.586040] ? _raw_spin_unlock_irq+0x27/0x70 [ 217.590523] ? wb_domain_writeout_inc.part.26+0xa0/0xa0 [ 217.595871] ? check_same_owner+0x340/0x340 [ 217.600175] ? rcu_note_context_switch+0x730/0x730 [ 217.605090] write_cache_pages+0x92f/0x16b0 [ 217.609405] ? clean_buffers+0x300/0x300 [ 217.613452] ? clear_page_dirty_for_io+0x1240/0x1240 [ 217.618545] ? trace_hardirqs_on+0xd/0x10 [ 217.622677] ? trace_hardirqs_on+0x10/0x10 [ 217.626895] ? lock_downgrade+0x8f0/0x8f0 [ 217.631037] ? perf_trace_lock+0xde/0x920 [ 217.635168] ? __mark_inode_dirty+0x495/0x1550 [ 217.639744] ? zap_class+0x740/0x740 [ 217.643443] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 217.648451] ? balance_dirty_pages_ratelimited+0x1f7/0x2200 [ 217.654149] ? mark_buffer_dirty+0x15b/0x6d0 [ 217.658542] ? trace_hardirqs_on+0x10/0x10 [ 217.662764] ? balance_dirty_pages+0x37b0/0x37b0 [ 217.667519] ? blk_start_plug+0xcc/0x370 [ 217.671565] ? blk_lld_busy+0x70/0x70 [ 217.675354] ? wbc_attach_and_unlock_inode+0x646/0x9f0 [ 217.680617] ? lock_downgrade+0x8f0/0x8f0 [ 217.684775] ? fat_add_cluster+0x150/0x150 [ 217.689001] mpage_writepages+0x14c/0x320 [ 217.693134] ? mpage_end_io+0x1f0/0x1f0 [ 217.697090] ? fat_add_cluster+0x150/0x150 [ 217.701321] ? __filemap_fdatawrite_range+0x31d/0x4a0 [ 217.706586] ? zap_class+0x740/0x740 [ 217.710288] ? _raw_spin_unlock+0x22/0x30 [ 217.714423] ? wbc_attach_and_unlock_inode+0x64b/0x9f0 [ 217.719687] fat_writepages+0x24/0x30 [ 217.723470] ? fat_readpages+0x40/0x40 [ 217.727341] do_writepages+0x9a/0x1a0 [ 217.731129] __filemap_fdatawrite_range+0x364/0x4a0 [ 217.736130] ? delete_from_page_cache_batch+0x1430/0x1430 [ 217.741652] ? generic_file_write_iter+0x447/0x870 [ 217.746568] ? lock_downgrade+0x8f0/0x8f0 [ 217.750705] file_write_and_wait_range+0x98/0x100 [ 217.755531] __generic_file_fsync+0x78/0x200 [ 217.759922] generic_file_fsync+0x77/0x120 [ 217.764144] fat_file_fsync+0x77/0x180 [ 217.768020] ? fat_free_clusters.cold.15+0x38/0x38 [ 217.772933] vfs_fsync_range+0x140/0x220 [ 217.776978] ? aio_write+0x4ce/0x610 [ 217.780688] generic_file_write_iter+0x606/0x870 [ 217.785429] ? __generic_file_write_iter+0x630/0x630 [ 217.790517] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 217.796049] ? __sb_start_write+0x17f/0x300 [ 217.800363] aio_write+0x3b1/0x610 [ 217.803898] ? aio_complete_rw+0x620/0x620 [ 217.808122] ? lock_downgrade+0x8f0/0x8f0 [ 217.812253] ? check_same_owner+0x340/0x340 [ 217.816557] ? lock_release+0xa30/0xa30 [ 217.820524] io_submit_one+0x997/0xe20 [ 217.824396] ? aio_read+0x490/0x490 [ 217.828013] ? check_same_owner+0x340/0x340 [ 217.832330] __x64_sys_io_submit+0x1b7/0x550 [ 217.836721] ? __ia32_sys_io_destroy+0x550/0x550 [ 217.841460] ? __ia32_sys_read+0xb0/0xb0 [ 217.845505] ? syscall_slow_exit_work+0x500/0x500 [ 217.850332] do_syscall_64+0x1b9/0x820 [ 217.854204] ? __ia32_sys_io_destroy+0x550/0x550 [ 217.858940] ? do_syscall_64+0x1b9/0x820 [ 217.862982] ? syscall_slow_exit_work+0x500/0x500 [ 217.867808] ? syscall_return_slowpath+0x5e0/0x5e0 [ 217.872737] ? syscall_return_slowpath+0x31d/0x5e0 [ 217.877669] ? prepare_exit_to_usermode+0x291/0x3b0 [ 217.882669] ? perf_trace_sys_enter+0xb10/0xb10 [ 217.887323] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 217.892154] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 217.897334] RIP: 0033:0x455ab9 [ 217.900764] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 217.919957] RSP: 002b:00007ff0242c5c68 EFLAGS: 00000246 ORIG_RAX: 00000000000000d1 [ 217.927649] RAX: ffffffffffffffda RBX: 00007ff0242c66d4 RCX: 0000000000455ab9 [ 217.934901] RDX: 0000000020000400 RSI: 0000000000000001 RDI: 00007ff0242a5000 09:52:30 executing program 4: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0xa8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$midi(&(0x7f00000000c0)='/dev/midi#\x00', 0x5, 0x200000) getsockopt$SO_COOKIE(r0, 0x1, 0x39, &(0x7f0000000100), &(0x7f0000000140)=0x8) clone(0x4000, &(0x7f0000000140), &(0x7f0000000080), &(0x7f0000000040), &(0x7f00000002c0)) 09:52:30 executing program 1: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x80000000000002, &(0x7f0000000000)=0x78, 0x4) bind$inet(r1, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1=0xe0000001}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000040)='dctcp\x00', 0x7fff) sendto$inet(r1, &(0x7f0000a88f88), 0xfffffffffffffe6e, 0x20000014, &(0x7f0000e68000)={0x2, 0x4004e23, @local={0xac, 0x14, 0x14, 0xaa}}, 0x10) shutdown(r1, 0x1) [ 217.942151] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 217.949401] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000014 [ 217.956669] R13: 00000000004bc522 R14: 00000000004cab40 R15: 0000000000000002 [ 217.968123] attempt to access beyond end of device [ 217.971456] 9pnet: Insufficient options for proto=fd [ 217.973128] loop7: rw=2049, want=2154, limit=128 09:52:30 executing program 7: syz_mount_image$vfat(&(0x7f0000000140)='vfat\x00', &(0x7f0000000100)='./file0\x00', 0x10001, 0x1, &(0x7f0000000040)=[{&(0x7f0000010000)="eb64c86d6b66732e66617400020441000500077008f8", 0x16}], 0x0, &(0x7f0000000240)=ANY=[]) r0 = open(&(0x7f00000001c0)='./file0/file0\x00', 0x3bffa, 0x0) io_setup(0x7, &(0x7f0000000000)=0x0) write$binfmt_elf32(r0, &(0x7f0000000180)=ANY=[@ANYRES64], 0xfffffe45) io_submit(r1, 0x1, &(0x7f0000000400)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r0, &(0x7f00000002c0)="80", 0x1}]) 09:52:31 executing program 5: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x80000000000002, &(0x7f0000000000)=0x78, 0x4) bind$inet(r1, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1=0xe0000001}, 0x10) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f00000000c0)={0x1, &(0x7f0000f40ff8)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000040)='dctcp\x00', 0x7fff) sendto$inet(r1, &(0x7f0000a88f88), 0xfffffffffffffe6e, 0x20000000, &(0x7f0000e68000)={0x2, 0x4004e23, @local={0xac, 0x14, 0x14, 0xaa}}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000001800)='nv\x00', 0x3) shutdown(r1, 0x6) [ 218.121171] FAT-fs (loop7): Directory bread(block 128) failed [ 218.128418] FAT-fs (loop7): Directory bread(block 129) failed [ 218.135434] FAT-fs (loop7): Directory bread(block 130) failed [ 218.141422] FAT-fs (loop7): Directory bread(block 131) failed [ 218.147571] FAT-fs (loop7): Directory bread(block 132) failed [ 218.153624] FAT-fs (loop7): Directory bread(block 133) failed [ 218.160083] FAT-fs (loop7): Directory bread(block 134) failed [ 218.166005] FAT-fs (loop7): Directory bread(block 135) failed [ 218.172041] FAT-fs (loop7): Directory bread(block 136) failed [ 218.177951] FAT-fs (loop7): Directory bread(block 137) failed [ 218.222453] attempt to access beyond end of device [ 218.227440] loop7: rw=2049, want=310, limit=128 [ 218.232437] attempt to access beyond end of device [ 218.237416] loop7: rw=2049, want=311, limit=128 [ 218.242130] attempt to access beyond end of device [ 218.247075] loop7: rw=2049, want=312, limit=128 [ 218.251784] attempt to access beyond end of device [ 218.256718] loop7: rw=2049, want=313, limit=128 [ 218.261413] attempt to access beyond end of device [ 218.266342] loop7: rw=2049, want=326, limit=128 [ 218.271047] attempt to access beyond end of device [ 218.275992] loop7: rw=2049, want=327, limit=128 [ 218.280759] attempt to access beyond end of device [ 218.285713] loop7: rw=2049, want=328, limit=128 [ 218.290435] attempt to access beyond end of device [ 218.295396] loop7: rw=2049, want=329, limit=128 [ 218.301459] attempt to access beyond end of device [ 218.306422] loop7: rw=2049, want=2153, limit=128 [ 218.322372] attempt to access beyond end of device [ 218.327383] loop7: rw=2049, want=2154, limit=128 09:52:31 executing program 3: mkdir(&(0x7f00000003c0)='./control\x00', 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000480)={0xaa}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000200)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = creat(&(0x7f0000000040)='./control/file0\x00', 0x0) write$sndseq(r1, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) mkdir(&(0x7f0000000100)='./file0\x00', 0x0) r2 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000140)='/dev/dsp\x00', 0x0, 0x0) pwrite64(r1, &(0x7f0000000080), 0x8000002000000000, 0x0) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='9p\x00', 0x0, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c}) close(r0) 09:52:31 executing program 0 (fault-call:1 fault-nth:1): perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x31}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x0, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) 09:52:31 executing program 2: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x8, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) 09:52:31 executing program 6: mkdir(&(0x7f00000003c0)='./control\x00', 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000480)={0xaa}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000200)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = creat(&(0x7f0000000040)='./control/file0\x00', 0x0) write$sndseq(r1, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='9p\x00', 0x0, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c}) close(r0) 09:52:31 executing program 4: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x4000, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x220100, 0x0) getsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x23, &(0x7f0000000100)={@rand_addr, @multicast2, 0x0}, &(0x7f0000000140)=0xc) ioctl$TUNSETIFINDEX(r0, 0x400454da, &(0x7f0000000200)=r1) r2 = syz_open_dev$mouse(&(0x7f0000000040)='/dev/input/mouse#\x00', 0x8, 0x80200) syz_extract_tcp_res(&(0x7f00000002c0), 0xfff, 0x8) setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r2, 0x10e, 0x1, &(0x7f0000000080)=0xc, 0x4) 09:52:31 executing program 1: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x80000000000002, &(0x7f0000000000)=0x78, 0x4) bind$inet(r1, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1=0xe0000001}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000040)='dctcp\x00', 0x7fff) sendto$inet(r1, &(0x7f0000a88f88), 0xfffffffffffffe6e, 0x20002e00, &(0x7f0000e68000)={0x2, 0x4004e23, @local={0xac, 0x14, 0x14, 0xaa}}, 0x10) shutdown(r1, 0x1) 09:52:31 executing program 7: syz_mount_image$vfat(&(0x7f0000000140)='vfat\x00', &(0x7f0000000100)='./file0\x00', 0x10001, 0x1, &(0x7f0000000040)=[{&(0x7f0000010000)="eb64c86d6b66732e66617400020441000500077008f8", 0x16}], 0x0, &(0x7f0000000240)=ANY=[]) r0 = open(&(0x7f00000001c0)='./file0/file0\x00', 0x3bffa, 0x0) io_setup(0x7, &(0x7f0000000000)=0x0) write$binfmt_elf32(r0, &(0x7f0000000180)=ANY=[@ANYRES64], 0xfffffe45) io_submit(r1, 0x10, &(0x7f0000000400)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r0, &(0x7f00000002c0)="80", 0x1}]) [ 219.025791] FAULT_INJECTION: forcing a failure. [ 219.025791] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 219.037741] CPU: 0 PID: 12377 Comm: syz-executor0 Not tainted 4.18.0-rc5-next-20180720+ #12 [ 219.046250] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 219.055617] Call Trace: [ 219.058229] dump_stack+0x1c9/0x2b4 [ 219.061878] ? dump_stack_print_info.cold.2+0x52/0x52 [ 219.067105] should_fail.cold.4+0xa/0x11 09:52:32 executing program 2: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x10000200, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) 09:52:32 executing program 4: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='numa_maps\x00') getsockopt$inet_sctp6_SCTP_PR_STREAM_STATUS(r0, 0x84, 0x74, &(0x7f0000000080)=""/108, &(0x7f0000000140)=0x6c) clone(0x4000, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) [ 219.071194] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 219.076323] ? is_bpf_text_address+0xd7/0x170 [ 219.080841] ? kernel_text_address+0x79/0xf0 [ 219.085270] ? __kernel_text_address+0xd/0x40 [ 219.089778] ? unwind_get_return_address+0x61/0xa0 [ 219.094757] ? lock_acquire+0x1e4/0x540 [ 219.098754] ? fs_reclaim_acquire+0x20/0x20 [ 219.103091] ? lock_downgrade+0x8f0/0x8f0 [ 219.107266] ? check_same_owner+0x340/0x340 [ 219.111611] ? rcu_note_context_switch+0x730/0x730 [ 219.116560] ? lock_acquire+0x1e4/0x540 [ 219.120572] __alloc_pages_nodemask+0x36e/0xdb0 [ 219.125262] ? __alloc_pages_slowpath+0x2d00/0x2d00 [ 219.130302] ? percpu_ref_put_many+0x131/0x240 [ 219.134888] ? mem_cgroup_id_get_online+0x310/0x310 [ 219.139990] ? kasan_kmalloc+0xc4/0xe0 [ 219.143938] ? kasan_slab_alloc+0x12/0x20 [ 219.148080] ? kmem_cache_alloc_node+0x305/0x780 [ 219.152839] copy_process.part.41+0x50e/0x73d0 [ 219.157412] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 219.162937] ? perf_swevent_event+0x158/0x2e0 [ 219.167424] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 219.172949] ? perf_tp_event+0x91b/0xc40 [ 219.177794] ? perf_swevent_event+0x2e0/0x2e0 [ 219.182288] ? __cleanup_sighand+0x70/0x70 [ 219.186516] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 219.193060] ? perf_tp_event+0x91b/0xc40 [ 219.197114] ? xas_descend+0x20c/0x5f0 [ 219.201000] ? perf_swevent_event+0x2e0/0x2e0 [ 219.205503] ? perf_swevent_event+0x158/0x2e0 [ 219.209990] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 219.216484] ? perf_tp_event+0x91b/0xc40 [ 219.220541] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 219.225551] ? filemap_map_pages+0xca2/0x1990 [ 219.230044] ? perf_swevent_event+0x2e0/0x2e0 [ 219.234537] ? perf_trace_run_bpf_submit+0x269/0x3b0 [ 219.239635] ? perf_trace_run_bpf_submit+0x269/0x3b0 [ 219.244737] ? perf_tp_event+0xc40/0xc40 [ 219.248804] ? perf_trace_run_bpf_submit+0x269/0x3b0 [ 219.253897] ? perf_trace_run_bpf_submit+0x269/0x3b0 [ 219.258989] ? perf_trace_run_bpf_submit+0x270/0x3b0 [ 219.264089] ? perf_tp_event+0xc40/0xc40 [ 219.268174] ? zap_class+0x740/0x740 [ 219.271890] ? perf_trace_run_bpf_submit+0x269/0x3b0 [ 219.276982] ? perf_trace_run_bpf_submit+0x269/0x3b0 [ 219.282076] ? perf_trace_run_bpf_submit+0x270/0x3b0 [ 219.287172] ? perf_tp_event+0xc40/0xc40 [ 219.291227] ? zap_class+0x740/0x740 [ 219.294939] ? memset+0x31/0x40 [ 219.298212] ? perf_trace_lock+0x49d/0x920 [ 219.302437] ? perf_trace_run_bpf_submit+0x269/0x3b0 [ 219.307531] ? perf_trace_run_bpf_submit+0x270/0x3b0 [ 219.312636] ? zap_class+0x740/0x740 [ 219.316342] ? __check_object_size+0xa3/0x5d7 [ 219.320829] ? memset+0x31/0x40 [ 219.324111] ? zap_class+0x740/0x740 [ 219.327821] ? __f_unlock_pos+0x19/0x20 [ 219.331786] ? lock_downgrade+0x8f0/0x8f0 [ 219.335931] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 219.341459] ? proc_fail_nth_write+0x9e/0x210 [ 219.345949] ? lock_acquire+0x1e4/0x540 [ 219.349924] _do_fork+0x291/0x12a0 [ 219.353555] ? fork_idle+0x1a0/0x1a0 [ 219.357260] ? fsnotify_first_mark+0x350/0x350 [ 219.361831] ? fsnotify+0x14e0/0x14e0 [ 219.365640] ? __sb_end_write+0xac/0xe0 [ 219.369614] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 219.375139] ? fput+0x130/0x1a0 [ 219.378410] ? ksys_write+0x1ae/0x260 [ 219.382203] ? __ia32_sys_read+0xb0/0xb0 [ 219.386252] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 219.391787] __x64_sys_clone+0xbf/0x150 [ 219.395756] do_syscall_64+0x1b9/0x820 [ 219.399633] ? finish_task_switch+0x1d3/0x870 [ 219.404119] ? syscall_return_slowpath+0x5e0/0x5e0 [ 219.409050] ? syscall_return_slowpath+0x31d/0x5e0 [ 219.413969] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 219.418975] ? prepare_exit_to_usermode+0x291/0x3b0 [ 219.423983] ? perf_trace_sys_enter+0xb10/0xb10 [ 219.428646] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 219.433577] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 219.438752] RIP: 0033:0x455ab9 [ 219.441933] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 219.461305] RSP: 002b:00007f5327fa9c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 219.469006] RAX: ffffffffffffffda RBX: 00007f5327faa6d4 RCX: 0000000000455ab9 [ 219.476275] RDX: 0000000020000240 RSI: 0000000020000140 RDI: 0000000000000000 [ 219.483530] RBP: 000000000072bea0 R08: 00000000200002c0 R09: 0000000000000000 [ 219.490787] R10: 0000000020000280 R11: 0000000000000246 R12: 0000000000000014 [ 219.498131] R13: 00000000004bb85d R14: 00000000004c8d28 R15: 0000000000000001 09:52:32 executing program 2: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0xf61d, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) 09:52:32 executing program 0 (fault-call:1 fault-nth:2): perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x31}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x0, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) [ 219.556511] FAT-fs (loop7): Directory bread(block 128) failed [ 219.569370] FAT-fs (loop7): Directory bread(block 129) failed [ 219.578941] FAT-fs (loop7): Directory bread(block 130) failed 09:52:32 executing program 5: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x80000000000002, &(0x7f0000000000)=0x78, 0x4) bind$inet(r1, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1=0xe0000001}, 0x10) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f00000000c0)={0x1, &(0x7f0000f40ff8)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000040)='dctcp\x00', 0x7fff) sendto$inet(r1, &(0x7f0000a88f88), 0xfffffffffffffe6e, 0x20000000, &(0x7f0000e68000)={0x2, 0x4004e23, @local={0xac, 0x14, 0x14, 0xaa}}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000001800)='nv\x00', 0x3) shutdown(r1, 0x9) [ 219.609869] FAT-fs (loop7): Directory bread(block 131) failed [ 219.617477] FAULT_INJECTION: forcing a failure. [ 219.617477] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 219.625135] FAT-fs (loop7): Directory bread(block 132) failed [ 219.629395] CPU: 0 PID: 12402 Comm: syz-executor0 Not tainted 4.18.0-rc5-next-20180720+ #12 [ 219.643729] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 219.653094] Call Trace: [ 219.655711] dump_stack+0x1c9/0x2b4 09:52:32 executing program 2: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x1f00, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) [ 219.657049] FAT-fs (loop7): Directory bread(block 133) failed [ 219.659353] ? dump_stack_print_info.cold.2+0x52/0x52 [ 219.659391] should_fail.cold.4+0xa/0x11 [ 219.659412] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 219.667058] FAT-fs (loop7): Directory bread(block 134) failed [ 219.670690] ? is_bpf_text_address+0xd7/0x170 [ 219.670719] ? kernel_text_address+0x79/0xf0 [ 219.670740] ? __kernel_text_address+0xd/0x40 [ 219.674948] FAT-fs (loop7): Directory bread(block 135) failed [ 219.679878] ? unwind_get_return_address+0x61/0xa0 [ 219.679920] ? lock_acquire+0x1e4/0x540 [ 219.679939] ? fs_reclaim_acquire+0x20/0x20 [ 219.686032] FAT-fs (loop7): Directory bread(block 136) failed [ 219.690279] ? lock_downgrade+0x8f0/0x8f0 [ 219.690306] ? check_same_owner+0x340/0x340 [ 219.690325] ? rcu_note_context_switch+0x730/0x730 [ 219.690342] ? lock_acquire+0x1e4/0x540 [ 219.694855] FAT-fs (loop7): Directory bread(block 137) failed [ 219.699217] __alloc_pages_nodemask+0x36e/0xdb0 [ 219.699236] ? lock_downgrade+0x8f0/0x8f0 [ 219.699257] ? __alloc_pages_slowpath+0x2d00/0x2d00 [ 219.699273] ? kasan_check_read+0x11/0x20 [ 219.699291] ? percpu_ref_put_many+0x131/0x240 [ 219.699307] ? mem_cgroup_id_get_online+0x310/0x310 [ 219.699326] ? kasan_kmalloc+0xc4/0xe0 [ 219.780537] ? kasan_slab_alloc+0x12/0x20 [ 219.784678] ? kmem_cache_alloc_node+0x305/0x780 [ 219.789447] copy_process.part.41+0x50e/0x73d0 [ 219.794025] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 219.799552] ? perf_swevent_event+0x158/0x2e0 [ 219.804041] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 219.809569] ? perf_tp_event+0x91b/0xc40 [ 219.813643] ? perf_swevent_event+0x2e0/0x2e0 [ 219.818135] ? __cleanup_sighand+0x70/0x70 [ 219.822385] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 219.827912] ? perf_tp_event+0x91b/0xc40 [ 219.831966] ? xas_descend+0x20c/0x5f0 [ 219.835863] ? perf_swevent_event+0x2e0/0x2e0 [ 219.840370] ? perf_swevent_event+0x158/0x2e0 [ 219.844860] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 219.850400] ? perf_tp_event+0x91b/0xc40 [ 219.854451] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 219.859463] ? filemap_map_pages+0xca2/0x1990 [ 219.863960] ? perf_swevent_event+0x2e0/0x2e0 [ 219.868451] ? perf_trace_run_bpf_submit+0x269/0x3b0 [ 219.873557] ? perf_trace_run_bpf_submit+0x269/0x3b0 [ 219.878659] ? perf_tp_event+0xc40/0xc40 [ 219.882719] ? perf_trace_run_bpf_submit+0x269/0x3b0 [ 219.887817] ? perf_trace_run_bpf_submit+0x269/0x3b0 [ 219.892910] ? perf_trace_run_bpf_submit+0x270/0x3b0 [ 219.898009] ? perf_tp_event+0xc40/0xc40 [ 219.902067] ? zap_class+0x740/0x740 [ 219.905785] ? perf_trace_run_bpf_submit+0x269/0x3b0 [ 219.910882] ? perf_trace_run_bpf_submit+0x269/0x3b0 [ 219.915987] ? perf_trace_run_bpf_submit+0x270/0x3b0 [ 219.921091] ? perf_tp_event+0xc40/0xc40 [ 219.925234] ? zap_class+0x740/0x740 [ 219.928942] ? memset+0x31/0x40 [ 219.933889] ? perf_trace_lock+0x49d/0x920 [ 219.938116] ? perf_trace_run_bpf_submit+0x269/0x3b0 [ 219.943210] ? perf_trace_run_bpf_submit+0x270/0x3b0 [ 219.948308] ? zap_class+0x740/0x740 [ 219.952034] ? __check_object_size+0xa3/0x5d7 [ 219.956529] ? memset+0x31/0x40 [ 219.959813] ? zap_class+0x740/0x740 [ 219.963537] ? __f_unlock_pos+0x19/0x20 [ 219.967507] ? lock_downgrade+0x8f0/0x8f0 [ 219.971658] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 219.977206] ? proc_fail_nth_write+0x9e/0x210 [ 219.982143] ? lock_acquire+0x1e4/0x540 [ 219.986125] _do_fork+0x291/0x12a0 [ 219.989667] ? fork_idle+0x1a0/0x1a0 [ 219.993379] ? fsnotify_first_mark+0x350/0x350 [ 219.997967] ? fsnotify+0x14e0/0x14e0 [ 220.001864] ? __sb_end_write+0xac/0xe0 [ 220.005840] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 220.011365] ? fput+0x130/0x1a0 [ 220.014648] ? ksys_write+0x1ae/0x260 [ 220.018458] ? __ia32_sys_read+0xb0/0xb0 [ 220.022514] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 220.028055] __x64_sys_clone+0xbf/0x150 [ 220.032045] do_syscall_64+0x1b9/0x820 [ 220.035932] ? finish_task_switch+0x1d3/0x870 [ 220.040427] ? syscall_return_slowpath+0x5e0/0x5e0 [ 220.045352] ? syscall_return_slowpath+0x31d/0x5e0 [ 220.050281] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 220.055293] ? prepare_exit_to_usermode+0x291/0x3b0 [ 220.060305] ? perf_trace_sys_enter+0xb10/0xb10 [ 220.064972] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 220.069816] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 220.075000] RIP: 0033:0x455ab9 [ 220.078189] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 220.097821] RSP: 002b:00007f5327fa9c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 09:52:33 executing program 4: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60000, 0x0, 0x0, 0x0, @perf_config_ext={0x270c, 0x5}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x4000, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) 09:52:33 executing program 2: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0xf4ffffff, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) [ 220.105627] RAX: ffffffffffffffda RBX: 00007f5327faa6d4 RCX: 0000000000455ab9 [ 220.112896] RDX: 0000000020000240 RSI: 0000000020000140 RDI: 0000000000000000 [ 220.120243] RBP: 000000000072bea0 R08: 00000000200002c0 R09: 0000000000000000 [ 220.127511] R10: 0000000020000280 R11: 0000000000000246 R12: 0000000000000014 [ 220.134864] R13: 00000000004bb85d R14: 00000000004c8d28 R15: 0000000000000002 [ 220.151552] 9pnet: Insufficient options for proto=fd 09:52:33 executing program 1: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x80000000000002, &(0x7f0000000000)=0x78, 0x4) bind$inet(r1, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1=0xe0000001}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000040)='dctcp\x00', 0x7fff) sendto$inet(r1, &(0x7f0000a88f88), 0xfffffffffffffe6e, 0x20004000, &(0x7f0000e68000)={0x2, 0x4004e23, @local={0xac, 0x14, 0x14, 0xaa}}, 0x10) shutdown(r1, 0x1) [ 220.395567] attempt to access beyond end of device [ 220.400657] loop7: rw=2049, want=2154, limit=128 [ 220.406291] attempt to access beyond end of device [ 220.411339] loop7: rw=2049, want=310, limit=128 [ 220.416049] buffer_io_error: 22 callbacks suppressed [ 220.416059] Buffer I/O error on dev loop7, logical block 309, lost async page write [ 220.429499] attempt to access beyond end of device [ 220.434590] loop7: rw=2049, want=311, limit=128 [ 220.439302] Buffer I/O error on dev loop7, logical block 310, lost async page write [ 220.447532] attempt to access beyond end of device [ 220.452568] loop7: rw=2049, want=312, limit=128 [ 220.457291] Buffer I/O error on dev loop7, logical block 311, lost async page write [ 220.465261] attempt to access beyond end of device [ 220.470224] loop7: rw=2049, want=313, limit=128 [ 220.474936] Buffer I/O error on dev loop7, logical block 312, lost async page write [ 220.482919] attempt to access beyond end of device [ 220.487914] loop7: rw=2049, want=326, limit=128 [ 220.492620] Buffer I/O error on dev loop7, logical block 325, lost async page write [ 220.500581] attempt to access beyond end of device [ 220.505620] loop7: rw=2049, want=327, limit=128 [ 220.510325] Buffer I/O error on dev loop7, logical block 326, lost async page write [ 220.518179] attempt to access beyond end of device [ 220.523220] loop7: rw=2049, want=328, limit=128 [ 220.527917] Buffer I/O error on dev loop7, logical block 327, lost async page write [ 220.536106] attempt to access beyond end of device [ 220.541120] loop7: rw=2049, want=329, limit=128 [ 220.545816] Buffer I/O error on dev loop7, logical block 328, lost async page write [ 220.554700] attempt to access beyond end of device [ 220.559665] loop7: rw=2049, want=2153, limit=128 09:52:34 executing program 3: mkdir(&(0x7f00000003c0)='./control\x00', 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000480)={0xaa}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000200)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = creat(&(0x7f0000000040)='./control/file0\x00', 0x0) write$sndseq(r1, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) mkdir(&(0x7f0000000100)='./file0\x00', 0x0) r2 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000140)='/dev/dsp\x00', 0x0, 0x0) pwrite64(r1, &(0x7f0000000080), 0xeffdffff, 0x0) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='9p\x00', 0x0, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c}) close(r0) 09:52:34 executing program 6: mkdir(&(0x7f00000003c0)='./control\x00', 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000480)={0xaa}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000200)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = creat(&(0x7f0000000040)='./control/file0\x00', 0x0) write$sndseq(r1, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) r2 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000140)='/dev/dsp\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='9p\x00', 0x0, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c}) close(r0) 09:52:34 executing program 0 (fault-call:1 fault-nth:3): perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x31}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x0, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) 09:52:34 executing program 2: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x2, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) 09:52:34 executing program 4: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x4000, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) r0 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000200)='/proc/self/net/pfkey\x00', 0x80000, 0x0) ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000080)={0x0, 0x0, 0x0, 0xc1, 0x4, 0x0, 0x16, 0x1f, 0x0, "c65c8577d7b0200286cd73a7c7e988dd98567fd6f11570320ed12a779a435bdbe18cb6d8e471ff25a0afa60aad4eef0b500b32793495b8e1fd7900888a3e9f59", "4df75bde0183f4acfc3b112a071c342eff371eccd5a73820d5cb172df70fea6ae4b4eaad8add34abc3490663f69bd77964d10e1d12b572711b2f4eb1bd13d591", "3d8e1f5e81dcd298b888785dcd68e6911c80ac7a5488b03038423e0cce049c3c", [0xfffffffffffffffd, 0x1]}) ioctl$LOOP_CHANGE_FD(r0, 0x4c06, r0) 09:52:34 executing program 7: syz_mount_image$vfat(&(0x7f0000000140)='vfat\x00', &(0x7f0000000100)='./file0\x00', 0x10001, 0x1, &(0x7f0000000040)=[{&(0x7f0000010000)="eb64c86d6b66732e66617400020441000500077008f8", 0x16}], 0x0, &(0x7f0000000240)=ANY=[]) r0 = open(&(0x7f00000001c0)='./file0/file0\x00', 0x3bffa, 0x0) io_setup(0x7, &(0x7f0000000000)=0x0) write$binfmt_elf32(r0, &(0x7f0000000180)=ANY=[@ANYRES64], 0xfffffe45) io_submit(r1, 0x25, &(0x7f0000000400)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r0, &(0x7f00000002c0)="80", 0x1}]) 09:52:34 executing program 5: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x80000000000002, &(0x7f0000000000)=0x78, 0x4) bind$inet(r1, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1=0xe0000001}, 0x10) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f00000000c0)={0x1, &(0x7f0000f40ff8)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000040)='dctcp\x00', 0x7fff) sendto$inet(r1, &(0x7f0000a88f88), 0xfffffffffffffe6e, 0x20000000, &(0x7f0000e68000)={0x2, 0x4004e23, @local={0xac, 0x14, 0x14, 0xaa}}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000001800)='nv\x00', 0x3) shutdown(r1, 0x1ad0) 09:52:34 executing program 1: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x80000000000002, &(0x7f0000000000)=0x78, 0x4) bind$inet(r1, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1=0xe0000001}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000040)='dctcp\x00', 0x7fff) sendto$inet(r1, &(0x7f0000a88f88), 0xfffffffffffffe6e, 0x20007008, &(0x7f0000e68000)={0x2, 0x4004e23, @local={0xac, 0x14, 0x14, 0xaa}}, 0x10) shutdown(r1, 0x1) [ 221.420592] FAT-fs (loop7): Directory bread(block 128) failed [ 221.442821] FAT-fs (loop7): Directory bread(block 129) failed [ 221.456974] FAT-fs (loop7): Directory bread(block 130) failed [ 221.463604] FAT-fs (loop7): Directory bread(block 131) failed [ 221.470239] FAULT_INJECTION: forcing a failure. [ 221.470239] name failslab, interval 1, probability 0, space 0, times 0 [ 221.481513] CPU: 1 PID: 12455 Comm: syz-executor0 Not tainted 4.18.0-rc5-next-20180720+ #12 [ 221.487427] FAT-fs (loop7): Directory bread(block 132) failed [ 221.490019] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 221.490026] Call Trace: [ 221.490050] dump_stack+0x1c9/0x2b4 [ 221.490068] ? dump_stack_print_info.cold.2+0x52/0x52 [ 221.490085] ? perf_trace_lock+0xde/0x920 [ 221.490108] should_fail.cold.4+0xa/0x11 [ 221.500035] FAT-fs (loop7): Directory bread(block 133) failed [ 221.505352] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 221.505371] ? lock_acquire+0x1e4/0x540 [ 221.505387] ? percpu_ref_put_many+0x119/0x240 [ 221.505399] ? lock_downgrade+0x8f0/0x8f0 [ 221.505417] ? lock_release+0xa30/0xa30 [ 221.508578] FAT-fs (loop7): Directory bread(block 134) failed [ 221.511607] ? memcg_kmem_get_cache+0x3a9/0x9d0 [ 221.511627] ? mem_cgroup_handle_over_high+0x130/0x130 [ 221.511643] ? fs_reclaim_acquire+0x20/0x20 [ 221.511659] ? lock_downgrade+0x8f0/0x8f0 [ 221.511682] ? lock_acquire+0x1e4/0x540 [ 221.517433] FAT-fs (loop7): Directory bread(block 135) failed [ 221.520993] ? fs_reclaim_acquire+0x20/0x20 [ 221.521011] ? lock_downgrade+0x8f0/0x8f0 [ 221.521031] ? check_same_owner+0x340/0x340 [ 221.521045] ? percpu_ref_put_many+0x131/0x240 [ 221.521058] ? rcu_note_context_switch+0x730/0x730 [ 221.521076] ? security_prepare_creds+0x94/0xc0 [ 221.525357] FAT-fs (loop7): Directory bread(block 136) failed [ 221.530988] __should_failslab+0x124/0x180 [ 221.531002] should_failslab+0x9/0x14 [ 221.531018] kmem_cache_alloc+0x2af/0x760 [ 221.531033] ? kasan_check_write+0x14/0x20 [ 221.531048] ? mod_zone_page_state+0xb5/0xe0 [ 221.531070] __delayacct_tsk_init+0x20/0x80 [ 221.536770] FAT-fs (loop7): Directory bread(block 137) failed [ 221.540107] copy_process.part.41+0x2d05/0x73d0 [ 221.540130] ? zap_class+0x740/0x740 [ 221.540145] ? zap_class+0x740/0x740 [ 221.540162] ? perf_trace_lock+0xde/0x920 [ 221.540180] ? __cleanup_sighand+0x70/0x70 [ 221.659527] attempt to access beyond end of device [ 221.662571] ? lock_release+0xa30/0xa30 [ 221.662588] ? xas_descend+0x20c/0x5f0 [ 221.662608] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 221.662621] ? check_pgprot+0xdf/0x180 [ 221.662636] ? put_page+0x280/0x280 [ 221.666899] loop7: rw=2049, want=310, limit=128 [ 221.670985] ? kasan_check_write+0x14/0x20 [ 221.671009] ? alloc_set_pte+0xaf6/0x1790 [ 221.675926] Buffer I/O error on dev loop7, logical block 309, lost async page write [ 221.679871] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 221.679889] ? filemap_map_pages+0xca2/0x1990 [ 221.716727] attempt to access beyond end of device [ 221.717033] ? trace_hardirqs_on+0x10/0x10 [ 221.717051] ? xa_set_tag+0x40/0x40 [ 221.722140] loop7: rw=2049, want=311, limit=128 [ 221.726541] ? perf_trace_lock+0xde/0x920 [ 221.726557] ? trace_hardirqs_on+0x10/0x10 [ 221.726575] ? trace_hardirqs_on+0x10/0x10 [ 221.731539] Buffer I/O error on dev loop7, logical block 310, lost async page write [ 221.735690] ? trace_hardirqs_on+0x10/0x10 [ 221.735712] ? find_get_entries_tag+0x1410/0x1410 [ 221.770893] attempt to access beyond end of device [ 221.773361] ? trace_hardirqs_on+0x10/0x10 [ 221.773378] ? perf_trace_lock+0xde/0x920 [ 221.773393] ? zap_class+0x740/0x740 [ 221.773409] ? zap_class+0x740/0x740 [ 221.773421] ? zap_class+0x740/0x740 [ 221.773439] ? shrink_dcache_sb+0x350/0x350 [ 221.778385] loop7: rw=2049, want=312, limit=128 [ 221.782581] ? perf_trace_lock+0xde/0x920 [ 221.782595] ? lock_acquire+0x1e4/0x540 [ 221.782611] ? __fdget_pos+0x1bb/0x200 [ 221.807211] attempt to access beyond end of device [ 221.810924] ? zap_class+0x740/0x740 [ 221.810940] ? lock_release+0xa30/0xa30 [ 221.810955] ? check_same_owner+0x340/0x340 [ 221.810972] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 221.810987] ? _parse_integer+0x13b/0x190 [ 221.811004] ? perf_trace_lock+0xde/0x920 [ 221.814999] loop7: rw=2049, want=313, limit=128 [ 221.818824] ? _kstrtoull+0x188/0x250 [ 221.818839] ? _parse_integer+0x190/0x190 [ 221.818857] ? zap_class+0x740/0x740 [ 221.847466] attempt to access beyond end of device [ 221.849502] ? __check_object_size+0xa3/0x5d7 [ 221.849525] ? lock_acquire+0x1e4/0x540 [ 221.849542] ? get_pid_task+0xd8/0x1a0 [ 221.849555] ? perf_trace_lock+0xde/0x920 [ 221.849571] ? lock_release+0xa30/0xa30 [ 221.854343] loop7: rw=2049, want=326, limit=128 [ 221.858100] ? zap_class+0x740/0x740 [ 221.858122] ? vmf_insert_mixed_mkwrite+0xa0/0xa0 [ 221.858138] ? __f_unlock_pos+0x19/0x20 [ 221.869998] attempt to access beyond end of device [ 221.870886] ? lock_downgrade+0x8f0/0x8f0 [ 221.870905] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 09:52:34 executing program 4: r0 = perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x4000, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) getpgrp(0xffffffffffffffff) getpid() r1 = fcntl$getown(r0, 0x9) r2 = syz_open_procfs(r1, &(0x7f0000000140)='ns\x00') bpf$MAP_CREATE(0x0, &(0x7f0000000040)={0xa, 0x401, 0x400, 0x8000, 0x2, r2}, 0x2c) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffff9c, 0x8933, &(0x7f0000000080)={'vcan0\x00', 0x0}) setsockopt$inet_pktinfo(r2, 0x0, 0x8, &(0x7f00000000c0)={r3, @multicast1=0xe0000001, @rand_addr=0x7}, 0xc) ioctl$EVIOCSABS3F(r2, 0x401845ff, &(0x7f0000000100)={0x6, 0xc41, 0x100000001, 0x7, 0x40, 0x11}) 09:52:34 executing program 2: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x3f00000000000000, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) 09:52:34 executing program 4: r0 = perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) fcntl$setstatus(r0, 0x4, 0x2400) clone(0x4000, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) 09:52:34 executing program 4: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x101, 0x100000001}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x4000, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) 09:52:34 executing program 4: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x4000, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) 09:52:34 executing program 4: r0 = perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x4000, &(0x7f0000000140), &(0x7f0000000040), &(0x7f0000000080), &(0x7f00000002c0)) r1 = open(&(0x7f00000000c0)='./file0\x00', 0x1, 0x18) fcntl$getownex(r1, 0x10, &(0x7f0000000280)={0x0, 0x0}) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x6, 0x7, 0x35b, 0x4, 0x0, 0x0, 0x90000, 0x1, 0x0, 0x8001, 0xa2, 0x800, 0xfffffffffffffffa, 0x5, 0x7fff, 0x1, 0x1000, 0x0, 0x1, 0x3, 0x2, 0x9, 0xc0000000, 0x3, 0x5, 0x7, 0x2, 0x252d, 0xffffffff80000001, 0xffff, 0x8, 0x8, 0x7, 0x20, 0x5, 0x9, 0x0, 0x4, 0x1, @perf_config_ext={0x6, 0x6}, 0x100, 0x1, 0x7, 0x3, 0xffffffff00000000, 0x1ff, 0x1}, r2, 0x6, r0, 0x3) getsockopt$inet_tcp_int(r1, 0x6, 0x17, &(0x7f0000000100), &(0x7f0000000140)=0x4) [ 221.870923] ? proc_fail_nth_write+0x9e/0x210 [ 221.875429] loop7: rw=2049, want=327, limit=128 [ 221.879364] ? lock_acquire+0x1e4/0x540 [ 221.879382] _do_fork+0x291/0x12a0 [ 221.879399] ? fork_idle+0x1a0/0x1a0 [ 221.910154] attempt to access beyond end of device [ 221.913409] ? fsnotify_first_mark+0x350/0x350 [ 221.913426] ? fsnotify+0x14e0/0x14e0 [ 221.913449] ? __sb_end_write+0xac/0xe0 [ 221.913466] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 221.913478] ? fput+0x130/0x1a0 [ 221.913493] ? ksys_write+0x1ae/0x260 [ 221.917647] loop7: rw=2049, want=328, limit=128 [ 221.923148] ? __ia32_sys_read+0xb0/0xb0 [ 221.923163] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 221.923183] __x64_sys_clone+0xbf/0x150 [ 221.970245] attempt to access beyond end of device [ 221.973272] do_syscall_64+0x1b9/0x820 [ 221.973287] ? finish_task_switch+0x1d3/0x870 [ 221.973304] ? syscall_return_slowpath+0x5e0/0x5e0 [ 221.973320] ? syscall_return_slowpath+0x31d/0x5e0 [ 221.973339] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 221.978031] loop7: rw=2049, want=329, limit=128 [ 221.982033] ? prepare_exit_to_usermode+0x291/0x3b0 [ 221.982047] ? perf_trace_sys_enter+0xb10/0xb10 [ 221.982065] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 222.022611] attempt to access beyond end of device [ 222.024297] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 222.024310] RIP: 0033:0x455ab9 [ 222.024313] Code: 1d ba fb ff c3 66 2e 0f 1f [ 222.029377] loop7: rw=2049, want=2153, limit=128 [ 222.033997] 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 222.077667] RSP: 002b:00007f5327fa9c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 222.085386] RAX: ffffffffffffffda RBX: 00007f5327faa6d4 RCX: 0000000000455ab9 [ 222.090329] attempt to access beyond end of device [ 222.092652] RDX: 0000000020000240 RSI: 0000000020000140 RDI: 0000000000000000 [ 222.092662] RBP: 000000000072bea0 R08: 00000000200002c0 R09: 0000000000000000 [ 222.092671] R10: 0000000020000280 R11: 0000000000000246 R12: 0000000000000014 09:52:35 executing program 4: r0 = perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000}, 0x0, 0xfffffffffffffffc, 0xffffffffffffffff, 0x0) r1 = dup(r0) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000040)={0x3, 0x40, 0x9, 'queue0\x00', 0x7}) clone(0x4000, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) 09:52:35 executing program 2: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0xf4ffffff00000000, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) [ 222.092679] R13: 00000000004bb85d R14: 00000000004c8d28 R15: 0000000000000003 [ 222.127041] loop7: rw=2049, want=2154, limit=128 [ 222.222043] attempt to access beyond end of device [ 222.227081] loop7: rw=2049, want=2154, limit=128 09:52:36 executing program 3: mkdir(&(0x7f00000003c0)='./control\x00', 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000480)={0xaa}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000200)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = creat(&(0x7f0000000040)='./control/file0\x00', 0x0) write$sndseq(r1, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) mkdir(&(0x7f0000000100)='./file0\x00', 0x0) r2 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000140)='/dev/dsp\x00', 0x0, 0x0) pwrite64(r1, &(0x7f0000000080), 0xfffffffffffffdef, 0x0) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='9p\x00', 0x0, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c}) close(r0) 09:52:36 executing program 0 (fault-call:1 fault-nth:4): perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x31}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x0, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) 09:52:36 executing program 6: mkdir(&(0x7f00000003c0)='./control\x00', 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000480)={0xaa}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000200)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = creat(&(0x7f0000000040)='./control/file0\x00', 0x0) write$sndseq(r1, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) r2 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000140)='/dev/dsp\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='9p\x00', 0x0, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c}) close(r0) 09:52:36 executing program 1: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x80000000000002, &(0x7f0000000000)=0x78, 0x4) bind$inet(r1, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1=0xe0000001}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000040)='dctcp\x00', 0x7fff) sendto$inet(r1, &(0x7f0000a88f88), 0xfffffffffffffe6e, 0x3000000, &(0x7f0000e68000)={0x2, 0x4004e23, @local={0xac, 0x14, 0x14, 0xaa}}, 0x10) shutdown(r1, 0x1) 09:52:36 executing program 2: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x1100000000000000, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) 09:52:36 executing program 7: syz_mount_image$vfat(&(0x7f0000000140)='vfat\x00', &(0x7f0000000100)='./file0\x00', 0x10001, 0x1, &(0x7f0000000040)=[{&(0x7f0000010000)="eb64c86d6b66732e66617400020441000500077008f8", 0x16}], 0x0, &(0x7f0000000240)=ANY=[]) r0 = open(&(0x7f00000001c0)='./file0/file0\x00', 0x3bffa, 0x0) io_setup(0x7, &(0x7f0000000000)=0x0) write$binfmt_elf32(r0, &(0x7f0000000180)=ANY=[@ANYRES64], 0xfffffe45) io_submit(r1, 0xfffffff, &(0x7f0000000400)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r0, &(0x7f00000002c0)="80", 0x1}]) 09:52:36 executing program 4: pipe2(&(0x7f00000000c0)={0xffffffffffffffff}, 0x4000) r1 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vsock\x00', 0x80000, 0x0) syz_kvm_setup_cpu$x86(r0, r1, &(0x7f0000fe6000/0x18000)=nil, &(0x7f0000000200)=[@textreal={0x8, &(0x7f0000000140)="f20f22e30f0b66b9c40800000f320fa1cf2e3e0fc79e0046baf80c66b8a17d918e66efbafc0cb01ceedf940060ba4100b001ee66b94a0600000f32", 0x3b}], 0x1, 0x5, &(0x7f00000002c0)=[@dstype3={0x7, 0xc}, @dstype3={0x7, 0x8}], 0x2) perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x3e5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0x5, 0x10102) ioctl$KVM_ASSIGN_DEV_IRQ(r2, 0x4040ae70, &(0x7f0000000080)={0x8, 0x9e67, 0x0, 0x4}) mlock(&(0x7f0000ffc000/0x3000)=nil, 0x3000) clone(0x6000, &(0x7f0000000140), &(0x7f0000000300), &(0x7f0000000280), &(0x7f0000000040)) 09:52:36 executing program 5: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x80000000000002, &(0x7f0000000000)=0x78, 0x4) bind$inet(r1, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1=0xe0000001}, 0x10) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f00000000c0)={0x1, &(0x7f0000f40ff8)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000040)='dctcp\x00', 0x7fff) sendto$inet(r1, &(0x7f0000a88f88), 0xfffffffffffffe6e, 0x20000000, &(0x7f0000e68000)={0x2, 0x4004e23, @local={0xac, 0x14, 0x14, 0xaa}}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000001800)='nv\x00', 0x3) shutdown(r1, 0x54d) [ 223.498448] Unknown ioctl -2126991741 [ 223.508767] FAULT_INJECTION: forcing a failure. [ 223.508767] name failslab, interval 1, probability 0, space 0, times 0 [ 223.520113] CPU: 0 PID: 12531 Comm: syz-executor0 Not tainted 4.18.0-rc5-next-20180720+ #12 [ 223.520402] FAT-fs (loop7): Directory bread(block 128) failed [ 223.528607] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 223.528616] Call Trace: [ 223.528641] dump_stack+0x1c9/0x2b4 [ 223.528665] ? dump_stack_print_info.cold.2+0x52/0x52 [ 223.528688] ? perf_trace_lock+0x49d/0x920 [ 223.528718] should_fail.cold.4+0xa/0x11 [ 223.528738] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 223.550285] Unknown ioctl -2126991741 [ 223.555369] ? lock_acquire+0x1e4/0x540 [ 223.555387] ? percpu_ref_put_many+0x119/0x240 [ 223.555409] ? lock_downgrade+0x8f0/0x8f0 [ 223.559759] FAT-fs (loop7): Directory bread(block 129) failed [ 223.563813] ? lock_release+0xa30/0xa30 [ 223.563832] ? memcg_kmem_get_cache+0x3a9/0x9d0 [ 223.563859] ? mem_cgroup_handle_over_high+0x130/0x130 [ 223.578291] FAT-fs (loop7): Directory bread(block 130) failed [ 223.581440] ? fs_reclaim_acquire+0x20/0x20 [ 223.581461] ? lock_downgrade+0x8f0/0x8f0 [ 223.581493] ? lock_acquire+0x1e4/0x540 [ 223.585879] FAT-fs (loop7): Directory bread(block 131) failed [ 223.591494] ? fs_reclaim_acquire+0x20/0x20 [ 223.591513] ? lock_downgrade+0x8f0/0x8f0 [ 223.591547] ? check_same_owner+0x340/0x340 [ 223.591565] ? percpu_ref_put_many+0x131/0x240 [ 223.606450] FAT-fs (loop7): Directory bread(block 132) failed [ 223.611311] ? rcu_note_context_switch+0x730/0x730 [ 223.611331] ? security_prepare_creds+0x94/0xc0 [ 223.611358] __should_failslab+0x124/0x180 [ 223.630712] FAT-fs (loop7): Directory bread(block 133) failed [ 223.633957] should_failslab+0x9/0x14 [ 223.633976] kmem_cache_alloc+0x2af/0x760 [ 223.633994] ? kasan_check_write+0x14/0x20 [ 223.647730] FAT-fs (loop7): Directory bread(block 134) failed [ 223.652892] ? mod_zone_page_state+0xb5/0xe0 [ 223.652920] __delayacct_tsk_init+0x20/0x80 [ 223.652938] copy_process.part.41+0x2d05/0x73d0 [ 223.673946] FAT-fs (loop7): Directory bread(block 135) failed [ 223.676400] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 223.676417] ? perf_swevent_event+0x158/0x2e0 [ 223.676436] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 223.689751] FAT-fs (loop7): Directory bread(block 136) failed [ 223.690659] ? perf_tp_event+0x91b/0xc40 [ 223.690703] ? __cleanup_sighand+0x70/0x70 [ 223.699058] FAT-fs (loop7): Directory bread(block 137) failed [ 223.699404] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 223.699425] ? perf_tp_event+0x91b/0xc40 [ 223.755093] ? xas_descend+0x20c/0x5f0 [ 223.759006] ? perf_swevent_event+0x2e0/0x2e0 [ 223.763531] ? perf_swevent_event+0x158/0x2e0 [ 223.768044] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 223.773591] ? perf_tp_event+0x91b/0xc40 [ 223.777750] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 223.782776] ? filemap_map_pages+0xca2/0x1990 [ 223.787291] ? perf_swevent_event+0x2e0/0x2e0 [ 223.791807] ? perf_trace_run_bpf_submit+0x269/0x3b0 [ 223.796931] ? perf_trace_run_bpf_submit+0x269/0x3b0 [ 223.802058] ? perf_tp_event+0xc40/0xc40 [ 223.806138] ? perf_trace_run_bpf_submit+0x269/0x3b0 [ 223.811258] ? perf_trace_run_bpf_submit+0x269/0x3b0 [ 223.814279] attempt to access beyond end of device [ 223.816547] ? perf_trace_run_bpf_submit+0x270/0x3b0 [ 223.816573] ? perf_tp_event+0xc40/0xc40 [ 223.816593] ? zap_class+0x740/0x740 [ 223.821514] loop7: rw=2049, want=310, limit=128 [ 223.826601] ? perf_trace_run_bpf_submit+0x269/0x3b0 [ 223.826621] ? perf_trace_run_bpf_submit+0x269/0x3b0 [ 223.849219] ? perf_trace_run_bpf_submit+0x270/0x3b0 [ 223.854352] ? perf_tp_event+0xc40/0xc40 [ 223.854568] attempt to access beyond end of device [ 223.858420] ? zap_class+0x740/0x740 [ 223.858443] ? memset+0x31/0x40 [ 223.858467] ? perf_trace_lock+0x49d/0x920 [ 223.863394] loop7: rw=2049, want=311, limit=128 [ 223.867083] ? perf_trace_run_bpf_submit+0x269/0x3b0 [ 223.867102] ? perf_trace_run_bpf_submit+0x270/0x3b0 [ 223.882926] attempt to access beyond end of device [ 223.884350] ? zap_class+0x740/0x740 [ 223.884376] ? __check_object_size+0xa3/0x5d7 [ 223.884397] ? memset+0x31/0x40 [ 223.889504] loop7: rw=2049, want=312, limit=128 [ 223.894428] ? zap_class+0x740/0x740 [ 223.898652] attempt to access beyond end of device [ 223.902611] ? __f_unlock_pos+0x19/0x20 [ 223.902631] ? lock_downgrade+0x8f0/0x8f0 [ 223.902657] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 223.905920] loop7: rw=2049, want=313, limit=128 [ 223.910567] ? proc_fail_nth_write+0x9e/0x210 [ 223.910591] ? lock_acquire+0x1e4/0x540 [ 223.914754] attempt to access beyond end of device [ 223.919204] _do_fork+0x291/0x12a0 [ 223.919231] ? fork_idle+0x1a0/0x1a0 [ 223.919252] ? fsnotify_first_mark+0x350/0x350 [ 223.923213] loop7: rw=2049, want=326, limit=128 [ 223.927335] ? fsnotify+0x14e0/0x14e0 [ 223.927366] ? __sb_end_write+0xac/0xe0 [ 223.943661] attempt to access beyond end of device [ 223.945987] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 223.946006] ? fput+0x130/0x1a0 [ 223.946027] ? ksys_write+0x1ae/0x260 [ 223.950955] loop7: rw=2049, want=327, limit=128 [ 223.954478] ? __ia32_sys_read+0xb0/0xb0 [ 223.954497] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 223.978640] attempt to access beyond end of device [ 223.980093] __x64_sys_clone+0xbf/0x150 [ 223.980115] do_syscall_64+0x1b9/0x820 [ 223.980133] ? finish_task_switch+0x1d3/0x870 [ 223.985671] loop7: rw=2049, want=328, limit=128 [ 223.988926] ? syscall_return_slowpath+0x5e0/0x5e0 [ 223.988945] ? syscall_return_slowpath+0x31d/0x5e0 [ 224.018732] attempt to access beyond end of device [ 224.019749] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 224.019768] ? prepare_exit_to_usermode+0x291/0x3b0 [ 224.019786] ? perf_trace_sys_enter+0xb10/0xb10 [ 224.024277] loop7: rw=2049, want=329, limit=128 [ 224.028922] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 224.028951] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 224.056457] attempt to access beyond end of device [ 224.058333] RIP: 0033:0x455ab9 [ 224.058339] Code: 1d ba fb ff [ 224.063041] loop7: rw=2049, want=2153, limit=128 [ 224.067846] c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 224.102967] attempt to access beyond end of device [ 224.107014] RSP: 002b:00007f5327fa9c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 224.107034] RAX: ffffffffffffffda RBX: 00007f5327faa6d4 RCX: 0000000000455ab9 [ 224.107044] RDX: 0000000020000240 RSI: 0000000020000140 RDI: 0000000000000000 [ 224.107054] RBP: 000000000072bea0 R08: 00000000200002c0 R09: 0000000000000000 [ 224.107069] R10: 0000000020000280 R11: 0000000000000246 R12: 0000000000000014 09:52:36 executing program 4: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x4000, &(0x7f00000000c0), &(0x7f0000000100), &(0x7f0000000280), &(0x7f00000002c0)) r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x7, 0x40) setsockopt$inet_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f0000000080)='tls\x00', 0x4) ioctl$TIOCCONS(r0, 0x541d) ioctl$VT_RELDISP(r0, 0x5605) 09:52:36 executing program 4: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x200000, &(0x7f0000000040)="278bc07ccc44a063c98a020081249c84f2087490383e388644b0892968c30428378fa3c74816dc10dcd91cff523b3f575559d4d8a48f5a36d8347c9086cf4334bc3468c78d5da6c6af889bde8d071b4534d6caeee249a610338a0aacff1de00f4654dfd6d4515200fd65a4cad7963e3188b5f1314a836acb0466e05ffce60b964252b1fba0ddbd9a2e5ad18c572e7795fd6f7f17b5000000000000000000000000", &(0x7f0000000100), &(0x7f0000000280), &(0x7f00000003c0)="15380f04515e5bf9f3adf739c57bd2d84ed08de2333d3406222e0800000016a205006faf11a8168e9185ea6bbe312bd76308e2e981f68478b88f48dc2bc2c9eddc2347fcc4ad48c303e3f3fae9b3928650834fce7297f6f8683831bcae5c786e9d955057f8c0cbc79b8c30e4832ec9af863d3d07c7a0e4f9eafd93994fd4a230bccd1e1224d392c8bfa6ccb4657031dbc470fa121e654af7948480a66dae6b4511359780e2ecff4e059bd65e814866677636c67447b3b823e0ad84def6ef2af8287168f7d46e3a") r0 = openat$full(0xffffffffffffff9c, &(0x7f0000000140)='/dev/full\x00', 0x400, 0x0) getsockopt$bt_BT_FLUSHABLE(r0, 0x112, 0x8, &(0x7f0000000200)=0x100000001, &(0x7f0000000240)=0x4) 09:52:36 executing program 4: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) pipe2(&(0x7f00000000c0)={0xffffffffffffffff}, 0x84000) ioctl$TIOCNOTTY(r1, 0x5422) getsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000040)={@empty, 0x0, 0x0, 0x0, 0x4, 0x1, 0x83, 0x9}, &(0x7f0000000080)=0x20) clone(0x4000, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) 09:52:36 executing program 4: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000100)='memory.stat\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f00000001c0)={0x10, @time={0x0, 0x1c9c380}, 0x3, {0x300000000000000, 0xffffffff}, 0x9db, 0x3, 0x81}) r1 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000340)='/dev/snapshot\x00', 0x1000001080100, 0x0) ioctl$KVM_DEASSIGN_PCI_DEVICE(r1, 0x4040ae72, &(0x7f00000000c0)={0x759, 0x25, 0x5, 0x5}) ioctl$sock_inet_SIOCDARP(r1, 0x8953, &(0x7f0000000240)={{0x2, 0x4e23, @local={0xac, 0x14, 0x14, 0xaa}}, {0x0, @broadcast=[0xff, 0xff, 0xff, 0xff, 0xff, 0xff]}, 0x60, {0x2, 0x4e22, @broadcast=0xffffffff}, 'bond_slave_0\x00'}) getsockopt$inet_sctp_SCTP_ENABLE_STREAM_RESET(r1, 0x84, 0x76, &(0x7f0000000000)={0x0, 0x3}, &(0x7f0000000040)=0x8) getsockopt$inet_sctp_SCTP_RESET_STREAMS(r1, 0x84, 0x77, &(0x7f0000000180)=ANY=[@ANYRES32=r2, @ANYBLOB="000005000400040400000067ea44f21e6285bf1e000000"], &(0x7f0000000140)=0x12) ioctl$VT_ACTIVATE(0xffffffffffffffff, 0x5606, 0x3ff) 09:52:36 executing program 4: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 09:52:36 executing program 4: r0 = perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = fcntl$getown(r0, 0x9) ptrace$peek(0x2, r1, &(0x7f0000000040)) clone(0x4000, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) 09:52:36 executing program 4: clone(0x4000, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) 09:52:37 executing program 4: r0 = socket$xdp(0x2c, 0x3, 0x0) fchdir(r0) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$midi(&(0x7f00000000c0)='/dev/midi#\x00', 0x2, 0x0) ioctl$KVM_NMI(r1, 0xae9a) r2 = syz_open_dev$sndpcmc(&(0x7f0000000040)='/dev/snd/pcmC#D#c\x00', 0x3, 0x400) setsockopt$nfc_llcp_NFC_LLCP_RW(r2, 0x118, 0x0, &(0x7f0000000080)=0x8a, 0x4) clone(0x4000, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) [ 224.111999] loop7: rw=2049, want=2154, limit=128 [ 224.119682] R13: 00000000004bb85d R14: 00000000004c8d28 R15: 0000000000000004 [ 224.284150] attempt to access beyond end of device [ 224.289215] loop7: rw=2049, want=2154, limit=128 09:52:38 executing program 2: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x50b69ba27f0000, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) 09:52:38 executing program 1: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x80000000000002, &(0x7f0000000000)=0x78, 0x4) bind$inet(r1, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1=0xe0000001}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000040)='dctcp\x00', 0x7fff) sendto$inet(r1, &(0x7f0000a88f88), 0xfffffffffffffe6e, 0x54170000, &(0x7f0000e68000)={0x2, 0x4004e23, @local={0xac, 0x14, 0x14, 0xaa}}, 0x10) shutdown(r1, 0x1) 09:52:38 executing program 0 (fault-call:1 fault-nth:5): perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x31}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x0, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) 09:52:38 executing program 7: syz_mount_image$vfat(&(0x7f0000000140)='vfat\x00', &(0x7f0000000100)='./file0\x00', 0x10001, 0x1, &(0x7f0000000040)=[{&(0x7f0000010000)="eb64c86d6b66732e66617400020441000500077008f8", 0x16}], 0x0, &(0x7f0000000240)=ANY=[]) r0 = open(&(0x7f00000001c0)='./file0/file0\x00', 0x3bffa, 0x0) io_setup(0x7, &(0x7f0000000000)=0x0) write$binfmt_elf32(r0, &(0x7f0000000180)=ANY=[@ANYRES64], 0xfffffe45) io_submit(r1, 0x6, &(0x7f0000000400)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r0, &(0x7f00000002c0)="80", 0x1}]) 09:52:38 executing program 4: r0 = perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x2800108, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000100), &(0x7f00000002c0)="a5fb7258192a0eee000000000000eeffff0f00000000db909ff02a75b4d5550b968778750e8c9ae43bc1ba85fdff3d080b768eb3a74574740b7880c6f2bfaf8c64effefcbdb482d58c198a7622c4fb327d974b5352e5f792e9ad3fc23d680bff7ff31a38b369ee026349558e5315885f5c37cd17bc485bf98f8de7d28fe00f33013ab1bfa660b94f84e0107e21900ec5fe05bbec9c761d0d97bc5f1367b9a80c058ededde7ed8b335e7a5b25a8ef5d95ab916579e010d2f23e5a501adb782f0811c105f7babf6715b18a8696b0f708a9") r1 = getpgid(0x0) perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0x8000, 0x400, 0x7, 0x6, 0x0, 0xfff, 0x800, 0x6, 0x5, 0x5, 0x4, 0x9, 0x6, 0x101, 0x7, 0x63d6, 0x41d, 0x6, 0x4, 0xfffffffffffffff7, 0x9, 0x5, 0x9, 0x7, 0x8001, 0x8, 0x7, 0x5dea, 0x7, 0x8f06, 0xffffffffffffff00, 0x3d5003b5, 0x8000, 0x8001, 0x5, 0x38ab2e1f, 0x0, 0x1ff, 0x0, @perf_config_ext={0x1, 0x10001}, 0x2000, 0x6d, 0x9, 0x5, 0x9, 0x4, 0x80000000}, r1, 0xc, r0, 0x1) 09:52:38 executing program 6: mkdir(&(0x7f00000003c0)='./control\x00', 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000480)={0xaa}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000200)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = creat(&(0x7f0000000040)='./control/file0\x00', 0x0) write$sndseq(r1, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) r2 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000140)='/dev/dsp\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='9p\x00', 0x0, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c}) close(r0) 09:52:38 executing program 3: mkdir(&(0x7f00000003c0)='./control\x00', 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000480)={0xaa}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000200)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = creat(&(0x7f0000000040)='./control/file0\x00', 0x0) write$sndseq(r1, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) mkdir(&(0x7f0000000100)='./file0\x00', 0x0) r2 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000140)='/dev/dsp\x00', 0x0, 0x0) pwrite64(r1, &(0x7f0000000080), 0xeffdffffffffffff, 0x0) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='9p\x00', 0x0, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c}) close(r0) 09:52:38 executing program 5: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x80000000000002, &(0x7f0000000000)=0x78, 0x4) bind$inet(r1, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1=0xe0000001}, 0x10) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f00000000c0)={0x1, &(0x7f0000f40ff8)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000040)='dctcp\x00', 0x7fff) sendto$inet(r1, &(0x7f0000a88f88), 0xfffffffffffffe6e, 0x20000000, &(0x7f0000e68000)={0x2, 0x4004e23, @local={0xac, 0x14, 0x14, 0xaa}}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000001800)='nv\x00', 0x3) shutdown(r1, 0x5) 09:52:38 executing program 4: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x4000400, &(0x7f0000000040), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) 09:52:38 executing program 2: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x706301, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) 09:52:38 executing program 1: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x80000000000002, &(0x7f0000000000)=0x78, 0x4) bind$inet(r1, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1=0xe0000001}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000040)='dctcp\x00', 0x7fff) sendto$inet(r1, &(0x7f0000a88f88), 0xfffffffffffffe6e, 0x2000ca00, &(0x7f0000e68000)={0x2, 0x4004e23, @local={0xac, 0x14, 0x14, 0xaa}}, 0x10) shutdown(r1, 0x1) [ 225.593367] FAT-fs (loop7): Directory bread(block 128) failed [ 225.622772] FAT-fs (loop7): Directory bread(block 129) failed [ 225.649566] FAT-fs (loop7): Directory bread(block 130) failed [ 225.675205] FAT-fs (loop7): Directory bread(block 131) failed [ 225.688787] FAT-fs (loop7): Directory bread(block 132) failed 09:52:38 executing program 4: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x4000, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000000c0)="fc039c22edd00afb57b68a159e0bac4fd070b624040c0745d35e91bd2ba7f3de23a7791c5a4aebba8020a7d7e448d45f6601bbbdfc58671eea8fdb33491f125f98441c6595bf1ab0a484e33d8c22fca0af") r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x2, 0x250000) getsockopt$inet_sctp6_SCTP_GET_PEER_ADDRS(0xffffffffffffff9c, 0x84, 0x6c, &(0x7f00000002c0)={0x0, 0xc5, "3c62ae08360e06ddf70cc11c3e6b38a237260bf57fe1bf7f74fdae30897d7e9938ee654ff4027cd39ff85991e03cade48b4953ef24a2773cec1c69687da5698c6d1c63d7e5e5a63aafd71c35817a033eb4e63ae673839aeb0064cc3d66d931428cfc110ff8bdc7e6edf5f6f5a8b1a99a45dd46c018711ed2cc87b6367c573e8c29e65488d8a77aef94419bcb2f692a472a7791999dc4ac548eda1b3a12b45e03f73a9d2b79c2b10ee64c035d7dd351505f77c063e6e8f9022f5f6728769d9e6ffbc926492c"}, &(0x7f0000000080)=0xcd) setsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r0, 0x84, 0x6, &(0x7f00000003c0)={r1, @in={{0x2, 0x4e22}}}, 0x84) 09:52:38 executing program 2: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x1637000, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) [ 225.697135] FAT-fs (loop7): Directory bread(block 133) failed [ 225.705150] FAT-fs (loop7): Directory bread(block 134) failed [ 225.707450] FAULT_INJECTION: forcing a failure. [ 225.707450] name failslab, interval 1, probability 0, space 0, times 0 [ 225.711223] FAT-fs (loop7): Directory bread(block 135) failed [ 225.722325] CPU: 1 PID: 12607 Comm: syz-executor0 Not tainted 4.18.0-rc5-next-20180720+ #12 [ 225.722334] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 225.722344] Call Trace: [ 225.728590] FAT-fs (loop7): Directory bread(block 136) failed [ 225.736698] dump_stack+0x1c9/0x2b4 [ 225.736717] ? dump_stack_print_info.cold.2+0x52/0x52 [ 225.736738] ? trace_hardirqs_on+0x10/0x10 [ 225.746226] FAT-fs (loop7): Directory bread(block 137) failed [ 225.748684] ? perf_trace_lock+0xde/0x920 [ 225.748706] should_fail.cold.4+0xa/0x11 [ 225.748724] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 225.786789] ? perf_trace_lock+0xde/0x920 [ 225.790947] ? save_stack+0xa9/0xd0 [ 225.794592] ? zap_class+0x740/0x740 [ 225.798317] ? copy_process.part.41+0x1ef5/0x73d0 [ 225.803163] ? _do_fork+0x291/0x12a0 [ 225.806881] ? __x64_sys_clone+0xbf/0x150 [ 225.811034] ? do_syscall_64+0x1b9/0x820 [ 225.815106] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 225.820484] ? lock_acquire+0x1e4/0x540 [ 225.824487] ? lock_acquire+0x1e4/0x540 [ 225.828483] ? fs_reclaim_acquire+0x20/0x20 [ 225.832807] ? lock_downgrade+0x8f0/0x8f0 [ 225.835591] attempt to access beyond end of device [ 225.836963] ? lock_downgrade+0x8f0/0x8f0 [ 225.836980] ? check_same_owner+0x340/0x340 [ 225.836997] ? rcu_note_context_switch+0x730/0x730 [ 225.837011] ? lock_acquire+0x1e4/0x540 [ 225.837028] __should_failslab+0x124/0x180 [ 225.837043] should_failslab+0x9/0x14 [ 225.841970] loop7: rw=2049, want=310, limit=128 [ 225.846099] kmem_cache_alloc_trace+0x2cb/0x780 [ 225.846112] ? do_raw_spin_unlock+0xa7/0x2f0 [ 225.846127] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 225.850433] buffer_io_error: 14 callbacks suppressed [ 225.850441] Buffer I/O error on dev loop7, logical block 309, lost async page write [ 225.855342] alloc_fdtable+0x89/0x280 [ 225.855357] dup_fd+0xa7d/0xf60 [ 225.860571] attempt to access beyond end of device [ 225.863736] ? __fdget+0x20/0x20 [ 225.863755] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 225.863769] ? put_ctx+0xe5/0x140 [ 225.863785] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 225.863800] ? perf_event_init_task+0x1fa/0x870 [ 225.863817] ? sched_fork+0x46d/0xbd0 [ 225.867614] loop7: rw=2049, want=311, limit=128 [ 225.872870] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 225.872883] ? copy_semundo+0xca/0x360 [ 225.872900] ? __ia32_sys_semop+0xb0/0xb0 [ 225.877550] Buffer I/O error on dev loop7, logical block 310, lost async page write [ 225.881924] ? kmem_cache_alloc+0x2fc/0x760 [ 225.881942] ? __lockdep_init_map+0x105/0x590 [ 225.887221] attempt to access beyond end of device [ 225.891588] ? __lockdep_init_map+0x105/0x590 [ 225.891609] copy_process.part.41+0x1ef5/0x73d0 [ 225.891625] ? zap_class+0x740/0x740 [ 225.891639] ? zap_class+0x740/0x740 [ 225.891665] ? __cleanup_sighand+0x70/0x70 [ 225.899440] loop7: rw=2049, want=312, limit=128 [ 225.903211] ? lock_release+0xa30/0xa30 [ 225.903223] ? xas_descend+0x20c/0x5f0 [ 225.903242] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 225.906502] Buffer I/O error on dev loop7, logical block 311, lost async page write [ 225.911396] ? check_pgprot+0xdf/0x180 [ 225.911412] ? put_page+0x280/0x280 [ 225.915535] attempt to access beyond end of device [ 225.920272] ? kasan_check_write+0x14/0x20 [ 225.920293] ? alloc_set_pte+0xaf6/0x1790 [ 225.920315] ? __sanitizer_cov_trace_cmp8+0x18/0x20 09:52:38 executing program 2: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0xf01f0000000000, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) [ 225.920332] ? filemap_map_pages+0xca2/0x1990 [ 225.920347] ? trace_hardirqs_on+0x10/0x10 [ 225.920365] ? xa_set_tag+0x40/0x40 [ 225.923804] loop7: rw=2049, want=313, limit=128 [ 225.929310] ? perf_trace_lock+0xde/0x920 [ 225.929330] ? trace_hardirqs_on+0x10/0x10 [ 225.933985] Buffer I/O error on dev loop7, logical block 312, lost async page write [ 225.937752] ? trace_hardirqs_on+0x10/0x10 [ 225.937769] ? trace_hardirqs_on+0x10/0x10 [ 225.943090] attempt to access beyond end of device [ 225.947935] ? find_get_entries_tag+0x1410/0x1410 [ 225.947962] ? perf_trace_lock+0xde/0x920 [ 225.947977] ? zap_class+0x740/0x740 [ 225.947992] ? zap_class+0x740/0x740 [ 225.948006] ? zap_class+0x740/0x740 [ 225.948021] ? shrink_dcache_sb+0x350/0x350 [ 225.948037] ? perf_trace_lock+0xde/0x920 [ 225.951912] loop7: rw=2049, want=326, limit=128 [ 225.956031] ? lock_acquire+0x1e4/0x540 [ 225.956044] ? __fdget_pos+0x1bb/0x200 [ 225.956060] ? zap_class+0x740/0x740 [ 225.963836] Buffer I/O error on dev loop7, logical block 325, lost async page write [ 225.968126] ? lock_release+0xa30/0xa30 [ 225.968142] ? check_same_owner+0x340/0x340 [ 225.973376] attempt to access beyond end of device [ 225.977523] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 225.977539] ? _parse_integer+0x13b/0x190 [ 225.977557] ? perf_trace_lock+0xde/0x920 [ 225.977570] ? _kstrtoull+0x188/0x250 [ 225.977584] ? _parse_integer+0x190/0x190 [ 225.977601] ? zap_class+0x740/0x740 [ 225.982081] loop7: rw=2049, want=327, limit=128 [ 225.986725] ? __check_object_size+0xa3/0x5d7 [ 225.986745] ? lock_acquire+0x1e4/0x540 09:52:39 executing program 2: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x8000000000000000, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) 09:52:39 executing program 4: r0 = perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x0, 0x6, 0xffffffffffffffff, 0x0) r1 = dup3(r0, r0, 0x80000) fstat(r0, &(0x7f0000000340)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) getresgid(&(0x7f00000002c0)=0x0, &(0x7f0000000440), &(0x7f0000000480)) setregid(r2, r3) r4 = syz_genetlink_get_family_id$team(&(0x7f0000000300)='team\x00') getsockname$packet(0xffffffffffffff9c, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @local}, &(0x7f0000000400)=0x14) getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffff9c, 0x29, 0x23, &(0x7f0000000500)={{{@in=@loopback, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6}, 0x0, @in=@local}}, &(0x7f0000000600)=0xe8) getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffff9c, 0x0, 0x10, &(0x7f0000000640)={{{@in6=@ipv4={[], [], @dev}, @in6=@remote, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6}, 0x0, @in=@dev}}, &(0x7f0000000740)=0xe8) fallocate(r0, 0x2, 0x32, 0x3) timerfd_create(0x0, 0x80000) sendmsg$TEAM_CMD_OPTIONS_SET(r1, &(0x7f0000000a00)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x880000}, 0xc, &(0x7f00000009c0)={&(0x7f0000000a40)=ANY=[@ANYBLOB="58ed45df10f365ea939fa49eb55062930b52ecbdb679ea5967a4c68e89fb24fda628a2583405df59b052bdc22fcc50382cca11e3892e", @ANYRES16=r4, @ANYBLOB="080025bd7000fedbdf250100000008000100", @ANYRES32=r5, @ANYBLOB="fc0102003c00010024000100656e61626c65640000000000000000000000000000000000000000000000000008000300060000000400040008000600", @ANYRES32=r6, @ANYBLOB="40000100240001006c625f686173685f737461747300000000000000000000000000000000000000080003000b0000000800040000000000080007000000000040000100240001006c625f686173685f737461747300000000000000000000000000000000000000080003000b0000000800040007000000080007000000000038000100240001006e6f746966795f70656572735f696e74657276616c00000000000000000000000800030003000000080004000500000040000100240001007072696f72697479000000000000000000000000000000000000000000000000080003000e000000080004000900000008000600", @ANYRES32=r7, @ANYBLOB="40000100240001006c625f686173685f737461747300000000000000000000000000000000000000080003000b000000080004007f00000008000700000000004c000100240001006c625f74785f6d6574686f64000000000000000000000000000000000000000008000300050000001c000400686173685f746f5f706f72745f6d617070696e670000000038000100240001006c625f73746174735f726566726573685f696e74657276616c000000000000000800030003000000080004006e360000"], 0x218}, 0x1, 0x0, 0x0, 0x40}, 0x4804) setsockopt$inet_group_source_req(r0, 0x0, 0x2f, &(0x7f0000000040)={0x5d0c8d2e, {{0x2, 0x4e22, @broadcast=0xffffffff}}, {{0x2, 0x4e23}}}, 0x108) clone(0x4000, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) [ 225.990436] Buffer I/O error on dev loop7, logical block 326, lost async page write [ 225.994215] ? get_pid_task+0xd8/0x1a0 [ 225.994233] ? perf_trace_lock+0xde/0x920 [ 225.999097] attempt to access beyond end of device [ 226.003091] ? lock_release+0xa30/0xa30 [ 226.003107] ? zap_class+0x740/0x740 [ 226.003128] ? vmf_insert_mixed_mkwrite+0xa0/0xa0 [ 226.003144] ? __f_unlock_pos+0x19/0x20 [ 226.003158] ? lock_downgrade+0x8f0/0x8f0 [ 226.003177] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 226.007131] loop7: rw=2049, want=328, limit=128 [ 226.010986] ? proc_fail_nth_write+0x9e/0x210 [ 226.011006] ? lock_acquire+0x1e4/0x540 [ 226.016008] Buffer I/O error on dev loop7, logical block 327, lost async page write [ 226.023770] _do_fork+0x291/0x12a0 [ 226.023788] ? fork_idle+0x1a0/0x1a0 [ 226.028413] attempt to access beyond end of device [ 226.031255] ? fsnotify_first_mark+0x350/0x350 [ 226.031271] ? fsnotify+0x14e0/0x14e0 [ 226.031293] ? __sb_end_write+0xac/0xe0 [ 226.031312] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 226.031323] ? fput+0x130/0x1a0 09:52:39 executing program 2: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x800000000000000, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) 09:52:39 executing program 4: r0 = perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x4000, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) r1 = accept(r0, &(0x7f0000000040)=@pppol2tpv3in6={0x0, 0x0, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, @local}}}, &(0x7f00000000c0)=0x80) epoll_ctl$EPOLL_CTL_DEL(r1, 0x2, r0) getsockopt$inet_sctp6_SCTP_ASSOCINFO(0xffffffffffffffff, 0x84, 0x1, &(0x7f0000000100)={0x0, 0x10001, 0xfffffffffffffc00, 0xff, 0x3, 0x8}, &(0x7f0000000140)=0x14) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER(r2, 0x84, 0x7b, &(0x7f0000000200)={r3}, 0x8) [ 226.031338] ? ksys_write+0x1ae/0x260 [ 226.036254] loop7: rw=2049, want=329, limit=128 [ 226.040459] ? __ia32_sys_read+0xb0/0xb0 [ 226.040473] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 226.040492] __x64_sys_clone+0xbf/0x150 [ 226.044628] Buffer I/O error on dev loop7, logical block 328, lost async page write [ 226.049615] do_syscall_64+0x1b9/0x820 [ 226.049632] ? finish_task_switch+0x1d3/0x870 [ 226.056690] attempt to access beyond end of device [ 226.058315] ? syscall_return_slowpath+0x5e0/0x5e0 [ 226.058332] ? syscall_return_slowpath+0x31d/0x5e0 [ 226.058349] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 226.058365] ? prepare_exit_to_usermode+0x291/0x3b0 [ 226.058377] ? perf_trace_sys_enter+0xb10/0xb10 [ 226.058394] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 226.062025] loop7: rw=2049, want=2153, limit=128 [ 226.066663] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 226.066678] RIP: 0033:0x455ab9 [ 226.087120] attempt to access beyond end of device [ 226.091312] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 [ 226.096333] loop7: rw=2049, want=2154, limit=128 [ 226.101133] 48 89 f7 48 89 d6 48 89 ca 4d [ 226.147476] attempt to access beyond end of device [ 226.148792] 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff [ 226.152838] loop7: rw=2049, want=2154, limit=128 [ 226.157118] ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 226.430332] RSP: 002b:00007f5327fa9c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 226.438044] RAX: ffffffffffffffda RBX: 00007f5327faa6d4 RCX: 0000000000455ab9 [ 226.445315] RDX: 0000000020000240 RSI: 0000000020000140 RDI: 0000000000000000 [ 226.452591] RBP: 000000000072bea0 R08: 00000000200002c0 R09: 0000000000000000 [ 226.459866] R10: 0000000020000280 R11: 0000000000000246 R12: 0000000000000014 [ 226.467143] R13: 00000000004bb85d R14: 00000000004c8d28 R15: 0000000000000005 09:52:39 executing program 0 (fault-call:1 fault-nth:6): perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x31}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x0, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) 09:52:39 executing program 6: mkdir(&(0x7f00000003c0)='./control\x00', 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000480)={0xaa}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000200)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) write$sndseq(0xffffffffffffffff, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) mkdir(&(0x7f0000000100)='./file0\x00', 0x0) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000140)='/dev/dsp\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='9p\x00', 0x0, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d}, 0x2c}) close(r0) 09:52:39 executing program 2: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x1f00000000000000, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) 09:52:39 executing program 4: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x4000, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) r0 = syz_open_dev$audion(&(0x7f0000000040)='/dev/audio#\x00', 0x3, 0x22400) ioctl$KVM_GET_FPU(r0, 0x81a0ae8c, &(0x7f00000002c0)) [ 226.559503] 9pnet: Insufficient options for proto=fd [ 226.591461] FAULT_INJECTION: forcing a failure. [ 226.591461] name failslab, interval 1, probability 0, space 0, times 0 [ 226.602756] CPU: 1 PID: 12688 Comm: syz-executor0 Not tainted 4.18.0-rc5-next-20180720+ #12 [ 226.611247] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 226.620603] Call Trace: [ 226.623204] dump_stack+0x1c9/0x2b4 [ 226.626850] ? dump_stack_print_info.cold.2+0x52/0x52 [ 226.632052] ? perf_trace_lock+0xde/0x920 [ 226.636223] should_fail.cold.4+0xa/0x11 [ 226.640308] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 226.645419] ? __save_stack_trace+0x8d/0xf0 [ 226.649756] ? save_stack+0x43/0xd0 [ 226.653387] ? kasan_kmalloc+0xc4/0xe0 [ 226.657279] ? kmem_cache_alloc_trace+0x152/0x780 [ 226.662121] ? alloc_fdtable+0x89/0x280 [ 226.666101] ? copy_process.part.41+0x1ef5/0x73d0 [ 226.671295] ? _do_fork+0x291/0x12a0 [ 226.675017] ? __x64_sys_clone+0xbf/0x150 [ 226.679173] ? do_syscall_64+0x1b9/0x820 [ 226.683239] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 226.688615] ? lock_acquire+0x1e4/0x540 [ 226.692587] ? fs_reclaim_acquire+0x20/0x20 [ 226.696905] ? lock_downgrade+0x8f0/0x8f0 [ 226.701060] ? lock_release+0xa30/0xa30 [ 226.705140] ? check_same_owner+0x340/0x340 [ 226.709466] ? rcu_note_context_switch+0x730/0x730 [ 226.714407] __should_failslab+0x124/0x180 [ 226.718652] should_failslab+0x9/0x14 [ 226.722451] kmem_cache_alloc_node_trace+0x26f/0x770 [ 226.727536] ? kasan_kmalloc+0xc4/0xe0 [ 226.731413] __kmalloc_node+0x33/0x70 [ 226.735199] kvmalloc_node+0x65/0xf0 [ 226.738902] alloc_fdtable+0xd9/0x280 [ 226.742690] dup_fd+0xa7d/0xf60 [ 226.745951] ? __fdget+0x20/0x20 [ 226.749299] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 226.754818] ? put_ctx+0xe5/0x140 [ 226.758254] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 226.763771] ? perf_event_init_task+0x1fa/0x870 [ 226.768431] ? sched_fork+0x46d/0xbd0 [ 226.772213] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 226.777734] ? copy_semundo+0xca/0x360 [ 226.781620] ? __ia32_sys_semop+0xb0/0xb0 [ 226.785762] ? kmem_cache_alloc+0x2fc/0x760 [ 226.790072] ? __lockdep_init_map+0x105/0x590 [ 226.794566] ? __lockdep_init_map+0x105/0x590 [ 226.799049] copy_process.part.41+0x1ef5/0x73d0 [ 226.803697] ? zap_class+0x740/0x740 [ 226.807390] ? zap_class+0x740/0x740 [ 226.811092] ? __cleanup_sighand+0x70/0x70 [ 226.815309] ? lock_release+0xa30/0xa30 [ 226.819266] ? xas_descend+0x20c/0x5f0 [ 226.823134] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 226.828129] ? check_pgprot+0xdf/0x180 [ 226.831996] ? put_page+0x280/0x280 [ 226.835607] ? kasan_check_write+0x14/0x20 [ 226.839823] ? alloc_set_pte+0xaf6/0x1790 [ 226.843955] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 226.848950] ? filemap_map_pages+0xca2/0x1990 [ 226.853432] ? trace_hardirqs_on+0x10/0x10 [ 226.857654] ? xa_set_tag+0x40/0x40 [ 226.861261] ? perf_trace_lock+0xde/0x920 [ 226.865400] ? trace_hardirqs_on+0x10/0x10 [ 226.869636] ? trace_hardirqs_on+0x10/0x10 [ 226.873850] ? trace_hardirqs_on+0x10/0x10 [ 226.878067] ? find_get_entries_tag+0x1410/0x1410 [ 226.882897] ? perf_trace_lock+0xde/0x920 [ 226.887039] ? zap_class+0x740/0x740 [ 226.890736] ? zap_class+0x740/0x740 [ 226.894446] ? zap_class+0x740/0x740 [ 226.898150] ? shrink_dcache_sb+0x350/0x350 [ 226.902470] ? perf_trace_lock+0xde/0x920 [ 226.906607] ? lock_acquire+0x1e4/0x540 [ 226.910562] ? __fdget_pos+0x1bb/0x200 [ 226.915133] ? zap_class+0x740/0x740 [ 226.918843] ? lock_release+0xa30/0xa30 [ 226.922807] ? check_same_owner+0x340/0x340 [ 226.927114] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 226.932634] ? _parse_integer+0x13b/0x190 [ 226.936767] ? perf_trace_lock+0xde/0x920 [ 226.940895] ? _kstrtoull+0x188/0x250 [ 226.944684] ? _parse_integer+0x190/0x190 [ 226.948816] ? zap_class+0x740/0x740 [ 226.952514] ? __check_object_size+0xa3/0x5d7 [ 226.956998] ? lock_acquire+0x1e4/0x540 [ 226.960964] ? get_pid_task+0xd8/0x1a0 [ 226.964834] ? perf_trace_lock+0xde/0x920 [ 226.968968] ? lock_release+0xa30/0xa30 [ 226.972948] ? zap_class+0x740/0x740 [ 226.976670] ? vmf_insert_mixed_mkwrite+0xa0/0xa0 [ 226.981506] ? __f_unlock_pos+0x19/0x20 [ 226.985467] ? lock_downgrade+0x8f0/0x8f0 [ 226.989600] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 226.995131] ? proc_fail_nth_write+0x9e/0x210 [ 226.999616] ? lock_acquire+0x1e4/0x540 [ 227.003585] _do_fork+0x291/0x12a0 [ 227.007107] ? fork_idle+0x1a0/0x1a0 [ 227.010803] ? fsnotify_first_mark+0x350/0x350 [ 227.015368] ? fsnotify+0x14e0/0x14e0 [ 227.019151] ? __sb_end_write+0xac/0xe0 [ 227.023116] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 227.028634] ? fput+0x130/0x1a0 [ 227.032540] ? ksys_write+0x1ae/0x260 [ 227.036329] ? __ia32_sys_read+0xb0/0xb0 [ 227.040375] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 227.045896] __x64_sys_clone+0xbf/0x150 [ 227.049873] do_syscall_64+0x1b9/0x820 [ 227.053741] ? finish_task_switch+0x1d3/0x870 [ 227.058218] ? syscall_return_slowpath+0x5e0/0x5e0 [ 227.063134] ? syscall_return_slowpath+0x31d/0x5e0 [ 227.068045] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 227.073049] ? prepare_exit_to_usermode+0x291/0x3b0 [ 227.078052] ? perf_trace_sys_enter+0xb10/0xb10 [ 227.082706] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 227.087537] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 227.092708] RIP: 0033:0x455ab9 [ 227.095873] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 227.115043] RSP: 002b:00007f5327fa9c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 227.122735] RAX: ffffffffffffffda RBX: 00007f5327faa6d4 RCX: 0000000000455ab9 [ 227.129987] RDX: 0000000020000240 RSI: 0000000020000140 RDI: 0000000000000000 09:52:40 executing program 3: mkdir(&(0x7f00000003c0)='./control\x00', 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000480)={0xaa}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000200)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = creat(&(0x7f0000000040)='./control/file0\x00', 0x0) write$sndseq(r1, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) mkdir(&(0x7f0000000100)='./file0\x00', 0x0) r2 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000140)='/dev/dsp\x00', 0x0, 0x0) pwrite64(r1, &(0x7f0000000080), 0xfffffdef, 0x0) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='9p\x00', 0x0, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c}) close(r0) 09:52:40 executing program 1: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x80000000000002, &(0x7f0000000000)=0x78, 0x4) bind$inet(r1, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1=0xe0000001}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000040)='dctcp\x00', 0x7fff) sendto$inet(r1, &(0x7f0000a88f88), 0xfffffffffffffe6e, 0x20001005, &(0x7f0000e68000)={0x2, 0x4004e23, @local={0xac, 0x14, 0x14, 0xaa}}, 0x10) shutdown(r1, 0x1) 09:52:40 executing program 7: syz_mount_image$vfat(&(0x7f0000000140)='vfat\x00', &(0x7f0000000100)='./file0\x00', 0x10001, 0x1, &(0x7f0000000040)=[{&(0x7f0000010000)="eb64c86d6b66732e66617400020441000500077008f8", 0x16}], 0x0, &(0x7f0000000240)=ANY=[]) r0 = open(&(0x7f00000001c0)='./file0/file0\x00', 0x3bffa, 0x0) io_setup(0x7, &(0x7f0000000000)=0x0) write$binfmt_elf32(r0, &(0x7f0000000180)=ANY=[@ANYRES64], 0xfffffe45) io_submit(r1, 0xf, &(0x7f0000000400)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r0, &(0x7f00000002c0)="80", 0x1}]) 09:52:40 executing program 5: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x80000000000002, &(0x7f0000000000)=0x78, 0x4) bind$inet(r1, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1=0xe0000001}, 0x10) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f00000000c0)={0x1, &(0x7f0000f40ff8)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000040)='dctcp\x00', 0x7fff) sendto$inet(r1, &(0x7f0000a88f88), 0xfffffffffffffe6e, 0x20000000, &(0x7f0000e68000)={0x2, 0x4004e23, @local={0xac, 0x14, 0x14, 0xaa}}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000001800)='nv\x00', 0x3) shutdown(r1, 0x1400) 09:52:40 executing program 6: mkdir(&(0x7f00000003c0)='./control\x00', 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000480)={0xaa}) r1 = creat(&(0x7f0000000040)='./control/file0\x00', 0x0) write$sndseq(r1, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) mkdir(&(0x7f0000000100)='./file0\x00', 0x0) r2 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000140)='/dev/dsp\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='9p\x00', 0x0, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c}) close(r0) 09:52:40 executing program 2: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0xf01f00, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) 09:52:40 executing program 4: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x4000, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) r0 = openat(0xffffffffffffffff, &(0x7f0000000040)='./file0\x00', 0x0, 0x40) getsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(0xffffffffffffff9c, 0x84, 0x9, &(0x7f0000000080)={0x0, @in6={{0xa, 0x4e23, 0x0, @ipv4={[], [0xff, 0xff], @loopback=0x7f000001}, 0x3}}, 0x3, 0x6, 0x6, 0xfffffffffffffff7, 0x84}, &(0x7f0000000140)=0x98) setsockopt$inet_sctp6_SCTP_AUTH_DEACTIVATE_KEY(r0, 0x84, 0x23, &(0x7f0000000200)={r1, 0x7fff}, 0x8) 09:52:40 executing program 2: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000040)='/dev/cuse\x00', 0x0, 0x0) getsockopt$inet_sctp_SCTP_PEER_ADDR_THLDS(0xffffffffffffffff, 0x84, 0x1f, &(0x7f0000000080)={0x0, @in={{0x2, 0x4e23, @multicast1=0xe0000001}}, 0xadd, 0x5}, &(0x7f0000000140)=0x90) setsockopt$inet_sctp_SCTP_RESET_STREAMS(r0, 0x84, 0x77, &(0x7f0000000200)={r1, 0x100000000}, 0x8) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 227.137242] RBP: 000000000072bea0 R08: 00000000200002c0 R09: 0000000000000000 [ 227.144505] R10: 0000000020000280 R11: 0000000000000246 R12: 0000000000000014 [ 227.151788] R13: 00000000004bb85d R14: 00000000004c8d28 R15: 0000000000000006 09:52:40 executing program 0 (fault-call:1 fault-nth:7): perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x31}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x0, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) [ 227.200873] FAT-fs (loop7): Directory bread(block 128) failed [ 227.213721] FAT-fs (loop7): Directory bread(block 129) failed 09:52:40 executing program 2: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xe, 0xffffffffffffffff, 0x0) clone(0x0, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040)='/dev/uinput\x00', 0x8000, 0x0) getsockopt$inet_sctp_SCTP_PEER_AUTH_CHUNKS(0xffffffffffffffff, 0x84, 0x1a, &(0x7f0000000080)={0x0, 0x75, "ebfc8ed1d942934bcf79b6f9895326a05187a9400becb4016531e3d03c7cc78ce39ae55072ff7438718fd524bace2e972f8d608b75cfcfb1942f6ee28e3f3397ea25081fd544f5261aaf0c049f083cb2d14dc7ace22045f14fbe34f2c8ba22fc8ba5a267d8d7d54ed9c026f53a7dc40b41d75bf9e9"}, &(0x7f0000000100)=0x7d) setsockopt$inet_sctp_SCTP_AUTH_DELETE_KEY(r0, 0x84, 0x19, &(0x7f0000000140)={r1, 0x2}, 0x8) [ 227.254551] FAT-fs (loop7): Directory bread(block 130) failed [ 227.273233] FAT-fs (loop7): Directory bread(block 131) failed [ 227.287345] FAT-fs (loop7): Directory bread(block 132) failed 09:52:40 executing program 4: r0 = openat$full(0xffffffffffffff9c, &(0x7f0000000040)='/dev/full\x00', 0x40000, 0x0) openat$cgroup_ro(r0, &(0x7f0000000140)='cpu.stat\x00', 0x0, 0x0) setsockopt$inet6_udp_int(r0, 0x11, 0xa, &(0x7f0000000080)=0x1000, 0x4) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x4000, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) fgetxattr(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="6274f114e73e00000100000000d80332"], &(0x7f0000000100)=""/16, 0x10) [ 227.301384] FAT-fs (loop7): Directory bread(block 133) failed [ 227.315276] FAT-fs (loop7): Directory bread(block 134) failed [ 227.321905] FAT-fs (loop7): Directory bread(block 135) failed [ 227.337510] FAT-fs (loop7): Directory bread(block 136) failed [ 227.351109] FAT-fs (loop7): Directory bread(block 137) failed [ 227.362998] FAULT_INJECTION: forcing a failure. [ 227.362998] name failslab, interval 1, probability 0, space 0, times 0 [ 227.374370] CPU: 0 PID: 12721 Comm: syz-executor0 Not tainted 4.18.0-rc5-next-20180720+ #12 [ 227.382878] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 227.392243] Call Trace: [ 227.394848] dump_stack+0x1c9/0x2b4 [ 227.398503] ? dump_stack_print_info.cold.2+0x52/0x52 [ 227.403718] ? perf_trace_lock+0x49d/0x920 [ 227.407983] should_fail.cold.4+0xa/0x11 [ 227.408763] attempt to access beyond end of device [ 227.412057] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 227.412076] ? unwind_get_return_address+0x61/0xa0 [ 227.412101] ? __save_stack_trace+0x8d/0xf0 [ 227.417088] loop7: rw=2049, want=310, limit=128 [ 227.422123] ? save_stack+0xa9/0xd0 [ 227.422141] ? save_stack+0x43/0xd0 [ 227.427081] Buffer I/O error on dev loop7, logical block 309, lost async page write [ 227.431350] ? kasan_kmalloc+0xc4/0xe0 [ 227.431366] ? __kmalloc_node+0x47/0x70 [ 227.431388] ? kvmalloc_node+0x65/0xf0 [ 227.462750] ? alloc_fdtable+0xd9/0x280 [ 227.466745] ? dup_fd+0xa7d/0xf60 [ 227.468355] attempt to access beyond end of device [ 227.470213] ? lock_acquire+0x1e4/0x540 [ 227.470231] ? fs_reclaim_acquire+0x20/0x20 [ 227.470247] ? lock_downgrade+0x8f0/0x8f0 [ 227.470264] ? lock_release+0xa30/0xa30 [ 227.475190] loop7: rw=2049, want=311, limit=128 [ 227.479140] ? check_same_owner+0x340/0x340 [ 227.479160] ? rcu_note_context_switch+0x730/0x730 [ 227.483513] Buffer I/O error on dev loop7, logical block 310, lost async page write [ 227.487589] __should_failslab+0x124/0x180 [ 227.487607] should_failslab+0x9/0x14 [ 227.487623] kmem_cache_alloc_node_trace+0x26f/0x770 [ 227.487641] ? kasan_unpoison_shadow+0x35/0x50 [ 227.493568] attempt to access beyond end of device [ 227.496256] __kmalloc_node+0x33/0x70 [ 227.496280] kvmalloc_node+0x65/0xf0 [ 227.496303] alloc_fdtable+0x145/0x280 [ 227.500625] loop7: rw=2049, want=312, limit=128 [ 227.505525] dup_fd+0xa7d/0xf60 [ 227.505552] ? __fdget+0x20/0x20 [ 227.513512] attempt to access beyond end of device [ 227.517557] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 227.517574] ? put_ctx+0xe5/0x140 [ 227.517593] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 227.517614] ? perf_event_init_task+0x1fa/0x870 [ 227.521402] loop7: rw=2049, want=313, limit=128 [ 227.526477] ? sched_fork+0x46d/0xbd0 [ 227.526499] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 227.531208] attempt to access beyond end of device [ 227.536185] ? copy_semundo+0xca/0x360 [ 227.536206] ? __ia32_sys_semop+0xb0/0xb0 [ 227.536227] ? kmem_cache_alloc+0x2fc/0x760 [ 227.536246] ? __lockdep_init_map+0x105/0x590 [ 227.540036] loop7: rw=2049, want=326, limit=128 [ 227.543727] ? __lockdep_init_map+0x105/0x590 [ 227.543751] copy_process.part.41+0x1ef5/0x73d0 [ 227.549473] attempt to access beyond end of device [ 227.552263] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 227.552283] ? perf_swevent_event+0x158/0x2e0 [ 227.552304] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 09:52:40 executing program 2: r0 = perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = dup(r0) ioctl$TUNSETOFFLOAD(r1, 0x400454d0, 0x8) clone(0x80200, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) [ 227.552323] ? perf_tp_event+0x91b/0xc40 [ 227.555596] loop7: rw=2049, want=327, limit=128 [ 227.558957] ? __cleanup_sighand+0x70/0x70 [ 227.564399] attempt to access beyond end of device [ 227.569389] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 227.569411] ? perf_tp_event+0x91b/0xc40 [ 227.569429] ? xas_descend+0x20c/0x5f0 [ 227.569455] ? perf_swevent_event+0x2e0/0x2e0 [ 227.569488] ? perf_swevent_event+0x158/0x2e0 [ 227.572927] loop7: rw=2049, want=328, limit=128 [ 227.578440] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 227.578455] ? perf_tp_event+0x91b/0xc40 [ 227.578474] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 227.584033] attempt to access beyond end of device [ 227.587771] ? filemap_map_pages+0xca2/0x1990 [ 227.587801] ? perf_swevent_event+0x2e0/0x2e0 [ 227.587824] ? perf_trace_run_bpf_submit+0x269/0x3b0 [ 227.587847] ? perf_trace_run_bpf_submit+0x269/0x3b0 [ 227.591643] loop7: rw=2049, want=329, limit=128 [ 227.597159] ? perf_tp_event+0xc40/0xc40 [ 227.597184] ? perf_trace_run_bpf_submit+0x269/0x3b0 [ 227.604170] attempt to access beyond end of device 09:52:40 executing program 4: r0 = getpid() r1 = fcntl$getown(0xffffffffffffff9c, 0x9) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000340)='/dev/vsock\x00', 0x400, 0x0) getsockopt$inet_sctp6_SCTP_RECVNXTINFO(r3, 0x84, 0x21, &(0x7f0000000380), &(0x7f00000003c0)=0x4) r4 = userfaultfd(0x800) kcmp(r0, r1, 0x2, r2, r4) getsockopt$sock_cred(0xffffffffffffff9c, 0x1, 0x11, &(0x7f0000000040)={0x0}, &(0x7f0000000080)=0xc) ptrace$getsig(0x4202, r5, 0xff, &(0x7f00000000c0)) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x4000, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) getsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, &(0x7f0000000140)=0x7fffffff, &(0x7f0000000200)=0x2) 09:52:40 executing program 2: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0x1000000000, 0xffffffffffffffff, 0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) getsockopt$IPT_SO_GET_INFO(r0, 0x0, 0x40, &(0x7f0000000040)={'nat\x00'}, &(0x7f00000000c0)=0x54) clone(0x0, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) [ 227.605958] ? perf_trace_run_bpf_submit+0x269/0x3b0 [ 227.605977] ? perf_trace_run_bpf_submit+0x270/0x3b0 [ 227.606001] ? perf_tp_event+0xc40/0xc40 [ 227.606021] ? zap_class+0x740/0x740 [ 227.610176] loop7: rw=2049, want=2153, limit=128 [ 227.614468] ? perf_trace_run_bpf_submit+0x269/0x3b0 [ 227.614484] ? perf_trace_run_bpf_submit+0x269/0x3b0 [ 227.614504] ? perf_trace_run_bpf_submit+0x270/0x3b0 [ 227.631866] attempt to access beyond end of device [ 227.632774] ? perf_tp_event+0xc40/0xc40 [ 227.632798] ? zap_class+0x740/0x740 [ 227.632820] ? memset+0x31/0x40 [ 227.637757] loop7: rw=2049, want=2154, limit=128 [ 227.643293] ? perf_trace_lock+0x49d/0x920 [ 227.643319] ? perf_trace_run_bpf_submit+0x269/0x3b0 [ 227.700271] attempt to access beyond end of device [ 227.704196] ? perf_trace_run_bpf_submit+0x270/0x3b0 [ 227.704222] ? zap_class+0x740/0x740 [ 227.704244] ? __check_object_size+0xa3/0x5d7 [ 227.704266] ? memset+0x31/0x40 [ 227.708327] loop7: rw=2049, want=2154, limit=128 [ 227.713339] ? zap_class+0x740/0x740 09:52:40 executing program 4: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) symlink(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='./file0\x00') clone(0x4000, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) 09:52:40 executing program 2: r0 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000140)='/proc/self/net/pfkey\x00', 0x4000, 0x0) getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, &(0x7f0000000200)=@assoc_value={0x0, 0xffffffffffffffc7}, &(0x7f0000000240)=0x8) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_CLIENT(r0, 0xc04c5349, &(0x7f0000000300)={0x8000, 0x100000001}) setsockopt$inet_sctp_SCTP_DELAYED_SACK(r0, 0x84, 0x10, &(0x7f0000000280)=@assoc_value={r1, 0x2}, 0x8) perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x80000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3e}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x0, &(0x7f0000000180)="563b33066f1268544e0b81e8ddbc6d00c59d866244f462d63aee28c68a3746854a0fb0cddcbdb6b2a7a7e124e66cc2b9eee36424ccb54758880c581fc90b0476f0b9b3a042ccc5eb0c7c457cd3be042c58b22cdeb32275080e4586a9fa4b60cbde8b438a90f49ed543dc", &(0x7f0000000100), &(0x7f00000002c0), &(0x7f00000000c0)="7824d422b6292472bb0823") mmap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x5, 0x100010, r0, 0x0) [ 227.713372] ? __f_unlock_pos+0x19/0x20 [ 227.857919] ? lock_downgrade+0x8f0/0x8f0 [ 227.862085] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 227.867639] ? proc_fail_nth_write+0x9e/0x210 [ 227.872159] ? lock_acquire+0x1e4/0x540 [ 227.876160] _do_fork+0x291/0x12a0 [ 227.879729] ? fork_idle+0x1a0/0x1a0 [ 227.883464] ? fsnotify_first_mark+0x350/0x350 [ 227.888074] ? fsnotify+0x14e0/0x14e0 [ 227.891901] ? __sb_end_write+0xac/0xe0 [ 227.895900] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 227.901453] ? fput+0x130/0x1a0 [ 227.904749] ? ksys_write+0x1ae/0x260 [ 227.908567] ? __ia32_sys_read+0xb0/0xb0 [ 227.912652] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 227.918212] __x64_sys_clone+0xbf/0x150 [ 227.922206] do_syscall_64+0x1b9/0x820 [ 227.926105] ? finish_task_switch+0x1d3/0x870 [ 227.930612] ? syscall_return_slowpath+0x5e0/0x5e0 [ 227.935557] ? syscall_return_slowpath+0x31d/0x5e0 [ 227.940498] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 227.945543] ? prepare_exit_to_usermode+0x291/0x3b0 [ 227.950581] ? perf_trace_sys_enter+0xb10/0xb10 [ 227.955263] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 227.960130] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 227.965328] RIP: 0033:0x455ab9 [ 227.969036] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 227.988612] RSP: 002b:00007f5327fa9c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 227.996342] RAX: ffffffffffffffda RBX: 00007f5327faa6d4 RCX: 0000000000455ab9 [ 228.003627] RDX: 0000000020000240 RSI: 0000000020000140 RDI: 0000000000000000 [ 228.010907] RBP: 000000000072bea0 R08: 00000000200002c0 R09: 0000000000000000 [ 228.018191] R10: 0000000020000280 R11: 0000000000000246 R12: 0000000000000014 [ 228.025470] R13: 00000000004bb85d R14: 00000000004c8d28 R15: 0000000000000007 09:52:42 executing program 3: mkdir(&(0x7f00000003c0)='./control\x00', 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000480)={0xaa}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000200)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = creat(&(0x7f0000000040)='./control/file0\x00', 0x0) write$sndseq(r1, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) mkdir(&(0x7f0000000100)='./file0\x00', 0x0) r2 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000140)='/dev/dsp\x00', 0x0, 0x0) pwrite64(r1, &(0x7f0000000080), 0x80000020, 0x0) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='9p\x00', 0x0, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c}) close(r0) 09:52:42 executing program 2: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet6_MRT6_DEL_MFC_PROXY(r0, 0x29, 0xd3, &(0x7f0000000040)={{0xa, 0x4e21, 0x8b90, @ipv4={[], [0xff, 0xff], @loopback=0x7f000001}, 0x100000000}, {0xa, 0x4e20, 0x5, @loopback={0x0, 0x1}}, 0x40, [0x10001, 0x2, 0x0, 0x0, 0xac, 0x1ff, 0xb06, 0x7fff]}, 0x5c) clone(0x0, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) 09:52:42 executing program 6: mkdir(&(0x7f00000003c0)='./control\x00', 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000480)={0xaa}) r1 = creat(&(0x7f0000000040)='./control/file0\x00', 0x0) write$sndseq(r1, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) mkdir(&(0x7f0000000100)='./file0\x00', 0x0) r2 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000140)='/dev/dsp\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='9p\x00', 0x0, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c}) close(r0) 09:52:42 executing program 4: perf_event_open(&(0x7f0000000180)={0x400000000002, 0x70, 0x3e5, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x400000, 0x0, 0x400000000000000, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000000, 0x0, 0x0, 0x0, 0x3, 0x0, 0x100, 0x0, 0x6, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x3, @perf_bp, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfff, 0x9}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x4000, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) r0 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/autofs\x00', 0x80, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, &(0x7f0000000200)={0x0, 0xb2924db8d6772071, &(0x7f0000000440)=[@in6={0xa, 0x4e21, 0xad, @remote={0xfe, 0x80, [], 0xbb}}, @in6={0xa, 0x4e20, 0x6, @ipv4={[], [0xff, 0xff], @dev={0xac, 0x14, 0x14, 0xb}}, 0x3}, @in={0x2, 0x4e21, @multicast1=0xe0000001}, @in6={0xa, 0x4e24, 0x7, @local={0xfe, 0x80, [], 0xaa}, 0x5}, @in6={0xa, 0x4e24, 0x10001, @dev={0xfe, 0x80, [], 0x13}, 0x86c6}, @in6={0xa, 0x4e22, 0x100000001, @loopback={0x0, 0x1}, 0x5c}, @in6={0xa, 0x4e23, 0x2, @remote={0xfe, 0x80, [], 0xbb}, 0x7fffffff}, @in={0x2, 0x4e21, @remote={0xac, 0x14, 0x14, 0xbb}}, @in6={0xa, 0x4e24, 0x7ff, @dev={0xfe, 0x80, [], 0x1a}, 0x1671}]}, &(0x7f00000002c0)=0x10) write$FUSE_STATFS(r0, &(0x7f00000003c0)={0x60, 0x0, 0x1, {{0x10000, 0xfffffffffffffffe, 0x100000000, 0x6016, 0x1f, 0x101, 0x1}}}, 0x60) getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(r0, 0x84, 0x6d, &(0x7f0000000300)=ANY=[@ANYRES32=r1, @ANYRESOCT=0x0], &(0x7f0000000380)=0x2) 09:52:42 executing program 0 (fault-call:1 fault-nth:8): perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x31}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x0, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) 09:52:42 executing program 7: syz_mount_image$vfat(&(0x7f0000000140)='vfat\x00', &(0x7f0000000100)='./file0\x00', 0x10001, 0x1, &(0x7f0000000040)=[{&(0x7f0000010000)="eb64c86d6b66732e66617400020441000500077008f8", 0x16}], 0x0, &(0x7f0000000240)=ANY=[]) r0 = open(&(0x7f00000001c0)='./file0/file0\x00', 0x3bffa, 0x0) io_setup(0x7, &(0x7f0000000000)=0x0) write$binfmt_elf32(r0, &(0x7f0000000180)=ANY=[@ANYRES64], 0xfffffe45) io_submit(r1, 0x3e, &(0x7f0000000400)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r0, &(0x7f00000002c0)="80", 0x1}]) 09:52:42 executing program 1: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x80000000000002, &(0x7f0000000000)=0x78, 0x4) bind$inet(r1, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1=0xe0000001}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000040)='dctcp\x00', 0x7fff) sendto$inet(r1, &(0x7f0000a88f88), 0xfffffffffffffe6e, 0x2000b001, &(0x7f0000e68000)={0x2, 0x4004e23, @local={0xac, 0x14, 0x14, 0xaa}}, 0x10) shutdown(r1, 0x1) 09:52:42 executing program 5: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x80000000000002, &(0x7f0000000000)=0x78, 0x4) bind$inet(r1, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1=0xe0000001}, 0x10) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f00000000c0)={0x1, &(0x7f0000f40ff8)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000040)='dctcp\x00', 0x7fff) sendto$inet(r1, &(0x7f0000a88f88), 0xfffffffffffffe6e, 0x20000000, &(0x7f0000e68000)={0x2, 0x4004e23, @local={0xac, 0x14, 0x14, 0xaa}}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000001800)='nv\x00', 0x3) shutdown(r1, 0x1) getsockopt$inet_sctp6_SCTP_FRAGMENT_INTERLEAVE(r0, 0x84, 0x12, &(0x7f0000000080), &(0x7f0000000100)=0x4) [ 229.318447] FAULT_INJECTION: forcing a failure. [ 229.318447] name failslab, interval 1, probability 0, space 0, times 0 [ 229.329747] CPU: 0 PID: 12798 Comm: syz-executor0 Not tainted 4.18.0-rc5-next-20180720+ #12 [ 229.333111] FAT-fs (loop7): Directory bread(block 128) failed [ 229.338242] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 229.338251] Call Trace: [ 229.338275] dump_stack+0x1c9/0x2b4 [ 229.338298] ? dump_stack_print_info.cold.2+0x52/0x52 09:52:42 executing program 4: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndpcmp(&(0x7f0000000040)='/dev/snd/pcmC#D#p\x00', 0x2, 0x400000) getsockopt$inet_sctp6_SCTP_ADAPTATION_LAYER(r0, 0x84, 0x7, &(0x7f0000000080), &(0x7f00000000c0)=0x3) ioctl$KVM_SET_CLOCK(r0, 0x4030ae7b, &(0x7f0000000200)={0x1c00000, 0x40}) getsockopt$inet_sctp_SCTP_DEFAULT_SNDINFO(r0, 0x84, 0x22, &(0x7f0000000380)={0x20, 0x4, 0x1c92f9e0, 0x1, 0x0}, &(0x7f00000003c0)=0x10) getsockopt$inet_sctp6_SCTP_RTOINFO(r0, 0x84, 0x0, &(0x7f0000000300)={r1, 0x80000000000007, 0x5, 0x8000}, &(0x7f0000000340)=0x10) ioctl$KVM_PPC_GET_SMMU_INFO(r0, 0x8250aea6, &(0x7f0000000240)=""/26) setsockopt$inet6_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f00000002c0)='nv\x00', 0x3) setsockopt$inet_sctp6_SCTP_DELAYED_SACK(r0, 0x84, 0x10, &(0x7f0000000280)=@assoc_value={r2, 0x7}, 0xa76b7de7fada2f82) [ 229.364911] ? perf_trace_lock+0x49d/0x920 [ 229.365926] FAT-fs (loop7): Directory bread(block 129) failed [ 229.369168] should_fail.cold.4+0xa/0x11 [ 229.369197] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 229.384229] ? lock_acquire+0x1e4/0x540 [ 229.388220] ? dup_fd+0x894/0xf60 [ 229.390517] FAT-fs (loop7): Directory bread(block 130) failed [ 229.391684] ? lock_downgrade+0x8f0/0x8f0 [ 229.391712] ? kasan_check_read+0x11/0x20 [ 229.391731] ? do_raw_spin_unlock+0xa7/0x2f0 [ 229.410278] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 229.415072] ? memset+0x31/0x40 [ 229.418381] ? lock_acquire+0x1e4/0x540 [ 229.422374] ? fs_reclaim_acquire+0x20/0x20 [ 229.423938] FAT-fs (loop7): Directory bread(block 131) failed [ 229.426713] ? lock_downgrade+0x8f0/0x8f0 [ 229.426745] ? check_same_owner+0x340/0x340 [ 229.426762] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 229.426780] ? put_ctx+0xe5/0x140 [ 229.442831] FAT-fs (loop7): Directory bread(block 132) failed [ 229.446628] ? rcu_note_context_switch+0x730/0x730 [ 229.446648] ? perf_event_init_task+0x1fa/0x870 [ 229.446670] __should_failslab+0x124/0x180 [ 229.446686] should_failslab+0x9/0x14 [ 229.460870] FAT-fs (loop7): Directory bread(block 133) failed [ 229.460916] kmem_cache_alloc+0x2af/0x760 [ 229.471607] FAT-fs (loop7): Directory bread(block 134) failed [ 229.473658] ? kmem_cache_alloc+0x2fc/0x760 [ 229.473679] ? __lockdep_init_map+0x105/0x590 [ 229.473710] copy_fs_struct+0x46/0x2d0 [ 229.488477] FAT-fs (loop7): Directory bread(block 135) failed [ 229.489646] copy_process.part.41+0x2e1d/0x73d0 [ 229.489668] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 229.489685] ? perf_swevent_event+0x158/0x2e0 [ 229.489703] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 229.494251] FAT-fs (loop7): Directory bread(block 136) failed [ 229.498488] ? perf_tp_event+0x91b/0xc40 [ 229.498535] ? __cleanup_sighand+0x70/0x70 [ 229.498553] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 229.498574] ? perf_tp_event+0x91b/0xc40 [ 229.502972] FAT-fs (loop7): Directory bread(block 137) failed [ 229.508307] ? xas_descend+0x20c/0x5f0 [ 229.508343] ? perf_swevent_event+0x2e0/0x2e0 [ 229.508379] ? perf_swevent_event+0x158/0x2e0 [ 229.571841] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 229.577369] ? perf_tp_event+0x91b/0xc40 [ 229.581417] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 229.586423] ? filemap_map_pages+0xca2/0x1990 [ 229.590927] ? perf_swevent_event+0x2e0/0x2e0 [ 229.595416] ? perf_trace_run_bpf_submit+0x269/0x3b0 [ 229.600530] ? perf_trace_run_bpf_submit+0x269/0x3b0 [ 229.605631] ? perf_tp_event+0xc40/0xc40 [ 229.609686] ? perf_trace_run_bpf_submit+0x269/0x3b0 [ 229.614780] ? perf_trace_run_bpf_submit+0x269/0x3b0 [ 229.619878] ? perf_trace_run_bpf_submit+0x270/0x3b0 [ 229.624975] ? perf_tp_event+0xc40/0xc40 [ 229.629032] ? zap_class+0x740/0x740 [ 229.632750] ? perf_trace_run_bpf_submit+0x269/0x3b0 [ 229.637843] ? perf_trace_run_bpf_submit+0x269/0x3b0 [ 229.642937] ? perf_trace_run_bpf_submit+0x270/0x3b0 [ 229.648041] ? perf_tp_event+0xc40/0xc40 [ 229.652095] ? zap_class+0x740/0x740 [ 229.655900] ? memset+0x31/0x40 [ 229.659173] ? perf_trace_lock+0x49d/0x920 [ 229.663396] ? perf_trace_run_bpf_submit+0x269/0x3b0 [ 229.668487] ? perf_trace_run_bpf_submit+0x270/0x3b0 [ 229.673584] ? zap_class+0x740/0x740 [ 229.677294] ? __check_object_size+0xa3/0x5d7 [ 229.681789] ? memset+0x31/0x40 [ 229.685072] ? zap_class+0x740/0x740 [ 229.688782] ? __f_unlock_pos+0x19/0x20 [ 229.692754] ? lock_downgrade+0x8f0/0x8f0 [ 229.696896] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 229.702425] ? proc_fail_nth_write+0x9e/0x210 [ 229.706921] ? lock_acquire+0x1e4/0x540 [ 229.710904] _do_fork+0x291/0x12a0 [ 229.714449] ? fork_idle+0x1a0/0x1a0 [ 229.718163] ? fsnotify_first_mark+0x350/0x350 [ 229.722745] ? fsnotify+0x14e0/0x14e0 [ 229.726555] ? __sb_end_write+0xac/0xe0 [ 229.730524] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 229.736052] ? fput+0x130/0x1a0 [ 229.739335] ? ksys_write+0x1ae/0x260 [ 229.743304] ? __ia32_sys_read+0xb0/0xb0 [ 229.747363] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 229.752901] __x64_sys_clone+0xbf/0x150 [ 229.756872] do_syscall_64+0x1b9/0x820 [ 229.760746] ? finish_task_switch+0x1d3/0x870 [ 229.765237] ? syscall_return_slowpath+0x5e0/0x5e0 [ 229.770160] ? syscall_return_slowpath+0x31d/0x5e0 [ 229.775086] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 229.780097] ? prepare_exit_to_usermode+0x291/0x3b0 [ 229.785107] ? perf_trace_sys_enter+0xb10/0xb10 [ 229.789769] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 229.794611] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 229.799798] RIP: 0033:0x455ab9 [ 229.802972] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 229.822349] RSP: 002b:00007f5327fa9c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 229.830138] RAX: ffffffffffffffda RBX: 00007f5327faa6d4 RCX: 0000000000455ab9 [ 229.837397] RDX: 0000000020000240 RSI: 0000000020000140 RDI: 0000000000000000 [ 229.844658] RBP: 000000000072bea0 R08: 00000000200002c0 R09: 0000000000000000 [ 229.851933] R10: 0000000020000280 R11: 0000000000000246 R12: 0000000000000014 [ 229.859196] R13: 00000000004bb85d R14: 00000000004c8d28 R15: 0000000000000008 09:52:42 executing program 4: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x4000, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='smaps\x00') getsockopt$inet_sctp_SCTP_ASSOCINFO(0xffffffffffffffff, 0x84, 0x1, &(0x7f0000000080)={0x0, 0x9, 0xe332, 0x1ff, 0x24}, &(0x7f00000000c0)=0x14) getsockopt$inet_sctp_SCTP_STATUS(0xffffffffffffffff, 0x84, 0xe, &(0x7f00000002c0)={0x0, 0x91, 0x6c, 0x100000001, 0xfffffffffffff1e5, 0x1ff, 0x9, 0x80, {0x0, @in={{0x2, 0x4e21, @remote={0xac, 0x14, 0x14, 0xbb}}}, 0x0, 0xee, 0x2, 0x5, 0x100}}, &(0x7f0000000100)=0xb0) ioctl$TIOCPKT(r0, 0x5420, &(0x7f0000000200)=0x1) getsockopt$inet_sctp6_SCTP_STATUS(r0, 0x84, 0xe, &(0x7f0000000380)={r1, 0x800, 0x6, 0x1200000000000, 0x0, 0x1000, 0x10001, 0x9, {r2, @in6={{0xa, 0x4e23, 0x800, @mcast1={0xff, 0x1, [], 0x1}, 0x20}}, 0x1f3, 0xffffffffffffff01, 0xff, 0x8, 0x8}}, &(0x7f0000000140)=0xb0) getsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f0000000440)={{{@in=@loopback, @in=@local}}, {{@in6=@mcast1}, 0x0, @in6}}, &(0x7f0000000540)=0xe8) 09:52:42 executing program 2: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x0, 0x0, 0xffffffffffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x1, &(0x7f0000000080)="6730d7578b0d98a1415827bbf233781b7b5628884e9d8aaeeb0a84b202d48acfc3b70272d426880771dad13b0b53a51cb7e2c041c29bb6a6eb4e63d52189360ad2be766d0e49ae80c2ccda6c7c001afa763282445959a2e1106720d3ee7974d0cc39e12d8707cdb962a7baa40c3dbf5f3a9058ec6ba3e51a8ae3ee38bd096a1d7a553e5bc45903ae9a05e4b1cadf2cb6a9cd5e9b77ca7e41e29b15b1e270ed856c3d0af9c91be342215a44a12c6fba8b30218bfadf6d05a5533d", &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)="7204ffe918c0aec4c1843352de5191f6ed80e95e4c916f04bb20b5f142a5bfcd4bc259d803c67be2b73accef6b57ba4a310644564a9403244054f02a4eb04777f70ffaa2bb872b11907ded7e506c05db2fdffd94bd8083cfd958c850081f60a137af2eb459ccc19bc75d4cb1eb65b1ff3e7f0adea2bd57569bac4e876d5f5df3c3f540fc53970bea9158b17bd75a4ddfdbbcec2d6707186fe0708501181c15cee25db4f986bf913c1f5ab8ed8614a81b0f515518cf24f4df27d537f65523a6e73b087b06216c703204bcb2b3387d89de") 09:52:42 executing program 0 (fault-call:1 fault-nth:9): perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x31}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x0, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) [ 230.018518] FAULT_INJECTION: forcing a failure. [ 230.018518] name failslab, interval 1, probability 0, space 0, times 0 [ 230.022612] attempt to access beyond end of device [ 230.029872] CPU: 0 PID: 12823 Comm: syz-executor0 Not tainted 4.18.0-rc5-next-20180720+ #12 [ 230.034793] loop7: rw=2049, want=310, limit=128 [ 230.043244] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 230.043251] Call Trace: [ 230.043277] dump_stack+0x1c9/0x2b4 [ 230.043308] ? dump_stack_print_info.cold.2+0x52/0x52 [ 230.068741] ? perf_trace_lock+0x49d/0x920 [ 230.072979] should_fail.cold.4+0xa/0x11 [ 230.077052] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 230.082151] ? unwind_get_return_address+0x61/0xa0 [ 230.087104] ? __save_stack_trace+0x8d/0xf0 [ 230.091441] ? save_stack+0xa9/0xd0 [ 230.095063] ? save_stack+0x43/0xd0 [ 230.098941] ? kasan_kmalloc+0xc4/0xe0 [ 230.102824] ? __kmalloc_node+0x47/0x70 [ 230.106805] ? kvmalloc_node+0x65/0xf0 [ 230.110695] ? alloc_fdtable+0xd9/0x280 [ 230.114659] ? dup_fd+0xa7d/0xf60 [ 230.118113] ? lock_acquire+0x1e4/0x540 [ 230.122095] ? fs_reclaim_acquire+0x20/0x20 [ 230.126410] ? lock_downgrade+0x8f0/0x8f0 [ 230.130548] ? lock_downgrade+0x8f0/0x8f0 [ 230.134694] ? check_same_owner+0x340/0x340 [ 230.139022] ? do_raw_spin_unlock+0xa7/0x2f0 [ 230.143434] ? rcu_note_context_switch+0x730/0x730 [ 230.148363] __should_failslab+0x124/0x180 [ 230.152592] should_failslab+0x9/0x14 [ 230.156384] kmem_cache_alloc_node_trace+0x26f/0x770 [ 230.161492] ? kasan_unpoison_shadow+0x35/0x50 [ 230.166087] __kmalloc_node+0x33/0x70 [ 230.169881] kvmalloc_node+0x65/0xf0 [ 230.173588] alloc_fdtable+0x145/0x280 [ 230.177468] dup_fd+0xa7d/0xf60 [ 230.180749] ? __fdget+0x20/0x20 [ 230.184110] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 230.189641] ? put_ctx+0xe5/0x140 [ 230.193438] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 230.198975] ? perf_event_init_task+0x1fa/0x870 [ 230.203640] ? sched_fork+0x46d/0xbd0 [ 230.207437] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 230.212969] ? copy_semundo+0xca/0x360 [ 230.216861] ? __ia32_sys_semop+0xb0/0xb0 [ 230.221001] ? kmem_cache_alloc+0x2fc/0x760 [ 230.225318] ? __lockdep_init_map+0x105/0x590 [ 230.229808] ? __lockdep_init_map+0x105/0x590 [ 230.234310] copy_process.part.41+0x1ef5/0x73d0 [ 230.238983] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 230.244516] ? perf_swevent_event+0x158/0x2e0 [ 230.249020] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 230.254562] ? perf_tp_event+0x91b/0xc40 [ 230.258632] ? __cleanup_sighand+0x70/0x70 [ 230.262864] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 230.268406] ? perf_tp_event+0x91b/0xc40 [ 230.272460] ? xas_descend+0x20c/0x5f0 [ 230.276351] ? perf_swevent_event+0x2e0/0x2e0 [ 230.280856] ? perf_swevent_event+0x158/0x2e0 [ 230.285349] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 230.290899] ? perf_tp_event+0x91b/0xc40 [ 230.294964] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 230.299977] ? filemap_map_pages+0xca2/0x1990 [ 230.304472] ? perf_swevent_event+0x2e0/0x2e0 [ 230.308989] ? perf_trace_run_bpf_submit+0x269/0x3b0 [ 230.314091] ? perf_trace_run_bpf_submit+0x269/0x3b0 [ 230.319200] ? perf_tp_event+0xc40/0xc40 [ 230.323271] ? perf_trace_run_bpf_submit+0x269/0x3b0 [ 230.328373] ? perf_trace_run_bpf_submit+0x269/0x3b0 [ 230.333471] ? perf_trace_run_bpf_submit+0x270/0x3b0 [ 230.338581] ? perf_tp_event+0xc40/0xc40 [ 230.342649] ? zap_class+0x740/0x740 [ 230.346359] ? perf_trace_run_bpf_submit+0x269/0x3b0 [ 230.351455] ? perf_trace_run_bpf_submit+0x269/0x3b0 [ 230.356563] ? perf_trace_run_bpf_submit+0x270/0x3b0 [ 230.361668] ? perf_tp_event+0xc40/0xc40 [ 230.365725] ? zap_class+0x740/0x740 [ 230.369433] ? memset+0x31/0x40 [ 230.372722] ? perf_trace_lock+0x49d/0x920 [ 230.376952] ? perf_trace_run_bpf_submit+0x269/0x3b0 [ 230.382048] ? perf_trace_run_bpf_submit+0x270/0x3b0 [ 230.387147] ? zap_class+0x740/0x740 [ 230.390867] ? __check_object_size+0xa3/0x5d7 [ 230.395360] ? memset+0x31/0x40 [ 230.398647] ? zap_class+0x740/0x740 [ 230.402360] ? __f_unlock_pos+0x19/0x20 [ 230.406328] ? lock_downgrade+0x8f0/0x8f0 [ 230.410473] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 230.416001] ? proc_fail_nth_write+0x9e/0x210 [ 230.420498] ? lock_acquire+0x1e4/0x540 [ 230.424473] _do_fork+0x291/0x12a0 [ 230.428011] ? fork_idle+0x1a0/0x1a0 [ 230.431720] ? fsnotify_first_mark+0x350/0x350 [ 230.436302] ? fsnotify+0x14e0/0x14e0 [ 230.440126] ? __sb_end_write+0xac/0xe0 [ 230.444112] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 230.449640] ? fput+0x130/0x1a0 [ 230.452913] ? ksys_write+0x1ae/0x260 [ 230.456718] ? __ia32_sys_read+0xb0/0xb0 [ 230.462073] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 230.467618] __x64_sys_clone+0xbf/0x150 [ 230.471587] do_syscall_64+0x1b9/0x820 [ 230.475464] ? finish_task_switch+0x1d3/0x870 [ 230.479950] ? syscall_return_slowpath+0x5e0/0x5e0 [ 230.484882] ? syscall_return_slowpath+0x31d/0x5e0 [ 230.489806] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 230.494817] ? prepare_exit_to_usermode+0x291/0x3b0 [ 230.499827] ? perf_trace_sys_enter+0xb10/0xb10 [ 230.504488] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 230.509341] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 230.514522] RIP: 0033:0x455ab9 [ 230.517694] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 230.537070] RSP: 002b:00007f5327fa9c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 230.544777] RAX: ffffffffffffffda RBX: 00007f5327faa6d4 RCX: 0000000000455ab9 [ 230.552039] RDX: 0000000020000240 RSI: 0000000020000140 RDI: 0000000000000000 [ 230.559419] RBP: 000000000072bea0 R08: 00000000200002c0 R09: 0000000000000000 09:52:43 executing program 2: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x0, &(0x7f0000000040), &(0x7f0000000240), &(0x7f0000000080), &(0x7f00000002c0)="6dd55ead9a584babf25c3df6ebf1bc2904b70cabacfac948a086f2da5c1a40937b32025a98e00f4beec23c2ced99da7063b37716d7e79b1c22687496629c62371a9e458aa3c77dd886854ebfe7be578aec874a103746f09450bd28699d18c3c88e09a17d4741ae90ac45494a34db76c5a34562b3c645b50e21c2474f2af58aa5e73bb6fa4864ee3deea7af1b4b687875f79076fc2bbf1ae1b4970e0889f7e60aedb159153ea2517ee2f46e9472630bf030db8c23a1e26b4d361fe57617ef8153b71e9501989ff3765e15559549e4aab2a2bac1c1e26c0e4a880e51658539cf698a89537c") 09:52:43 executing program 6: mkdir(&(0x7f00000003c0)='./control\x00', 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000480)={0xaa}) r1 = creat(&(0x7f0000000040)='./control/file0\x00', 0x0) write$sndseq(r1, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) mkdir(&(0x7f0000000100)='./file0\x00', 0x0) r2 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000140)='/dev/dsp\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='9p\x00', 0x0, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c}) close(r0) [ 230.566679] R10: 0000000020000280 R11: 0000000000000246 R12: 0000000000000014 [ 230.573942] R13: 00000000004bb85d R14: 00000000004c8d28 R15: 0000000000000009 09:52:43 executing program 1: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x80000000000002, &(0x7f0000000000)=0x78, 0x4) bind$inet(r1, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1=0xe0000001}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000040)='dctcp\x00', 0x7fff) sendto$inet(r1, &(0x7f0000a88f88), 0xfffffffffffffe6e, 0x20003d00, &(0x7f0000e68000)={0x2, 0x4004e23, @local={0xac, 0x14, 0x14, 0xaa}}, 0x10) shutdown(r1, 0x1) 09:52:43 executing program 4: r0 = perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0x0, 0xffffffffffffffff, 0xfffffffffffffffe) splice(r0, &(0x7f0000000040), r0, &(0x7f0000000080), 0xd4c5, 0x2) clone(0x4000, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) [ 230.622900] attempt to access beyond end of device [ 230.627940] loop7: rw=2049, want=2154, limit=128 [ 230.635892] attempt to access beyond end of device [ 230.640920] loop7: rw=2049, want=311, limit=128 [ 230.672282] attempt to access beyond end of device [ 230.677415] loop7: rw=2049, want=312, limit=128 [ 230.690415] attempt to access beyond end of device [ 230.695497] loop7: rw=2049, want=313, limit=128 [ 230.703057] attempt to access beyond end of device [ 230.708114] loop7: rw=2049, want=326, limit=128 [ 230.713605] attempt to access beyond end of device [ 230.718925] loop7: rw=2049, want=327, limit=128 [ 230.723629] buffer_io_error: 11 callbacks suppressed [ 230.723639] Buffer I/O error on dev loop7, logical block 326, lost async page write [ 230.747372] attempt to access beyond end of device [ 230.752429] loop7: rw=2049, want=328, limit=128 [ 230.757196] Buffer I/O error on dev loop7, logical block 327, lost async page write [ 230.786912] attempt to access beyond end of device [ 230.792139] loop7: rw=2049, want=329, limit=128 [ 230.796856] Buffer I/O error on dev loop7, logical block 328, lost async page write [ 230.832142] attempt to access beyond end of device [ 230.837158] loop7: rw=2049, want=2153, limit=128 [ 230.843992] attempt to access beyond end of device [ 230.848998] loop7: rw=2049, want=2154, limit=128 09:52:44 executing program 3: mkdir(&(0x7f00000003c0)='./control\x00', 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000480)={0xaa}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000200)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = creat(&(0x7f0000000040)='./control/file0\x00', 0x0) write$sndseq(r1, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) mkdir(&(0x7f0000000100)='./file0\x00', 0x0) r2 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000140)='/dev/dsp\x00', 0x0, 0x0) pwrite64(r1, &(0x7f0000000080), 0xfdef, 0x0) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='9p\x00', 0x0, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c}) close(r0) 09:52:44 executing program 5: r0 = syz_open_dev$vcsn(&(0x7f0000000080)='/dev/vcs#\x00', 0x100, 0x201) ioctl$VT_RELDISP(r0, 0x5605) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r2 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r2, 0x6, 0x80000000000002, &(0x7f0000000000)=0x78, 0x4) bind$inet(r2, &(0x7f0000deb000)={0x2, 0x4e23, @multicast2=0xe0000002}, 0x10) setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f00000000c0)={0x1, &(0x7f0000f40ff8)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r2, 0x6, 0xd, &(0x7f0000000040)='dctcp\x00', 0x7fff) sendto$inet(r2, &(0x7f0000a88f88), 0xfffffffffffffe6e, 0x20000000, &(0x7f0000e68000)={0x2, 0x4004e23, @local={0xac, 0x14, 0x14, 0xaa}}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r2, 0x6, 0xd, &(0x7f0000001800)='nv\x00', 0x3) shutdown(r2, 0x1) 09:52:44 executing program 0 (fault-call:1 fault-nth:10): perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x31}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x0, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) 09:52:44 executing program 4: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x500000000, 0x0, 0x0, 0x4268, 0x0, 0x0, 0x7ba}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x18000000, &(0x7f0000000040), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer\x00', 0x0, 0x0) accept$packet(r0, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @remote}, &(0x7f00000000c0)=0x14) ioctl$TUNSETIFINDEX(r0, 0x400454da, &(0x7f0000000100)=r1) 09:52:44 executing program 2: r0 = perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x0, &(0x7f0000000040), &(0x7f0000000240), &(0x7f0000000200), &(0x7f00000002c0)="d86344750d3f801746362f391a7c98dbcd86c3280d8b972d9a3516e0cd528bdf0a9f9f2685258dc27c1e959034a262a1b43eeef550bae79c6f5ac356740447f8d4f8ca24e72f0fb9608b99ac26da9b108203616381eeeb0917809ecf9da60cdd957d8081fe8d1902995cfbcffb31cfb91e88b9df683d57f69342787318b318a10ebb3c0860050313e4b9d6e49eab31dde518fb19ceea14cf35a9123aa4dda74dbe683fb8ff21849775556f8b3259dbed57344c42fecb752e880dd9669ecf22e8d9524c7fd08a266d7b0000") tee(r0, r0, 0xff, 0x8) 09:52:44 executing program 7: syz_mount_image$vfat(&(0x7f0000000140)='vfat\x00', &(0x7f0000000100)='./file0\x00', 0x10001, 0x1, &(0x7f0000000040)=[{&(0x7f0000010000)="eb64c86d6b66732e66617400020441000500077008f8", 0x16}], 0x0, &(0x7f0000000240)=ANY=[]) r0 = open(&(0x7f00000001c0)='./file0/file0\x00', 0x3bffa, 0x0) io_setup(0x7, &(0x7f0000000000)=0x0) write$binfmt_elf32(r0, &(0x7f0000000180)=ANY=[@ANYRES64], 0xfffffe45) io_submit(r1, 0xe500, &(0x7f0000000400)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r0, &(0x7f00000002c0)="80", 0x1}]) 09:52:44 executing program 6: mkdir(&(0x7f00000003c0)='./control\x00', 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000200)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = creat(&(0x7f0000000040)='./control/file0\x00', 0x0) write$sndseq(r1, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) mkdir(&(0x7f0000000100)='./file0\x00', 0x0) r2 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000140)='/dev/dsp\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='9p\x00', 0x0, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c}) close(r0) [ 231.462390] FAULT_INJECTION: forcing a failure. [ 231.462390] name failslab, interval 1, probability 0, space 0, times 0 [ 231.473700] CPU: 1 PID: 12868 Comm: syz-executor0 Not tainted 4.18.0-rc5-next-20180720+ #12 [ 231.482191] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 231.491547] Call Trace: [ 231.494148] dump_stack+0x1c9/0x2b4 [ 231.497790] ? dump_stack_print_info.cold.2+0x52/0x52 [ 231.502989] ? __save_stack_trace+0x8d/0xf0 [ 231.507322] ? perf_trace_lock+0xde/0x920 [ 231.511481] should_fail.cold.4+0xa/0x11 [ 231.515556] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 231.520663] ? zap_class+0x740/0x740 [ 231.524383] ? kmem_cache_alloc+0x12e/0x760 [ 231.528708] ? copy_process.part.41+0x2e1d/0x73d0 [ 231.533561] ? __x64_sys_clone+0xbf/0x150 [ 231.537709] ? do_syscall_64+0x1b9/0x820 [ 231.541778] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 231.547148] ? percpu_ref_put_many+0x119/0x240 [ 231.551751] ? lock_release+0xa30/0xa30 [ 231.555737] ? lock_acquire+0x1e4/0x540 [ 231.559718] ? fs_reclaim_acquire+0x20/0x20 [ 231.564049] ? lock_downgrade+0x8f0/0x8f0 [ 231.568199] ? copy_fs_struct+0x240/0x2d0 [ 231.572352] ? check_same_owner+0x340/0x340 [ 231.576679] ? kasan_check_read+0x11/0x20 [ 231.580829] ? rcu_note_context_switch+0x730/0x730 [ 231.585772] __should_failslab+0x124/0x180 [ 231.590012] should_failslab+0x9/0x14 [ 231.593821] kmem_cache_alloc+0x2af/0x760 [ 231.597983] ? _raw_spin_unlock+0x22/0x30 [ 231.602146] copy_process.part.41+0x20d5/0x73d0 [ 231.606827] ? zap_class+0x740/0x740 [ 231.610544] ? zap_class+0x740/0x740 [ 231.614274] ? __cleanup_sighand+0x70/0x70 [ 231.618511] ? lock_release+0xa30/0xa30 [ 231.622486] ? xas_descend+0x20c/0x5f0 [ 231.626381] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 231.631400] ? check_pgprot+0xdf/0x180 [ 231.635289] ? put_page+0x280/0x280 [ 231.638923] ? kasan_check_write+0x14/0x20 [ 231.643166] ? alloc_set_pte+0xaf6/0x1790 [ 231.647323] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 231.652347] ? filemap_map_pages+0xca2/0x1990 [ 231.656847] ? trace_hardirqs_on+0x10/0x10 09:52:44 executing program 4: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$mice(&(0x7f0000000040)='/dev/input/mice\x00', 0x0, 0x4000) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffffff, 0x84, 0x1d, &(0x7f0000000080)=ANY=[@ANYBLOB="0100fa00", @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=0x0], &(0x7f00000000c0)=0x24) getsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000200)={r1, 0x58, &(0x7f0000000100)=[@in={0x2, 0x4e22, @remote={0xac, 0x14, 0x14, 0xbb}}, @in6={0xa, 0x4e23, 0x5, @mcast1={0xff, 0x1, [], 0x1}}, @in={0x2, 0x4e21}, @in6={0xa, 0x4e24, 0xffffffffffffffff, @ipv4={[], [0xff, 0xff], @remote={0xac, 0x14, 0x14, 0xbb}}, 0x8}]}, &(0x7f00000002c0)=0x10) syz_open_dev$usbmon(&(0x7f0000000300)='/dev/usbmon#\x00', 0x5, 0x2000) clone(0x4000, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) 09:52:44 executing program 2: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x0, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000000c0)='cpuacct.usage_percpu\x00', 0x0, 0x0) setsockopt$nfc_llcp_NFC_LLCP_MIUX(r0, 0x118, 0x1, &(0x7f0000000100)=0xffffffff, 0x4) r1 = syz_open_dev$dmmidi(&(0x7f0000000040)='/dev/dmmidi#\x00', 0x4, 0x8400) ioctl$ION_IOC_ALLOC(r1, 0xc0184900, &(0x7f0000000140)={0xff, 0xc, 0x1, r1}) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r0, 0x84, 0x1d, &(0x7f0000000200)={0x9, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, &(0x7f00000002c0)=0x28) ioctl$SG_SET_TIMEOUT(r1, 0x2201, &(0x7f0000000080)=0x4) 09:52:44 executing program 2: pipe2(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x4000) ioctl$sock_inet6_udp_SIOCOUTQ(r1, 0x5411, &(0x7f0000000100)) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = syz_open_dev$usbmon(&(0x7f0000000040)='/dev/usbmon#\x00', 0x9, 0x40000) ioctl$TIOCGSID(r0, 0x5429, &(0x7f0000000200)=0x0) perf_event_open(&(0x7f0000000480)={0x6, 0x70, 0xca, 0x7, 0x480000000000, 0x1, 0x0, 0x7, 0x80200, 0x8, 0x3, 0x401, 0x5, 0x1, 0x4d, 0xfffffffffffffffa, 0xffffffffffffffb3, 0x3, 0x3, 0x8, 0x8, 0x200, 0x2, 0x9, 0x6, 0x6, 0x86e, 0x4, 0x1, 0x9970, 0x3, 0x10000, 0x7, 0xff, 0x80000001, 0x0, 0x1, 0xa2f, 0x0, 0xffff, 0x0, @perf_bp={&(0x7f0000000140)}, 0x100, 0xfffffffffffffff9, 0x81, 0x7, 0x5, 0x7fffffff, 0x8}, r3, 0xf, r1, 0x2) ioctl$KVM_GET_FPU(r2, 0x81a0ae8c, &(0x7f00000002c0)) ioctl$SNDRV_CTL_IOCTL_HWDEP_NEXT_DEVICE(r0, 0xc0045520, &(0x7f0000000500)=0x7ff) clone(0x0, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) setsockopt$inet_sctp_SCTP_AUTOCLOSE(r2, 0x84, 0x4, &(0x7f0000000080)=0x8, 0x4) 09:52:44 executing program 1: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x80000000000002, &(0x7f0000000000)=0x78, 0x4) bind$inet(r1, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1=0xe0000001}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000040)='dctcp\x00', 0x7fff) sendto$inet(r1, &(0x7f0000a88f88), 0xfffffffffffffe6e, 0x20000005, &(0x7f0000e68000)={0x2, 0x4004e23, @local={0xac, 0x14, 0x14, 0xaa}}, 0x10) shutdown(r1, 0x1) [ 231.661086] ? xa_set_tag+0x40/0x40 [ 231.664714] ? perf_trace_lock+0xde/0x920 [ 231.668872] ? trace_hardirqs_on+0x10/0x10 [ 231.673111] ? trace_hardirqs_on+0x10/0x10 [ 231.677346] ? trace_hardirqs_on+0x10/0x10 [ 231.681592] ? find_get_entries_tag+0x1410/0x1410 [ 231.686448] ? perf_trace_lock+0xde/0x920 [ 231.690600] ? zap_class+0x740/0x740 [ 231.694335] ? zap_class+0x740/0x740 [ 231.698050] ? zap_class+0x740/0x740 [ 231.701773] ? shrink_dcache_sb+0x350/0x350 [ 231.706098] ? perf_trace_lock+0xde/0x920 [ 231.710248] ? lock_acquire+0x1e4/0x540 [ 231.714228] ? __fdget_pos+0x1bb/0x200 [ 231.718117] ? zap_class+0x740/0x740 [ 231.721835] ? lock_release+0xa30/0xa30 [ 231.725811] ? check_same_owner+0x340/0x340 [ 231.730139] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 231.735688] ? _parse_integer+0x13b/0x190 [ 231.739844] ? perf_trace_lock+0xde/0x920 [ 231.744001] ? _kstrtoull+0x188/0x250 [ 231.747806] ? _parse_integer+0x190/0x190 [ 231.751959] ? zap_class+0x740/0x740 [ 231.755684] ? __check_object_size+0xa3/0x5d7 [ 231.760195] ? lock_acquire+0x1e4/0x540 [ 231.764178] ? get_pid_task+0xd8/0x1a0 [ 231.768074] ? perf_trace_lock+0xde/0x920 [ 231.772224] ? lock_release+0xa30/0xa30 [ 231.776203] ? zap_class+0x740/0x740 [ 231.779931] ? vmf_insert_mixed_mkwrite+0xa0/0xa0 [ 231.784781] ? __f_unlock_pos+0x19/0x20 [ 231.788760] ? lock_downgrade+0x8f0/0x8f0 [ 231.792915] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 231.798456] ? proc_fail_nth_write+0x9e/0x210 [ 231.802959] ? lock_acquire+0x1e4/0x540 [ 231.806945] _do_fork+0x291/0x12a0 09:52:44 executing program 2: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ppp\x00', 0x10000, 0x0) write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(0xffffffffffffff9c, &(0x7f0000000100)={0x10, 0x30, 0xfa00, {&(0x7f00000000c0)={0xffffffffffffffff}, 0x0, {0xa, 0x4e24, 0x5, @mcast2={0xff, 0x2, [], 0x1}, 0x9}}}, 0x38) write$RDMA_USER_CM_CMD_LEAVE_MCAST(r0, &(0x7f0000000140)={0x11, 0x10, 0xfa00, {&(0x7f0000000080), r1}}, 0x18) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x0, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) [ 231.810496] ? fork_idle+0x1a0/0x1a0 [ 231.814218] ? fsnotify_first_mark+0x350/0x350 [ 231.818805] ? fsnotify+0x14e0/0x14e0 [ 231.822617] ? __sb_end_write+0xac/0xe0 [ 231.826597] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 231.832136] ? fput+0x130/0x1a0 [ 231.835416] ? ksys_write+0x1ae/0x260 [ 231.839224] ? __ia32_sys_read+0xb0/0xb0 [ 231.843288] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 231.848829] __x64_sys_clone+0xbf/0x150 [ 231.852811] do_syscall_64+0x1b9/0x820 [ 231.856713] ? finish_task_switch+0x1d3/0x870 [ 231.856740] ? syscall_return_slowpath+0x5e0/0x5e0 [ 231.866140] ? syscall_return_slowpath+0x31d/0x5e0 [ 231.871074] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 231.876080] ? prepare_exit_to_usermode+0x291/0x3b0 [ 231.881085] ? perf_trace_sys_enter+0xb10/0xb10 [ 231.885785] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 231.890618] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 231.895788] RIP: 0033:0x455ab9 [ 231.898958] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 231.918162] RSP: 002b:00007f5327fa9c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 231.925851] RAX: ffffffffffffffda RBX: 00007f5327faa6d4 RCX: 0000000000455ab9 [ 231.933100] RDX: 0000000020000240 RSI: 0000000020000140 RDI: 0000000000000000 [ 231.940359] RBP: 000000000072bea0 R08: 00000000200002c0 R09: 0000000000000000 [ 231.947609] R10: 0000000020000280 R11: 0000000000000246 R12: 0000000000000014 [ 231.954861] R13: 00000000004bb85d R14: 00000000004c8d28 R15: 000000000000000a 09:52:44 executing program 6: mkdir(&(0x7f00000003c0)='./control\x00', 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000200)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = creat(&(0x7f0000000040)='./control/file0\x00', 0x0) write$sndseq(r1, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) mkdir(&(0x7f0000000100)='./file0\x00', 0x0) r2 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000140)='/dev/dsp\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='9p\x00', 0x0, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c}) close(r0) [ 232.005874] FAT-fs (loop7): Directory bread(block 128) failed [ 232.026571] FAT-fs (loop7): Directory bread(block 129) failed [ 232.047129] FAT-fs (loop7): Directory bread(block 130) failed 09:52:45 executing program 2: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x0, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040)='/dev/uinput\x00', 0x1, 0x0) setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f00000002c0)=ANY=[@ANYBLOB="00000092ac1414580100006dfcdac800e000000200001000ac1414174954ea29ae9f51eb9f87020a269164d11b2adf198e8d95524a9dcb61227dfd438a946df49873bb434cefc710ccd4b03f93386697b612ff642709eaa688cfacba7632b59fff65463881283b87ac9bbd53bba4d7d20f2190fdf6dd755516263c898575c108a88edb894d5c28f052230f17f426e7eec61a187517b6067117e409146d6e6fc5236901e65bc31a364d37891ecd12c64116704bd934d275bc413dcbcf1ee8b123c53eb94bfe21196faa5686b7dfe8110fe7069f9f3e38450a230c0d498b9074985766d0f96efd495e9fd95951c21c74bd1d1feba0333cdd8973120f58d64af652f0d5e90a3b24434367ffb6d51e77dda4b18b759a643d659a28240442e69896dcde5daeb7307e4feb64692f6fdc6b69df3d7d65830c7fe26e3103302b6fed80dc46e92a82da34fadf4b1396b216537926d5504041cbc6adcd3ab7d003bc61cfd984f639cb4d94d52061dd5fbf37339fcd7d7207c948f08c598920c79a42f045d40ef1d3d836477d7b4cad6bf589d60b1b28fc83f6545a6f9812622065c414193209dd35833596a36f"], 0x1c) ioctl$KVM_ASSIGN_SET_MSIX_NR(r0, 0x4008ae73, &(0x7f00000000c0)={0x9, 0x7}) r1 = semget$private(0x0, 0x0, 0x191) semctl$SEM_INFO(r1, 0x7, 0x13, &(0x7f0000000480)=""/226) 09:52:45 executing program 4: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$hfs(&(0x7f0000000040)='hfs\x00', &(0x7f0000000080)='./file0\x00', 0x1000, 0x1, &(0x7f0000000100)=[{&(0x7f00000000c0)="da635a899fa2dd5c6d16534fa62abbe4e468d518581dc6d36961cca0c92b1347d751acaca126671d8fb662419d6d38cc367bb4c26c5f", 0x36, 0x10000000000}], 0x1000000, &(0x7f0000000140)={[{@part={'part', 0x3d, 0x6}, 0x2c}, {@quiet='quiet', 0x2c}]}) r0 = syz_open_dev$vcsa(&(0x7f0000000200)='/dev/vcsa#\x00', 0x6, 0x1) ioctl$BLKRESETZONE(r0, 0x40101283, &(0x7f00000002c0)={0x3, 0x1}) clone(0x4000, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) [ 232.061496] FAT-fs (loop7): Directory bread(block 131) failed [ 232.073174] FAT-fs (loop7): Directory bread(block 132) failed [ 232.080535] FAT-fs (loop7): Directory bread(block 133) failed [ 232.093754] FAT-fs (loop7): Directory bread(block 134) failed [ 232.104483] hfs: can't find a HFS filesystem on dev loop4 09:52:45 executing program 0 (fault-call:1 fault-nth:11): perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x31}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x0, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) [ 232.110250] FAT-fs (loop7): Directory bread(block 135) failed [ 232.117192] FAT-fs (loop7): Directory bread(block 136) failed [ 232.123519] FAT-fs (loop7): Directory bread(block 137) failed [ 232.170007] FAULT_INJECTION: forcing a failure. [ 232.170007] name failslab, interval 1, probability 0, space 0, times 0 [ 232.181309] CPU: 1 PID: 12930 Comm: syz-executor0 Not tainted 4.18.0-rc5-next-20180720+ #12 [ 232.189799] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 232.199148] Call Trace: [ 232.199982] hfs: can't find a HFS filesystem on dev loop4 [ 232.201745] dump_stack+0x1c9/0x2b4 [ 232.201765] ? dump_stack_print_info.cold.2+0x52/0x52 [ 232.201786] ? perf_trace_lock+0xde/0x920 [ 232.201806] should_fail.cold.4+0xa/0x11 [ 232.201825] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 232.201838] ? kasan_check_read+0x11/0x20 [ 232.201856] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 232.238137] ? kasan_check_write+0x14/0x20 [ 232.242384] ? do_raw_spin_lock+0xc1/0x200 [ 232.246635] ? copy_signal+0xfc/0xcc0 [ 232.250444] ? sighand_ctor+0x50/0x50 [ 232.254340] ? lock_downgrade+0x8f0/0x8f0 [ 232.258499] ? lock_acquire+0x1e4/0x540 [ 232.262480] ? fs_reclaim_acquire+0x20/0x20 [ 232.266818] ? lock_downgrade+0x8f0/0x8f0 [ 232.266839] ? check_same_owner+0x340/0x340 [ 232.273984] attempt to access beyond end of device [ 232.275298] ? rcu_note_context_switch+0x730/0x730 [ 232.275317] __should_failslab+0x124/0x180 [ 232.275333] should_failslab+0x9/0x14 [ 232.275346] kmem_cache_alloc+0x2af/0x760 [ 232.275363] ? kasan_check_write+0x14/0x20 [ 232.280287] loop7: rw=2049, want=310, limit=128 [ 232.285183] ? do_raw_spin_lock+0xc1/0x200 [ 232.285202] copy_process.part.41+0x24bc/0x73d0 [ 232.289421] Buffer I/O error on dev loop7, logical block 309, lost async page write [ 232.293187] ? zap_class+0x740/0x740 [ 232.293203] ? zap_class+0x740/0x740 [ 232.330191] ? __cleanup_sighand+0x70/0x70 [ 232.334414] ? lock_release+0xa30/0xa30 [ 232.338370] ? xas_descend+0x20c/0x5f0 [ 232.342250] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 232.347248] ? check_pgprot+0xdf/0x180 [ 232.351118] ? put_page+0x280/0x280 [ 232.354742] ? kasan_check_write+0x14/0x20 [ 232.358968] ? alloc_set_pte+0xaf6/0x1790 [ 232.363104] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 232.368104] ? filemap_map_pages+0xca2/0x1990 [ 232.372585] ? trace_hardirqs_on+0x10/0x10 [ 232.376805] ? xa_set_tag+0x40/0x40 [ 232.380416] ? perf_trace_lock+0xde/0x920 [ 232.384546] ? trace_hardirqs_on+0x10/0x10 [ 232.388765] ? trace_hardirqs_on+0x10/0x10 [ 232.392987] ? trace_hardirqs_on+0x10/0x10 [ 232.397209] ? find_get_entries_tag+0x1410/0x1410 [ 232.402039] ? perf_trace_lock+0xde/0x920 [ 232.406171] ? zap_class+0x740/0x740 [ 232.409867] ? zap_class+0x740/0x740 [ 232.413561] ? zap_class+0x740/0x740 [ 232.417261] ? shrink_dcache_sb+0x350/0x350 [ 232.421565] ? perf_trace_lock+0xde/0x920 [ 232.425703] ? lock_acquire+0x1e4/0x540 [ 232.429665] ? __fdget_pos+0x1bb/0x200 [ 232.433544] ? zap_class+0x740/0x740 [ 232.437240] ? lock_release+0xa30/0xa30 [ 232.441199] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 232.446733] ? _parse_integer+0x13b/0x190 [ 232.450863] ? perf_trace_lock+0xde/0x920 [ 232.454991] ? _kstrtoull+0x188/0x250 [ 232.458777] ? _parse_integer+0x190/0x190 [ 232.462909] ? zap_class+0x740/0x740 [ 232.466607] ? __check_object_size+0xa3/0x5d7 [ 232.471090] ? lock_acquire+0x1e4/0x540 [ 232.475049] ? get_pid_task+0xd8/0x1a0 [ 232.478922] ? perf_trace_lock+0xde/0x920 [ 232.483057] ? lock_release+0xa30/0xa30 [ 232.487023] ? zap_class+0x740/0x740 [ 232.490738] ? vmf_insert_mixed_mkwrite+0xa0/0xa0 [ 232.495561] ? __f_unlock_pos+0x19/0x20 [ 232.499520] ? lock_downgrade+0x8f0/0x8f0 [ 232.503652] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 232.509176] ? proc_fail_nth_write+0x9e/0x210 [ 232.513659] ? lock_acquire+0x1e4/0x540 [ 232.517618] _do_fork+0x291/0x12a0 [ 232.521143] ? fork_idle+0x1a0/0x1a0 [ 232.524843] ? fsnotify_first_mark+0x350/0x350 [ 232.529407] ? fsnotify+0x14e0/0x14e0 [ 232.533208] ? __sb_end_write+0xac/0xe0 [ 232.537177] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 232.542697] ? fput+0x130/0x1a0 [ 232.545962] ? ksys_write+0x1ae/0x260 [ 232.549749] ? __ia32_sys_read+0xb0/0xb0 [ 232.553795] ? syscall_slow_exit_work+0x500/0x500 [ 232.558624] __x64_sys_clone+0xbf/0x150 [ 232.562585] do_syscall_64+0x1b9/0x820 [ 232.566457] ? finish_task_switch+0x1d3/0x870 [ 232.570946] ? syscall_return_slowpath+0x5e0/0x5e0 [ 232.575858] ? syscall_return_slowpath+0x31d/0x5e0 [ 232.580770] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 232.585769] ? prepare_exit_to_usermode+0x291/0x3b0 [ 232.590767] ? perf_trace_sys_enter+0xb10/0xb10 [ 232.595421] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 232.600259] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 232.605432] RIP: 0033:0x455ab9 [ 232.608599] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 232.627788] RSP: 002b:00007f5327fa9c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 232.635480] RAX: ffffffffffffffda RBX: 00007f5327faa6d4 RCX: 0000000000455ab9 [ 232.642728] RDX: 0000000020000240 RSI: 0000000020000140 RDI: 0000000000000000 [ 232.649980] RBP: 000000000072bea0 R08: 00000000200002c0 R09: 0000000000000000 [ 232.657232] R10: 0000000020000280 R11: 0000000000000246 R12: 0000000000000014 [ 232.664491] R13: 00000000004bb85d R14: 00000000004c8d28 R15: 000000000000000b [ 232.674171] attempt to access beyond end of device [ 232.679329] loop7: rw=2049, want=311, limit=128 [ 232.681899] attempt to access beyond end of device [ 232.684039] Buffer I/O error on dev loop7, logical block 310, lost async page write [ 232.688980] loop7: rw=2049, want=2154, limit=128 [ 232.709384] attempt to access beyond end of device [ 232.714487] loop7: rw=2049, want=312, limit=128 [ 232.719192] Buffer I/O error on dev loop7, logical block 311, lost async page write [ 232.729659] attempt to access beyond end of device [ 232.734864] loop7: rw=2049, want=313, limit=128 [ 232.739563] Buffer I/O error on dev loop7, logical block 312, lost async page write [ 232.786386] attempt to access beyond end of device [ 232.791442] loop7: rw=2049, want=326, limit=128 [ 232.796146] Buffer I/O error on dev loop7, logical block 325, lost async page write [ 232.805431] attempt to access beyond end of device [ 232.810524] loop7: rw=2049, want=327, limit=128 [ 232.815237] Buffer I/O error on dev loop7, logical block 326, lost async page write [ 232.830663] attempt to access beyond end of device [ 232.835722] loop7: rw=2049, want=328, limit=128 [ 232.840496] Buffer I/O error on dev loop7, logical block 327, lost async page write [ 232.840794] attempt to access beyond end of device [ 232.848376] attempt to access beyond end of device [ 232.853313] loop7: rw=2049, want=2154, limit=128 [ 232.863042] loop7: rw=2049, want=329, limit=128 [ 232.868766] attempt to access beyond end of device [ 232.873733] loop7: rw=2049, want=2153, limit=128 09:52:46 executing program 3: mkdir(&(0x7f00000003c0)='./control\x00', 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000480)={0xaa}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000200)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = creat(&(0x7f0000000040)='./control/file0\x00', 0x0) write$sndseq(r1, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) mkdir(&(0x7f0000000100)='./file0\x00', 0x0) r2 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000140)='/dev/dsp\x00', 0x0, 0x0) pwrite64(r1, &(0x7f0000000080), 0xeffd, 0x0) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='9p\x00', 0x0, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c}) close(r0) 09:52:46 executing program 2: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x0, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) r0 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0x2, 0x400400) ioctl$VHOST_GET_FEATURES(r0, 0x8008af00, &(0x7f0000000080)) 09:52:46 executing program 6: mkdir(&(0x7f00000003c0)='./control\x00', 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000200)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = creat(&(0x7f0000000040)='./control/file0\x00', 0x0) write$sndseq(r1, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) mkdir(&(0x7f0000000100)='./file0\x00', 0x0) r2 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000140)='/dev/dsp\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='9p\x00', 0x0, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c}) close(r0) 09:52:46 executing program 4: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$dspn(&(0x7f0000000080)='/dev/dsp#\x00', 0x81, 0x0) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000640)={r1, &(0x7f0000000600)}, 0x10) ioctl(r1, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r2 = perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) ioctl$SNDRV_SEQ_IOCTL_DELETE_PORT(r0, 0x40a85321, &(0x7f0000000540)={{0x9, 0x7}, 'port1\x00', 0x8, 0x80000, 0x41, 0xd8aa, 0x200, 0xfffffffffffffff7, 0x3, 0x0, 0x4, 0x1}) bind$bt_l2cap(r3, &(0x7f0000000100)={0x1f}, 0xe) getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffff9c, 0x84, 0xa, &(0x7f00000000c0)={0x0, 0x1, 0x201, 0x6, 0x80000001, 0x1, 0x7ff, 0x4d5, 0x0}, &(0x7f0000000140)=0x20) socket$netlink(0x10, 0x3, 0x6901665751ae67ca) getsockopt$inet_sctp_SCTP_GET_ASSOC_STATS(r0, 0x84, 0x70, &(0x7f0000000240)={r4, @in6={{0xa, 0x4e23, 0xffffffffffffffc1, @remote={0xfe, 0x80, [], 0xbb}, 0x9}}, [0x4, 0x40, 0xfffffffffffffffb, 0x4, 0x401, 0x0, 0x0, 0x537b, 0x5, 0x7, 0x401, 0x3446, 0x9, 0x0, 0x6]}, &(0x7f0000000340)=0x100) fcntl$F_SET_RW_HINT(r2, 0x40c, &(0x7f0000000440)=0x3) clone(0x38000, &(0x7f00000004c0)="d4a9457d0c3df924b6ce9f653dc6b62987a4050f8a614992249b49e4d01e2fdad22a9d37e80b4213f1ca124f34d53113be2408d11e5e33e37adac6687f21af9fb2b6a888e8bb6455e8cc82ee31a8cc9a3314affd3a1c681659548c7f2eb414e25603f28fabdc64aa08917e", &(0x7f0000000100), &(0x7f0000000200), &(0x7f0000000380)="f682877c01d078a11386bd6f7066815e1d99ed2850e486218928206c29f1066cf3b673790af7e957b1f32443595a060715e174bdb498a5610729155cc34503bb9000bc0dc95d5be73f49c01da5cf0dea9387f0af90acc91145caed788463688d9b95902a2a420b39b315b7823563474bb425c6a29c46339215056def7f62d17f819adc3d2de1ad") gettid() ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000040)) setsockopt$inet_sctp_SCTP_AUTOCLOSE(r3, 0x84, 0x4, &(0x7f0000000480)=0x7, 0x4) 09:52:46 executing program 1: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x80000000000002, &(0x7f0000000000)=0x78, 0x4) bind$inet(r1, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1=0xe0000001}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000040)='dctcp\x00', 0x7fff) sendto$inet(r1, &(0x7f0000a88f88), 0xfffffffffffffe6e, 0x200000ca, &(0x7f0000e68000)={0x2, 0x4004e23, @local={0xac, 0x14, 0x14, 0xaa}}, 0x10) shutdown(r1, 0x1) 09:52:46 executing program 5: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x80000000000002, &(0x7f0000000000)=0x78, 0x4) bind$inet(r1, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1=0xe0000001}, 0x10) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f00000000c0)={0x1, &(0x7f0000f40ff8)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000040)='dctcp\x00', 0x7fff) r2 = semget$private(0x0, 0x0, 0x20) semctl$SEM_INFO(r2, 0x3, 0x13, &(0x7f0000000080)=""/20) sendto$inet(r1, &(0x7f0000a88f88), 0xfffffffffffffe6e, 0x20000000, &(0x7f0000e68000)={0x2, 0x4004e23, @local={0xac, 0x14, 0x14, 0xaa}}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000001800)='nv\x00', 0x3) shutdown(r1, 0x1) 09:52:46 executing program 0 (fault-call:1 fault-nth:12): perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x31}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x0, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) 09:52:46 executing program 7: syz_mount_image$vfat(&(0x7f0000000140)='vfat\x00', &(0x7f0000000100)='./file0\x00', 0x10001, 0x1, &(0x7f0000000040)=[{&(0x7f0000010000)="eb64c86d6b66732e66617400020441000500077008f8", 0x16}], 0x0, &(0x7f0000000240)=ANY=[]) r0 = open(&(0x7f00000001c0)='./file0/file0\x00', 0x3bffa, 0x0) io_setup(0x7, &(0x7f0000000000)=0x0) write$binfmt_elf32(r0, &(0x7f0000000180)=ANY=[@ANYRES64], 0xfffffe45) io_submit(r1, 0x9, &(0x7f0000000400)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r0, &(0x7f00000002c0)="80", 0x1}]) [ 233.979343] FAULT_INJECTION: forcing a failure. [ 233.979343] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 233.991259] CPU: 0 PID: 12962 Comm: syz-executor0 Not tainted 4.18.0-rc5-next-20180720+ #12 [ 233.999765] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 234.009135] Call Trace: [ 234.010011] FAT-fs (loop7): Directory bread(block 128) failed [ 234.011747] dump_stack+0x1c9/0x2b4 [ 234.011770] ? dump_stack_print_info.cold.2+0x52/0x52 [ 234.011802] should_fail.cold.4+0xa/0x11 [ 234.030530] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 234.035642] ? perf_trace_lock+0x49d/0x920 [ 234.039888] ? perf_trace_run_bpf_submit+0x270/0x3b0 [ 234.044985] ? zap_class+0x740/0x740 [ 234.048705] ? perf_trace_run_bpf_submit+0x269/0x3b0 [ 234.053799] ? perf_trace_run_bpf_submit+0x270/0x3b0 [ 234.058903] ? lock_acquire+0x1e4/0x540 [ 234.062871] ? fs_reclaim_acquire+0x20/0x20 [ 234.067361] ? lock_downgrade+0x8f0/0x8f0 [ 234.071522] ? check_same_owner+0x340/0x340 [ 234.075844] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 234.080872] ? rcu_note_context_switch+0x730/0x730 [ 234.085809] __alloc_pages_nodemask+0x36e/0xdb0 [ 234.090493] ? __alloc_pages_slowpath+0x2d00/0x2d00 [ 234.095512] ? rcu_is_watching+0x8c/0x150 [ 234.099654] ? rcu_cleanup_dead_rnp+0x200/0x200 [ 234.104322] ? kernel_text_address+0x79/0xf0 [ 234.108809] ? __kernel_text_address+0xd/0x40 [ 234.113293] ? unwind_get_return_address+0x61/0xa0 [ 234.118211] ? __lockdep_init_map+0x105/0x590 [ 234.123113] ? lockdep_init_map+0x9/0x10 [ 234.127174] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 234.132714] alloc_pages_current+0x10c/0x210 [ 234.137119] __get_free_pages+0xc/0x40 [ 234.140998] pgd_alloc+0x76/0x3f0 [ 234.144444] ? copy_process.part.41+0x24bc/0x73d0 [ 234.149279] ? pgd_page_get_mm+0x40/0x40 [ 234.153418] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 234.158786] ? __lockdep_init_map+0x105/0x590 [ 234.163280] mm_init+0x757/0xc70 [ 234.166648] ? list_add_tail_rcu+0x200/0x200 [ 234.171046] ? memcg_kmem_get_cache+0x3a9/0x9d0 [ 234.175719] ? mem_cgroup_handle_over_high+0x130/0x130 [ 234.181000] ? fs_reclaim_acquire+0x20/0x20 [ 234.185324] ? lock_downgrade+0x8f0/0x8f0 [ 234.189481] ? percpu_ref_put_many+0x131/0x240 [ 234.194053] ? mem_cgroup_id_get_online+0x310/0x310 [ 234.199057] ? kasan_unpoison_shadow+0x35/0x50 [ 234.203638] ? kasan_kmalloc+0xc4/0xe0 [ 234.207520] ? kasan_slab_alloc+0x12/0x20 [ 234.211660] ? kmem_cache_alloc+0x2fc/0x760 [ 234.216003] ? kasan_check_write+0x14/0x20 [ 234.220237] ? do_raw_spin_lock+0xc1/0x200 [ 234.224468] copy_process.part.41+0x2524/0x73d0 [ 234.229128] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 234.234659] ? perf_swevent_event+0x158/0x2e0 [ 234.239150] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 234.244676] ? perf_tp_event+0x91b/0xc40 [ 234.248752] ? __cleanup_sighand+0x70/0x70 [ 234.252977] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 234.258512] ? perf_tp_event+0x91b/0xc40 [ 234.262563] ? xas_descend+0x20c/0x5f0 [ 234.266452] ? perf_swevent_event+0x2e0/0x2e0 [ 234.270948] ? perf_swevent_event+0x158/0x2e0 [ 234.275435] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 234.280972] ? perf_tp_event+0x91b/0xc40 [ 234.285026] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 234.290037] ? filemap_map_pages+0xca2/0x1990 [ 234.294549] ? perf_swevent_event+0x2e0/0x2e0 [ 234.299045] ? perf_trace_run_bpf_submit+0x269/0x3b0 [ 234.304148] ? perf_trace_run_bpf_submit+0x269/0x3b0 [ 234.309252] ? perf_tp_event+0xc40/0xc40 [ 234.313308] ? perf_trace_run_bpf_submit+0x269/0x3b0 [ 234.318409] ? perf_trace_run_bpf_submit+0x269/0x3b0 [ 234.323596] ? perf_trace_run_bpf_submit+0x270/0x3b0 [ 234.328699] ? perf_tp_event+0xc40/0xc40 [ 234.332751] ? zap_class+0x740/0x740 [ 234.336461] ? perf_trace_run_bpf_submit+0x269/0x3b0 [ 234.341582] ? perf_trace_run_bpf_submit+0x269/0x3b0 [ 234.346856] ? perf_trace_run_bpf_submit+0x270/0x3b0 [ 234.351954] ? perf_tp_event+0xc40/0xc40 [ 234.356009] ? zap_class+0x740/0x740 [ 234.359735] ? memset+0x31/0x40 [ 234.363019] ? perf_trace_lock+0x49d/0x920 [ 234.367259] ? perf_trace_run_bpf_submit+0x269/0x3b0 [ 234.372354] ? perf_trace_run_bpf_submit+0x270/0x3b0 [ 234.377454] ? zap_class+0x740/0x740 [ 234.381168] ? __check_object_size+0xa3/0x5d7 [ 234.385658] ? memset+0x31/0x40 [ 234.388941] ? zap_class+0x740/0x740 [ 234.392652] ? __f_unlock_pos+0x19/0x20 [ 234.396619] ? lock_downgrade+0x8f0/0x8f0 [ 234.400763] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 234.406303] ? proc_fail_nth_write+0x9e/0x210 [ 234.410791] ? lock_acquire+0x1e4/0x540 [ 234.414763] _do_fork+0x291/0x12a0 [ 234.418297] ? fork_idle+0x1a0/0x1a0 [ 234.422002] ? fsnotify_first_mark+0x350/0x350 [ 234.426581] ? fsnotify+0x14e0/0x14e0 [ 234.430380] ? __sb_end_write+0xac/0xe0 [ 234.434347] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 234.439879] ? fput+0x130/0x1a0 [ 234.443150] ? ksys_write+0x1ae/0x260 [ 234.446943] ? __ia32_sys_read+0xb0/0xb0 [ 234.451003] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 234.456539] __x64_sys_clone+0xbf/0x150 [ 234.460534] do_syscall_64+0x1b9/0x820 [ 234.464417] ? finish_task_switch+0x1d3/0x870 [ 234.468920] ? syscall_return_slowpath+0x5e0/0x5e0 [ 234.473840] ? syscall_return_slowpath+0x31d/0x5e0 [ 234.478761] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 234.484029] ? prepare_exit_to_usermode+0x291/0x3b0 [ 234.489049] ? perf_trace_sys_enter+0xb10/0xb10 [ 234.493709] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 234.498549] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 234.503724] RIP: 0033:0x455ab9 [ 234.506901] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 234.526286] RSP: 002b:00007f5327fa9c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 234.533988] RAX: ffffffffffffffda RBX: 00007f5327faa6d4 RCX: 0000000000455ab9 [ 234.541252] RDX: 0000000020000240 RSI: 0000000020000140 RDI: 0000000000000000 [ 234.548519] RBP: 000000000072bea0 R08: 00000000200002c0 R09: 0000000000000000 [ 234.555777] R10: 0000000020000280 R11: 0000000000000246 R12: 0000000000000014 [ 234.563035] R13: 00000000004bb85d R14: 00000000004c8d28 R15: 000000000000000c 09:52:47 executing program 6: mkdir(&(0x7f00000003c0)='./control\x00', 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, &(0x7f0000000480)={0xaa}) ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f0000000200)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r0 = creat(&(0x7f0000000040)='./control/file0\x00', 0x0) write$sndseq(r0, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) mkdir(&(0x7f0000000100)='./file0\x00', 0x0) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000140)='/dev/dsp\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='9p\x00', 0x0, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c}) close(0xffffffffffffffff) [ 234.589434] FAT-fs (loop7): Directory bread(block 129) failed [ 234.602838] FAT-fs (loop7): Directory bread(block 130) failed [ 234.613877] FAT-fs (loop7): Directory bread(block 131) failed [ 234.623713] FAT-fs (loop7): Directory bread(block 132) failed 09:52:47 executing program 1: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x80000000000002, &(0x7f0000000000)=0x78, 0x4) bind$inet(r1, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1=0xe0000001}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000040)='dctcp\x00', 0x7fff) sendto$inet(r1, &(0x7f0000a88f88), 0xfffffffffffffe6e, 0x2000057c, &(0x7f0000e68000)={0x2, 0x4004e23, @local={0xac, 0x14, 0x14, 0xaa}}, 0x10) shutdown(r1, 0x1) 09:52:47 executing program 4: r0 = perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='usereth0\x00'}, 0x10) ioctl$GIO_UNIMAP(r1, 0x4b66, &(0x7f0000000100)={0x13d54aadaecdb960, &(0x7f0000000140)=[{}, {}, {}, {}, {}, {}, {}]}) ioctl$TCSBRK(r0, 0x5409, 0x100) clone(0x4000, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) 09:52:47 executing program 2: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x0, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) r0 = syz_open_dev$usbmon(&(0x7f00000000c0)='/dev/usbmon#\x00', 0x1, 0x40400) getsockopt$IPT_SO_GET_ENTRIES(r0, 0x0, 0x41, &(0x7f0000000100)={'mangle\x00', 0x9f, "a0daf1b4d322f5b927aa66e37f31eacf90b5b0278c52e22412d14a1c802f56de64d6ddde16919bfd3f5a49bb6c69be9360860896e5492b5d941bab513f8eb6774274724d7de6c1425931314e8d31a8617f1aefdc6a6565a412c3d1517c674513e419ce0afabd02c89c911e48616fae15325fadcf1d92c0b1a4f7a83e6c860f0e9877a858e6ed4fa06170879a8349dc71c9c4101b2aaf1fba9bdbca70f84cab"}, &(0x7f0000000200)=0xc3) 09:52:47 executing program 0 (fault-call:1 fault-nth:13): perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x31}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x0, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) [ 234.636447] FAT-fs (loop7): Directory bread(block 133) failed [ 234.647108] FAT-fs (loop7): Directory bread(block 134) failed [ 234.654007] FAT-fs (loop7): Directory bread(block 135) failed [ 234.660454] FAT-fs (loop7): Directory bread(block 136) failed [ 234.666787] FAT-fs (loop7): Directory bread(block 137) failed [ 234.756746] FAULT_INJECTION: forcing a failure. [ 234.756746] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 234.768819] CPU: 0 PID: 12997 Comm: syz-executor0 Not tainted 4.18.0-rc5-next-20180720+ #12 [ 234.777325] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 234.786693] Call Trace: [ 234.789303] dump_stack+0x1c9/0x2b4 [ 234.792957] ? dump_stack_print_info.cold.2+0x52/0x52 [ 234.798186] should_fail.cold.4+0xa/0x11 [ 234.802276] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 234.804345] attempt to access beyond end of device [ 234.807398] ? perf_trace_lock+0x49d/0x920 [ 234.807423] ? perf_trace_run_bpf_submit+0x270/0x3b0 [ 234.812351] loop7: rw=2049, want=310, limit=128 [ 234.816567] ? zap_class+0x740/0x740 [ 234.816592] ? perf_trace_run_bpf_submit+0x269/0x3b0 [ 234.822324] attempt to access beyond end of device [ 234.826337] ? perf_trace_run_bpf_submit+0x270/0x3b0 [ 234.826368] ? lock_acquire+0x1e4/0x540 [ 234.830192] loop7: rw=2049, want=311, limit=128 [ 234.835254] ? fs_reclaim_acquire+0x20/0x20 [ 234.835276] ? lock_downgrade+0x8f0/0x8f0 [ 234.840661] attempt to access beyond end of device [ 234.845281] ? check_same_owner+0x340/0x340 [ 234.845300] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 234.845317] ? rcu_note_context_switch+0x730/0x730 [ 234.849282] loop7: rw=2049, want=312, limit=128 [ 234.853958] __alloc_pages_nodemask+0x36e/0xdb0 [ 234.853983] ? __alloc_pages_slowpath+0x2d00/0x2d00 [ 234.859999] attempt to access beyond end of device [ 234.862418] ? rcu_is_watching+0x8c/0x150 [ 234.862436] ? rcu_cleanup_dead_rnp+0x200/0x200 [ 234.862467] ? kernel_text_address+0x79/0xf0 [ 234.867379] loop7: rw=2049, want=313, limit=128 [ 234.871676] ? __kernel_text_address+0xd/0x40 [ 234.871695] ? unwind_get_return_address+0x61/0xa0 [ 234.886945] attempt to access beyond end of device [ 234.890920] ? __lockdep_init_map+0x105/0x590 [ 234.890941] ? lockdep_init_map+0x9/0x10 [ 234.890962] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 234.895973] loop7: rw=2049, want=326, limit=128 [ 234.900877] alloc_pages_current+0x10c/0x210 [ 234.900902] __get_free_pages+0xc/0x40 [ 234.908468] attempt to access beyond end of device [ 234.909691] pgd_alloc+0x76/0x3f0 [ 234.909707] ? copy_process.part.41+0x24bc/0x73d0 [ 234.909725] ? pgd_page_get_mm+0x40/0x40 [ 234.914127] loop7: rw=2049, want=327, limit=128 [ 234.918773] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 234.918788] ? __lockdep_init_map+0x105/0x590 [ 234.918815] mm_init+0x757/0xc70 [ 234.923696] attempt to access beyond end of device [ 234.928221] ? list_add_tail_rcu+0x200/0x200 [ 234.928237] ? memcg_kmem_get_cache+0x3a9/0x9d0 [ 234.928257] ? mem_cgroup_handle_over_high+0x130/0x130 [ 234.933180] loop7: rw=2049, want=328, limit=128 [ 234.937643] ? fs_reclaim_acquire+0x20/0x20 [ 234.937666] ? lock_downgrade+0x8f0/0x8f0 [ 234.942042] attempt to access beyond end of device [ 234.947232] ? percpu_ref_put_many+0x131/0x240 [ 234.947253] ? mem_cgroup_id_get_online+0x310/0x310 [ 234.951912] loop7: rw=2049, want=329, limit=128 [ 234.956296] ? kasan_unpoison_shadow+0x35/0x50 [ 234.956315] ? kasan_kmalloc+0xc4/0xe0 09:52:47 executing program 4: r0 = dup3(0xffffffffffffff9c, 0xffffffffffffff9c, 0x80000) r1 = accept4$inet6(r0, &(0x7f00000004c0)={0x0, 0x0, 0x0, @loopback}, &(0x7f0000000500)=0x1c, 0x800) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x40000, &(0x7f0000000600)="e6e4b8bbc575b5a99d5056ec656cc84a806952bb287153d4847631b48407d75407d3c16772d6ed1b0a16c13e87dca4f8001c763ab3ef10b19cb2488814310955911374fabf50e4054425914b6a4394d4e105c7881056d0e5be1d1fc6312baf3a7a310d620c6bc26369a08b8f44145867", &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) ioctl$ifreq_SIOCGIFINDEX_team(r1, 0x8933, &(0x7f0000000580)={'team0\x00', 0x0}) accept4$packet(0xffffffffffffffff, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @remote}, &(0x7f0000000680)=0x14, 0x80000) sendmsg$nl_route(r1, &(0x7f0000000740)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000700)={&(0x7f00000006c0)=@bridge_newneigh={0x40, 0x1c, 0x604, 0x70bd2d, 0x25dfdbfe, {0x1c, 0x0, 0x0, r2, 0x0, 0x10}, [@NDA_DST_IPV6={0x14, 0x1, @loopback={0x0, 0x1}}, @NDA_IFINDEX={0x8, 0x8, r3}, @NDA_SRC_VNI={0x8, 0xb, 0x20}]}, 0x40}, 0x1, 0x0, 0x0, 0x8010}, 0x1) getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000000340)={{{@in6=@ipv4={[], [], @multicast2}, @in=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{}, 0x0, @in=@remote}}, &(0x7f0000000540)=0xe8) syz_mount_image$hfsplus(&(0x7f0000000040)='hfsplus\x00', &(0x7f0000000080)='./file0\x00', 0x9, 0x2, &(0x7f0000000140)=[{&(0x7f00000000c0)="3f9a67bfaaf9121920bb22e23e2a6c95f78602572807d8f4013145e8a05aa18a8e38f1d024689fc218c4c5dcc2ee839314a8f6ee68f73878a577aa7e8a3f82c914c08c83d8698fc1162ff182", 0x4c, 0x9b0}, {&(0x7f00000002c0)="3bca59ddbf14c403297df4e304fc524ec8d5edd1cbca6d6e1c679a5512ec6035731091544903014f2b7cb969c4d6931fd785576a8dd540e58438937eaee9d086848a043b749eaff665e4275c9e1fbaaa55df", 0x52, 0x4}], 0x801410, &(0x7f0000000780)=ANY=[@ANYBLOB="6e6c733d63703737352c6e6f626172726965722c6465636f6d706f73652c63726561746f723d07ccf0ba2c7569643d", @ANYRESHEX=r4, @ANYBLOB="2c756d61736b3d30303030303030303030303030303030303030303030302c747970653d8a59ef232c666f7263652c6465abc13f2772238d2ca7cbae08ebed808b636f6d706f73652c00"]) 09:52:47 executing program 1: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x80000000000002, &(0x7f0000000000)=0x78, 0x4) bind$inet(r1, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1=0xe0000001}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000040)='dctcp\x00', 0x7fff) sendto$inet(r1, &(0x7f0000a88f88), 0xfffffffffffffe6e, 0x20000015, &(0x7f0000e68000)={0x2, 0x4004e23, @local={0xac, 0x14, 0x14, 0xaa}}, 0x10) shutdown(r1, 0x1) [ 234.961909] attempt to access beyond end of device [ 234.965114] ? kasan_slab_alloc+0x12/0x20 [ 234.965133] ? kmem_cache_alloc+0x2fc/0x760 [ 234.968583] loop7: rw=2049, want=2153, limit=128 [ 234.973406] ? kasan_check_write+0x14/0x20 [ 234.973428] ? do_raw_spin_lock+0xc1/0x200 [ 235.007975] attempt to access beyond end of device [ 235.009346] copy_process.part.41+0x2524/0x73d0 [ 235.009366] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 235.009387] ? perf_swevent_event+0x158/0x2e0 [ 235.014657] loop7: rw=2049, want=2154, limit=128 09:52:48 executing program 2: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0x0, 0xffffffffffffffff, 0x0) geteuid() clone(0x100, &(0x7f00000000c0)="6593d3bae33cf6acb3ca28dc85c24bad6660fad7cae875e9d98bbc15b75790498b00340000000000000000000000000000", &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000003c0)="a1d503333ee5347fbd4c5dd3d0d57c09d0c395f1294a1bb504d57ee7a61a3071caa4d4d974b400bca8665679cec74000000000000000d48589dfee19ddf9341fb133e9ae6c36ef6b762f8576e4f697f962f6625b601f38270bbdd4b03d4cf9f29d0d29903f14a5c8dda2c108a5fcdfe88cfa1ddf43f1d48bf09799438232b34de119035ad403fcf5306832490d6f1fd6206cd34be45481985e92ff356b90a63bca61ffffffffab89a00eb9f711e6dfe496fb5c4cb497a743ee403ffc4edc3344349bdb95836673a078d3d9f4908b29eee10aba1bc72ff95508181e21ef6edee38e64000000000000000000b125e16db323") [ 235.019301] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 235.019316] ? perf_tp_event+0x91b/0xc40 [ 235.019357] ? __cleanup_sighand+0x70/0x70 [ 235.060183] attempt to access beyond end of device [ 235.060913] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 235.060934] ? perf_tp_event+0x91b/0xc40 [ 235.065090] loop7: rw=2049, want=2154, limit=128 [ 235.069376] ? xas_descend+0x20c/0x5f0 [ 235.069406] ? perf_swevent_event+0x2e0/0x2e0 [ 235.148369] ? perf_swevent_event+0x158/0x2e0 [ 235.152889] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 235.158448] ? perf_tp_event+0x91b/0xc40 [ 235.163335] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 235.168371] ? filemap_map_pages+0xca2/0x1990 [ 235.172885] ? perf_swevent_event+0x2e0/0x2e0 [ 235.177382] ? perf_trace_run_bpf_submit+0x269/0x3b0 [ 235.182481] ? perf_trace_run_bpf_submit+0x269/0x3b0 [ 235.187589] ? perf_tp_event+0xc40/0xc40 [ 235.192465] ? perf_trace_run_bpf_submit+0x269/0x3b0 [ 235.197559] ? perf_trace_run_bpf_submit+0x269/0x3b0 [ 235.202651] ? perf_trace_run_bpf_submit+0x270/0x3b0 [ 235.207750] ? perf_tp_event+0xc40/0xc40 [ 235.211801] ? zap_class+0x740/0x740 [ 235.215613] ? perf_trace_run_bpf_submit+0x269/0x3b0 [ 235.220714] ? perf_trace_run_bpf_submit+0x269/0x3b0 [ 235.225803] ? perf_trace_run_bpf_submit+0x270/0x3b0 [ 235.230899] ? perf_tp_event+0xc40/0xc40 [ 235.234953] ? zap_class+0x740/0x740 [ 235.238658] ? memset+0x31/0x40 [ 235.242121] ? perf_trace_lock+0x49d/0x920 [ 235.246348] ? perf_trace_run_bpf_submit+0x269/0x3b0 [ 235.251445] ? perf_trace_run_bpf_submit+0x270/0x3b0 [ 235.256549] ? zap_class+0x740/0x740 [ 235.260438] ? __check_object_size+0xa3/0x5d7 [ 235.264928] ? memset+0x31/0x40 [ 235.268213] ? zap_class+0x740/0x740 [ 235.271923] ? __f_unlock_pos+0x19/0x20 [ 235.276148] ? lock_downgrade+0x8f0/0x8f0 [ 235.280288] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 235.285821] ? proc_fail_nth_write+0x9e/0x210 [ 235.290309] ? lock_acquire+0x1e4/0x540 [ 235.294289] _do_fork+0x291/0x12a0 [ 235.297824] ? fork_idle+0x1a0/0x1a0 [ 235.301531] ? fsnotify_first_mark+0x350/0x350 [ 235.306107] ? fsnotify+0x14e0/0x14e0 [ 235.309905] ? __sb_end_write+0xac/0xe0 [ 235.313877] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 235.319409] ? fput+0x130/0x1a0 [ 235.322677] ? ksys_write+0x1ae/0x260 [ 235.326468] ? __ia32_sys_read+0xb0/0xb0 [ 235.330521] ? syscall_slow_exit_work+0x500/0x500 [ 235.335356] __x64_sys_clone+0xbf/0x150 [ 235.339322] do_syscall_64+0x1b9/0x820 [ 235.343196] ? finish_task_switch+0x1d3/0x870 [ 235.347684] ? syscall_return_slowpath+0x5e0/0x5e0 [ 235.352603] ? syscall_return_slowpath+0x31d/0x5e0 [ 235.357530] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 235.362536] ? prepare_exit_to_usermode+0x291/0x3b0 [ 235.367542] ? perf_trace_sys_enter+0xb10/0xb10 [ 235.372216] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 235.377065] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 235.382244] RIP: 0033:0x455ab9 [ 235.385416] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 235.404784] RSP: 002b:00007f5327fa9c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 235.412482] RAX: ffffffffffffffda RBX: 00007f5327faa6d4 RCX: 0000000000455ab9 [ 235.419746] RDX: 0000000020000240 RSI: 0000000020000140 RDI: 0000000000000000 [ 235.427023] RBP: 000000000072bea0 R08: 00000000200002c0 R09: 0000000000000000 [ 235.434281] R10: 0000000020000280 R11: 0000000000000246 R12: 0000000000000014 [ 235.441538] R13: 00000000004bb85d R14: 00000000004c8d28 R15: 000000000000000d 09:52:49 executing program 3: mkdir(&(0x7f00000003c0)='./control\x00', 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000480)={0xaa}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000200)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = creat(&(0x7f0000000040)='./control/file0\x00', 0x0) write$sndseq(r1, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) mkdir(&(0x7f0000000100)='./file0\x00', 0x0) r2 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000140)='/dev/dsp\x00', 0x0, 0x0) pwrite64(r1, &(0x7f0000000080), 0x0, 0x80000020) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='9p\x00', 0x0, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c}) close(r0) 09:52:49 executing program 2: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x3, 0x7}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x0, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) 09:52:49 executing program 6: mkdir(&(0x7f00000003c0)='./control\x00', 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, &(0x7f0000000480)={0xaa}) ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f0000000200)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r0 = creat(&(0x7f0000000040)='./control/file0\x00', 0x0) write$sndseq(r0, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) mkdir(&(0x7f0000000100)='./file0\x00', 0x0) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000140)='/dev/dsp\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='9p\x00', 0x0, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c}) close(0xffffffffffffffff) 09:52:49 executing program 7: syz_mount_image$vfat(&(0x7f0000000140)='vfat\x00', &(0x7f0000000100)='./file0\x00', 0x10001, 0x1, &(0x7f0000000040)=[{&(0x7f0000010000)="eb64c86d6b66732e66617400020441000500077008f8", 0x16}], 0x0, &(0x7f0000000240)=ANY=[]) r0 = open(&(0x7f00000001c0)='./file0/file0\x00', 0x3bffa, 0x0) io_setup(0x7, &(0x7f0000000000)=0x0) write$binfmt_elf32(r0, &(0x7f0000000180)=ANY=[@ANYRES64], 0xfffffe45) io_submit(r1, 0x200002c1, &(0x7f0000000400)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r0, &(0x7f00000002c0)="80", 0x1}]) 09:52:49 executing program 0 (fault-call:1 fault-nth:14): perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x31}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x0, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) 09:52:49 executing program 5: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x80000000000002, &(0x7f0000000000)=0x78, 0x4) bind$inet(r1, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1=0xe0000001}, 0x10) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f00000000c0)={0x1, &(0x7f0000f40ff8)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000040)='dctcp\x00', 0x7fff) sendto$inet(r1, &(0x7f0000a88f88), 0xfffffffffffffe6e, 0x20000000, &(0x7f0000e68000)={0x2, 0x4004e23, @local={0xac, 0x14, 0x14, 0xaa}}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000001800)='nv\x00', 0x3) shutdown(r1, 0x1) socket$vsock_dgram(0x28, 0x2, 0x0) 09:52:49 executing program 4: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x4000, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) socketpair$inet6_udp(0xa, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) ioctl$sock_SIOCBRADDBR(r0, 0x89a0, &(0x7f0000000080)='bridge0\x00') 09:52:49 executing program 1: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x80000000000002, &(0x7f0000000000)=0x78, 0x4) bind$inet(r1, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1=0xe0000001}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000040)='dctcp\x00', 0x7fff) sendto$inet(r1, &(0x7f0000a88f88), 0xfffffffffffffe6e, 0x20000500, &(0x7f0000e68000)={0x2, 0x4004e23, @local={0xac, 0x14, 0x14, 0xaa}}, 0x10) shutdown(r1, 0x1) [ 236.139293] FAULT_INJECTION: forcing a failure. [ 236.139293] name failslab, interval 1, probability 0, space 0, times 0 [ 236.150597] CPU: 1 PID: 13043 Comm: syz-executor0 Not tainted 4.18.0-rc5-next-20180720+ #12 [ 236.156584] FAT-fs (loop7): Directory bread(block 128) failed [ 236.159084] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 236.159090] Call Trace: [ 236.159113] dump_stack+0x1c9/0x2b4 [ 236.159131] ? dump_stack_print_info.cold.2+0x52/0x52 [ 236.159154] ? perf_trace_lock+0xde/0x920 [ 236.182194] FAT-fs (loop7): Directory bread(block 129) failed [ 236.186459] should_fail.cold.4+0xa/0x11 [ 236.186480] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 236.186496] ? trace_hardirqs_on+0x10/0x10 [ 236.186518] ? rcu_cleanup_dead_rnp+0x200/0x200 [ 236.214548] ? perf_trace_lock+0xde/0x920 [ 236.218719] ? trace_hardirqs_on+0x10/0x10 [ 236.220947] FAT-fs (loop7): Directory bread(block 130) failed [ 236.222957] ? zap_class+0x740/0x740 [ 236.222974] ? lock_downgrade+0x8f0/0x8f0 09:52:49 executing program 4: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x40000000000}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x4000, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) [ 236.222991] ? __lockdep_init_map+0x105/0x590 [ 236.223012] ? lock_acquire+0x1e4/0x540 [ 236.243731] FAT-fs (loop7): Directory bread(block 131) failed [ 236.245152] ? fs_reclaim_acquire+0x20/0x20 [ 236.245170] ? lock_downgrade+0x8f0/0x8f0 [ 236.245190] ? pgd_alloc+0x2e1/0x3f0 [ 236.245206] ? check_same_owner+0x340/0x340 [ 236.245224] ? rcu_note_context_switch+0x730/0x730 [ 236.254154] FAT-fs (loop7): Directory bread(block 132) failed [ 236.255421] __should_failslab+0x124/0x180 [ 236.255437] should_failslab+0x9/0x14 [ 236.255453] kmem_cache_alloc+0x2af/0x760 [ 236.255469] ? lock_acquire+0x1e4/0x540 [ 236.255487] __khugepaged_enter+0xbe/0x5e0 [ 236.259783] FAT-fs (loop7): Directory bread(block 133) failed [ 236.263323] ? khugepaged+0xce0/0xce0 [ 236.263338] ? get_mm_exe_file+0x3a9/0x5c0 [ 236.263357] ? percpu_up_read_preempt_enable.constprop.45+0xc0/0xc0 [ 236.263376] ? down_write_nested+0x93/0x130 [ 236.263387] ? copy_process.part.41+0x25f5/0x73d0 [ 236.263398] ? _down_write_nest_lock+0x130/0x130 [ 236.263414] copy_process.part.41+0x5bff/0x73d0 [ 236.263429] ? zap_class+0x740/0x740 [ 236.263454] ? __cleanup_sighand+0x70/0x70 [ 236.345428] ? lock_release+0xa30/0xa30 [ 236.349395] ? xas_descend+0x20c/0x5f0 [ 236.353270] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 236.358271] ? check_pgprot+0xdf/0x180 [ 236.362139] ? put_page+0x280/0x280 [ 236.365798] ? kasan_check_write+0x14/0x20 [ 236.370029] ? alloc_set_pte+0xaf6/0x1790 [ 236.374261] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 236.379266] ? filemap_map_pages+0xca2/0x1990 [ 236.383748] ? trace_hardirqs_on+0x10/0x10 [ 236.387971] ? xa_set_tag+0x40/0x40 [ 236.391588] ? perf_trace_lock+0xde/0x920 [ 236.395720] ? trace_hardirqs_on+0x10/0x10 [ 236.399961] ? trace_hardirqs_on+0x10/0x10 [ 236.404193] ? trace_hardirqs_on+0x10/0x10 [ 236.408419] ? find_get_entries_tag+0x1410/0x1410 [ 236.413251] ? perf_trace_lock+0xde/0x920 [ 236.417384] ? zap_class+0x740/0x740 [ 236.421086] ? zap_class+0x740/0x740 [ 236.424782] ? zap_class+0x740/0x740 [ 236.428481] ? shrink_dcache_sb+0x350/0x350 [ 236.432791] ? perf_trace_lock+0xde/0x920 [ 236.436922] ? lock_acquire+0x1e4/0x540 [ 236.440881] ? __fdget_pos+0x1bb/0x200 [ 236.444754] ? zap_class+0x740/0x740 [ 236.448461] ? lock_release+0xa30/0xa30 [ 236.452423] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 236.457943] ? _parse_integer+0x13b/0x190 [ 236.462083] ? perf_trace_lock+0xde/0x920 [ 236.466211] ? _kstrtoull+0x188/0x250 [ 236.469994] ? _parse_integer+0x190/0x190 [ 236.474137] ? zap_class+0x740/0x740 [ 236.477838] ? __check_object_size+0xa3/0x5d7 [ 236.482319] ? lock_acquire+0x1e4/0x540 [ 236.486278] ? get_pid_task+0xd8/0x1a0 [ 236.490156] ? perf_trace_lock+0xde/0x920 [ 236.494292] ? lock_release+0xa30/0xa30 [ 236.498250] ? zap_class+0x740/0x740 [ 236.501955] ? vmf_insert_mixed_mkwrite+0xa0/0xa0 [ 236.506782] ? __f_unlock_pos+0x19/0x20 [ 236.510738] ? lock_downgrade+0x8f0/0x8f0 [ 236.514881] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 236.520402] ? proc_fail_nth_write+0x9e/0x210 [ 236.524885] ? lock_acquire+0x1e4/0x540 [ 236.528847] _do_fork+0x291/0x12a0 [ 236.532372] ? fork_idle+0x1a0/0x1a0 [ 236.536074] ? fsnotify_first_mark+0x350/0x350 [ 236.540647] ? fsnotify+0x14e0/0x14e0 [ 236.544444] ? __sb_end_write+0xac/0xe0 [ 236.548404] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 236.553923] ? fput+0x130/0x1a0 [ 236.557185] ? ksys_write+0x1ae/0x260 [ 236.560969] ? __ia32_sys_read+0xb0/0xb0 [ 236.565024] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 236.570553] __x64_sys_clone+0xbf/0x150 [ 236.574516] do_syscall_64+0x1b9/0x820 [ 236.578394] ? finish_task_switch+0x1d3/0x870 [ 236.582885] ? syscall_return_slowpath+0x5e0/0x5e0 [ 236.587797] ? syscall_return_slowpath+0x31d/0x5e0 [ 236.592710] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 236.597709] ? prepare_exit_to_usermode+0x291/0x3b0 [ 236.602712] ? perf_trace_sys_enter+0xb10/0xb10 [ 236.607366] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 236.612198] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 236.617370] RIP: 0033:0x455ab9 [ 236.620544] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 236.640280] RSP: 002b:00007f5327fa9c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 236.647981] RAX: ffffffffffffffda RBX: 00007f5327faa6d4 RCX: 0000000000455ab9 [ 236.655234] RDX: 0000000020000240 RSI: 0000000020000140 RDI: 0000000000000000 [ 236.662492] RBP: 000000000072bea0 R08: 00000000200002c0 R09: 0000000000000000 [ 236.671219] R10: 0000000020000280 R11: 0000000000000246 R12: 0000000000000014 [ 236.678481] R13: 00000000004bb85d R14: 00000000004c8d28 R15: 000000000000000e 09:52:49 executing program 6: mkdir(&(0x7f00000003c0)='./control\x00', 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, &(0x7f0000000480)={0xaa}) ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f0000000200)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r0 = creat(&(0x7f0000000040)='./control/file0\x00', 0x0) write$sndseq(r0, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) mkdir(&(0x7f0000000100)='./file0\x00', 0x0) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000140)='/dev/dsp\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='9p\x00', 0x0, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c}) close(0xffffffffffffffff) [ 236.691141] FAT-fs (loop7): Directory bread(block 134) failed [ 236.704664] FAT-fs (loop7): Directory bread(block 135) failed [ 236.722772] FAT-fs (loop7): Directory bread(block 136) failed 09:52:49 executing program 2: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000040)='/dev/zero\x00', 0x1, 0x0) openat$cgroup_type(r0, &(0x7f0000000080)='cgroup.type\x00', 0x2, 0x0) clone(0x0, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) 09:52:49 executing program 4: r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rtc0\x00', 0x6280, 0x0) setsockopt$nfc_llcp_NFC_LLCP_MIUX(r0, 0x118, 0x1, &(0x7f0000000100)=0x6, 0x4) connect$pppoe(r0, &(0x7f0000000080)={0x18, 0x0, {0x1, @remote={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xbb}, 'bpq0\x00'}}, 0x1e) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) setsockopt$inet6_dccp_buf(r0, 0x21, 0xc, &(0x7f0000000280)="b2e48e0950aa5fc5632efe33fafc11e2f7b7d95df2557cc9df282443989e6e27b979ad6fb5cd7185e6bb5a4f9a76074aaf09d6dc091131b2fe1c53efc235304c6dde1076a513d1d6971cc265d0fed51f318f7cb13f271a3fc5a7deb54eb9953f3f7741c8a34459f3959a0a18cc9c94c6fe5e0318090b4ada3de3271fd2db0831d2deabff245e5d29bb9fc673d272d396ffac3ee33c14dea7e12d2712f590a77972f5bc4cdde5c45bbce0834743c308774a4835f572c34a2fc8a7ecd139c829907ccbd64688ff45feb057e809848a9e2bca493e213f059732a99d", 0xda) clone(0x20000003, &(0x7f00000000c0), &(0x7f0000000240), &(0x7f0000000200), &(0x7f0000000400)="3a68fd74a31d8c4eed19be695131c7bd2094a772f3d7840d8af501e532b54c1bc7ecc2f73eaefb6eed9f6187c1a2e2fc55562529d028b0d938fc61f6cb49961e0fac0488214e6f93494016da35dfb700000000e4f3705e1cc5baa20d0f2a13601130d7e95106e664aced0927b9f546c5ab5f9119a37c89301473ee312adcf9024bf5049da926db2ba3b922479caa952a0e57d54e1788f5fe2f162e3e13472c49a6b6edea10abe4a133c0b9ecf2cfbb95c5e2565419973a0982c898fe2ebbf0f62999295b3d7729043c4c00000000d2ce1e84eb454df09ed5f9d7da308480354ae88d5e0e9d812a05edc5e060f51f618c9f039d10fc2c44f5e641da1cf4518d90fcbb19370685e867c65e46fda1c19e") accept$unix(r0, 0x0, &(0x7f00000000c0)) [ 236.737966] FAT-fs (loop7): Directory bread(block 137) failed 09:52:49 executing program 0 (fault-call:1 fault-nth:15): perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x31}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x0, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) [ 236.854547] FAULT_INJECTION: forcing a failure. [ 236.854547] name failslab, interval 1, probability 0, space 0, times 0 [ 236.865856] CPU: 1 PID: 13080 Comm: syz-executor0 Not tainted 4.18.0-rc5-next-20180720+ #12 [ 236.874351] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 236.883713] Call Trace: [ 236.886313] dump_stack+0x1c9/0x2b4 [ 236.889951] ? dump_stack_print_info.cold.2+0x52/0x52 [ 236.895155] ? perf_trace_lock+0xde/0x920 [ 236.899315] should_fail.cold.4+0xa/0x11 [ 236.903385] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 236.904791] attempt to access beyond end of device [ 236.908488] ? fs_reclaim_acquire+0x20/0x20 [ 236.908507] ? lock_downgrade+0x8f0/0x8f0 [ 236.908528] ? lock_acquire+0x1e4/0x540 [ 236.908550] ? __khugepaged_enter+0x413/0x5e0 [ 236.913491] loop7: rw=2049, want=310, limit=128 [ 236.917781] ? lock_downgrade+0x8f0/0x8f0 [ 236.917802] ? kasan_check_read+0x11/0x20 [ 236.917819] ? do_raw_spin_unlock+0xa7/0x2f0 [ 236.921981] buffer_io_error: 9 callbacks suppressed 09:52:49 executing program 2: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400000000, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x6, 0x1}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x0, &(0x7f0000000080)="ba2f4e3d1b10b22860fc48058e2b7d6af64461708961d72bd109ef7688e92bd3f4c420be6cc1f45e89f69398b5db035ae0f65583274f84a36859a83e8d97aa32c33f337d478cbe6fa53fdb319bf16248b6f430e73299db25d59c0892dcfe1ce048b8", &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) [ 236.921990] Buffer I/O error on dev loop7, logical block 309, lost async page write [ 236.925922] ? lock_acquire+0x1e4/0x540 [ 236.925943] ? fs_reclaim_acquire+0x20/0x20 [ 236.938082] attempt to access beyond end of device [ 236.939212] ? lock_downgrade+0x8f0/0x8f0 [ 236.939233] ? check_same_owner+0x340/0x340 [ 236.939246] ? rcu_note_context_switch+0x730/0x730 [ 236.939266] ? percpu_up_read_preempt_enable.constprop.45+0xc0/0xc0 [ 236.943469] loop7: rw=2049, want=2154, limit=128 [ 236.947783] __should_failslab+0x124/0x180 [ 236.947797] should_failslab+0x9/0x14 [ 236.947817] kmem_cache_alloc+0x2af/0x760 [ 236.987396] attempt to access beyond end of device [ 236.993696] ? _down_write_nest_lock+0x130/0x130 [ 236.993720] copy_process.part.41+0x2f81/0x73d0 [ 236.993736] ? zap_class+0x740/0x740 [ 236.993763] ? __cleanup_sighand+0x70/0x70 [ 236.998520] loop7: rw=2049, want=311, limit=128 [ 237.002736] ? lock_release+0xa30/0xa30 [ 237.002750] ? xas_descend+0x20c/0x5f0 [ 237.002765] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 237.002782] ? check_pgprot+0xdf/0x180 [ 237.006571] Buffer I/O error on dev loop7, logical block 310, lost async page write [ 237.010678] ? put_page+0x280/0x280 [ 237.010693] ? kasan_check_write+0x14/0x20 [ 237.010708] ? alloc_set_pte+0xaf6/0x1790 [ 237.010727] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 237.080069] ? filemap_map_pages+0xca2/0x1990 [ 237.084560] ? trace_hardirqs_on+0x10/0x10 [ 237.088777] ? xa_set_tag+0x40/0x40 [ 237.092389] ? perf_trace_lock+0xde/0x920 [ 237.096533] ? trace_hardirqs_on+0x10/0x10 [ 237.100754] ? trace_hardirqs_on+0x10/0x10 [ 237.104975] ? trace_hardirqs_on+0x10/0x10 [ 237.109198] ? find_get_entries_tag+0x1410/0x1410 [ 237.114031] ? perf_trace_lock+0xde/0x920 [ 237.118160] ? zap_class+0x740/0x740 [ 237.121856] ? zap_class+0x740/0x740 [ 237.125553] ? zap_class+0x740/0x740 [ 237.129258] ? shrink_dcache_sb+0x350/0x350 [ 237.133563] ? perf_trace_lock+0xde/0x920 [ 237.137694] ? lock_acquire+0x1e4/0x540 [ 237.141649] ? __fdget_pos+0x1bb/0x200 [ 237.145517] ? zap_class+0x740/0x740 [ 237.149218] ? lock_release+0xa30/0xa30 [ 237.153178] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 237.158699] ? _parse_integer+0x13b/0x190 [ 237.162830] ? perf_trace_lock+0xde/0x920 [ 237.166961] ? _kstrtoull+0x188/0x250 [ 237.170746] ? _parse_integer+0x190/0x190 [ 237.174879] ? zap_class+0x740/0x740 [ 237.178580] ? __check_object_size+0xa3/0x5d7 [ 237.183060] ? lock_acquire+0x1e4/0x540 [ 237.187031] ? get_pid_task+0xd8/0x1a0 [ 237.190914] ? perf_trace_lock+0xde/0x920 [ 237.195049] ? lock_release+0xa30/0xa30 [ 237.199012] ? zap_class+0x740/0x740 [ 237.202715] ? vmf_insert_mixed_mkwrite+0xa0/0xa0 [ 237.207548] ? __f_unlock_pos+0x19/0x20 [ 237.211513] ? lock_downgrade+0x8f0/0x8f0 [ 237.215655] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 237.221177] ? proc_fail_nth_write+0x9e/0x210 [ 237.225659] ? lock_acquire+0x1e4/0x540 [ 237.229619] _do_fork+0x291/0x12a0 [ 237.233147] ? fork_idle+0x1a0/0x1a0 [ 237.236861] ? fsnotify_first_mark+0x350/0x350 [ 237.241425] ? fsnotify+0x14e0/0x14e0 [ 237.245216] ? __sb_end_write+0xac/0xe0 [ 237.249184] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 237.254702] ? fput+0x130/0x1a0 [ 237.257964] ? ksys_write+0x1ae/0x260 [ 237.261756] ? __ia32_sys_read+0xb0/0xb0 [ 237.265804] ? syscall_slow_exit_work+0x500/0x500 [ 237.270631] __x64_sys_clone+0xbf/0x150 [ 237.274591] do_syscall_64+0x1b9/0x820 [ 237.278459] ? finish_task_switch+0x1d3/0x870 [ 237.282936] ? syscall_return_slowpath+0x5e0/0x5e0 [ 237.287849] ? syscall_return_slowpath+0x31d/0x5e0 [ 237.292763] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 237.297760] ? prepare_exit_to_usermode+0x291/0x3b0 [ 237.302765] ? perf_trace_sys_enter+0xb10/0xb10 [ 237.307415] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 237.312253] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 237.317423] RIP: 0033:0x455ab9 [ 237.320604] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 237.339797] RSP: 002b:00007f5327fa9c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 237.347505] RAX: ffffffffffffffda RBX: 00007f5327faa6d4 RCX: 0000000000455ab9 09:52:50 executing program 4: r0 = perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x4, 0x3ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='memory.current\x00', 0x0, 0x0) openat$dir(0xffffffffffffff9c, &(0x7f00000019c0)='./file0\x00', 0x80, 0x11) openat$hwrng(0xffffffffffffff9c, &(0x7f0000001980)='/dev/hwrng\x00', 0x2eea00, 0x0) getsockopt$sock_cred(0xffffffffffffff9c, 0x1, 0x11, &(0x7f0000000100)={0x0, 0x0}, &(0x7f0000000140)=0xc) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000200)=0x0) ioctl$KVM_ARM_SET_DEVICE_ADDR(r1, 0x4010aeab, &(0x7f0000001940)={0x100000000003, 0x3000}) sendmsg$netlink(r1, &(0x7f0000001900)={&(0x7f0000000080)=@kern={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000001840)=[{&(0x7f00000002c0)={0x104, 0x3e, 0x0, 0x70bd25, 0x25dfdbfc, "", [@nested={0xf4, 0x17, [@generic="7b70ec1db13b5f2548431bf17d735da1d533a604", @generic="af5f131e38595340f9716631c414a71a16aef7f7448746537e5d7470229d43e0f967b4ede06119a770166092ce8aa906e19fc1c30d13613f258f774fd6c3d2ee56c6133b93c00c330ecbe0f6f428fb065096ca6a2cc9eb8eb194d74c3b1263f530d62c572924cfbbc0", @generic="3ac8f5703f5d14430030b5d833e00d184bc6dce169d12ab56938f6e58172f5706fe43dbd28b5943453358e7ee25ddc7502a89518987c6bd6f41fa03d6c74fa59cfc67ed280d008c7e5cc10b304db64b7cdfc00ca1679465d715baed14faf0cc0b02961fee27f8ee0cb538a59742a161e916e"]}]}, 0x104}, {&(0x7f00000000c0)={0x24, 0x15, 0x228, 0x70bd2a, 0x25dfdbfb, "", [@typed={0xc, 0x59, @str=':cgroup\x00'}, @typed={0x8, 0x5a, @fd=r0}]}, 0x24}, {&(0x7f0000000400)={0x1330, 0x30, 0x1, 0x70bd2a, 0x25dfdbfd, "", [@generic="861660400f8fc23bee5c3a155e1049fc6c81600775d10baab5d670c30d79", @typed={0x18, 0x39, @binary="fc9b6802e81c1e2e4616745551289d0e8c7a"}, @nested={0x184, 0xc, [@generic="8b0a4a76e0df95f6b43636f8172496a019c491f1fc907269c9c32d7219cecc0ef85cee2866a726cb8d2b21411989e1507646c08f61669c98123328c1d83e94213bb203174b8bed445bfc3ad0d67b172bc872034b7f259aeb2a9d26f595bff6271155ca88136a6a7f54a2b24c562428a08437c5ed8a8d47976774070b06ac757e6c1a8c1868b6dfb8bed9c009757e3b76b474bdce1ab03acaff8fe2f85c167a7dada88a0121ee88db75b57cb9a394d46fba2ce06647b3ad87e1dd34", @typed={0x4, 0x28}, @typed={0x8, 0x41, @uid=r2}, @generic="a3713b4b7124311ec8ee2fc40306eb7850069ab2e016411a094022af55667a929f68b4b7364b8f51fb6cdc2a67d4259394366d609a9d2bcc0e84f441d41c44ae86cfdaf685f7e0d8cc85bd9ca67794a3236742c9d35e8f2758542f93b47d21026e7c2becd7804d7317b986365758b1729afba034046198c747187c40", @generic="09521b9d58f8959a9cb8b4b71c7f6d9d9296657afcb350c7e9ffdb49f8e862b27f284ffeb9413900a39be1a92e8504dc6e60dacc2b47fe3c2254fd35"]}, @generic="993d78d6727e058d2eba1a3f755e0b19af9ba2a98577785f2c376bcc7478e24fa0cc9b4a116f6e7d378312bd6244fc2ff5f8934a6faf8654e8fcca3dd740c17b9ea970712363569e963418bd876a267c8af44d145ef7f5181517bafddb63ca278e662f2c2a75bc292b220cfd978ded60be35f965071cd93e693a9e87bc65fd88f2aba9f4767def5cd91928489a52521e19b02fe6d750c790a195ae3d48ca16b895d6292e2d415df6708bc3c15718afd3ac6819e2d27c15748ed9ee2878ea458a5a1955518f5cc00fac0fa726ad73f5fdaf342176b23d72bd268c98482720e5429a0fac643288f5103eef4fa70215851483f498b1304e2f87fa9004027e4140b82d9e479f6eee66fa01536edfeb7a228ff66914f3ee9d467890793a3fd96189a83fa531629fad89ce2ab54ad537f4cd8502ed23bf73b2f3a643250da004faac713601fe3fbfed1ba0e00064811c8ffe9a3ba81feeac9917ca5b644ec8f7516ab55e8351648edca59da31638a986b6d880a44709c4019a2fe90a926ac0ab1f6fcb95e226d78dae43dd54deddcfce41024b1afd4f719116b2c86130f802f60d53389abc216b324875f8af6a84de014cd10130e6dcc4e00d579e117acce671ac7f29654bd1cd9908c8a4c58a46ca52dfbe6a1def4fc2b12af9ebdbba949c68819039ab3504fc6d37355295f21156e5cd987ae6be77ee2e05e6843797437f3ab792a716f171c39e07cf7cfb11498a39d599f22bc89ae7d4734fffc1496ceb20b1f25e984985b14ce632e114492df25c59ce273bd50aab5f52fd50b72a9094ce205680042a3c2178b4ebf449df07b6ce89ff89e097dccb6a07ec57c335fd9a48af4c98d8b37f916db227458576a4c427026b1951012cd6db073cd2d40fe3ad226805794d40921b336f18676d1d4fcc05a84e65c3282d968613022bd91f1bb5108fbda1f58a6e72d4e7b548fd79ed806c1d89dd2ce8d0806228618a106a675f42cb745f68601306399d3783c11d7763735e0d3d5f5fb0d9e9734732df6312022f4f68b116c7e4c53fa186d20504032eefbaa0a9e9da1cdb4d35c8d7e8442f5921fb852d500feda4308bfc560ffa589a98ea8a3f102fd34340b37c5d56e939c1757e60f40b80192a449582fb0e696f195f15aea193bac037efbea4586dad925513419c6837e73a3d3355623c3f07d293a95434da759ddc6c70a83be6844ee285f80f422c2827374bb9d002eeab3215e8146b3e4302eda76d2eb42ab7bec0b57e25b1abaabe8364cb8465d567871fe51aa2f0ee076670ff05cd27165b8c7bbd54c7b1198466c267ec84a1b4e32c3ea037450e2af84914791a0cecb211ad4b42e4d2d6d2e7617d4c5f5c08c505a04913ee151b4b18a7712414a0688641152bdd2382e22aa21f86363e872d509c10bc33e044319b82af653875dbf26ae803fe06fa3b42f23a650b454f24c22d77416c2330a5f2fdb6142dd4cdb2872a0dd0dbe0c9471713f08be1fd6d4c095841e79cb38ca134e97ee35a43cb543d815eb6a205d79bef4e59d798b72d6f24113a4b7e037722abbb8326aed5694219d99ad383870d4a3bfb4bcce6607a743f2537f8cdd91b5a92016df4c20e0bbe09cfc437171e359a06cad78c879ef35461953e00ecb211d7f3d8e680c92ec41e81b58d9118b3b33af970f232a39278b9b91b603b93328bdec63bfa1b428dd2f470f8781929d9e9e691a703acc8a6e7cd3332388751106ae73df024e98d54286698da9a1484f736571a949859398d5884b8d0f45e65f8e2cbd047eeca4c1cbc528a592abc2c71437001d3900d1ed80d5d903a6762f07e7317c5201e23368ba877864c3ee2a9cb65fb1a51651627340d6be90beb2a483f54285454734f3bbae7e1943b37a5f99fe3db09e5ff45c820836dda108663bad0f5913b983834f473046237fbf97f7bd72473a7d80c93135205f53f70e9952b1e1ff7d47b0b7a9f2aa12ef09d7b20328f4e9abb860cee0eed52a14105de2ea7307d4b48a85e914cbf8eb2f8ba02ec9241c553745b0fcebb06611981bef59464ab5d076fd3e5900e100320f59fa0af1d182a9a20f26421528d47a2f75ea4aa2e12ed5425d4a9f05435d59bf7ebf1f83dd0351b93e7aea74d59d88d3cff61bafa9e9a264522fb08583f5a7f9a145c6f1bb9bf94e554aeb03239a15e076e85695c63b6529afa1ca58738e4f910a2e8b2a4d55049eaad819c6f96e8b03c8ced88f597e1804732f9d73b3cd476f22a2016086cc13652f674f9867a421531304bf3d9dae415768c94647e3dfc75d7c2138469b40c378476fe437a4398c690af3d65a2ab7d17715eed3967e1048d1f4c41c576f566360ac406ed780d76aa86328518d4be318283396a6732d94190229fbb81347ecb6c9aa280f6497a2fb2c3320680f00a64700ff782bda425497bf31b91791c71f59903ba9fccf0888542452c976d883873bc9c8ee727305e4c5072bb96bbc964acf41ffc61318f4789363036ebddaa4ea728f37a6877d611775a43c991796eadd9939738549e9bd1f9149bfa4ff0a1a79786d0df70f03e042e11567f87af42464a47f99ea6e44b6e06172b48293ac20ebd8d3a0e960ff098fd818bd7a1717f2beefc15df8b326494c08d46e689850eeb37917e41c1c11643cccc6f5cec78651d4ae5e80799b23c8c9b8db03e240402dccbd157a29934cf22ba1e13cf91e63108a79769d674156d744ded980b778904ca1dba8b7e1442a760ee0be5bed87fb8b7993a68827f3287b5471ca0a803755229100705d2d774694ddc66aebcb28158147e0c491b8a9610aa1a88ebdcb0bc983b68c9140f353ff691b676e0c14dc9fdd7d32e42a97df51483ff8d5651e93dec46aff59c7d8eadf11dfa82f133227e1f6fa21c840348247e372af818395ef525cbb548677cc862af9ef1eeb43baa6d08cb42b8793401c27e85a62570fb2ab5c12f9b701ca38efa1a200afd021c41660af82a5075e8b6e368c8253980ec919b101952341e10e8e472bf135aa2a255a43fce7f1de62cf1f3fbb7a1d33af4c649db1b70e5df04ac20eb2185ab2f98f1c9da5326b57ed83f09cab7d3f7aa0057877d1389efca62aeb05142ea3f18b92180f5c50170b100779abce975203b31b1b2599ccc0fc6fde7fe70842a1edeb42c6c2a5e60947d031651b702136d16eb22542dd62cef6a3654f17814373ad52ca227b2fe72738e1afcad4d6d3c3da965da21882e5a5668ad10afcf5513212d12d21dbbb7b24a981d73d72820d0bdb5f7b4128984e0b11307c0ec49c7b21e14a9b27a661a64b8020749b8eb34e1371b4ba932a67c87de46605b3120cbd619e106b6f31a6e24ba6c7dd41e42a3573b33eefaebb5b2201dcade608cf5e02369021266ff48e9ade96c73af83b56bd3ae55f292f74cd6544ffd561d2ff729c9f853c2a4098f26636a8386e9f88ff138b1f458d3b4d897e061c415e72fa1c7385ece4b71d7b36c0f9fcf5695124511d03126a13f306b2d577fb172c18ede89b5e47d28a917d0a382b51660af248a0b11da5d03b82f49f530b7371638e5747120263ca7d1545dd56e95c5df4bc266c502d0454db6a6f1cfb9fdf1a25ca30d3b7821fb81e492d82169c2d9e7e098641771b4ca30872447ccbeb71c6f91dd2405877f7a67780d27079029cc9d9dd19663509efbc5664bb5cfe478c837473f4aa2aac1f96815a60a79abca87c3566fb420582c6acb43a239ca63c137fb2bc53c3c26486e566d1a5b57cea5211302dfc420d93ba261088ccafe31146634d65e21a75a87eaff5f9bc28e8ecd84fe189bb59e4f3af37d7765392a967f0d1281031899ef3bce35beddac02e8564a7bf950f8c701b94b5fe682f105a12eb0b73b07d1586c73d47c467efeea4a3daba366bc45805df0d943728532408962b9c3819b4510b740734ecd928270abaf907620039d4769cb26942e4f67e7c438f7738f9d0551051a8a67cdab6cf2406afd693d198d835bb452ad343e2fa53130bfc0e5501c8f355068f79db283a7613cba33c149df38729d6a9cbca5e353f6fa60218f16e5ce9e25ca9dec184927427293c4e594ac87df5326d38a9dd564cf1378977226c5c842863e3ce9ff5aeb14fcdeabd353e60cfadb3f2368f69e3c08e2ace2ff4ba6773eede555db6fa62eb7341cafedc29202df76d3933205174a6cd42edf2f39668bb73040aa7092d45de503fde230c3a770d4222ac921748fcd20b334ab07ee301b3104ccb25f2f6b9eee0da25f3bf073a407c26566739255533a4893c8d25de60f78b0b27d4c01ab96aa0ce8a3bb108d7ec2ab994602a52a63d16fc478a6c1cbd5a63717986be2bc7786938f8d86d4aed5822bbcca9838d9c471f2ddbff71ba34367d8ddfcc404e2b15a48906fe5705c2d6a92542126e7a7b35f9953f31835bb005eae453cf1197a51e9bcd9ace4f5dce89fe4728044dde802253415f068f3cf25a8dbd50b6562bf3e26a8fb5830d73d377c0cb7c66130cc19a3306c7088f8586d8b7442b73090fd2e65d57f4ab396aff61539b24ca0903e8ba77f6c63ee38643dc4d8dfe9393c7ec315f498844fe35abfb822fb844caa5c371e1cff29a86c00cdb8437897e47dcb5e7241c6378acc0e0957d365d43e292d9db3544278be5d98cd2cf1c2c5023621e320be46ac6487fc35496c2e2ae3852c4216b71e69a6d3aa7cb990e15724aea813b91ceabdc99e89cc8ef197fd1a5ce75da5364bca94572d1b4956a70248972324011d95437c3d9c0034401c4f81f7446b13140b110b2a80136edee122b4a9585363f01073f6b57d24cb8542738c58013e8ae1306949e946e103294c402cb1d0286d239d5309f6762bd9fb8809499408f06fe669e0a94c677288e5045478e4d72d555e632db96830cb0bf610fe5d13e4f429c5f70f6098654d1bdfd69e64eab881fe3a4351f79bbf4490ebab69860fa14ed68d8c0baa14ab9c46f65fe484a7967034fcc8d27c8e79faa9f766e18d82b9d4401e23c58230434df73d294044e558e4d2cf032f3a515f7743ff84f4cb1a808eb84f9e75e6cb13b4658a169fbcb7e3124613994e2d4e447f9fe35a03cbb37bc9c6eec7f2acf9babad05ba4f62d86fad66b479686bb07fc35ddaebd1a959eea5e6c95e568a1624c15b1e6be69512d8eef77fcb7c62298a842bf0724e3c7de0d2ac22769b635c18b235be21eae5649cf87d21a6eb63df8bfc80dbff3e5790575421b4be2956fac39dd04b6f74d0d2b466338ff564e50057ad205dc062b3c209837c6a8517c6375698f7a50320118d765cdb00271db053d8104328e601b7c4dedddb5132aac45c7c0681f65f711cc464ec8f7d1e6bce3e74b28a9fdbdc01550c039a1a06d51cad5fc046eebaf96718bb11fa9c069d65c31265886a989cad1827000643e33f2689f8e245023e8be314add968251d3ed59408acbd6610e634918ef012e463c41bb2d1cfcc2177b3e809711ee0a8c2551bebb03118e352fe2205b23ae2aadc055e354d529269f74bf51b6810b1db24149f09e979681df11a1ee7d70a4a795665e9acc1562d3a05f489270f1c746ade53254bf8d1a15f2e0390a3da775be1de5030e6b13081fb4c23c7c9c2a765fb08f5ed20bad6d1e200679455296597743116179d119e9b0e6febad49473fb27d71c4732e0993515bdc4bf5a1916f0afe16bbac54b1e842e7ecf8ccc4c765a00536634a2bbf29a63a86e40a6d436bdae61b28f094a5ad40dad5236a5ec7e159805cd26b9fba107fb7fea0caa567fdbe4a0cfc96fc17f42385d48eeb589046e3ba8902a8d", @nested={0x164, 0x54, [@typed={0x8, 0x29, @pid=r3}, @generic="fef718b9d03428c5f429f908c13a6b520c2e52a8810208fa4fb87673c87940f57d2edd", @typed={0x8, 0x72, @str='\x00'}, @generic="5bbb2728140352fd20987ecd59d28fb6b841e493acde4bb4462da32bfc0e39b8b50da0922c0e795e75b9e90ec0051312bd55a3a10a0ba0f0b7dc", @typed={0x14, 0x31, @ipv6=@mcast2={0xff, 0x2, [], 0x1}}, @generic="8a57a6d3420e562f0a33f92113d8f0d4cac699e2bf3623908d5209bd03f517346b1a082aa1e90b1d97a9b384142b4422634892418e91a5e3e8d5e1dc99f7515bf67c6cec376fbc04af0395841c60b014d88e563e2444bee981309c228a1b572d8102e4102330dd567cd406f1c5b2d19879c43ba267b9826554d5f24e8f0484060d59b51b9b90860bcb40664e2d87ce7ff75be3ca1a2ac36b48e38fcc3997b1a4c06b94735915127505aedaa85a8fa4d88347f63979a434b120459a35671b3c1169c589b768c78b2ea980699fcf295e2ffcc8e648d3befdf583a0c1c8da"]}]}, 0x1330}, {&(0x7f0000001740)={0x24, 0x10, 0x0, 0x70bd2c, 0x25dfdbff, "", [@typed={0xc, 0x27, @u64=0x1ff}, @typed={0x8, 0x68, @u32=0x8}]}, 0x24}, {&(0x7f0000001780)={0x44, 0x16, 0xf04, 0x70bd2a, 0x25dfdbfd, "", [@generic="e0065ee0e5bcb8ee423441bbe08e4ab81857d43ccf0346afb3cd6628d4ae6dcd46afcfad23ca394b1cdb31b41136589fd81beddc"]}, 0x44}, {&(0x7f0000001800)={0x10, 0x25, 0x2, 0x70bd27, 0x25dfdbfd}, 0x10}], 0x6, &(0x7f00000018c0)=[@rights={0x28, 0x1, 0x1, [r0, r0, r0, r0, r0]}], 0x28}, 0x4) socket$pppoe(0x18, 0x1, 0x0) getsockopt$inet_pktinfo(r1, 0x0, 0x8, &(0x7f0000000240)={0x0, @loopback, @multicast1}, &(0x7f0000000280)=0xc) 09:52:50 executing program 6: mkdir(&(0x7f00000003c0)='./control\x00', 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000480)={0xaa}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000200)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = creat(&(0x7f0000000040)='./control/file0\x00', 0x0) write$sndseq(r1, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) mkdir(&(0x7f0000000100)='./file0\x00', 0x0) r2 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000140)='/dev/dsp\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='9p\x00', 0x0, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c}) close(r0) [ 237.354764] RDX: 0000000020000240 RSI: 0000000020000140 RDI: 0000000000000000 [ 237.362018] RBP: 000000000072bea0 R08: 00000000200002c0 R09: 0000000000000000 [ 237.369271] R10: 0000000020000280 R11: 0000000000000246 R12: 0000000000000014 [ 237.376536] R13: 00000000004bb85d R14: 00000000004c8d28 R15: 000000000000000f [ 237.448167] attempt to access beyond end of device [ 237.453187] loop7: rw=2049, want=312, limit=128 [ 237.457910] Buffer I/O error on dev loop7, logical block 311, lost async page write [ 237.477588] attempt to access beyond end of device [ 237.482616] loop7: rw=2049, want=313, limit=128 [ 237.487331] Buffer I/O error on dev loop7, logical block 312, lost async page write [ 237.499636] attempt to access beyond end of device [ 237.504780] loop7: rw=2049, want=326, limit=128 [ 237.509484] Buffer I/O error on dev loop7, logical block 325, lost async page write [ 237.534464] attempt to access beyond end of device [ 237.539574] loop7: rw=2049, want=2154, limit=128 [ 237.539934] attempt to access beyond end of device [ 237.549831] loop7: rw=2049, want=327, limit=128 [ 237.554537] Buffer I/O error on dev loop7, logical block 326, lost async page write [ 237.562429] attempt to access beyond end of device [ 237.567406] loop7: rw=2049, want=328, limit=128 [ 237.572138] Buffer I/O error on dev loop7, logical block 327, lost async page write [ 237.580138] attempt to access beyond end of device [ 237.585114] loop7: rw=2049, want=329, limit=128 [ 237.589816] Buffer I/O error on dev loop7, logical block 328, lost async page write [ 237.599238] attempt to access beyond end of device [ 237.604231] loop7: rw=2049, want=2153, limit=128 09:52:51 executing program 3: mkdir(&(0x7f00000003c0)='./control\x00', 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000480)={0xaa}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000200)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = creat(&(0x7f0000000040)='./control/file0\x00', 0x0) write$sndseq(r1, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) mkdir(&(0x7f0000000100)='./file0\x00', 0x0) r2 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000140)='/dev/dsp\x00', 0x0, 0x0) pwrite64(r1, &(0x7f0000000080), 0x0, 0xfdef) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='9p\x00', 0x0, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c}) close(r0) 09:52:51 executing program 2: r0 = syz_open_dev$usbmon(&(0x7f0000000040)='/dev/usbmon#\x00', 0xef, 0x0) setsockopt$IP_VS_SO_SET_STARTDAEMON(r0, 0x0, 0x48b, &(0x7f00000000c0)={0x4000000, 'ip_vti0\x00', 0x3}, 0x18) getsockopt$IP_VS_SO_GET_DAEMON(r0, 0x0, 0x487, &(0x7f0000000080), &(0x7f0000000100)=0x30) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x800000000000, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f0000000680)="b5320e2f0b6a990cb122ba140d126bb6a87c2657d5aaec3afdfef6607ea96ffd0dd3cf8f04d62cc1adb42e28e5a0a689278a2a0a9130465158f30d9d21b58c9bf1b38903b2f6c88ef444f4f10d0ffeeed1d98e21faacc985481a288d069f83550dd73d0b7006a5ca0c0b4f9e746c98f9b2fc4c1d4d6b004db39a0bfdafe80e73a416bd6387f7bd7478f662fe259bf5a01dad1b683c4388f2caed199caf6a7bc922cc4c9cb2dd77db8b514511e374644f7a517ab77fac78ed169b820351bf8863a25970500ac2d12f852984ab0be157a73174fc7dc1168fdc018ee28aabac92cd16fee6dab51b23b4467add0947acdec1fa33461ece880a30fde76b58d658c383a3ad99e390b913aeb8fff2fafe423f3c09265e656b47e47a387fa7c060d577b73dcd690f139025516884b844f944bbf9c17ae5c6cdf48407d427bbd01c71e0ee8b2f738f9daa4c03cb0cb71baa558511d11ff07d037bb9d95f47e98063fa20a4ff390215bea8fa2e97303ba983977adac18011f3ac4583d7e8d41f365d91f8b7cbb20802162e65d911b1d0d57c658549161e485710e110db042afaf71da6a254ffc4b62539d50332d0116e9e86f74f2627a21ff563f9a742afb226fdd8aab3005fc6305b48ea3f5f9f34efe4a2bd9c482bcd64d7997edb33c37b63ca95088ab49ff95eeb4057cf5ecf7f3f01062ad4511f5eb80590056b5ae28c19dcd7fdd8c8896cd410b24601a6fc6dc9e982bf27f49d8f50bccb04c18bc54f3920b78fb77c261371f341f73b1b686ae9e3d4a1c3140caa537d7ed1a009d42cd6fcb727d45694fc5309") 09:52:51 executing program 1: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x80000000000002, &(0x7f0000000000)=0x78, 0x4) bind$inet(r1, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1=0xe0000001}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000040)='dctcp\x00', 0x7fff) sendto$inet(r1, &(0x7f0000a88f88), 0xfffffffffffffe6e, 0x20000294, &(0x7f0000e68000)={0x2, 0x4004e23, @local={0xac, 0x14, 0x14, 0xaa}}, 0x10) shutdown(r1, 0x1) 09:52:51 executing program 5: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x80000000000002, &(0x7f0000000000)=0x78, 0x4) bind$inet(0xffffffffffffffff, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1=0xe0000001}, 0x10) r1 = syz_open_dev$audion(&(0x7f0000000080)='/dev/audio#\x00', 0x1, 0x4400) ioctl$KVM_SET_SIGNAL_MASK(r1, 0x4004ae8b, &(0x7f0000000100)={0x73, "e86af758978eb14d1071de033856162eafd2ea1d408c640f44b66173986065d751edf6101b48efe114d292530b93dc7ea4cb17fe38df3423712153f10cc073bc35e3e53e406f6bde1851a6ce5b083931c020c812269af53862e3ed67bdb1252b9617a38b5c5b71850949fae128e15007feb0ad"}) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f00000000c0)={0x1, &(0x7f0000f40ff8)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, &(0x7f0000000040)='dctcp\x00', 0x7fff) sendto$inet(0xffffffffffffffff, &(0x7f0000000180)="03f33166fdbaa9854a096e903b53eb0ee689ef8f9480d819459946a0cb268456c6ccba1db7a2d4fc68aa8cf7dfcc7fb87b3f06473fd4bbfaea5154c693d8e2c78c772a2db4c0fe8680de3c763257f43db9109c529f315100dc33a829896bce3b1675cf0d95d8f6d66fc4016b08bdb655cd487f251c6b2778c35f2b", 0x7b, 0x20000000, &(0x7f0000e68000)={0x2, 0x4004e23, @local={0xac, 0x14, 0x14, 0xaa}}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, &(0x7f0000001800)='nv\x00', 0x3) shutdown(0xffffffffffffffff, 0x1) 09:52:51 executing program 4: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x101, 0x0, 0x0, 0x0, 0x0, 0xff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x33, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xb, 0xffffffffffffffff, 0x0) clone(0x4000, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) 09:52:51 executing program 0 (fault-call:1 fault-nth:16): perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x31}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x0, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) 09:52:51 executing program 7: syz_mount_image$vfat(&(0x7f0000000140)='vfat\x00', &(0x7f0000000100)='./file0\x00', 0x10001, 0x1, &(0x7f0000000040)=[{&(0x7f0000010000)="eb64c86d6b66732e66617400020441000500077008f8", 0x16}], 0x0, &(0x7f0000000240)=ANY=[]) r0 = open(&(0x7f00000001c0)='./file0/file0\x00', 0x3bffa, 0x0) io_setup(0x7, &(0x7f0000000000)=0x0) write$binfmt_elf32(r0, &(0x7f0000000180)=ANY=[@ANYRES64], 0xfffffe45) io_submit(r1, 0x2, &(0x7f0000000400)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r0, &(0x7f00000002c0)="80", 0x1}]) 09:52:51 executing program 6: mkdir(&(0x7f00000003c0)='./control\x00', 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000480)={0xaa}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000200)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = creat(&(0x7f0000000040)='./control/file0\x00', 0x0) write$sndseq(r1, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) mkdir(&(0x7f0000000100)='./file0\x00', 0x0) r2 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000140)='/dev/dsp\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='9p\x00', 0x0, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c}) close(r0) [ 238.615231] FAULT_INJECTION: forcing a failure. [ 238.615231] name failslab, interval 1, probability 0, space 0, times 0 [ 238.626530] CPU: 0 PID: 13114 Comm: syz-executor0 Not tainted 4.18.0-rc5-next-20180720+ #12 [ 238.630684] FAT-fs (loop7): Directory bread(block 128) failed [ 238.635086] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 238.635095] Call Trace: [ 238.635119] dump_stack+0x1c9/0x2b4 [ 238.635143] ? dump_stack_print_info.cold.2+0x52/0x52 09:52:51 executing program 4: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0xa, 0x3, 0x5) setsockopt$inet6_MCAST_MSFILTER(r0, 0x29, 0x30, &(0x7f0000000040)={0x8, {{0xa, 0x4e21, 0x8c4, @remote={0xfe, 0x80, [], 0xbb}, 0x9}}, 0x1}, 0x90) clone(0x4000, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) [ 238.662301] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 238.664379] FAT-fs (loop7): Directory bread(block 129) failed [ 238.667345] should_fail.cold.4+0xa/0x11 [ 238.667368] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 238.681616] FAT-fs (loop7): Directory bread(block 130) failed [ 238.682572] ? lock_release+0xa30/0xa30 [ 238.682598] ? kasan_check_read+0x11/0x20 [ 238.694949] FAT-fs (loop7): Directory bread(block 131) failed [ 238.696567] ? rcu_is_watching+0x8c/0x150 [ 238.696588] ? rcu_cleanup_dead_rnp+0x200/0x200 [ 238.696614] ? is_bpf_text_address+0xd7/0x170 [ 238.714790] FAT-fs (loop7): Directory bread(block 132) failed [ 238.715761] ? kernel_text_address+0x79/0xf0 [ 238.715780] ? __kernel_text_address+0xd/0x40 [ 238.715798] ? unwind_get_return_address+0x61/0xa0 [ 238.731570] FAT-fs (loop7): Directory bread(block 133) failed [ 238.735472] ? __save_stack_trace+0x8d/0xf0 [ 238.735507] ? save_stack+0xa9/0xd0 [ 238.735522] ? save_stack+0x43/0xd0 [ 238.751257] FAT-fs (loop7): Directory bread(block 134) failed [ 238.753076] ? kasan_kmalloc+0xc4/0xe0 09:52:51 executing program 4: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x4000, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) r0 = syz_open_dev$midi(&(0x7f0000000040)='/dev/midi#\x00', 0x401, 0x40) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f00000000c0)='IPVS\x00') sendmsg$IPVS_CMD_DEL_DAEMON(r0, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000100)={&(0x7f00000002c0)={0xc4, r1, 0x0, 0x70bd2a, 0x25dfdbfb, {0xa}, [@IPVS_CMD_ATTR_DAEMON={0x4c, 0x3, [@IPVS_DAEMON_ATTR_MCAST_PORT={0x8, 0x7, 0x4e24}, @IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @ipv4={[], [0xff, 0xff], @dev={0xac, 0x14, 0x14, 0x1a}}}, @IPVS_DAEMON_ATTR_MCAST_TTL={0x8, 0x8, 0x4}, @IPVS_DAEMON_ATTR_MCAST_PORT={0x8, 0x7, 0x4e23}, @IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'tunl0\x00'}, @IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x8, 0x4, 0x6}]}, @IPVS_CMD_ATTR_DEST={0x1c, 0x2, [@IPVS_DEST_ATTR_ACTIVE_CONNS={0x8, 0x7, 0x7d2d}, @IPVS_DEST_ATTR_U_THRESH={0x8, 0x5, 0x5}, @IPVS_DEST_ATTR_ADDR_FAMILY={0x8, 0xb, 0xa}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x7}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x5}, @IPVS_CMD_ATTR_SERVICE={0x38, 0x1, [@IPVS_SVC_ATTR_PORT={0x8, 0x4, 0x4e21}, @IPVS_SVC_ATTR_PROTOCOL={0x8, 0x2, 0x3a}, @IPVS_SVC_ATTR_PROTOCOL={0x8, 0x2, 0x6}, @IPVS_SVC_ATTR_PROTOCOL={0x8, 0x2, 0x73}, @IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x3, 0x18}}, @IPVS_SVC_ATTR_PORT={0x8, 0x4, 0x4e20}]}]}, 0xc4}, 0x1, 0x0, 0x0, 0x41}, 0x1) [ 238.753101] __should_failslab+0x124/0x180 [ 238.753119] should_failslab+0x9/0x14 [ 238.765790] FAT-fs (loop7): Directory bread(block 135) failed [ 238.767103] kmem_cache_alloc+0x47/0x760 [ 238.767120] ? lock_acquire+0x1e4/0x540 [ 238.767137] ? percpu_ref_put_many+0x119/0x240 [ 238.776536] FAT-fs (loop7): Directory bread(block 136) failed [ 238.776877] ? lock_downgrade+0x8f0/0x8f0 [ 238.786000] FAT-fs (loop7): Directory bread(block 137) failed [ 238.789627] anon_vma_clone+0x140/0x740 [ 238.789649] ? fs_reclaim_acquire+0x20/0x20 [ 238.789668] ? unlink_anon_vmas+0xa60/0xa60 [ 238.818138] ? dup_userfaultfd+0x775/0x9a0 [ 238.822404] anon_vma_fork+0xf0/0x960 [ 238.826226] ? kasan_unpoison_shadow+0x35/0x50 [ 238.830828] ? anon_vma_clone+0x740/0x740 [ 238.834998] ? kasan_slab_alloc+0x12/0x20 [ 238.839159] ? kmem_cache_alloc+0x2fc/0x760 [ 238.843512] copy_process.part.41+0x6705/0x73d0 [ 238.848240] ? __cleanup_sighand+0x70/0x70 [ 238.852493] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 238.858041] ? perf_tp_event+0x91b/0xc40 [ 238.862117] ? xas_descend+0x20c/0x5f0 [ 238.866041] ? perf_swevent_event+0x2e0/0x2e0 [ 238.870584] ? perf_swevent_event+0x158/0x2e0 [ 238.875096] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 238.880673] ? perf_tp_event+0x91b/0xc40 [ 238.883830] attempt to access beyond end of device [ 238.884741] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 238.884762] ? filemap_map_pages+0xca2/0x1990 [ 238.884787] ? perf_swevent_event+0x2e0/0x2e0 [ 238.889717] loop7: rw=2049, want=310, limit=128 [ 238.894716] ? perf_trace_run_bpf_submit+0x269/0x3b0 09:52:51 executing program 4: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x4000, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) r0 = openat$null(0xffffffffffffff9c, &(0x7f0000000040)='/dev/null\x00', 0x80002, 0x0) ioctl$TUNSETNOCSUM(r0, 0x400454c8, 0x0) [ 238.894739] ? perf_trace_run_bpf_submit+0x269/0x3b0 [ 238.899219] Buffer I/O error on dev loop7, logical block 309, lost async page write [ 238.903700] ? perf_tp_event+0xc40/0xc40 [ 238.926943] attempt to access beyond end of device [ 238.930627] ? perf_trace_run_bpf_submit+0x269/0x3b0 [ 238.930650] ? perf_trace_run_bpf_submit+0x269/0x3b0 [ 238.930670] ? perf_trace_run_bpf_submit+0x270/0x3b0 [ 238.935593] loop7: rw=2049, want=311, limit=128 [ 238.941454] ? perf_tp_event+0xc40/0xc40 [ 238.941476] ? zap_class+0x740/0x740 [ 238.946571] Buffer I/O error on dev loop7, logical block 310, lost async page write [ 238.951660] ? perf_trace_run_bpf_submit+0x269/0x3b0 [ 238.951679] ? perf_trace_run_bpf_submit+0x269/0x3b0 [ 238.982082] ? perf_trace_run_bpf_submit+0x270/0x3b0 [ 238.987228] ? perf_tp_event+0xc40/0xc40 [ 238.991319] ? zap_class+0x740/0x740 [ 238.993629] attempt to access beyond end of device [ 238.995047] ? memset+0x31/0x40 [ 238.995073] ? perf_trace_lock+0x49d/0x920 [ 238.995093] ? perf_trace_run_bpf_submit+0x269/0x3b0 [ 239.000020] loop7: rw=2049, want=312, limit=128 09:52:52 executing program 4: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x4000, &(0x7f0000000400)="400542f069dd23c3c02c8acd0c87647156b068dde936ed66e85eb8263faaa5e64b3299e414f966251e29dad91e1898fb6a028e7ccac79601e6706f36f96702d2958f3c00a1409879e11eaebeae4bb5d772946ba909d6e890ecdb697d457a777589a8ff6869390cbd9540d346073363f779ecb6d12f6d558e1f3fd33a797ab67fc2cd446662d05bf5ef3d110ed2ceb5ac52117a83fc243fbc1fa43078baddd8b71c892b0b0553ebc5317a3a6c11565dbf70ca3e6d8c374c15b2261a202568b6ca8c809333bd242af4", &(0x7f0000000240), &(0x7f0000000280), &(0x7f0000000080)="dec77567831ebbd3d614b8c27bce65d3647c0825474f74b9917cb85675a573d76cdb2a3e5d50acc2b4d7a1c113b4992bb2e5f02fcbc5d950232c7ea32a3276b3d41ced035ec6f34806b275c9c1ceffd76ff44298da2461f372f0f5f955beecb5b8744fd3ba0f7c249cd3be3a4f92daa8f4feee2782179ae8f10baa2a7725b26caa59c83d2e898defd9e0d501fefc912d905656afa06c8a71261e") [ 239.003277] ? zap_class+0x740/0x740 [ 239.003300] ? __check_object_size+0xa3/0x5d7 [ 239.019624] attempt to access beyond end of device [ 239.020997] ? memset+0x31/0x40 [ 239.021032] ? zap_class+0x740/0x740 [ 239.026239] loop7: rw=2049, want=313, limit=128 [ 239.031149] ? __f_unlock_pos+0x19/0x20 [ 239.031170] ? lock_downgrade+0x8f0/0x8f0 [ 239.047685] attempt to access beyond end of device [ 239.050923] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 239.050944] ? proc_fail_nth_write+0x9e/0x210 [ 239.050972] ? lock_acquire+0x1e4/0x540 [ 239.055976] loop7: rw=2049, want=326, limit=128 [ 239.061503] _do_fork+0x291/0x12a0 [ 239.078141] ? fork_idle+0x1a0/0x1a0 [ 239.081881] ? fsnotify_first_mark+0x350/0x350 [ 239.086480] ? fsnotify+0x14e0/0x14e0 [ 239.090318] ? __sb_end_write+0xac/0xe0 [ 239.090479] attempt to access beyond end of device [ 239.094300] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 239.094317] ? fput+0x130/0x1a0 [ 239.094337] ? ksys_write+0x1ae/0x260 [ 239.099266] loop7: rw=2049, want=327, limit=128 09:52:52 executing program 4: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x4000, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) [ 239.104778] ? __ia32_sys_read+0xb0/0xb0 [ 239.104797] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 239.124779] attempt to access beyond end of device [ 239.126078] __x64_sys_clone+0xbf/0x150 [ 239.126099] do_syscall_64+0x1b9/0x820 [ 239.126116] ? finish_task_switch+0x1d3/0x870 [ 239.131061] loop7: rw=2049, want=328, limit=128 [ 239.135532] ? syscall_return_slowpath+0x5e0/0x5e0 [ 239.135552] ? syscall_return_slowpath+0x31d/0x5e0 [ 239.158416] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 239.160121] attempt to access beyond end of device [ 239.163444] ? prepare_exit_to_usermode+0x291/0x3b0 [ 239.163464] ? perf_trace_sys_enter+0xb10/0xb10 [ 239.163483] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 239.168410] loop7: rw=2049, want=329, limit=128 [ 239.173407] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 239.173422] RIP: 0033:0x455ab9 [ 239.196980] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 239.199081] attempt to access beyond end of device [ 239.216534] RSP: 002b:00007f5327fa9c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 239.216553] RAX: ffffffffffffffda RBX: 00007f5327faa6d4 RCX: 0000000000455ab9 [ 239.216564] RDX: 0000000020000240 RSI: 0000000020000140 RDI: 0000000000000000 [ 239.216574] RBP: 000000000072bea0 R08: 00000000200002c0 R09: 0000000000000000 [ 239.216589] R10: 0000000020000280 R11: 0000000000000246 R12: 0000000000000014 [ 239.221518] loop7: rw=2049, want=2153, limit=128 09:52:52 executing program 2: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x0, &(0x7f00000004c0)="d2ba00cac469c6ec1ea1ca923146d55daf6566e9db670668244b6d600b14559aa56dfde4cd5d8bfd6fad61f9c87856282e72e4dfdf7d4c4f5821e6458f1318e7008703f9a5b691b38fd69acb993951f8743e9a26d7511bd4b00b8c68dc495efe671c5491ed56f869aff50229fee3f904eb0de7827b82945a36c7a795ed764bd2302e9ee9eed1d56f8a540ff189acbb91f6ed0822492c87a8b9fb0be9d4675ce4e216e1ff1e3309b9e8c6b51a4253d4965d8d19605ba3a92bbb6700000000663aff868a927d985718c2d1a959e8bad7da6066ebee518d0000000000000000000000000000", &(0x7f0000000240), &(0x7f0000000140), &(0x7f0000000200)) 09:52:52 executing program 4: r0 = perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x4000, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) r1 = syz_open_dev$mice(&(0x7f0000000040)='/dev/input/mice\x00', 0x0, 0x200) getsockopt$inet_sctp6_SCTP_CONTEXT(0xffffffffffffff9c, 0x84, 0x11, &(0x7f0000000080)={0x0, 0x6}, &(0x7f00000000c0)=0x8) stat(&(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0, 0x0}) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000440)={0x0, 0x0, 0x0}, &(0x7f0000000480)=0xc) write$FUSE_ATTR(r0, &(0x7f00000004c0)={0x78, 0x0, 0x6, {0x41, 0x4, 0x0, {0x3, 0x7, 0x3, 0x3f, 0x2, 0x180000000000, 0x1, 0x6, 0xf6b7, 0x1, 0x6, r3, r4, 0x7}}}, 0x78) getsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f00000002c0)={r2, @in6={{0xa, 0x4e22, 0x4, @empty, 0x10001}}, 0x8000, 0x7, 0x96, 0x3, 0x2}, &(0x7f0000000100)=0x98) getsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(r1, 0x84, 0x72, &(0x7f0000000140)={r2, 0x3, 0x30}, &(0x7f0000000200)=0xc) [ 239.229202] R13: 00000000004bb85d R14: 00000000004c8d28 R15: 0000000000000010 09:52:52 executing program 5: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x80000000000002, &(0x7f0000000000)=0x78, 0x4) bind$inet(r1, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1=0xe0000001}, 0x10) r2 = openat$audio(0xffffffffffffff9c, &(0x7f0000000080)='/dev/audio\x00', 0x40, 0x0) write$P9_RMKDIR(r2, &(0x7f0000000100)={0x14, 0x49, 0x1, {0x2, 0x1, 0x1}}, 0x14) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f00000000c0)={0x1, &(0x7f0000f40ff8)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000040)='dctcp\x00', 0x7fff) getsockopt$inet_sctp_SCTP_STATUS(r1, 0x84, 0xe, &(0x7f0000000140)={0x0, 0xf6, 0x5, 0xffffffff, 0x6927, 0x7, 0x3, 0xffffffff7fffffff, {0x0, @in={{0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0xf}}}, 0x4, 0x3, 0x0, 0xffff, 0x4}}, &(0x7f0000000200)=0xb0) setsockopt$inet_sctp_SCTP_MAXSEG(r0, 0x84, 0xd, &(0x7f0000000240)=@assoc_value={r3, 0x1}, 0x8) sendto$inet(r1, &(0x7f0000a88f88), 0xfffffffffffffe6e, 0x20000000, &(0x7f0000e68000)={0x2, 0x4004e23, @local={0xac, 0x14, 0x14, 0xaa}}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000001800)='nv\x00', 0x3) shutdown(r1, 0x1) [ 239.339588] attempt to access beyond end of device [ 239.344608] loop7: rw=2049, want=2154, limit=128 [ 239.383137] attempt to access beyond end of device [ 239.388244] loop7: rw=2049, want=2154, limit=128 09:52:53 executing program 3: mkdir(&(0x7f00000003c0)='./control\x00', 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000480)={0xaa}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000200)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = creat(&(0x7f0000000040)='./control/file0\x00', 0x0) write$sndseq(r1, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) mkdir(&(0x7f0000000100)='./file0\x00', 0x0) r2 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000140)='/dev/dsp\x00', 0x0, 0x0) pwrite64(r1, &(0x7f0000000080), 0x0, 0x8000002000000000) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='9p\x00', 0x0, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c}) close(r0) 09:52:53 executing program 0 (fault-call:1 fault-nth:17): perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x31}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x0, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) 09:52:53 executing program 2: r0 = perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x0, &(0x7f0000000100)="389abe542097a75c2fab933656a2cc2fb45b71bc0e84f2a3cbe8fa267a2822cd55231d835c6ea921da8f6917e31201c28071dadd8aaf27e27eb2f6175203d79fd138ce35e2ce3066", &(0x7f0000000240), &(0x7f0000000280), &(0x7f0000000380)="131b722f72e982ae49511689c4aed25ccb0088c84ba66321d3fe95d4052e2076e123784a6ee10abb815d2823f0ef06fccd1c7d8733c9aad1445cd7bdf0904e22ccbda72f5bad5c70f7e297defdcfb088d13578eeed5eef77324a42ccf6e8c0cbd85d1fd297a564546160c39641a07df6425aa90389c514544cd54d4721b07278fdf363efc015c04908226317540dd1aa1025847b6a6851d27194b8066844e75db65f7988d26ced77509a81a2a71ca817c7008959") getsockopt$IP6T_SO_GET_REVISION_TARGET(r0, 0x29, 0x45, &(0x7f0000000040)={'ah\x00'}, &(0x7f0000000080)=0x1e) 09:52:53 executing program 1: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x80000000000002, &(0x7f0000000000)=0x78, 0x4) bind$inet(r1, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1=0xe0000001}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000040)='dctcp\x00', 0x7fff) sendto$inet(r1, &(0x7f0000a88f88), 0xfffffffffffffe6e, 0x2000cb00, &(0x7f0000e68000)={0x2, 0x4004e23, @local={0xac, 0x14, 0x14, 0xaa}}, 0x10) shutdown(r1, 0x1) 09:52:53 executing program 7: syz_mount_image$vfat(&(0x7f0000000140)='vfat\x00', &(0x7f0000000100)='./file0\x00', 0x10001, 0x1, &(0x7f0000000040)=[{&(0x7f0000010000)="eb64c86d6b66732e66617400020441000500077008f8", 0x16}], 0x0, &(0x7f0000000240)=ANY=[]) r0 = open(&(0x7f00000001c0)='./file0/file0\x00', 0x3bffa, 0x0) io_setup(0x7, &(0x7f0000000000)=0x0) write$binfmt_elf32(r0, &(0x7f0000000180)=ANY=[@ANYRES64], 0xfffffe45) io_submit(r1, 0x600, &(0x7f0000000400)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r0, &(0x7f00000002c0)="80", 0x1}]) 09:52:53 executing program 4: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000040)='/dev/mixer\x00', 0x10000, 0x0) write$P9_RVERSION(r0, &(0x7f0000000080)={0x15, 0x65, 0xffff, 0x2, 0x8, '9P2000.u'}, 0x15) r1 = semget$private(0x0, 0x3, 0x82) semtimedop(r1, &(0x7f00000000c0)=[{0x0, 0x7, 0x800}, {0x1, 0x69, 0x1800}], 0x2, &(0x7f0000000100)={0x77359400}) clone(0x4000, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) 09:52:53 executing program 5: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8000, &(0x7f0000000080)="024fc82a6de200e8322070") r1 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x80000000000002, &(0x7f0000000000)=0x78, 0x4) bind$inet(r1, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1=0xe0000001}, 0x10) getsockopt$sock_linger(r1, 0x1, 0xd, &(0x7f0000000100), &(0x7f0000000140)=0x8) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f00000000c0)={0x1, &(0x7f0000f40ff8)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000040)='dctcp\x00', 0x7fff) sendto$inet(r1, &(0x7f0000a88f88), 0xfffffffffffffe6e, 0x20000000, &(0x7f0000e68000)={0x2, 0x4004e23, @local={0xac, 0x14, 0x14, 0xaa}}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000180)='nv\x00', 0x2) shutdown(r1, 0x1) 09:52:53 executing program 6: mkdir(&(0x7f00000003c0)='./control\x00', 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000480)={0xaa}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000200)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = creat(&(0x7f0000000040)='./control/file0\x00', 0x0) write$sndseq(r1, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) mkdir(&(0x7f0000000100)='./file0\x00', 0x0) r2 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000140)='/dev/dsp\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='9p\x00', 0x0, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c}) close(r0) [ 240.709963] FAT-fs (loop7): Directory bread(block 128) failed [ 240.733953] FAT-fs (loop7): Directory bread(block 129) failed [ 240.749690] FAT-fs (loop7): Directory bread(block 130) failed [ 240.750949] FAULT_INJECTION: forcing a failure. [ 240.750949] name failslab, interval 1, probability 0, space 0, times 0 [ 240.761520] FAT-fs (loop7): Directory bread(block 131) failed [ 240.766979] CPU: 1 PID: 13213 Comm: syz-executor0 Not tainted 4.18.0-rc5-next-20180720+ #12 [ 240.781323] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 240.790662] Call Trace: [ 240.793240] dump_stack+0x1c9/0x2b4 [ 240.796856] ? dump_stack_print_info.cold.2+0x52/0x52 [ 240.802036] ? __kernel_text_address+0xd/0x40 [ 240.806517] ? unwind_get_return_address+0x61/0xa0 [ 240.811434] should_fail.cold.4+0xa/0x11 [ 240.815483] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 240.820571] ? save_stack+0xa9/0xd0 [ 240.824181] ? kasan_kmalloc+0xc4/0xe0 [ 240.828052] ? kasan_slab_alloc+0x12/0x20 [ 240.832281] ? kmem_cache_alloc+0x12e/0x760 [ 240.836590] ? anon_vma_clone+0x140/0x740 [ 240.840723] ? anon_vma_fork+0xf0/0x960 [ 240.844680] ? copy_process.part.41+0x6705/0x73d0 [ 240.849503] ? _do_fork+0x291/0x12a0 [ 240.853204] ? do_syscall_64+0x1b9/0x820 [ 240.857250] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 240.862598] ? lock_acquire+0x1e4/0x540 [ 240.866558] ? percpu_ref_put_many+0x119/0x240 [ 240.871122] ? lock_downgrade+0x8f0/0x8f0 [ 240.875252] ? lock_release+0xa30/0xa30 [ 240.879213] ? lock_acquire+0x1e4/0x540 [ 240.883184] ? lock_release+0xa30/0xa30 [ 240.887140] ? check_same_owner+0x340/0x340 [ 240.891442] ? percpu_ref_put_many+0x131/0x240 [ 240.896026] ? rcu_note_context_switch+0x730/0x730 [ 240.900941] __should_failslab+0x124/0x180 [ 240.905159] should_failslab+0x9/0x14 [ 240.908943] kmem_cache_alloc+0x47/0x760 [ 240.913011] ? anon_vma_interval_tree_insert+0x26b/0x300 [ 240.918447] anon_vma_clone+0x140/0x740 [ 240.922409] ? unlink_anon_vmas+0xa60/0xa60 [ 240.927152] ? dup_userfaultfd+0x775/0x9a0 [ 240.931372] anon_vma_fork+0xf0/0x960 [ 240.935158] ? kasan_unpoison_shadow+0x35/0x50 [ 240.939726] ? anon_vma_clone+0x740/0x740 [ 240.943858] ? kasan_slab_alloc+0x12/0x20 [ 240.947988] ? kmem_cache_alloc+0x2fc/0x760 [ 240.952301] copy_process.part.41+0x6705/0x73d0 [ 240.956963] ? __cleanup_sighand+0x70/0x70 [ 240.961191] ? lock_release+0xa30/0xa30 [ 240.965148] ? xas_descend+0x20c/0x5f0 [ 240.969196] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 240.974193] ? check_pgprot+0xdf/0x180 [ 240.978070] ? put_page+0x280/0x280 [ 240.981680] ? kasan_check_write+0x14/0x20 [ 240.985911] ? alloc_set_pte+0xaf6/0x1790 [ 240.990046] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 240.995047] ? filemap_map_pages+0xca2/0x1990 [ 240.999899] ? trace_hardirqs_on+0x10/0x10 [ 241.004291] ? xa_set_tag+0x40/0x40 [ 241.007905] ? perf_trace_lock+0xde/0x920 [ 241.012035] ? trace_hardirqs_on+0x10/0x10 [ 241.016258] ? trace_hardirqs_on+0x10/0x10 [ 241.020486] ? trace_hardirqs_on+0x10/0x10 [ 241.025543] ? find_get_entries_tag+0x1410/0x1410 [ 241.030407] ? perf_trace_lock+0xde/0x920 [ 241.034537] ? zap_class+0x740/0x740 [ 241.038234] ? zap_class+0x740/0x740 [ 241.041933] ? zap_class+0x740/0x740 [ 241.045631] ? shrink_dcache_sb+0x350/0x350 [ 241.049935] ? perf_trace_lock+0xde/0x920 [ 241.054067] ? lock_acquire+0x1e4/0x540 [ 241.058031] ? __fdget_pos+0x1bb/0x200 [ 241.061909] ? zap_class+0x740/0x740 [ 241.065603] ? lock_release+0xa30/0xa30 [ 241.069563] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 241.075084] ? _parse_integer+0x13b/0x190 [ 241.079217] ? perf_trace_lock+0xde/0x920 [ 241.083348] ? _kstrtoull+0x188/0x250 [ 241.087131] ? _parse_integer+0x190/0x190 [ 241.091260] ? zap_class+0x740/0x740 [ 241.094958] ? __check_object_size+0xa3/0x5d7 [ 241.099441] ? lock_acquire+0x1e4/0x540 [ 241.103399] ? get_pid_task+0xd8/0x1a0 [ 241.107269] ? perf_trace_lock+0xde/0x920 [ 241.111402] ? lock_release+0xa30/0xa30 [ 241.115359] ? zap_class+0x740/0x740 [ 241.119065] ? vmf_insert_mixed_mkwrite+0xa0/0xa0 [ 241.123889] ? __f_unlock_pos+0x19/0x20 [ 241.127847] ? lock_downgrade+0x8f0/0x8f0 [ 241.131982] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 241.137506] ? proc_fail_nth_write+0x9e/0x210 [ 241.142013] ? lock_acquire+0x1e4/0x540 [ 241.145975] _do_fork+0x291/0x12a0 [ 241.149501] ? fork_idle+0x1a0/0x1a0 [ 241.153200] ? fsnotify_first_mark+0x350/0x350 [ 241.157774] ? fsnotify+0x14e0/0x14e0 [ 241.161561] ? __sb_end_write+0xac/0xe0 [ 241.165520] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 241.171040] ? fput+0x130/0x1a0 [ 241.174301] ? ksys_write+0x1ae/0x260 [ 241.178087] ? __ia32_sys_read+0xb0/0xb0 [ 241.182133] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 241.187659] __x64_sys_clone+0xbf/0x150 [ 241.191637] do_syscall_64+0x1b9/0x820 [ 241.195514] ? finish_task_switch+0x1d3/0x870 [ 241.200169] ? syscall_return_slowpath+0x5e0/0x5e0 [ 241.205096] ? syscall_return_slowpath+0x31d/0x5e0 [ 241.210013] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 241.215017] ? prepare_exit_to_usermode+0x291/0x3b0 [ 241.220021] ? perf_trace_sys_enter+0xb10/0xb10 [ 241.224681] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 241.229512] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 241.234685] RIP: 0033:0x455ab9 [ 241.237852] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 241.257053] RSP: 002b:00007f5327fa9c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 241.264753] RAX: ffffffffffffffda RBX: 00007f5327faa6d4 RCX: 0000000000455ab9 [ 241.272007] RDX: 0000000020000240 RSI: 0000000020000140 RDI: 0000000000000000 [ 241.279261] RBP: 000000000072bea0 R08: 00000000200002c0 R09: 0000000000000000 [ 241.286514] R10: 0000000020000280 R11: 0000000000000246 R12: 0000000000000014 [ 241.293778] R13: 00000000004bb85d R14: 00000000004c8d28 R15: 0000000000000011 09:52:54 executing program 4: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x40000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x4000, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) r0 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0x7, 0x0) ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r0, 0xc0045516, &(0x7f0000000080)=0x9) 09:52:54 executing program 6: mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000480)={0xaa}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000200)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = creat(&(0x7f0000000040)='./control/file0\x00', 0x0) write$sndseq(r1, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) mkdir(&(0x7f0000000100)='./file0\x00', 0x0) r2 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000140)='/dev/dsp\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='9p\x00', 0x0, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c}) close(r0) 09:52:54 executing program 2: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000000, 0x7, 0x0, 0xfffffffffffffffc}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x0, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) syz_mount_image$btrfs(&(0x7f0000000040)='btrfs\x00', &(0x7f0000000080)='./file0\x00', 0x8, 0x4, &(0x7f0000000480)=[{&(0x7f00000000c0)="f4d995de11f279796e1717d788b4fa140fea5e71c18df332cda747fdc7d937b6f1f581e54ff8724511d7", 0x2a, 0x8}, {&(0x7f0000000100)="c9470b80cb5f7a7cf9ac68df7d0710087a12c3d17cdfed42c731b42cc56e00ca9ae339f203d9fcc1d00c1b08cde5c06081ab131eb4bc61c6100bbb8f588319976943c856d2306a5493a52b6e", 0x4c, 0x2}, {&(0x7f00000002c0)="29883dd46eff764a9033ea94b90dff41539b7d0917ffb72f23dc352920dd7a29dc72fbfb3d76fc17991068f9f73cdf782c74e51b64b3d07c723a2c3e886b396ce5c75f1683c761c9d7173036e158bafe834f242205fc57938eae9c0e2a8b47bbcff0831672d167f6cb525a0a5afd508765758bd3eb4893c75972b2351ff9209975dcf19a65bdbe3268e2971094cdbfccd4996e0e41c6f357ed9ce50a940e308119d15b443c3d83e4300cab9a3502b679bdcc8cb2194644a6acbd6ed23b287042927a62d51bfbd922cf", 0xc9, 0x20}, {&(0x7f00000003c0)="f69b26b1329f9eeea4bd1390cc884113949f5f49f4a467ea19d87e6e9196fa99007ca433931053d8b278184ff2f588155ffc3685ccb5573b6c0f7696c8b2b6cdb24d5128bbd4c391b2e35d0db601633114b13e5220221b4778e906d43102ffa446db4ccdae0bb51d01555057ae9c5900fee0d392b54d511e1956d556506bc2c6c030737fe5d61831d875066f7b160e1f1bf68052b1908eea307b", 0x9a, 0x6}], 0x8, &(0x7f0000000200)={[{@nodatacow='nodatacow', 0x2c}, {@space_cache_v1='space_cache=v1', 0x2c}]}) [ 241.307577] FAT-fs (loop7): Directory bread(block 132) failed [ 241.322528] FAT-fs (loop7): Directory bread(block 133) failed [ 241.333136] FAT-fs (loop7): Directory bread(block 134) failed [ 241.340247] FAT-fs (loop7): Directory bread(block 135) failed [ 241.352695] FAT-fs (loop7): Directory bread(block 136) failed [ 241.366100] FAT-fs (loop7): Directory bread(block 137) failed [ 241.386257] 9pnet: Insufficient options for proto=fd 09:52:54 executing program 6: mkdir(&(0x7f00000003c0)='./control\x00', 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x0, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000480)={0xaa}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000200)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = creat(&(0x7f0000000040)='./control/file0\x00', 0x0) write$sndseq(r1, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) mkdir(&(0x7f0000000100)='./file0\x00', 0x0) r2 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000140)='/dev/dsp\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='9p\x00', 0x0, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c}) close(r0) 09:52:54 executing program 4: clone(0x4000, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='setgroups\x00') getsockopt$inet_sctp6_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f0000000040), &(0x7f0000000080)=0x4) 09:52:54 executing program 0 (fault-call:1 fault-nth:18): perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x31}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x0, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) [ 241.528797] FAULT_INJECTION: forcing a failure. [ 241.528797] name failslab, interval 1, probability 0, space 0, times 0 [ 241.540285] CPU: 0 PID: 13245 Comm: syz-executor0 Not tainted 4.18.0-rc5-next-20180720+ #12 [ 241.548794] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 241.558147] Call Trace: [ 241.560757] dump_stack+0x1c9/0x2b4 [ 241.564383] ? dump_stack_print_info.cold.2+0x52/0x52 [ 241.569576] ? __kernel_text_address+0xd/0x40 [ 241.574071] ? unwind_get_return_address+0x61/0xa0 [ 241.578997] should_fail.cold.4+0xa/0x11 [ 241.583056] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 241.588150] ? save_stack+0xa9/0xd0 [ 241.591765] ? kasan_kmalloc+0xc4/0xe0 [ 241.595667] ? kasan_slab_alloc+0x12/0x20 [ 241.599806] ? kmem_cache_alloc+0x12e/0x760 [ 241.604115] ? anon_vma_clone+0x140/0x740 [ 241.608252] ? anon_vma_fork+0xf0/0x960 [ 241.612217] ? copy_process.part.41+0x6705/0x73d0 [ 241.617044] ? _do_fork+0x291/0x12a0 [ 241.620747] ? do_syscall_64+0x1b9/0x820 [ 241.624802] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 241.630160] ? lock_acquire+0x1e4/0x540 [ 241.634124] ? percpu_ref_put_many+0x119/0x240 [ 241.638695] ? lock_downgrade+0x8f0/0x8f0 [ 241.642839] ? lock_release+0xa30/0xa30 [ 241.646804] ? memcg_kmem_get_cache+0x3a9/0x9d0 [ 241.651464] ? mem_cgroup_handle_over_high+0x130/0x130 [ 241.656747] ? lock_acquire+0x1e4/0x540 [ 241.660724] ? percpu_ref_put_many+0x131/0x240 [ 241.665295] ? mem_cgroup_id_get_online+0x310/0x310 [ 241.670302] ? kasan_unpoison_shadow+0x35/0x50 [ 241.674879] __should_failslab+0x124/0x180 [ 241.679107] should_failslab+0x9/0x14 [ 241.682898] kmem_cache_alloc+0x47/0x760 [ 241.686952] ? anon_vma_interval_tree_insert+0x26b/0x300 [ 241.692402] anon_vma_clone+0x140/0x740 [ 241.696372] ? unlink_anon_vmas+0xa60/0xa60 [ 241.700689] ? dup_userfaultfd+0x775/0x9a0 [ 241.704919] anon_vma_fork+0xf0/0x960 [ 241.708707] ? kasan_unpoison_shadow+0x35/0x50 [ 241.713283] ? anon_vma_clone+0x740/0x740 [ 241.717419] ? kasan_slab_alloc+0x12/0x20 [ 241.721560] ? kmem_cache_alloc+0x2fc/0x760 [ 241.725884] copy_process.part.41+0x6705/0x73d0 [ 241.730569] ? __cleanup_sighand+0x70/0x70 [ 241.734794] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 241.740331] ? perf_tp_event+0x91b/0xc40 [ 241.744379] ? xas_descend+0x20c/0x5f0 [ 241.748265] ? perf_swevent_event+0x2e0/0x2e0 [ 241.752762] ? perf_swevent_event+0x158/0x2e0 [ 241.757251] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 241.762779] ? perf_tp_event+0x91b/0xc40 [ 241.766832] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 241.771845] ? filemap_map_pages+0xca2/0x1990 [ 241.776339] ? perf_swevent_event+0x2e0/0x2e0 [ 241.780829] ? perf_trace_run_bpf_submit+0x269/0x3b0 [ 241.785932] ? perf_trace_run_bpf_submit+0x269/0x3b0 [ 241.791042] ? perf_tp_event+0xc40/0xc40 [ 241.795099] ? perf_trace_run_bpf_submit+0x269/0x3b0 [ 241.800196] ? perf_trace_run_bpf_submit+0x269/0x3b0 [ 241.805291] ? perf_trace_run_bpf_submit+0x270/0x3b0 [ 241.810388] ? perf_tp_event+0xc40/0xc40 [ 241.814442] ? zap_class+0x740/0x740 [ 241.818153] ? perf_trace_run_bpf_submit+0x269/0x3b0 [ 241.823245] ? perf_trace_run_bpf_submit+0x269/0x3b0 [ 241.828335] ? perf_trace_run_bpf_submit+0x270/0x3b0 [ 241.833432] ? perf_tp_event+0xc40/0xc40 [ 241.837571] ? zap_class+0x740/0x740 [ 241.841275] ? memset+0x31/0x40 [ 241.844548] ? perf_trace_lock+0x49d/0x920 [ 241.848775] ? perf_trace_run_bpf_submit+0x269/0x3b0 [ 241.853895] ? zap_class+0x740/0x740 [ 241.857615] ? __check_object_size+0xa3/0x5d7 [ 241.862111] ? memset+0x31/0x40 [ 241.865401] ? zap_class+0x740/0x740 [ 241.869113] ? __f_unlock_pos+0x19/0x20 [ 241.873085] ? lock_downgrade+0x8f0/0x8f0 [ 241.877225] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 241.882763] ? proc_fail_nth_write+0x9e/0x210 [ 241.887255] ? lock_acquire+0x1e4/0x540 [ 241.891227] _do_fork+0x291/0x12a0 [ 241.894763] ? fork_idle+0x1a0/0x1a0 [ 241.898470] ? fsnotify_first_mark+0x350/0x350 [ 241.903043] ? fsnotify+0x14e0/0x14e0 [ 241.906846] ? __sb_end_write+0xac/0xe0 [ 241.910820] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 241.916348] ? fput+0x130/0x1a0 [ 241.919620] ? ksys_write+0x1ae/0x260 [ 241.923413] ? __ia32_sys_read+0xb0/0xb0 [ 241.927461] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 241.932993] __x64_sys_clone+0xbf/0x150 [ 241.936965] do_syscall_64+0x1b9/0x820 [ 241.940838] ? finish_task_switch+0x1d3/0x870 [ 241.945329] ? syscall_return_slowpath+0x5e0/0x5e0 [ 241.950250] ? syscall_return_slowpath+0x31d/0x5e0 [ 241.955183] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 241.960192] ? prepare_exit_to_usermode+0x291/0x3b0 [ 241.965196] ? perf_trace_sys_enter+0xb10/0xb10 [ 241.969867] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 241.974710] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 241.979887] RIP: 0033:0x455ab9 [ 241.983058] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 242.002425] RSP: 002b:00007f5327fa9c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 242.010135] RAX: ffffffffffffffda RBX: 00007f5327faa6d4 RCX: 0000000000455ab9 [ 242.017392] RDX: 0000000020000240 RSI: 0000000020000140 RDI: 0000000000000000 09:52:55 executing program 2: r0 = perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x0, &(0x7f0000000140), &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)) ioctl$TIOCGPGRP(0xffffffffffffff9c, 0x540f, &(0x7f0000000040)=0x0) r2 = getpid() r3 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000100)='/dev/sequencer\x00', 0x86000, 0x0) ioctl$TCSETA(r3, 0x5406, &(0x7f0000000140)={0x9, 0x1ff, 0xd8e, 0x400, 0x10000, 0x7fffffff, 0x800, 0xf9, 0x101, 0x8}) r4 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000080)='/dev/snapshot\x00', 0x10300, 0x0) kcmp$KCMP_EPOLL_TFD(r1, r2, 0x7, r0, &(0x7f00000000c0)={r4, r0, 0x1}) [ 242.024650] RBP: 000000000072bea0 R08: 00000000200002c0 R09: 0000000000000000 [ 242.031906] R10: 0000000020000280 R11: 0000000000000246 R12: 0000000000000014 [ 242.039162] R13: 00000000004bb85d R14: 00000000004c8d28 R15: 0000000000000012 [ 242.050662] ================================================================== [ 242.058073] BUG: KASAN: use-after-free in iov_iter_copy_from_user_atomic+0xb8d/0xfa0 [ 242.065995] Read of size 21 at addr ffff880192d8aea0 by task kworker/1:2/2140 [ 242.073260] 09:52:55 executing program 6: mkdir(&(0x7f00000003c0)='./control\x00', 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x0, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000480)={0xaa}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000200)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = creat(&(0x7f0000000040)='./control/file0\x00', 0x0) write$sndseq(r1, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) mkdir(&(0x7f0000000100)='./file0\x00', 0x0) r2 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000140)='/dev/dsp\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='9p\x00', 0x0, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c}) close(r0) [ 242.074898] CPU: 1 PID: 2140 Comm: kworker/1:2 Not tainted 4.18.0-rc5-next-20180720+ #12 [ 242.083122] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 242.092491] Workqueue: events p9_write_work [ 242.096813] Call Trace: [ 242.099578] dump_stack+0x1c9/0x2b4 [ 242.103217] ? dump_stack_print_info.cold.2+0x52/0x52 [ 242.108411] ? printk+0xa7/0xcf [ 242.111693] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 242.116451] ? iov_iter_copy_from_user_atomic+0xb8d/0xfa0 [ 242.121992] print_address_description+0x6c/0x20b [ 242.126837] ? iov_iter_copy_from_user_atomic+0xb8d/0xfa0 [ 242.132387] kasan_report.cold.7+0x242/0x30d [ 242.136805] check_memory_region+0x13e/0x1b0 [ 242.141215] memcpy+0x23/0x50 [ 242.144319] iov_iter_copy_from_user_atomic+0xb8d/0xfa0 [ 242.149690] ? tg_unthrottle_up+0x220/0x220 [ 242.154017] ? csum_and_copy_from_iter_full+0x10b0/0x10b0 [ 242.159567] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 242.164601] ? ktime_get_coarse_real_ts64+0x243/0x3a0 [ 242.169801] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 242.175352] ? timespec64_trunc+0xea/0x180 [ 242.179589] ? inode_init_owner+0x340/0x340 [ 242.183915] generic_perform_write+0x469/0x6c0 [ 242.188498] ? generic_update_time+0x26a/0x450 [ 242.193100] ? add_page_wait_queue+0x2c0/0x2c0 [ 242.197682] ? current_time+0x1b0/0x1b0 [ 242.201660] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 242.206672] ? generic_write_checks+0x385/0x5d0 [ 242.211322] ? page_endio+0x630/0x630 [ 242.215109] ? down_write+0xaa/0x130 [ 242.218807] __generic_file_write_iter+0x26e/0x630 [ 242.223723] ext4_file_write_iter+0x390/0x1450 [ 242.228296] ? trace_hardirqs_on+0x10/0x10 [ 242.232522] ? lock_acquire+0x1e4/0x540 [ 242.236479] ? update_curr+0x4c8/0xc00 [ 242.240355] ? ext4_file_mmap+0x410/0x410 [ 242.244484] ? lock_release+0xa30/0xa30 [ 242.248441] ? trace_hardirqs_on+0x10/0x10 [ 242.252657] ? cpuacct_css_alloc+0x160/0x160 [ 242.257048] ? perf_trace_lock+0xde/0x920 [ 242.261270] ? zap_class+0x740/0x740 [ 242.264976] ? trace_hardirqs_on+0x10/0x10 [ 242.269196] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 242.274722] ? iov_iter_init+0xc9/0x1f0 [ 242.278684] __vfs_write+0x6af/0x9d0 [ 242.282383] ? kernel_read+0x120/0x120 [ 242.286254] ? lock_release+0xa30/0xa30 [ 242.290210] ? check_same_owner+0x340/0x340 [ 242.294522] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 242.300042] ? __sb_start_write+0x17f/0x300 [ 242.304348] vfs_write+0x1fc/0x560 [ 242.307872] kernel_write+0xab/0x120 [ 242.311570] p9_write_work+0x6f1/0xd50 [ 242.315441] ? p9_fd_create_tcp+0x8a0/0x8a0 [ 242.319744] ? lock_acquire+0x1e4/0x540 [ 242.323711] ? process_one_work+0xb9b/0x1ba0 [ 242.328102] ? kasan_check_read+0x11/0x20 [ 242.332235] ? lock_release+0xa30/0xa30 [ 242.336201] ? kasan_check_read+0x11/0x20 [ 242.340335] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 242.344899] ? read_word_at_a_time+0x20/0x20 [ 242.349289] ? compat_start_thread+0x80/0x80 [ 242.353683] process_one_work+0xc73/0x1ba0 [ 242.357900] ? trace_hardirqs_on+0x10/0x10 [ 242.362131] ? pwq_dec_nr_in_flight+0x4a0/0x4a0 [ 242.366783] ? lock_repin_lock+0x430/0x430 [ 242.371009] ? __sched_text_start+0x8/0x8 [ 242.375150] ? lock_downgrade+0x8f0/0x8f0 [ 242.379289] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 242.384031] ? retint_kernel+0x10/0x10 [ 242.387913] ? lock_acquire+0x1e4/0x540 [ 242.391878] ? worker_thread+0x3dc/0x13c0 [ 242.396015] ? lock_downgrade+0x8f0/0x8f0 [ 242.400147] ? lock_release+0xa30/0xa30 [ 242.404106] ? kasan_check_read+0x11/0x20 [ 242.408242] ? do_raw_spin_unlock+0xa7/0x2f0 [ 242.412635] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 242.417200] ? kasan_check_write+0x14/0x20 [ 242.421415] ? do_raw_spin_lock+0xc1/0x200 [ 242.425637] worker_thread+0x189/0x13c0 [ 242.429599] ? process_one_work+0x1ba0/0x1ba0 [ 242.434093] ? finish_task_switch+0x1d3/0x870 [ 242.438573] ? lock_acquire+0x1e4/0x540 [ 242.442528] ? __kthread_parkme+0xd7/0x1b0 [ 242.446747] ? kasan_check_read+0x11/0x20 [ 242.450875] ? do_raw_spin_unlock+0xa7/0x2f0 [ 242.455267] ? kasan_check_write+0x14/0x20 [ 242.459486] ? trace_hardirqs_on+0xd/0x10 [ 242.463615] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 242.469134] ? __kthread_parkme+0x106/0x1b0 [ 242.473436] kthread+0x345/0x410 [ 242.476786] ? process_one_work+0x1ba0/0x1ba0 [ 242.481261] ? kthread_bind+0x40/0x40 [ 242.485046] ret_from_fork+0x3a/0x50 [ 242.488740] [ 242.490347] Allocated by task 13243: [ 242.494042] save_stack+0x43/0xd0 [ 242.497824] kasan_kmalloc+0xc4/0xe0 [ 242.501517] __kmalloc+0x14e/0x760 [ 242.505036] p9_fcall_alloc+0x1e/0x90 [ 242.508814] p9_client_prepare_req.part.8+0x107/0xa00 [ 242.513984] p9_client_rpc+0x242/0x1330 [ 242.517940] p9_client_create+0xca4/0x1537 [ 242.522153] v9fs_session_init+0x21a/0x1a80 [ 242.526455] v9fs_mount+0x7c/0x900 [ 242.529978] legacy_get_tree+0x131/0x460 [ 242.534023] vfs_get_tree+0x1cb/0x5c0 [ 242.537804] do_mount+0x6f2/0x1e20 [ 242.541330] ksys_mount+0x12d/0x140 [ 242.545982] __x64_sys_mount+0xbe/0x150 [ 242.549938] do_syscall_64+0x1b9/0x820 [ 242.553818] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 242.558983] [ 242.560593] Freed by task 13243: [ 242.563939] save_stack+0x43/0xd0 [ 242.567374] __kasan_slab_free+0x11a/0x170 [ 242.571589] kasan_slab_free+0xe/0x10 [ 242.575370] kfree+0xd9/0x260 [ 242.578467] p9_free_req+0xb5/0x120 [ 242.582074] p9_client_rpc+0xa8e/0x1330 [ 242.586032] p9_client_create+0xca4/0x1537 [ 242.590255] v9fs_session_init+0x21a/0x1a80 [ 242.594555] v9fs_mount+0x7c/0x900 [ 242.598075] legacy_get_tree+0x131/0x460 [ 242.602117] vfs_get_tree+0x1cb/0x5c0 [ 242.605900] do_mount+0x6f2/0x1e20 [ 242.609422] ksys_mount+0x12d/0x140 [ 242.613029] __x64_sys_mount+0xbe/0x150 [ 242.616984] do_syscall_64+0x1b9/0x820 [ 242.620870] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 242.626036] [ 242.627652] The buggy address belongs to the object at ffff880192d8ae80 [ 242.627652] which belongs to the cache kmalloc-16384 of size 16384 [ 242.640639] The buggy address is located 32 bytes inside of [ 242.640639] 16384-byte region [ffff880192d8ae80, ffff880192d8ee80) [ 242.652581] The buggy address belongs to the page: [ 242.657491] page:ffffea00064b6200 count:1 mapcount:0 mapping:ffff8801da802200 index:0x0 compound_mapcount: 0 [ 242.667442] flags: 0x2fffc0000010200(slab|head) [ 242.672095] raw: 02fffc0000010200 ffffea00066f1408 ffffea00066ca208 ffff8801da802200 [ 242.679959] raw: 0000000000000000 ffff880192d8ae80 0000000100000001 0000000000000000 [ 242.687822] page dumped because: kasan: bad access detected [ 242.693516] [ 242.695122] Memory state around the buggy address: [ 242.700033] ffff880192d8ad80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 242.707377] ffff880192d8ae00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 242.714718] >ffff880192d8ae80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 242.722055] ^ [ 242.726443] ffff880192d8af00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 242.733803] ffff880192d8af80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 242.741148] ================================================================== [ 242.750229] Kernel panic - not syncing: panic_on_warn set ... [ 242.750229] [ 242.757622] CPU: 1 PID: 2140 Comm: kworker/1:2 Tainted: G B 4.18.0-rc5-next-20180720+ #12 [ 242.767243] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 242.776635] Workqueue: events p9_write_work [ 242.780949] Call Trace: [ 242.783523] dump_stack+0x1c9/0x2b4 [ 242.787138] ? dump_stack_print_info.cold.2+0x52/0x52 [ 242.792322] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 242.797068] panic+0x238/0x4e7 [ 242.800247] ? add_taint.cold.5+0x16/0x16 [ 242.804390] ? do_raw_spin_unlock+0xa7/0x2f0 [ 242.808782] ? do_raw_spin_unlock+0xa7/0x2f0 [ 242.813179] ? iov_iter_copy_from_user_atomic+0xb8d/0xfa0 [ 242.818703] kasan_end_report+0x47/0x4f [ 242.822674] kasan_report.cold.7+0x76/0x30d [ 242.826986] check_memory_region+0x13e/0x1b0 [ 242.831387] memcpy+0x23/0x50 [ 242.834477] iov_iter_copy_from_user_atomic+0xb8d/0xfa0 [ 242.839828] ? tg_unthrottle_up+0x220/0x220 [ 242.844224] ? csum_and_copy_from_iter_full+0x10b0/0x10b0 [ 242.849751] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 242.854765] ? ktime_get_coarse_real_ts64+0x243/0x3a0 [ 242.859947] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 242.865480] ? timespec64_trunc+0xea/0x180 [ 242.869705] ? inode_init_owner+0x340/0x340 [ 242.874031] generic_perform_write+0x469/0x6c0 [ 242.878602] ? generic_update_time+0x26a/0x450 [ 242.883179] ? add_page_wait_queue+0x2c0/0x2c0 [ 242.887748] ? current_time+0x1b0/0x1b0 [ 242.891714] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 242.896717] ? generic_write_checks+0x385/0x5d0 [ 242.901907] ? page_endio+0x630/0x630 [ 242.905698] ? down_write+0xaa/0x130 [ 242.909400] __generic_file_write_iter+0x26e/0x630 [ 242.914333] ext4_file_write_iter+0x390/0x1450 [ 242.918902] ? trace_hardirqs_on+0x10/0x10 [ 242.923129] ? lock_acquire+0x1e4/0x540 [ 242.927090] ? update_curr+0x4c8/0xc00 [ 242.930970] ? ext4_file_mmap+0x410/0x410 [ 242.935108] ? lock_release+0xa30/0xa30 [ 242.939069] ? trace_hardirqs_on+0x10/0x10 [ 242.943287] ? cpuacct_css_alloc+0x160/0x160 [ 242.947687] ? perf_trace_lock+0xde/0x920 [ 242.951823] ? zap_class+0x740/0x740 [ 242.955525] ? trace_hardirqs_on+0x10/0x10 [ 242.959746] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 242.965272] ? iov_iter_init+0xc9/0x1f0 [ 242.969237] __vfs_write+0x6af/0x9d0 [ 242.972948] ? kernel_read+0x120/0x120 [ 242.976820] ? lock_release+0xa30/0xa30 [ 242.980780] ? check_same_owner+0x340/0x340 [ 242.985098] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 242.990619] ? __sb_start_write+0x17f/0x300 [ 242.994926] vfs_write+0x1fc/0x560 [ 242.998453] kernel_write+0xab/0x120 [ 243.002156] p9_write_work+0x6f1/0xd50 [ 243.006031] ? p9_fd_create_tcp+0x8a0/0x8a0 [ 243.010341] ? lock_acquire+0x1e4/0x540 [ 243.014298] ? process_one_work+0xb9b/0x1ba0 [ 243.018695] ? kasan_check_read+0x11/0x20 [ 243.023333] ? lock_release+0xa30/0xa30 [ 243.027292] ? kasan_check_read+0x11/0x20 [ 243.031425] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 243.035994] ? read_word_at_a_time+0x20/0x20 [ 243.040391] ? compat_start_thread+0x80/0x80 [ 243.044788] process_one_work+0xc73/0x1ba0 [ 243.049008] ? trace_hardirqs_on+0x10/0x10 [ 243.053235] ? pwq_dec_nr_in_flight+0x4a0/0x4a0 [ 243.057890] ? lock_repin_lock+0x430/0x430 [ 243.062133] ? __sched_text_start+0x8/0x8 [ 243.066266] ? lock_downgrade+0x8f0/0x8f0 [ 243.070406] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 243.075152] ? retint_kernel+0x10/0x10 [ 243.079035] ? lock_acquire+0x1e4/0x540 [ 243.082994] ? worker_thread+0x3dc/0x13c0 [ 243.087130] ? lock_downgrade+0x8f0/0x8f0 [ 243.091265] ? lock_release+0xa30/0xa30 [ 243.095225] ? kasan_check_read+0x11/0x20 [ 243.099366] ? do_raw_spin_unlock+0xa7/0x2f0 [ 243.103769] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 243.108335] ? kasan_check_write+0x14/0x20 [ 243.112553] ? do_raw_spin_lock+0xc1/0x200 [ 243.116793] worker_thread+0x189/0x13c0 [ 243.120761] ? process_one_work+0x1ba0/0x1ba0 [ 243.125262] ? finish_task_switch+0x1d3/0x870 [ 243.129747] ? lock_acquire+0x1e4/0x540 [ 243.133703] ? __kthread_parkme+0xd7/0x1b0 [ 243.137927] ? kasan_check_read+0x11/0x20 [ 243.142059] ? do_raw_spin_unlock+0xa7/0x2f0 [ 243.146454] ? kasan_check_write+0x14/0x20 [ 243.150676] ? trace_hardirqs_on+0xd/0x10 [ 243.154809] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 243.160336] ? __kthread_parkme+0x106/0x1b0 [ 243.164645] kthread+0x345/0x410 [ 243.167994] ? process_one_work+0x1ba0/0x1ba0 [ 243.172472] ? kthread_bind+0x40/0x40 [ 243.176259] ret_from_fork+0x3a/0x50 [ 243.180578] Dumping ftrace buffer: [ 243.184101] (ftrace buffer empty) [ 243.187790] Kernel Offset: disabled [ 243.191409] Rebooting in 86400 seconds..