[ 397.315322] ? sget_userns+0x691/0xe40 [ 397.319184] ? vfs_kern_mount.part.26+0xc6/0x4a0 [ 397.323912] ? do_mount+0xea4/0x2bb0 [ 397.327600] ? SyS_mount+0xab/0x120 [ 397.331202] ? do_syscall_64+0x281/0x940 [ 397.335237] ? entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 397.340577] ? find_held_lock+0x35/0x1d0 [ 397.344611] ? __lock_is_held+0xb6/0x140 [ 397.348649] ? check_same_owner+0x320/0x320 [ 397.352947] ? rcu_note_context_switch+0x710/0x710 [ 397.357854] should_failslab+0xec/0x120 [ 397.361805] kmem_cache_alloc_trace+0x4b/0x740 [ 397.366363] ? __kmalloc_node+0x33/0x70 [ 397.370309] ? __kmalloc_node+0x33/0x70 [ 397.374258] ? rcu_read_lock_sched_held+0x108/0x120 [ 397.379262] __memcg_init_list_lru_node+0x169/0x270 [ 397.384253] ? list_lru_add+0x7c0/0x7c0 [ 397.388202] ? __kmalloc_node+0x47/0x70 [ 397.392152] __list_lru_init+0x544/0x750 [ 397.396190] ? memcg_destroy_list_lru_node.isra.7+0x110/0x110 [ 397.402053] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 397.407045] ? __lockdep_init_map+0xe4/0x650 [ 397.411429] ? lockdep_init_map+0x9/0x10 [ 397.415462] sget_userns+0x691/0xe40 [ 397.419148] ? set_anon_super+0x20/0x20 [ 397.423115] ? put_filp+0x90/0x90 [ 397.426549] ? destroy_unused_super.part.6+0xd0/0xd0 [ 397.431633] ? __alloc_pages_slowpath+0x2d10/0x2d10 [ 397.436624] ? trace_hardirqs_off+0x10/0x10 [ 397.440922] ? putname+0xee/0x130 [ 397.444351] ? cap_capable+0x1b5/0x230 [ 397.448222] ? security_capable+0x8e/0xc0 [ 397.452354] ? rpc_remove_pipe_dir_object+0x6d0/0x6d0 [ 397.457518] ? ns_capable_common+0xcf/0x160 [ 397.461815] ? rpc_remove_pipe_dir_object+0x6d0/0x6d0 [ 397.466980] mount_ns+0x6d/0x190 [ 397.470325] rpc_mount+0x9e/0xd0 [ 397.473670] mount_fs+0x66/0x2d0 [ 397.477028] vfs_kern_mount.part.26+0xc6/0x4a0 [ 397.481588] ? may_umount+0xa0/0xa0 [ 397.485188] ? _raw_read_unlock+0x22/0x30 [ 397.489310] ? __get_fs_type+0x8a/0xc0 [ 397.493171] do_mount+0xea4/0x2bb0 [ 397.496687] ? copy_mount_string+0x40/0x40 [ 397.500901] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 397.505891] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 397.510623] ? retint_kernel+0x10/0x10 [ 397.514487] ? copy_mount_options+0x18b/0x2e0 [ 397.518955] ? copy_mount_options+0x193/0x2e0 [ 397.523421] ? copy_mount_options+0x1f7/0x2e0 [ 397.527889] SyS_mount+0xab/0x120 [ 397.531315] ? copy_mnt_ns+0xb30/0xb30 [ 397.535177] do_syscall_64+0x281/0x940 [ 397.539039] ? vmalloc_sync_all+0x30/0x30 [ 397.543160] ? _raw_spin_unlock_irq+0x27/0x70 [ 397.547629] ? finish_task_switch+0x1c1/0x7e0 [ 397.552100] ? syscall_return_slowpath+0x550/0x550 [ 397.557002] ? syscall_return_slowpath+0x2ac/0x550 [ 397.561911] ? prepare_exit_to_usermode+0x350/0x350 [ 397.566903] ? entry_SYSCALL_64_after_hwframe+0x52/0xb7 [ 397.572241] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 397.577065] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 397.582229] RIP: 0033:0x454e79 [ 397.585416] RSP: 002b:00007fb29f67ac68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 397.593104] RAX: ffffffffffffffda RBX: 00007fb29f67b6d4 RCX: 0000000000454e79 [ 397.600346] RDX: 0000000020000240 RSI: 0000000020026ff8 RDI: 0000000020000280 [ 397.607590] RBP: 000000000072bea0 R08: 0000000020ae2fff R09: 0000000000000000 [ 397.614833] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000014 [ 397.622085] R13: 00000000000003fa R14: 00000000006f8010 R15: 0000000000000014 2018/03/31 03:07:34 executing program 5: sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r0 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) r1 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) fchdir(0xffffffffffffffff) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) getsockopt$inet6_tcp_buf(r0, 0x6, 0x10, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0xfffffd0f) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_pid(r3, &(0x7f0000000100)=ANY=[], 0x1023c) fadvise64(r2, 0x0, 0x0, 0x4) ioctl$TUNGETFEATURES(r2, 0x800454cf, &(0x7f00000002c0)) fallocate(r2, 0x0, 0x0, 0xffff) r4 = inotify_init1(0x0) open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) r5 = inotify_init1(0x80800) dup2(r4, r5) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1eec7e667e9c22c674d6eb942b78258369909dc", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000000280)) sendmsg$IPVS_CMD_GET_INFO(r1, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(r2, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(r1, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) ioctl(r0, 0x2285, &(0x7f0000007000)='S') 2018/03/31 03:07:34 executing program 3: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ppp\x00', 0x40000, 0x0) ioctl$FIONREAD(r0, 0x541b, &(0x7f0000000440)) sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r1 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) r2 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) fchdir(0xffffffffffffffff) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) socket(0xf, 0x7, 0x8) getsockopt$inet6_tcp_buf(r1, 0x6, 0xf, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) r4 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_pid(r4, &(0x7f0000000100)=ANY=[], 0x1023c) fadvise64(r3, 0x0, 0x0, 0x4) ioctl$TUNGETFEATURES(r3, 0x800454cf, &(0x7f00000002c0)) fallocate(r3, 0x0, 0x0, 0xffff) open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) getsockopt$inet6_buf(r4, 0x29, 0x2a, &(0x7f0000000580)=""/148, &(0x7f0000000480)=0x94) r5 = inotify_init1(0x80800) dup2(0xffffffffffffffff, r5) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1eec7e667e9c22c674d6eb942b78258369909dc", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") ioctl$sock_SIOCGPGRP(r4, 0x8904, &(0x7f0000000280)) sendmsg$IPVS_CMD_GET_INFO(r2, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(r3, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}, 0x10}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(r2, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) ioctl(r1, 0x2285, &(0x7f0000007000)='S') 2018/03/31 03:07:34 executing program 2: sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r0 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) r1 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) fchdir(0xffffffffffffffff) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) getsockopt$inet6_tcp_buf(r0, 0x6, 0x0, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_pid(r3, &(0x7f0000000100)=ANY=[], 0x1023c) fadvise64(r2, 0x0, 0x0, 0x4) ioctl$TUNGETFEATURES(r2, 0x800454cf, &(0x7f00000002c0)) fallocate(r2, 0x0, 0x0, 0xffff) r4 = inotify_init1(0x0) open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) r5 = inotify_init1(0x80800) dup2(r4, r5) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1eec7e667e9c22c674d6eb942b78258369909dc", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000000280)) sendmsg$IPVS_CMD_GET_INFO(r1, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(r1, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) ioctl(r0, 0x2285, &(0x7f0000007000)='S') 2018/03/31 03:07:34 executing program 4: r0 = syz_open_dev$binder(&(0x7f00000004c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) getgroups(0x0, &(0x7f0000000500)) mmap$binder(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x4, 0x8000000010, 0xffffffffffffffff, 0x1) r1 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000000)='/dev/rtc\x00', 0x4000, 0x0) setsockopt$ALG_SET_AEAD_AUTHSIZE(r1, 0x117, 0x5, 0x0, 0xfffffffffffffff9) r2 = syz_genetlink_get_family_id$ipvs(&(0x7f00000000c0)='IPVS\x00') sendmsg$IPVS_CMD_GET_INFO(r1, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x8653ed2707c1e612}, 0xc, &(0x7f0000000180)={&(0x7f0000000200)={0x4c, r2, 0x0, 0x70bd28, 0x25dfdbfb, {0xf}, [@IPVS_CMD_ATTR_DAEMON={0x14, 0x3, [@IPVS_DAEMON_ATTR_SYNC_ID={0x8, 0x3}, @IPVS_DAEMON_ATTR_SYNC_ID={0x8, 0x3, 0x3}]}, @IPVS_CMD_ATTR_DEST={0x1c, 0x2, [@IPVS_DEST_ATTR_PERSIST_CONNS={0x8, 0x9, 0x46}, @IPVS_DEST_ATTR_ACTIVE_CONNS={0x8, 0x7, 0xfffffffffffffffa}, @IPVS_DEST_ATTR_ACTIVE_CONNS={0x8, 0x7, 0x3ff}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x1}]}, 0x4c}, 0x1, 0x0, 0x0, 0x1}, 0x40) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x74, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0c6300000e630c40030000000000000000000000056304400000000009631040", @ANYBLOB, @ANYBLOB="000000000000000000634040000000000000000002000000000000000000000001000000000000000000000018000000000000001000000000000000", @ANYPTR=&(0x7f0000000080)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00H\x00\x00\x00\x00\x00\x00\x00'], @ANYRES64, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0xeb, 0x0, &(0x7f00000002c0)="e718c6edde7a3b7c6af63e413cd5ffd2355006b90295e59b944ae30b53c5e0fb06504316e64898a349e3220fa658c2092306f433254289bcf5cf48a952c6e7eb4c54969299c6123213c5518ec0276eec669de3b62c531bcf2ba950c84bb12b57275938926ff74b0a8fe76d6e8de191b41f549e02c8262b5bf0d716c5f23d4dae1e2d8aac7c0b2386ed16e3b0c7fb6e60c5bbd3d1efb87f99573a5ced5b7f13f75995a776f3c7e6ed23b5056ebec90c762d6ebdd8a7de0f61884f12294d1a1a3696ca768758bc197a050a453209d4fe9930a7053742a70a6fe08461645091bc00c6f25addfbc55c3d37fe35"}) 2018/03/31 03:07:34 executing program 7: sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0xfffffffffffffd09}], 0x1, &(0x7f00001f9fe0)}, 0x0) r0 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da11, 0x0, 0x2}) r1 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) fchdir(0xffffffffffffffff) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) getsockopt$inet6_tcp_buf(r0, 0x6, 0xf, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_pid(r3, &(0x7f0000000100)=ANY=[], 0x1023c) fadvise64(r2, 0x0, 0x0, 0x4) ioctl$TUNGETFEATURES(r2, 0x800454cf, &(0x7f00000002c0)) fallocate(r2, 0x0, 0x0, 0xffff) ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(r3, 0xc058534f, &(0x7f0000000640)={{0x9, 0x81}, 0x0, 0x0, 0xffffffff, {0x1, 0x20}, 0x9, 0xfffffffffffffffe}) r4 = inotify_init1(0x0) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r2, 0x84, 0x66, &(0x7f0000000440)={0x0, 0x349e}, &(0x7f0000000480)=0x8) getsockopt$inet_sctp_SCTP_PRIMARY_ADDR(r3, 0x84, 0x6, &(0x7f0000000580)={r5, @in6={{0xa, 0x4e21, 0xffffffffffff446c, @mcast2={0xff, 0x2, [], 0x1}, 0x2}}}, &(0x7f00000004c0)=0x84) open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) r6 = inotify_init1(0x80800) dup2(r4, r6) fstatfs(r4, &(0x7f0000000040)=""/62) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1eec7e667e9c22c674d6eb942b78258369909dc", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000000280)) sendmsg$IPVS_CMD_GET_INFO(r1, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(r2, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(r1, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) ioctl(r0, 0x2285, &(0x7f0000007000)='S') 2018/03/31 03:07:34 executing program 6: sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r0 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) r1 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) fchdir(0xffffffffffffffff) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) getsockopt$inet6_tcp_buf(r0, 0x6, 0xf, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_pid(r3, &(0x7f0000000100)=ANY=[], 0x1023c) fadvise64(r2, 0x0, 0x0, 0x4) ioctl$TUNGETFEATURES(r2, 0x800454cf, &(0x7f00000002c0)) fallocate(r2, 0x0, 0x0, 0xffff) open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) r4 = inotify_init1(0x80800) dup2(0xffffffffffffffff, r4) fstatfs(0xffffffffffffffff, &(0x7f0000000040)=""/62) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000000280)) sendmsg$IPVS_CMD_GET_INFO(r1, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(r2, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(r1, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) ioctl(r0, 0x2285, &(0x7f0000007000)='S') 2018/03/31 03:07:34 executing program 1 (fault-call:10 fault-nth:21): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x2800000, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="8da4363a00000000000000000000000000000000000000000000000000000000ecf6f2a3299748aeb81e1b00920efd9a000001000000000001000000000000005f42485266535f4d050000000000000000104000000000000000020000000000000000000000000000000000000000000000800200000000007000000000000006000000000000000100000000000000001000000010000000100000001000006100000004000000000000000000000000000000000000000000000045010000000000000000000000010000000000000000008002000000000000800000000000001000000010000000100000000000000000000000000000000000000000000000000000000000000000c08de47c70514c95b95e109e96a0b90decf6f2a3299748aeb81e1b00920efd9a00", 0x12c, 0x10000}], 0x0, &(0x7f0000014300)) mkdir(&(0x7f0000000040)='./file0\x00', 0x1c1) syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000180)="2f2f66696c653002", 0x80, 0x1, &(0x7f0000000900)=[{&(0x7f0000000400)="726b0bf4cf9ea0007fa7cf2e5c463c327b275b956e7a407a7776f3f680f45f33407d01287d4ef58cd8d319309c29643917d4bc86f568f8852b2e6c7cee837e0715e7aa7f82e970e6d76f2290b63efeed63f0785b36f4e95bdf2f07271dbd7d278d79d59de5", 0x65, 0x4}], 0x240000, &(0x7f0000000a00)={'nouuid,'}) r0 = open(&(0x7f00000002c0)='./file0\x00', 0x0, 0x0) symlinkat(&(0x7f0000000240)='./file0/file0/file0\x00', r0, &(0x7f0000000140)='./file0\x00') ioctl$UFFDIO_UNREGISTER(r0, 0x8010aa01, &(0x7f00000003c0)={&(0x7f0000ffc000/0x1000)=nil, 0x1000}) syz_open_pts(r0, 0x646041) unlinkat(r0, &(0x7f0000000080)='./file0/file0/file0\x00', 0x0) renameat(r0, &(0x7f0000000040)="2f2f66696c653002", 0xffffffffffffffff, &(0x7f0000000100)='./file1\x00') mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f0000000280)='./file0/file0\x00', &(0x7f0000026ff8)='./file0\x00', &(0x7f0000000240)='rpc_pipefs\x00', 0x0, &(0x7f0000ae2fff)) umount2(&(0x7f0000000000)='./file0\x00', 0x0) fcntl$notify(r0, 0x402, 0x1b) symlinkat(&(0x7f0000000800)='./file0\x00', 0xffffffffffffffff, &(0x7f0000000780)='./file0/file0\x00') mkdir(&(0x7f0000000380)='./file0\x00', 0x2) renameat(r0, &(0x7f0000000300)="2f2f66696c653002", 0xffffffffffffffff, &(0x7f0000000340)='./file1\x00') 2018/03/31 03:07:34 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x20000, 0x0) r1 = syz_open_dev$sndtimer(&(0x7f00000000c0)='/dev/snd/timer\x00', 0x0, 0x0) read(r1, &(0x7f0000ec6000)=""/50, 0x32) r2 = socket$bt_cmtp(0x1f, 0x3, 0x5) getsockopt$bt_BT_RCVMTU(r1, 0x112, 0xd, &(0x7f0000000440)=0xd3fc0000, &(0x7f00000004c0)=0x2) r3 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000880)='/dev/dsp\x00', 0x0, 0x0) getsockopt$inet6_IPV6_IPSEC_POLICY(r3, 0x29, 0x22, &(0x7f00000008c0)={{{@in6=@ipv4={[], [], @multicast2}, @in=@broadcast}}, {{}, 0x0, @in=@multicast1}}, &(0x7f00000009c0)=0xe8) ioctl$sock_bt_cmtp_CMTPGETCONNINFO(r2, 0x800443d3, &(0x7f0000000080)={{0x6, 0x6, 0xffffffffffffff0b, 0xb73, 0x3ff, 0xfff}, 0xf32, 0x80000001, 0x7}) r4 = syz_open_dev$amidi(&(0x7f00000001c0)='/dev/amidi#\x00', 0x0, 0x0) accept4$vsock_stream(r4, &(0x7f0000000340)={0x28, 0x0, 0xffffffff, @my=0x0}, 0x10, 0x80000) ioctl$SNDRV_TIMER_IOCTL_SELECT(r1, 0x40345410, &(0x7f0000000400)={{0x80100000001}}) ioctl$SNDRV_TIMER_IOCTL_PARAMS(r1, 0x40505412, &(0x7f000001cfb0)={0x0, 0x0, 0x0, 0x0, 0xf}) read(r1, &(0x7f0000000200)=""/228, 0xe4) r5 = openat$cuse(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/cuse\x00', 0x400000, 0x0) getsockopt$netrom_NETROM_T1(r5, 0x103, 0x1, &(0x7f0000000600), &(0x7f0000000640)=0x4) ioctl$SNDRV_TIMER_IOCTL_START(r1, 0x54a0) socket$nl_xfrm(0x10, 0x3, 0x6) r6 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000680)='/dev/vga_arbiter\x00', 0x8000, 0x0) r7 = semget$private(0x0, 0x3, 0x41) semctl$IPC_RMID(r7, 0x0, 0x0) ioctl$KVM_SET_NR_MMU_PAGES(r6, 0xae44, 0x80000040) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f0000000480)) r8 = dup2(0xffffffffffffffff, r0) bind$bt_l2cap(r8, &(0x7f0000000040)={0x1f, 0x5b91, {0xd, 0x0, 0x0, 0x8006, 0x5, 0x6}, 0x0, 0x5}, 0xe) preadv(r8, &(0x7f00000007c0)=[{&(0x7f0000000140)=""/100, 0x64}, {&(0x7f0000000240)=""/66, 0x42}, {&(0x7f00000002c0)=""/115, 0x73}, {&(0x7f0000000380)=""/71, 0x47}], 0x4, 0x16) [ 398.078689] FAULT_INJECTION: forcing a failure. [ 398.078689] name failslab, interval 1, probability 0, space 0, times 0 [ 398.089995] CPU: 0 PID: 26073 Comm: syz-executor1 Not tainted 4.16.0-rc7+ #7 [ 398.097180] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 398.106525] Call Trace: [ 398.109109] dump_stack+0x194/0x24d [ 398.112738] ? arch_local_irq_restore+0x53/0x53 [ 398.117405] ? mutex_lock_io_nested+0x1900/0x1900 [ 398.122238] ? __memcg_init_list_lru_node+0x169/0x270 [ 398.127409] should_fail+0x8c0/0xa40 [ 398.131102] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 398.136183] ? trace_hardirqs_off+0x10/0x10 [ 398.140483] ? lock_downgrade+0x980/0x980 [ 398.144607] ? trace_hardirqs_off+0x10/0x10 [ 398.148907] ? find_held_lock+0x35/0x1d0 [ 398.152944] ? __lock_is_held+0xb6/0x140 [ 398.156986] ? check_same_owner+0x320/0x320 [ 398.161288] ? rcu_note_context_switch+0x710/0x710 [ 398.166196] ? rcu_note_context_switch+0x710/0x710 [ 398.171107] should_failslab+0xec/0x120 [ 398.175057] __kmalloc+0x63/0x760 [ 398.178484] ? __kmalloc_node+0x47/0x70 [ 398.182436] ? __list_lru_init+0xcf/0x750 [ 398.186562] __list_lru_init+0xcf/0x750 [ 398.190513] ? memcg_destroy_list_lru_node.isra.7+0x110/0x110 [ 398.196374] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 398.201369] ? lockdep_init_map+0x9/0x10 [ 398.205409] sget_userns+0x6b1/0xe40 [ 398.209100] ? set_anon_super+0x20/0x20 [ 398.213049] ? put_filp+0x90/0x90 [ 398.216480] ? destroy_unused_super.part.6+0xd0/0xd0 [ 398.221559] ? __alloc_pages_slowpath+0x2d10/0x2d10 [ 398.226554] ? trace_hardirqs_off+0x10/0x10 [ 398.230855] ? putname+0xee/0x130 [ 398.234287] ? cap_capable+0x1b5/0x230 [ 398.238151] ? security_capable+0x8e/0xc0 [ 398.242275] ? rpc_remove_pipe_dir_object+0x6d0/0x6d0 [ 398.247440] ? ns_capable_common+0xcf/0x160 [ 398.251737] ? rpc_remove_pipe_dir_object+0x6d0/0x6d0 [ 398.256903] mount_ns+0x6d/0x190 [ 398.260244] rpc_mount+0x9e/0xd0 [ 398.263596] mount_fs+0x66/0x2d0 [ 398.266941] vfs_kern_mount.part.26+0xc6/0x4a0 [ 398.271497] ? may_umount+0xa0/0xa0 [ 398.275098] ? _raw_read_unlock+0x22/0x30 [ 398.279222] ? __get_fs_type+0x8a/0xc0 [ 398.283087] do_mount+0xea4/0x2bb0 [ 398.286603] ? copy_mount_string+0x40/0x40 [ 398.290821] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 398.295812] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 398.300545] ? retint_kernel+0x10/0x10 [ 398.304407] ? copy_mount_options+0x18b/0x2e0 [ 398.308879] ? copy_mount_options+0x193/0x2e0 [ 398.313350] ? copy_mount_options+0x1f7/0x2e0 [ 398.317821] SyS_mount+0xab/0x120 [ 398.321250] ? copy_mnt_ns+0xb30/0xb30 [ 398.325112] do_syscall_64+0x281/0x940 [ 398.328973] ? vmalloc_sync_all+0x30/0x30 [ 398.333096] ? _raw_spin_unlock_irq+0x27/0x70 [ 398.337565] ? finish_task_switch+0x1c1/0x7e0 [ 398.342037] ? syscall_return_slowpath+0x550/0x550 [ 398.346941] ? syscall_return_slowpath+0x2ac/0x550 [ 398.351847] ? prepare_exit_to_usermode+0x350/0x350 [ 398.356838] ? entry_SYSCALL_64_after_hwframe+0x52/0xb7 [ 398.362177] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 398.366996] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 398.372163] RIP: 0033:0x454e79 [ 398.375335] RSP: 002b:00007fb29f67ac68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 398.383023] RAX: ffffffffffffffda RBX: 00007fb29f67b6d4 RCX: 0000000000454e79 [ 398.390267] RDX: 0000000020000240 RSI: 0000000020026ff8 RDI: 0000000020000280 [ 398.397513] RBP: 000000000072bea0 R08: 0000000020ae2fff R09: 0000000000000000 [ 398.404756] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000014 [ 398.412017] R13: 00000000000003fa R14: 00000000006f8010 R15: 0000000000000015 [ 398.447091] binder: 26064:26080 BC_REQUEST_DEATH_NOTIFICATION invalid ref 3 2018/03/31 03:07:34 executing program 3: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ppp\x00', 0x40000, 0x0) ioctl$FIONREAD(r0, 0x541b, &(0x7f0000000440)) sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r1 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) r2 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) fchdir(0xffffffffffffffff) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) socket(0xf, 0x7, 0x8) getsockopt$inet6_tcp_buf(r1, 0x6, 0xf, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) r4 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_pid(r4, &(0x7f0000000100)=ANY=[], 0x1023c) fadvise64(r3, 0x0, 0x0, 0x4) ioctl$TUNGETFEATURES(r3, 0x800454cf, &(0x7f00000002c0)) r5 = inotify_init1(0x0) open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) getsockopt$inet6_buf(r4, 0x29, 0x2a, &(0x7f0000000580)=""/148, &(0x7f0000000480)=0x94) r6 = inotify_init1(0x80800) dup2(r5, r6) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1eec7e667e9c22c674d6eb942b78258369909dc", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") ioctl$sock_SIOCGPGRP(r4, 0x8904, &(0x7f0000000280)) sendmsg$IPVS_CMD_GET_INFO(r2, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(r3, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}, 0x10}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(r2, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) ioctl(r1, 0x2285, &(0x7f0000007000)='S') 2018/03/31 03:07:34 executing program 5: sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r0 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) r1 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) fchdir(0xffffffffffffffff) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) getsockopt$inet6_tcp_buf(r0, 0x6, 0xf, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_pid(r3, &(0x7f0000000100)=ANY=[], 0x1023c) fadvise64(r2, 0x0, 0x0, 0x4) sendto$inet(r3, &(0x7f0000000580)="86996f1980479ab68f24741fa2b8d2ff5f89ee73fd8ee97b5c1b93149607d0d4aa8d1baa4cd9f952af63c31f6c4123e6ccebae34da8ba09e0ef3a264b3a55f3f3cfa0fe36b4f51e16b51346572d3387396fe3c5b9e17549dd313a13321785799d02088eaf93c5e5c5dbb40d2108fc20d8e616cd6df12f790fc1fb1b200379d45a419f446f5371356045de4b219ea126fd1e1300fb8065987cfe0bd80fa3a826e2bcd5651e091459a0b14e5bc3db97d7b8e020317c557eb244ba376d15f0f8cddfa473837dc30fa5f6fd9338bc05e696ebb016e01cd6da65674afda2bccb76965f0da72", 0xe3, 0x40440c0, &(0x7f0000000040)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x12}}, 0x10) ioctl$TUNGETFEATURES(r2, 0x800454cf, &(0x7f00000002c0)) fallocate(r2, 0x0, 0x0, 0xffff) r4 = inotify_init1(0x0) open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) r5 = inotify_init1(0x80800) dup2(r4, r5) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1eec7e667e9c22c674d6eb942b78258369909dc", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000000280)) sendmsg$IPVS_CMD_GET_INFO(r1, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(r2, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) setsockopt$sock_timeval(r3, 0x1, 0x14, &(0x7f0000000440)={0x0, 0x2710}, 0x10) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(r1, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) ioctl(r0, 0x2285, &(0x7f0000007000)='S') 2018/03/31 03:07:34 executing program 7: sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r0 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) r1 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) fchdir(0xffffffffffffffff) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) getsockopt$inet6_tcp_buf(r0, 0x6, 0xf, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_pid(r1, &(0x7f00000004c0)=ANY=[], 0x0) fadvise64(r2, 0x0, 0x0, 0x4) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="cc1373fc000000000000000000000000000000000000000000000000000000003030b86e0d5f4090902c6457136cf04d000001000000000001000000000000005f42485266535f4d070000000000000000204000000000000000020000000000000000000000000000000000000000000000c0010000000000700000000000000600000000000000010000000000000000100000001000000010000000100000610000000500000000000000000000000000000000000000000000004503000000000000000000000001000000000000000000c001000000000000180100000000001000000010000000100000000000000000000000000000000000000000000000000000000000000000e07956565b5f45a6bad668ef5e4a3a4f3030b86e0d5f4090902c6457136c", 0x129, 0x10000}], 0x0, &(0x7f0000016000)) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000001240)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = eventfd2(0x0, 0x0) ioctl$KVM_IRQFD(r4, 0x4020ae76, &(0x7f0000000080)={r5}) ioctl$TCSBRKP(0xffffffffffffffff, 0x5425, 0xfffffffffffffffa) ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60) r6 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vcs\x00', 0x81, 0x0) r7 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000001440)='/dev/vga_arbiter\x00', 0x800, 0x0) ioctl$VHOST_SET_VRING_CALL(r7, 0x4008af21, &(0x7f0000000040)) ioctl$KVM_IRQFD(r4, 0x4020ae76, &(0x7f0000358fe0)={r5, 0x0, 0x0, r5}) mkdirat$cgroup(r7, &(0x7f00000000c0)='syz1\x00', 0x1ff) getsockopt$inet_sctp_SCTP_PEER_AUTH_CHUNKS(r6, 0x84, 0x1a, &(0x7f0000000240)=ANY=[@ANYRES32=0x0, @ANYBLOB="00100000cccdeccf8bbbffe06b7251c3eb1f5ede5685450a73cf815830c375b440aa3dd9aa4037e1545188ee931af218ff903880f60c94f1bdc1af2478319655fca9fbbf5c399c8c0d49746905971521ab8ad171c12b798ecd6cce398ef3646aa6591afd49c1b6c588da0f99c54ac332731542f443d09dd03ab0fc604b9c934f395bd4c6f89cfa0a6d58f1da67dbb6334227f2b01fa766de936ebe6ad44b89b4400203f4167f502dd36597af1d17167ad4414a1ea83e504f469e1a35f1993ffc097976d58ee62b3c61dd7ca527c141a1a37b801c8f5e39b643324adf42af59509698d60cbeab319456189b068eb46f35593bee646944bc532b402c21d78bd6c2897cc5d65dea7b6503fe542366b5ecffeea413b6090d47511d1ac7e59ed13ccc429fda6c9606cd676755b49c2d1164633a441f48b3f4b9eb44ab9f21e32bdaf346ab777c6325b8d1d5320a20594c4616ebfdc3d7faee83b2540048f98a7f777e8c7a4ef39409b9a6d97a3f340d9de7ab7647673f78991f037409348f6043f1202b06cdc84135e93aa3e6d03594ea60bdab4db9cbdfa8bc8bbb330d9553625f56925bac4823c58b3559ca1bc7d003d59c6cb6b250e8f11bc0a972f1a4943c8cb13771e4369918a3cddaeab4ddac9b0819cbbbbbb56611e66b0a553de518930d85290e81c7e18dfb7cd98197b16651b6987e2acb6d90a14aff13597aba944247331359949138bd3f942a5469c035eec2b6ec81d72af6fab8e14cacd940f21a41b765e8744e5f20d76bde141fc2d04f1cf5a3d26e2a64c5f6a586fea7e19d0a506988cb6f67351d460b756ed0e875f3b3fb13f4ad0b042a5d504f3f9872f01d08855f2aef90a4e6bd0e6e54e0b36bdb42639dea58a578d9132c765ad26ff782512856b420127fb07a7454fcf8c7a9535bf1b06486c4d4d527a7fb530a49672a3f5d67a60c16057b34c9d5309c132c69830ae164cc6e749c5459a22704a9bb356d7bf587b4fb129eb7a49bb80cb6ef576e00c67a65270736e8de7ed74b007a40eb4275a082b451611b53c4fb30a5c0cec750ad1cbfa06f476c8eea97ec6bfdef05f69a811ee1ece1cf1e64aa0898d2abbd1c745e773dcf890c8532458a5b5975eacb306357651122371abfc852010134bbe532e50503ad98d71b9d29f36172299fb28e7ade2cd5965a4dbd220535950d40a9a47630d8abf270724ca190a7734bb53c78d9cb0bf57f90614fa362fe27dd1cf62a72e1f99eec38db29353a7f85a8a885037857eeab46417b822af700815ce68c6c75fdd307389bbe1ff41edbf38346a29d28e1eae98ca7fcda06746495ae412b5b2b7e0604882e89ca1d292792a4e70f84305760772d432dd4e15b1147a2e0e3c25dc62c9431a12badcf476cf9e0779a069442a75df0718cc44f0ddfeadafd978f2e6c615c0dedd787d29084071f2559ac5964e266fa7dc558065fbd6ed28b72ad4dd206d308a17891554f9cd55f5cf48d589411557357e770e62236f7628eb687eb18be76f78e4170fcae6a950fb9e5f4b4ade691a815b09c35db59b329c11ddd59e86fce20956da738dc9978dd40530339086896ea869bc6b662c5953602a2bd4f03c205ae60dc0e28e45518699481df9ec14019765716f048f80acea29d4b5771a2bcb4a2ebc77a2a0c950bd1c56f57dbdd32f04d44112cefdc93cfa67f5a964a33e51547ddf63c727865819e33a0554bbb22edc2979cddaad19502d50885faddd5d03a8b5ab988a650539499ca3698e36f46dd0fa6f627a597f1bf55d127ff8d58167d84976de0cf98750a2a38653e9c4571dd91d7c20823e5bded8b2a07bd79c8d87fba541fed5caf1af2dc4e81f96148e4a58aac3c319d0c3ff44460236ff3809b483e52d5bebbe69d76e2a40357099f691f914b523ca0a26f395c5f6601b4551c2efd37004889a0d849b8205c9ffb3bd4519d3ef918b0d1ae4435f9b4b27b76d7f1a370b8e05011bc3a8001330515b414e43dc920a5602ae589d34fc767e5a26fd8f091f540e3aa6b336e552cc6369d78520fefa9ea7f60a1a24b7b69e687b4882461c091b3bc9650df84e2f73461552964a5a92c9a9f70a0429e955d1236445a0f259ec0d21729573dab5b0bfd52cb81167b07dde37fa7d2af7a2537ac95b6767f78cdc5ea46818a7506f76f4fe07842a22481717354332e234b559390bca34af90c1aa1df314a7862d59baf3815d94006c2e82901486ef7bdd3bf11dec08edd1646b65a0c790906206bde67b7b19add8cbaca1724cc9bd17774793432c36bfb770c69d225cd24aa8e5eb50cc06697bb17abc29006a7460fabd52acea972020fddf216cf4f684da60ea12a860d478ccc4b488ae09e0387081fc936891f1ed32b0c727e391c54cabff543b9447b14cb3318eea02e2a1b3d5d94f58c3286aea66b98e77d97e2c619d87fe29f7fa3eef04b73aafc864714822c86e127a04737235bd7c582b7557ef5880ad61f75fcd4775dd0673c8e09cb22f8f9dbf7b27ca00e802302438107ef15b2a475ea7c1389c8a7c4c48afab5c6d95030f4618eb983c58e89801abee4ecb9b5cd57ecabdf4cdf900c90a8f84bb1c74d4e6a5a968c0de614cb607c70cf529c0290870a58f44d076becbc3cdd00a36ac95bf293ddf40fc817612427abe7bd41a6fbb0d9b7d17734488d4ecf71f50b8b1235b9667385883f16756ccbafedb6c138ebfa56242ff156a79a892f486c5ba841ea6ec499798de3d50a9e1e499c85a0fdebc4cd8e92be88f2bd57c5bbd9bfc3031b55aabaf8d031f9314fefe9b7cbf48716b5512c2ec183f709d7e19547b3755d0e789751fa19c6e2eee463ddd758d2bdac88152cb5fc4c0899a1e527177f647f5c5a9d875a9e43504e625c7d72b43655664f07bde91a19618f13ab2d016891b7fd1fded004c812ed0884553db64c17b8d512ec95ef0fac2a3332acb55d548dfc5362b5ffe223a6eeb5ab517b0f750804f8a97658e8588ffc8fd23e5ff077244c7db5bfb6edabc486e4ba822623822ddfcf5361e3bd6d516a3be3959bff1aec65f250446a7374c12e55a7f0afa34083ede7d1699e895fc845d95e95cdf85bad7e0cab0b34e4becf6ced50e43bc17661c8adc8d57b4b146a6f8fd5b542163756187265f80051febaffff2629ea89fe695262d1616a218f8c48a5f3dff590fdda9f5c4083fa9e30d160e91fa630fe945983ff38ffa49887e5122a79c502e05e61f186e311344b8827597b17da027ce23e59c2159e199b25dc5b3eef908798b012cb4bf3828d6c8f86b1480caa8df41a40109a9c9e81bff5138698040b9c5239789d9afcb333cd136b84efb6ea013352dd98d273d7b1d359817755f1395a46316d01dff05bf2f9f7d9b2ffd354464f0529c8c16732d240b552884a6ef438edfdd25dd431e11a6683fbdbea56a17a87b9d0b9bcdefc23b65304cebefd9f3b606a8ed1574267f5ab6f7394a655ce651f955d3e0616030082eb2abc292a2ee5de2b3fbdba40a6ca8b132bcc93b6809c0057dd52c94c1dc9778647474dce981ff514119e0bc845e6f360a602b470a3cdac5236c59ab264b2ecf4d86bea1967138ca6d544f2c3d278327b5cefb048c36187815c4db55471a3f3d37ae4b040d2b4c13fe65aae6cd096eacd1f03ab2ed847528d3728809c1fb04fef868f882aa2f2406a784e8931ee999b85d7016afbe1e2f524f62525af29682f1a1b0425d5de018097d139f270fa325017a9cfd9b26eac0f7c87d451e7ad440c125868c6aa0055aee1bc26e8a038379b53a25a0da0ab6b8404b6a770c0c6d12a13ae2f0e970bfece15b5231c71ddde475d41ba7a1079afb1686f877acd9a504e3b6c0267e4b5bedc44e2daf3c6cdf0ab47720f76ab5052670c0b0f101b246437dc7e67af295280b7ecbcd0a30db6913e39b49cef3d7e3b607901f9707466ce45bca57f604a3e9c285ad14270a5e74971bc61c6bcce552989ed6f820cc73e1d8d9cebecc5668bd998de9acfb2ae54c3a2add27a0bd92b5bb32a91482c0fd7f2267615c5f78b2368442c2d93680397bde1204f70af2f5aa1869aed778788d687208097017b2ffdc24157167d0937e474f05773961bffd75ae3bff1934f908a96582273e8bf6939075c2148d2c7d37519d492c4a1747138f470eef256c38722f72caed93a5e193dfea4fda250a423f393e495979ee5f8983f51abad8897f322b137c8d497acb46bbfe11f6a4f77d6c0944727ed6bd6bb2a05c3050da44225980da5fdd0bd7e2ae43e4f3a6adf40f2368ae833b869be50a3da3988a679ae9f306ce44208739a8f79dea6ee4b593bd76a123eb8504bd52eaf5d328598d85874a56a359c788af0eab43355c8aa29c3b391ca31b8687ea245038c317630631bcf78cc4ae9f52049a4f92070c4c99d1072f5ca52cc78ca359b58d0bb7af2c746cdb683b1ba8c3a891742e6485cdee03a590108037d70484a3e9085449ea4cbd27adad7476b3c23d7eeb39899ca1a9f002027746377261e1697b08c959349c86fe683c4095a224ccb1764795ee83d7c88b220be7d03b0433540fb32239b23c700cd8c23ae009abc73c3f919d622e5a0f9912673c8e198ad4a1a607a3c69f3bb36251bcda6a090b416d611d9e6802cf6447a5c34604857dd5d2995694205e1db9f06c4609e9663c600c94f71efefabc2ea8c7d78c926fc8284133f2b471576c527d627b94daabbb7308bed8ca214608b9e256450b1a7abee36413c1b4060d7bb45e718c9a6af2018a8f5c6bb79ed46d370d160b606ff85e55ec7e0599a71bd391277413a86f84cd9157438802a8cbd626c2e17284013804808df40ccd4b7dfeba779778ea4ee6936afd6182963de6d577a263e7d851ae647fd024a66c32a1247afd7124deb793c1eaa3a00f5b8c226b2cb06a465e558cbd27c26b8ea134c5fc4045e39413f15052b7233023d8a39192cfee4417d7a2197b5bc4a1dddd9c7b6343083277e953bca57178422bd9b843cbb8fab3ef0606b4104264ecb81c8d9d7f07d677189e23982b5f69a283a67e45686ff939aa9f6353448be9809a01d9d7842b60d3db5409ebda837efd2214ab164ed9ce86a6fe13b1591735b90b091afb8a2b137330a4d82652a191a808c55aa4018ae7c7200fd5f18de694bcf00431f67f573a13e44f90e721f75d8a68647e5caf8107d897ff3d7442207c4d16a06c26515d712984cc4b89d7133bc1296947fe1a39f3943a8470d6d0c7bb26249a094418926f2f288667b3b2febf623ba2b8cc723baa44b641a644372b9020a0600000000000000551f719255e9be0d0047f22c9a1e06663cbeb05d4f6a03b846dc0c04eba7d9bb89e8b6446ea46fe3b7a7f467b75458f88af5bc5ae0efc810b750e54caba11270474a83b80d1c8ac8296905555fa29e25ef8c937db8f6f2cd4bd68aac57538bb748a990f1a70cb7b2dfc3023d71d4dc800596d94c08c397690f8a3e6d9b12b8b5111071f02c6784347731bea5fd1c0e6b9452a55fc253ae84c3923785df1e72dd1096602518a8b8bdbeefefe25181f019086af591f732b404ed9bbdaaf2cf3836d729ae8f74adf450747f664d033b3b624af470a7d4b36fd853f66c3b278ab703ea5767251501426ddc37e668b25a87a8f887eb609af7cb4fbd2be8c5d99bfbdf295d673d58e6f28334482d0df59b96aacb69a0ba9b342a8ae1b727ddd41495940b2b27e60c26832c1b254a857e11e55640a4cffe4271efd6a7e1ba3c168f66a5e30332da041aefbdc879779718b2457855a016553434d475db76c9ca5a"], &(0x7f0000001280)=0x2) getsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f00000012c0)={0x3, 0x337e, 0x0, 0x9, 0x3, 0x2, 0x4, 0x7fff, r8}, &(0x7f0000001300)=0x20) ppoll(&(0x7f0000000100)=[{r3, 0x2}, {r5, 0x20}, {r3, 0x1}, {r3, 0x8002}], 0x4, &(0x7f0000000140)={0x0, 0x1c9c380}, &(0x7f0000000180), 0x8) ioctl$TUNGETFEATURES(r2, 0x800454cf, &(0x7f00000002c0)) fallocate(r2, 0x0, 0x0, 0xffff) inotify_init1(0x0) open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) inotify_init1(0x80800) 2018/03/31 03:07:34 executing program 2: sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r0 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) r1 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) fchdir(0xffffffffffffffff) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) getsockopt$inet6_tcp_buf(r0, 0x6, 0x0, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_pid(r3, &(0x7f0000000100)=ANY=[], 0x1023c) fadvise64(r2, 0x0, 0x0, 0x4) ioctl$TUNGETFEATURES(r2, 0x800454cf, &(0x7f00000002c0)) fallocate(r2, 0x0, 0x0, 0xffff) r4 = inotify_init1(0x0) open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) r5 = inotify_init1(0x80800) dup2(r4, r5) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1eec7e667e9c22c674d6eb942b78258369909dc", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000000280)) sendmsg$IPVS_CMD_GET_INFO(r1, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(r1, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) ioctl(r0, 0x2285, &(0x7f0000007000)='S') [ 398.490757] binder: 26064:26080 Acquire 1 refcount change on invalid ref 0 ret -22 [ 398.498586] binder: 26064:26080 BC_ACQUIRE_DONE u0000000000000000 no match [ 398.505761] binder: 26064:26080 unknown command 0 2018/03/31 03:07:34 executing program 6: sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r0 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) r1 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) fchdir(0xffffffffffffffff) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) getsockopt$inet6_tcp_buf(r0, 0x6, 0xf, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_pid(r3, &(0x7f0000000100)=ANY=[], 0x1023c) fadvise64(r2, 0x0, 0x0, 0x4) ioctl$TUNGETFEATURES(r2, 0x800454cf, &(0x7f00000002c0)) r4 = inotify_init1(0x0) open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) r5 = inotify_init1(0x80800) dup2(r4, r5) fstatfs(r4, &(0x7f0000000040)=""/62) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000000280)) sendmsg$IPVS_CMD_GET_INFO(r1, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(r2, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(r1, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) ioctl(r0, 0x2285, &(0x7f0000007000)='S') 2018/03/31 03:07:34 executing program 1 (fault-call:10 fault-nth:22): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x2800000, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="8da4363a00000000000000000000000000000000000000000000000000000000ecf6f2a3299748aeb81e1b00920efd9a000001000000000001000000000000005f42485266535f4d050000000000000000104000000000000000020000000000000000000000000000000000000000000000800200000000007000000000000006000000000000000100000000000000001000000010000000100000001000006100000004000000000000000000000000000000000000000000000045010000000000000000000000010000000000000000008002000000000000800000000000001000000010000000100000000000000000000000000000000000000000000000000000000000000000c08de47c70514c95b95e109e96a0b90decf6f2a3299748aeb81e1b00920efd9a00", 0x12c, 0x10000}], 0x0, &(0x7f0000014300)) mkdir(&(0x7f0000000040)='./file0\x00', 0x1c1) syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000180)="2f2f66696c653002", 0x80, 0x1, &(0x7f0000000900)=[{&(0x7f0000000400)="726b0bf4cf9ea0007fa7cf2e5c463c327b275b956e7a407a7776f3f680f45f33407d01287d4ef58cd8d319309c29643917d4bc86f568f8852b2e6c7cee837e0715e7aa7f82e970e6d76f2290b63efeed63f0785b36f4e95bdf2f07271dbd7d278d79d59de5", 0x65, 0x4}], 0x240000, &(0x7f0000000a00)={'nouuid,'}) r0 = open(&(0x7f00000002c0)='./file0\x00', 0x0, 0x0) symlinkat(&(0x7f0000000240)='./file0/file0/file0\x00', r0, &(0x7f0000000140)='./file0\x00') ioctl$UFFDIO_UNREGISTER(r0, 0x8010aa01, &(0x7f00000003c0)={&(0x7f0000ffc000/0x1000)=nil, 0x1000}) syz_open_pts(r0, 0x646041) unlinkat(r0, &(0x7f0000000080)='./file0/file0/file0\x00', 0x0) renameat(r0, &(0x7f0000000040)="2f2f66696c653002", 0xffffffffffffffff, &(0x7f0000000100)='./file1\x00') mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f0000000280)='./file0/file0\x00', &(0x7f0000026ff8)='./file0\x00', &(0x7f0000000240)='rpc_pipefs\x00', 0x0, &(0x7f0000ae2fff)) umount2(&(0x7f0000000000)='./file0\x00', 0x0) fcntl$notify(r0, 0x402, 0x1b) symlinkat(&(0x7f0000000800)='./file0\x00', 0xffffffffffffffff, &(0x7f0000000780)='./file0/file0\x00') mkdir(&(0x7f0000000380)='./file0\x00', 0x2) renameat(r0, &(0x7f0000000300)="2f2f66696c653002", 0xffffffffffffffff, &(0x7f0000000340)='./file1\x00') [ 398.549366] binder: 26064:26080 ioctl c0306201 200001c0 returned -22 [ 398.637048] FAULT_INJECTION: forcing a failure. [ 398.637048] name failslab, interval 1, probability 0, space 0, times 0 [ 398.648338] CPU: 1 PID: 26102 Comm: syz-executor1 Not tainted 4.16.0-rc7+ #7 [ 398.655512] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 398.664839] Call Trace: [ 398.667405] dump_stack+0x194/0x24d [ 398.671015] ? arch_local_irq_restore+0x53/0x53 [ 398.675662] ? kernel_text_address+0xd1/0xe0 [ 398.680047] ? __unwind_start+0x169/0x330 [ 398.684174] should_fail+0x8c0/0xa40 [ 398.687865] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 398.692951] ? save_stack+0x43/0xd0 [ 398.696556] ? kasan_kmalloc+0xad/0xe0 [ 398.700416] ? __kmalloc+0x162/0x760 [ 398.704105] ? __list_lru_init+0xcf/0x750 [ 398.708232] ? find_held_lock+0x35/0x1d0 [ 398.712269] ? __lock_is_held+0xb6/0x140 [ 398.716312] ? check_same_owner+0x320/0x320 [ 398.720610] ? rcu_note_context_switch+0x710/0x710 [ 398.725518] should_failslab+0xec/0x120 [ 398.729469] kmem_cache_alloc_node_trace+0x5a/0x760 [ 398.734462] ? mark_held_locks+0xaf/0x100 [ 398.738585] ? __raw_spin_lock_init+0x1c/0x100 [ 398.743147] __kmalloc_node+0x33/0x70 [ 398.746926] kvmalloc_node+0x99/0xd0 [ 398.750617] __list_lru_init+0x5d5/0x750 [ 398.754656] ? memcg_destroy_list_lru_node.isra.7+0x110/0x110 [ 398.760518] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 398.765515] ? lockdep_init_map+0x9/0x10 [ 398.769552] sget_userns+0x6b1/0xe40 [ 398.773243] ? set_anon_super+0x20/0x20 [ 398.777196] ? put_filp+0x90/0x90 [ 398.780623] ? destroy_unused_super.part.6+0xd0/0xd0 [ 398.785705] ? __alloc_pages_slowpath+0x2d10/0x2d10 [ 398.790700] ? trace_hardirqs_off+0x10/0x10 [ 398.794999] ? putname+0xee/0x130 [ 398.798433] ? cap_capable+0x1b5/0x230 [ 398.802297] ? security_capable+0x8e/0xc0 [ 398.806422] ? rpc_remove_pipe_dir_object+0x6d0/0x6d0 [ 398.811584] ? ns_capable_common+0xcf/0x160 [ 398.815883] ? rpc_remove_pipe_dir_object+0x6d0/0x6d0 [ 398.821048] mount_ns+0x6d/0x190 [ 398.824392] rpc_mount+0x9e/0xd0 [ 398.827733] mount_fs+0x66/0x2d0 [ 398.831077] vfs_kern_mount.part.26+0xc6/0x4a0 [ 398.835634] ? may_umount+0xa0/0xa0 [ 398.839237] ? _raw_read_unlock+0x22/0x30 [ 398.843359] ? __get_fs_type+0x8a/0xc0 [ 398.847222] do_mount+0xea4/0x2bb0 [ 398.850739] ? copy_mount_string+0x40/0x40 [ 398.854949] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 398.859942] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 398.864688] ? retint_kernel+0x10/0x10 [ 398.868553] ? copy_mount_options+0x18b/0x2e0 [ 398.873029] ? copy_mount_options+0x193/0x2e0 [ 398.877499] ? copy_mount_options+0x1f7/0x2e0 [ 398.881968] SyS_mount+0xab/0x120 [ 398.885394] ? copy_mnt_ns+0xb30/0xb30 [ 398.889255] do_syscall_64+0x281/0x940 [ 398.893121] ? vmalloc_sync_all+0x30/0x30 [ 398.897244] ? _raw_spin_unlock_irq+0x27/0x70 [ 398.901715] ? finish_task_switch+0x1c1/0x7e0 [ 398.906198] ? syscall_return_slowpath+0x550/0x550 [ 398.911111] ? syscall_return_slowpath+0x2ac/0x550 [ 398.916022] ? prepare_exit_to_usermode+0x350/0x350 [ 398.921032] ? entry_SYSCALL_64_after_hwframe+0x52/0xb7 [ 398.926371] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 398.931190] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 398.936353] RIP: 0033:0x454e79 [ 398.939517] RSP: 002b:00007fb29f67ac68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 398.947198] RAX: ffffffffffffffda RBX: 00007fb29f67b6d4 RCX: 0000000000454e79 [ 398.954444] RDX: 0000000020000240 RSI: 0000000020026ff8 RDI: 0000000020000280 [ 398.961686] RBP: 000000000072bea0 R08: 0000000020ae2fff R09: 0000000000000000 [ 398.968928] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000014 [ 398.976174] R13: 00000000000003fa R14: 00000000006f8010 R15: 0000000000000016 [ 399.032612] BTRFS error (device loop7): superblock checksum mismatch [ 399.058896] BTRFS error (device loop7): open_ctree failed [ 399.117657] BTRFS error (device loop7): superblock checksum mismatch [ 399.124617] BTRFS error (device loop7): open_ctree failed [ 399.144504] irq bypass consumer (token 00000000f03a39c8) registration fails: -16 2018/03/31 03:07:35 executing program 4: r0 = syz_open_dev$binder(&(0x7f00000004c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) getgroups(0x0, &(0x7f0000000500)) mmap$binder(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x74, 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="0c6300000e630c40030000000000000000000000056304400000000009631040", @ANYBLOB, @ANYBLOB="000000000000000000634040000000000000000002000000000000000000000001000000000000000000000018000000000000001000000000000000", @ANYPTR=&(0x7f0000000080)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00H\x00\x00\x00\x00\x00\x00\x00'], @ANYRES64, @ANYBLOB="249a1661c0f56eda020a600add0000008d98e6e7f23bc8674bf6b070b9cf9d533711745caa019bbfb2935e03bf4a6193506f4884eaf17dc12fe043d7dcc29811069c6f38da9642dc9d95910f046719affb769597bede11e47b4b8ea6e663a51e86ea493641c7bc8275a909aebb83e54e"], 0xeb, 0x0, &(0x7f00000002c0)="e718c6edde7a3b7c6af63e413cd5ffd2355006b90295e59b944ae30b53c5e0fb06504316e64898a349e3220fa658c2092306f433254289bcf5cf48a952c6e7eb4c54969299c6123213c5518ec0276eec669de3b62c531bcf2ba950c84bb12b57275938926ff74b0a8fe76d6e8de191b41f549e02c8262b5bf0d716c5f23d4dae1e2d8aac7c0b2386ed16e3b0c7fb6e60c5bbd3d1efb87f99573a5ced5b7f13f75995a776f3c7e6ed23b5056ebec90c762d6ebdd8a7de0f61884f12294d1a1a3696ca768758bc197a050a453209d4fe9930a7053742a70a6fe08461645091bc00c6f25addfbc55c3d37fe35"}) 2018/03/31 03:07:35 executing program 2: sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r0 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) r1 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) fchdir(0xffffffffffffffff) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) getsockopt$inet6_tcp_buf(r0, 0x6, 0x0, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_pid(r3, &(0x7f0000000100)=ANY=[], 0x1023c) fadvise64(r2, 0x0, 0x0, 0x4) ioctl$TUNGETFEATURES(r2, 0x800454cf, &(0x7f00000002c0)) fallocate(r2, 0x0, 0x0, 0xffff) r4 = inotify_init1(0x0) open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) r5 = inotify_init1(0x80800) dup2(r4, r5) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1eec7e667e9c22c674d6eb942b78258369909dc", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000000280)) sendmsg$IPVS_CMD_GET_INFO(r1, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(r1, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) ioctl(r0, 0x2285, &(0x7f0000007000)='S') 2018/03/31 03:07:35 executing program 3: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ppp\x00', 0x40000, 0x0) ioctl$FIONREAD(r0, 0x541b, &(0x7f0000000440)) sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r1 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) r2 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) fchdir(0xffffffffffffffff) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) socket(0xf, 0x7, 0x8) getsockopt$inet6_tcp_buf(r1, 0x6, 0xf, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) r4 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_pid(r4, &(0x7f0000000100)=ANY=[], 0x1023c) fadvise64(r3, 0x0, 0x0, 0x4) ioctl$TUNGETFEATURES(r3, 0x800454cf, &(0x7f00000002c0)) r5 = inotify_init1(0x0) open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) getsockopt$inet6_buf(r4, 0x29, 0x2a, &(0x7f0000000580)=""/148, &(0x7f0000000480)=0x94) r6 = inotify_init1(0x80800) dup2(r5, r6) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1eec7e667e9c22c674d6eb942b78258369909dc", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") ioctl$sock_SIOCGPGRP(r4, 0x8904, &(0x7f0000000280)) sendmsg$IPVS_CMD_GET_INFO(r2, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(r3, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}, 0x10}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(r2, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) ioctl(r1, 0x2285, &(0x7f0000007000)='S') 2018/03/31 03:07:35 executing program 1 (fault-call:10 fault-nth:23): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x2800000, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="8da4363a00000000000000000000000000000000000000000000000000000000ecf6f2a3299748aeb81e1b00920efd9a000001000000000001000000000000005f42485266535f4d050000000000000000104000000000000000020000000000000000000000000000000000000000000000800200000000007000000000000006000000000000000100000000000000001000000010000000100000001000006100000004000000000000000000000000000000000000000000000045010000000000000000000000010000000000000000008002000000000000800000000000001000000010000000100000000000000000000000000000000000000000000000000000000000000000c08de47c70514c95b95e109e96a0b90decf6f2a3299748aeb81e1b00920efd9a00", 0x12c, 0x10000}], 0x0, &(0x7f0000014300)) mkdir(&(0x7f0000000040)='./file0\x00', 0x1c1) syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000180)="2f2f66696c653002", 0x80, 0x1, &(0x7f0000000900)=[{&(0x7f0000000400)="726b0bf4cf9ea0007fa7cf2e5c463c327b275b956e7a407a7776f3f680f45f33407d01287d4ef58cd8d319309c29643917d4bc86f568f8852b2e6c7cee837e0715e7aa7f82e970e6d76f2290b63efeed63f0785b36f4e95bdf2f07271dbd7d278d79d59de5", 0x65, 0x4}], 0x240000, &(0x7f0000000a00)={'nouuid,'}) r0 = open(&(0x7f00000002c0)='./file0\x00', 0x0, 0x0) symlinkat(&(0x7f0000000240)='./file0/file0/file0\x00', r0, &(0x7f0000000140)='./file0\x00') ioctl$UFFDIO_UNREGISTER(r0, 0x8010aa01, &(0x7f00000003c0)={&(0x7f0000ffc000/0x1000)=nil, 0x1000}) syz_open_pts(r0, 0x646041) unlinkat(r0, &(0x7f0000000080)='./file0/file0/file0\x00', 0x0) renameat(r0, &(0x7f0000000040)="2f2f66696c653002", 0xffffffffffffffff, &(0x7f0000000100)='./file1\x00') mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f0000000280)='./file0/file0\x00', &(0x7f0000026ff8)='./file0\x00', &(0x7f0000000240)='rpc_pipefs\x00', 0x0, &(0x7f0000ae2fff)) umount2(&(0x7f0000000000)='./file0\x00', 0x0) fcntl$notify(r0, 0x402, 0x1b) symlinkat(&(0x7f0000000800)='./file0\x00', 0xffffffffffffffff, &(0x7f0000000780)='./file0/file0\x00') mkdir(&(0x7f0000000380)='./file0\x00', 0x2) renameat(r0, &(0x7f0000000300)="2f2f66696c653002", 0xffffffffffffffff, &(0x7f0000000340)='./file1\x00') 2018/03/31 03:07:35 executing program 6: sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r0 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) r1 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) fchdir(0xffffffffffffffff) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) getsockopt$inet6_tcp_buf(r0, 0x6, 0xf, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_pid(r3, &(0x7f0000000100)=ANY=[], 0x1023c) fadvise64(r2, 0x0, 0x0, 0x4) ioctl$TUNGETFEATURES(r2, 0x800454cf, &(0x7f00000002c0)) r4 = inotify_init1(0x0) open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) r5 = inotify_init1(0x80800) dup2(r4, r5) fstatfs(r4, &(0x7f0000000040)=""/62) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000000280)) sendmsg$IPVS_CMD_GET_INFO(r1, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(r2, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(r1, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) ioctl(r0, 0x2285, &(0x7f0000007000)='S') 2018/03/31 03:07:35 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x20000, 0x0) r1 = syz_open_dev$sndtimer(&(0x7f00000000c0)='/dev/snd/timer\x00', 0x0, 0x0) read(r1, &(0x7f0000ec6000)=""/50, 0x32) r2 = socket$bt_cmtp(0x1f, 0x3, 0x5) ioctl$sock_bt_cmtp_CMTPGETCONNINFO(r2, 0x800443d3, &(0x7f0000000080)={{0x6, 0x6, 0xffffffffffffff0b, 0xb73, 0x3ff, 0xfff}, 0xf32, 0x80000001, 0x7}) r3 = syz_open_dev$amidi(&(0x7f00000001c0)='/dev/amidi#\x00', 0x0, 0x0) accept4$vsock_stream(r3, &(0x7f0000000340)={0x28, 0x0, 0xffffffff, @my=0x0}, 0x10, 0x80000) ioctl$SNDRV_TIMER_IOCTL_SELECT(r1, 0x40345410, &(0x7f0000000400)={{0x80100000001}}) ioctl$SNDRV_TIMER_IOCTL_PARAMS(r1, 0x40505412, &(0x7f000001cfb0)={0x0, 0x0, 0x0, 0x0, 0xf}) read(r1, &(0x7f0000000200)=""/228, 0xe4) r4 = openat$cuse(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/cuse\x00', 0x400000, 0x0) getsockopt$netrom_NETROM_T1(r4, 0x103, 0x1, &(0x7f0000000600), &(0x7f0000000640)=0x4) ioctl$SNDRV_TIMER_IOCTL_START(r4, 0x54a0) socket$nl_xfrm(0x10, 0x3, 0x6) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000680)='/dev/vga_arbiter\x00', 0x8000, 0x0) ioctl$KVM_SET_NR_MMU_PAGES(r4, 0xae44, 0x40) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f0000000480)) r5 = dup2(0xffffffffffffffff, r0) bind$bt_l2cap(r5, &(0x7f0000000040)={0x1f, 0x5b91, {0xd, 0x0, 0x0, 0x8006, 0x5, 0x6}, 0x0, 0x5}, 0xe) preadv(r5, &(0x7f00000007c0)=[{&(0x7f0000000140)=""/100, 0x64}, {&(0x7f0000000240)=""/66, 0x42}, {&(0x7f00000002c0)=""/115, 0x73}, {&(0x7f0000000380)=""/71, 0x47}], 0x4, 0x16) 2018/03/31 03:07:35 executing program 5: sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r0 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) r1 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) fchdir(0xffffffffffffffff) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) getsockopt$inet6_tcp_buf(r0, 0x6, 0xf, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_pid(r3, &(0x7f0000000100)=ANY=[], 0x1023c) fadvise64(r2, 0x0, 0x0, 0x4) ioctl$TUNGETFEATURES(r2, 0x800454cf, &(0x7f00000002c0)) fallocate(r2, 0x0, 0x0, 0xffff) r4 = inotify_init1(0x0) open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) r5 = inotify_init1(0x80800) dup2(r4, r5) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1eec7e667e9c22c674d6eb942b78258369909dc", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000000280)) sendmsg$IPVS_CMD_GET_INFO(r1, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) open(&(0x7f0000000040)='./file0\x00', 0x20000, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(r2, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(r1, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) ioctl(r0, 0x2285, &(0x7f0000007000)='S') 2018/03/31 03:07:35 executing program 7: sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r0 = accept4(0xffffffffffffffff, &(0x7f0000000440)=@un=@abs, &(0x7f00000004c0)=0x80, 0x800) getsockopt$inet6_tcp_int(r0, 0x6, 0x1f, &(0x7f0000000580), &(0x7f00000005c0)=0x4) r1 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) r2 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) fchdir(0xffffffffffffffff) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) getsockopt$inet6_tcp_buf(r1, 0x6, 0xf, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) r4 = creat(&(0x7f0000000080)='./file0\x00', 0x0) getsockopt$inet_sctp6_SCTP_MAXSEG(r4, 0x84, 0xd, &(0x7f0000000600)=@assoc_value={0x0, 0x6}, &(0x7f0000000640)=0x8) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000680)={r5, 0x9}, 0x8) write$cgroup_pid(r4, &(0x7f0000000100)=ANY=[], 0x1023c) fadvise64(r3, 0x0, 0x0, 0x4) ioctl$TUNGETFEATURES(r3, 0x800454cf, &(0x7f00000002c0)) fallocate(r3, 0x0, 0x0, 0xffff) open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) r6 = inotify_init1(0x80800) dup2(0xffffffffffffffff, r6) fstatfs(0xffffffffffffffff, &(0x7f0000000040)=""/62) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1eec7e667e9c22c674d6eb942b78258369909dc", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="0900da") ioctl$sock_SIOCGPGRP(r4, 0x8904, &(0x7f0000000280)) sendmsg$IPVS_CMD_GET_INFO(r2, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(r3, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(r2, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) ioctl(r1, 0x2285, &(0x7f0000007000)='S') [ 399.274645] FAULT_INJECTION: forcing a failure. [ 399.274645] name failslab, interval 1, probability 0, space 0, times 0 [ 399.285935] CPU: 1 PID: 26128 Comm: syz-executor1 Not tainted 4.16.0-rc7+ #7 [ 399.293116] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 399.302466] Call Trace: [ 399.305072] dump_stack+0x194/0x24d [ 399.308760] ? arch_local_irq_restore+0x53/0x53 [ 399.313432] should_fail+0x8c0/0xa40 [ 399.317149] ? is_bpf_text_address+0xa4/0x120 2018/03/31 03:07:35 executing program 6: sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r0 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) r1 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) fchdir(0xffffffffffffffff) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) getsockopt$inet6_tcp_buf(r0, 0x6, 0xf, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_pid(r3, &(0x7f0000000100)=ANY=[], 0x1023c) fadvise64(r2, 0x0, 0x0, 0x4) ioctl$TUNGETFEATURES(r2, 0x800454cf, &(0x7f00000002c0)) r4 = inotify_init1(0x0) open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) r5 = inotify_init1(0x80800) dup2(r4, r5) fstatfs(r4, &(0x7f0000000040)=""/62) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000000280)) sendmsg$IPVS_CMD_GET_INFO(r1, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(r2, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(r1, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) ioctl(r0, 0x2285, &(0x7f0000007000)='S') 2018/03/31 03:07:35 executing program 2: sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r0 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) r1 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) fchdir(0xffffffffffffffff) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) getsockopt$inet6_tcp_buf(r0, 0x6, 0xf, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_pid(0xffffffffffffffff, &(0x7f0000000100)=ANY=[], 0x1023c) fadvise64(r2, 0x0, 0x0, 0x4) ioctl$TUNGETFEATURES(r2, 0x800454cf, &(0x7f00000002c0)) fallocate(r2, 0x0, 0x0, 0xffff) r4 = inotify_init1(0x0) open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) r5 = inotify_init1(0x80800) dup2(r4, r5) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1eec7e667e9c22c674d6eb942b78258369909dc", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000000280)) sendmsg$IPVS_CMD_GET_INFO(r1, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(r1, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) ioctl(r0, 0x2285, &(0x7f0000007000)='S') [ 399.321645] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 399.326748] ? __kernel_text_address+0xd/0x40 [ 399.331241] ? unwind_get_return_address+0x61/0xa0 [ 399.336175] ? find_held_lock+0x35/0x1d0 [ 399.340240] ? __lock_is_held+0xb6/0x140 [ 399.344305] ? check_same_owner+0x320/0x320 [ 399.348626] ? rcu_note_context_switch+0x710/0x710 [ 399.353556] should_failslab+0xec/0x120 [ 399.357529] kmem_cache_alloc_trace+0x4b/0x740 [ 399.362107] ? __kmalloc_node+0x33/0x70 [ 399.366076] ? __kmalloc_node+0x33/0x70 [ 399.370045] ? rcu_read_lock_sched_held+0x108/0x120 [ 399.375057] __memcg_init_list_lru_node+0x169/0x270 [ 399.377381] binder: 26122:26139 BC_REQUEST_DEATH_NOTIFICATION invalid ref 3 [ 399.380065] ? list_lru_add+0x7c0/0x7c0 [ 399.380076] ? __kmalloc_node+0x47/0x70 [ 399.380091] __list_lru_init+0x544/0x750 [ 399.380108] ? memcg_destroy_list_lru_node.isra.7+0x110/0x110 [ 399.404996] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 399.409997] ? lockdep_init_map+0x9/0x10 [ 399.414041] sget_userns+0x6b1/0xe40 [ 399.417728] ? set_anon_super+0x20/0x20 [ 399.421685] ? put_filp+0x90/0x90 [ 399.425113] ? destroy_unused_super.part.6+0xd0/0xd0 [ 399.430192] ? __alloc_pages_slowpath+0x2d10/0x2d10 [ 399.435186] ? trace_hardirqs_off+0x10/0x10 [ 399.439483] ? putname+0xee/0x130 [ 399.442915] ? cap_capable+0x1b5/0x230 [ 399.446780] ? security_capable+0x8e/0xc0 [ 399.450905] ? rpc_remove_pipe_dir_object+0x6d0/0x6d0 [ 399.456069] ? ns_capable_common+0xcf/0x160 [ 399.460369] ? rpc_remove_pipe_dir_object+0x6d0/0x6d0 [ 399.465533] mount_ns+0x6d/0x190 [ 399.468874] rpc_mount+0x9e/0xd0 [ 399.472217] mount_fs+0x66/0x2d0 [ 399.475563] vfs_kern_mount.part.26+0xc6/0x4a0 [ 399.480123] ? may_umount+0xa0/0xa0 [ 399.483739] ? _raw_read_unlock+0x22/0x30 [ 399.487862] ? __get_fs_type+0x8a/0xc0 [ 399.491732] do_mount+0xea4/0x2bb0 [ 399.495998] ? copy_mount_string+0x40/0x40 [ 399.500213] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 399.505208] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 399.509946] ? retint_kernel+0x10/0x10 [ 399.513819] ? copy_mount_options+0x18b/0x2e0 [ 399.518291] ? copy_mount_options+0x193/0x2e0 [ 399.522761] ? copy_mount_options+0x1f7/0x2e0 [ 399.527234] SyS_mount+0xab/0x120 [ 399.530668] ? copy_mnt_ns+0xb30/0xb30 [ 399.534535] do_syscall_64+0x281/0x940 [ 399.538400] ? vmalloc_sync_all+0x30/0x30 [ 399.542523] ? _raw_spin_unlock_irq+0x27/0x70 [ 399.546992] ? finish_task_switch+0x1c1/0x7e0 [ 399.551467] ? syscall_return_slowpath+0x550/0x550 [ 399.556371] ? syscall_return_slowpath+0x2ac/0x550 [ 399.561275] ? prepare_exit_to_usermode+0x350/0x350 [ 399.566271] ? entry_SYSCALL_64_after_hwframe+0x52/0xb7 [ 399.571611] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 399.576433] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 399.581598] RIP: 0033:0x454e79 [ 399.584765] RSP: 002b:00007fb29f67ac68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 399.592451] RAX: ffffffffffffffda RBX: 00007fb29f67b6d4 RCX: 0000000000454e79 [ 399.599695] RDX: 0000000020000240 RSI: 0000000020026ff8 RDI: 0000000020000280 [ 399.606945] RBP: 000000000072bea0 R08: 0000000020ae2fff R09: 0000000000000000 [ 399.614189] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000014 2018/03/31 03:07:36 executing program 5: sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r0 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) r1 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) fchdir(0xffffffffffffffff) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) getsockopt$inet6_tcp_buf(r0, 0x6, 0xf, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) mq_unlink(&(0x7f0000000440)='{/%\'self\x00') write$cgroup_pid(r3, &(0x7f0000000100)=ANY=[], 0x1023c) fadvise64(r2, 0x0, 0x0, 0x4) ioctl$TUNGETFEATURES(r2, 0x800454cf, &(0x7f00000002c0)) fallocate(r2, 0x0, 0x0, 0xffff) r4 = inotify_init1(0x0) r5 = open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) r6 = inotify_init1(0x80800) setsockopt$bt_BT_DEFER_SETUP(r3, 0x112, 0x7, &(0x7f0000000040)=0x4, 0x4) dup2(r4, r6) clone(0x0, &(0x7f0000000900)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3532aac73e305012a95b619af30af684bba6e9e2031b1eec7e667e9c22c674d6eb942b78258369902dca694486b63c8c1b93616e1152eee26177105e21dce4c7bd1eb68baf9024e3a3d1e29dfc235371da605c57d66148fefe1e0c939f510d7f69ec25dfe705b12aa810f77a44dab9265cf64893709c7a39706000000e780196d826a3876c6f11c6daf8b271508dd59d144c3f308008cea166a3b3926927580f35202354dfc9bd3ec237d9aa38cafbef9a1ded10cd3c55f13a4fb2b6375f9ec938e9844034c6753181ba53f18a711b337bf967221bd2a4640c580bba0c6d7a451a195a7ac3c9d5b61271bcb2219bd2788fc5815f4e3bc279798f54e64930a5b7e0ca352cf18b0ab6887f809f7bccfd86cd66b866f6b3f9f3bd7de4ed9e655d433962f0eca43b71c76c2db7c5bc504a9a5e64bbbf4fc86dff21635de4ed31e6c7b1b2cae19450824073f17c48bb6b83d4591b4de418c666f807b4d1f94e6a28f270d41f19bb489f98959b226d9a01a58c00b54c9a49f277299", &(0x7f0000000140), &(0x7f0000000ac0), &(0x7f0000000300)="f74dda") ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000000280)) sendmsg$IPVS_CMD_GET_INFO(r1, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(r2, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) r7 = perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(r1, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) fremovexattr(r7, &(0x7f00000004c0)=ANY=[@ANYBLOB="747275737465646f54658f00000000"]) perf_event_open$cgroup(&(0x7f0000000580)={0x1, 0x70, 0x8, 0x4bf, 0x1, 0x0, 0x0, 0x8, 0x1300, 0x8, 0x3, 0x100000001, 0xc35, 0x9, 0xffffffff, 0x2, 0x800, 0x400, 0xffffffffffffff62, 0x8, 0x5, 0x81, 0xfffffffffffffd74, 0xfffffffffffffffd, 0x678bdc59, 0x3, 0x3, 0x8, 0x246, 0x9, 0x8, 0x80000000, 0x5, 0xd8, 0xb8, 0xff, 0x80200, 0x6, 0x0, 0xf2, 0x1, @perf_bp={&(0x7f0000000480), 0x4}, 0x4010, 0x9, 0x9, 0x6, 0x0, 0x6, 0x101}, r2, 0x3, r5, 0x0) ioctl(r0, 0x2285, &(0x7f0000007000)='S') [ 399.621434] R13: 00000000000003fa R14: 00000000006f8010 R15: 0000000000000017 [ 399.638431] binder: 26122:26139 Acquire 1 refcount change on invalid ref 0 ret -22 [ 399.646223] binder: 26122:26139 BC_ACQUIRE_DONE u0000000000000000 no match [ 399.653273] binder: 26122:26139 unknown command 0 2018/03/31 03:07:36 executing program 6: sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r0 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) r1 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) fchdir(0xffffffffffffffff) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) getsockopt$inet6_tcp_buf(r0, 0x6, 0xf, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_pid(r3, &(0x7f0000000100)=ANY=[], 0x1023c) fadvise64(r2, 0x0, 0x0, 0x4) fallocate(r2, 0x0, 0x0, 0xffff) r4 = inotify_init1(0x0) open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) r5 = inotify_init1(0x80800) dup2(r4, r5) fstatfs(r4, &(0x7f0000000040)=""/62) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000000280)) sendmsg$IPVS_CMD_GET_INFO(r1, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(r2, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(r1, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) ioctl(r0, 0x2285, &(0x7f0000007000)='S') 2018/03/31 03:07:36 executing program 4: r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000680)='/dev/audio\x00', 0x1, 0x0) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000700)='IPVS\x00') sendmsg$IPVS_CMD_SET_SERVICE(r0, &(0x7f00000007c0)={&(0x7f00000006c0)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x2c, r1, 0x400, 0x70bd26, 0x25dfdbfc, {0x2}, [@IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x5}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x5}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4}, 0x800) r2 = syz_open_dev$binder(&(0x7f00000004c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) getgroups(0x0, &(0x7f0000000500)) mmap$binder(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1, 0x10, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000001c0)={0x74, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0c6300000e630c40030000000000000000000000056304400000000009631040", @ANYBLOB, @ANYBLOB="000000000000000000634040000000000000000002000000000000000000000001000000000000000000000018000000000000001000000000000000", @ANYPTR=&(0x7f0000000080)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00H\x00\x00\x00\x00\x00\x00\x00'], @ANYRES64, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0xeb, 0x0, &(0x7f00000002c0)="e718c6edde7a3b7c6af63e413cd5ffd2355006b90295e59b944ae30b53c5e0fb06504316e64898a349e3220fa658c2092306f433254289bcf5cf48a952c6e7eb4c54969299c6123213c5518ec0276eec669de3b62c531bcf2ba950c84bb12b57275938926ff74b0a8fe76d6e8de191b41f549e02c8262b5bf0d716c5f23d4dae1e2d8aac7c0b2386ed16e3b0c7fb6e60c5bbd3d1efb87f99573a5ced5b7f13f75995a776f3c7e6ed23b5056ebec90c762d6ebdd8a7de0f61884f12294d1a1a3696ca768758bc197a050a453209d4fe9930a7053742a70a6fe08461645091bc00c6f25addfbc55c3d37fe35"}) [ 399.717678] binder: 26122:26139 ioctl c0306201 200001c0 returned -22 2018/03/31 03:07:36 executing program 3: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ppp\x00', 0x40000, 0x0) ioctl$FIONREAD(r0, 0x541b, &(0x7f0000000440)) sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r1 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) r2 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) fchdir(0xffffffffffffffff) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) socket(0xf, 0x7, 0x8) getsockopt$inet6_tcp_buf(r1, 0x6, 0xf, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) r4 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_pid(r4, &(0x7f0000000100)=ANY=[], 0x1023c) fadvise64(r3, 0x0, 0x0, 0x4) ioctl$TUNGETFEATURES(r3, 0x800454cf, &(0x7f00000002c0)) r5 = inotify_init1(0x0) open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) getsockopt$inet6_buf(r4, 0x29, 0x2a, &(0x7f0000000580)=""/148, &(0x7f0000000480)=0x94) r6 = inotify_init1(0x80800) dup2(r5, r6) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1eec7e667e9c22c674d6eb942b78258369909dc", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") ioctl$sock_SIOCGPGRP(r4, 0x8904, &(0x7f0000000280)) sendmsg$IPVS_CMD_GET_INFO(r2, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(r3, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}, 0x10}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(r2, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) ioctl(r1, 0x2285, &(0x7f0000007000)='S') 2018/03/31 03:07:36 executing program 2: sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r0 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) r1 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) fchdir(0xffffffffffffffff) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) getsockopt$inet6_tcp_buf(r0, 0x6, 0xf, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_pid(0xffffffffffffffff, &(0x7f0000000100)=ANY=[], 0x1023c) fadvise64(r2, 0x0, 0x0, 0x4) ioctl$TUNGETFEATURES(r2, 0x800454cf, &(0x7f00000002c0)) fallocate(r2, 0x0, 0x0, 0xffff) r4 = inotify_init1(0x0) open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) r5 = inotify_init1(0x80800) dup2(r4, r5) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1eec7e667e9c22c674d6eb942b78258369909dc", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000000280)) sendmsg$IPVS_CMD_GET_INFO(r1, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(r1, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) ioctl(r0, 0x2285, &(0x7f0000007000)='S') 2018/03/31 03:07:36 executing program 7: sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r0 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) r1 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) fchdir(0xffffffffffffffff) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) getsockopt$inet6_tcp_buf(r0, 0x6, 0xf, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_pid(r3, &(0x7f0000000100)=ANY=[], 0x1023c) fadvise64(r2, 0x0, 0x0, 0x4) ioctl$TUNGETFEATURES(r2, 0x800454cf, &(0x7f00000002c0)) fallocate(r2, 0x0, 0x0, 0xffff) r4 = inotify_init1(0x0) open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) r5 = inotify_init1(0x80800) dup2(r4, r5) fstatfs(r4, &(0x7f0000000040)=""/62) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1eec7e667e9c22c674d6eb942b78258369909dc", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000000280)) sendmsg$IPVS_CMD_GET_INFO(r1, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(r2, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(r1, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) ioctl(r0, 0x2285, &(0x7f0000007000)='S') [ 399.802465] binder: 26160:26161 BC_REQUEST_DEATH_NOTIFICATION invalid ref 3 [ 399.819560] binder: 26160:26161 Acquire 1 refcount change on invalid ref 0 ret -22 [ 399.827379] binder: 26160:26161 BC_ACQUIRE_DONE u0000000000000000 no match [ 399.834457] binder: 26160:26161 unknown command 0 [ 399.847316] binder: 26160:26161 ioctl c0306201 200001c0 returned -22 [ 399.869490] binder: 26160:26171 BC_REQUEST_DEATH_NOTIFICATION invalid ref 3 [ 399.888865] binder: 26160:26171 Acquire 1 refcount change on invalid ref 0 ret -22 2018/03/31 03:07:36 executing program 5: sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r0 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) r1 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) fchdir(0xffffffffffffffff) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) getsockopt$inet6_tcp_buf(r0, 0x6, 0xf, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_pid(r3, &(0x7f0000000100)=ANY=[], 0x1023c) fadvise64(r2, 0x0, 0x0, 0x4) ioctl$TUNGETFEATURES(r2, 0x800454cf, &(0x7f00000002c0)) fallocate(r2, 0x0, 0x0, 0xffff) r4 = inotify_init1(0x0) open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) r5 = inotify_init1(0x80800) dup2(r4, r5) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1eec7e667e9c22c674d6eb942b78258369909dc", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000000280)) ioctl$SNDRV_CTL_IOCTL_TLV_READ(r0, 0xc008551a, &(0x7f0000000040)={0x35, 0x20, [0x3, 0x9, 0x8c, 0x2, 0xfde, 0xce, 0x9612, 0x2]}) sendmsg$IPVS_CMD_GET_INFO(r1, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(r2, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(r1, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) ioctl(r0, 0x2285, &(0x7f0000007000)='S') 2018/03/31 03:07:36 executing program 2: sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r0 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) r1 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) fchdir(0xffffffffffffffff) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) getsockopt$inet6_tcp_buf(r0, 0x6, 0xf, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_pid(0xffffffffffffffff, &(0x7f0000000100)=ANY=[], 0x1023c) fadvise64(r2, 0x0, 0x0, 0x4) ioctl$TUNGETFEATURES(r2, 0x800454cf, &(0x7f00000002c0)) fallocate(r2, 0x0, 0x0, 0xffff) r4 = inotify_init1(0x0) open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) r5 = inotify_init1(0x80800) dup2(r4, r5) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1eec7e667e9c22c674d6eb942b78258369909dc", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000000280)) sendmsg$IPVS_CMD_GET_INFO(r1, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(r1, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) ioctl(r0, 0x2285, &(0x7f0000007000)='S') 2018/03/31 03:07:36 executing program 6: sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r0 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) r1 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) fchdir(0xffffffffffffffff) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) getsockopt$inet6_tcp_buf(r0, 0x6, 0xf, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_pid(r3, &(0x7f0000000100)=ANY=[], 0x1023c) fadvise64(r2, 0x0, 0x0, 0x4) fallocate(r2, 0x0, 0x0, 0xffff) r4 = inotify_init1(0x0) open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) r5 = inotify_init1(0x80800) dup2(r4, r5) fstatfs(r4, &(0x7f0000000040)=""/62) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000000280)) sendmsg$IPVS_CMD_GET_INFO(r1, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(r2, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(r1, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) ioctl(r0, 0x2285, &(0x7f0000007000)='S') [ 399.896686] binder: 26160:26171 BC_ACQUIRE_DONE u0000000000000000 no match [ 399.903741] binder: 26160:26171 unknown command 0 2018/03/31 03:07:36 executing program 1 (fault-call:10 fault-nth:24): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x2800000, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="8da4363a00000000000000000000000000000000000000000000000000000000ecf6f2a3299748aeb81e1b00920efd9a000001000000000001000000000000005f42485266535f4d050000000000000000104000000000000000020000000000000000000000000000000000000000000000800200000000007000000000000006000000000000000100000000000000001000000010000000100000001000006100000004000000000000000000000000000000000000000000000045010000000000000000000000010000000000000000008002000000000000800000000000001000000010000000100000000000000000000000000000000000000000000000000000000000000000c08de47c70514c95b95e109e96a0b90decf6f2a3299748aeb81e1b00920efd9a00", 0x12c, 0x10000}], 0x0, &(0x7f0000014300)) mkdir(&(0x7f0000000040)='./file0\x00', 0x1c1) syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000180)="2f2f66696c653002", 0x80, 0x1, &(0x7f0000000900)=[{&(0x7f0000000400)="726b0bf4cf9ea0007fa7cf2e5c463c327b275b956e7a407a7776f3f680f45f33407d01287d4ef58cd8d319309c29643917d4bc86f568f8852b2e6c7cee837e0715e7aa7f82e970e6d76f2290b63efeed63f0785b36f4e95bdf2f07271dbd7d278d79d59de5", 0x65, 0x4}], 0x240000, &(0x7f0000000a00)={'nouuid,'}) r0 = open(&(0x7f00000002c0)='./file0\x00', 0x0, 0x0) symlinkat(&(0x7f0000000240)='./file0/file0/file0\x00', r0, &(0x7f0000000140)='./file0\x00') ioctl$UFFDIO_UNREGISTER(r0, 0x8010aa01, &(0x7f00000003c0)={&(0x7f0000ffc000/0x1000)=nil, 0x1000}) syz_open_pts(r0, 0x646041) unlinkat(r0, &(0x7f0000000080)='./file0/file0/file0\x00', 0x0) renameat(r0, &(0x7f0000000040)="2f2f66696c653002", 0xffffffffffffffff, &(0x7f0000000100)='./file1\x00') mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f0000000280)='./file0/file0\x00', &(0x7f0000026ff8)='./file0\x00', &(0x7f0000000240)='rpc_pipefs\x00', 0x0, &(0x7f0000ae2fff)) umount2(&(0x7f0000000000)='./file0\x00', 0x0) fcntl$notify(r0, 0x402, 0x1b) symlinkat(&(0x7f0000000800)='./file0\x00', 0xffffffffffffffff, &(0x7f0000000780)='./file0/file0\x00') mkdir(&(0x7f0000000380)='./file0\x00', 0x2) renameat(r0, &(0x7f0000000300)="2f2f66696c653002", 0xffffffffffffffff, &(0x7f0000000340)='./file1\x00') 2018/03/31 03:07:36 executing program 3: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ppp\x00', 0x40000, 0x0) ioctl$FIONREAD(r0, 0x541b, &(0x7f0000000440)) sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r1 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) r2 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) fchdir(0xffffffffffffffff) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) socket(0xf, 0x7, 0x8) getsockopt$inet6_tcp_buf(r1, 0x6, 0xf, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) r4 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_pid(r4, &(0x7f0000000100)=ANY=[], 0x1023c) fadvise64(r3, 0x0, 0x0, 0x4) fallocate(r3, 0x0, 0x0, 0xffff) r5 = inotify_init1(0x0) open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) getsockopt$inet6_buf(r4, 0x29, 0x2a, &(0x7f0000000580)=""/148, &(0x7f0000000480)=0x94) r6 = inotify_init1(0x80800) dup2(r5, r6) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1eec7e667e9c22c674d6eb942b78258369909dc", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") ioctl$sock_SIOCGPGRP(r4, 0x8904, &(0x7f0000000280)) sendmsg$IPVS_CMD_GET_INFO(r2, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(r3, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}, 0x10}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(r2, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) ioctl(r1, 0x2285, &(0x7f0000007000)='S') [ 399.956482] binder: 26160:26171 ioctl c0306201 200001c0 returned -22 [ 400.123542] FAULT_INJECTION: forcing a failure. [ 400.123542] name failslab, interval 1, probability 0, space 0, times 0 [ 400.134818] CPU: 1 PID: 26193 Comm: syz-executor1 Not tainted 4.16.0-rc7+ #7 [ 400.141999] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 400.151333] Call Trace: [ 400.153898] dump_stack+0x194/0x24d [ 400.157516] ? arch_local_irq_restore+0x53/0x53 [ 400.162159] ? __save_stack_trace+0x7e/0xd0 [ 400.166460] should_fail+0x8c0/0xa40 [ 400.170148] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 400.175225] ? kasan_kmalloc+0xad/0xe0 [ 400.179088] ? kmem_cache_alloc_trace+0x136/0x740 [ 400.183904] ? __memcg_init_list_lru_node+0x169/0x270 [ 400.189065] ? __list_lru_init+0x544/0x750 [ 400.193274] ? sget_userns+0x6b1/0xe40 [ 400.197136] ? vfs_kern_mount.part.26+0xc6/0x4a0 [ 400.201871] ? do_mount+0xea4/0x2bb0 [ 400.205574] ? SyS_mount+0xab/0x120 [ 400.209178] ? do_syscall_64+0x281/0x940 [ 400.213217] ? entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 400.218560] ? find_held_lock+0x35/0x1d0 [ 400.222600] ? __lock_is_held+0xb6/0x140 [ 400.226641] ? check_same_owner+0x320/0x320 [ 400.230937] ? rcu_note_context_switch+0x710/0x710 [ 400.235843] should_failslab+0xec/0x120 [ 400.239792] kmem_cache_alloc_trace+0x4b/0x740 [ 400.244349] ? __kmalloc_node+0x33/0x70 [ 400.248295] ? __kmalloc_node+0x33/0x70 [ 400.252246] ? rcu_read_lock_sched_held+0x108/0x120 [ 400.257237] __memcg_init_list_lru_node+0x169/0x270 [ 400.262239] ? list_lru_add+0x7c0/0x7c0 [ 400.266190] ? __kmalloc_node+0x47/0x70 [ 400.270139] __list_lru_init+0x544/0x750 [ 400.274183] ? memcg_destroy_list_lru_node.isra.7+0x110/0x110 [ 400.280047] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 400.285048] ? lockdep_init_map+0x9/0x10 [ 400.289086] sget_userns+0x6b1/0xe40 [ 400.292773] ? set_anon_super+0x20/0x20 [ 400.296722] ? put_filp+0x90/0x90 [ 400.300153] ? destroy_unused_super.part.6+0xd0/0xd0 [ 400.305231] ? __alloc_pages_slowpath+0x2d10/0x2d10 [ 400.310223] ? trace_hardirqs_off+0x10/0x10 [ 400.314518] ? putname+0xee/0x130 [ 400.317956] ? cap_capable+0x1b5/0x230 [ 400.321833] ? security_capable+0x8e/0xc0 [ 400.325958] ? rpc_remove_pipe_dir_object+0x6d0/0x6d0 [ 400.331125] ? ns_capable_common+0xcf/0x160 [ 400.335437] ? rpc_remove_pipe_dir_object+0x6d0/0x6d0 [ 400.340600] mount_ns+0x6d/0x190 [ 400.343944] rpc_mount+0x9e/0xd0 [ 400.347284] mount_fs+0x66/0x2d0 [ 400.350639] vfs_kern_mount.part.26+0xc6/0x4a0 [ 400.355207] ? may_umount+0xa0/0xa0 [ 400.358818] ? _raw_read_unlock+0x22/0x30 [ 400.362946] ? __get_fs_type+0x8a/0xc0 [ 400.366815] do_mount+0xea4/0x2bb0 [ 400.370330] ? copy_mount_string+0x40/0x40 [ 400.374547] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 400.379545] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 400.384287] ? retint_kernel+0x10/0x10 [ 400.388152] ? copy_mount_options+0x18b/0x2e0 [ 400.392634] ? copy_mount_options+0x193/0x2e0 [ 400.397106] ? copy_mount_options+0x1f7/0x2e0 [ 400.401574] SyS_mount+0xab/0x120 [ 400.405006] ? copy_mnt_ns+0xb30/0xb30 [ 400.408877] do_syscall_64+0x281/0x940 [ 400.412737] ? vmalloc_sync_all+0x30/0x30 [ 400.416858] ? _raw_spin_unlock_irq+0x27/0x70 [ 400.421327] ? finish_task_switch+0x1c1/0x7e0 [ 400.425804] ? syscall_return_slowpath+0x550/0x550 [ 400.430724] ? syscall_return_slowpath+0x2ac/0x550 [ 400.435626] ? prepare_exit_to_usermode+0x350/0x350 [ 400.440631] ? entry_SYSCALL_64_after_hwframe+0x52/0xb7 [ 400.445971] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 400.450791] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 400.455954] RIP: 0033:0x454e79 [ 400.459116] RSP: 002b:00007fb29f67ac68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 400.466800] RAX: ffffffffffffffda RBX: 00007fb29f67b6d4 RCX: 0000000000454e79 [ 400.474050] RDX: 0000000020000240 RSI: 0000000020026ff8 RDI: 0000000020000280 [ 400.481301] RBP: 000000000072bea0 R08: 0000000020ae2fff R09: 0000000000000000 [ 400.488545] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000014 [ 400.495787] R13: 00000000000003fa R14: 00000000006f8010 R15: 0000000000000018 2018/03/31 03:07:37 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000580)='/dev/kvm\x00', 0x80000, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x20000, 0x0) r1 = syz_open_dev$sndtimer(&(0x7f00000000c0)='/dev/snd/timer\x00', 0x0, 0x0) read(r1, &(0x7f0000000100)=""/50, 0xfffffffffffffc89) r2 = socket$bt_cmtp(0x1f, 0x3, 0x5) ioctl$sock_bt_cmtp_CMTPGETCONNINFO(r2, 0x800443d3, &(0x7f0000000080)={{0x6, 0x6, 0xffffffffffffff0b, 0xb73, 0x3ff, 0xfff}, 0xf32, 0x80000001, 0x7}) r3 = syz_open_dev$amidi(&(0x7f00000001c0)='/dev/amidi#\x00', 0x0, 0x0) r4 = accept4$vsock_stream(r3, &(0x7f0000000340)={0x28, 0x0, 0xffffffff, @my=0x0}, 0x10, 0x80000) ioctl$SNDRV_TIMER_IOCTL_SELECT(r1, 0x40345410, &(0x7f0000000400)={{0x80100000001}}) ioctl$SNDRV_TIMER_IOCTL_PARAMS(r1, 0x40505412, &(0x7f000001cfb0)={0x0, 0x0, 0x0, 0x0, 0xf}) read(r1, &(0x7f0000000200)=""/228, 0xe4) r5 = openat$cuse(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/cuse\x00', 0x400000, 0x0) getsockopt$netrom_NETROM_T1(r5, 0x103, 0x1, &(0x7f0000000600), &(0x7f0000000640)=0x4) ioctl$SNDRV_TIMER_IOCTL_START(r1, 0x54a0) getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r4, 0x84, 0x6, &(0x7f00000004c0)={0x0, @in={{0x2, 0x4e21, @local={0xac, 0x14, 0x14, 0xaa}}}}, &(0x7f0000000440)=0x84) setsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(r5, 0x84, 0x72, &(0x7f00000006c0)={r6, 0xea49}, 0xc) socket$nl_xfrm(0x10, 0x3, 0x6) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000680)='/dev/vga_arbiter\x00', 0x8000, 0x0) syz_init_net_socket$nfc_llcp(0x27, 0x3, 0x1) ioctl$KVM_SET_NR_MMU_PAGES(r5, 0xae44, 0x40) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f0000000480)) r7 = dup2(0xffffffffffffffff, r0) bind$bt_l2cap(r7, &(0x7f0000000040)={0x1f, 0x5b91, {0xd, 0x4, 0x0, 0x8006, 0x5, 0x6}, 0x0, 0x5}, 0xe) preadv(r7, &(0x7f00000007c0)=[{&(0x7f0000000140)=""/100, 0x64}, {&(0x7f0000000240)=""/66, 0x42}, {&(0x7f00000002c0)=""/115, 0x73}, {&(0x7f0000000380)=""/71, 0x47}], 0x4, 0x16) 2018/03/31 03:07:37 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0x0, 0x801) getgroups(0x0, &(0x7f0000000500)) mmap$binder(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x10, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000000c0)={0x3d6, 0x0, &(0x7f00000001c0)=ANY=[], 0x407, 0x0, &(0x7f00000004c0)="e718c678de7a3b7c6af63e413cd5ffd2355006b90295e59b944ae30b53c5e0fb06504316e64898a349e3220fa658c2092306f433254289bcf5cf48a952c6e7eb4c54969299c6123213c5518ec0276eec669de3b62c531bcf2ba950c84bb12b57275938926ff74b0a8fe76d6e8de191b41f549e02c8262b5bf0d716c5f23d4dae1e2d8aac7c0b2386ed16e3b0c7fb6e60c5bbd3d1efb87f99573a5ced5b7f13f75995a776f3c7e6ed23b5056ebec90c762d6ebdd8a7de0f61884f12294d1a1a3696ca768758bc197a050a453209d4fe9930a7053742a70a6fe08461645091bc00c6f25addfbc55c3d37fe35"}) 2018/03/31 03:07:37 executing program 2: sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r0 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) r1 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) fchdir(0xffffffffffffffff) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) getsockopt$inet6_tcp_buf(r0, 0x6, 0xf, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_pid(r3, &(0x7f0000000100)=ANY=[], 0x1023c) fadvise64(0xffffffffffffffff, 0x0, 0x0, 0x4) ioctl$TUNGETFEATURES(r2, 0x800454cf, &(0x7f00000002c0)) fallocate(r2, 0x0, 0x0, 0xffff) r4 = inotify_init1(0x0) open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) r5 = inotify_init1(0x80800) dup2(r4, r5) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1eec7e667e9c22c674d6eb942b78258369909dc", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000000280)) sendmsg$IPVS_CMD_GET_INFO(r1, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(r1, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) ioctl(r0, 0x2285, &(0x7f0000007000)='S') 2018/03/31 03:07:37 executing program 6: sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r0 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) r1 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) fchdir(0xffffffffffffffff) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) getsockopt$inet6_tcp_buf(r0, 0x6, 0xf, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_pid(r3, &(0x7f0000000100)=ANY=[], 0x1023c) fadvise64(r2, 0x0, 0x0, 0x4) fallocate(r2, 0x0, 0x0, 0xffff) r4 = inotify_init1(0x0) open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) r5 = inotify_init1(0x80800) dup2(r4, r5) fstatfs(r4, &(0x7f0000000040)=""/62) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000000280)) sendmsg$IPVS_CMD_GET_INFO(r1, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(r2, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(r1, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) ioctl(r0, 0x2285, &(0x7f0000007000)='S') 2018/03/31 03:07:37 executing program 5: sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r0 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) r1 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) fchdir(0xffffffffffffffff) r2 = creat(&(0x7f0000000480)='./file0\x00', 0x8) getsockopt$inet6_tcp_buf(r0, 0x6, 0xf, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_pid(r3, &(0x7f0000000100)=ANY=[], 0x1023c) fcntl$setsig(r2, 0xa, 0x2b) fadvise64(r2, 0x0, 0x0, 0x4) ioctl$TUNGETFEATURES(r2, 0x800454cf, &(0x7f00000002c0)) fallocate(r2, 0x0, 0x0, 0xffff) r4 = inotify_init1(0x0) open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) r5 = inotify_init1(0x80800) syz_open_dev$audion(&(0x7f0000000040)='/dev/audio#\x00', 0x80000000, 0x400000) dup2(r4, r5) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1eec7e667e9c22c674d6eb942b78258369909dc", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000000280)) sendmsg$IPVS_CMD_GET_INFO(r1, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(r2, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(r1, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) ioctl(r0, 0x2285, &(0x7f0000007000)='S') 2018/03/31 03:07:37 executing program 7: sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r0 = accept4$inet(0xffffffffffffffff, &(0x7f0000000680)={0x0, 0x0, @remote}, &(0x7f00000006c0)=0x10, 0x80000) getsockopt$bt_hci(r0, 0x0, 0x2, &(0x7f0000000700)=""/163, &(0x7f00000007c0)=0xa3) socketpair$ax25(0x3, 0x7, 0xcd, &(0x7f00000004c0)={0xffffffffffffffff}) getsockopt$bt_hci(r1, 0x0, 0x1, &(0x7f0000000580)=""/192, &(0x7f0000000640)=0xc0) r2 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) r3 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) fchdir(0xffffffffffffffff) r4 = creat(&(0x7f0000000080)='./file0\x00', 0x0) getsockopt$inet6_tcp_buf(r2, 0x6, 0xf, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) r5 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_pid(r5, &(0x7f0000000100)=ANY=[], 0x1023c) fadvise64(r4, 0x0, 0x0, 0x4) ioctl$TUNGETFEATURES(r4, 0x800454cf, &(0x7f00000002c0)) fallocate(r4, 0x0, 0x0, 0xffff) r6 = inotify_init1(0x0) open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) getsockopt$sock_cred(r3, 0x1, 0x11, &(0x7f0000000440), &(0x7f0000000480)=0xc) r7 = inotify_init1(0x80800) dup2(r6, r7) fstatfs(r6, &(0x7f0000000040)=""/62) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1eec7e667e9c22c674d6eb942b78258369909dc", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") ioctl$sock_SIOCGPGRP(r5, 0x8904, &(0x7f0000000280)) sendmsg$IPVS_CMD_GET_INFO(r3, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) ioctl$sock_FIOSETOWN(r1, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(r4, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(r3, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) ioctl(r2, 0x2285, &(0x7f0000007000)='S') 2018/03/31 03:07:37 executing program 3: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ppp\x00', 0x40000, 0x0) ioctl$FIONREAD(r0, 0x541b, &(0x7f0000000440)) sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r1 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) r2 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) fchdir(0xffffffffffffffff) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) socket(0xf, 0x7, 0x8) getsockopt$inet6_tcp_buf(r1, 0x6, 0xf, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) r4 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_pid(r4, &(0x7f0000000100)=ANY=[], 0x1023c) fadvise64(r3, 0x0, 0x0, 0x4) fallocate(r3, 0x0, 0x0, 0xffff) r5 = inotify_init1(0x0) open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) getsockopt$inet6_buf(r4, 0x29, 0x2a, &(0x7f0000000580)=""/148, &(0x7f0000000480)=0x94) r6 = inotify_init1(0x80800) dup2(r5, r6) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1eec7e667e9c22c674d6eb942b78258369909dc", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") ioctl$sock_SIOCGPGRP(r4, 0x8904, &(0x7f0000000280)) sendmsg$IPVS_CMD_GET_INFO(r2, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(r3, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}, 0x10}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(r2, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) ioctl(r1, 0x2285, &(0x7f0000007000)='S') 2018/03/31 03:07:37 executing program 1 (fault-call:10 fault-nth:25): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x2800000, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="8da4363a00000000000000000000000000000000000000000000000000000000ecf6f2a3299748aeb81e1b00920efd9a000001000000000001000000000000005f42485266535f4d050000000000000000104000000000000000020000000000000000000000000000000000000000000000800200000000007000000000000006000000000000000100000000000000001000000010000000100000001000006100000004000000000000000000000000000000000000000000000045010000000000000000000000010000000000000000008002000000000000800000000000001000000010000000100000000000000000000000000000000000000000000000000000000000000000c08de47c70514c95b95e109e96a0b90decf6f2a3299748aeb81e1b00920efd9a00", 0x12c, 0x10000}], 0x0, &(0x7f0000014300)) mkdir(&(0x7f0000000040)='./file0\x00', 0x1c1) syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000180)="2f2f66696c653002", 0x80, 0x1, &(0x7f0000000900)=[{&(0x7f0000000400)="726b0bf4cf9ea0007fa7cf2e5c463c327b275b956e7a407a7776f3f680f45f33407d01287d4ef58cd8d319309c29643917d4bc86f568f8852b2e6c7cee837e0715e7aa7f82e970e6d76f2290b63efeed63f0785b36f4e95bdf2f07271dbd7d278d79d59de5", 0x65, 0x4}], 0x240000, &(0x7f0000000a00)={'nouuid,'}) r0 = open(&(0x7f00000002c0)='./file0\x00', 0x0, 0x0) symlinkat(&(0x7f0000000240)='./file0/file0/file0\x00', r0, &(0x7f0000000140)='./file0\x00') ioctl$UFFDIO_UNREGISTER(r0, 0x8010aa01, &(0x7f00000003c0)={&(0x7f0000ffc000/0x1000)=nil, 0x1000}) syz_open_pts(r0, 0x646041) unlinkat(r0, &(0x7f0000000080)='./file0/file0/file0\x00', 0x0) renameat(r0, &(0x7f0000000040)="2f2f66696c653002", 0xffffffffffffffff, &(0x7f0000000100)='./file1\x00') mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f0000000280)='./file0/file0\x00', &(0x7f0000026ff8)='./file0\x00', &(0x7f0000000240)='rpc_pipefs\x00', 0x0, &(0x7f0000ae2fff)) umount2(&(0x7f0000000000)='./file0\x00', 0x0) fcntl$notify(r0, 0x402, 0x1b) symlinkat(&(0x7f0000000800)='./file0\x00', 0xffffffffffffffff, &(0x7f0000000780)='./file0/file0\x00') mkdir(&(0x7f0000000380)='./file0\x00', 0x2) renameat(r0, &(0x7f0000000300)="2f2f66696c653002", 0xffffffffffffffff, &(0x7f0000000340)='./file1\x00') [ 400.843746] FAULT_INJECTION: forcing a failure. [ 400.843746] name failslab, interval 1, probability 0, space 0, times 0 [ 400.855048] CPU: 1 PID: 26207 Comm: syz-executor1 Not tainted 4.16.0-rc7+ #7 [ 400.862230] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 400.871577] Call Trace: [ 400.874179] dump_stack+0x194/0x24d [ 400.877814] ? arch_local_irq_restore+0x53/0x53 [ 400.882479] ? __save_stack_trace+0x7e/0xd0 [ 400.886807] should_fail+0x8c0/0xa40 2018/03/31 03:07:37 executing program 3: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ppp\x00', 0x40000, 0x0) ioctl$FIONREAD(r0, 0x541b, &(0x7f0000000440)) sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r1 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) r2 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) fchdir(0xffffffffffffffff) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) socket(0xf, 0x7, 0x8) getsockopt$inet6_tcp_buf(r1, 0x6, 0xf, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) r4 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_pid(r4, &(0x7f0000000100)=ANY=[], 0x1023c) fadvise64(r3, 0x0, 0x0, 0x4) fallocate(r3, 0x0, 0x0, 0xffff) r5 = inotify_init1(0x0) open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) getsockopt$inet6_buf(r4, 0x29, 0x2a, &(0x7f0000000580)=""/148, &(0x7f0000000480)=0x94) r6 = inotify_init1(0x80800) dup2(r5, r6) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1eec7e667e9c22c674d6eb942b78258369909dc", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") ioctl$sock_SIOCGPGRP(r4, 0x8904, &(0x7f0000000280)) sendmsg$IPVS_CMD_GET_INFO(r2, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(r3, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}, 0x10}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(r2, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) ioctl(r1, 0x2285, &(0x7f0000007000)='S') [ 400.890521] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 400.895622] ? kasan_kmalloc+0xad/0xe0 [ 400.899503] ? kmem_cache_alloc_trace+0x136/0x740 [ 400.904343] ? __memcg_init_list_lru_node+0x169/0x270 [ 400.909524] ? __list_lru_init+0x544/0x750 [ 400.913752] ? sget_userns+0x6b1/0xe40 [ 400.917638] ? vfs_kern_mount.part.26+0xc6/0x4a0 [ 400.922385] ? do_mount+0xea4/0x2bb0 [ 400.926087] ? SyS_mount+0xab/0x120 [ 400.929710] ? do_syscall_64+0x281/0x940 [ 400.933767] ? entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 400.939131] ? find_held_lock+0x35/0x1d0 2018/03/31 03:07:37 executing program 3: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ppp\x00', 0x40000, 0x0) ioctl$FIONREAD(r0, 0x541b, &(0x7f0000000440)) sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r1 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) r2 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) fchdir(0xffffffffffffffff) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) socket(0xf, 0x7, 0x8) getsockopt$inet6_tcp_buf(r1, 0x6, 0xf, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) r4 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_pid(r4, &(0x7f0000000100)=ANY=[], 0x1023c) ioctl$TUNGETFEATURES(r3, 0x800454cf, &(0x7f00000002c0)) fallocate(r3, 0x0, 0x0, 0xffff) r5 = inotify_init1(0x0) open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) getsockopt$inet6_buf(r4, 0x29, 0x2a, &(0x7f0000000580)=""/148, &(0x7f0000000480)=0x94) r6 = inotify_init1(0x80800) dup2(r5, r6) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1eec7e667e9c22c674d6eb942b78258369909dc", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") ioctl$sock_SIOCGPGRP(r4, 0x8904, &(0x7f0000000280)) sendmsg$IPVS_CMD_GET_INFO(r2, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(r3, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}, 0x10}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(r2, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) ioctl(r1, 0x2285, &(0x7f0000007000)='S') [ 400.943192] ? __lock_is_held+0xb6/0x140 [ 400.947260] ? check_same_owner+0x320/0x320 [ 400.951584] ? rcu_note_context_switch+0x710/0x710 [ 400.956519] should_failslab+0xec/0x120 [ 400.960486] kmem_cache_alloc_trace+0x4b/0x740 [ 400.965063] ? __kmalloc_node+0x33/0x70 [ 400.969031] ? __kmalloc_node+0x33/0x70 [ 400.973000] ? rcu_read_lock_sched_held+0x108/0x120 [ 400.978013] __memcg_init_list_lru_node+0x169/0x270 [ 400.983031] ? list_lru_add+0x7c0/0x7c0 [ 400.987002] ? __kmalloc_node+0x47/0x70 2018/03/31 03:07:37 executing program 3: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ppp\x00', 0x40000, 0x0) ioctl$FIONREAD(r0, 0x541b, &(0x7f0000000440)) sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r1 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) r2 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) fchdir(0xffffffffffffffff) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) socket(0xf, 0x7, 0x8) getsockopt$inet6_tcp_buf(r1, 0x6, 0xf, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) r4 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_pid(r4, &(0x7f0000000100)=ANY=[], 0x1023c) ioctl$TUNGETFEATURES(r3, 0x800454cf, &(0x7f00000002c0)) fallocate(r3, 0x0, 0x0, 0xffff) r5 = inotify_init1(0x0) open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) getsockopt$inet6_buf(r4, 0x29, 0x2a, &(0x7f0000000580)=""/148, &(0x7f0000000480)=0x94) r6 = inotify_init1(0x80800) dup2(r5, r6) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1eec7e667e9c22c674d6eb942b78258369909dc", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") ioctl$sock_SIOCGPGRP(r4, 0x8904, &(0x7f0000000280)) sendmsg$IPVS_CMD_GET_INFO(r2, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(r3, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}, 0x10}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(r2, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) ioctl(r1, 0x2285, &(0x7f0000007000)='S') [ 400.990978] __list_lru_init+0x544/0x750 [ 400.995039] ? memcg_destroy_list_lru_node.isra.7+0x110/0x110 [ 401.000926] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 401.005946] ? lockdep_init_map+0x9/0x10 [ 401.010001] sget_userns+0x6b1/0xe40 [ 401.013707] ? set_anon_super+0x20/0x20 [ 401.017674] ? put_filp+0x90/0x90 [ 401.021123] ? destroy_unused_super.part.6+0xd0/0xd0 [ 401.026220] ? __alloc_pages_slowpath+0x2d10/0x2d10 [ 401.031230] ? trace_hardirqs_off+0x10/0x10 [ 401.035548] ? putname+0xee/0x130 [ 401.038994] ? cap_capable+0x1b5/0x230 2018/03/31 03:07:37 executing program 3: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ppp\x00', 0x40000, 0x0) ioctl$FIONREAD(r0, 0x541b, &(0x7f0000000440)) sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r1 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) r2 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) fchdir(0xffffffffffffffff) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) socket(0xf, 0x7, 0x8) getsockopt$inet6_tcp_buf(r1, 0x6, 0xf, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) r4 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_pid(r4, &(0x7f0000000100)=ANY=[], 0x1023c) ioctl$TUNGETFEATURES(r3, 0x800454cf, &(0x7f00000002c0)) fallocate(r3, 0x0, 0x0, 0xffff) r5 = inotify_init1(0x0) open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) getsockopt$inet6_buf(r4, 0x29, 0x2a, &(0x7f0000000580)=""/148, &(0x7f0000000480)=0x94) r6 = inotify_init1(0x80800) dup2(r5, r6) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1eec7e667e9c22c674d6eb942b78258369909dc", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") ioctl$sock_SIOCGPGRP(r4, 0x8904, &(0x7f0000000280)) sendmsg$IPVS_CMD_GET_INFO(r2, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(r3, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}, 0x10}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(r2, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) ioctl(r1, 0x2285, &(0x7f0000007000)='S') [ 401.042884] ? security_capable+0x8e/0xc0 [ 401.047033] ? rpc_remove_pipe_dir_object+0x6d0/0x6d0 [ 401.052224] ? ns_capable_common+0xcf/0x160 [ 401.056545] ? rpc_remove_pipe_dir_object+0x6d0/0x6d0 [ 401.061733] mount_ns+0x6d/0x190 [ 401.065104] rpc_mount+0x9e/0xd0 [ 401.068467] mount_fs+0x66/0x2d0 [ 401.071832] vfs_kern_mount.part.26+0xc6/0x4a0 [ 401.076413] ? may_umount+0xa0/0xa0 [ 401.080033] ? _raw_read_unlock+0x22/0x30 [ 401.084166] ? __get_fs_type+0x8a/0xc0 [ 401.088047] do_mount+0xea4/0x2bb0 [ 401.091588] ? copy_mount_string+0x40/0x40 [ 401.095818] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 401.100831] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 401.105599] ? retint_kernel+0x10/0x10 [ 401.109483] ? copy_mount_options+0x18b/0x2e0 [ 401.113972] ? copy_mount_options+0x196/0x2e0 [ 401.118459] ? copy_mount_options+0x1f7/0x2e0 [ 401.122949] SyS_mount+0xab/0x120 [ 401.126394] ? copy_mnt_ns+0xb30/0xb30 [ 401.130279] do_syscall_64+0x281/0x940 [ 401.134164] ? vmalloc_sync_all+0x30/0x30 [ 401.138308] ? _raw_spin_unlock_irq+0x27/0x70 2018/03/31 03:07:37 executing program 3: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ppp\x00', 0x40000, 0x0) ioctl$FIONREAD(r0, 0x541b, &(0x7f0000000440)) sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r1 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) r2 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) fchdir(0xffffffffffffffff) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) socket(0xf, 0x7, 0x8) getsockopt$inet6_tcp_buf(r1, 0x6, 0xf, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) r4 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fadvise64(r3, 0x0, 0x0, 0x4) ioctl$TUNGETFEATURES(r3, 0x800454cf, &(0x7f00000002c0)) fallocate(r3, 0x0, 0x0, 0xffff) r5 = inotify_init1(0x0) open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) getsockopt$inet6_buf(r4, 0x29, 0x2a, &(0x7f0000000580)=""/148, &(0x7f0000000480)=0x94) r6 = inotify_init1(0x80800) dup2(r5, r6) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1eec7e667e9c22c674d6eb942b78258369909dc", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") ioctl$sock_SIOCGPGRP(r4, 0x8904, &(0x7f0000000280)) sendmsg$IPVS_CMD_GET_INFO(r2, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(r3, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}, 0x10}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(r2, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) ioctl(r1, 0x2285, &(0x7f0000007000)='S') [ 401.142798] ? finish_task_switch+0x1c1/0x7e0 [ 401.147287] ? syscall_return_slowpath+0x550/0x550 [ 401.152209] ? syscall_return_slowpath+0x2ac/0x550 [ 401.157138] ? prepare_exit_to_usermode+0x350/0x350 [ 401.162145] ? entry_SYSCALL_64_after_hwframe+0x52/0xb7 [ 401.167503] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 401.172347] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 401.177530] RIP: 0033:0x454e79 [ 401.180719] RSP: 002b:00007fb29f67ac68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 2018/03/31 03:07:37 executing program 3: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ppp\x00', 0x40000, 0x0) ioctl$FIONREAD(r0, 0x541b, &(0x7f0000000440)) sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r1 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) r2 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) fchdir(0xffffffffffffffff) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) socket(0xf, 0x7, 0x8) getsockopt$inet6_tcp_buf(r1, 0x6, 0xf, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) r4 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fadvise64(r3, 0x0, 0x0, 0x4) ioctl$TUNGETFEATURES(r3, 0x800454cf, &(0x7f00000002c0)) fallocate(r3, 0x0, 0x0, 0xffff) r5 = inotify_init1(0x0) open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) getsockopt$inet6_buf(r4, 0x29, 0x2a, &(0x7f0000000580)=""/148, &(0x7f0000000480)=0x94) r6 = inotify_init1(0x80800) dup2(r5, r6) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1eec7e667e9c22c674d6eb942b78258369909dc", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") ioctl$sock_SIOCGPGRP(r4, 0x8904, &(0x7f0000000280)) sendmsg$IPVS_CMD_GET_INFO(r2, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(r3, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}, 0x10}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(r2, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) ioctl(r1, 0x2285, &(0x7f0000007000)='S') [ 401.188427] RAX: ffffffffffffffda RBX: 00007fb29f67b6d4 RCX: 0000000000454e79 [ 401.195700] RDX: 0000000020000240 RSI: 0000000020026ff8 RDI: 0000000020000280 [ 401.202968] RBP: 000000000072bea0 R08: 0000000020ae2fff R09: 0000000000000000 [ 401.210233] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000014 [ 401.217502] R13: 00000000000003fa R14: 00000000006f8010 R15: 0000000000000019 2018/03/31 03:07:37 executing program 1 (fault-call:10 fault-nth:26): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x2800000, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="8da4363a00000000000000000000000000000000000000000000000000000000ecf6f2a3299748aeb81e1b00920efd9a000001000000000001000000000000005f42485266535f4d050000000000000000104000000000000000020000000000000000000000000000000000000000000000800200000000007000000000000006000000000000000100000000000000001000000010000000100000001000006100000004000000000000000000000000000000000000000000000045010000000000000000000000010000000000000000008002000000000000800000000000001000000010000000100000000000000000000000000000000000000000000000000000000000000000c08de47c70514c95b95e109e96a0b90decf6f2a3299748aeb81e1b00920efd9a00", 0x12c, 0x10000}], 0x0, &(0x7f0000014300)) mkdir(&(0x7f0000000040)='./file0\x00', 0x1c1) syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000180)="2f2f66696c653002", 0x80, 0x1, &(0x7f0000000900)=[{&(0x7f0000000400)="726b0bf4cf9ea0007fa7cf2e5c463c327b275b956e7a407a7776f3f680f45f33407d01287d4ef58cd8d319309c29643917d4bc86f568f8852b2e6c7cee837e0715e7aa7f82e970e6d76f2290b63efeed63f0785b36f4e95bdf2f07271dbd7d278d79d59de5", 0x65, 0x4}], 0x240000, &(0x7f0000000a00)={'nouuid,'}) r0 = open(&(0x7f00000002c0)='./file0\x00', 0x0, 0x0) symlinkat(&(0x7f0000000240)='./file0/file0/file0\x00', r0, &(0x7f0000000140)='./file0\x00') ioctl$UFFDIO_UNREGISTER(r0, 0x8010aa01, &(0x7f00000003c0)={&(0x7f0000ffc000/0x1000)=nil, 0x1000}) syz_open_pts(r0, 0x646041) unlinkat(r0, &(0x7f0000000080)='./file0/file0/file0\x00', 0x0) renameat(r0, &(0x7f0000000040)="2f2f66696c653002", 0xffffffffffffffff, &(0x7f0000000100)='./file1\x00') mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f0000000280)='./file0/file0\x00', &(0x7f0000026ff8)='./file0\x00', &(0x7f0000000240)='rpc_pipefs\x00', 0x0, &(0x7f0000ae2fff)) umount2(&(0x7f0000000000)='./file0\x00', 0x0) fcntl$notify(r0, 0x402, 0x1b) symlinkat(&(0x7f0000000800)='./file0\x00', 0xffffffffffffffff, &(0x7f0000000780)='./file0/file0\x00') mkdir(&(0x7f0000000380)='./file0\x00', 0x2) renameat(r0, &(0x7f0000000300)="2f2f66696c653002", 0xffffffffffffffff, &(0x7f0000000340)='./file1\x00') 2018/03/31 03:07:37 executing program 2: sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r0 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) r1 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) fchdir(0xffffffffffffffff) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) getsockopt$inet6_tcp_buf(r0, 0x6, 0xf, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_pid(r3, &(0x7f0000000100)=ANY=[], 0x1023c) fadvise64(0xffffffffffffffff, 0x0, 0x0, 0x4) ioctl$TUNGETFEATURES(r2, 0x800454cf, &(0x7f00000002c0)) fallocate(r2, 0x0, 0x0, 0xffff) r4 = inotify_init1(0x0) open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) r5 = inotify_init1(0x80800) dup2(r4, r5) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1eec7e667e9c22c674d6eb942b78258369909dc", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000000280)) sendmsg$IPVS_CMD_GET_INFO(r1, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(r1, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) ioctl(r0, 0x2285, &(0x7f0000007000)='S') [ 401.286498] binder: 26203:26233 unknown command 0 [ 401.302230] binder: 26203:26233 ioctl c0306201 200000c0 returned -22 [ 401.340017] FAULT_INJECTION: forcing a failure. [ 401.340017] name failslab, interval 1, probability 0, space 0, times 0 [ 401.351455] CPU: 1 PID: 26244 Comm: syz-executor1 Not tainted 4.16.0-rc7+ #7 [ 401.358638] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 401.367993] Call Trace: [ 401.371813] dump_stack+0x194/0x24d [ 401.375461] ? arch_local_irq_restore+0x53/0x53 [ 401.380146] ? __save_stack_trace+0x7e/0xd0 [ 401.384489] should_fail+0x8c0/0xa40 [ 401.388211] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 401.393316] ? kasan_kmalloc+0xad/0xe0 [ 401.397200] ? kmem_cache_alloc_trace+0x136/0x740 [ 401.402037] ? __memcg_init_list_lru_node+0x169/0x270 [ 401.407224] ? __list_lru_init+0x544/0x750 [ 401.411453] ? sget_userns+0x6b1/0xe40 [ 401.415338] ? vfs_kern_mount.part.26+0xc6/0x4a0 [ 401.420084] ? do_mount+0xea4/0x2bb0 [ 401.423789] ? SyS_mount+0xab/0x120 [ 401.427410] ? do_syscall_64+0x281/0x940 [ 401.431467] ? entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 401.436842] ? find_held_lock+0x35/0x1d0 [ 401.440904] ? __lock_is_held+0xb6/0x140 [ 401.444966] ? check_same_owner+0x320/0x320 [ 401.449286] ? rcu_note_context_switch+0x710/0x710 [ 401.454214] should_failslab+0xec/0x120 [ 401.458183] kmem_cache_alloc_trace+0x4b/0x740 [ 401.462760] ? __kmalloc_node+0x33/0x70 [ 401.466732] ? __kmalloc_node+0x33/0x70 [ 401.470705] ? rcu_read_lock_sched_held+0x108/0x120 [ 401.475720] __memcg_init_list_lru_node+0x169/0x270 [ 401.480733] ? list_lru_add+0x7c0/0x7c0 [ 401.484684] ? __kmalloc_node+0x47/0x70 [ 401.488637] __list_lru_init+0x544/0x750 [ 401.492676] ? memcg_destroy_list_lru_node.isra.7+0x110/0x110 [ 401.499209] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 401.504208] ? lockdep_init_map+0x9/0x10 [ 401.508249] sget_userns+0x6b1/0xe40 [ 401.511936] ? set_anon_super+0x20/0x20 [ 401.515886] ? put_filp+0x90/0x90 [ 401.519316] ? destroy_unused_super.part.6+0xd0/0xd0 [ 401.524398] ? __alloc_pages_slowpath+0x2d10/0x2d10 [ 401.529402] ? trace_hardirqs_off+0x10/0x10 [ 401.533698] ? putname+0xee/0x130 [ 401.537132] ? cap_capable+0x1b5/0x230 [ 401.540995] ? security_capable+0x8e/0xc0 [ 401.545123] ? rpc_remove_pipe_dir_object+0x6d0/0x6d0 [ 401.550291] ? ns_capable_common+0xcf/0x160 [ 401.554590] ? rpc_remove_pipe_dir_object+0x6d0/0x6d0 [ 401.559753] mount_ns+0x6d/0x190 [ 401.563095] rpc_mount+0x9e/0xd0 [ 401.566439] mount_fs+0x66/0x2d0 [ 401.569784] vfs_kern_mount.part.26+0xc6/0x4a0 [ 401.574340] ? may_umount+0xa0/0xa0 [ 401.577941] ? _raw_read_unlock+0x22/0x30 [ 401.582062] ? __get_fs_type+0x8a/0xc0 [ 401.585925] do_mount+0xea4/0x2bb0 [ 401.589442] ? copy_mount_string+0x40/0x40 [ 401.593652] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 401.598643] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 401.603375] ? retint_kernel+0x10/0x10 [ 401.607252] ? copy_mount_options+0x18b/0x2e0 [ 401.611721] ? copy_mount_options+0x193/0x2e0 [ 401.616190] ? copy_mount_options+0x1f7/0x2e0 [ 401.620660] SyS_mount+0xab/0x120 [ 401.624086] ? copy_mnt_ns+0xb30/0xb30 [ 401.627947] do_syscall_64+0x281/0x940 [ 401.631812] ? vmalloc_sync_all+0x30/0x30 [ 401.635934] ? _raw_spin_unlock_irq+0x27/0x70 [ 401.640443] ? finish_task_switch+0x1c1/0x7e0 [ 401.644911] ? syscall_return_slowpath+0x550/0x550 [ 401.649819] ? syscall_return_slowpath+0x2ac/0x550 [ 401.654725] ? prepare_exit_to_usermode+0x350/0x350 [ 401.659716] ? entry_SYSCALL_64_after_hwframe+0x52/0xb7 [ 401.665062] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 401.669886] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 401.675053] RIP: 0033:0x454e79 [ 401.678216] RSP: 002b:00007fb29f67ac68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 401.685899] RAX: ffffffffffffffda RBX: 00007fb29f67b6d4 RCX: 0000000000454e79 [ 401.693143] RDX: 0000000020000240 RSI: 0000000020026ff8 RDI: 0000000020000280 [ 401.700387] RBP: 000000000072bea0 R08: 0000000020ae2fff R09: 0000000000000000 [ 401.707629] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000014 [ 401.714875] R13: 00000000000003fa R14: 00000000006f8010 R15: 000000000000001a 2018/03/31 03:07:38 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x20000, 0x0) r1 = syz_open_dev$sndtimer(&(0x7f00000000c0)='/dev/snd/timer\x00', 0x0, 0x0) read(r1, &(0x7f0000ec6000)=""/50, 0x32) r2 = socket$bt_cmtp(0x1f, 0x3, 0x5) ioctl$sock_bt_cmtp_CMTPGETCONNINFO(r2, 0x800443d3, &(0x7f0000000080)={{0x6, 0x6, 0xffffffffffffff0b, 0xb73, 0x3ff, 0xfff}, 0xf32, 0x80000001, 0x7}) r3 = syz_open_dev$amidi(&(0x7f00000001c0)='/dev/amidi#\x00', 0x0, 0x0) accept4$vsock_stream(r3, &(0x7f0000000340)={0x28, 0x0, 0xffffffff, @my=0x0}, 0x10, 0x80000) ioctl$SNDRV_TIMER_IOCTL_SELECT(r1, 0x40345410, &(0x7f0000000400)={{0x80100000001}}) ioctl$SNDRV_TIMER_IOCTL_PARAMS(r1, 0x40505412, &(0x7f000001cfb0)={0x0, 0x0, 0x0, 0x0, 0xf}) read(r1, &(0x7f0000000200)=""/228, 0xe4) r4 = openat$cuse(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/cuse\x00', 0x400000, 0x0) getsockopt$netrom_NETROM_T1(r4, 0x103, 0x1, &(0x7f0000000600), &(0x7f0000000640)=0x4) recvmmsg(r4, &(0x7f0000001c00)=[{{&(0x7f00000004c0)=@hci, 0x80, &(0x7f0000000740)=[{&(0x7f0000000540)=""/99, 0x63}, {&(0x7f00000006c0)=""/9, 0x9}, {&(0x7f0000000700)=""/39, 0x27}], 0x3, &(0x7f0000000d00)=""/147, 0x93, 0x7f}, 0xf4}, {{&(0x7f0000000dc0)=@can, 0x80, &(0x7f00000010c0)=[{&(0x7f0000000780)=""/1, 0x1}, {&(0x7f0000000e40)=""/179, 0xb3}, {&(0x7f0000000f00)=""/139, 0x8b}, {&(0x7f0000000fc0)=""/227, 0xe3}], 0x4, 0x0, 0x0, 0x6}, 0x100000}, {{&(0x7f0000001100)=@pppol2tpv3in6={0x0, 0x0, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, @mcast1}}}, 0x80, &(0x7f0000001440)=[{&(0x7f0000001180)=""/254, 0xfe}, {&(0x7f0000001280)=""/183, 0xb7}, {&(0x7f0000001340)=""/217, 0xd9}], 0x3, &(0x7f0000001480)=""/9, 0x9, 0x3}, 0x4}, {{&(0x7f00000014c0)=@in6={0x0, 0x0, 0x0, @dev}, 0x80, &(0x7f00000017c0)=[{&(0x7f0000001540)=""/190, 0xbe}, {&(0x7f0000001600)=""/28, 0x1c}, {&(0x7f0000001640)=""/184, 0xb8}, {&(0x7f0000001700)=""/15, 0xf}, {&(0x7f0000001740)=""/98, 0x62}], 0x5, &(0x7f0000001840)=""/141, 0x8d, 0x7}, 0x7b}, {{&(0x7f0000001900)=@pppol2tpv3={0x0, 0x0, {0x0, 0xffffffffffffffff, {0x0, 0x0, @remote}}}, 0x80, &(0x7f0000001ac0)=[{&(0x7f0000001980)=""/169, 0xa9}, {&(0x7f0000001a40)=""/93, 0x5d}], 0x2, &(0x7f0000001b00)=""/228, 0xe4, 0x7fffffff}, 0x9}], 0x5, 0x10000, &(0x7f0000001d40)) signalfd(r0, &(0x7f0000000440)={0x81}, 0x8) ioctl$SNDRV_CTL_IOCTL_ELEM_WRITE(r3, 0xc4c85513, &(0x7f0000000800)={{0x10, 0x5, 0x80000000, 0xfff, "2474dc63f2a65fb21d0995d053f5def0c984d7196ac4658ac7cfcfdac8ca5584b48c57a6272ceede76a6c7e5", 0x7}, 0x10000, [0xa02, 0x2, 0x4c, 0x4, 0x1ff, 0x7f, 0x2, 0x9, 0x4, 0x7fffffff, 0x3, 0x7f, 0x5, 0x10001, 0x5, 0x8, 0x7, 0x5, 0x7ff, 0x20, 0x9, 0x5, 0x0, 0xff, 0x8, 0x3, 0xff, 0xf3, 0xb54, 0x6, 0x5b, 0xfff, 0x2, 0x8, 0x2, 0x1, 0x3, 0x8b, 0x6e2, 0x0, 0xfffffffffffffffe, 0x7, 0x0, 0x7, 0x7, 0x546, 0xff, 0x100, 0xea3d, 0x9, 0x7fff, 0x8, 0x1, 0x1, 0x8, 0x1, 0x17, 0x0, 0x0, 0xfa1d, 0x99, 0x7f, 0x1, 0x9597, 0x3, 0x8, 0x4, 0xfff, 0xcb3, 0xf8dc, 0x9, 0xebf, 0x7fffffff, 0x540f433f, 0x3, 0x45f, 0x4, 0x8, 0x3b, 0x5, 0x5, 0xffff, 0x6, 0x8001, 0x7ff, 0x400, 0x5, 0x7, 0xfffffffffffffff7, 0x8000, 0x401, 0x23b, 0x4, 0xfff, 0x7ff, 0x5, 0x0, 0x8, 0xd0e, 0x7, 0xfffffffffffffc06, 0x1, 0xad, 0x8bef, 0x7fff, 0x0, 0x9, 0x3ff, 0x6, 0x100000001, 0x1, 0x9, 0x36, 0x0, 0x1, 0xffffffffffff8000, 0x800, 0x7fff, 0x3, 0x6, 0x9, 0x2, 0x3, 0xa1, 0x400, 0x0, 0x1, 0x80000001], {0x0, 0x1c9c380}}) ioctl$SNDRV_TIMER_IOCTL_START(r1, 0x54a0) socket$nl_xfrm(0x10, 0x3, 0x6) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000680)='/dev/vga_arbiter\x00', 0x8000, 0x0) ioctl$KVM_SET_NR_MMU_PAGES(r4, 0xae44, 0x40) socket$kcm(0x29, 0x5, 0x0) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f0000000480)) r5 = dup2(0xffffffffffffffff, r0) bind$bt_l2cap(r5, &(0x7f0000000040)={0x1f, 0x5b91, {0xd, 0x0, 0x0, 0x8006, 0x5, 0x6}, 0x0, 0x5}, 0xe) preadv(r5, &(0x7f00000007c0)=[{&(0x7f0000000140)=""/100, 0x64}, {&(0x7f0000000240)=""/66, 0x42}, {&(0x7f00000002c0)=""/115, 0x73}, {&(0x7f0000000380)=""/71, 0x47}], 0x4, 0x16) 2018/03/31 03:07:38 executing program 6: sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r0 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) r1 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) fchdir(0xffffffffffffffff) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) getsockopt$inet6_tcp_buf(r0, 0x6, 0xf, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_pid(r3, &(0x7f0000000100)=ANY=[], 0x1023c) ioctl$TUNGETFEATURES(r2, 0x800454cf, &(0x7f00000002c0)) fallocate(r2, 0x0, 0x0, 0xffff) r4 = inotify_init1(0x0) open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) r5 = inotify_init1(0x80800) dup2(r4, r5) fstatfs(r4, &(0x7f0000000040)=""/62) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000000280)) sendmsg$IPVS_CMD_GET_INFO(r1, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(r2, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(r1, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) ioctl(r0, 0x2285, &(0x7f0000007000)='S') 2018/03/31 03:07:38 executing program 4: r0 = syz_open_dev$binder(&(0x7f00000004c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) getgroups(0x0, &(0x7f0000000000)) mmap$binder(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x74, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0c6300000e630c40030000000000000000000000056304400000000009631040", @ANYBLOB, @ANYBLOB="000000000000000000634040000000000000000002000000000000000000000001000002000000000000000018000000000000001000000000000000", @ANYPTR=&(0x7f0000000080)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00H\x00\x00\x00\x00\x00\x00\x00'], @ANYRES64, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0xeb, 0x0, &(0x7f00000002c0)="e718c6edde7a3b7c6af63e413cd5ffd2355006b90295e59b944ae30b53c5e0fb06504316e64898a349e3220fa658c2092306f433254289bcf5cf48a952c6e7eb4c54969299c6123213c5518ec0276eec669de3b62c531bcf2ba950c84bb12b57275938926ff74b0a8fe76d6e8de191b41f549e02c8262b5bf0d716c5f23d4dae1e2d8aac7c0b2386ed16e3b0c7fb6e60c5bbd3d1efb87f99573a5ced5b7f13f75995a776f3c7e6ed23b5056ebec90c762d6ebdd8a7de0f61884f12294d1a1a3696ca768758bc197a050a453209d4fe9930a7053742a70a6fe08461645091bc00c6f25addfbc55c3d37fe35"}) 2018/03/31 03:07:38 executing program 3: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ppp\x00', 0x40000, 0x0) ioctl$FIONREAD(r0, 0x541b, &(0x7f0000000440)) sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r1 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) r2 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) fchdir(0xffffffffffffffff) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) socket(0xf, 0x7, 0x8) getsockopt$inet6_tcp_buf(r1, 0x6, 0xf, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) r4 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fadvise64(r3, 0x0, 0x0, 0x4) ioctl$TUNGETFEATURES(r3, 0x800454cf, &(0x7f00000002c0)) fallocate(r3, 0x0, 0x0, 0xffff) r5 = inotify_init1(0x0) open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) getsockopt$inet6_buf(r4, 0x29, 0x2a, &(0x7f0000000580)=""/148, &(0x7f0000000480)=0x94) r6 = inotify_init1(0x80800) dup2(r5, r6) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1eec7e667e9c22c674d6eb942b78258369909dc", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") ioctl$sock_SIOCGPGRP(r4, 0x8904, &(0x7f0000000280)) sendmsg$IPVS_CMD_GET_INFO(r2, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(r3, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}, 0x10}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(r2, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) ioctl(r1, 0x2285, &(0x7f0000007000)='S') 2018/03/31 03:07:38 executing program 5: sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r0 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) r1 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) fchdir(0xffffffffffffffff) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) getsockopt$inet6_tcp_buf(r0, 0x6, 0xf, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_pid(r3, &(0x7f0000000100)=ANY=[], 0x1023c) fadvise64(r2, 0x0, 0x0, 0x4) ioctl$TUNGETFEATURES(r2, 0x800454cf, &(0x7f00000002c0)) fallocate(r2, 0x0, 0x0, 0xffff) r4 = inotify_init1(0x0) open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) r5 = inotify_init1(0x80800) r6 = dup2(r4, r5) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1eec7e667e9c22c674d6eb942b78258369909dc", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000000280)) sendmsg$IPVS_CMD_GET_INFO(r1, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(r2, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) setsockopt$netlink_NETLINK_PKTINFO(r6, 0x10e, 0x3, &(0x7f0000000040), 0x4) ioctl$SIOCSIFMTU(r1, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) ioctl(r0, 0x2285, &(0x7f0000007000)='S') 2018/03/31 03:07:38 executing program 1 (fault-call:10 fault-nth:27): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x2800000, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="8da4363a00000000000000000000000000000000000000000000000000000000ecf6f2a3299748aeb81e1b00920efd9a000001000000000001000000000000005f42485266535f4d050000000000000000104000000000000000020000000000000000000000000000000000000000000000800200000000007000000000000006000000000000000100000000000000001000000010000000100000001000006100000004000000000000000000000000000000000000000000000045010000000000000000000000010000000000000000008002000000000000800000000000001000000010000000100000000000000000000000000000000000000000000000000000000000000000c08de47c70514c95b95e109e96a0b90decf6f2a3299748aeb81e1b00920efd9a00", 0x12c, 0x10000}], 0x0, &(0x7f0000014300)) mkdir(&(0x7f0000000040)='./file0\x00', 0x1c1) syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000180)="2f2f66696c653002", 0x80, 0x1, &(0x7f0000000900)=[{&(0x7f0000000400)="726b0bf4cf9ea0007fa7cf2e5c463c327b275b956e7a407a7776f3f680f45f33407d01287d4ef58cd8d319309c29643917d4bc86f568f8852b2e6c7cee837e0715e7aa7f82e970e6d76f2290b63efeed63f0785b36f4e95bdf2f07271dbd7d278d79d59de5", 0x65, 0x4}], 0x240000, &(0x7f0000000a00)={'nouuid,'}) r0 = open(&(0x7f00000002c0)='./file0\x00', 0x0, 0x0) symlinkat(&(0x7f0000000240)='./file0/file0/file0\x00', r0, &(0x7f0000000140)='./file0\x00') ioctl$UFFDIO_UNREGISTER(r0, 0x8010aa01, &(0x7f00000003c0)={&(0x7f0000ffc000/0x1000)=nil, 0x1000}) syz_open_pts(r0, 0x646041) unlinkat(r0, &(0x7f0000000080)='./file0/file0/file0\x00', 0x0) renameat(r0, &(0x7f0000000040)="2f2f66696c653002", 0xffffffffffffffff, &(0x7f0000000100)='./file1\x00') mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f0000000280)='./file0/file0\x00', &(0x7f0000026ff8)='./file0\x00', &(0x7f0000000240)='rpc_pipefs\x00', 0x0, &(0x7f0000ae2fff)) umount2(&(0x7f0000000000)='./file0\x00', 0x0) fcntl$notify(r0, 0x402, 0x1b) symlinkat(&(0x7f0000000800)='./file0\x00', 0xffffffffffffffff, &(0x7f0000000780)='./file0/file0\x00') mkdir(&(0x7f0000000380)='./file0\x00', 0x2) renameat(r0, &(0x7f0000000300)="2f2f66696c653002", 0xffffffffffffffff, &(0x7f0000000340)='./file1\x00') 2018/03/31 03:07:38 executing program 7: sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r0 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) r1 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) fchdir(0xffffffffffffffff) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) ioctl$sock_SIOCDELDLCI(r1, 0x8981, &(0x7f00000004c0)={'bridge0\x00', 0x1}) getsockopt$inet6_tcp_buf(r0, 0x6, 0xf, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_pid(r3, &(0x7f0000000100)=ANY=[], 0x1023c) fadvise64(r2, 0x0, 0x0, 0x4) renameat2(r3, &(0x7f0000000440)='./file0\x00', r1, &(0x7f0000000480)='./file0\x00', 0x1) ioctl$TUNGETFEATURES(r2, 0x800454cf, &(0x7f00000002c0)) fallocate(r2, 0x0, 0x0, 0xffff) r4 = inotify_init1(0x0) open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) r5 = inotify_init1(0x80800) dup2(r4, r5) fstatfs(r4, &(0x7f0000000040)=""/62) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1eec7e667e9c22c674d6eb942b78258369909dc", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000000280)) sendmsg$IPVS_CMD_GET_INFO(r1, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(r2, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(r1, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) ioctl(r0, 0x2285, &(0x7f0000007000)='S') 2018/03/31 03:07:38 executing program 2: sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r0 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) r1 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) fchdir(0xffffffffffffffff) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) getsockopt$inet6_tcp_buf(r0, 0x6, 0xf, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_pid(r3, &(0x7f0000000100)=ANY=[], 0x1023c) fadvise64(0xffffffffffffffff, 0x0, 0x0, 0x4) ioctl$TUNGETFEATURES(r2, 0x800454cf, &(0x7f00000002c0)) fallocate(r2, 0x0, 0x0, 0xffff) r4 = inotify_init1(0x0) open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) r5 = inotify_init1(0x80800) dup2(r4, r5) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1eec7e667e9c22c674d6eb942b78258369909dc", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000000280)) sendmsg$IPVS_CMD_GET_INFO(r1, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(r1, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) ioctl(r0, 0x2285, &(0x7f0000007000)='S') [ 401.826613] FAULT_INJECTION: forcing a failure. [ 401.826613] name failslab, interval 1, probability 0, space 0, times 0 [ 401.837930] CPU: 1 PID: 26261 Comm: syz-executor1 Not tainted 4.16.0-rc7+ #7 [ 401.845116] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 401.854465] Call Trace: [ 401.857057] dump_stack+0x194/0x24d [ 401.860686] ? arch_local_irq_restore+0x53/0x53 [ 401.865372] ? __save_stack_trace+0x7e/0xd0 [ 401.869709] should_fail+0x8c0/0xa40 [ 401.873422] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 401.878520] ? kasan_kmalloc+0xad/0xe0 [ 401.882407] ? kmem_cache_alloc_trace+0x136/0x740 [ 401.887248] ? __memcg_init_list_lru_node+0x169/0x270 [ 401.892429] ? __list_lru_init+0x544/0x750 [ 401.896665] ? sget_userns+0x6b1/0xe40 [ 401.900555] ? vfs_kern_mount.part.26+0xc6/0x4a0 [ 401.905301] ? do_mount+0xea4/0x2bb0 [ 401.909007] ? SyS_mount+0xab/0x120 [ 401.912627] ? do_syscall_64+0x281/0x940 [ 401.916683] ? entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 401.922046] ? find_held_lock+0x35/0x1d0 2018/03/31 03:07:38 executing program 6: sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r0 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) r1 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) fchdir(0xffffffffffffffff) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) getsockopt$inet6_tcp_buf(r0, 0x6, 0xf, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_pid(r3, &(0x7f0000000100)=ANY=[], 0x1023c) ioctl$TUNGETFEATURES(r2, 0x800454cf, &(0x7f00000002c0)) fallocate(r2, 0x0, 0x0, 0xffff) r4 = inotify_init1(0x0) open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) r5 = inotify_init1(0x80800) dup2(r4, r5) fstatfs(r4, &(0x7f0000000040)=""/62) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000000280)) sendmsg$IPVS_CMD_GET_INFO(r1, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(r2, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(r1, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) ioctl(r0, 0x2285, &(0x7f0000007000)='S') 2018/03/31 03:07:38 executing program 3: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ppp\x00', 0x40000, 0x0) ioctl$FIONREAD(r0, 0x541b, &(0x7f0000000440)) sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r1 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) r2 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) fchdir(0xffffffffffffffff) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) socket(0xf, 0x7, 0x8) getsockopt$inet6_tcp_buf(r1, 0x6, 0xf, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) write$cgroup_pid(0xffffffffffffffff, &(0x7f0000000100)=ANY=[], 0x1023c) fadvise64(r3, 0x0, 0x0, 0x4) ioctl$TUNGETFEATURES(r3, 0x800454cf, &(0x7f00000002c0)) fallocate(r3, 0x0, 0x0, 0xffff) r4 = inotify_init1(0x0) open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) getsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x2a, &(0x7f0000000580)=""/148, &(0x7f0000000480)=0x94) r5 = inotify_init1(0x80800) dup2(r4, r5) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1eec7e667e9c22c674d6eb942b78258369909dc", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000280)) sendmsg$IPVS_CMD_GET_INFO(r2, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(r3, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}, 0x10}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(r2, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) ioctl(r1, 0x2285, &(0x7f0000007000)='S') [ 401.926110] ? __lock_is_held+0xb6/0x140 [ 401.930183] ? check_same_owner+0x320/0x320 [ 401.934508] ? rcu_note_context_switch+0x710/0x710 [ 401.939444] should_failslab+0xec/0x120 [ 401.943411] kmem_cache_alloc_trace+0x4b/0x740 [ 401.947987] ? __kmalloc_node+0x33/0x70 [ 401.951951] ? __kmalloc_node+0x33/0x70 [ 401.955921] ? rcu_read_lock_sched_held+0x108/0x120 [ 401.960934] __memcg_init_list_lru_node+0x169/0x270 [ 401.965952] ? list_lru_add+0x7c0/0x7c0 [ 401.969922] ? __kmalloc_node+0x47/0x70 [ 401.973895] __list_lru_init+0x544/0x750 [ 401.977964] ? memcg_destroy_list_lru_node.isra.7+0x110/0x110 [ 401.983844] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 401.988862] ? lockdep_init_map+0x9/0x10 [ 401.992921] sget_userns+0x6b1/0xe40 [ 401.996626] ? set_anon_super+0x20/0x20 [ 402.000683] ? put_filp+0x90/0x90 [ 402.004126] ? destroy_unused_super.part.6+0xd0/0xd0 [ 402.009221] ? __alloc_pages_slowpath+0x2d10/0x2d10 [ 402.014235] ? trace_hardirqs_off+0x10/0x10 [ 402.018554] ? putname+0xee/0x130 [ 402.022000] ? cap_capable+0x1b5/0x230 2018/03/31 03:07:38 executing program 6: sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r0 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) r1 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) fchdir(0xffffffffffffffff) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) getsockopt$inet6_tcp_buf(r0, 0x6, 0xf, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_pid(r3, &(0x7f0000000100)=ANY=[], 0x1023c) ioctl$TUNGETFEATURES(r2, 0x800454cf, &(0x7f00000002c0)) fallocate(r2, 0x0, 0x0, 0xffff) r4 = inotify_init1(0x0) open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) r5 = inotify_init1(0x80800) dup2(r4, r5) fstatfs(r4, &(0x7f0000000040)=""/62) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000000280)) sendmsg$IPVS_CMD_GET_INFO(r1, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(r2, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(r1, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) ioctl(r0, 0x2285, &(0x7f0000007000)='S') 2018/03/31 03:07:38 executing program 3: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ppp\x00', 0x40000, 0x0) ioctl$FIONREAD(r0, 0x541b, &(0x7f0000000440)) sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r1 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) r2 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) fchdir(0xffffffffffffffff) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) socket(0xf, 0x7, 0x8) getsockopt$inet6_tcp_buf(r1, 0x6, 0xf, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) write$cgroup_pid(0xffffffffffffffff, &(0x7f0000000100)=ANY=[], 0x1023c) fadvise64(r3, 0x0, 0x0, 0x4) ioctl$TUNGETFEATURES(r3, 0x800454cf, &(0x7f00000002c0)) fallocate(r3, 0x0, 0x0, 0xffff) r4 = inotify_init1(0x0) open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) getsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x2a, &(0x7f0000000580)=""/148, &(0x7f0000000480)=0x94) r5 = inotify_init1(0x80800) dup2(r4, r5) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1eec7e667e9c22c674d6eb942b78258369909dc", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000280)) sendmsg$IPVS_CMD_GET_INFO(r2, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(r3, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}, 0x10}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(r2, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) ioctl(r1, 0x2285, &(0x7f0000007000)='S') [ 402.025886] ? security_capable+0x8e/0xc0 [ 402.030027] ? rpc_remove_pipe_dir_object+0x6d0/0x6d0 [ 402.035206] ? ns_capable_common+0xcf/0x160 [ 402.039540] ? rpc_remove_pipe_dir_object+0x6d0/0x6d0 [ 402.044721] mount_ns+0x6d/0x190 [ 402.048080] rpc_mount+0x9e/0xd0 [ 402.051440] mount_fs+0x66/0x2d0 [ 402.054801] vfs_kern_mount.part.26+0xc6/0x4a0 [ 402.059385] ? may_umount+0xa0/0xa0 [ 402.063007] ? _raw_read_unlock+0x22/0x30 [ 402.067148] ? __get_fs_type+0x8a/0xc0 [ 402.071030] do_mount+0xea4/0x2bb0 [ 402.074564] ? copy_mount_string+0x40/0x40 [ 402.078792] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 402.083803] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 402.088559] ? retint_kernel+0x10/0x10 [ 402.092449] ? copy_mount_options+0x18b/0x2e0 [ 402.096935] ? copy_mount_options+0x193/0x2e0 [ 402.101423] ? copy_mount_options+0x1f7/0x2e0 [ 402.105915] SyS_mount+0xab/0x120 [ 402.109361] ? copy_mnt_ns+0xb30/0xb30 [ 402.113238] do_syscall_64+0x281/0x940 [ 402.117118] ? vmalloc_sync_all+0x30/0x30 [ 402.121257] ? _raw_spin_unlock_irq+0x27/0x70 2018/03/31 03:07:38 executing program 3: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ppp\x00', 0x40000, 0x0) ioctl$FIONREAD(r0, 0x541b, &(0x7f0000000440)) sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r1 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) r2 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) fchdir(0xffffffffffffffff) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) socket(0xf, 0x7, 0x8) getsockopt$inet6_tcp_buf(r1, 0x6, 0xf, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) write$cgroup_pid(0xffffffffffffffff, &(0x7f0000000100)=ANY=[], 0x1023c) fadvise64(r3, 0x0, 0x0, 0x4) ioctl$TUNGETFEATURES(r3, 0x800454cf, &(0x7f00000002c0)) fallocate(r3, 0x0, 0x0, 0xffff) r4 = inotify_init1(0x0) open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) getsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x2a, &(0x7f0000000580)=""/148, &(0x7f0000000480)=0x94) r5 = inotify_init1(0x80800) dup2(r4, r5) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1eec7e667e9c22c674d6eb942b78258369909dc", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000280)) sendmsg$IPVS_CMD_GET_INFO(r2, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(r3, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}, 0x10}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(r2, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) ioctl(r1, 0x2285, &(0x7f0000007000)='S') 2018/03/31 03:07:38 executing program 6: sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r0 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) r1 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) fchdir(0xffffffffffffffff) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) getsockopt$inet6_tcp_buf(r0, 0x6, 0xf, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fadvise64(r2, 0x0, 0x0, 0x4) ioctl$TUNGETFEATURES(r2, 0x800454cf, &(0x7f00000002c0)) fallocate(r2, 0x0, 0x0, 0xffff) r4 = inotify_init1(0x0) open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) r5 = inotify_init1(0x80800) dup2(r4, r5) fstatfs(r4, &(0x7f0000000040)=""/62) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000000280)) sendmsg$IPVS_CMD_GET_INFO(r1, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(r2, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(r1, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) ioctl(r0, 0x2285, &(0x7f0000007000)='S') [ 402.125744] ? finish_task_switch+0x1c1/0x7e0 [ 402.130232] ? syscall_return_slowpath+0x550/0x550 [ 402.135158] ? syscall_return_slowpath+0x2ac/0x550 [ 402.140081] ? prepare_exit_to_usermode+0x350/0x350 [ 402.145091] ? entry_SYSCALL_64_after_hwframe+0x52/0xb7 [ 402.150447] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 402.155289] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 402.160464] RIP: 0033:0x454e79 [ 402.163636] RSP: 002b:00007fb29f67ac68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 2018/03/31 03:07:38 executing program 5: sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) syz_open_dev$urandom(&(0x7f0000000040)='/dev/urandom\x00', 0x0, 0x200000) r0 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) r1 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) fchdir(0xffffffffffffffff) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) getsockopt$inet6_tcp_buf(r0, 0x6, 0xf, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_pid(r3, &(0x7f0000000600)=ANY=[@ANYRES16, @ANYRES16=r0, @ANYPTR=&(0x7f00000005c0)=ANY=[@ANYPTR=&(0x7f0000000580)=ANY=[@ANYPTR, @ANYBLOB="fce0e6481eabb2c39d6decab392b4379e59bf5d6923c8426f4bf36"], @ANYRES16=r1]], 0xfffffffffffffe46) fadvise64(r2, 0x0, 0x0, 0x4) ioctl$TUNGETFEATURES(r2, 0x800454cf, &(0x7f00000002c0)) fallocate(r2, 0x0, 0x0, 0xffff) r4 = inotify_init1(0x0) r5 = open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) r6 = inotify_init1(0x80800) dup2(r4, r6) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1eec7e667e9c22c674d6eb942b78258369909dc", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000000280)) sendmsg$IPVS_CMD_GET_INFO(r1, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) connect$bt_rfcomm(r5, &(0x7f0000000440)={0x1f, {0x1ff, 0x0, 0x91cc, 0x400, 0x8, 0x9}, 0x4}, 0xa) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) fcntl$setsig(r1, 0xa, 0x1d) ioctl$KVM_X86_SETUP_MCE(r2, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(r1, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) ioctl(r0, 0x2285, &(0x7f0000007000)='S') [ 402.171334] RAX: ffffffffffffffda RBX: 00007fb29f67b6d4 RCX: 0000000000454e79 [ 402.178595] RDX: 0000000020000240 RSI: 0000000020026ff8 RDI: 0000000020000280 [ 402.185855] RBP: 000000000072bea0 R08: 0000000020ae2fff R09: 0000000000000000 [ 402.193119] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000014 [ 402.200383] R13: 00000000000003fa R14: 00000000006f8010 R15: 000000000000001b [ 402.217671] binder: 26258:26268 BC_REQUEST_DEATH_NOTIFICATION invalid ref 3 2018/03/31 03:07:38 executing program 2: sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r0 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) r1 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) fchdir(0xffffffffffffffff) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) getsockopt$inet6_tcp_buf(r0, 0x6, 0xf, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_pid(r3, &(0x7f0000000100)=ANY=[], 0x1023c) fadvise64(r2, 0x0, 0x0, 0x0) ioctl$TUNGETFEATURES(r2, 0x800454cf, &(0x7f00000002c0)) fallocate(r2, 0x0, 0x0, 0xffff) r4 = inotify_init1(0x0) open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) r5 = inotify_init1(0x80800) dup2(r4, r5) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1eec7e667e9c22c674d6eb942b78258369909dc", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000000280)) sendmsg$IPVS_CMD_GET_INFO(r1, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(r1, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) ioctl(r0, 0x2285, &(0x7f0000007000)='S') [ 402.239620] binder: 26258:26268 Acquire 1 refcount change on invalid ref 0 ret -22 [ 402.247600] binder: 26258:26268 BC_ACQUIRE_DONE u0000000000000000 no match [ 402.254654] binder: 26258:26268 unknown command 0 [ 402.315146] binder: 26258:26268 ioctl c0306201 200001c0 returned -22 2018/03/31 03:07:39 executing program 2: sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r0 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) r1 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) fchdir(0xffffffffffffffff) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) getsockopt$inet6_tcp_buf(r0, 0x6, 0xf, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_pid(r3, &(0x7f0000000100)=ANY=[], 0x1023c) fadvise64(r2, 0x0, 0x0, 0x0) ioctl$TUNGETFEATURES(r2, 0x800454cf, &(0x7f00000002c0)) fallocate(r2, 0x0, 0x0, 0xffff) r4 = inotify_init1(0x0) open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) r5 = inotify_init1(0x80800) dup2(r4, r5) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1eec7e667e9c22c674d6eb942b78258369909dc", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000000280)) sendmsg$IPVS_CMD_GET_INFO(r1, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(r1, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) ioctl(r0, 0x2285, &(0x7f0000007000)='S') 2018/03/31 03:07:39 executing program 6: sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r0 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) r1 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) fchdir(0xffffffffffffffff) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) getsockopt$inet6_tcp_buf(r0, 0x6, 0xf, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fadvise64(r2, 0x0, 0x0, 0x4) ioctl$TUNGETFEATURES(r2, 0x800454cf, &(0x7f00000002c0)) fallocate(r2, 0x0, 0x0, 0xffff) r4 = inotify_init1(0x0) open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) r5 = inotify_init1(0x80800) dup2(r4, r5) fstatfs(r4, &(0x7f0000000040)=""/62) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000000280)) sendmsg$IPVS_CMD_GET_INFO(r1, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(r2, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(r1, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) ioctl(r0, 0x2285, &(0x7f0000007000)='S') 2018/03/31 03:07:39 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x20000, 0x0) r1 = syz_open_dev$sndtimer(&(0x7f00000000c0)='/dev/snd/timer\x00', 0x0, 0x0) read(r1, &(0x7f0000ec6000)=""/50, 0x32) r2 = socket$bt_cmtp(0x1f, 0x3, 0x5) ioctl$sock_bt_cmtp_CMTPGETCONNINFO(r2, 0x800443d3, &(0x7f0000000080)={{0x6, 0x6, 0xffffffffffffff0b, 0xb73, 0x3ff, 0xfff}, 0xf32, 0x80000001, 0x7}) r3 = syz_open_dev$amidi(&(0x7f00000001c0)='/dev/amidi#\x00', 0x0, 0x0) accept4$vsock_stream(r3, &(0x7f0000000340)={0x28, 0x0, 0xffffffff, @my=0x0}, 0x10, 0x80000) ioctl$SNDRV_TIMER_IOCTL_SELECT(r1, 0x40345410, &(0x7f0000000400)={{0x80100000001}}) ioctl$SNDRV_TIMER_IOCTL_PARAMS(r1, 0x40505412, &(0x7f000001cfb0)={0x0, 0x0, 0x0, 0x0, 0xf}) read(r1, &(0x7f0000000200)=""/228, 0xe4) r4 = openat$cuse(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/cuse\x00', 0x400000, 0x0) getsockopt$netrom_NETROM_T1(r4, 0x103, 0x1, &(0x7f0000000600), &(0x7f0000000640)=0x4) ioctl$SNDRV_TIMER_IOCTL_START(r1, 0x54a0) socket$nl_xfrm(0x10, 0x3, 0x6) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000680)='/dev/vga_arbiter\x00', 0x8000, 0x0) ioctl$KVM_SET_NR_MMU_PAGES(r4, 0xae44, 0x40) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f0000000480)) r5 = dup2(0xffffffffffffffff, r0) ioctl$VHOST_VSOCK_SET_RUNNING(r5, 0x4004af61, &(0x7f0000000440)=0x1) bind$bt_l2cap(r5, &(0x7f0000000040)={0x1f, 0x5b91, {0xd, 0x0, 0x0, 0x8006, 0x5, 0x6}, 0x0, 0x5}, 0xe) preadv(r5, &(0x7f00000007c0)=[{&(0x7f0000000140)=""/100, 0x64}, {&(0x7f0000000240)=""/66, 0x42}, {&(0x7f00000002c0)=""/115, 0x73}, {&(0x7f0000000380)=""/71, 0x47}], 0x4, 0x16) 2018/03/31 03:07:39 executing program 3: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ppp\x00', 0x40000, 0x0) ioctl$FIONREAD(r0, 0x541b, &(0x7f0000000440)) sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r1 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) r2 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) fchdir(0xffffffffffffffff) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) socket(0xf, 0x7, 0x8) r4 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_pid(r4, &(0x7f0000000100)=ANY=[], 0x1023c) fadvise64(r3, 0x0, 0x0, 0x4) ioctl$TUNGETFEATURES(r3, 0x800454cf, &(0x7f00000002c0)) fallocate(r3, 0x0, 0x0, 0xffff) r5 = inotify_init1(0x0) open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) getsockopt$inet6_buf(r4, 0x29, 0x2a, &(0x7f0000000580)=""/148, &(0x7f0000000480)=0x94) r6 = inotify_init1(0x80800) dup2(r5, r6) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1eec7e667e9c22c674d6eb942b78258369909dc", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") ioctl$sock_SIOCGPGRP(r4, 0x8904, &(0x7f0000000280)) sendmsg$IPVS_CMD_GET_INFO(r2, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(r3, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}, 0x10}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(r2, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) ioctl(r1, 0x2285, &(0x7f0000007000)='S') 2018/03/31 03:07:39 executing program 1 (fault-call:10 fault-nth:28): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x2800000, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="8da4363a00000000000000000000000000000000000000000000000000000000ecf6f2a3299748aeb81e1b00920efd9a000001000000000001000000000000005f42485266535f4d050000000000000000104000000000000000020000000000000000000000000000000000000000000000800200000000007000000000000006000000000000000100000000000000001000000010000000100000001000006100000004000000000000000000000000000000000000000000000045010000000000000000000000010000000000000000008002000000000000800000000000001000000010000000100000000000000000000000000000000000000000000000000000000000000000c08de47c70514c95b95e109e96a0b90decf6f2a3299748aeb81e1b00920efd9a00", 0x12c, 0x10000}], 0x0, &(0x7f0000014300)) mkdir(&(0x7f0000000040)='./file0\x00', 0x1c1) syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000180)="2f2f66696c653002", 0x80, 0x1, &(0x7f0000000900)=[{&(0x7f0000000400)="726b0bf4cf9ea0007fa7cf2e5c463c327b275b956e7a407a7776f3f680f45f33407d01287d4ef58cd8d319309c29643917d4bc86f568f8852b2e6c7cee837e0715e7aa7f82e970e6d76f2290b63efeed63f0785b36f4e95bdf2f07271dbd7d278d79d59de5", 0x65, 0x4}], 0x240000, &(0x7f0000000a00)={'nouuid,'}) r0 = open(&(0x7f00000002c0)='./file0\x00', 0x0, 0x0) symlinkat(&(0x7f0000000240)='./file0/file0/file0\x00', r0, &(0x7f0000000140)='./file0\x00') ioctl$UFFDIO_UNREGISTER(r0, 0x8010aa01, &(0x7f00000003c0)={&(0x7f0000ffc000/0x1000)=nil, 0x1000}) syz_open_pts(r0, 0x646041) unlinkat(r0, &(0x7f0000000080)='./file0/file0/file0\x00', 0x0) renameat(r0, &(0x7f0000000040)="2f2f66696c653002", 0xffffffffffffffff, &(0x7f0000000100)='./file1\x00') mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f0000000280)='./file0/file0\x00', &(0x7f0000026ff8)='./file0\x00', &(0x7f0000000240)='rpc_pipefs\x00', 0x0, &(0x7f0000ae2fff)) umount2(&(0x7f0000000000)='./file0\x00', 0x0) fcntl$notify(r0, 0x402, 0x1b) symlinkat(&(0x7f0000000800)='./file0\x00', 0xffffffffffffffff, &(0x7f0000000780)='./file0/file0\x00') mkdir(&(0x7f0000000380)='./file0\x00', 0x2) renameat(r0, &(0x7f0000000300)="2f2f66696c653002", 0xffffffffffffffff, &(0x7f0000000340)='./file1\x00') 2018/03/31 03:07:39 executing program 4: r0 = syz_open_dev$binder(&(0x7f00000004c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) getgroups(0x0, &(0x7f0000000500)) r1 = accept4(0xffffffffffffffff, &(0x7f0000000000)=@vsock={0x0, 0x0, 0x0, @my}, &(0x7f00000000c0)=0x80, 0x800) setsockopt$inet6_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000240)='cdg\x00', 0x4) getsockopt$inet_sctp_SCTP_EVENTS(r1, 0x84, 0xb, &(0x7f0000000180), &(0x7f0000000200)=0xb) mmap$binder(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x74, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0c6300000e630c40030000000000000000000000056304400000000009631040", @ANYBLOB, @ANYBLOB="000000000000000000634040000000000000000002000000000000000000000001000000000000000000000018000000000000001000000000000000", @ANYPTR=&(0x7f0000000280)=ANY=[@ANYBLOB="00000000000000004800002e00000000a5932e7b64364d53695e8af3856c6ac765248f28cbb71185ea20db04d41539ee73bd720b31"], @ANYRES64, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0xeb, 0x0, &(0x7f00000002c0)="e718c6edde7a3b7c6af63e413cd5ffd2355006b90295e59b944ae30b53c5e0fb06504316e64898a349e3220fa658c2092306f433254289bcf5cf48a952c6e7eb4c54969299c6123213c5518ec0276eec669de3b62c531bcf2ba950c84bb12b57275938926ff74b0a8fe76d6e8de191b41f549e02c8262b5bf0d716c5f23d4dae1e2d8aac7c0b2386ed16e3b0c7fb6e60c5bbd3d1efb87f99573a5ced5b7f13f75995a776f3c7e6ed23b5056ebec90c762d6ebdd8a7de0f61884f12294d1a1a3696ca768758bc197a050a453209d4fe9930a7053742a70a6fe08461645091bc00c6f25addfbc55c3d37fe35"}) 2018/03/31 03:07:39 executing program 7: sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r0 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) r1 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) fchdir(0xffffffffffffffff) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) getsockopt$inet6_tcp_buf(r0, 0x6, 0xf, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_pid(r3, &(0x7f0000000100)=ANY=[], 0x1023c) fadvise64(r2, 0x0, 0x0, 0x4) ioctl$TUNGETFEATURES(r2, 0x800454cf, &(0x7f00000002c0)) fallocate(r2, 0x0, 0x0, 0xffff) r4 = inotify_init1(0x0) open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) r5 = inotify_init1(0x80800) accept4$inet6(r3, &(0x7f0000000440)={0x0, 0x0, 0x0, @dev}, &(0x7f0000000480)=0x1c, 0x80000) ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f00000004c0)={0x0, r5}) dup2(r4, r5) fstatfs(r4, &(0x7f0000000040)=""/62) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1eec7e667e9c22c674d6eb942b78258369909dc", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000000280)) sendmsg$IPVS_CMD_GET_INFO(r1, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(r2, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(r1, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) ioctl(r0, 0x2285, &(0x7f0000007000)='S') 2018/03/31 03:07:39 executing program 5: sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0xdc, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0xffffffffffffffbf}], 0x1, &(0x7f00001f9fe0)}, 0x0) r0 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) r1 = msgget(0x1, 0x480) msgsnd(r1, &(0x7f0000000580)={0x2, "2ab671907401d3377f804112fb6c78981aef0431335c3f28ea9e656dbcc01be925aa0615b91dc039125ab09d7d86f171593b6c2edc8b7afa0053fd7b2cbc82e06a9706043325b8d5f491f9404a90c6cb97b42c419734d21a2a0e406f42b0ab5cb956b5de11cf5fbf8a0b41cff43ed77edd98b0db38be6d7685a3e6a636db5845cbecf3e9c2ff7212461272fa736561d64ec71bd9c20d254db5804bca2c4294332f572d7f63c2d4123fafee0e3d258145e2efeea2b97315866e8ead3d4e"}, 0xc5, 0x800) r2 = memfd_create(&(0x7f0000000440)="5df65476b7d56ba1fbd12ded56cefc36a47abef5db54966f8faa2a7f8332693943fd9f27ac6708c57b4f024bc9dbd37252f6485cd56ca6c3199de555c6a59583e9886a01c9f0758b0a8b5809c0b22933a117900f6a8b4a2f67ad5cf0f6ae9a481a21818664943e3f03", 0x0) fchdir(0xffffffffffffffff) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) getsockopt$inet6_tcp_buf(r0, 0x6, 0xf, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) r4 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_pid(r4, &(0x7f0000000100)=ANY=[], 0x1023c) fadvise64(r3, 0x0, 0x0, 0x4) ioctl$TUNGETFEATURES(r3, 0x800454cf, &(0x7f00000002c0)) fallocate(r3, 0x0, 0x0, 0xffff) openat$cgroup_procs(r2, &(0x7f0000000040)='cgroup.procs\x00', 0x2, 0x0) r5 = inotify_init1(0xfffffffffffffffc) open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) r6 = inotify_init1(0x80800) r7 = dup2(r5, r6) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1eec7e667e9c22c674d6eb942b78258369909dc", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000100)="f74dda") socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGPGRP(r4, 0x8904, &(0x7f0000000280)) sendmsg$IPVS_CMD_GET_INFO(r2, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) setsockopt$RDS_GET_MR(r7, 0x114, 0x2, &(0x7f0000000680)={{&(0x7f0000000300)=""/40, 0x28}, &(0x7f00000004c0), 0x10}, 0x20) ioctl$KVM_X86_SETUP_MCE(r3, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(r2, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) ioctl(r0, 0x2285, &(0x7f0000007000)='S') [ 402.995614] FAULT_INJECTION: forcing a failure. [ 402.995614] name failslab, interval 1, probability 0, space 0, times 0 [ 403.006908] CPU: 1 PID: 26315 Comm: syz-executor1 Not tainted 4.16.0-rc7+ #7 [ 403.014102] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 403.023452] Call Trace: [ 403.026133] dump_stack+0x194/0x24d [ 403.029766] ? arch_local_irq_restore+0x53/0x53 [ 403.034436] ? __save_stack_trace+0x7e/0xd0 [ 403.038761] should_fail+0x8c0/0xa40 [ 403.042472] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 403.047563] ? kasan_kmalloc+0xad/0xe0 [ 403.051430] ? kmem_cache_alloc_trace+0x136/0x740 [ 403.056248] ? __memcg_init_list_lru_node+0x169/0x270 [ 403.061418] ? __list_lru_init+0x544/0x750 [ 403.065628] ? sget_userns+0x6b1/0xe40 [ 403.069495] ? vfs_kern_mount.part.26+0xc6/0x4a0 [ 403.074223] ? do_mount+0xea4/0x2bb0 [ 403.077911] ? SyS_mount+0xab/0x120 [ 403.081515] ? do_syscall_64+0x281/0x940 [ 403.085551] ? entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 403.090894] ? find_held_lock+0x35/0x1d0 [ 403.094936] ? __lock_is_held+0xb6/0x140 [ 403.098978] ? check_same_owner+0x320/0x320 [ 403.103281] ? rcu_note_context_switch+0x710/0x710 [ 403.108190] should_failslab+0xec/0x120 [ 403.112141] kmem_cache_alloc_trace+0x4b/0x740 [ 403.116698] ? __kmalloc_node+0x33/0x70 [ 403.120656] ? __kmalloc_node+0x33/0x70 [ 403.124608] ? rcu_read_lock_sched_held+0x108/0x120 [ 403.129600] __memcg_init_list_lru_node+0x169/0x270 [ 403.134593] ? list_lru_add+0x7c0/0x7c0 [ 403.138544] ? __kmalloc_node+0x47/0x70 [ 403.142496] __list_lru_init+0x544/0x750 [ 403.146535] ? memcg_destroy_list_lru_node.isra.7+0x110/0x110 [ 403.152399] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 403.157395] ? lockdep_init_map+0x9/0x10 [ 403.161438] sget_userns+0x6b1/0xe40 [ 403.165124] ? set_anon_super+0x20/0x20 [ 403.169074] ? put_filp+0x90/0x90 [ 403.172508] ? destroy_unused_super.part.6+0xd0/0xd0 [ 403.177587] ? __alloc_pages_slowpath+0x2d10/0x2d10 [ 403.182579] ? trace_hardirqs_off+0x10/0x10 [ 403.186877] ? putname+0xee/0x130 [ 403.190308] ? cap_capable+0x1b5/0x230 [ 403.194173] ? security_capable+0x8e/0xc0 [ 403.198299] ? rpc_remove_pipe_dir_object+0x6d0/0x6d0 [ 403.203462] ? ns_capable_common+0xcf/0x160 [ 403.207758] ? rpc_remove_pipe_dir_object+0x6d0/0x6d0 [ 403.212922] mount_ns+0x6d/0x190 [ 403.216265] rpc_mount+0x9e/0xd0 [ 403.219610] mount_fs+0x66/0x2d0 [ 403.222955] vfs_kern_mount.part.26+0xc6/0x4a0 [ 403.227513] ? may_umount+0xa0/0xa0 [ 403.231117] ? _raw_read_unlock+0x22/0x30 [ 403.235237] ? __get_fs_type+0x8a/0xc0 [ 403.239102] do_mount+0xea4/0x2bb0 [ 403.242618] ? copy_mount_string+0x40/0x40 [ 403.246828] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 403.251820] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 403.256554] ? retint_kernel+0x10/0x10 [ 403.260420] ? copy_mount_options+0x18b/0x2e0 [ 403.264887] ? copy_mount_options+0x193/0x2e0 [ 403.269355] ? copy_mount_options+0x1f7/0x2e0 [ 403.273824] SyS_mount+0xab/0x120 [ 403.277249] ? copy_mnt_ns+0xb30/0xb30 [ 403.281113] do_syscall_64+0x281/0x940 [ 403.284976] ? vmalloc_sync_all+0x30/0x30 [ 403.289097] ? _raw_spin_unlock_irq+0x27/0x70 [ 403.293565] ? finish_task_switch+0x1c1/0x7e0 [ 403.298034] ? syscall_return_slowpath+0x550/0x550 [ 403.302937] ? syscall_return_slowpath+0x2ac/0x550 [ 403.307841] ? prepare_exit_to_usermode+0x350/0x350 [ 403.312834] ? entry_SYSCALL_64_after_hwframe+0x52/0xb7 [ 403.318172] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 403.322992] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 403.328160] RIP: 0033:0x454e79 [ 403.331325] RSP: 002b:00007fb29f67ac68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 403.339013] RAX: ffffffffffffffda RBX: 00007fb29f67b6d4 RCX: 0000000000454e79 [ 403.346261] RDX: 0000000020000240 RSI: 0000000020026ff8 RDI: 0000000020000280 [ 403.353505] RBP: 000000000072bea0 R08: 0000000020ae2fff R09: 0000000000000000 [ 403.360748] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000014 [ 403.367992] R13: 00000000000003fa R14: 00000000006f8010 R15: 000000000000001c [ 403.445996] binder: 26319:26331 BC_REQUEST_DEATH_NOTIFICATION invalid ref 3 2018/03/31 03:07:39 executing program 3: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ppp\x00', 0x40000, 0x0) ioctl$FIONREAD(r0, 0x541b, &(0x7f0000000440)) sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r1 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) r2 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) fchdir(0xffffffffffffffff) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) socket(0xf, 0x7, 0x8) r4 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_pid(r4, &(0x7f0000000100)=ANY=[], 0x1023c) fadvise64(r3, 0x0, 0x0, 0x4) ioctl$TUNGETFEATURES(r3, 0x800454cf, &(0x7f00000002c0)) fallocate(r3, 0x0, 0x0, 0xffff) r5 = inotify_init1(0x0) open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) getsockopt$inet6_buf(r4, 0x29, 0x2a, &(0x7f0000000580)=""/148, &(0x7f0000000480)=0x94) r6 = inotify_init1(0x80800) dup2(r5, r6) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1eec7e667e9c22c674d6eb942b78258369909dc", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") ioctl$sock_SIOCGPGRP(r4, 0x8904, &(0x7f0000000280)) sendmsg$IPVS_CMD_GET_INFO(r2, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(r3, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}, 0x10}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(r2, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) ioctl(r1, 0x2285, &(0x7f0000007000)='S') 2018/03/31 03:07:39 executing program 5: sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r0 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) r1 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) fchdir(0xffffffffffffffff) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) getsockopt$inet6_tcp_buf(r0, 0x6, 0xf, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_pid(r3, &(0x7f0000000100)=ANY=[], 0x1023c) fadvise64(r2, 0x0, 0x0, 0x4) ioctl$TUNGETFEATURES(r2, 0x800454cf, &(0x7f00000002c0)) fallocate(r2, 0x0, 0x0, 0xffff) r4 = inotify_init1(0x0) open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) r5 = inotify_init1(0x80800) dup2(r4, r5) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1eec7e667e9c22c674d6eb942b78258369909dc", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000000280)) sendmsg$IPVS_CMD_GET_INFO(r1, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) membarrier(0x1, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(r2, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(r1, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) ioctl(r0, 0x2285, &(0x7f0000007000)='S') 2018/03/31 03:07:39 executing program 1 (fault-call:10 fault-nth:29): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x2800000, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="8da4363a00000000000000000000000000000000000000000000000000000000ecf6f2a3299748aeb81e1b00920efd9a000001000000000001000000000000005f42485266535f4d050000000000000000104000000000000000020000000000000000000000000000000000000000000000800200000000007000000000000006000000000000000100000000000000001000000010000000100000001000006100000004000000000000000000000000000000000000000000000045010000000000000000000000010000000000000000008002000000000000800000000000001000000010000000100000000000000000000000000000000000000000000000000000000000000000c08de47c70514c95b95e109e96a0b90decf6f2a3299748aeb81e1b00920efd9a00", 0x12c, 0x10000}], 0x0, &(0x7f0000014300)) mkdir(&(0x7f0000000040)='./file0\x00', 0x1c1) syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000180)="2f2f66696c653002", 0x80, 0x1, &(0x7f0000000900)=[{&(0x7f0000000400)="726b0bf4cf9ea0007fa7cf2e5c463c327b275b956e7a407a7776f3f680f45f33407d01287d4ef58cd8d319309c29643917d4bc86f568f8852b2e6c7cee837e0715e7aa7f82e970e6d76f2290b63efeed63f0785b36f4e95bdf2f07271dbd7d278d79d59de5", 0x65, 0x4}], 0x240000, &(0x7f0000000a00)={'nouuid,'}) r0 = open(&(0x7f00000002c0)='./file0\x00', 0x0, 0x0) symlinkat(&(0x7f0000000240)='./file0/file0/file0\x00', r0, &(0x7f0000000140)='./file0\x00') ioctl$UFFDIO_UNREGISTER(r0, 0x8010aa01, &(0x7f00000003c0)={&(0x7f0000ffc000/0x1000)=nil, 0x1000}) syz_open_pts(r0, 0x646041) unlinkat(r0, &(0x7f0000000080)='./file0/file0/file0\x00', 0x0) renameat(r0, &(0x7f0000000040)="2f2f66696c653002", 0xffffffffffffffff, &(0x7f0000000100)='./file1\x00') mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f0000000280)='./file0/file0\x00', &(0x7f0000026ff8)='./file0\x00', &(0x7f0000000240)='rpc_pipefs\x00', 0x0, &(0x7f0000ae2fff)) umount2(&(0x7f0000000000)='./file0\x00', 0x0) fcntl$notify(r0, 0x402, 0x1b) symlinkat(&(0x7f0000000800)='./file0\x00', 0xffffffffffffffff, &(0x7f0000000780)='./file0/file0\x00') mkdir(&(0x7f0000000380)='./file0\x00', 0x2) renameat(r0, &(0x7f0000000300)="2f2f66696c653002", 0xffffffffffffffff, &(0x7f0000000340)='./file1\x00') 2018/03/31 03:07:39 executing program 6: sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r0 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) r1 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) fchdir(0xffffffffffffffff) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) getsockopt$inet6_tcp_buf(r0, 0x6, 0xf, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) fadvise64(r2, 0x0, 0x0, 0x4) ioctl$TUNGETFEATURES(r2, 0x800454cf, &(0x7f00000002c0)) fallocate(r2, 0x0, 0x0, 0xffff) r4 = inotify_init1(0x0) open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) r5 = inotify_init1(0x80800) dup2(r4, r5) fstatfs(r4, &(0x7f0000000040)=""/62) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000000280)) sendmsg$IPVS_CMD_GET_INFO(r1, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(r2, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(r1, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) ioctl(r0, 0x2285, &(0x7f0000007000)='S') [ 403.489595] binder: 26319:26331 Acquire 1 refcount change on invalid ref 0 ret -22 [ 403.497398] binder: 26319:26331 BC_ACQUIRE_DONE u0000000000000000 no match [ 403.504452] binder: 26319:26331 unknown command 0 [ 403.585189] binder: 26319:26331 ioctl c0306201 200001c0 returned -22 [ 403.590012] FAULT_INJECTION: forcing a failure. [ 403.590012] name failslab, interval 1, probability 0, space 0, times 0 [ 403.603005] CPU: 1 PID: 26347 Comm: syz-executor1 Not tainted 4.16.0-rc7+ #7 [ 403.610183] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 403.619528] Call Trace: [ 403.622114] dump_stack+0x194/0x24d [ 403.625746] ? arch_local_irq_restore+0x53/0x53 [ 403.630407] ? __save_stack_trace+0x7e/0xd0 [ 403.634738] should_fail+0x8c0/0xa40 [ 403.638456] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 403.643552] ? kasan_kmalloc+0xad/0xe0 [ 403.647433] ? kmem_cache_alloc_trace+0x136/0x740 [ 403.652267] ? __memcg_init_list_lru_node+0x169/0x270 [ 403.657451] ? __list_lru_init+0x544/0x750 [ 403.661683] ? sget_userns+0x6b1/0xe40 [ 403.665559] ? vfs_kern_mount.part.26+0xc6/0x4a0 [ 403.665962] binder: 26319:26350 BC_REQUEST_DEATH_NOTIFICATION invalid ref 3 [ 403.670292] ? do_mount+0xea4/0x2bb0 [ 403.670301] ? SyS_mount+0xab/0x120 [ 403.670312] ? do_syscall_64+0x281/0x940 [ 403.670324] ? entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 403.670338] ? find_held_lock+0x35/0x1d0 [ 403.670350] ? __lock_is_held+0xb6/0x140 [ 403.670365] ? check_same_owner+0x320/0x320 [ 403.677615] binder: 26319:26350 Acquire 1 refcount change on invalid ref 0 ret -22 [ 403.681136] ? rcu_note_context_switch+0x710/0x710 [ 403.681154] should_failslab+0xec/0x120 [ 403.681164] kmem_cache_alloc_trace+0x4b/0x740 [ 403.681173] ? __kmalloc_node+0x33/0x70 [ 403.681181] ? __kmalloc_node+0x33/0x70 [ 403.681191] ? rcu_read_lock_sched_held+0x108/0x120 [ 403.681204] __memcg_init_list_lru_node+0x169/0x270 [ 403.681214] ? list_lru_add+0x7c0/0x7c0 [ 403.684838] binder: 26319:26350 BC_ACQUIRE_DONE u0000000000000000 no match [ 403.688854] ? __kmalloc_node+0x47/0x70 [ 403.688866] __list_lru_init+0x544/0x750 [ 403.688878] ? memcg_destroy_list_lru_node.isra.7+0x110/0x110 [ 403.694237] binder: 26319:26350 unknown command 0 [ 403.698250] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 403.698266] ? lockdep_init_map+0x9/0x10 [ 403.703533] binder: 26319:26350 ioctl c0306201 200001c0 returned -22 [ 403.706595] sget_userns+0x6b1/0xe40 [ 403.706603] ? set_anon_super+0x20/0x20 [ 403.706614] ? put_filp+0x90/0x90 [ 403.706625] ? destroy_unused_super.part.6+0xd0/0xd0 [ 403.706638] ? __alloc_pages_slowpath+0x2d10/0x2d10 [ 403.706652] ? trace_hardirqs_off+0x10/0x10 [ 403.706663] ? putname+0xee/0x130 [ 403.706676] ? cap_capable+0x1b5/0x230 [ 403.823326] ? security_capable+0x8e/0xc0 [ 403.827459] ? rpc_remove_pipe_dir_object+0x6d0/0x6d0 [ 403.832629] ? ns_capable_common+0xcf/0x160 [ 403.836925] ? rpc_remove_pipe_dir_object+0x6d0/0x6d0 [ 403.842092] mount_ns+0x6d/0x190 [ 403.845436] rpc_mount+0x9e/0xd0 [ 403.848778] mount_fs+0x66/0x2d0 [ 403.852124] vfs_kern_mount.part.26+0xc6/0x4a0 [ 403.856680] ? may_umount+0xa0/0xa0 [ 403.860291] ? _raw_read_unlock+0x22/0x30 [ 403.864420] ? __get_fs_type+0x8a/0xc0 [ 403.868290] do_mount+0xea4/0x2bb0 [ 403.871809] ? copy_mount_string+0x40/0x40 [ 403.876029] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 403.881030] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 403.885764] ? retint_kernel+0x10/0x10 [ 403.889625] ? copy_mount_options+0x18b/0x2e0 [ 403.894091] ? copy_mount_options+0x193/0x2e0 [ 403.898564] ? copy_mount_options+0x1f7/0x2e0 [ 403.903044] SyS_mount+0xab/0x120 [ 403.906471] ? copy_mnt_ns+0xb30/0xb30 [ 403.910331] do_syscall_64+0x281/0x940 [ 403.914193] ? vmalloc_sync_all+0x30/0x30 [ 403.918318] ? _raw_spin_unlock_irq+0x27/0x70 [ 403.922797] ? finish_task_switch+0x1c1/0x7e0 [ 403.927279] ? syscall_return_slowpath+0x550/0x550 [ 403.932184] ? syscall_return_slowpath+0x2ac/0x550 [ 403.937096] ? prepare_exit_to_usermode+0x350/0x350 [ 403.942096] ? entry_SYSCALL_64_after_hwframe+0x52/0xb7 [ 403.947444] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 403.952266] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 403.957435] RIP: 0033:0x454e79 [ 403.960607] RSP: 002b:00007fb29f67ac68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 403.968321] RAX: ffffffffffffffda RBX: 00007fb29f67b6d4 RCX: 0000000000454e79 [ 403.975580] RDX: 0000000020000240 RSI: 0000000020026ff8 RDI: 0000000020000280 [ 403.982838] RBP: 000000000072bea0 R08: 0000000020ae2fff R09: 0000000000000000 [ 403.990095] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000014 [ 403.997352] R13: 00000000000003fa R14: 00000000006f8010 R15: 000000000000001d 2018/03/31 03:07:40 executing program 2: sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r0 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) r1 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) fchdir(0xffffffffffffffff) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) getsockopt$inet6_tcp_buf(r0, 0x6, 0xf, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_pid(r3, &(0x7f0000000100)=ANY=[], 0x1023c) fadvise64(r2, 0x0, 0x0, 0x0) ioctl$TUNGETFEATURES(r2, 0x800454cf, &(0x7f00000002c0)) fallocate(r2, 0x0, 0x0, 0xffff) r4 = inotify_init1(0x0) open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) r5 = inotify_init1(0x80800) dup2(r4, r5) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1eec7e667e9c22c674d6eb942b78258369909dc", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000000280)) sendmsg$IPVS_CMD_GET_INFO(r1, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(r1, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) ioctl(r0, 0x2285, &(0x7f0000007000)='S') 2018/03/31 03:07:40 executing program 6: sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r0 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) r1 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) fchdir(0xffffffffffffffff) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) getsockopt$inet6_tcp_buf(r0, 0x6, 0xf, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) write$cgroup_pid(0xffffffffffffffff, &(0x7f0000000100)=ANY=[], 0x1023c) fadvise64(r2, 0x0, 0x0, 0x4) ioctl$TUNGETFEATURES(r2, 0x800454cf, &(0x7f00000002c0)) fallocate(r2, 0x0, 0x0, 0xffff) r3 = inotify_init1(0x0) open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) r4 = inotify_init1(0x80800) dup2(r3, r4) fstatfs(r3, &(0x7f0000000040)=""/62) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000280)) sendmsg$IPVS_CMD_GET_INFO(r1, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(r2, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(r1, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) ioctl(r0, 0x2285, &(0x7f0000007000)='S') 2018/03/31 03:07:40 executing program 7: sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r0 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) r1 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) fchdir(0xffffffffffffffff) getsockopt$inet6_tcp_buf(r0, 0x6, 0xf, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_pid(r2, &(0x7f0000000100)=ANY=[], 0x1023c) fadvise64(0xffffffffffffffff, 0x0, 0x0, 0x4) ioctl$TUNGETFEATURES(0xffffffffffffffff, 0x800454cf, &(0x7f00000002c0)) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xffff) r3 = inotify_init1(0x0) r4 = open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) r5 = inotify_init1(0x80800) dup2(r3, r5) ioctl$void(r3, 0x5450) fstatfs(r3, &(0x7f0000000040)=""/62) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1eec7e667e9c22c674d6eb942b78258369909dc", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") ioctl$sock_SIOCGPGRP(r2, 0x8904, &(0x7f0000000280)) getsockopt$bt_l2cap_L2CAP_CONNINFO(r4, 0x6, 0x2, &(0x7f0000000480), &(0x7f00000004c0)=0x6) sendmsg$IPVS_CMD_GET_INFO(r1, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000580)) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(r1, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) setsockopt$inet6_tcp_TCP_FASTOPEN_KEY(r1, 0x6, 0x21, &(0x7f0000000440)="9a898f5b79e602a211a52acc8eec06d0", 0x10) ioctl(r0, 0x2285, &(0x7f0000007000)='S') 2018/03/31 03:07:40 executing program 3: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ppp\x00', 0x40000, 0x0) ioctl$FIONREAD(r0, 0x541b, &(0x7f0000000440)) sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r1 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) r2 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) fchdir(0xffffffffffffffff) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) socket(0xf, 0x7, 0x8) r4 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_pid(r4, &(0x7f0000000100)=ANY=[], 0x1023c) fadvise64(r3, 0x0, 0x0, 0x4) ioctl$TUNGETFEATURES(r3, 0x800454cf, &(0x7f00000002c0)) fallocate(r3, 0x0, 0x0, 0xffff) r5 = inotify_init1(0x0) open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) getsockopt$inet6_buf(r4, 0x29, 0x2a, &(0x7f0000000580)=""/148, &(0x7f0000000480)=0x94) r6 = inotify_init1(0x80800) dup2(r5, r6) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1eec7e667e9c22c674d6eb942b78258369909dc", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") ioctl$sock_SIOCGPGRP(r4, 0x8904, &(0x7f0000000280)) sendmsg$IPVS_CMD_GET_INFO(r2, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(r3, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}, 0x10}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(r2, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) ioctl(r1, 0x2285, &(0x7f0000007000)='S') 2018/03/31 03:07:40 executing program 4: r0 = syz_open_dev$binder(&(0x7f00000004c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) getgroups(0x0, &(0x7f0000000500)) socketpair(0x11, 0x2, 0x2, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$inet6_tcp_TCP_CONGESTION(r2, 0x6, 0xd, &(0x7f0000000140)='bic\x00', 0x4) r3 = syz_open_dev$dmmidi(&(0x7f0000000280)='/dev/dmmidi#\x00', 0x0, 0x10000000060000) setsockopt$bt_BT_FLUSHABLE(r3, 0x112, 0x8, &(0x7f0000000000)=0x4f, 0x4) ioctl$sock_FIOGETOWN(0xffffffffffffff9c, 0x8903, &(0x7f0000000040)=0x0) setsockopt$SO_BINDTODEVICE(r3, 0x1, 0x19, &(0x7f0000000080)='bond0\x00', 0x10) ioctl$SNDRV_CTL_IOCTL_ELEM_REPLACE(r3, 0xc1105518, &(0x7f0000000500)={{0x545c, 0x6, 0x4, 0x3ff, "4d53a8ee7661fcdb70fbe58134ce1844e9e3bdf140a439fb3ed5419ba99ec73fb7a4eaa418c3835dd2ff8701", 0x9}, 0x0, 0x0, 0x8, r4, 0x81, 0x8, "072c6134110cb952e06618247acb995b6fcb3a02bcf928538345e4b0e9db1ff94ab3ae4e3b8e43e35cd6e1167ae9168fd46d8521151d9bc9a09065c84669bba4", &(0x7f00000000c0)='/dev/binder#\x00', 0xd, [], [0x3, 0x2, 0x3, 0x5]}) ioctl$SNDRV_CTL_IOCTL_HWDEP_NEXT_DEVICE(r1, 0xc0045520, &(0x7f0000000180)=0x9a) mmap$binder(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x74, 0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="0c6300000e630c40030000000000000000000000056304400000000009631040", @ANYBLOB, @ANYBLOB="000000000000000000634040000000000000000002000000000000000000000001000000000000000000000018000000000000001000000000000000", @ANYPTR=&(0x7f0000000200)=ANY=[@ANYBLOB="00003f5fe38ea7b119a2134f6d50b1f10e003fff00000100e4eee13aa846ce72cadf54e074d5f4a3deac043a4697e2dbb92adcb69d5724cc83e23819636915ba2567c6033502c4acf36e811538616932638c8c53aed6657598aa2407f3358a96f70d07e384d81648945f37ea7818"], @ANYRES64, @ANYBLOB="9d7c43ba2d08060800000000000099a5d9581c8edf5a62c2068f35aaf42342f880eb5337de9ac0a45a138c135cd85c6bf9006d30dd980f083ef0d64becd10500f52fa88b0b4f1e9c71fccba7edfa74a35159d92cff6e98d18b674723f241db2c82ef84956723393e6ee9cf5f553ac0a70ef531bd9374d4e798061d564fa9b360e6de1464e316b4fcbe29a0e60c4cf44fe8e498930afb846feff2ab3bdcec741e9fd0569b946c4e057fbbe01a970517917e"], 0xeb, 0x0, &(0x7f00000002c0)="e718c6edde7a3b7c6af63e413cd5ffd2355006b90295e59b944ae30b53c5e0fb06504316e64898a349e3220fa658c2092306f433254289bcf5cf48a952c6e7eb4c54969299c6123213c5518ec0276eec669de3b62c531bcf2ba950c84bb12b57275938926ff74b0a8fe76d6e8de191b41f549e02c8262b5bf0d716c5f23d4dae1e2d8aac7c0b2386ed16e3b0c7fb6e60c5bbd3d1efb87f99573a5ced5b7f13f75995a776f3c7e6ed23b5056ebec90c762d6ebdd8a7de0f61884f12294d1a1a3696ca768758bc197a050a453209d4fe9930a7053742a70a6fe08461645091bc00c6f25addfbc55c3d37fe35"}) ioctl$UFFDIO_COPY(r2, 0xc028aa03, &(0x7f00000003c0)={&(0x7f0000fff000/0x1000)=nil, 0x1000}) 2018/03/31 03:07:40 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x20000, 0x0) r1 = syz_open_dev$sndtimer(&(0x7f00000000c0)='/dev/snd/timer\x00', 0x0, 0x0) read(r1, &(0x7f0000ec6000)=""/50, 0x32) r2 = socket$bt_cmtp(0x1f, 0x3, 0x5) ioctl$sock_bt_cmtp_CMTPGETCONNINFO(r2, 0x800443d3, &(0x7f0000000080)={{0x6, 0x6, 0xffffffffffffff0b, 0xb73, 0x3ff, 0xfff}, 0xf32, 0x80000001, 0x7}) r3 = syz_open_dev$amidi(&(0x7f00000001c0)='/dev/amidi#\x00', 0x0, 0x0) accept4$vsock_stream(r3, &(0x7f00000004c0)={0x28, 0x0, 0x2710, @reserved=0x1}, 0xffffffc3, 0x80000) ioctl$SNDRV_TIMER_IOCTL_SELECT(r1, 0x40345410, &(0x7f0000000400)={{0x80100000001}}) ioctl$SNDRV_TIMER_IOCTL_PARAMS(r1, 0x40505412, &(0x7f000001cfb0)={0x0, 0x0, 0x0, 0x0, 0xf}) read(r1, &(0x7f0000000200)=""/228, 0xe4) r4 = openat$cuse(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/cuse\x00', 0x400000, 0x0) getsockopt$netrom_NETROM_T1(r4, 0x103, 0x1, &(0x7f0000000600), &(0x7f0000000640)=0x4) ioctl$SNDRV_TIMER_IOCTL_START(r1, 0x54a0) socket$nl_xfrm(0x10, 0x3, 0x6) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000500)='/dev/vga_arbiter\x00', 0x400000, 0x0) ioctl$KVM_SET_NR_MMU_PAGES(r4, 0xae44, 0x40) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f0000000480)) r5 = dup2(0xffffffffffffffff, r0) bind$bt_l2cap(r5, &(0x7f0000000040)={0x1f, 0x5b91, {0xd, 0x0, 0x0, 0x8006, 0x5, 0x6}, 0x0, 0x5}, 0xe) getsockopt$SO_TIMESTAMPING(r3, 0x1, 0x25, &(0x7f0000000340), &(0x7f0000000440)=0x4) preadv(r5, &(0x7f00000007c0)=[{&(0x7f0000000140)=""/100, 0x64}, {&(0x7f0000000240)=""/66, 0x42}, {&(0x7f00000002c0)=""/115, 0x73}, {&(0x7f0000000380)=""/71, 0x47}], 0x4, 0x16) 2018/03/31 03:07:40 executing program 1 (fault-call:10 fault-nth:30): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x2800000, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="8da4363a00000000000000000000000000000000000000000000000000000000ecf6f2a3299748aeb81e1b00920efd9a000001000000000001000000000000005f42485266535f4d050000000000000000104000000000000000020000000000000000000000000000000000000000000000800200000000007000000000000006000000000000000100000000000000001000000010000000100000001000006100000004000000000000000000000000000000000000000000000045010000000000000000000000010000000000000000008002000000000000800000000000001000000010000000100000000000000000000000000000000000000000000000000000000000000000c08de47c70514c95b95e109e96a0b90decf6f2a3299748aeb81e1b00920efd9a00", 0x12c, 0x10000}], 0x0, &(0x7f0000014300)) mkdir(&(0x7f0000000040)='./file0\x00', 0x1c1) syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000180)="2f2f66696c653002", 0x80, 0x1, &(0x7f0000000900)=[{&(0x7f0000000400)="726b0bf4cf9ea0007fa7cf2e5c463c327b275b956e7a407a7776f3f680f45f33407d01287d4ef58cd8d319309c29643917d4bc86f568f8852b2e6c7cee837e0715e7aa7f82e970e6d76f2290b63efeed63f0785b36f4e95bdf2f07271dbd7d278d79d59de5", 0x65, 0x4}], 0x240000, &(0x7f0000000a00)={'nouuid,'}) r0 = open(&(0x7f00000002c0)='./file0\x00', 0x0, 0x0) symlinkat(&(0x7f0000000240)='./file0/file0/file0\x00', r0, &(0x7f0000000140)='./file0\x00') ioctl$UFFDIO_UNREGISTER(r0, 0x8010aa01, &(0x7f00000003c0)={&(0x7f0000ffc000/0x1000)=nil, 0x1000}) syz_open_pts(r0, 0x646041) unlinkat(r0, &(0x7f0000000080)='./file0/file0/file0\x00', 0x0) renameat(r0, &(0x7f0000000040)="2f2f66696c653002", 0xffffffffffffffff, &(0x7f0000000100)='./file1\x00') mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f0000000280)='./file0/file0\x00', &(0x7f0000026ff8)='./file0\x00', &(0x7f0000000240)='rpc_pipefs\x00', 0x0, &(0x7f0000ae2fff)) umount2(&(0x7f0000000000)='./file0\x00', 0x0) fcntl$notify(r0, 0x402, 0x1b) symlinkat(&(0x7f0000000800)='./file0\x00', 0xffffffffffffffff, &(0x7f0000000780)='./file0/file0\x00') mkdir(&(0x7f0000000380)='./file0\x00', 0x2) renameat(r0, &(0x7f0000000300)="2f2f66696c653002", 0xffffffffffffffff, &(0x7f0000000340)='./file1\x00') 2018/03/31 03:07:40 executing program 5: sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r0 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) r1 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) fchdir(0xffffffffffffffff) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) getsockopt$inet6_tcp_buf(r0, 0x6, 0xf, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_pid(r3, &(0x7f0000000100)=ANY=[], 0x1023c) fadvise64(r2, 0x0, 0x0, 0x4) ioctl$TUNGETFEATURES(r2, 0x800454cf, &(0x7f00000002c0)) fallocate(r2, 0x0, 0x0, 0xffff) r4 = inotify_init1(0x0) r5 = open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) r6 = inotify_init1(0x80800) write$cgroup_type(r5, &(0x7f0000000040)='threaded\x00', 0x9) dup2(r4, r6) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1eec7e667e9c22c674d6eb942b78258369909dc", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000000280)) sendmsg$IPVS_CMD_GET_INFO(r1, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(r2, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(r1, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) ioctl(r0, 0x2285, &(0x7f0000007000)='S') [ 404.139748] FAULT_INJECTION: forcing a failure. [ 404.139748] name failslab, interval 1, probability 0, space 0, times 0 [ 404.151057] CPU: 0 PID: 26363 Comm: syz-executor1 Not tainted 4.16.0-rc7+ #7 [ 404.158234] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 404.167564] Call Trace: [ 404.170134] dump_stack+0x194/0x24d [ 404.173741] ? arch_local_irq_restore+0x53/0x53 [ 404.178388] ? __save_stack_trace+0x7e/0xd0 [ 404.182689] should_fail+0x8c0/0xa40 [ 404.186381] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 404.191458] ? kasan_kmalloc+0xad/0xe0 [ 404.195322] ? kmem_cache_alloc_trace+0x136/0x740 [ 404.200139] ? __memcg_init_list_lru_node+0x169/0x270 [ 404.205303] ? __list_lru_init+0x544/0x750 [ 404.209511] ? sget_userns+0x6b1/0xe40 [ 404.213378] ? vfs_kern_mount.part.26+0xc6/0x4a0 [ 404.218108] ? do_mount+0xea4/0x2bb0 [ 404.221799] ? SyS_mount+0xab/0x120 [ 404.225404] ? do_syscall_64+0x281/0x940 [ 404.229445] ? entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 404.234787] ? find_held_lock+0x35/0x1d0 [ 404.238831] ? __lock_is_held+0xb6/0x140 [ 404.242875] ? check_same_owner+0x320/0x320 [ 404.247176] ? rcu_note_context_switch+0x710/0x710 [ 404.252086] should_failslab+0xec/0x120 [ 404.256042] kmem_cache_alloc_trace+0x4b/0x740 [ 404.260597] ? __kmalloc_node+0x33/0x70 [ 404.264547] ? __kmalloc_node+0x33/0x70 [ 404.268497] ? rcu_read_lock_sched_held+0x108/0x120 [ 404.273490] __memcg_init_list_lru_node+0x169/0x270 [ 404.278481] ? list_lru_add+0x7c0/0x7c0 [ 404.282432] ? __kmalloc_node+0x47/0x70 [ 404.286383] __list_lru_init+0x544/0x750 [ 404.290424] ? memcg_destroy_list_lru_node.isra.7+0x110/0x110 [ 404.296289] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 404.301281] ? lockdep_init_map+0x9/0x10 [ 404.305317] sget_userns+0x6b1/0xe40 [ 404.309006] ? set_anon_super+0x20/0x20 [ 404.312960] ? put_filp+0x90/0x90 [ 404.316388] ? destroy_unused_super.part.6+0xd0/0xd0 [ 404.321468] ? __alloc_pages_slowpath+0x2d10/0x2d10 [ 404.326464] ? trace_hardirqs_off+0x10/0x10 [ 404.330762] ? putname+0xee/0x130 [ 404.334195] ? cap_capable+0x1b5/0x230 [ 404.338057] ? security_capable+0x8e/0xc0 [ 404.342181] ? rpc_remove_pipe_dir_object+0x6d0/0x6d0 [ 404.347345] ? ns_capable_common+0xcf/0x160 [ 404.351642] ? rpc_remove_pipe_dir_object+0x6d0/0x6d0 [ 404.356803] mount_ns+0x6d/0x190 [ 404.360147] rpc_mount+0x9e/0xd0 [ 404.363487] mount_fs+0x66/0x2d0 [ 404.366835] vfs_kern_mount.part.26+0xc6/0x4a0 [ 404.371391] ? may_umount+0xa0/0xa0 [ 404.374992] ? _raw_read_unlock+0x22/0x30 [ 404.379118] ? __get_fs_type+0x8a/0xc0 [ 404.382982] do_mount+0xea4/0x2bb0 [ 404.386501] ? copy_mount_string+0x40/0x40 [ 404.390710] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 404.395703] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 404.400437] ? retint_kernel+0x10/0x10 [ 404.404303] ? copy_mount_options+0x18b/0x2e0 [ 404.408774] ? copy_mount_options+0x193/0x2e0 [ 404.413247] ? copy_mount_options+0x1f7/0x2e0 [ 404.417717] SyS_mount+0xab/0x120 [ 404.421145] ? copy_mnt_ns+0xb30/0xb30 [ 404.425009] do_syscall_64+0x281/0x940 [ 404.428876] ? vmalloc_sync_all+0x30/0x30 [ 404.432997] ? _raw_spin_unlock_irq+0x27/0x70 [ 404.437471] ? finish_task_switch+0x1c1/0x7e0 [ 404.441940] ? syscall_return_slowpath+0x550/0x550 [ 404.446845] ? syscall_return_slowpath+0x2ac/0x550 [ 404.451751] ? prepare_exit_to_usermode+0x350/0x350 [ 404.456742] ? entry_SYSCALL_64_after_hwframe+0x52/0xb7 [ 404.462083] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 404.466905] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 404.472070] RIP: 0033:0x454e79 [ 404.475235] RSP: 002b:00007fb29f67ac68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 404.482916] RAX: ffffffffffffffda RBX: 00007fb29f67b6d4 RCX: 0000000000454e79 [ 404.490162] RDX: 0000000020000240 RSI: 0000000020026ff8 RDI: 0000000020000280 [ 404.497406] RBP: 000000000072bea0 R08: 0000000020ae2fff R09: 0000000000000000 [ 404.504654] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000014 [ 404.511902] R13: 00000000000003fa R14: 00000000006f8010 R15: 000000000000001e 2018/03/31 03:07:40 executing program 2: sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r0 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) r1 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) fchdir(0xffffffffffffffff) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) getsockopt$inet6_tcp_buf(r0, 0x6, 0xf, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_pid(r3, &(0x7f0000000100)=ANY=[], 0x1023c) fadvise64(r2, 0x0, 0x0, 0x4) ioctl$TUNGETFEATURES(0xffffffffffffffff, 0x800454cf, &(0x7f00000002c0)) fallocate(r2, 0x0, 0x0, 0xffff) r4 = inotify_init1(0x0) open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) r5 = inotify_init1(0x80800) dup2(r4, r5) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1eec7e667e9c22c674d6eb942b78258369909dc", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000000280)) sendmsg$IPVS_CMD_GET_INFO(r1, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(r1, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) ioctl(r0, 0x2285, &(0x7f0000007000)='S') 2018/03/31 03:07:40 executing program 6: sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r0 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) r1 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) fchdir(0xffffffffffffffff) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) getsockopt$inet6_tcp_buf(r0, 0x6, 0xf, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) write$cgroup_pid(0xffffffffffffffff, &(0x7f0000000100)=ANY=[], 0x1023c) fadvise64(r2, 0x0, 0x0, 0x4) ioctl$TUNGETFEATURES(r2, 0x800454cf, &(0x7f00000002c0)) fallocate(r2, 0x0, 0x0, 0xffff) r3 = inotify_init1(0x0) open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) r4 = inotify_init1(0x80800) dup2(r3, r4) fstatfs(r3, &(0x7f0000000040)=""/62) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000280)) sendmsg$IPVS_CMD_GET_INFO(r1, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(r2, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(r1, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) ioctl(r0, 0x2285, &(0x7f0000007000)='S') [ 404.555735] binder: 26366:26376 BC_REQUEST_DEATH_NOTIFICATION invalid ref 3 [ 404.573848] binder: 26366:26376 Acquire 1 refcount change on invalid ref 0 ret -22 [ 404.581671] binder: 26366:26376 BC_ACQUIRE_DONE u0000000000000000 no match [ 404.588777] binder: 26366:26376 unknown command 0 2018/03/31 03:07:40 executing program 1 (fault-call:10 fault-nth:31): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x2800000, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="8da4363a00000000000000000000000000000000000000000000000000000000ecf6f2a3299748aeb81e1b00920efd9a000001000000000001000000000000005f42485266535f4d050000000000000000104000000000000000020000000000000000000000000000000000000000000000800200000000007000000000000006000000000000000100000000000000001000000010000000100000001000006100000004000000000000000000000000000000000000000000000045010000000000000000000000010000000000000000008002000000000000800000000000001000000010000000100000000000000000000000000000000000000000000000000000000000000000c08de47c70514c95b95e109e96a0b90decf6f2a3299748aeb81e1b00920efd9a00", 0x12c, 0x10000}], 0x0, &(0x7f0000014300)) mkdir(&(0x7f0000000040)='./file0\x00', 0x1c1) syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000180)="2f2f66696c653002", 0x80, 0x1, &(0x7f0000000900)=[{&(0x7f0000000400)="726b0bf4cf9ea0007fa7cf2e5c463c327b275b956e7a407a7776f3f680f45f33407d01287d4ef58cd8d319309c29643917d4bc86f568f8852b2e6c7cee837e0715e7aa7f82e970e6d76f2290b63efeed63f0785b36f4e95bdf2f07271dbd7d278d79d59de5", 0x65, 0x4}], 0x240000, &(0x7f0000000a00)={'nouuid,'}) r0 = open(&(0x7f00000002c0)='./file0\x00', 0x0, 0x0) symlinkat(&(0x7f0000000240)='./file0/file0/file0\x00', r0, &(0x7f0000000140)='./file0\x00') ioctl$UFFDIO_UNREGISTER(r0, 0x8010aa01, &(0x7f00000003c0)={&(0x7f0000ffc000/0x1000)=nil, 0x1000}) syz_open_pts(r0, 0x646041) unlinkat(r0, &(0x7f0000000080)='./file0/file0/file0\x00', 0x0) renameat(r0, &(0x7f0000000040)="2f2f66696c653002", 0xffffffffffffffff, &(0x7f0000000100)='./file1\x00') mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f0000000280)='./file0/file0\x00', &(0x7f0000026ff8)='./file0\x00', &(0x7f0000000240)='rpc_pipefs\x00', 0x0, &(0x7f0000ae2fff)) umount2(&(0x7f0000000000)='./file0\x00', 0x0) fcntl$notify(r0, 0x402, 0x1b) symlinkat(&(0x7f0000000800)='./file0\x00', 0xffffffffffffffff, &(0x7f0000000780)='./file0/file0\x00') mkdir(&(0x7f0000000380)='./file0\x00', 0x2) renameat(r0, &(0x7f0000000300)="2f2f66696c653002", 0xffffffffffffffff, &(0x7f0000000340)='./file1\x00') 2018/03/31 03:07:41 executing program 3: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ppp\x00', 0x40000, 0x0) ioctl$FIONREAD(r0, 0x541b, &(0x7f0000000440)) sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r1 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) r2 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) fchdir(0xffffffffffffffff) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) getsockopt$inet6_tcp_buf(r1, 0x6, 0xf, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) r4 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_pid(r4, &(0x7f0000000100)=ANY=[], 0x1023c) fadvise64(r3, 0x0, 0x0, 0x4) ioctl$TUNGETFEATURES(r3, 0x800454cf, &(0x7f00000002c0)) fallocate(r3, 0x0, 0x0, 0xffff) r5 = inotify_init1(0x0) open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) getsockopt$inet6_buf(r4, 0x29, 0x2a, &(0x7f0000000580)=""/148, &(0x7f0000000480)=0x94) r6 = inotify_init1(0x80800) dup2(r5, r6) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1eec7e667e9c22c674d6eb942b78258369909dc", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") ioctl$sock_SIOCGPGRP(r4, 0x8904, &(0x7f0000000280)) sendmsg$IPVS_CMD_GET_INFO(r2, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(r3, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}, 0x10}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(r2, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) ioctl(r1, 0x2285, &(0x7f0000007000)='S') [ 404.651756] binder: 26366:26376 ioctl c0306201 200001c0 returned -22 2018/03/31 03:07:41 executing program 2: sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r0 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) r1 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) fchdir(0xffffffffffffffff) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) getsockopt$inet6_tcp_buf(r0, 0x6, 0xf, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_pid(r3, &(0x7f0000000100)=ANY=[], 0x1023c) fadvise64(r2, 0x0, 0x0, 0x4) ioctl$TUNGETFEATURES(0xffffffffffffffff, 0x800454cf, &(0x7f00000002c0)) fallocate(r2, 0x0, 0x0, 0xffff) r4 = inotify_init1(0x0) open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) r5 = inotify_init1(0x80800) dup2(r4, r5) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1eec7e667e9c22c674d6eb942b78258369909dc", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000000280)) sendmsg$IPVS_CMD_GET_INFO(r1, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(r1, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) ioctl(r0, 0x2285, &(0x7f0000007000)='S') 2018/03/31 03:07:41 executing program 5: sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r0 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) r1 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) fchdir(0xffffffffffffffff) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) getsockopt$inet6_tcp_buf(r0, 0x6, 0xf, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) ioctl$KVM_GET_REGS(r2, 0x8090ae81, &(0x7f0000000440)) write$cgroup_pid(r3, &(0x7f0000000100)=ANY=[], 0x1023c) fadvise64(r2, 0x0, 0x0, 0x4) ioctl$TUNGETFEATURES(r2, 0x800454cf, &(0x7f00000002c0)) fallocate(r2, 0x0, 0x0, 0xffff) r4 = inotify_init1(0x0) open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) r5 = inotify_init1(0x80800) dup2(r4, r5) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1eec7e667e9c22c674d6eb942b78258369909dc", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000000280)) sendmsg$IPVS_CMD_GET_INFO(r1, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(r2, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(r1, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) ioctl(r0, 0x2285, &(0x7f0000007000)='S') 2018/03/31 03:07:41 executing program 7: sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r0 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) r1 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) fchdir(0xffffffffffffffff) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) getsockopt$inet6_tcp_buf(r0, 0x6, 0xf, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_pid(r3, &(0x7f0000000100)=ANY=[], 0x1023c) fadvise64(r2, 0x0, 0x0, 0x4) ioctl$TUNGETFEATURES(r2, 0x800454cf, &(0x7f00000002c0)) fallocate(r2, 0x0, 0x0, 0xffff) r4 = inotify_init1(0x0) open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) r5 = inotify_init1(0x80800) dup2(r4, r5) fstatfs(r4, &(0x7f0000000040)=""/62) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1eec7e667e9c22c674d6eb942b78258369909dc", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000000280)) sendmsg$IPVS_CMD_GET_INFO(r1, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) sendfile(r0, r0, &(0x7f0000000440), 0x401) ioctl$KVM_X86_SETUP_MCE(r2, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(r1, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) ioctl(r0, 0x2285, &(0x7f0000007000)='S') [ 404.706632] binder: 26366:26376 BC_REQUEST_DEATH_NOTIFICATION invalid ref 3 [ 404.716495] binder: 26366:26376 Acquire 1 refcount change on invalid ref 0 ret -22 [ 404.724310] binder: 26366:26376 BC_ACQUIRE_DONE u0000000000000000 no match [ 404.731360] binder: 26366:26376 unknown command 0 2018/03/31 03:07:41 executing program 6: sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r0 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) r1 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) fchdir(0xffffffffffffffff) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) getsockopt$inet6_tcp_buf(r0, 0x6, 0xf, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) write$cgroup_pid(0xffffffffffffffff, &(0x7f0000000100)=ANY=[], 0x1023c) fadvise64(r2, 0x0, 0x0, 0x4) ioctl$TUNGETFEATURES(r2, 0x800454cf, &(0x7f00000002c0)) fallocate(r2, 0x0, 0x0, 0xffff) r3 = inotify_init1(0x0) open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) r4 = inotify_init1(0x80800) dup2(r3, r4) fstatfs(r3, &(0x7f0000000040)=""/62) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000280)) sendmsg$IPVS_CMD_GET_INFO(r1, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(r2, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(r1, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) ioctl(r0, 0x2285, &(0x7f0000007000)='S') [ 404.752546] binder: 26366:26376 ioctl c0306201 200001c0 returned -22 [ 404.911526] FAULT_INJECTION: forcing a failure. [ 404.911526] name failslab, interval 1, probability 0, space 0, times 0 [ 404.922839] CPU: 1 PID: 26396 Comm: syz-executor1 Not tainted 4.16.0-rc7+ #7 [ 404.930027] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 404.939372] Call Trace: [ 404.941954] dump_stack+0x194/0x24d [ 404.945581] ? arch_local_irq_restore+0x53/0x53 [ 404.950246] ? __save_stack_trace+0x7e/0xd0 [ 404.954578] should_fail+0x8c0/0xa40 [ 404.958288] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 404.963376] ? kasan_kmalloc+0xad/0xe0 [ 404.967249] ? kmem_cache_alloc_trace+0x136/0x740 [ 404.972075] ? __memcg_init_list_lru_node+0x169/0x270 [ 404.977237] ? __list_lru_init+0x544/0x750 [ 404.981445] ? sget_userns+0x6b1/0xe40 [ 404.985316] ? vfs_kern_mount.part.26+0xc6/0x4a0 [ 404.990047] ? do_mount+0xea4/0x2bb0 [ 404.993734] ? SyS_mount+0xab/0x120 [ 404.997334] ? do_syscall_64+0x281/0x940 [ 405.001372] ? entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 405.006715] ? find_held_lock+0x35/0x1d0 [ 405.010754] ? __lock_is_held+0xb6/0x140 [ 405.014806] ? check_same_owner+0x320/0x320 [ 405.019126] ? rcu_note_context_switch+0x710/0x710 [ 405.024045] should_failslab+0xec/0x120 [ 405.028006] kmem_cache_alloc_trace+0x4b/0x740 [ 405.032579] ? __kmalloc_node+0x33/0x70 [ 405.036531] ? __kmalloc_node+0x33/0x70 [ 405.040481] ? rcu_read_lock_sched_held+0x108/0x120 [ 405.045487] __memcg_init_list_lru_node+0x169/0x270 [ 405.050477] ? list_lru_add+0x7c0/0x7c0 [ 405.054427] ? __kmalloc_node+0x47/0x70 [ 405.058379] __list_lru_init+0x544/0x750 [ 405.062423] ? memcg_destroy_list_lru_node.isra.7+0x110/0x110 [ 405.068284] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 405.073281] ? lockdep_init_map+0x9/0x10 [ 405.077317] sget_userns+0x6b1/0xe40 [ 405.081018] ? set_anon_super+0x20/0x20 [ 405.084972] ? put_filp+0x90/0x90 [ 405.088397] ? destroy_unused_super.part.6+0xd0/0xd0 [ 405.093484] ? __alloc_pages_slowpath+0x2d10/0x2d10 [ 405.098474] ? trace_hardirqs_off+0x10/0x10 [ 405.102769] ? putname+0xee/0x130 [ 405.106198] ? cap_capable+0x1b5/0x230 [ 405.110060] ? security_capable+0x8e/0xc0 [ 405.114183] ? rpc_remove_pipe_dir_object+0x6d0/0x6d0 [ 405.119344] ? ns_capable_common+0xcf/0x160 [ 405.123638] ? rpc_remove_pipe_dir_object+0x6d0/0x6d0 [ 405.128800] mount_ns+0x6d/0x190 [ 405.132140] rpc_mount+0x9e/0xd0 [ 405.135481] mount_fs+0x66/0x2d0 [ 405.138822] vfs_kern_mount.part.26+0xc6/0x4a0 [ 405.143386] ? may_umount+0xa0/0xa0 [ 405.146999] ? _raw_read_unlock+0x22/0x30 [ 405.151128] ? __get_fs_type+0x8a/0xc0 [ 405.154997] do_mount+0xea4/0x2bb0 [ 405.158520] ? copy_mount_string+0x40/0x40 [ 405.162737] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 405.167737] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 405.172469] ? retint_kernel+0x10/0x10 [ 405.176330] ? copy_mount_options+0x18b/0x2e0 [ 405.180820] ? copy_mount_options+0x193/0x2e0 [ 405.185295] ? copy_mount_options+0x1f7/0x2e0 [ 405.189767] SyS_mount+0xab/0x120 [ 405.193198] ? copy_mnt_ns+0xb30/0xb30 [ 405.197064] do_syscall_64+0x281/0x940 [ 405.200925] ? vmalloc_sync_all+0x30/0x30 [ 405.205055] ? syscall_return_slowpath+0x550/0x550 [ 405.209963] ? syscall_return_slowpath+0x2ac/0x550 [ 405.214872] ? prepare_exit_to_usermode+0x350/0x350 [ 405.219881] ? entry_SYSCALL_64_after_hwframe+0x52/0xb7 [ 405.225240] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 405.230084] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 405.235254] RIP: 0033:0x454e79 [ 405.238418] RSP: 002b:00007fb29f67ac68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 405.246186] RAX: ffffffffffffffda RBX: 00007fb29f67b6d4 RCX: 0000000000454e79 [ 405.253430] RDX: 0000000020000240 RSI: 0000000020026ff8 RDI: 0000000020000280 2018/03/31 03:07:41 executing program 5: sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r0 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) r1 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) fchdir(0xffffffffffffffff) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) getsockopt$inet6_tcp_buf(r0, 0x6, 0xf, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_pid(r3, &(0x7f0000000100)=ANY=[], 0x1023c) fadvise64(r2, 0x0, 0x0, 0x4) ioctl$TUNGETFEATURES(r2, 0x800454cf, &(0x7f00000002c0)) fallocate(r2, 0x0, 0x0, 0xffff) r4 = inotify_init1(0x0) open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) r5 = inotify_init1(0x80800) dup2(r4, r5) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1eec7e667e9c22c674d6eb942b78258369909dc", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000000280)) sendmsg$IPVS_CMD_GET_INFO(r1, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(r2, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(r1, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) ioctl(r0, 0x2285, &(0x7f0000000580)="263db0db86f501000000492569a7a1c91dcc412bb2eb814f13e7a8f8a122f9210e1cfabb56febd29f7c4602a897295e2ea43dea655b8aedae440e35a245f2b1ae107a023f33505fcf889fc7b3f1d0cc089e305a7a2b1bdbd865a95c9f663c9a09250e2fdb49d8fa4f0829b2025fac28f30a886c3b6ab52d9acfd04bef7e19ad8ed0266fbabf076994f6805e1e98967974a522217566ebaeb51098e7359267eef44415b37f89cefc2d5247241d2") 2018/03/31 03:07:41 executing program 3: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ppp\x00', 0x40000, 0x0) ioctl$FIONREAD(r0, 0x541b, &(0x7f0000000440)) sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r1 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) r2 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) fchdir(0xffffffffffffffff) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) getsockopt$inet6_tcp_buf(r1, 0x6, 0xf, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) r4 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_pid(r4, &(0x7f0000000100)=ANY=[], 0x1023c) fadvise64(r3, 0x0, 0x0, 0x4) ioctl$TUNGETFEATURES(r3, 0x800454cf, &(0x7f00000002c0)) fallocate(r3, 0x0, 0x0, 0xffff) r5 = inotify_init1(0x0) open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) getsockopt$inet6_buf(r4, 0x29, 0x2a, &(0x7f0000000580)=""/148, &(0x7f0000000480)=0x94) r6 = inotify_init1(0x80800) dup2(r5, r6) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1eec7e667e9c22c674d6eb942b78258369909dc", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") ioctl$sock_SIOCGPGRP(r4, 0x8904, &(0x7f0000000280)) sendmsg$IPVS_CMD_GET_INFO(r2, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(r3, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}, 0x10}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(r2, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) ioctl(r1, 0x2285, &(0x7f0000007000)='S') 2018/03/31 03:07:41 executing program 4: ioctl$TIOCGPGRP(0xffffffffffffff9c, 0x540f, &(0x7f00000000c0)) ioctl$sock_FIOGETOWN(0xffffffffffffff9c, 0x8903, &(0x7f0000000180)) r0 = fcntl$getown(0xffffffffffffff9c, 0x9) r1 = getpgrp(r0) ptrace$setopts(0x4200, r1, 0x100, 0x40) r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000)='/dev/hwrng\x00', 0x40000, 0x0) r3 = syz_open_dev$binder(&(0x7f00000004c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$DRM_IOCTL_AGP_FREE(0xffffffffffffffff, 0x40206435, &(0x7f0000002000)={0x0, 0x0, 0x0, 0x101371}) bpf$PROG_LOAD(0x5, &(0x7f000095c000)={0x1, 0x5, &(0x7f0000002000)=@framed={{0x18}, [@jmp={0x5, 0x0, 0x1, 0x0, 0x0, 0x1}], {0x95}}, &(0x7f000040dff6)='syzkaller\x00', 0x1, 0x29e, &(0x7f000000a000)=""/195}, 0x48) ioctl$KDGKBSENT(r2, 0x4b48, &(0x7f0000000200)={0x4, 0x1, 0x10001}) getgroups(0x0, &(0x7f0000000500)) mmap$binder(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) ioctl$EVIOCGMASK(r2, 0x80104592, &(0x7f0000000240)={0x4, 0x9c, &(0x7f00000003c0)="ce5193664ba91c88f27943b33c2684b085f0c18c184979339c1e3b39cb923fd8b0ccceb737e3486c6d46db7c061662436f2d81b325281424575092b1919071dc3303b37d38e4ba01e70ec3a10e1908adca6ed68c36aed7127f25751ba81d6ad5d20a3a338cf8454a40a284daf23b3cfc2b96e13c4bd1da6a36c049a4bad0e9919ae940443c8d7219ebc58d4cf5fffd6b0a244219e4e1a4c3dce6b0df"}) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f00000001c0)={0x74, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0c6300000e630c40030000000000000000000000056304400000000009631040", @ANYBLOB, @ANYBLOB="000000000000000000634040000000000000000002000000000000000000000001000000000000000000000018000000000000001000000000000000", @ANYPTR=&(0x7f0000000080)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00H\x00\x00\x00\x00\x00\x00\x00'], @ANYRES64, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0xeb, 0x0, &(0x7f00000002c0)="e718c6edde7a3b7c6af63e413cd5ffd2355006b90295e59b944ae30b53c5e0fb06504316e64898a349e3220fa658c2092306f433254289bcf5cf48a952c6e7eb4c54969299c6123213c5518ec0276eec669de3b62c531bcf2ba950c84bb12b57275938926ff74b0a8fe76d6e8de191b41f549e02c8262b5bf0d716c5f23d4dae1e2d8aac7c0b2386ed16e3b0c7fb6e60c5bbd3d1efb87f99573a5ced5b7f13f75995a776f3c7e6ed23b5056ebec90c762d6ebdd8a7de0f61884f12294d1a1a3696ca768758bc197a050a453209d4fe9930a7053742a70a6fe08461645091bc00c6f25addfbc55c3d37fe35"}) mkdir(&(0x7f0000000040)='./file0\x00', 0x2) 2018/03/31 03:07:41 executing program 2: sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r0 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) r1 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) fchdir(0xffffffffffffffff) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) getsockopt$inet6_tcp_buf(r0, 0x6, 0xf, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_pid(r3, &(0x7f0000000100)=ANY=[], 0x1023c) fadvise64(r2, 0x0, 0x0, 0x4) ioctl$TUNGETFEATURES(0xffffffffffffffff, 0x800454cf, &(0x7f00000002c0)) fallocate(r2, 0x0, 0x0, 0xffff) r4 = inotify_init1(0x0) open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) r5 = inotify_init1(0x80800) dup2(r4, r5) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1eec7e667e9c22c674d6eb942b78258369909dc", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000000280)) sendmsg$IPVS_CMD_GET_INFO(r1, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(r1, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) ioctl(r0, 0x2285, &(0x7f0000007000)='S') 2018/03/31 03:07:41 executing program 6: sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r0 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) r1 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) fchdir(0xffffffffffffffff) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_pid(r3, &(0x7f0000000100)=ANY=[], 0x1023c) fadvise64(r2, 0x0, 0x0, 0x4) ioctl$TUNGETFEATURES(r2, 0x800454cf, &(0x7f00000002c0)) fallocate(r2, 0x0, 0x0, 0xffff) r4 = inotify_init1(0x0) open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) r5 = inotify_init1(0x80800) dup2(r4, r5) fstatfs(r4, &(0x7f0000000040)=""/62) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000000280)) sendmsg$IPVS_CMD_GET_INFO(r1, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(r2, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(r1, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) ioctl(r0, 0x2285, &(0x7f0000007000)='S') 2018/03/31 03:07:41 executing program 1 (fault-call:10 fault-nth:32): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x2800000, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="8da4363a00000000000000000000000000000000000000000000000000000000ecf6f2a3299748aeb81e1b00920efd9a000001000000000001000000000000005f42485266535f4d050000000000000000104000000000000000020000000000000000000000000000000000000000000000800200000000007000000000000006000000000000000100000000000000001000000010000000100000001000006100000004000000000000000000000000000000000000000000000045010000000000000000000000010000000000000000008002000000000000800000000000001000000010000000100000000000000000000000000000000000000000000000000000000000000000c08de47c70514c95b95e109e96a0b90decf6f2a3299748aeb81e1b00920efd9a00", 0x12c, 0x10000}], 0x0, &(0x7f0000014300)) mkdir(&(0x7f0000000040)='./file0\x00', 0x1c1) syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000180)="2f2f66696c653002", 0x80, 0x1, &(0x7f0000000900)=[{&(0x7f0000000400)="726b0bf4cf9ea0007fa7cf2e5c463c327b275b956e7a407a7776f3f680f45f33407d01287d4ef58cd8d319309c29643917d4bc86f568f8852b2e6c7cee837e0715e7aa7f82e970e6d76f2290b63efeed63f0785b36f4e95bdf2f07271dbd7d278d79d59de5", 0x65, 0x4}], 0x240000, &(0x7f0000000a00)={'nouuid,'}) r0 = open(&(0x7f00000002c0)='./file0\x00', 0x0, 0x0) symlinkat(&(0x7f0000000240)='./file0/file0/file0\x00', r0, &(0x7f0000000140)='./file0\x00') ioctl$UFFDIO_UNREGISTER(r0, 0x8010aa01, &(0x7f00000003c0)={&(0x7f0000ffc000/0x1000)=nil, 0x1000}) syz_open_pts(r0, 0x646041) unlinkat(r0, &(0x7f0000000080)='./file0/file0/file0\x00', 0x0) renameat(r0, &(0x7f0000000040)="2f2f66696c653002", 0xffffffffffffffff, &(0x7f0000000100)='./file1\x00') mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f0000000280)='./file0/file0\x00', &(0x7f0000026ff8)='./file0\x00', &(0x7f0000000240)='rpc_pipefs\x00', 0x0, &(0x7f0000ae2fff)) umount2(&(0x7f0000000000)='./file0\x00', 0x0) fcntl$notify(r0, 0x402, 0x1b) symlinkat(&(0x7f0000000800)='./file0\x00', 0xffffffffffffffff, &(0x7f0000000780)='./file0/file0\x00') mkdir(&(0x7f0000000380)='./file0\x00', 0x2) renameat(r0, &(0x7f0000000300)="2f2f66696c653002", 0xffffffffffffffff, &(0x7f0000000340)='./file1\x00') 2018/03/31 03:07:41 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x20000, 0x0) r1 = syz_open_dev$sndtimer(&(0x7f00000000c0)='/dev/snd/timer\x00', 0x0, 0x0) read(r1, &(0x7f0000ec6000)=""/50, 0x32) r2 = socket$bt_cmtp(0x1f, 0x3, 0x5) ioctl$sock_bt_cmtp_CMTPGETCONNINFO(r2, 0x800443d3, &(0x7f0000000080)={{0x6, 0x6, 0xffffffffffffff0b, 0xb73, 0x3ff, 0xfff}, 0xf32, 0x80000001, 0x7}) r3 = syz_open_dev$amidi(&(0x7f00000001c0)='/dev/amidi#\x00', 0x0, 0x0) r4 = accept4$vsock_stream(r3, &(0x7f0000000340)={0x28, 0x0, 0xffffffff, @my=0x0}, 0x10, 0x80000) r5 = getpgid(0x0) syz_open_procfs(r5, &(0x7f0000000540)='net/mcfilter\x00') ioctl$SNDRV_TIMER_IOCTL_SELECT(r1, 0x40345410, &(0x7f0000000400)={{0x80100000001}}) ioctl$SNDRV_TIMER_IOCTL_PARAMS(r1, 0x40505412, &(0x7f000001cfb0)={0x0, 0x0, 0x0, 0x0, 0xf}) read(r1, &(0x7f0000000200)=""/228, 0xe4) r6 = openat$cuse(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/cuse\x00', 0x400000, 0x0) getsockopt$netrom_NETROM_T1(r6, 0x103, 0x1, &(0x7f0000000600), &(0x7f0000000640)=0x4) ioctl$SNDRV_TIMER_IOCTL_START(r1, 0x54a0) socket$nl_xfrm(0x10, 0x3, 0x6) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000680)='/dev/vga_arbiter\x00', 0x8000, 0x0) syz_open_dev$sndmidi(&(0x7f0000000500)='/dev/snd/midiC#D#\x00', 0x401, 0x2080) getsockopt$ax25_int(r4, 0x101, 0xf, &(0x7f0000000440), &(0x7f00000004c0)=0x4) ioctl$KVM_SET_NR_MMU_PAGES(r6, 0xae44, 0x40) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f0000000480)) r7 = dup2(0xffffffffffffffff, r0) bind$bt_l2cap(r7, &(0x7f0000000040)={0x1f, 0x5b91, {0xd, 0x0, 0x0, 0x8006, 0x5, 0x6}, 0x0, 0x5}, 0xe) preadv(r7, &(0x7f00000007c0)=[{&(0x7f0000000140)=""/100, 0x64}, {&(0x7f0000000240)=""/66, 0x42}, {&(0x7f00000002c0)=""/115, 0x73}, {&(0x7f0000000380)=""/71, 0x47}], 0x4, 0x16) 2018/03/31 03:07:41 executing program 7: sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r0 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) r1 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) fchdir(0xffffffffffffffff) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) getsockopt$inet6_tcp_buf(r0, 0x6, 0xf, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_pid(r3, &(0x7f0000000100)=ANY=[], 0x1023c) memfd_create(&(0x7f0000000680)='vmnet0em0\x00', 0x0) fadvise64(r0, 0x21, 0x0, 0x4) ioctl$TUNGETFEATURES(r2, 0x800454cf, &(0x7f00000002c0)) fallocate(r2, 0x0, 0x0, 0xffff) r4 = inotify_init1(0x0) open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) r5 = inotify_init1(0x80800) fstat(r4, &(0x7f0000000580)) setsockopt$bt_BT_POWER(r0, 0x112, 0x9, &(0x7f00000000c0)=0xffffffffffffff5b, 0x1) r6 = dup2(r4, r5) fstatfs(r4, &(0x7f0000000040)=""/62) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1eec7e667e9c22c674d6eb942b78258369909dc", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000000280)) syz_open_dev$sg(&(0x7f0000000440)='/dev/sg#\x00', 0x6, 0x400) sendmsg$IPVS_CMD_GET_INFO(r1, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(r2, 0x4008ae9c, &(0x7f00000004c0)={0x2, 0x0, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(r6, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) ioctl(r0, 0x2285, &(0x7f0000007000)='S') [ 405.260671] RBP: 000000000072bea0 R08: 0000000020ae2fff R09: 0000000000000000 [ 405.267912] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000014 [ 405.275162] R13: 00000000000003fa R14: 00000000006f8010 R15: 000000000000001f [ 405.357948] binder: 26421:26423 BC_REQUEST_DEATH_NOTIFICATION invalid ref 3 [ 405.370782] FAULT_INJECTION: forcing a failure. [ 405.370782] name failslab, interval 1, probability 0, space 0, times 0 [ 405.377112] binder: 26421:26423 Acquire 1 refcount change on invalid ref 0 ret -22 [ 405.383326] CPU: 0 PID: 26437 Comm: syz-executor1 Not tainted 4.16.0-rc7+ #7 [ 405.389779] binder: 26421:26423 BC_ACQUIRE_DONE u0000000000000000 no match [ 405.396907] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 405.396913] Call Trace: [ 405.396930] dump_stack+0x194/0x24d [ 405.396945] ? arch_local_irq_restore+0x53/0x53 [ 405.396956] ? __save_stack_trace+0x7e/0xd0 [ 405.396970] should_fail+0x8c0/0xa40 [ 405.403984] binder: 26421:26423 unknown command 0 [ 405.413300] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 405.413312] ? kasan_kmalloc+0xad/0xe0 [ 405.441303] binder: 26421:26423 ioctl c0306201 200001c0 returned -22 [ 405.442021] ? kmem_cache_alloc_trace+0x136/0x740 [ 405.442031] ? __memcg_init_list_lru_node+0x169/0x270 [ 405.442039] ? __list_lru_init+0x544/0x750 [ 405.442046] ? sget_userns+0x6b1/0xe40 [ 405.442058] ? vfs_kern_mount.part.26+0xc6/0x4a0 [ 405.475190] ? do_mount+0xea4/0x2bb0 [ 405.478883] ? SyS_mount+0xab/0x120 [ 405.482490] ? do_syscall_64+0x281/0x940 [ 405.486531] ? entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 405.491875] ? find_held_lock+0x35/0x1d0 [ 405.495919] ? __lock_is_held+0xb6/0x140 [ 405.499964] ? check_same_owner+0x320/0x320 [ 405.504265] ? rcu_note_context_switch+0x710/0x710 [ 405.509173] should_failslab+0xec/0x120 [ 405.513123] kmem_cache_alloc_trace+0x4b/0x740 [ 405.517678] ? __kmalloc_node+0x33/0x70 [ 405.521624] ? __kmalloc_node+0x33/0x70 [ 405.525573] ? rcu_read_lock_sched_held+0x108/0x120 [ 405.530570] __memcg_init_list_lru_node+0x169/0x270 [ 405.535562] ? list_lru_add+0x7c0/0x7c0 [ 405.539513] ? __kmalloc_node+0x47/0x70 [ 405.543467] __list_lru_init+0x544/0x750 [ 405.547506] ? memcg_destroy_list_lru_node.isra.7+0x110/0x110 [ 405.553367] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 405.558361] ? lockdep_init_map+0x9/0x10 [ 405.562399] sget_userns+0x6b1/0xe40 [ 405.566088] ? set_anon_super+0x20/0x20 [ 405.570037] ? put_filp+0x90/0x90 [ 405.573466] ? destroy_unused_super.part.6+0xd0/0xd0 [ 405.578546] ? __alloc_pages_slowpath+0x2d10/0x2d10 [ 405.583539] ? trace_hardirqs_off+0x10/0x10 [ 405.587835] ? putname+0xee/0x130 [ 405.591265] ? cap_capable+0x1b5/0x230 [ 405.595131] ? security_capable+0x8e/0xc0 [ 405.599257] ? rpc_remove_pipe_dir_object+0x6d0/0x6d0 [ 405.604424] ? ns_capable_common+0xcf/0x160 [ 405.608725] ? rpc_remove_pipe_dir_object+0x6d0/0x6d0 [ 405.613889] mount_ns+0x6d/0x190 [ 405.617230] rpc_mount+0x9e/0xd0 [ 405.620571] mount_fs+0x66/0x2d0 [ 405.623917] vfs_kern_mount.part.26+0xc6/0x4a0 [ 405.628473] ? may_umount+0xa0/0xa0 [ 405.632077] ? _raw_read_unlock+0x22/0x30 [ 405.636198] ? __get_fs_type+0x8a/0xc0 [ 405.640062] do_mount+0xea4/0x2bb0 [ 405.643580] ? copy_mount_string+0x40/0x40 [ 405.647790] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 405.652783] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 405.657514] ? retint_kernel+0x10/0x10 [ 405.661780] ? copy_mount_options+0x18b/0x2e0 [ 405.666252] ? copy_mount_options+0x191/0x2e0 [ 405.670724] ? copy_mount_options+0x1f7/0x2e0 [ 405.675194] SyS_mount+0xab/0x120 [ 405.678623] ? copy_mnt_ns+0xb30/0xb30 [ 405.682485] do_syscall_64+0x281/0x940 [ 405.686346] ? trace_event_raw_event_sys_exit+0x260/0x260 [ 405.691858] ? syscall_return_slowpath+0x550/0x550 [ 405.696760] ? syscall_return_slowpath+0x2ac/0x550 [ 405.701667] ? entry_SYSCALL_64_after_hwframe+0x52/0xb7 [ 405.707012] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 405.711835] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 405.716998] RIP: 0033:0x454e79 [ 405.720166] RSP: 002b:00007fb29f67ac68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 405.727849] RAX: ffffffffffffffda RBX: 00007fb29f67b6d4 RCX: 0000000000454e79 [ 405.735101] RDX: 0000000020000240 RSI: 0000000020026ff8 RDI: 0000000020000280 [ 405.742347] RBP: 000000000072bea0 R08: 0000000020ae2fff R09: 0000000000000000 [ 405.749593] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000014 2018/03/31 03:07:42 executing program 3: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ppp\x00', 0x40000, 0x0) ioctl$FIONREAD(r0, 0x541b, &(0x7f0000000440)) sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r1 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) r2 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) fchdir(0xffffffffffffffff) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) getsockopt$inet6_tcp_buf(r1, 0x6, 0xf, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) r4 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_pid(r4, &(0x7f0000000100)=ANY=[], 0x1023c) fadvise64(r3, 0x0, 0x0, 0x4) ioctl$TUNGETFEATURES(r3, 0x800454cf, &(0x7f00000002c0)) fallocate(r3, 0x0, 0x0, 0xffff) r5 = inotify_init1(0x0) open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) getsockopt$inet6_buf(r4, 0x29, 0x2a, &(0x7f0000000580)=""/148, &(0x7f0000000480)=0x94) r6 = inotify_init1(0x80800) dup2(r5, r6) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1eec7e667e9c22c674d6eb942b78258369909dc", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") ioctl$sock_SIOCGPGRP(r4, 0x8904, &(0x7f0000000280)) sendmsg$IPVS_CMD_GET_INFO(r2, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(r3, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}, 0x10}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(r2, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) ioctl(r1, 0x2285, &(0x7f0000007000)='S') [ 405.756837] R13: 00000000000003fa R14: 00000000006f8010 R15: 0000000000000020 2018/03/31 03:07:42 executing program 2: sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r0 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) r1 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) fchdir(0xffffffffffffffff) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) getsockopt$inet6_tcp_buf(r0, 0x6, 0xf, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_pid(r3, &(0x7f0000000100)=ANY=[], 0x1023c) fadvise64(r2, 0x0, 0x0, 0x4) ioctl$TUNGETFEATURES(r2, 0x800454cf, &(0x7f00000002c0)) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xffff) r4 = inotify_init1(0x0) open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) r5 = inotify_init1(0x80800) dup2(r4, r5) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1eec7e667e9c22c674d6eb942b78258369909dc", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000000280)) sendmsg$IPVS_CMD_GET_INFO(r1, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(r1, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) ioctl(r0, 0x2285, &(0x7f0000007000)='S') [ 405.834470] binder: 26421:26423 BC_REQUEST_DEATH_NOTIFICATION invalid ref 3 [ 405.847938] binder: 26421:26423 Acquire 1 refcount change on invalid ref 0 ret -22 [ 405.855769] binder: 26421:26423 BC_ACQUIRE_DONE u0000000000000000 no match [ 405.862817] binder: 26421:26423 unknown command 0 [ 405.868488] binder: 26421:26423 ioctl c0306201 200001c0 returned -22 2018/03/31 03:07:42 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x20000, 0x0) r1 = syz_open_dev$sndtimer(&(0x7f00000000c0)='/dev/snd/timer\x00', 0x0, 0x0) read(r1, &(0x7f0000ec6000)=""/50, 0x32) r2 = socket$bt_cmtp(0x1f, 0x3, 0x5) ioctl$sock_bt_cmtp_CMTPGETCONNINFO(r2, 0x800443d3, &(0x7f0000000080)={{0x6, 0x6, 0xffffffffffffff0b, 0xb73, 0x3ff, 0xfff}, 0xf32, 0x80000001, 0x7}) r3 = syz_open_dev$amidi(&(0x7f00000001c0)='/dev/amidi#\x00', 0x0, 0x0) accept4$vsock_stream(r3, &(0x7f0000000340)={0x28, 0x0, 0xffffffff, @my=0x0}, 0x10, 0x80000) ioctl$SNDRV_TIMER_IOCTL_SELECT(r1, 0x40345410, &(0x7f0000000400)={{0x80100000001}}) ioctl$SNDRV_TIMER_IOCTL_PARAMS(r1, 0x40505412, &(0x7f000001cfb0)={0x0, 0x0, 0x0, 0x0, 0xf}) ioctl$sock_bt_hidp_HIDPGETCONNLIST(r3, 0x800448d2, &(0x7f0000000440)={0x1, &(0x7f00000004c0)=[{}]}) read(r1, &(0x7f0000000200)=""/228, 0xe4) r4 = openat$cuse(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/cuse\x00', 0x400000, 0x0) getsockopt$netrom_NETROM_T1(r4, 0x103, 0x1, &(0x7f0000000600), &(0x7f0000000640)=0x4) ioctl$SNDRV_TIMER_IOCTL_START(r1, 0x54a0) socket$nl_xfrm(0x10, 0x3, 0x6) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000680)='/dev/vga_arbiter\x00', 0x8000, 0x0) ioctl$KVM_SET_NR_MMU_PAGES(r4, 0xae44, 0x40) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f0000000480)) r5 = dup2(0xffffffffffffffff, r0) bind$bt_l2cap(r5, &(0x7f0000000040)={0x1f, 0x5b91, {0xd, 0x0, 0x0, 0x8006, 0x5, 0x6}, 0x0, 0x5}, 0xe) preadv(r5, &(0x7f00000007c0)=[{&(0x7f0000000140)=""/100, 0x64}, {&(0x7f0000000240)=""/66, 0x42}, {&(0x7f00000002c0)=""/115, 0x73}, {&(0x7f0000000380)=""/71, 0x47}], 0x4, 0x16) 2018/03/31 03:07:42 executing program 5: sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r0 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) r1 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) fchdir(0xffffffffffffffff) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) getsockopt$inet6_tcp_buf(r0, 0x6, 0xf, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_pid(r1, &(0x7f0000000040)=ANY=[], 0x0) syz_open_dev$sndpcmc(&(0x7f0000000580)='/dev/snd/pcmC#D#c\x00', 0x0, 0x20000) fadvise64(r2, 0x0, 0x0, 0x4) ioctl$TUNGETFEATURES(r2, 0x800454cf, &(0x7f00000002c0)) fallocate(r2, 0x0, 0x0, 0xffff) r4 = inotify_init1(0x0) r5 = open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) r6 = inotify_init1(0x80800) dup2(r4, r6) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1eec7e667e9c22c674d6eb942b78258369909dc", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000000280)) sendmsg$IPVS_CMD_GET_INFO(r1, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) getsockopt$inet_sctp_SCTP_DELAYED_SACK(r5, 0x84, 0x10, &(0x7f0000000040)=@assoc_value={0x0, 0x1}, &(0x7f0000000440)=0x8) getsockopt$inet_sctp6_SCTP_PR_SUPPORTED(r5, 0x84, 0x71, &(0x7f0000000480)={r7, 0x9}, &(0x7f00000004c0)=0x8) ioctl$KVM_X86_SETUP_MCE(r2, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(r1, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) ioctl(r0, 0x2285, &(0x7f0000007000)='S') 2018/03/31 03:07:42 executing program 2: sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r0 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) r1 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) fchdir(0xffffffffffffffff) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) getsockopt$inet6_tcp_buf(r0, 0x6, 0xf, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_pid(r3, &(0x7f0000000100)=ANY=[], 0x1023c) fadvise64(r2, 0x0, 0x0, 0x4) ioctl$TUNGETFEATURES(r2, 0x800454cf, &(0x7f00000002c0)) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xffff) r4 = inotify_init1(0x0) open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) r5 = inotify_init1(0x80800) dup2(r4, r5) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1eec7e667e9c22c674d6eb942b78258369909dc", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000000280)) sendmsg$IPVS_CMD_GET_INFO(r1, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(r1, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) ioctl(r0, 0x2285, &(0x7f0000007000)='S') 2018/03/31 03:07:42 executing program 4: socket$inet6_tcp(0xa, 0x1, 0x0) r0 = syz_open_dev$binder(&(0x7f00000004c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) getgroups(0x4000000000000188, &(0x7f0000000040)) mmap$binder(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x74, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0c6300000e630c40030000000000000000000000056304400000000009631040", @ANYBLOB, @ANYBLOB="000000000000000000634040000000000000000002000000000000000000000001000000000000000000000018000000000000001000000000000000", @ANYRES64=r0, @ANYRES64, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0xeb, 0x0, &(0x7f00000002c0)="e718c6edde7a3b7c6af63e413cd5ffd2355006b90295e59b944ae30b53c5e0fb06504316e64898a349e3220fa658c2092306f433254289bcf5cf48a952c6e7eb4c54969299c6123213c5518ec0276eec669de3b62c531bcf2ba950c84bb12b57275938926ff74b0a8fe76d6e8de191b41f549e02c8262b5bf0d716c5f23d4dae1e2d8aac7c0b2386ed16e3b0c7fb6e60c5bbd3d1efb87f99573a5ced5b7f13f75995a776f3c7e6ed23b5056ebec90c762d6ebdd8a7de0f61884f12294d1a1a3696ca768758bc197a050a453209d4fe9930a7053742a70a6fe08461645091bc00c6f25addfbc55c3d37fe35"}) r1 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/autofs\x00', 0x602640, 0x0) ioctl$LOOP_SET_STATUS64(r1, 0x4c04, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x8, 0x5, 0x0, 0x4, 0x4, 0x10, "d247738ad1626cdf89d87097d1e21d33712815d190f38c2a65d3604f9e85905d8b43e863c373a9ad1e77448c56404d49ec4646bc27ce7f3b30f7ef3c237442cb", "67221ecd92cd0ecacda5c3a3c0bcebd3be2f2f76e7a8cf6e5cc6492ffc50d24c84b466bd543a971521a7c25b1b7a4559232a40dcc50f20714b9f7a9629247cd8", "6fe42097ed767e66438686950540ccfa9ea247c04bf34414ecffb8ff42210fba", [0x8, 0x82b2]}) 2018/03/31 03:07:42 executing program 1 (fault-call:10 fault-nth:33): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x2800000, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="8da4363a00000000000000000000000000000000000000000000000000000000ecf6f2a3299748aeb81e1b00920efd9a000001000000000001000000000000005f42485266535f4d050000000000000000104000000000000000020000000000000000000000000000000000000000000000800200000000007000000000000006000000000000000100000000000000001000000010000000100000001000006100000004000000000000000000000000000000000000000000000045010000000000000000000000010000000000000000008002000000000000800000000000001000000010000000100000000000000000000000000000000000000000000000000000000000000000c08de47c70514c95b95e109e96a0b90decf6f2a3299748aeb81e1b00920efd9a00", 0x12c, 0x10000}], 0x0, &(0x7f0000014300)) mkdir(&(0x7f0000000040)='./file0\x00', 0x1c1) syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000180)="2f2f66696c653002", 0x80, 0x1, &(0x7f0000000900)=[{&(0x7f0000000400)="726b0bf4cf9ea0007fa7cf2e5c463c327b275b956e7a407a7776f3f680f45f33407d01287d4ef58cd8d319309c29643917d4bc86f568f8852b2e6c7cee837e0715e7aa7f82e970e6d76f2290b63efeed63f0785b36f4e95bdf2f07271dbd7d278d79d59de5", 0x65, 0x4}], 0x240000, &(0x7f0000000a00)={'nouuid,'}) r0 = open(&(0x7f00000002c0)='./file0\x00', 0x0, 0x0) symlinkat(&(0x7f0000000240)='./file0/file0/file0\x00', r0, &(0x7f0000000140)='./file0\x00') ioctl$UFFDIO_UNREGISTER(r0, 0x8010aa01, &(0x7f00000003c0)={&(0x7f0000ffc000/0x1000)=nil, 0x1000}) syz_open_pts(r0, 0x646041) unlinkat(r0, &(0x7f0000000080)='./file0/file0/file0\x00', 0x0) renameat(r0, &(0x7f0000000040)="2f2f66696c653002", 0xffffffffffffffff, &(0x7f0000000100)='./file1\x00') mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f0000000280)='./file0/file0\x00', &(0x7f0000026ff8)='./file0\x00', &(0x7f0000000240)='rpc_pipefs\x00', 0x0, &(0x7f0000ae2fff)) umount2(&(0x7f0000000000)='./file0\x00', 0x0) fcntl$notify(r0, 0x402, 0x1b) symlinkat(&(0x7f0000000800)='./file0\x00', 0xffffffffffffffff, &(0x7f0000000780)='./file0/file0\x00') mkdir(&(0x7f0000000380)='./file0\x00', 0x2) renameat(r0, &(0x7f0000000300)="2f2f66696c653002", 0xffffffffffffffff, &(0x7f0000000340)='./file1\x00') 2018/03/31 03:07:42 executing program 7: sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r0 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) r1 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) fchdir(0xffffffffffffffff) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) getsockopt$inet6_tcp_buf(r0, 0x6, 0xf, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_pid(r3, &(0x7f0000000100)=ANY=[], 0x1023c) fadvise64(r2, 0x0, 0x0, 0x4) ioctl$TUNGETFEATURES(r2, 0x800454cf, &(0x7f00000002c0)) fallocate(r2, 0x0, 0x0, 0xffff) r4 = inotify_init1(0x0) socketpair$inet6_udp(0xa, 0x2, 0x0, &(0x7f0000000440)) open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) r5 = inotify_init1(0x80800) dup2(r4, r5) fstatfs(r4, &(0x7f0000000040)=""/62) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1eec7e667e9c22c674d6eb942b78258369909dc", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") setsockopt$RDS_RECVERR(r3, 0x114, 0x5, &(0x7f0000000480), 0x4) ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000000280)) sendmsg$IPVS_CMD_GET_INFO(r1, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(r2, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(r1, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) ioctl(r0, 0x2285, &(0x7f0000007000)='S') 2018/03/31 03:07:42 executing program 3: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ppp\x00', 0x40000, 0x0) ioctl$FIONREAD(r0, 0x541b, &(0x7f0000000440)) sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r1 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) r2 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) fchdir(0xffffffffffffffff) socket(0xf, 0x7, 0x8) getsockopt$inet6_tcp_buf(r1, 0x6, 0xf, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_pid(r3, &(0x7f0000000100)=ANY=[], 0x1023c) fadvise64(0xffffffffffffffff, 0x0, 0x0, 0x4) ioctl$TUNGETFEATURES(0xffffffffffffffff, 0x800454cf, &(0x7f00000002c0)) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xffff) r4 = inotify_init1(0x0) open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) getsockopt$inet6_buf(r3, 0x29, 0x2a, &(0x7f0000000580)=""/148, &(0x7f0000000480)=0x94) r5 = inotify_init1(0x80800) dup2(r4, r5) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1eec7e667e9c22c674d6eb942b78258369909dc", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000000280)) sendmsg$IPVS_CMD_GET_INFO(r2, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}, 0x10}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(r2, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) ioctl(r1, 0x2285, &(0x7f0000007000)='S') 2018/03/31 03:07:42 executing program 6: sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r0 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) r1 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) fchdir(0xffffffffffffffff) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_pid(r3, &(0x7f0000000100)=ANY=[], 0x1023c) fadvise64(r2, 0x0, 0x0, 0x4) ioctl$TUNGETFEATURES(r2, 0x800454cf, &(0x7f00000002c0)) fallocate(r2, 0x0, 0x0, 0xffff) r4 = inotify_init1(0x0) open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) r5 = inotify_init1(0x80800) dup2(r4, r5) fstatfs(r4, &(0x7f0000000040)=""/62) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000000280)) sendmsg$IPVS_CMD_GET_INFO(r1, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(r2, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(r1, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) ioctl(r0, 0x2285, &(0x7f0000007000)='S') [ 406.512316] FAULT_INJECTION: forcing a failure. [ 406.512316] name failslab, interval 1, probability 0, space 0, times 0 [ 406.523991] CPU: 1 PID: 26467 Comm: syz-executor1 Not tainted 4.16.0-rc7+ #7 [ 406.531172] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 406.540516] Call Trace: [ 406.543102] dump_stack+0x194/0x24d [ 406.546737] ? arch_local_irq_restore+0x53/0x53 [ 406.551405] ? find_held_lock+0x35/0x1d0 [ 406.555465] should_fail+0x8c0/0xa40 2018/03/31 03:07:42 executing program 5: sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r0 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) r1 = semget$private(0x0, 0x2, 0x20) semctl$GETZCNT(r1, 0x0, 0xf, &(0x7f0000000040)=""/12) r2 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) fchdir(0xffffffffffffffff) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) getsockopt$inet6_tcp_buf(r0, 0x6, 0xd, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) r4 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_pid(r4, &(0x7f0000000100)=ANY=[], 0x1023c) fadvise64(r3, 0x0, 0x0, 0x4) ioctl$TUNGETFEATURES(r3, 0x800454cf, &(0x7f00000002c0)) fallocate(r3, 0x0, 0x0, 0xffff) r5 = inotify_init1(0x0) open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) r6 = inotify_init1(0x80800) dup2(r5, r6) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1eec7e667e9c22c674d6eb942b78258369909dc", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") ioctl$sock_SIOCGPGRP(r4, 0x8904, &(0x7f0000000280)) sendmsg$IPVS_CMD_GET_INFO(r2, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(r3, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400, 0x802f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(r2, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) ioctl(r0, 0x2285, &(0x7f0000007000)='S') [ 406.559175] ? __list_lru_init+0x352/0x750 [ 406.563410] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 406.568506] ? trace_hardirqs_off+0x10/0x10 [ 406.572819] ? find_next_zero_bit+0xe3/0x110 [ 406.577226] ? trace_hardirqs_off+0x10/0x10 [ 406.581551] ? find_held_lock+0x35/0x1d0 [ 406.585612] ? __lock_is_held+0xb6/0x140 [ 406.589672] ? check_same_owner+0x320/0x320 [ 406.593985] ? lock_downgrade+0x980/0x980 [ 406.598137] ? rcu_note_context_switch+0x710/0x710 [ 406.603059] ? find_held_lock+0x35/0x1d0 [ 406.607118] should_failslab+0xec/0x120 2018/03/31 03:07:42 executing program 2: sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r0 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) r1 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) fchdir(0xffffffffffffffff) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) getsockopt$inet6_tcp_buf(r0, 0x6, 0xf, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_pid(r3, &(0x7f0000000100)=ANY=[], 0x1023c) fadvise64(r2, 0x0, 0x0, 0x4) ioctl$TUNGETFEATURES(r2, 0x800454cf, &(0x7f00000002c0)) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xffff) r4 = inotify_init1(0x0) open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) r5 = inotify_init1(0x80800) dup2(r4, r5) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1eec7e667e9c22c674d6eb942b78258369909dc", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000000280)) sendmsg$IPVS_CMD_GET_INFO(r1, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(r1, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) ioctl(r0, 0x2285, &(0x7f0000007000)='S') [ 406.611090] __kmalloc+0x63/0x760 [ 406.614541] ? lock_downgrade+0x980/0x980 [ 406.618689] ? register_shrinker+0x10e/0x2d0 [ 406.623093] ? trace_event_raw_event_module_request+0x320/0x320 [ 406.629153] register_shrinker+0x10e/0x2d0 [ 406.633384] ? prepare_kswapd_sleep+0x1f0/0x1f0 [ 406.635779] binder: 26460:26469 BC_REQUEST_DEATH_NOTIFICATION invalid ref 3 [ 406.638040] ? memcpy+0x45/0x50 [ 406.638065] sget_userns+0xbbf/0xe40 [ 406.638075] ? set_anon_super+0x20/0x20 [ 406.638086] ? put_filp+0x90/0x90 2018/03/31 03:07:43 executing program 6: sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r0 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) r1 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) fchdir(0xffffffffffffffff) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_pid(r3, &(0x7f0000000100)=ANY=[], 0x1023c) fadvise64(r2, 0x0, 0x0, 0x4) ioctl$TUNGETFEATURES(r2, 0x800454cf, &(0x7f00000002c0)) fallocate(r2, 0x0, 0x0, 0xffff) r4 = inotify_init1(0x0) open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) r5 = inotify_init1(0x80800) dup2(r4, r5) fstatfs(r4, &(0x7f0000000040)=""/62) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000000280)) sendmsg$IPVS_CMD_GET_INFO(r1, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(r2, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(r1, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) ioctl(r0, 0x2285, &(0x7f0000007000)='S') [ 406.651894] binder: 26460:26469 Acquire 1 refcount change on invalid ref 0 ret -22 [ 406.652134] ? destroy_unused_super.part.6+0xd0/0xd0 [ 406.652149] ? __alloc_pages_slowpath+0x2d10/0x2d10 [ 406.652162] ? trace_hardirqs_off+0x10/0x10 [ 406.656178] binder: 26460:26469 BC_ACQUIRE_DONE u0000000000000000 no match [ 406.659547] ? putname+0xee/0x130 [ 406.659560] ? cap_capable+0x1b5/0x230 [ 406.659573] ? security_capable+0x8e/0xc0 [ 406.667287] binder: 26460:26469 unknown command 0 [ 406.672331] ? rpc_remove_pipe_dir_object+0x6d0/0x6d0 [ 406.672341] ? ns_capable_common+0xcf/0x160 [ 406.672352] ? rpc_remove_pipe_dir_object+0x6d0/0x6d0 [ 406.672359] mount_ns+0x6d/0x190 [ 406.672369] rpc_mount+0x9e/0xd0 [ 406.672378] mount_fs+0x66/0x2d0 [ 406.710492] binder: 26460:26469 ioctl c0306201 200001c0 returned -22 [ 406.714374] vfs_kern_mount.part.26+0xc6/0x4a0 [ 406.714386] ? may_umount+0xa0/0xa0 [ 406.714398] ? _raw_read_unlock+0x22/0x30 [ 406.714407] ? __get_fs_type+0x8a/0xc0 [ 406.714419] do_mount+0xea4/0x2bb0 [ 406.714432] ? copy_mount_string+0x40/0x40 [ 406.714443] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 406.714455] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 406.714470] ? retint_kernel+0x10/0x10 [ 406.714482] ? copy_mount_options+0x18b/0x2e0 [ 406.714492] ? copy_mount_options+0x193/0x2e0 [ 406.714503] ? copy_mount_options+0x1f7/0x2e0 [ 406.787083] SyS_mount+0xab/0x120 [ 406.789594] binder: 26460:26489 BC_REQUEST_DEATH_NOTIFICATION invalid ref 3 [ 406.790528] ? copy_mnt_ns+0xb30/0xb30 [ 406.790541] do_syscall_64+0x281/0x940 [ 406.790552] ? vmalloc_sync_all+0x30/0x30 [ 406.790563] ? _raw_spin_unlock_irq+0x27/0x70 [ 406.790574] ? finish_task_switch+0x1c1/0x7e0 [ 406.790584] ? syscall_return_slowpath+0x550/0x550 [ 406.790594] ? syscall_return_slowpath+0x2ac/0x550 [ 406.790604] ? prepare_exit_to_usermode+0x350/0x350 [ 406.824320] binder: 26460:26489 Acquire 1 refcount change on invalid ref 0 ret -22 [ 406.828326] ? entry_SYSCALL_64_after_hwframe+0x52/0xb7 [ 406.828342] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 406.828357] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 406.828365] RIP: 0033:0x454e79 [ 406.828370] RSP: 002b:00007fb29f67ac68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 406.828381] RAX: ffffffffffffffda RBX: 00007fb29f67b6d4 RCX: 0000000000454e79 [ 406.828386] RDX: 0000000020000240 RSI: 0000000020026ff8 RDI: 0000000020000280 [ 406.828392] RBP: 000000000072bea0 R08: 0000000020ae2fff R09: 0000000000000000 [ 406.828397] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000014 [ 406.828402] R13: 00000000000003fa R14: 00000000006f8010 R15: 0000000000000021 [ 406.905528] binder: 26460:26489 BC_ACQUIRE_DONE u0000000000000000 no match [ 406.912566] binder: 26460:26489 unknown command 0 [ 406.950819] binder: 26460:26489 ioctl c0306201 200001c0 returned -22 2018/03/31 03:07:44 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = syz_open_dev$adsp(&(0x7f0000000440)='/dev/adsp#\x00', 0xec, 0x140) getsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(r0, 0x84, 0x13, &(0x7f00000004c0)={0x0}, &(0x7f0000000500)=0x8) getsockopt$inet_sctp6_SCTP_MAXSEG(r1, 0x84, 0xd, &(0x7f0000000540)=@assoc_value={r2, 0x1ff}, &(0x7f0000000580)=0x8) openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x20000, 0x0) r3 = syz_open_dev$sndtimer(&(0x7f00000000c0)='/dev/snd/timer\x00', 0x0, 0x0) read(r3, &(0x7f0000ec6000)=""/50, 0x32) r4 = socket$bt_cmtp(0x1f, 0x3, 0x5) ioctl$sock_bt_cmtp_CMTPGETCONNINFO(r4, 0x800443d3, &(0x7f0000000080)={{0x6, 0x6, 0xffffffffffffff0b, 0xb73, 0x3ff, 0xfff}, 0xf32, 0x80000001, 0x7}) r5 = syz_open_dev$amidi(&(0x7f00000001c0)='/dev/amidi#\x00', 0x0, 0x0) accept4$vsock_stream(r5, &(0x7f0000000340)={0x28, 0x0, 0xffffffff, @my=0x0}, 0x10, 0x80000) ioctl$SNDRV_TIMER_IOCTL_SELECT(r3, 0x40345410, &(0x7f0000000400)={{0x80100000001}}) ioctl$SNDRV_TIMER_IOCTL_PARAMS(r3, 0x40505412, &(0x7f000001cfb0)={0x0, 0x0, 0x0, 0x0, 0xf}) read(r3, &(0x7f0000000200)=""/228, 0xe4) r6 = openat$cuse(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/cuse\x00', 0x400000, 0x0) getsockopt$netrom_NETROM_T1(r6, 0x103, 0x1, &(0x7f0000000600), &(0x7f0000000640)=0x4) ioctl$SNDRV_TIMER_IOCTL_START(r3, 0x54a0) socket$nl_xfrm(0x10, 0x3, 0x6) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000680)='/dev/vga_arbiter\x00', 0x8000, 0x0) ioctl$KVM_SET_NR_MMU_PAGES(r6, 0xae44, 0x40) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f0000000480)) r7 = dup2(0xffffffffffffffff, r0) bind$bt_l2cap(r7, &(0x7f0000000040)={0x1f, 0x5b91, {0xd, 0x0, 0x0, 0x8006, 0x5, 0x6}, 0x0, 0x5}, 0xe) preadv(r7, &(0x7f00000007c0)=[{&(0x7f0000000140)=""/100, 0x64}, {&(0x7f0000000240)=""/66, 0x42}, {&(0x7f00000002c0)=""/115, 0x73}, {&(0x7f0000000380)=""/71, 0x47}], 0x4, 0x16) 2018/03/31 03:07:44 executing program 1 (fault-call:10 fault-nth:34): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x2800000, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="8da4363a00000000000000000000000000000000000000000000000000000000ecf6f2a3299748aeb81e1b00920efd9a000001000000000001000000000000005f42485266535f4d050000000000000000104000000000000000020000000000000000000000000000000000000000000000800200000000007000000000000006000000000000000100000000000000001000000010000000100000001000006100000004000000000000000000000000000000000000000000000045010000000000000000000000010000000000000000008002000000000000800000000000001000000010000000100000000000000000000000000000000000000000000000000000000000000000c08de47c70514c95b95e109e96a0b90decf6f2a3299748aeb81e1b00920efd9a00", 0x12c, 0x10000}], 0x0, &(0x7f0000014300)) mkdir(&(0x7f0000000040)='./file0\x00', 0x1c1) syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000180)="2f2f66696c653002", 0x80, 0x1, &(0x7f0000000900)=[{&(0x7f0000000400)="726b0bf4cf9ea0007fa7cf2e5c463c327b275b956e7a407a7776f3f680f45f33407d01287d4ef58cd8d319309c29643917d4bc86f568f8852b2e6c7cee837e0715e7aa7f82e970e6d76f2290b63efeed63f0785b36f4e95bdf2f07271dbd7d278d79d59de5", 0x65, 0x4}], 0x240000, &(0x7f0000000a00)={'nouuid,'}) r0 = open(&(0x7f00000002c0)='./file0\x00', 0x0, 0x0) symlinkat(&(0x7f0000000240)='./file0/file0/file0\x00', r0, &(0x7f0000000140)='./file0\x00') ioctl$UFFDIO_UNREGISTER(r0, 0x8010aa01, &(0x7f00000003c0)={&(0x7f0000ffc000/0x1000)=nil, 0x1000}) syz_open_pts(r0, 0x646041) unlinkat(r0, &(0x7f0000000080)='./file0/file0/file0\x00', 0x0) renameat(r0, &(0x7f0000000040)="2f2f66696c653002", 0xffffffffffffffff, &(0x7f0000000100)='./file1\x00') mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f0000000280)='./file0/file0\x00', &(0x7f0000026ff8)='./file0\x00', &(0x7f0000000240)='rpc_pipefs\x00', 0x0, &(0x7f0000ae2fff)) umount2(&(0x7f0000000000)='./file0\x00', 0x0) fcntl$notify(r0, 0x402, 0x1b) symlinkat(&(0x7f0000000800)='./file0\x00', 0xffffffffffffffff, &(0x7f0000000780)='./file0/file0\x00') mkdir(&(0x7f0000000380)='./file0\x00', 0x2) renameat(r0, &(0x7f0000000300)="2f2f66696c653002", 0xffffffffffffffff, &(0x7f0000000340)='./file1\x00') 2018/03/31 03:07:44 executing program 6: sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r0 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) r1 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) fchdir(0xffffffffffffffff) getsockopt$inet6_tcp_buf(r0, 0x6, 0xf, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_pid(r2, &(0x7f0000000100)=ANY=[], 0x1023c) fadvise64(0xffffffffffffffff, 0x0, 0x0, 0x4) ioctl$TUNGETFEATURES(0xffffffffffffffff, 0x800454cf, &(0x7f00000002c0)) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xffff) r3 = inotify_init1(0x0) open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) r4 = inotify_init1(0x80800) dup2(r3, r4) fstatfs(r3, &(0x7f0000000040)=""/62) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") ioctl$sock_SIOCGPGRP(r2, 0x8904, &(0x7f0000000280)) sendmsg$IPVS_CMD_GET_INFO(r1, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(r1, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) ioctl(r0, 0x2285, &(0x7f0000007000)='S') 2018/03/31 03:07:44 executing program 3: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ppp\x00', 0x40000, 0x0) ioctl$FIONREAD(r0, 0x541b, &(0x7f0000000440)) sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r1 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) r2 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) fchdir(0xffffffffffffffff) socket(0xf, 0x7, 0x8) getsockopt$inet6_tcp_buf(r1, 0x6, 0xf, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_pid(r3, &(0x7f0000000100)=ANY=[], 0x1023c) fadvise64(0xffffffffffffffff, 0x0, 0x0, 0x4) ioctl$TUNGETFEATURES(0xffffffffffffffff, 0x800454cf, &(0x7f00000002c0)) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xffff) r4 = inotify_init1(0x0) open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) getsockopt$inet6_buf(r3, 0x29, 0x2a, &(0x7f0000000580)=""/148, &(0x7f0000000480)=0x94) r5 = inotify_init1(0x80800) dup2(r4, r5) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1eec7e667e9c22c674d6eb942b78258369909dc", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000000280)) sendmsg$IPVS_CMD_GET_INFO(r2, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}, 0x10}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(r2, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) ioctl(r1, 0x2285, &(0x7f0000007000)='S') 2018/03/31 03:07:44 executing program 2: sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r0 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) r1 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) fchdir(0xffffffffffffffff) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) getsockopt$inet6_tcp_buf(r0, 0x6, 0xf, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_pid(r3, &(0x7f0000000100)=ANY=[], 0x1023c) fadvise64(r2, 0x0, 0x0, 0x4) ioctl$TUNGETFEATURES(r2, 0x800454cf, &(0x7f00000002c0)) fallocate(r2, 0x0, 0x0, 0x0) r4 = inotify_init1(0x0) open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) r5 = inotify_init1(0x80800) dup2(r4, r5) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1eec7e667e9c22c674d6eb942b78258369909dc", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000000280)) sendmsg$IPVS_CMD_GET_INFO(r1, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(r1, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) ioctl(r0, 0x2285, &(0x7f0000007000)='S') 2018/03/31 03:07:44 executing program 4: r0 = syz_open_dev$binder(&(0x7f00000004c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) getgroups(0x0, &(0x7f0000000040)) r1 = mmap$binder(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0xfffffffffffffda3, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="0c6300000e630c40030000000000000000000000056304400000000009631040", @ANYPTR64=&(0x7f00000006c0)=ANY=[@ANYPTR=&(0x7f0000000500)=ANY=[@ANYRES32=r0, @ANYRES64=r0, @ANYBLOB="38105501b833b5dad2b7ba0e2ea2689cf37d69fe67166f66381054e1d8efb574c55883ad9366055c2c1c00148971e47f038de72fe86664d6f295a9ec34570178b7a9e51aa06644ccfdb1df22e72d0086feed3acdd76d38cd81ed6f9c02f9ecb5a5944aa38d813d8b3948c79cd5613e4822961219d0b6a69ac9e5bad6a19434924127c6f3cd6b1ebe4c8b6d1210302aba8dc8360c86c7cde44318d5e4de87", @ANYRES32, @ANYRES32=r1, @ANYBLOB="469d37d980242bd53a1af55412a4ca084b39588d9df7b6839bd65143e0423c12570dc8e024a527168ea123a10bf2560c0077dbb6ed06dd5c253a033b36c6f1b343f3815b45ec879c90981f70fd914ceed496975f107df6845d10de262d7db0d4f72581f48411c98d069d357b5f26fa4d99bc777a96f5df81a78a69d5370d47d0faa6c86d2d6dab2a8e9ea1507daa2a16c199c2d34338943ab9ec80fa8ea348099ab340883d4117981ee889f059a472c9b0ac878a4fbab8101db96f154f9f6760c4f8e6c1d0eca07f7c1331d7330751f5e73957bf0c292ba2"], @ANYBLOB="dd58d5f88525d5fadda913c508765d", @ANYRES64=r0, @ANYRES64=r0, @ANYBLOB="e0b6f4cd7a49b30acbb6f743ccece74341a4d05b0cf6fe24ed8177959bd8cfefa1cbed3056943aae35ce0ae4104879ffe897301ac5fbce1c98b6df823b2d5fcd9b238e5a1427b9a74cbe50aba2be9b02e14bf24924f3037d57d5aba2b0065faa9d1f8b2fa13b95b951b65d323ddc3e83e2873c64c4bd1dafc39cd9e2d6631858f99251a8fadeb9fbe0f0c3513d2b58e2d772fc1a0ced258cb7c4420c0baa1270ef0b080d02709cbb2f33efd3b6737f8024dbd4304e80146b1e5ee118764b8cc47e52b5d02e3e8ba88c594c9c676696b8f12254039b226e7c660ece99d54cc79abfa11545d596de6b9a0dad2104396b487d0eaba619793ec5bf3acf78bb7fe61100143ec020434e58389ebc889e303d8165e03cf2bab5168a77038378303b88ea3d2d5a76f0569a8ca62b0cb0de6375a451e01310c668ae0b65db68d3cacb1f1a931d2971428bee9b88b6752c0ea83f70fec6dd1b224b343f6f19a294c378a37a890e5b9974fb5ccf8d301c49d9898783d6725aa524f54d39835a02978acb79353a652312b6079d60ebd5f3e6aab687bd801021f2cc9ce9ac51ecf13a2cf3195fc03397371e4724eb7d6b07368e66effef88c9ca12c726d2d071e08866b1583fd77a838e50f75ae921bf35607996acf9e8e0b595306aa9eb2a3daf30913e2fd8b9873cade6c705a7bc436097461427a3545ea2fb4e725148995b1cf46e4d77da4ddb8c798261407e20ec9d582b843bd28299932264a109cf2ca014e680f2880f73975fef662d004b5f2d8c87b5ef20c748bbda96ea7c78aa2dd9b1345089e6f9ecff36ca51fa3c18304eb013ecea77432e09c9487a5fa5d488b12a3c646a8e01f27f2945865d656fff6665c6e81abbbe41e5a6a678f731f4a5005c6b822a879284ec3a3b03a5fa483088e3e12e003ca62cd6b80e90e84243617cb582e140a8423e00e6b351a8544356aa29794f9c8f5fbaab27cbc2b21c57cc1290db73ded108d1e83bb3dddc12cbfe465514662aa996585b30dfca22d24712ef5d52d6ab1c3c930dfb35331bfa57ea2662b30346cc5d4fe948dd6cc92fd12400642141f73b36a414ef7322483e044bd848485b96358a180b2e916183b7f2641efe14bce45083b7adf6a6164d6b9284c179db6cfa5e1711a8e789919d04d6bc4c1729dc8268ccb16a0037e05863225af8bbd187f74e7edac7b9a851e5e6980bed463bcbdb4b975471e5cb4caf45395e7489b41f6832a450064e44f0d7b61ce0279de8daa0995f81179d05abe2a00c5765db6a41b974cca0862d46919e86a095f716209de001e5e7ff6ddc274fc20aced8cf767d7537b82e9be2a8e814ec5b34f0d375b0c9c427f09054bf1b788f053addd73e641c471e7007829e0332bfbaf19e6fcdc12dbdfd3cba8c6c304408e104721dc80e3f16f43d951d27ff01b6cf76a94a158244ecb860896ccac1ef17d7a7d473dd17a0f72acf6ddf023a591b0e763c50af09b3d60cf4ab897f88cc6cd9b1a97f67bb69ee39646d332700c02885c033f21b199cc3179e5e46ce50a734b11a1cd36d3e0425cd2b54655eaa3190fc7d67fd2a1effd18c4a57413c09a2641774993561c007adce20f7945a7c566e61e9635b0aa69767b63bafe5a471f123154a7cbf53d7fb67e20b6bae7782249cddd6189a3be428b351cbe7508f40dda6c6ff460af30b15232fffa147d83bdd145abbf90523e10b873a2757d178f64d74ebb19ab7bb807c78061d9746ddb65d7d341587396958fbaecc0aaa329633fd7ae043e58f9dddfdd3dac3e4b92d4482876a5dc9f50f08a68154f514487ed053450d69a02289a20194975388552f8cde46e3ea48aff7abf8b9c9130b21acde5d150944cb40c6d9a35a2e68257b53925b137fc90efc4612d79671375f9276430b1802ac32e70561d5fa1300d72bb397707868c18e4e1564793ad9d20ad78796d845dcc4c5b058b04479f98768e8b2bfb194d82672ade256108b557c279dba97d7e8f333633ec80504ae895f1339873176d7ef5161968bd640c8295c1b939edfe546e7d691ea222322978e29758fb2752775a2a43581d6de46ac8791e57c8477710672cf45ad149c23afe74065acc250ac6a65135f83826c29cc091daa9cf2b06669c499e0e17b12ddc85f5237f0d424caae00d75a062d7ddfe3bbda31c0e06d168d56331d407284305eafe0e7bd2093ccbe7a0e3d15d34376299537b84770a80be371b1c1871403e30729d0a59924df8e1816a7a49901e487a096d8f491bb97ab4c27f1e6c70a8539cbc40654879177f9da9ebbf648694a4e8e5aac6da1fda2af58203d355b55c65ba40a37a10d11d0b1d6cc092574ca1c96517e9510e8717f2c9b5671a5ea694c3459ffc2af4eae7ac05db927257e4864c81c4cd795e18a3e7637e1fc34ded4900c1df37db16a3dc060d1b45fc3bbf91204bee1e56ab19954e93efa4be99741ee7c14dd7f363ff8ead5e2efd62a4053bc03d9db87360a1ec383c1a4d1c2a36b8dd41bd764cc221f174d344fdd341cc5a3d62f9446b2b731b1db819d46e24d013290ffd36d1209fcbd8171495f4841317e0b7a85f7c250a37e08a86014b5f8964fcb7c372c7e85fdde253ff8f8eb2ae01fb2bf01d4033bdd225a6e5bfc2742670fb862748b9211e64e2f0599e1f6f5cfa1068ec0e85ed357f4bd07343eee7ffa7aeed5e1e2f19d2edbe9833268ed3d074e7024b705695deb6ef5cb2b9759ec4e7d66b4b9a410647adc82ac54557debfd30e2b5915f551591b992d309ec1e3ae02e5eeb1d14034988faa6def9703a4a335dcad5effe55390106164da68a001c7c3d9bfe365ace1d715af9b1556cf9dbfd6279d180f50ce0d7c0d3d9164314f245586a8d28fec0bd4b859b631316685e89bc45fd67f2f85af2045e251ad1c7564ff83b544909d6652c69277e35c2c8c91b57ef1891c8e9a6816db3f4408f0c6cdd551de2baeb9494b15fd86dbbcf983854c01bd499e1c971466437e9d9e9da664dbdd8121139c4e76097c05b45a5f244b036f3744ca64c728f0ccb8548b722697a000fb67fa8a58f6714a327057144c1c36094740daa2a62453abf5b4503f00140ea55a9f55c9e9e3d69870c62d0206bd0d61dfd9dbe35dbfc2618aa9e3b2c787136fca6cbe5d6f69d8b84219ef03487752eaca9878ac5f0ec3852d71c3edb90109ef1d51d910b6719b2ecd246cbfeca39029f1a8357334f9c9df640330b57532821bc69943043bb6b982e8cf04bc15d571d74a764bee04aebb1cd8d5f47e54cee85ca397b196d362b62d61284de8db07844a72d39b3cb7fba159811ca2f6a1ab7976cbc97d7f8d2816740a3da6adf5018d12ee979e0f5a35835118d4f8e6303b628dbf3496613e888839877c70e06a00a13dd6c58c3f106993c295da237f303875136d6d15eb03930007e14d490f853d7858a85ae320958fd7fcd034bbb79eb119edcdb908c3018406a6ab844203ed0210399677e08986bb087d7d3089a12977b994892893fc02c1a2b2bb29c8520fc2987b5bd9f1ab92eeb4a82c8607d702ef254049e8c7927f4ccc5cb8540096bd2ee80b3b8da86eef6c60f8e0869a0b83d479fc758bea3bbbe1c2f4a4aa5a0f744940ad74db8f955d574fe7b38791e76a17bb5f881cb680869459290c6fd9992189ab96baa37c0526e3c31a07c9c84faf9fe1442ed7807c13ccab3c6fd8eb3fb577d2168fdb1a4c8c0a3653056f6ef6d24b8836e57e83aae3138f3983493a7ececb00c2633f641b105ece6b8a3499e6446a8457826763f292d6fb0ba5f107b011e5b6679d89fcb053196f404cea3e0fdd5b8e568457142d6baa8c5dd78d2e3f3ceab2d7376bd59fd768c785434a22e868c8df915ba9142eff90370d32d890aeec2de6f0d8548c5b24f28e5a07469befeab0c293e3566349a20438e719839b53f438f86c81238b6eb6d2f8c110099300abcbd342ab91579151c505d1be0e89a0c8913559d5506f47fb7d434d9d885c219688b80b193338fefe36109200a38ad95ebd0286f701c8168e4919869bcf5c939a2a79c8e893b43277c212913f7488b5f23fc8d2ec634ab476dcab0f3f9f8d6171379398afd2df5502468c1e230a2b84cc4422d2ac316c88599f30670e78c78f4cb728a45915d5377ec78b2f93d81c74edc9b4f62a1da41aee33307d2747e7a85b8a5c82301a0989d8698e7a7ef39833116b6e7dee23666f62eefca532d0735e7b9f77720bcdcc13285fa24e02b42a8de90a05b657e7e924979352cce85657c0e66140545eee3f90ee25fa6fa75156212c62086beec676f8d97900091bd53a3a040e26c5268ae68df2bd78a346530d8002bb0569ba8b1bde4c5943820148afb3188125bf82684c71089d30fe7666db6be32f0314e50bdfcbedb2de3c19087a8dc884fe4b6fbf9347635aa5d2da9b661ac18336b4569002a39fd7baf318d97f0c896c3b3d5dd79e069638d150b99aae02aab2e507733e673dad522e3fa6b4f1969b87a3abef63b1f31db3c93cd7e812e918f84de248d51afb1b42e193f95c28cb13ce0de2cdaa9ab7e799709f5613879c202da1eb5d4a6796930fbd94e9ece96a7f99a153fb72cd4a83f1277fee6d4e422a7c62dbb16fe9dd71f7cb2c829b9a6ff76d61881ebbd97bfa939ef8beef0669a59cc9dede5a9e93aa5d66475ae560337dbbb98cc303f4e2a366d6d89649147724b7e55d31fc2abef5b942bcee693c7548e24c6013ceba1a6e8467755a91f69ce0fe72fe130ec4716497f838451255c51ca6c2e66a485481cf2699f8c0b45b6fc6c1f17f6ffa2e4a1a5b1cb6dc6e9c11e595c6e146ad215469a4a87901a279489ebfc6118ecd1e9a83d9856fd916bb458a62bdff3bac3d6673bde42ee2318d50539e0d9bacb8793f3d363a640b347bad1392c13576fc0791be2dd3200782111b0bdca1fa46185f109493a8af3fe374f8d4b3c651be3d9f69dc202ee09e1570b5afa16c4d8568fb27eab35936f7b6fc9bf95220bbf086a667a4fd275e059e0f8839ac648ba5c2d5c8ae2a11c63fa59861f4021ef9f9e7e477fd38d8e43af219729eeb38a8af2a7256d09f0b09a90aa790179c2af02bfd10531d9708457018f7257f4e99a447fdf251aec0514fcbb251dcfe2153d1ec539fb2965f07a0899b3382282412b1ade1412efad02fb5cdfbee607eec87170a5687200792ff6309e9ee9fcdebff806d618b6eaeac26a9c1b05592cac47f487ada3f2738b3d8fbd5b5819f748e77a20a1a772a1852f9fd365dbe55d551ea7c5b4000dd9ae2091400724e3d304a4717c679a0a6697820ebf9878e9b874619ffd1e41ef54965e4624aeee61eabbabb3a8f267a4dbc0a60d49490ac0c3d524d5cb1365c18dab4ef311e0a9f1594473569900a82c2a9859120ba2d6a2356468f31364079bc611eca67d9c742b88f95ee7c43607d7886baccc1d0235d990b403f341a7d75f548f71ffa76f74cd20c7977db6014db824ae8c48ae00b87ef92e1d6b85f2178ece54db90f3fd21bf779c700312b8ae74910fca66185eacfb13de1b1d5b4a1c3e494d1a8c6fee2731318634ab81434147cda4a4fedcd455f36821a4b134e287cf9f21522813ab74c36903cc292573e4ca3be30eb1d0d2b7b9d453775e2eb5f9b4750b24abab292cd8417c6d15977898a1a38b798e5829c8434d2f62c8dc4e7cd0a4a11f1228e73cf2d5b4d57a8ccf07fa1cfced4bd780534718169b9f6e6cd8cee0aa039430521e000ab4beef9142a76994f1419fb659ab7b3a7557dac66989c40ef7ca698a2cc4875fff841d54a9651", @ANYPTR64=&(0x7f0000000000)=ANY=[@ANYPTR64], @ANYPTR=&(0x7f00000003c0)=ANY=[@ANYRES32, @ANYPTR, @ANYRES32=r0, @ANYBLOB="9a6bd741d90c3b788dc49d15a45fa9a22e17b0729346252d356862077b7f7f7147c929f093c09cf66c7c7a35e92717f613f9b5d73410f997c0f9181002e481e8e1e1549f5c6d9c758a610027f894849fda51d1a6728aaf425476b624873213e38fbf06c56adf851bbe931040792aba4365ee348c944a58e40eafe6f6f1e203c5d075b941aea3c257e923c42d8d9617806818b5a0f24b719ededbaffeaa92ad381ba2cf713b521fd27799ee50567bb671bbb3d2e3"], @ANYRES64=r0], @ANYBLOB="000000000000000000634040000000000000000002000000000000000000000001000000000000000000000018000000000000001000000000000000", @ANYPTR=&(0x7f0000000080)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00H\x00\x00\x00\x00\x00\x00\x00'], @ANYRES64, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0xfffffffffffffd67, 0x0, &(0x7f00000002c0)="e718c6edde7a3b7c6af63e413cd5ffd2355006b90295e59b944ae30b53c5e0fb06504316e64898a349e3220fa658c2092306f433254289bcf5cf48a952c6e7eb4c54969299c6123213c5518ec0276eec669de3b62c531bcf2ba950c84bb12b57275938926ff74b0a8fe76d6e8de191b41f549e02c8262b5bf0d716c5f23d4dae1e2d8aac7c0b2386ed16e3b0c7fb6e60c5bbd3d1efb87f99573a5ced5b7f13f75995a776f3c7e6ed23b5056ebec90c762d6ebdd8a7de0f61884f12294d1a1a3696ca768758bc197a050a453209d4fe9930a7053742a70a6fe08461645091bc00c6f25addfbc55c3d37fe35"}) 2018/03/31 03:07:44 executing program 7: sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r0 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) r1 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) fchdir(0xffffffffffffffff) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) read(r2, &(0x7f0000000440)=""/113, 0x71) getsockopt$inet6_tcp_buf(r0, 0x6, 0xf, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_pid(r3, &(0x7f0000000100)=ANY=[], 0x1023c) fadvise64(r2, 0x0, 0x0, 0x4) ioctl$TUNGETFEATURES(r2, 0x800454cf, &(0x7f00000002c0)) fallocate(r2, 0x0, 0x0, 0xffff) r4 = inotify_init1(0x0) open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) r5 = inotify_init1(0x80800) dup2(r4, r5) fstatfs(r4, &(0x7f0000000040)=""/62) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1eec7e667e9c22c674d6eb942b78258369909dc", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000000280)) sendmsg$IPVS_CMD_GET_INFO(r1, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(r2, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(r1, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) ioctl(r0, 0x2285, &(0x7f0000007000)='S') 2018/03/31 03:07:44 executing program 5: sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r0 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) r1 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) fchdir(0xffffffffffffffff) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) getsockopt$inet6_tcp_buf(r0, 0x6, 0xf, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_pid(r3, &(0x7f0000000100)=ANY=[], 0x1023c) fadvise64(r2, 0x0, 0x0, 0x4) ioctl$TUNGETFEATURES(r2, 0x800454cf, &(0x7f00000002c0)) fallocate(r2, 0x0, 0x0, 0xffff) r4 = inotify_init1(0x0) open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) r5 = inotify_init1(0x80800) setsockopt$inet6_opts(r3, 0x29, 0x3f, &(0x7f0000000440)=@srh={0xbb, 0xc, 0x4, 0x6, 0x8, 0x74, 0x5, [@mcast2={0xff, 0x2, [], 0x1}, @local={0xfe, 0x80, [], 0xaa}, @dev={0xfe, 0x80, [], 0xb}, @mcast1={0xff, 0x1, [], 0x1}, @mcast1={0xff, 0x1, [], 0x1}, @dev={0xfe, 0x80, [], 0x18}]}, 0x68) dup2(r4, r5) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1eec7e667e9c22c674d6eb942b78258369909dc", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000000280)) sendmsg$IPVS_CMD_GET_INFO(r1, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(r2, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(r1, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) ioctl(r0, 0x2285, &(0x7f0000007000)='S') [ 407.745195] FAULT_INJECTION: forcing a failure. [ 407.745195] name failslab, interval 1, probability 0, space 0, times 0 [ 407.756647] CPU: 0 PID: 26510 Comm: syz-executor1 Not tainted 4.16.0-rc7+ #7 [ 407.763830] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 407.773170] Call Trace: [ 407.775759] dump_stack+0x194/0x24d [ 407.779388] ? arch_local_irq_restore+0x53/0x53 [ 407.784052] ? trace_hardirqs_off+0x10/0x10 [ 407.788366] ? register_shrinker+0x10e/0x2d0 [ 407.792767] ? sget_userns+0xbbf/0xe40 [ 407.796644] ? mount_ns+0x6d/0x190 [ 407.800168] should_fail+0x8c0/0xa40 [ 407.803858] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 407.809028] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 407.814105] ? find_held_lock+0x35/0x1d0 [ 407.818150] ? register_shrinker+0x230/0x2d0 [ 407.822540] ? find_held_lock+0x35/0x1d0 [ 407.826579] ? __lock_is_held+0xb6/0x140 [ 407.830620] ? check_same_owner+0x320/0x320 [ 407.834914] ? trace_hardirqs_off+0x10/0x10 [ 407.839212] ? rcu_note_context_switch+0x710/0x710 [ 407.844116] ? register_shrinker+0x10e/0x2d0 [ 407.848502] should_failslab+0xec/0x120 [ 407.852457] kmem_cache_alloc+0x47/0x760 [ 407.856495] ? find_held_lock+0x35/0x1d0 [ 407.860538] ? rpc_i_callback+0x30/0x30 [ 407.864487] rpc_alloc_inode+0x1a/0x20 [ 407.868350] alloc_inode+0x65/0x180 [ 407.871955] new_inode_pseudo+0x69/0x190 [ 407.875994] ? prune_icache_sb+0x1a0/0x1a0 [ 407.880211] ? __lock_is_held+0xb6/0x140 [ 407.884252] new_inode+0x1c/0x40 [ 407.887596] rpc_get_inode+0x20/0x1e0 [ 407.891375] rpc_fill_super+0x327/0xae0 [ 407.895327] ? cap_capable+0x1b5/0x230 [ 407.899190] ? rpc_remove_pipe_dir_object+0x6d0/0x6d0 [ 407.904357] ? security_capable+0x8e/0xc0 [ 407.908481] ? rpc_remove_pipe_dir_object+0x6d0/0x6d0 [ 407.913646] ? ns_capable_common+0xcf/0x160 [ 407.917945] ? rpc_remove_pipe_dir_object+0x6d0/0x6d0 [ 407.923107] mount_ns+0xc4/0x190 [ 407.926448] rpc_mount+0x9e/0xd0 [ 407.929791] mount_fs+0x66/0x2d0 [ 407.933136] vfs_kern_mount.part.26+0xc6/0x4a0 [ 407.937696] ? may_umount+0xa0/0xa0 [ 407.941300] ? _raw_read_unlock+0x22/0x30 [ 407.945422] ? __get_fs_type+0x8a/0xc0 [ 407.949287] do_mount+0xea4/0x2bb0 [ 407.952805] ? copy_mount_string+0x40/0x40 [ 407.957020] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 407.962018] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 407.966752] ? retint_kernel+0x10/0x10 [ 407.970615] ? copy_mount_options+0x18b/0x2e0 [ 407.975087] ? copy_mount_options+0x193/0x2e0 [ 407.979559] ? copy_mount_options+0x1f7/0x2e0 [ 407.984033] SyS_mount+0xab/0x120 [ 407.987460] ? copy_mnt_ns+0xb30/0xb30 [ 407.991322] do_syscall_64+0x281/0x940 [ 407.995186] ? vmalloc_sync_all+0x30/0x30 [ 407.999310] ? _raw_spin_unlock_irq+0x27/0x70 [ 408.003779] ? finish_task_switch+0x1c1/0x7e0 [ 408.008249] ? syscall_return_slowpath+0x550/0x550 [ 408.013154] ? syscall_return_slowpath+0x2ac/0x550 [ 408.018057] ? prepare_exit_to_usermode+0x350/0x350 [ 408.023047] ? entry_SYSCALL_64_after_hwframe+0x52/0xb7 [ 408.028384] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 408.033204] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 408.038366] RIP: 0033:0x454e79 [ 408.041530] RSP: 002b:00007fb29f67ac68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 408.049213] RAX: ffffffffffffffda RBX: 00007fb29f67b6d4 RCX: 0000000000454e79 [ 408.056458] RDX: 0000000020000240 RSI: 0000000020026ff8 RDI: 0000000020000280 [ 408.063702] RBP: 000000000072bea0 R08: 0000000020ae2fff R09: 0000000000000000 [ 408.070944] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000014 [ 408.078187] R13: 00000000000003fa R14: 00000000006f8010 R15: 0000000000000022 2018/03/31 03:07:44 executing program 4: r0 = syz_open_dev$binder(&(0x7f00000004c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) getgroups(0x0, &(0x7f0000000500)) mmap$binder(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x74, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0c6300000e630c40030000000000000000000000056304400000000009631040", @ANYBLOB, @ANYBLOB="000000000000000000634040000000180000000002000000000000000000000001000000000000000000000018000000000000001000000000000000", @ANYPTR=&(0x7f0000000080)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00H\x00\x00\x00\x00\x00\x00\x00'], @ANYRES64, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0xeb, 0x0, &(0x7f00000002c0)="e718c6edde7a3b7c6af63e413cd5ffd2355006b90295e59b944ae30b53c5e0fb06504316e64898a349e3220fa658c2092306f433254289bcf5cf48a952c6e7eb4c54969299c6123213c5518ec0276eec669de3b62c531bcf2ba950c84bb12b57275938926ff74b0a8fe76d6e8de191b41f549e02c8262b5bf0d716c5f23d4dae1e2d8aac7c0b2386ed16e3b0c7fb6e60c5bbd3d1efb87f99573a5ced5b7f13f75995a776f3c7e6ed23b5056ebec90c762d6ebdd8a7de0f61884f12294d1a1a3696ca768758bc197a050a453209d4fe9930a7053742a70a6fe08461645091bc00c6f25addfbc55c3d37fe35"}) 2018/03/31 03:07:44 executing program 6: sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r0 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) r1 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) fchdir(0xffffffffffffffff) getsockopt$inet6_tcp_buf(r0, 0x6, 0xf, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_pid(r2, &(0x7f0000000100)=ANY=[], 0x1023c) fadvise64(0xffffffffffffffff, 0x0, 0x0, 0x4) ioctl$TUNGETFEATURES(0xffffffffffffffff, 0x800454cf, &(0x7f00000002c0)) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xffff) r3 = inotify_init1(0x0) open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) r4 = inotify_init1(0x80800) dup2(r3, r4) fstatfs(r3, &(0x7f0000000040)=""/62) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") ioctl$sock_SIOCGPGRP(r2, 0x8904, &(0x7f0000000280)) sendmsg$IPVS_CMD_GET_INFO(r1, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(r1, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) ioctl(r0, 0x2285, &(0x7f0000007000)='S') 2018/03/31 03:07:44 executing program 1 (fault-call:10 fault-nth:35): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x2800000, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="8da4363a00000000000000000000000000000000000000000000000000000000ecf6f2a3299748aeb81e1b00920efd9a000001000000000001000000000000005f42485266535f4d050000000000000000104000000000000000020000000000000000000000000000000000000000000000800200000000007000000000000006000000000000000100000000000000001000000010000000100000001000006100000004000000000000000000000000000000000000000000000045010000000000000000000000010000000000000000008002000000000000800000000000001000000010000000100000000000000000000000000000000000000000000000000000000000000000c08de47c70514c95b95e109e96a0b90decf6f2a3299748aeb81e1b00920efd9a00", 0x12c, 0x10000}], 0x0, &(0x7f0000014300)) mkdir(&(0x7f0000000040)='./file0\x00', 0x1c1) syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000180)="2f2f66696c653002", 0x80, 0x1, &(0x7f0000000900)=[{&(0x7f0000000400)="726b0bf4cf9ea0007fa7cf2e5c463c327b275b956e7a407a7776f3f680f45f33407d01287d4ef58cd8d319309c29643917d4bc86f568f8852b2e6c7cee837e0715e7aa7f82e970e6d76f2290b63efeed63f0785b36f4e95bdf2f07271dbd7d278d79d59de5", 0x65, 0x4}], 0x240000, &(0x7f0000000a00)={'nouuid,'}) r0 = open(&(0x7f00000002c0)='./file0\x00', 0x0, 0x0) symlinkat(&(0x7f0000000240)='./file0/file0/file0\x00', r0, &(0x7f0000000140)='./file0\x00') ioctl$UFFDIO_UNREGISTER(r0, 0x8010aa01, &(0x7f00000003c0)={&(0x7f0000ffc000/0x1000)=nil, 0x1000}) syz_open_pts(r0, 0x646041) unlinkat(r0, &(0x7f0000000080)='./file0/file0/file0\x00', 0x0) renameat(r0, &(0x7f0000000040)="2f2f66696c653002", 0xffffffffffffffff, &(0x7f0000000100)='./file1\x00') mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f0000000280)='./file0/file0\x00', &(0x7f0000026ff8)='./file0\x00', &(0x7f0000000240)='rpc_pipefs\x00', 0x0, &(0x7f0000ae2fff)) umount2(&(0x7f0000000000)='./file0\x00', 0x0) fcntl$notify(r0, 0x402, 0x1b) symlinkat(&(0x7f0000000800)='./file0\x00', 0xffffffffffffffff, &(0x7f0000000780)='./file0/file0\x00') mkdir(&(0x7f0000000380)='./file0\x00', 0x2) renameat(r0, &(0x7f0000000300)="2f2f66696c653002", 0xffffffffffffffff, &(0x7f0000000340)='./file1\x00') 2018/03/31 03:07:44 executing program 2: sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r0 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) r1 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) fchdir(0xffffffffffffffff) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) getsockopt$inet6_tcp_buf(r0, 0x6, 0xf, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_pid(r3, &(0x7f0000000100)=ANY=[], 0x1023c) fadvise64(r2, 0x0, 0x0, 0x4) ioctl$TUNGETFEATURES(r2, 0x800454cf, &(0x7f00000002c0)) fallocate(r2, 0x0, 0x0, 0x0) r4 = inotify_init1(0x0) open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) r5 = inotify_init1(0x80800) dup2(r4, r5) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1eec7e667e9c22c674d6eb942b78258369909dc", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000000280)) sendmsg$IPVS_CMD_GET_INFO(r1, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(r1, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) ioctl(r0, 0x2285, &(0x7f0000007000)='S') 2018/03/31 03:07:44 executing program 3: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ppp\x00', 0x40000, 0x0) ioctl$FIONREAD(r0, 0x541b, &(0x7f0000000440)) sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r1 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) r2 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) fchdir(0xffffffffffffffff) socket(0xf, 0x7, 0x8) getsockopt$inet6_tcp_buf(r1, 0x6, 0xf, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_pid(r3, &(0x7f0000000100)=ANY=[], 0x1023c) fadvise64(0xffffffffffffffff, 0x0, 0x0, 0x4) ioctl$TUNGETFEATURES(0xffffffffffffffff, 0x800454cf, &(0x7f00000002c0)) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xffff) r4 = inotify_init1(0x0) open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) getsockopt$inet6_buf(r3, 0x29, 0x2a, &(0x7f0000000580)=""/148, &(0x7f0000000480)=0x94) r5 = inotify_init1(0x80800) dup2(r4, r5) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1eec7e667e9c22c674d6eb942b78258369909dc", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000000280)) sendmsg$IPVS_CMD_GET_INFO(r2, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}, 0x10}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(r2, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) ioctl(r1, 0x2285, &(0x7f0000007000)='S') 2018/03/31 03:07:44 executing program 5: sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r0 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) r1 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) fchdir(0xffffffffffffffff) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) getsockopt$inet6_tcp_buf(r0, 0x6, 0xf, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_pid(r3, &(0x7f0000000100)=ANY=[], 0x1023c) fadvise64(r2, 0x0, 0x0, 0x4) ioctl$TUNGETFEATURES(r2, 0x800454cf, &(0x7f00000002c0)) fallocate(r2, 0x0, 0x0, 0xffff) r4 = inotify_init1(0x0) open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) r5 = inotify_init1(0x80800) dup2(r4, r5) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1eec7e667e9c22c674d6eb942b78258369909dc", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") r6 = open(&(0x7f0000000000)='./file0\x00', 0x3fd, 0x0) write(r6, &(0x7f0000000640)='s', 0x1) r7 = open$dir(&(0x7f0000000500)='./file0\x00', 0x2, 0x0) lseek(r7, 0x1000000, 0x0) write(r7, &(0x7f0000000180)="d8", 0x1) fsync(r7) ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000000280)) sendmsg$IPVS_CMD_GET_INFO(r1, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(r2, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(r1, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) ioctl(r0, 0x2285, &(0x7f0000007000)='S') 2018/03/31 03:07:44 executing program 6: sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r0 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) r1 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) fchdir(0xffffffffffffffff) getsockopt$inet6_tcp_buf(r0, 0x6, 0xf, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_pid(r2, &(0x7f0000000100)=ANY=[], 0x1023c) fadvise64(0xffffffffffffffff, 0x0, 0x0, 0x4) ioctl$TUNGETFEATURES(0xffffffffffffffff, 0x800454cf, &(0x7f00000002c0)) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xffff) r3 = inotify_init1(0x0) open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) r4 = inotify_init1(0x80800) dup2(r3, r4) fstatfs(r3, &(0x7f0000000040)=""/62) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") ioctl$sock_SIOCGPGRP(r2, 0x8904, &(0x7f0000000280)) sendmsg$IPVS_CMD_GET_INFO(r1, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(r1, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) ioctl(r0, 0x2285, &(0x7f0000007000)='S') [ 408.195345] binder: 26525:26530 BC_REQUEST_DEATH_NOTIFICATION invalid ref 3 [ 408.225345] binder: 26525:26530 Acquire 1 refcount change on invalid ref 0 ret -22 [ 408.233155] binder: 26525:26530 BC_ACQUIRE_DONE u0000000000000000 no match [ 408.240197] binder: 26525:26530 unknown command 0 2018/03/31 03:07:44 executing program 7: sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r0 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) r1 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) fchdir(0xffffffffffffffff) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) getsockopt$inet6_tcp_buf(r0, 0x6, 0xf, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_pid(r3, &(0x7f0000000100)=ANY=[], 0x1023c) fadvise64(r2, 0x0, 0x0, 0x4) ioctl$TUNGETFEATURES(r2, 0x800454cf, &(0x7f00000002c0)) fallocate(r2, 0x0, 0x0, 0xffff) r4 = inotify_init1(0x0) r5 = inotify_init1(0x80800) dup2(r4, r5) fstatfs(r4, &(0x7f0000000040)=""/62) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1eec7e667e9c22c674d6eb942b78258369909dc", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000000280)) sendmsg$IPVS_CMD_GET_INFO(r1, &(0x7f0000000440)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1, 0x0, 0x0, 0x4}, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(r2, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(r1, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) ioctl(r0, 0x2285, &(0x7f0000007000)='S') [ 408.277122] binder: 26525:26530 ioctl c0306201 200001c0 returned -22 [ 408.393524] FAULT_INJECTION: forcing a failure. [ 408.393524] name failslab, interval 1, probability 0, space 0, times 0 [ 408.405686] CPU: 0 PID: 26549 Comm: syz-executor1 Not tainted 4.16.0-rc7+ #7 [ 408.412877] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 408.422234] Call Trace: [ 408.424832] dump_stack+0x194/0x24d [ 408.428460] ? arch_local_irq_restore+0x53/0x53 [ 408.433141] should_fail+0x8c0/0xa40 [ 408.436840] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 408.441922] ? __raw_spin_lock_init+0x1c/0x100 [ 408.446500] ? find_held_lock+0x35/0x1d0 [ 408.450548] ? __lock_is_held+0xb6/0x140 [ 408.454617] ? check_same_owner+0x320/0x320 [ 408.458917] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 408.463912] ? rcu_note_context_switch+0x710/0x710 [ 408.468825] should_failslab+0xec/0x120 [ 408.472786] kmem_cache_alloc+0x47/0x760 [ 408.476827] ? current_time+0x18/0xc0 [ 408.480603] ? lock_downgrade+0x980/0x980 [ 408.484739] __d_alloc+0xc1/0xbd0 [ 408.488182] ? lock_release+0xa40/0xa40 [ 408.492139] ? shrink_dcache_for_umount+0x290/0x290 [ 408.497137] ? mark_held_locks+0xaf/0x100 [ 408.501266] ? current_kernel_time64+0x122/0x2f0 [ 408.506014] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 408.511026] ? trace_hardirqs_on+0xd/0x10 [ 408.515160] ? current_kernel_time64+0x1d4/0x2f0 [ 408.519891] ? ktime_get_raw+0x380/0x380 [ 408.523930] ? evict_inodes+0x580/0x580 [ 408.527886] ? timespec_trunc+0x79/0xe0 [ 408.531836] ? inc_nlink+0x45/0x140 [ 408.535436] d_make_root+0x3f/0x80 [ 408.538951] rpc_fill_super+0x32f/0xae0 [ 408.542902] ? cap_capable+0x1b5/0x230 [ 408.546772] ? rpc_remove_pipe_dir_object+0x6d0/0x6d0 [ 408.551947] ? security_capable+0x8e/0xc0 [ 408.556069] ? rpc_remove_pipe_dir_object+0x6d0/0x6d0 [ 408.561233] ? ns_capable_common+0xcf/0x160 [ 408.565531] ? rpc_remove_pipe_dir_object+0x6d0/0x6d0 [ 408.570696] mount_ns+0xc4/0x190 [ 408.574052] rpc_mount+0x9e/0xd0 [ 408.577394] mount_fs+0x66/0x2d0 [ 408.580738] vfs_kern_mount.part.26+0xc6/0x4a0 [ 408.585298] ? may_umount+0xa0/0xa0 [ 408.588907] ? _raw_read_unlock+0x22/0x30 [ 408.593036] ? __get_fs_type+0x8a/0xc0 [ 408.596905] do_mount+0xea4/0x2bb0 [ 408.600421] ? copy_mount_string+0x40/0x40 [ 408.604638] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 408.609636] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 408.614377] ? retint_kernel+0x10/0x10 [ 408.618250] ? copy_mount_options+0x18b/0x2e0 [ 408.622720] ? copy_mount_options+0x193/0x2e0 [ 408.627200] ? copy_mount_options+0x1f7/0x2e0 [ 408.631672] SyS_mount+0xab/0x120 [ 408.635099] ? copy_mnt_ns+0xb30/0xb30 [ 408.638962] do_syscall_64+0x281/0x940 [ 408.642832] ? trace_event_raw_event_sys_exit+0x260/0x260 [ 408.648348] ? syscall_return_slowpath+0x550/0x550 [ 408.653250] ? syscall_return_slowpath+0x2ac/0x550 [ 408.658153] ? entry_SYSCALL_64_after_hwframe+0x52/0xb7 [ 408.663512] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 408.668333] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 408.673503] RIP: 0033:0x454e79 [ 408.676665] RSP: 002b:00007fb29f67ac68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 408.684346] RAX: ffffffffffffffda RBX: 00007fb29f67b6d4 RCX: 0000000000454e79 [ 408.691597] RDX: 0000000020000240 RSI: 0000000020026ff8 RDI: 0000000020000280 [ 408.698839] RBP: 000000000072bea0 R08: 0000000020ae2fff R09: 0000000000000000 [ 408.706080] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000014 [ 408.713325] R13: 00000000000003fa R14: 00000000006f8010 R15: 0000000000000023 2018/03/31 03:07:45 executing program 3: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ppp\x00', 0x40000, 0x0) ioctl$FIONREAD(r0, 0x541b, &(0x7f0000000440)) sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r1 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) r2 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) socket(0xf, 0x7, 0x8) getsockopt$inet6_tcp_buf(r1, 0x6, 0xf, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) r4 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_pid(r4, &(0x7f0000000100)=ANY=[], 0x1023c) fadvise64(r3, 0x0, 0x0, 0x4) ioctl$TUNGETFEATURES(r3, 0x800454cf, &(0x7f00000002c0)) fallocate(r3, 0x0, 0x0, 0xffff) r5 = inotify_init1(0x0) open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) getsockopt$inet6_buf(r4, 0x29, 0x2a, &(0x7f0000000580)=""/148, &(0x7f0000000480)=0x94) r6 = inotify_init1(0x80800) dup2(r5, r6) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1eec7e667e9c22c674d6eb942b78258369909dc", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") ioctl$sock_SIOCGPGRP(r4, 0x8904, &(0x7f0000000280)) sendmsg$IPVS_CMD_GET_INFO(r2, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(r3, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}, 0x10}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(r2, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) ioctl(r1, 0x2285, &(0x7f0000007000)='S') 2018/03/31 03:07:45 executing program 7: sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r0 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) r1 = memfd_create(&(0x7f00000005c0)="6370757365745e2a656d3124242173656c66002ff711db0bd2f7f1acdda31d131f54af6dedd98522b92cde4f45aba192e2f6593ecd6a422de3e7cc5705cc04e4e48fe61d7a45784110a643bc668780438894e27c2012fa05e0e8681ae3c330963fddc51ed85db92f0a4bf74936b479d0be30651a4e858debe0bd6c1dbf56c0a6782233404015705b3c88aab4a38a20f5444db801c19ec19bbc741f418d2b1ab7bcff1ce57890e5f921f7d0fb71e52180f82b52edab35ac69e1f209400104cd9c144f458aa1b648d46c065fbbfce96477c0832547265f6e94c5c68738ee81354864ae896ed7140beefed57d13234cfefe0c3ba8dc4fe66f4c6d2d23707b62a66d337b33a52b9dab219a615ebe0e99a1b054647184fac0c5d798f7b04f49014b103e90fef57e4eaea65e8e6f9df5185ec672b6cb50072211bada33f20c95cea8ad9a84823df857b2e3c6fbda8ffeb46ae67814a75bc0443ccdabf3ca8c4eda5f3eeb0c5d050f7488baa3da531b49a7fa6707def354fadc1294d1ae644d9434d93a4d11ffe00901bf5a99a9d84429a4140dd87719205a0144743f90670445899f95be5bc94f671b0e939897007c1a3bd037e7e8a51cedc7e731fbc88e9e2cc8052642bf88fa353309d0d310256f8af45dd9cb828de59a0c80b46b6eaf9b606d005a371180e27676086bf479495697d84383e45658a9d8b2ee1c4e13e03eec87c3e439c53fa55033d203854f6e90838cb7a3", 0x0) fchdir(0xffffffffffffffff) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) getsockopt$inet6_tcp_buf(r0, 0x6, 0xf, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_pid(r3, &(0x7f0000000100)=ANY=[], 0x1023c) fadvise64(r2, 0x0, 0x0, 0x4) ioctl$TUNGETFEATURES(r2, 0x800454cf, &(0x7f00000002c0)) fallocate(r2, 0x0, 0x0, 0xffff) r4 = inotify_init1(0x0) r5 = open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) r6 = inotify_init1(0x80800) r7 = dup2(r4, r6) fstatfs(r4, &(0x7f0000000040)=""/62) ioctl$DRM_IOCTL_GEM_FLINK(r5, 0xc008640a, &(0x7f0000000100)={0x0}) ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r4, 0xc00c642d, &(0x7f0000000440)={r8, 0x0, r1}) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1eec7e667e9c22c674d6eb942b78258369909dc", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000000280)) sendmsg$IPVS_CMD_GET_INFO(r1, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(r2, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x9) getpeername$packet(r7, &(0x7f00000004c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @local}, &(0x7f0000000580)=0x14) ioctl$TUNSETIFINDEX(r1, 0x400454da, &(0x7f0000000800)=r9) ioctl$SIOCSIFMTU(r1, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) ioctl(r0, 0x2285, &(0x7f0000007000)='S') 2018/03/31 03:07:45 executing program 4: r0 = syz_open_dev$binder(&(0x7f00000004c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) getgroups(0x0, &(0x7f0000000500)) mmap$binder(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x74, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0c6300000e630c40030000000000000000000000056304400000000009631040", @ANYBLOB, @ANYBLOB="000000000000000000634040000000000000000002000000000000000018000000000000001000000000000000", @ANYPTR=&(0x7f0000000080)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00H\x00\x00\x00\x00\x00\x00\x00'], @ANYRES64, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0xeb, 0x0, &(0x7f00000002c0)="e718c6edde7a3b7c6af63e413cd5ffd2355006b90295e59b944ae30b53c5e0fb06504316e64898a349e3220fa658c2092306f433254289bcf5cf48a952c6e7eb4c54969299c6123213c5518ec0276eec669de3b62c531bcf2ba950c84bb12b57275938926ff74b0a8fe76d6e8de191b41f549e02c8262b5bf0d716c5f23d4dae1e2d8aac7c0b2386ed16e3b0c7fb6e60c5bbd3d1efb87f99573a5ced5b7f13f75995a776f3c7e6ed23b5056ebec90c762d6ebdd8a7de0f61884f12294d1a1a3696ca768758bc197a050a453209d4fe9930a7053742a70a6fe08461645091bc00c6f25addfbc55c3d37fe35"}) rename(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='./file0\x00') 2018/03/31 03:07:45 executing program 2: sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r0 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) r1 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) fchdir(0xffffffffffffffff) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) getsockopt$inet6_tcp_buf(r0, 0x6, 0xf, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_pid(r3, &(0x7f0000000100)=ANY=[], 0x1023c) fadvise64(r2, 0x0, 0x0, 0x4) ioctl$TUNGETFEATURES(r2, 0x800454cf, &(0x7f00000002c0)) fallocate(r2, 0x0, 0x0, 0x0) r4 = inotify_init1(0x0) open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) r5 = inotify_init1(0x80800) dup2(r4, r5) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1eec7e667e9c22c674d6eb942b78258369909dc", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000000280)) sendmsg$IPVS_CMD_GET_INFO(r1, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(r1, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) ioctl(r0, 0x2285, &(0x7f0000007000)='S') 2018/03/31 03:07:45 executing program 1 (fault-call:10 fault-nth:36): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x2800000, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="8da4363a00000000000000000000000000000000000000000000000000000000ecf6f2a3299748aeb81e1b00920efd9a000001000000000001000000000000005f42485266535f4d050000000000000000104000000000000000020000000000000000000000000000000000000000000000800200000000007000000000000006000000000000000100000000000000001000000010000000100000001000006100000004000000000000000000000000000000000000000000000045010000000000000000000000010000000000000000008002000000000000800000000000001000000010000000100000000000000000000000000000000000000000000000000000000000000000c08de47c70514c95b95e109e96a0b90decf6f2a3299748aeb81e1b00920efd9a00", 0x12c, 0x10000}], 0x0, &(0x7f0000014300)) mkdir(&(0x7f0000000040)='./file0\x00', 0x1c1) syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000180)="2f2f66696c653002", 0x80, 0x1, &(0x7f0000000900)=[{&(0x7f0000000400)="726b0bf4cf9ea0007fa7cf2e5c463c327b275b956e7a407a7776f3f680f45f33407d01287d4ef58cd8d319309c29643917d4bc86f568f8852b2e6c7cee837e0715e7aa7f82e970e6d76f2290b63efeed63f0785b36f4e95bdf2f07271dbd7d278d79d59de5", 0x65, 0x4}], 0x240000, &(0x7f0000000a00)={'nouuid,'}) r0 = open(&(0x7f00000002c0)='./file0\x00', 0x0, 0x0) symlinkat(&(0x7f0000000240)='./file0/file0/file0\x00', r0, &(0x7f0000000140)='./file0\x00') ioctl$UFFDIO_UNREGISTER(r0, 0x8010aa01, &(0x7f00000003c0)={&(0x7f0000ffc000/0x1000)=nil, 0x1000}) syz_open_pts(r0, 0x646041) unlinkat(r0, &(0x7f0000000080)='./file0/file0/file0\x00', 0x0) renameat(r0, &(0x7f0000000040)="2f2f66696c653002", 0xffffffffffffffff, &(0x7f0000000100)='./file1\x00') mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f0000000280)='./file0/file0\x00', &(0x7f0000026ff8)='./file0\x00', &(0x7f0000000240)='rpc_pipefs\x00', 0x0, &(0x7f0000ae2fff)) umount2(&(0x7f0000000000)='./file0\x00', 0x0) fcntl$notify(r0, 0x402, 0x1b) symlinkat(&(0x7f0000000800)='./file0\x00', 0xffffffffffffffff, &(0x7f0000000780)='./file0/file0\x00') mkdir(&(0x7f0000000380)='./file0\x00', 0x2) renameat(r0, &(0x7f0000000300)="2f2f66696c653002", 0xffffffffffffffff, &(0x7f0000000340)='./file1\x00') 2018/03/31 03:07:45 executing program 6: sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r0 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) r1 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) getsockopt$inet6_tcp_buf(r0, 0x6, 0xf, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_pid(r3, &(0x7f0000000100)=ANY=[], 0x1023c) fadvise64(r2, 0x0, 0x0, 0x4) ioctl$TUNGETFEATURES(r2, 0x800454cf, &(0x7f00000002c0)) fallocate(r2, 0x0, 0x0, 0xffff) r4 = inotify_init1(0x0) open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) r5 = inotify_init1(0x80800) dup2(r4, r5) fstatfs(r4, &(0x7f0000000040)=""/62) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000000280)) sendmsg$IPVS_CMD_GET_INFO(r1, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(r2, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(r1, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) ioctl(r0, 0x2285, &(0x7f0000007000)='S') 2018/03/31 03:07:45 executing program 5: sendmsg$unix(0xffffffffffffffff, &(0x7f00000004c0)={&(0x7f0000564000)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f0000000480)}, 0x0) r0 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) r1 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) fchdir(0xffffffffffffffff) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) getsockopt$inet6_tcp_buf(r0, 0x6, 0xf, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_pid(r2, &(0x7f00000005c0)=ANY=[], 0xfffffff4) fadvise64(r2, 0x0, 0x0, 0x4) ioctl$TUNGETFEATURES(r2, 0x800454cf, &(0x7f00000002c0)) fallocate(r0, 0x1, 0x2, 0xfffc) getsockopt$inet_sctp6_SCTP_RECVRCVINFO(r3, 0x84, 0x20, &(0x7f0000000040), &(0x7f0000000440)=0x4) r4 = inotify_init1(0x0) fcntl$dupfd(r1, 0x406, r1) open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) r5 = inotify_init1(0x800) dup2(r4, r5) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1eec7e667e9c22c674d6eb942b78258369909dc", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000000280)) sendmsg$IPVS_CMD_GET_INFO(r1, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(r2, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(r1, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) syz_open_dev$mice(&(0x7f0000000480)='/dev/input/mice\x00', 0x0, 0x40000) ioctl(r0, 0x2285, &(0x7f0000007000)='S') 2018/03/31 03:07:45 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x20000, 0x0) r1 = syz_open_dev$sndtimer(&(0x7f00000000c0)='/dev/snd/timer\x00', 0x0, 0x0) read(r1, &(0x7f0000ec6000)=""/50, 0x32) r2 = socket$bt_cmtp(0x1f, 0x3, 0x5) ioctl$sock_bt_cmtp_CMTPGETCONNINFO(r2, 0x800443d3, &(0x7f0000000080)={{0x6, 0x6, 0xffffffffffffff0b, 0xb73, 0x3ff, 0xfff}, 0xf32, 0x80000001, 0x7}) r3 = syz_open_dev$amidi(&(0x7f00000001c0)='/dev/amidi#\x00', 0x0, 0x0) readahead(r0, 0xf50f, 0x2) accept4$vsock_stream(r3, &(0x7f0000000340)={0x28, 0x0, 0xffffffff, @my=0x0}, 0x10, 0x80000) ioctl$SNDRV_TIMER_IOCTL_SELECT(r1, 0x40345410, &(0x7f0000000400)={{0x80100000001}}) ioctl$SNDRV_TIMER_IOCTL_PARAMS(r1, 0x40505412, &(0x7f000001cfb0)={0x0, 0x0, 0x0, 0x0, 0xf}) read(r1, &(0x7f00000004c0)=""/228, 0xfffffffffffffdc4) r4 = openat$cuse(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/cuse\x00', 0x400000, 0x0) getsockopt$netrom_NETROM_T1(r4, 0x103, 0x1, &(0x7f0000000600), &(0x7f0000000640)=0x4) ioctl$SNDRV_TIMER_IOCTL_START(r1, 0x54a0) socket$nl_xfrm(0x10, 0x3, 0x6) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000680)='/dev/vga_arbiter\x00', 0x8000, 0x0) ioctl$KVM_SET_NR_MMU_PAGES(r4, 0xae44, 0x40) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f0000000480)) r5 = dup2(0xffffffffffffffff, r0) bind$bt_l2cap(r5, &(0x7f0000000040)={0x1f, 0x5b91, {0xd, 0x0, 0x0, 0x8006, 0x5, 0x6}, 0x0, 0x5}, 0xe) preadv(r5, &(0x7f00000007c0)=[{&(0x7f0000000140)=""/100, 0x64}, {&(0x7f0000000240)=""/66, 0x42}, {&(0x7f00000002c0)=""/115, 0x73}, {&(0x7f0000000380)=""/71, 0x47}], 0x4, 0x16) [ 408.855576] FAULT_INJECTION: forcing a failure. [ 408.855576] name failslab, interval 1, probability 0, space 0, times 0 [ 408.863870] binder: 26566:26578 BC_REQUEST_DEATH_NOTIFICATION invalid ref 3 [ 408.867262] CPU: 1 PID: 26569 Comm: syz-executor1 Not tainted 4.16.0-rc7+ #7 [ 408.881512] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 408.886798] binder: 26566:26578 Acquire 1 refcount change on invalid ref 0 ret -22 [ 408.890847] Call Trace: [ 408.890865] dump_stack+0x194/0x24d [ 408.890880] ? arch_local_irq_restore+0x53/0x53 [ 408.890899] should_fail+0x8c0/0xa40 [ 408.890909] ? unwind_dump+0x4d0/0x4d0 [ 408.890919] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 408.890932] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 408.898641] binder: 26566:26578 BC_ACQUIRE_DONE u0000000000000000 no match [ 408.901189] ? __lock_acquire+0x664/0x3e00 [ 408.901202] ? find_held_lock+0x35/0x1d0 [ 408.904815] binder: 26566:26578 unknown command 0 [ 408.909447] ? __lock_is_held+0xb6/0x140 [ 408.909465] ? check_same_owner+0x320/0x320 [ 408.927128] binder: 26566:26578 ioctl c0306201 200001c0 returned -22 [ 408.927258] ? __d_lookup+0x4f4/0x830 [ 408.927271] ? rcu_note_context_switch+0x710/0x710 [ 408.948795] binder: 26566:26578 BC_REQUEST_DEATH_NOTIFICATION invalid ref 3 [ 408.951387] should_failslab+0xec/0x120 [ 408.951398] kmem_cache_alloc+0x47/0x760 [ 408.951414] __d_alloc+0xc1/0xbd0 [ 408.951425] ? shrink_dcache_for_umount+0x290/0x290 [ 408.951436] ? d_alloc_parallel+0x1b40/0x1b40 [ 408.951448] ? lock_release+0xa40/0xa40 [ 408.951462] ? mark_held_locks+0xaf/0x100 [ 409.006896] ? d_lookup+0x133/0x2e0 [ 409.010504] ? d_lookup+0x1d5/0x2e0 [ 409.014117] d_alloc+0x8e/0x340 [ 409.017370] ? __d_alloc+0xbd0/0xbd0 [ 409.021060] ? full_name_hash+0x9b/0xe0 [ 409.025022] __rpc_lookup_create_exclusive+0x183/0x1d0 [ 409.030277] ? down_write+0x87/0x120 [ 409.033967] ? rpc_d_lookup_sb+0x1a0/0x1a0 [ 409.038177] ? down_read+0x150/0x150 [ 409.041868] ? evict_inodes+0x580/0x580 [ 409.045820] rpc_populate.constprop.15+0xa3/0x340 [ 409.050641] rpc_fill_super+0x379/0xae0 [ 409.054593] ? rpc_remove_pipe_dir_object+0x6d0/0x6d0 [ 409.059757] ? retint_kernel+0x10/0x10 [ 409.063624] ? set_anon_super+0x20/0x20 [ 409.067571] ? put_filp+0x90/0x90 [ 409.071006] ? rpc_remove_pipe_dir_object+0x6d0/0x6d0 [ 409.076175] mount_ns+0xc4/0x190 [ 409.079517] rpc_mount+0x9e/0xd0 [ 409.082863] mount_fs+0x66/0x2d0 [ 409.086207] vfs_kern_mount.part.26+0xc6/0x4a0 [ 409.090764] ? may_umount+0xa0/0xa0 [ 409.094365] ? _raw_read_unlock+0x22/0x30 [ 409.098487] ? __get_fs_type+0x8a/0xc0 [ 409.102350] do_mount+0xea4/0x2bb0 [ 409.105867] ? copy_mount_string+0x40/0x40 [ 409.110081] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 409.115073] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 409.119804] ? retint_kernel+0x10/0x10 [ 409.123669] ? copy_mount_options+0x18b/0x2e0 [ 409.128137] ? copy_mount_options+0x191/0x2e0 [ 409.132605] ? copy_mount_options+0x1f7/0x2e0 [ 409.137075] SyS_mount+0xab/0x120 [ 409.140501] ? copy_mnt_ns+0xb30/0xb30 [ 409.144364] do_syscall_64+0x281/0x940 [ 409.148225] ? vmalloc_sync_all+0x30/0x30 [ 409.152347] ? _raw_spin_unlock_irq+0x27/0x70 [ 409.156817] ? finish_task_switch+0x1c1/0x7e0 [ 409.161288] ? syscall_return_slowpath+0x550/0x550 [ 409.166191] ? syscall_return_slowpath+0x2ac/0x550 [ 409.171097] ? prepare_exit_to_usermode+0x350/0x350 [ 409.176086] ? entry_SYSCALL_64_after_hwframe+0x52/0xb7 [ 409.181428] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 409.186247] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 409.191410] RIP: 0033:0x454e79 [ 409.194577] RSP: 002b:00007fb29f67ac68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 2018/03/31 03:07:45 executing program 2: sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r0 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) r1 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) fchdir(0xffffffffffffffff) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) getsockopt$inet6_tcp_buf(r0, 0x6, 0xf, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_pid(r3, &(0x7f0000000100)=ANY=[], 0x1023c) fadvise64(r2, 0x0, 0x0, 0x4) ioctl$TUNGETFEATURES(r2, 0x800454cf, &(0x7f00000002c0)) fallocate(r2, 0x0, 0x0, 0xffff) r4 = inotify_init1(0x0) open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) r5 = inotify_init1(0x0) dup2(r4, r5) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1eec7e667e9c22c674d6eb942b78258369909dc", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000000280)) sendmsg$IPVS_CMD_GET_INFO(r1, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(r1, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) ioctl(r0, 0x2285, &(0x7f0000007000)='S') [ 409.202259] RAX: ffffffffffffffda RBX: 00007fb29f67b6d4 RCX: 0000000000454e79 [ 409.209502] RDX: 0000000020000240 RSI: 0000000020026ff8 RDI: 0000000020000280 [ 409.216747] RBP: 000000000072bea0 R08: 0000000020ae2fff R09: 0000000000000000 [ 409.223989] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000014 [ 409.231234] R13: 00000000000003fa R14: 00000000006f8010 R15: 0000000000000024 [ 409.238684] net/sunrpc/rpc_pipe.c: rpc_populate failed to populate directory / 2018/03/31 03:07:45 executing program 4: r0 = syz_open_dev$binder(&(0x7f00000004c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = getegid() getgroups(0xa, &(0x7f0000000000)=[r1, r1, r1, r1, r1, r1, r1, r1, r1, r1]) mmap$binder(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) mprotect(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x4) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x74, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0c6300000e630c40030000000000000000000000056304400000000009631040", @ANYBLOB, @ANYBLOB="000000000000000000634040000000000000000002000000000000000000000001000000000000000000000018000000000000001000000000000000", @ANYPTR=&(0x7f0000000080)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00H\x00\x00\x00\x00\x00\x00\x00'], @ANYRES64, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0xeb, 0x0, &(0x7f00000002c0)="e718c6edde7a3b7c6af63e413cd5ffd2355006b90295e59b944ae30b53c5e0fb06504316e64898a349e3220fa658c2092306f433254289bcf5cf48a952c6e7eb4c54969299c6123213c5518ec0276eec669de3b62c531bcf2ba950c84bb12b57275938926ff74b0a8fe76d6e8de191b41f549e02c8262b5bf0d716c5f23d4dae1e2d8aac7c0b2386ed16e3b0c7fb6e60c5bbd3d1efb87f99573a5ced5b7f13f75995a776f3c7e6ed23b5056ebec90c762d6ebdd8a7de0f61884f12294d1a1a3696ca768758bc197a050a453209d4fe9930a7053742a70a6fe08461645091bc00c6f25addfbc55c3d37fe35"}) 2018/03/31 03:07:45 executing program 6: sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r0 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) r1 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) getsockopt$inet6_tcp_buf(r0, 0x6, 0xf, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_pid(r3, &(0x7f0000000100)=ANY=[], 0x1023c) fadvise64(r2, 0x0, 0x0, 0x4) ioctl$TUNGETFEATURES(r2, 0x800454cf, &(0x7f00000002c0)) fallocate(r2, 0x0, 0x0, 0xffff) r4 = inotify_init1(0x0) open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) r5 = inotify_init1(0x80800) dup2(r4, r5) fstatfs(r4, &(0x7f0000000040)=""/62) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000000280)) sendmsg$IPVS_CMD_GET_INFO(r1, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(r2, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(r1, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) ioctl(r0, 0x2285, &(0x7f0000007000)='S') [ 409.255248] binder: 26566:26578 Acquire 1 refcount change on invalid ref 0 ret -22 [ 409.263091] binder: 26566:26578 BC_ACQUIRE_DONE u0000000000000000 no match [ 409.270144] binder: 26566:26578 unknown command 0 [ 409.289128] binder: 26566:26578 ioctl c0306201 200001c0 returned -22 2018/03/31 03:07:45 executing program 3: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ppp\x00', 0x40000, 0x0) ioctl$FIONREAD(r0, 0x541b, &(0x7f0000000440)) sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r1 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) r2 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) socket(0xf, 0x7, 0x8) getsockopt$inet6_tcp_buf(r1, 0x6, 0xf, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) r4 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_pid(r4, &(0x7f0000000100)=ANY=[], 0x1023c) fadvise64(r3, 0x0, 0x0, 0x4) ioctl$TUNGETFEATURES(r3, 0x800454cf, &(0x7f00000002c0)) fallocate(r3, 0x0, 0x0, 0xffff) r5 = inotify_init1(0x0) open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) getsockopt$inet6_buf(r4, 0x29, 0x2a, &(0x7f0000000580)=""/148, &(0x7f0000000480)=0x94) r6 = inotify_init1(0x80800) dup2(r5, r6) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1eec7e667e9c22c674d6eb942b78258369909dc", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") ioctl$sock_SIOCGPGRP(r4, 0x8904, &(0x7f0000000280)) sendmsg$IPVS_CMD_GET_INFO(r2, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(r3, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}, 0x10}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(r2, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) ioctl(r1, 0x2285, &(0x7f0000007000)='S') 2018/03/31 03:07:45 executing program 1 (fault-call:10 fault-nth:37): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x2800000, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="8da4363a00000000000000000000000000000000000000000000000000000000ecf6f2a3299748aeb81e1b00920efd9a000001000000000001000000000000005f42485266535f4d050000000000000000104000000000000000020000000000000000000000000000000000000000000000800200000000007000000000000006000000000000000100000000000000001000000010000000100000001000006100000004000000000000000000000000000000000000000000000045010000000000000000000000010000000000000000008002000000000000800000000000001000000010000000100000000000000000000000000000000000000000000000000000000000000000c08de47c70514c95b95e109e96a0b90decf6f2a3299748aeb81e1b00920efd9a00", 0x12c, 0x10000}], 0x0, &(0x7f0000014300)) mkdir(&(0x7f0000000040)='./file0\x00', 0x1c1) syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000180)="2f2f66696c653002", 0x80, 0x1, &(0x7f0000000900)=[{&(0x7f0000000400)="726b0bf4cf9ea0007fa7cf2e5c463c327b275b956e7a407a7776f3f680f45f33407d01287d4ef58cd8d319309c29643917d4bc86f568f8852b2e6c7cee837e0715e7aa7f82e970e6d76f2290b63efeed63f0785b36f4e95bdf2f07271dbd7d278d79d59de5", 0x65, 0x4}], 0x240000, &(0x7f0000000a00)={'nouuid,'}) r0 = open(&(0x7f00000002c0)='./file0\x00', 0x0, 0x0) symlinkat(&(0x7f0000000240)='./file0/file0/file0\x00', r0, &(0x7f0000000140)='./file0\x00') ioctl$UFFDIO_UNREGISTER(r0, 0x8010aa01, &(0x7f00000003c0)={&(0x7f0000ffc000/0x1000)=nil, 0x1000}) syz_open_pts(r0, 0x646041) unlinkat(r0, &(0x7f0000000080)='./file0/file0/file0\x00', 0x0) renameat(r0, &(0x7f0000000040)="2f2f66696c653002", 0xffffffffffffffff, &(0x7f0000000100)='./file1\x00') mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f0000000280)='./file0/file0\x00', &(0x7f0000026ff8)='./file0\x00', &(0x7f0000000240)='rpc_pipefs\x00', 0x0, &(0x7f0000ae2fff)) umount2(&(0x7f0000000000)='./file0\x00', 0x0) fcntl$notify(r0, 0x402, 0x1b) symlinkat(&(0x7f0000000800)='./file0\x00', 0xffffffffffffffff, &(0x7f0000000780)='./file0/file0\x00') mkdir(&(0x7f0000000380)='./file0\x00', 0x2) renameat(r0, &(0x7f0000000300)="2f2f66696c653002", 0xffffffffffffffff, &(0x7f0000000340)='./file1\x00') [ 409.411347] FAULT_INJECTION: forcing a failure. [ 409.411347] name failslab, interval 1, probability 0, space 0, times 0 [ 409.422687] CPU: 1 PID: 26594 Comm: syz-executor1 Not tainted 4.16.0-rc7+ #7 [ 409.429871] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 409.439222] Call Trace: [ 409.441810] dump_stack+0x194/0x24d [ 409.445441] ? arch_local_irq_restore+0x53/0x53 [ 409.450112] should_fail+0x8c0/0xa40 [ 409.453822] ? fault_create_debugfs_attr+0x1f0/0x1f0 2018/03/31 03:07:45 executing program 6: sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r0 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) r1 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) getsockopt$inet6_tcp_buf(r0, 0x6, 0xf, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_pid(r3, &(0x7f0000000100)=ANY=[], 0x1023c) fadvise64(r2, 0x0, 0x0, 0x4) ioctl$TUNGETFEATURES(r2, 0x800454cf, &(0x7f00000002c0)) fallocate(r2, 0x0, 0x0, 0xffff) r4 = inotify_init1(0x0) open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) r5 = inotify_init1(0x80800) dup2(r4, r5) fstatfs(r4, &(0x7f0000000040)=""/62) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000000280)) sendmsg$IPVS_CMD_GET_INFO(r1, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(r2, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(r1, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) ioctl(r0, 0x2285, &(0x7f0000007000)='S') [ 409.458928] ? __lock_is_held+0xb6/0x140 [ 409.462988] ? mark_held_locks+0xaf/0x100 [ 409.467128] ? __raw_spin_lock_init+0x1c/0x100 [ 409.471708] ? find_held_lock+0x35/0x1d0 [ 409.475775] ? __lock_is_held+0xb6/0x140 [ 409.479868] ? check_same_owner+0x320/0x320 [ 409.484197] ? d_alloc+0x269/0x340 [ 409.487735] ? rcu_note_context_switch+0x710/0x710 [ 409.492656] ? lock_release+0xa40/0xa40 [ 409.497037] should_failslab+0xec/0x120 [ 409.501007] kmem_cache_alloc+0x47/0x760 [ 409.505067] ? d_drop+0x51/0x60 2018/03/31 03:07:45 executing program 6: sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r0 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) fchdir(0xffffffffffffffff) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) getsockopt$inet6_tcp_buf(r0, 0x6, 0xf, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_pid(r2, &(0x7f0000000100)=ANY=[], 0x1023c) fadvise64(r1, 0x0, 0x0, 0x4) ioctl$TUNGETFEATURES(r1, 0x800454cf, &(0x7f00000002c0)) fallocate(r1, 0x0, 0x0, 0xffff) r3 = inotify_init1(0x0) open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) r4 = inotify_init1(0x80800) dup2(r3, r4) fstatfs(r3, &(0x7f0000000040)=""/62) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") ioctl$sock_SIOCGPGRP(r2, 0x8904, &(0x7f0000000280)) sendmsg$IPVS_CMD_GET_INFO(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(0xffffffffffffffff, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) ioctl(r0, 0x2285, &(0x7f0000007000)='S') [ 409.508341] ? rpc_i_callback+0x30/0x30 [ 409.512311] rpc_alloc_inode+0x1a/0x20 [ 409.516194] alloc_inode+0x65/0x180 [ 409.519814] new_inode_pseudo+0x69/0x190 [ 409.523866] ? prune_icache_sb+0x1a0/0x1a0 [ 409.528099] ? do_raw_spin_trylock+0x190/0x190 [ 409.532677] ? d_add+0xa70/0xa70 [ 409.536044] new_inode+0x1c/0x40 [ 409.539404] rpc_get_inode+0x20/0x1e0 [ 409.543201] __rpc_create_common+0x5d/0x1d0 [ 409.547527] rpc_populate.constprop.15+0x1ad/0x340 [ 409.552452] rpc_fill_super+0x379/0xae0 [ 409.556426] ? cap_capable+0x1b5/0x230 [ 409.560310] ? rpc_remove_pipe_dir_object+0x6d0/0x6d0 [ 409.565501] ? security_capable+0x8e/0xc0 [ 409.569646] ? rpc_remove_pipe_dir_object+0x6d0/0x6d0 [ 409.574838] ? ns_capable_common+0xcf/0x160 [ 409.579161] ? rpc_remove_pipe_dir_object+0x6d0/0x6d0 [ 409.584355] mount_ns+0xc4/0x190 [ 409.587716] rpc_mount+0x9e/0xd0 [ 409.591080] mount_fs+0x66/0x2d0 [ 409.594441] vfs_kern_mount.part.26+0xc6/0x4a0 [ 409.599015] ? may_umount+0xa0/0xa0 [ 409.602639] ? _raw_read_unlock+0x22/0x30 [ 409.606783] ? __get_fs_type+0x8a/0xc0 2018/03/31 03:07:45 executing program 6: sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r0 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) fchdir(0xffffffffffffffff) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) getsockopt$inet6_tcp_buf(r0, 0x6, 0xf, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_pid(r2, &(0x7f0000000100)=ANY=[], 0x1023c) fadvise64(r1, 0x0, 0x0, 0x4) ioctl$TUNGETFEATURES(r1, 0x800454cf, &(0x7f00000002c0)) fallocate(r1, 0x0, 0x0, 0xffff) r3 = inotify_init1(0x0) open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) r4 = inotify_init1(0x80800) dup2(r3, r4) fstatfs(r3, &(0x7f0000000040)=""/62) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") ioctl$sock_SIOCGPGRP(r2, 0x8904, &(0x7f0000000280)) sendmsg$IPVS_CMD_GET_INFO(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(0xffffffffffffffff, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) ioctl(r0, 0x2285, &(0x7f0000007000)='S') [ 409.610667] do_mount+0xea4/0x2bb0 [ 409.614201] ? copy_mount_string+0x40/0x40 [ 409.618429] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 409.623442] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 409.628198] ? retint_kernel+0x10/0x10 [ 409.632089] ? copy_mount_options+0x18b/0x2e0 [ 409.636583] ? copy_mount_options+0x193/0x2e0 [ 409.641072] ? copy_mount_options+0x1f7/0x2e0 [ 409.645561] SyS_mount+0xab/0x120 [ 409.649012] ? copy_mnt_ns+0xb30/0xb30 [ 409.652901] do_syscall_64+0x281/0x940 [ 409.656786] ? vmalloc_sync_all+0x30/0x30 [ 409.660927] ? _raw_spin_unlock_irq+0x27/0x70 [ 409.665413] ? finish_task_switch+0x1c1/0x7e0 [ 409.669902] ? syscall_return_slowpath+0x550/0x550 [ 409.674824] ? syscall_return_slowpath+0x2ac/0x550 [ 409.679746] ? prepare_exit_to_usermode+0x350/0x350 [ 409.684758] ? entry_SYSCALL_64_after_hwframe+0x52/0xb7 [ 409.690119] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 409.694961] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 409.700141] RIP: 0033:0x454e79 [ 409.703321] RSP: 002b:00007fb29f67ac68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 409.711020] RAX: ffffffffffffffda RBX: 00007fb29f67b6d4 RCX: 0000000000454e79 [ 409.718282] RDX: 0000000020000240 RSI: 0000000020026ff8 RDI: 0000000020000280 [ 409.725540] RBP: 000000000072bea0 R08: 0000000020ae2fff R09: 0000000000000000 [ 409.732803] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000014 [ 409.740062] R13: 00000000000003fa R14: 00000000006f8010 R15: 0000000000000025 [ 409.747487] net/sunrpc/rpc_pipe.c: __rpc_create_common failed to allocate inode for dentry lockd [ 409.760228] binder: 26586:26608 BC_REQUEST_DEATH_NOTIFICATION invalid ref 3 [ 409.809367] binder: 26586:26608 Acquire 1 refcount change on invalid ref 0 ret -22 [ 409.817182] binder: 26586:26608 BC_ACQUIRE_DONE u0000000000000000 no match [ 409.820169] net/sunrpc/rpc_pipe.c: rpc_populate failed to populate directory / [ 409.824325] binder: 26586:26608 unknown command 0 [ 409.865152] binder: 26586:26608 ioctl c0306201 200001c0 returned -22 2018/03/31 03:07:46 executing program 6: sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r0 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) fchdir(0xffffffffffffffff) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) getsockopt$inet6_tcp_buf(r0, 0x6, 0xf, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_pid(r2, &(0x7f0000000100)=ANY=[], 0x1023c) fadvise64(r1, 0x0, 0x0, 0x4) ioctl$TUNGETFEATURES(r1, 0x800454cf, &(0x7f00000002c0)) fallocate(r1, 0x0, 0x0, 0xffff) r3 = inotify_init1(0x0) open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) r4 = inotify_init1(0x80800) dup2(r3, r4) fstatfs(r3, &(0x7f0000000040)=""/62) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") ioctl$sock_SIOCGPGRP(r2, 0x8904, &(0x7f0000000280)) sendmsg$IPVS_CMD_GET_INFO(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(0xffffffffffffffff, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) ioctl(r0, 0x2285, &(0x7f0000007000)='S') 2018/03/31 03:07:46 executing program 7: sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r0 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x2, 0x0, 0x80da14}) r1 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) fchdir(r1) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) getsockopt$inet6_tcp_buf(r0, 0x6, 0xf, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_pid(r3, &(0x7f0000000100)=ANY=[], 0x1023c) fadvise64(r2, 0x0, 0x0, 0x4) ioctl$TUNGETFEATURES(r2, 0x800454cf, &(0x7f00000002c0)) fallocate(r2, 0x0, 0x0, 0xffff) r4 = inotify_init1(0x0) r5 = syz_open_dev$vcsn(&(0x7f0000000580)='/dev/vcs#\x00', 0xfffffffffffffffa, 0x101200) getsockopt$inet_sctp_SCTP_RECONFIG_SUPPORTED(r1, 0x84, 0x75, &(0x7f00000005c0)={0x0, 0x6}, &(0x7f0000000600)=0x8) getsockopt$inet_sctp_SCTP_PARTIAL_DELIVERY_POINT(r5, 0x84, 0x13, &(0x7f0000000640)={r6, 0xb5}, &(0x7f0000000680)=0x8) syz_open_dev$dmmidi(&(0x7f0000000480)='/dev/dmmidi#\x00', 0x200, 0x1) open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) r7 = inotify_init1(0x80800) dup2(r4, r7) fstatfs(r4, &(0x7f0000000040)=""/62) uselib(&(0x7f0000000440)='./file0\x00') clone(0x20000000, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1eec7e667e9c22c674d6eb942b78258369909dc", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000000280)) sendmsg$IPVS_CMD_GET_INFO(r1, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(r2, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(r1, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) ioctl(r0, 0x2285, &(0x7f0000007000)='S') 2018/03/31 03:07:46 executing program 1 (fault-call:10 fault-nth:38): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x2800000, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="8da4363a00000000000000000000000000000000000000000000000000000000ecf6f2a3299748aeb81e1b00920efd9a000001000000000001000000000000005f42485266535f4d050000000000000000104000000000000000020000000000000000000000000000000000000000000000800200000000007000000000000006000000000000000100000000000000001000000010000000100000001000006100000004000000000000000000000000000000000000000000000045010000000000000000000000010000000000000000008002000000000000800000000000001000000010000000100000000000000000000000000000000000000000000000000000000000000000c08de47c70514c95b95e109e96a0b90decf6f2a3299748aeb81e1b00920efd9a00", 0x12c, 0x10000}], 0x0, &(0x7f0000014300)) mkdir(&(0x7f0000000040)='./file0\x00', 0x1c1) syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000180)="2f2f66696c653002", 0x80, 0x1, &(0x7f0000000900)=[{&(0x7f0000000400)="726b0bf4cf9ea0007fa7cf2e5c463c327b275b956e7a407a7776f3f680f45f33407d01287d4ef58cd8d319309c29643917d4bc86f568f8852b2e6c7cee837e0715e7aa7f82e970e6d76f2290b63efeed63f0785b36f4e95bdf2f07271dbd7d278d79d59de5", 0x65, 0x4}], 0x240000, &(0x7f0000000a00)={'nouuid,'}) r0 = open(&(0x7f00000002c0)='./file0\x00', 0x0, 0x0) symlinkat(&(0x7f0000000240)='./file0/file0/file0\x00', r0, &(0x7f0000000140)='./file0\x00') ioctl$UFFDIO_UNREGISTER(r0, 0x8010aa01, &(0x7f00000003c0)={&(0x7f0000ffc000/0x1000)=nil, 0x1000}) syz_open_pts(r0, 0x646041) unlinkat(r0, &(0x7f0000000080)='./file0/file0/file0\x00', 0x0) renameat(r0, &(0x7f0000000040)="2f2f66696c653002", 0xffffffffffffffff, &(0x7f0000000100)='./file1\x00') mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f0000000280)='./file0/file0\x00', &(0x7f0000026ff8)='./file0\x00', &(0x7f0000000240)='rpc_pipefs\x00', 0x0, &(0x7f0000ae2fff)) umount2(&(0x7f0000000000)='./file0\x00', 0x0) fcntl$notify(r0, 0x402, 0x1b) symlinkat(&(0x7f0000000800)='./file0\x00', 0xffffffffffffffff, &(0x7f0000000780)='./file0/file0\x00') mkdir(&(0x7f0000000380)='./file0\x00', 0x2) renameat(r0, &(0x7f0000000300)="2f2f66696c653002", 0xffffffffffffffff, &(0x7f0000000340)='./file1\x00') 2018/03/31 03:07:46 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x20000, 0x0) r1 = syz_open_dev$sndtimer(&(0x7f00000000c0)='/dev/snd/timer\x00', 0x0, 0x0) read(r1, &(0x7f0000ec6000)=""/50, 0x32) r2 = socket$bt_cmtp(0x1f, 0x3, 0x5) ioctl$sock_bt_cmtp_CMTPGETCONNINFO(r2, 0x800443d3, &(0x7f0000000080)={{0x6, 0x6, 0xffffffffffffff0b, 0xb73, 0x3ff, 0xfff}, 0xf32, 0x80000001, 0x7}) r3 = syz_open_dev$amidi(&(0x7f00000001c0)='/dev/amidi#\x00', 0x0, 0x0) write(r1, &(0x7f00000004c0)="780ec65ce2067f3ee1122a99bb50b2a7ee946d30a08c419184af3cba4c5fd3fb453a9b0579fbe045eb6d010fff8bb5c456c970653aa58220fa45916ada19bd91b78ba2cfa73da9e2febb19f71d99ef2b9888ab59853c2ca807bf6638185a8733d29fe9fa7c48a72ed230fa352885faed068692f6777f1889714bb70b5c4a1d8c630d40aa33d558728f32cc04ac98e9521de095ac87591ecbcacf7672e6e5e53f18c755d6603428546d39b3736e383ea3c59ea74ae799034716863024f78a9916920c8492ff19e17a9919a43fef1600459e92ac32f90c961b7d2ebf47f5", 0xdd) accept4$vsock_stream(r3, &(0x7f0000000340)={0x28, 0x0, 0xffffffff, @my=0x0}, 0x10, 0x80000) ioctl$SNDRV_TIMER_IOCTL_SELECT(r1, 0x40345410, &(0x7f0000000400)={{0x80100000001}}) ioctl$SNDRV_TIMER_IOCTL_PARAMS(r1, 0x40505412, &(0x7f000001cfb0)={0x0, 0x0, 0x0, 0x0, 0xf}) read(r1, &(0x7f0000000200)=""/228, 0xe4) r4 = openat$cuse(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/cuse\x00', 0x400000, 0x0) setsockopt$bt_BT_SNDMTU(r3, 0x112, 0xc, &(0x7f0000000440)=0x6, 0x2) getsockopt$netrom_NETROM_T1(r4, 0x103, 0x1, &(0x7f0000000600), &(0x7f0000000640)=0x4) ioctl$SNDRV_TIMER_IOCTL_START(r1, 0x54a0) socket$nl_xfrm(0x10, 0x3, 0x6) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000680)='/dev/vga_arbiter\x00', 0x8000, 0x0) ioctl$KVM_SET_NR_MMU_PAGES(r4, 0xae44, 0x40) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f0000000480)) r5 = dup2(0xffffffffffffffff, r0) bind$bt_l2cap(r5, &(0x7f0000000040)={0x1f, 0x5b91, {0xd, 0x0, 0x0, 0x8006, 0x5, 0x6}, 0x0, 0x5}, 0xe) preadv(r5, &(0x7f00000007c0)=[{&(0x7f0000000140)=""/100, 0x64}, {&(0x7f0000000240)=""/66, 0x42}, {&(0x7f00000002c0)=""/115, 0x73}, {&(0x7f0000000380)=""/71, 0x47}], 0x4, 0x16) 2018/03/31 03:07:46 executing program 2: sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r0 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) r1 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) fchdir(0xffffffffffffffff) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) getsockopt$inet6_tcp_buf(r0, 0x6, 0xf, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_pid(r3, &(0x7f0000000100)=ANY=[], 0x1023c) fadvise64(r2, 0x0, 0x0, 0x4) ioctl$TUNGETFEATURES(r2, 0x800454cf, &(0x7f00000002c0)) fallocate(r2, 0x0, 0x0, 0xffff) r4 = inotify_init1(0x0) open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) r5 = inotify_init1(0x0) dup2(r4, r5) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1eec7e667e9c22c674d6eb942b78258369909dc", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000000280)) sendmsg$IPVS_CMD_GET_INFO(r1, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(r1, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) ioctl(r0, 0x2285, &(0x7f0000007000)='S') 2018/03/31 03:07:46 executing program 5: sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r0 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) r1 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) fchdir(0xffffffffffffffff) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) getsockopt$inet6_tcp_buf(r0, 0x6, 0xf, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_pid(r3, &(0x7f0000000100)=ANY=[], 0x1023c) fadvise64(r2, 0x0, 0x0, 0x4) ioctl$TUNGETFEATURES(r2, 0x800454cf, &(0x7f00000002c0)) recvmmsg(r2, &(0x7f0000001a00)=[{{&(0x7f0000000440)=@llc={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @broadcast}, 0x80, &(0x7f0000000040)=[{&(0x7f0000000580)=""/4096, 0x1000}, {&(0x7f0000001580)=""/240, 0xf0}, {&(0x7f0000001680)=""/187, 0xbb}, {&(0x7f0000001740)=""/223, 0xdf}], 0x4, &(0x7f0000001840)=""/69, 0x45, 0x100}, 0x4}, {{&(0x7f00000018c0)=@ll={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @remote}, 0x80, &(0x7f00000004c0), 0x0, &(0x7f0000001940)=""/146, 0x92, 0x3}, 0xfff}], 0x2, 0x10000, &(0x7f0000001a80)) fallocate(r2, 0x0, 0x0, 0xffff) r4 = inotify_init1(0x0) open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) setsockopt$bt_hci_HCI_TIME_STAMP(r0, 0x0, 0x3, &(0x7f00000004c0)=0x100, 0x4) r5 = inotify_init1(0x80800) dup2(r4, r5) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1eec7e667e9c22c674d6eb942b78258369909dc", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000000280)) sendmsg$IPVS_CMD_GET_INFO(r1, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(r2, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(r1, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) ioctl(r0, 0x2285, &(0x7f0000007000)='S') 2018/03/31 03:07:46 executing program 4: r0 = syz_open_dev$binder(&(0x7f00000004c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) mmap$binder(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x74, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0c6300000e630c40030000000000000000000000056304400000000009631040", @ANYBLOB, @ANYBLOB="000000000000000000634040000000000000000002000000000000000000000001000000000000000000000018000000000000001000000000000000", @ANYPTR=&(0x7f0000000080)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00H\x00\x00\x00\x00\x00\x00\x00'], @ANYRES64, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0xeb, 0x0, &(0x7f00000002c0)="e718c6edde7a3b7c6af63e413cd5ffd2355006b90295e59b944ae30b53c5e0fb06504316e64898a349e3220fa658c2092306f433254289bcf5cf48a952c6e7eb4c54969299c6123213c5518ec0276eec669de3b62c531bcf2ba950c84bb12b57275938926ff74b0a8fe76d6e8de191b41f549e02c8262b5bf0d716c5f23d4dae1e2d8aac7c0b2386ed16e3b0c7fb6e60c5bbd3d1efb87f99573a5ced5b7f13f75995a776f3c7e6ed23b5056ebec90c762d6ebdd8a7de0f61884f12294d1a1a3696ca768758bc197a050a453209d4fe9930a7053742a70a6fe08461645091bc00c6f25addfbc55c3d37fe35"}) 2018/03/31 03:07:46 executing program 3: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ppp\x00', 0x40000, 0x0) ioctl$FIONREAD(r0, 0x541b, &(0x7f0000000440)) sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r1 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) r2 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) socket(0xf, 0x7, 0x8) getsockopt$inet6_tcp_buf(r1, 0x6, 0xf, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) r4 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_pid(r4, &(0x7f0000000100)=ANY=[], 0x1023c) fadvise64(r3, 0x0, 0x0, 0x4) ioctl$TUNGETFEATURES(r3, 0x800454cf, &(0x7f00000002c0)) fallocate(r3, 0x0, 0x0, 0xffff) r5 = inotify_init1(0x0) open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) getsockopt$inet6_buf(r4, 0x29, 0x2a, &(0x7f0000000580)=""/148, &(0x7f0000000480)=0x94) r6 = inotify_init1(0x80800) dup2(r5, r6) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1eec7e667e9c22c674d6eb942b78258369909dc", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") ioctl$sock_SIOCGPGRP(r4, 0x8904, &(0x7f0000000280)) sendmsg$IPVS_CMD_GET_INFO(r2, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(r3, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}, 0x10}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(r2, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) ioctl(r1, 0x2285, &(0x7f0000007000)='S') [ 410.185268] FAULT_INJECTION: forcing a failure. [ 410.185268] name failslab, interval 1, probability 0, space 0, times 0 [ 410.198239] CPU: 0 PID: 26621 Comm: syz-executor1 Not tainted 4.16.0-rc7+ #7 [ 410.205431] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 410.214774] Call Trace: [ 410.217350] dump_stack+0x194/0x24d [ 410.220956] ? arch_local_irq_restore+0x53/0x53 [ 410.225608] should_fail+0x8c0/0xa40 [ 410.229298] ? unwind_next_frame.part.6+0x1a6/0xb40 [ 410.234295] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 410.239378] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 410.244541] ? __lock_acquire+0x664/0x3e00 [ 410.248753] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 410.253921] ? find_held_lock+0x35/0x1d0 [ 410.257960] ? __lock_is_held+0xb6/0x140 [ 410.262003] ? check_same_owner+0x320/0x320 [ 410.266304] ? __d_lookup+0x4f4/0x830 [ 410.270085] ? rcu_note_context_switch+0x710/0x710 [ 410.274996] should_failslab+0xec/0x120 [ 410.278951] kmem_cache_alloc+0x47/0x760 [ 410.283035] __d_alloc+0xc1/0xbd0 [ 410.286467] ? shrink_dcache_for_umount+0x290/0x290 [ 410.291458] ? d_alloc_parallel+0x1b40/0x1b40 [ 410.295929] ? lock_release+0xa40/0xa40 [ 410.299883] ? mark_held_locks+0xaf/0x100 [ 410.304007] ? d_lookup+0x133/0x2e0 [ 410.307615] ? d_lookup+0x1d5/0x2e0 [ 410.311217] d_alloc+0x8e/0x340 [ 410.314471] ? __d_alloc+0xbd0/0xbd0 [ 410.318157] ? full_name_hash+0x9b/0xe0 [ 410.322112] __rpc_lookup_create_exclusive+0x183/0x1d0 [ 410.327364] ? rpc_d_lookup_sb+0x1a0/0x1a0 [ 410.331577] rpc_populate.constprop.15+0xa3/0x340 [ 410.336400] rpc_fill_super+0x379/0xae0 [ 410.340354] ? cap_capable+0x1b5/0x230 [ 410.344393] ? rpc_remove_pipe_dir_object+0x6d0/0x6d0 [ 410.349559] ? security_capable+0x8e/0xc0 [ 410.353681] ? rpc_remove_pipe_dir_object+0x6d0/0x6d0 [ 410.358845] ? ns_capable_common+0xcf/0x160 [ 410.363142] ? rpc_remove_pipe_dir_object+0x6d0/0x6d0 [ 410.368329] mount_ns+0xc4/0x190 [ 410.371671] rpc_mount+0x9e/0xd0 [ 410.375020] mount_fs+0x66/0x2d0 [ 410.378367] vfs_kern_mount.part.26+0xc6/0x4a0 [ 410.382924] ? may_umount+0xa0/0xa0 [ 410.386527] ? _raw_read_unlock+0x22/0x30 [ 410.390651] ? __get_fs_type+0x8a/0xc0 [ 410.394514] do_mount+0xea4/0x2bb0 [ 410.398035] ? copy_mount_string+0x40/0x40 [ 410.402246] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 410.407237] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 410.411971] ? retint_kernel+0x10/0x10 [ 410.415834] ? copy_mount_options+0x18b/0x2e0 [ 410.420302] ? copy_mount_options+0x193/0x2e0 [ 410.424776] ? copy_mount_options+0x1f7/0x2e0 [ 410.429246] SyS_mount+0xab/0x120 [ 410.432691] ? copy_mnt_ns+0xb30/0xb30 [ 410.436552] do_syscall_64+0x281/0x940 [ 410.440416] ? vmalloc_sync_all+0x30/0x30 [ 410.444538] ? _raw_spin_unlock_irq+0x27/0x70 [ 410.449013] ? finish_task_switch+0x1c1/0x7e0 [ 410.453487] ? syscall_return_slowpath+0x550/0x550 [ 410.458389] ? syscall_return_slowpath+0x2ac/0x550 [ 410.463294] ? prepare_exit_to_usermode+0x350/0x350 [ 410.468290] ? entry_SYSCALL_64_after_hwframe+0x52/0xb7 [ 410.473633] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 410.478451] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 410.483613] RIP: 0033:0x454e79 [ 410.486778] RSP: 002b:00007fb29f67ac68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 410.494461] RAX: ffffffffffffffda RBX: 00007fb29f67b6d4 RCX: 0000000000454e79 [ 410.501704] RDX: 0000000020000240 RSI: 0000000020026ff8 RDI: 0000000020000280 [ 410.508948] RBP: 000000000072bea0 R08: 0000000020ae2fff R09: 0000000000000000 [ 410.516192] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000014 [ 410.523438] R13: 00000000000003fa R14: 00000000006f8010 R15: 0000000000000026 [ 410.541647] binder: 26626:26629 BC_REQUEST_DEATH_NOTIFICATION invalid ref 3 [ 410.578672] binder: 26626:26629 Acquire 1 refcount change on invalid ref 0 ret -22 2018/03/31 03:07:46 executing program 6: sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r0 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) r1 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) fchdir(0xffffffffffffffff) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) getsockopt$inet6_tcp_buf(r0, 0x6, 0xf, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_pid(r3, &(0x7f0000000100)=ANY=[], 0x1023c) fadvise64(r2, 0x0, 0x0, 0x4) ioctl$TUNGETFEATURES(r2, 0x800454cf, &(0x7f00000002c0)) fallocate(r2, 0x0, 0x0, 0xffff) r4 = inotify_init1(0x0) open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) r5 = inotify_init1(0x80800) dup2(r4, r5) fstatfs(r4, &(0x7f0000000040)=""/62) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000000280)) sendmsg$IPVS_CMD_GET_INFO(r1, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(r2, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(r1, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) ioctl(r0, 0x2285, &(0x7f0000007000)='S') 2018/03/31 03:07:46 executing program 2: sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r0 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) r1 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) fchdir(0xffffffffffffffff) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) getsockopt$inet6_tcp_buf(r0, 0x6, 0xf, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_pid(r3, &(0x7f0000000100)=ANY=[], 0x1023c) fadvise64(r2, 0x0, 0x0, 0x4) ioctl$TUNGETFEATURES(r2, 0x800454cf, &(0x7f00000002c0)) fallocate(r2, 0x0, 0x0, 0xffff) r4 = inotify_init1(0x0) open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) r5 = inotify_init1(0x0) dup2(r4, r5) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1eec7e667e9c22c674d6eb942b78258369909dc", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000000280)) sendmsg$IPVS_CMD_GET_INFO(r1, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(r1, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) ioctl(r0, 0x2285, &(0x7f0000007000)='S') [ 410.586477] binder: 26626:26629 BC_ACQUIRE_DONE u0000000000000000 no match [ 410.593539] binder: 26626:26629 unknown command 0 2018/03/31 03:07:46 executing program 3: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ppp\x00', 0x40000, 0x0) ioctl$FIONREAD(r0, 0x541b, &(0x7f0000000440)) sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r1 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) fchdir(0xffffffffffffffff) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) socket(0xf, 0x7, 0x8) getsockopt$inet6_tcp_buf(r1, 0x6, 0xf, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_pid(r3, &(0x7f0000000100)=ANY=[], 0x1023c) fadvise64(r2, 0x0, 0x0, 0x4) ioctl$TUNGETFEATURES(r2, 0x800454cf, &(0x7f00000002c0)) fallocate(r2, 0x0, 0x0, 0xffff) r4 = inotify_init1(0x0) open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) getsockopt$inet6_buf(r3, 0x29, 0x2a, &(0x7f0000000580)=""/148, &(0x7f0000000480)=0x94) r5 = inotify_init1(0x80800) dup2(r4, r5) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1eec7e667e9c22c674d6eb942b78258369909dc", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000000280)) sendmsg$IPVS_CMD_GET_INFO(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(r2, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}, 0x10}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(0xffffffffffffffff, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) ioctl(r1, 0x2285, &(0x7f0000007000)='S') 2018/03/31 03:07:47 executing program 2: sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r0 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) r1 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) fchdir(0xffffffffffffffff) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) getsockopt$inet6_tcp_buf(r0, 0x6, 0xf, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_pid(r3, &(0x7f0000000100)=ANY=[], 0x1023c) fadvise64(r2, 0x0, 0x0, 0x4) ioctl$TUNGETFEATURES(r2, 0x800454cf, &(0x7f00000002c0)) fallocate(r2, 0x0, 0x0, 0xffff) r4 = inotify_init1(0x0) open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) r5 = inotify_init1(0x80800) dup2(0xffffffffffffffff, r5) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1eec7e667e9c22c674d6eb942b78258369909dc", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000000280)) sendmsg$IPVS_CMD_GET_INFO(r1, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(r1, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) ioctl(r0, 0x2285, &(0x7f0000007000)='S') [ 410.661808] binder: 26626:26629 ioctl c0306201 20000000 returned -22 2018/03/31 03:07:47 executing program 6: sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) r0 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) fchdir(0xffffffffffffffff) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) getsockopt$inet6_tcp_buf(0xffffffffffffffff, 0x6, 0xf, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_pid(r2, &(0x7f0000000100)=ANY=[], 0x1023c) fadvise64(r1, 0x0, 0x0, 0x4) ioctl$TUNGETFEATURES(r1, 0x800454cf, &(0x7f00000002c0)) fallocate(r1, 0x0, 0x0, 0xffff) r3 = inotify_init1(0x0) open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) r4 = inotify_init1(0x80800) dup2(r3, r4) fstatfs(r3, &(0x7f0000000040)=""/62) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") ioctl$sock_SIOCGPGRP(r2, 0x8904, &(0x7f0000000280)) sendmsg$IPVS_CMD_GET_INFO(r0, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(r0, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) ioctl(0xffffffffffffffff, 0x2285, &(0x7f0000007000)='S') [ 410.710434] binder: 26626:26649 BC_REQUEST_DEATH_NOTIFICATION invalid ref 3 [ 410.733371] binder: 26626:26649 Acquire 1 refcount change on invalid ref 0 ret -22 [ 410.741224] binder: 26626:26649 BC_ACQUIRE_DONE u0000000000000000 no match [ 410.748264] binder: 26626:26649 unknown command 0 2018/03/31 03:07:47 executing program 5: sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r0 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) r1 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) fchdir(0xffffffffffffffff) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) getsockopt$inet6_tcp_buf(r0, 0x6, 0xf, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_pid(r3, &(0x7f0000000100)=ANY=[], 0x1023c) fadvise64(r2, 0x0, 0x0, 0x4) ioctl$TUNGETFEATURES(r2, 0x800454cf, &(0x7f00000002c0)) fallocate(r2, 0x0, 0x0, 0xffff) r4 = inotify_init1(0x80000) r5 = open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) r6 = inotify_init1(0x80800) dup2(r4, r6) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1eec7e667e9c22c674d6eb942b78258369909dc", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000000280)) sendmsg$IPVS_CMD_GET_INFO(r1, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(r2, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(r1, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) setsockopt$sock_void(r5, 0x1, 0x0, 0x0, 0x0) ioctl(r0, 0x2285, &(0x7f0000007000)='S') 2018/03/31 03:07:47 executing program 7: sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r0 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) r1 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) r2 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$sock_int(r2, 0x1, 0x2f, &(0x7f0000000100)=0xffffffffffffffff, 0x3be) fchdir(0xffffffffffffffff) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) getsockopt$inet6_tcp_buf(r0, 0x6, 0xf, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) r4 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_pid(r4, &(0x7f0000000100)=ANY=[], 0x1023c) fadvise64(r3, 0x0, 0x0, 0x4) ioctl$TUNGETFEATURES(r3, 0x800454cf, &(0x7f00000002c0)) fallocate(r3, 0x0, 0x0, 0xffff) r5 = inotify_init1(0x0) open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) r6 = inotify_init1(0x80800) dup2(r5, r6) fstatfs(r5, &(0x7f0000000040)=""/62) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1eec7e667e9c22c674d6eb942b78258369909dc", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") ioctl$sock_SIOCGPGRP(r4, 0x8904, &(0x7f0000000280)) sendmsg$IPVS_CMD_GET_INFO(r1, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(r3, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(r1, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) ioctl(r0, 0x2285, &(0x7f0000007000)='S') [ 410.784186] net/sunrpc/rpc_pipe.c: rpc_populate failed to populate directory / [ 410.791893] binder: 26626:26649 ioctl c0306201 20000000 returned -22 2018/03/31 03:07:47 executing program 4: r0 = syz_open_dev$binder(&(0x7f00000004c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) getgroups(0x0, &(0x7f0000000500)) mmap$binder(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x74, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0c6300000e630c40030000000000000000000000056304400000000009631040", @ANYBLOB, @ANYBLOB="000000000000000000634040000000000000000002000000000000000000000001000000000000000000000018000000000000001000000000000000", @ANYPTR=&(0x7f0000000080)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00H\x00\x00\x00\x00\x00\x00\x00'], @ANYRES64, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0xeb, 0x0, &(0x7f00000002c0)="e718c6edde7a3b7c6af63e413cd5ffd2355006b90295e59b944ae30b53c5e0fb06504316e64898a349e3220fa658c2092306f433254289bcf5cf48a952c6e7eb4c54969299c6123213c5518ec0276eec669de3b62c531bcf2ba950c84bb12b57275938926ff74b0a8fe76d6e8de191b41f549e02c8262b5bf0d716c5f23d4dae1e2d8aac7c0b2386ed16e3b0c7fb6e60c5bbd3d1efb87f99573a5ced5b7f13f75995a776f3c7e6ed23b5056ebec90c762d6ebdd8a7de0f61884f12294d1a1a3696ca768758bc197a050a453209d4fe9930a7053742a70a6fe08461645091bc00c6f25addfbc55c3d37fe35"}) r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer2\x00', 0x0, 0x0) ioctl$KDSIGACCEPT(r1, 0x4b4e, 0x40) setsockopt$inet_sctp_SCTP_FRAGMENT_INTERLEAVE(r1, 0x84, 0x12, &(0x7f0000000040)=0xc221, 0x4) 2018/03/31 03:07:47 executing program 1 (fault-call:10 fault-nth:39): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x2800000, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="8da4363a00000000000000000000000000000000000000000000000000000000ecf6f2a3299748aeb81e1b00920efd9a000001000000000001000000000000005f42485266535f4d050000000000000000104000000000000000020000000000000000000000000000000000000000000000800200000000007000000000000006000000000000000100000000000000001000000010000000100000001000006100000004000000000000000000000000000000000000000000000045010000000000000000000000010000000000000000008002000000000000800000000000001000000010000000100000000000000000000000000000000000000000000000000000000000000000c08de47c70514c95b95e109e96a0b90decf6f2a3299748aeb81e1b00920efd9a00", 0x12c, 0x10000}], 0x0, &(0x7f0000014300)) mkdir(&(0x7f0000000040)='./file0\x00', 0x1c1) syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000180)="2f2f66696c653002", 0x80, 0x1, &(0x7f0000000900)=[{&(0x7f0000000400)="726b0bf4cf9ea0007fa7cf2e5c463c327b275b956e7a407a7776f3f680f45f33407d01287d4ef58cd8d319309c29643917d4bc86f568f8852b2e6c7cee837e0715e7aa7f82e970e6d76f2290b63efeed63f0785b36f4e95bdf2f07271dbd7d278d79d59de5", 0x65, 0x4}], 0x240000, &(0x7f0000000a00)={'nouuid,'}) r0 = open(&(0x7f00000002c0)='./file0\x00', 0x0, 0x0) symlinkat(&(0x7f0000000240)='./file0/file0/file0\x00', r0, &(0x7f0000000140)='./file0\x00') ioctl$UFFDIO_UNREGISTER(r0, 0x8010aa01, &(0x7f00000003c0)={&(0x7f0000ffc000/0x1000)=nil, 0x1000}) syz_open_pts(r0, 0x646041) unlinkat(r0, &(0x7f0000000080)='./file0/file0/file0\x00', 0x0) renameat(r0, &(0x7f0000000040)="2f2f66696c653002", 0xffffffffffffffff, &(0x7f0000000100)='./file1\x00') mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f0000000280)='./file0/file0\x00', &(0x7f0000026ff8)='./file0\x00', &(0x7f0000000240)='rpc_pipefs\x00', 0x0, &(0x7f0000ae2fff)) umount2(&(0x7f0000000000)='./file0\x00', 0x0) fcntl$notify(r0, 0x402, 0x1b) symlinkat(&(0x7f0000000800)='./file0\x00', 0xffffffffffffffff, &(0x7f0000000780)='./file0/file0\x00') mkdir(&(0x7f0000000380)='./file0\x00', 0x2) renameat(r0, &(0x7f0000000300)="2f2f66696c653002", 0xffffffffffffffff, &(0x7f0000000340)='./file1\x00') 2018/03/31 03:07:47 executing program 2: sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r0 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) r1 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) fchdir(0xffffffffffffffff) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) getsockopt$inet6_tcp_buf(r0, 0x6, 0xf, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_pid(r3, &(0x7f0000000100)=ANY=[], 0x1023c) fadvise64(r2, 0x0, 0x0, 0x4) ioctl$TUNGETFEATURES(r2, 0x800454cf, &(0x7f00000002c0)) fallocate(r2, 0x0, 0x0, 0xffff) r4 = inotify_init1(0x0) open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) r5 = inotify_init1(0x80800) dup2(0xffffffffffffffff, r5) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1eec7e667e9c22c674d6eb942b78258369909dc", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000000280)) sendmsg$IPVS_CMD_GET_INFO(r1, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(r1, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) ioctl(r0, 0x2285, &(0x7f0000007000)='S') 2018/03/31 03:07:47 executing program 6: sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) r0 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) fchdir(0xffffffffffffffff) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) getsockopt$inet6_tcp_buf(0xffffffffffffffff, 0x6, 0xf, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_pid(r2, &(0x7f0000000100)=ANY=[], 0x1023c) fadvise64(r1, 0x0, 0x0, 0x4) ioctl$TUNGETFEATURES(r1, 0x800454cf, &(0x7f00000002c0)) fallocate(r1, 0x0, 0x0, 0xffff) r3 = inotify_init1(0x0) open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) r4 = inotify_init1(0x80800) dup2(r3, r4) fstatfs(r3, &(0x7f0000000040)=""/62) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") ioctl$sock_SIOCGPGRP(r2, 0x8904, &(0x7f0000000280)) sendmsg$IPVS_CMD_GET_INFO(r0, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(r0, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) ioctl(0xffffffffffffffff, 0x2285, &(0x7f0000007000)='S') [ 410.931057] FAULT_INJECTION: forcing a failure. [ 410.931057] name failslab, interval 1, probability 0, space 0, times 0 [ 410.942559] CPU: 0 PID: 26666 Comm: syz-executor1 Not tainted 4.16.0-rc7+ #7 [ 410.949744] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 410.959096] Call Trace: [ 410.961693] dump_stack+0x194/0x24d [ 410.965317] ? arch_local_irq_restore+0x53/0x53 [ 410.969994] should_fail+0x8c0/0xa40 [ 410.973706] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 410.978806] ? __lock_is_held+0xb6/0x140 [ 410.982869] ? mark_held_locks+0xaf/0x100 [ 410.983402] binder: 26664:26675 BC_REQUEST_DEATH_NOTIFICATION invalid ref 3 [ 410.987010] ? __raw_spin_lock_init+0x1c/0x100 [ 410.987026] ? find_held_lock+0x35/0x1d0 [ 410.987040] ? __lock_is_held+0xb6/0x140 [ 410.987057] ? check_same_owner+0x320/0x320 [ 410.987064] ? d_alloc+0x269/0x340 [ 410.987076] ? rcu_note_context_switch+0x710/0x710 [ 411.019534] ? lock_release+0xa40/0xa40 [ 411.020834] binder: 26664:26675 Acquire 1 refcount change on invalid ref 0 ret -22 [ 411.023511] should_failslab+0xec/0x120 [ 411.023523] kmem_cache_alloc+0x47/0x760 [ 411.023538] ? d_drop+0x51/0x60 [ 411.023548] ? rpc_i_callback+0x30/0x30 [ 411.023557] rpc_alloc_inode+0x1a/0x20 [ 411.023566] alloc_inode+0x65/0x180 [ 411.031282] binder: 26664:26675 BC_ACQUIRE_DONE u0000000000000000 no match [ 411.035209] new_inode_pseudo+0x69/0x190 [ 411.035218] ? prune_icache_sb+0x1a0/0x1a0 [ 411.035227] ? do_raw_spin_trylock+0x190/0x190 [ 411.035237] ? d_add+0xa70/0xa70 [ 411.035247] new_inode+0x1c/0x40 [ 411.035261] rpc_get_inode+0x20/0x1e0 [ 411.039310] binder: 26664:26675 unknown command 0 [ 411.042543] __rpc_create_common+0x5d/0x1d0 [ 411.042555] rpc_populate.constprop.15+0x1ad/0x340 [ 411.042568] rpc_fill_super+0x379/0xae0 [ 411.042577] ? cap_capable+0x1b5/0x230 [ 411.042587] ? rpc_remove_pipe_dir_object+0x6d0/0x6d0 [ 411.047396] binder: 26664:26675 ioctl c0306201 200001c0 returned -22 [ 411.050400] ? security_capable+0x8e/0xc0 [ 411.050412] ? rpc_remove_pipe_dir_object+0x6d0/0x6d0 [ 411.050422] ? ns_capable_common+0xcf/0x160 [ 411.050433] ? rpc_remove_pipe_dir_object+0x6d0/0x6d0 [ 411.050442] mount_ns+0xc4/0x190 [ 411.050453] rpc_mount+0x9e/0xd0 [ 411.050462] mount_fs+0x66/0x2d0 [ 411.050474] vfs_kern_mount.part.26+0xc6/0x4a0 [ 411.081821] binder: 26664:26675 BC_REQUEST_DEATH_NOTIFICATION invalid ref 3 [ 411.084435] ? may_umount+0xa0/0xa0 [ 411.084448] ? _raw_read_unlock+0x22/0x30 [ 411.084457] ? __get_fs_type+0x8a/0xc0 [ 411.084470] do_mount+0xea4/0x2bb0 [ 411.084483] ? copy_mount_string+0x40/0x40 [ 411.084494] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 411.084505] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 411.084519] ? retint_kernel+0x10/0x10 [ 411.084531] ? copy_mount_options+0x18b/0x2e0 [ 411.084544] ? __sanitizer_cov_trace_pc+0x1/0x50 [ 411.090432] binder: 26664:26675 Acquire 1 refcount change on invalid ref 0 ret -22 [ 411.093667] ? copy_mount_options+0x1f7/0x2e0 [ 411.093679] SyS_mount+0xab/0x120 [ 411.093687] ? copy_mnt_ns+0xb30/0xb30 [ 411.093698] do_syscall_64+0x281/0x940 [ 411.093709] ? vmalloc_sync_all+0x30/0x30 [ 411.093720] ? _raw_spin_unlock_irq+0x27/0x70 [ 411.093730] ? finish_task_switch+0x1c1/0x7e0 [ 411.093740] ? syscall_return_slowpath+0x550/0x550 [ 411.093750] ? syscall_return_slowpath+0x2ac/0x550 [ 411.093759] ? prepare_exit_to_usermode+0x350/0x350 [ 411.093771] ? entry_SYSCALL_64_after_hwframe+0x52/0xb7 [ 411.093785] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 411.098731] binder: 26664:26675 BC_ACQUIRE_DONE u0000000000000000 no match [ 411.102649] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 411.102657] RIP: 0033:0x454e79 [ 411.102662] RSP: 002b:00007fb29f67ac68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 411.102673] RAX: ffffffffffffffda RBX: 00007fb29f67b6d4 RCX: 0000000000454e79 [ 411.102678] RDX: 0000000020000240 RSI: 0000000020026ff8 RDI: 0000000020000280 [ 411.102685] RBP: 000000000072bea0 R08: 0000000020ae2fff R09: 0000000000000000 [ 411.106580] binder: 26664:26675 unknown command 0 [ 411.111706] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000014 [ 411.111712] R13: 00000000000003fa R14: 00000000006f8010 R15: 0000000000000027 [ 411.112334] net/sunrpc/rpc_pipe.c: __rpc_create_common failed to allocate inode for dentry mount [ 411.142972] binder: 26664:26675 ioctl c0306201 200001c0 returned -22 [ 411.189352] net/sunrpc/rpc_pipe.c: rpc_populate failed to populate directory / 2018/03/31 03:07:47 executing program 4: r0 = syz_open_dev$binder(&(0x7f00000004c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x800) getgroups(0x0, &(0x7f0000000500)) mmap$binder(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x74, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0c6300000e630c40030000000000000000000000056304400000000009631040", @ANYBLOB, @ANYBLOB="000000000000000000634040000000000000000002000000000000000000000001000000000000000000000018000000000000001000000000000000", @ANYPTR=&(0x7f0000000080)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00H\x00\x00\x00\x00\x00\x00\x00'], @ANYRES64, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0xeb, 0x0, &(0x7f00000002c0)="e718c6edde7a3b7c6af63e413cd5ffd2355006b90295e59b944ae30b53c5e0fb06504316e64898a349e3220fa658c2092306f433254289bcf5cf48a952c6e7eb4c54969299c6123213c5518ec0276eec669de3b62c531bcf2ba950c84bb12b57275938926ff74b0a8fe76d6e8de191b41f549e02c8262b5bf0d716c5f23d4dae1e2d8aac7c0b2386ed16e3b0c7fb6e60c5bbd3d1efb87f99573a5ced5b7f13f75995a776f3c7e6ed23b5056ebec90c762d6ebdd8a7de0f61884f12294d1a1a3696ca768758bc197a050a453209d4fe9930a7053742a70a6fe08461645091bc00c6f25addfbc55c3d37fe35"}) openat$mixer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/mixer\x00', 0x2, 0x0) 2018/03/31 03:07:47 executing program 2: sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r0 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) r1 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) fchdir(0xffffffffffffffff) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) getsockopt$inet6_tcp_buf(r0, 0x6, 0xf, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_pid(r3, &(0x7f0000000100)=ANY=[], 0x1023c) fadvise64(r2, 0x0, 0x0, 0x4) ioctl$TUNGETFEATURES(r2, 0x800454cf, &(0x7f00000002c0)) fallocate(r2, 0x0, 0x0, 0xffff) r4 = inotify_init1(0x0) open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) r5 = inotify_init1(0x80800) dup2(0xffffffffffffffff, r5) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1eec7e667e9c22c674d6eb942b78258369909dc", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000000280)) sendmsg$IPVS_CMD_GET_INFO(r1, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(r1, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) ioctl(r0, 0x2285, &(0x7f0000007000)='S') 2018/03/31 03:07:47 executing program 3: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ppp\x00', 0x40000, 0x0) ioctl$FIONREAD(r0, 0x541b, &(0x7f0000000440)) sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r1 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) fchdir(0xffffffffffffffff) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) socket(0xf, 0x7, 0x8) getsockopt$inet6_tcp_buf(r1, 0x6, 0xf, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_pid(r3, &(0x7f0000000100)=ANY=[], 0x1023c) fadvise64(r2, 0x0, 0x0, 0x4) ioctl$TUNGETFEATURES(r2, 0x800454cf, &(0x7f00000002c0)) fallocate(r2, 0x0, 0x0, 0xffff) r4 = inotify_init1(0x0) open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) getsockopt$inet6_buf(r3, 0x29, 0x2a, &(0x7f0000000580)=""/148, &(0x7f0000000480)=0x94) r5 = inotify_init1(0x80800) dup2(r4, r5) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1eec7e667e9c22c674d6eb942b78258369909dc", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000000280)) sendmsg$IPVS_CMD_GET_INFO(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(r2, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}, 0x10}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(0xffffffffffffffff, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) ioctl(r1, 0x2285, &(0x7f0000007000)='S') 2018/03/31 03:07:47 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x20000, 0x0) r1 = syz_open_dev$sndtimer(&(0x7f00000000c0)='/dev/snd/timer\x00', 0x0, 0x0) read(r1, &(0x7f0000ec6000)=""/50, 0x32) r2 = socket$bt_cmtp(0x1f, 0x3, 0x5) ioctl$sock_bt_cmtp_CMTPGETCONNINFO(r2, 0x800443d3, &(0x7f0000000080)={{0x6, 0x6, 0xffffffffffffff0b, 0xb73, 0x3ff, 0xfff}, 0xf32, 0x80000001, 0x7}) r3 = syz_open_dev$amidi(&(0x7f00000001c0)='/dev/amidi#\x00', 0x0, 0x0) accept4$vsock_stream(r3, &(0x7f0000000340)={0x28, 0x0, 0xffffffff, @my=0x0}, 0x10, 0x80000) ioctl$SNDRV_TIMER_IOCTL_SELECT(r1, 0x40345410, &(0x7f0000000400)={{0x80100000001}}) ioctl$SNDRV_TIMER_IOCTL_PARAMS(r1, 0x40505412, &(0x7f000001cfb0)={0x0, 0x0, 0x0, 0x0, 0xf}) read(r1, &(0x7f0000000200)=""/228, 0xe4) r4 = openat$cuse(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/cuse\x00', 0x400000, 0x0) getsockopt$netrom_NETROM_T1(r4, 0x103, 0x1, &(0x7f0000000600), &(0x7f0000000640)=0x4) ioctl$SNDRV_TIMER_IOCTL_START(r1, 0x54a0) socket$nl_xfrm(0x10, 0x3, 0x6) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000680)='/dev/vga_arbiter\x00', 0x8000, 0x0) ioctl$KVM_SET_NR_MMU_PAGES(r4, 0xae44, 0x40) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f0000000480)) r5 = dup2(0xffffffffffffffff, r0) syz_open_dev$mice(&(0x7f0000000440)='/dev/input/mice\x00', 0x0, 0x14200) bind$bt_l2cap(r5, &(0x7f0000000040)={0x1f, 0x5b91, {0xd, 0x0, 0x0, 0x8006, 0x5, 0x6}, 0x0, 0x5}, 0xe) preadv(r5, &(0x7f00000007c0)=[{&(0x7f0000000140)=""/100, 0x64}, {&(0x7f0000000240)=""/66, 0x42}, {&(0x7f00000002c0)=""/115, 0x73}, {&(0x7f0000000380)=""/71, 0x47}], 0x4, 0x16) 2018/03/31 03:07:47 executing program 1 (fault-call:10 fault-nth:40): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x2800000, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="8da4363a00000000000000000000000000000000000000000000000000000000ecf6f2a3299748aeb81e1b00920efd9a000001000000000001000000000000005f42485266535f4d050000000000000000104000000000000000020000000000000000000000000000000000000000000000800200000000007000000000000006000000000000000100000000000000001000000010000000100000001000006100000004000000000000000000000000000000000000000000000045010000000000000000000000010000000000000000008002000000000000800000000000001000000010000000100000000000000000000000000000000000000000000000000000000000000000c08de47c70514c95b95e109e96a0b90decf6f2a3299748aeb81e1b00920efd9a00", 0x12c, 0x10000}], 0x0, &(0x7f0000014300)) mkdir(&(0x7f0000000040)='./file0\x00', 0x1c1) syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000180)="2f2f66696c653002", 0x80, 0x1, &(0x7f0000000900)=[{&(0x7f0000000400)="726b0bf4cf9ea0007fa7cf2e5c463c327b275b956e7a407a7776f3f680f45f33407d01287d4ef58cd8d319309c29643917d4bc86f568f8852b2e6c7cee837e0715e7aa7f82e970e6d76f2290b63efeed63f0785b36f4e95bdf2f07271dbd7d278d79d59de5", 0x65, 0x4}], 0x240000, &(0x7f0000000a00)={'nouuid,'}) r0 = open(&(0x7f00000002c0)='./file0\x00', 0x0, 0x0) symlinkat(&(0x7f0000000240)='./file0/file0/file0\x00', r0, &(0x7f0000000140)='./file0\x00') ioctl$UFFDIO_UNREGISTER(r0, 0x8010aa01, &(0x7f00000003c0)={&(0x7f0000ffc000/0x1000)=nil, 0x1000}) syz_open_pts(r0, 0x646041) unlinkat(r0, &(0x7f0000000080)='./file0/file0/file0\x00', 0x0) renameat(r0, &(0x7f0000000040)="2f2f66696c653002", 0xffffffffffffffff, &(0x7f0000000100)='./file1\x00') mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f0000000280)='./file0/file0\x00', &(0x7f0000026ff8)='./file0\x00', &(0x7f0000000240)='rpc_pipefs\x00', 0x0, &(0x7f0000ae2fff)) umount2(&(0x7f0000000000)='./file0\x00', 0x0) fcntl$notify(r0, 0x402, 0x1b) symlinkat(&(0x7f0000000800)='./file0\x00', 0xffffffffffffffff, &(0x7f0000000780)='./file0/file0\x00') mkdir(&(0x7f0000000380)='./file0\x00', 0x2) renameat(r0, &(0x7f0000000300)="2f2f66696c653002", 0xffffffffffffffff, &(0x7f0000000340)='./file1\x00') 2018/03/31 03:07:47 executing program 5: sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r0 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) r1 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) fchdir(0xffffffffffffffff) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) getsockopt$inet6_tcp_buf(r0, 0x6, 0xf, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_pid(r3, &(0x7f0000000100)=ANY=[], 0x1023c) fadvise64(r2, 0x0, 0x0, 0x4) ioctl$TUNGETFEATURES(r2, 0x800454cf, &(0x7f00000002c0)) fallocate(r2, 0x0, 0x0, 0xffff) r4 = inotify_init1(0x0) open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) r5 = inotify_init1(0x80800) dup2(r4, r5) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1eec7e667e9c22c674d6eb942b78258369909dc", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000000280)) sendmsg$IPVS_CMD_GET_INFO(r1, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) ioctl$EVIOCSABS0(r1, 0x401845c0, &(0x7f0000000040)={0xde, 0x5, 0x10000, 0x8, 0x6, 0x810000000000}) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(r2, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(r1, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) ioctl(r0, 0x2285, &(0x7f0000007000)='S') 2018/03/31 03:07:47 executing program 6: sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) r0 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) fchdir(0xffffffffffffffff) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) getsockopt$inet6_tcp_buf(0xffffffffffffffff, 0x6, 0xf, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_pid(r2, &(0x7f0000000100)=ANY=[], 0x1023c) fadvise64(r1, 0x0, 0x0, 0x4) ioctl$TUNGETFEATURES(r1, 0x800454cf, &(0x7f00000002c0)) fallocate(r1, 0x0, 0x0, 0xffff) r3 = inotify_init1(0x0) open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) r4 = inotify_init1(0x80800) dup2(r3, r4) fstatfs(r3, &(0x7f0000000040)=""/62) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") ioctl$sock_SIOCGPGRP(r2, 0x8904, &(0x7f0000000280)) sendmsg$IPVS_CMD_GET_INFO(r0, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(r0, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) ioctl(0xffffffffffffffff, 0x2285, &(0x7f0000007000)='S') 2018/03/31 03:07:47 executing program 7: sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r0 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) connect$nfc_raw(r0, &(0x7f0000000440)={0x27, 0x1}, 0x10) r1 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) fchdir(0xffffffffffffffff) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) getsockopt$inet6_tcp_buf(r0, 0x6, 0xf, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_pid(r3, &(0x7f0000000100)=ANY=[], 0x1023c) fadvise64(r2, 0x0, 0x0, 0x4) ioctl$TUNGETFEATURES(r2, 0x800454cf, &(0x7f00000002c0)) fallocate(r2, 0x0, 0x0, 0xffff) r4 = inotify_init1(0x0) open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) r5 = inotify_init1(0x80800) dup2(r4, r5) fstatfs(r4, &(0x7f0000000040)=""/62) clone(0x8c0000, &(0x7f0000000580)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1eec7e667e9c22c674d6eb942b78258369909dc", &(0x7f0000000140), &(0x7f0000000180), &(0x7f00000004c0)="f74dda") ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000000280)) sendmsg$IPVS_CMD_GET_INFO(r1, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(r2, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(r1, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) ioctl(r0, 0x2285, &(0x7f0000007000)='S') [ 411.569928] binder: 26690:26694 BC_REQUEST_DEATH_NOTIFICATION invalid ref 3 [ 411.579772] FAULT_INJECTION: forcing a failure. [ 411.579772] name failslab, interval 1, probability 0, space 0, times 0 [ 411.591087] CPU: 1 PID: 26696 Comm: syz-executor1 Not tainted 4.16.0-rc7+ #7 [ 411.598270] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 411.607601] Call Trace: [ 411.610173] dump_stack+0x194/0x24d [ 411.613778] ? arch_local_irq_restore+0x53/0x53 [ 411.618430] should_fail+0x8c0/0xa40 [ 411.622118] ? unwind_next_frame.part.6+0x1a6/0xb40 [ 411.627112] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 411.632194] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 411.637360] ? __lock_acquire+0x664/0x3e00 [ 411.641570] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 411.646736] ? find_held_lock+0x35/0x1d0 [ 411.650775] ? __lock_is_held+0xb6/0x140 [ 411.654818] ? check_same_owner+0x320/0x320 [ 411.659113] ? __d_lookup+0x4f4/0x830 [ 411.662904] ? rcu_note_context_switch+0x710/0x710 [ 411.667816] should_failslab+0xec/0x120 [ 411.671769] kmem_cache_alloc+0x47/0x760 [ 411.675809] __d_alloc+0xc1/0xbd0 [ 411.679238] ? shrink_dcache_for_umount+0x290/0x290 [ 411.684228] ? d_alloc_parallel+0x1b40/0x1b40 [ 411.688704] ? lock_release+0xa40/0xa40 [ 411.692656] ? mark_held_locks+0xaf/0x100 [ 411.696778] ? d_lookup+0x133/0x2e0 [ 411.700381] ? d_lookup+0x1d5/0x2e0 [ 411.703983] d_alloc+0x8e/0x340 [ 411.707236] ? __d_alloc+0xbd0/0xbd0 [ 411.710926] ? full_name_hash+0x9b/0xe0 [ 411.714879] __rpc_lookup_create_exclusive+0x183/0x1d0 [ 411.720131] ? rpc_d_lookup_sb+0x1a0/0x1a0 [ 411.724347] rpc_populate.constprop.15+0xa3/0x340 [ 411.729169] rpc_fill_super+0x379/0xae0 [ 411.733122] ? cap_capable+0x1b5/0x230 [ 411.736991] ? rpc_remove_pipe_dir_object+0x6d0/0x6d0 [ 411.742161] ? security_capable+0x8e/0xc0 [ 411.746285] ? rpc_remove_pipe_dir_object+0x6d0/0x6d0 [ 411.751449] ? ns_capable_common+0xcf/0x160 [ 411.755747] ? rpc_remove_pipe_dir_object+0x6d0/0x6d0 [ 411.760915] mount_ns+0xc4/0x190 [ 411.764256] rpc_mount+0x9e/0xd0 [ 411.767599] mount_fs+0x66/0x2d0 [ 411.770963] vfs_kern_mount.part.26+0xc6/0x4a0 [ 411.775521] ? may_umount+0xa0/0xa0 [ 411.779127] ? _raw_read_unlock+0x22/0x30 [ 411.783249] ? __get_fs_type+0x8a/0xc0 [ 411.787113] do_mount+0xea4/0x2bb0 [ 411.790630] ? copy_mount_string+0x40/0x40 [ 411.794840] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 411.799832] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 411.804565] ? retint_kernel+0x10/0x10 [ 411.808431] ? copy_mount_options+0x18b/0x2e0 [ 411.812902] ? copy_mount_options+0x193/0x2e0 [ 411.817372] ? copy_mount_options+0x1f7/0x2e0 [ 411.821843] SyS_mount+0xab/0x120 [ 411.825271] ? copy_mnt_ns+0xb30/0xb30 [ 411.829134] do_syscall_64+0x281/0x940 [ 411.832999] ? vmalloc_sync_all+0x30/0x30 [ 411.837125] ? _raw_spin_unlock_irq+0x27/0x70 [ 411.841593] ? finish_task_switch+0x1c1/0x7e0 [ 411.846063] ? syscall_return_slowpath+0x550/0x550 [ 411.850967] ? syscall_return_slowpath+0x2ac/0x550 [ 411.855873] ? prepare_exit_to_usermode+0x350/0x350 [ 411.860863] ? entry_SYSCALL_64_after_hwframe+0x52/0xb7 [ 411.866202] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 411.871026] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 411.876191] RIP: 0033:0x454e79 [ 411.879354] RSP: 002b:00007fb29f67ac68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 411.887038] RAX: ffffffffffffffda RBX: 00007fb29f67b6d4 RCX: 0000000000454e79 [ 411.894282] RDX: 0000000020000240 RSI: 0000000020026ff8 RDI: 0000000020000280 [ 411.901524] RBP: 000000000072bea0 R08: 0000000020ae2fff R09: 0000000000000000 [ 411.908767] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000014 [ 411.916013] R13: 00000000000003fa R14: 00000000006f8010 R15: 0000000000000028 [ 411.924346] binder: 26690:26694 Acquire 1 refcount change on invalid ref 0 ret -22 [ 411.932213] binder: 26690:26694 BC_ACQUIRE_DONE u0000000000000000 no match [ 411.939280] binder: 26690:26694 unknown command 0 2018/03/31 03:07:48 executing program 6: r0 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) r1 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) fchdir(0xffffffffffffffff) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) getsockopt$inet6_tcp_buf(r0, 0x6, 0xf, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_pid(r3, &(0x7f0000000100)=ANY=[], 0x1023c) fadvise64(r2, 0x0, 0x0, 0x4) ioctl$TUNGETFEATURES(r2, 0x800454cf, &(0x7f00000002c0)) fallocate(r2, 0x0, 0x0, 0xffff) r4 = inotify_init1(0x0) open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) r5 = inotify_init1(0x80800) dup2(r4, r5) fstatfs(r4, &(0x7f0000000040)=""/62) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000000280)) sendmsg$IPVS_CMD_GET_INFO(r1, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(r2, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(r1, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) ioctl(r0, 0x2285, &(0x7f0000007000)='S') 2018/03/31 03:07:48 executing program 3: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ppp\x00', 0x40000, 0x0) ioctl$FIONREAD(r0, 0x541b, &(0x7f0000000440)) sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r1 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) fchdir(0xffffffffffffffff) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) socket(0xf, 0x7, 0x8) getsockopt$inet6_tcp_buf(r1, 0x6, 0xf, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_pid(r3, &(0x7f0000000100)=ANY=[], 0x1023c) fadvise64(r2, 0x0, 0x0, 0x4) ioctl$TUNGETFEATURES(r2, 0x800454cf, &(0x7f00000002c0)) fallocate(r2, 0x0, 0x0, 0xffff) r4 = inotify_init1(0x0) open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) getsockopt$inet6_buf(r3, 0x29, 0x2a, &(0x7f0000000580)=""/148, &(0x7f0000000480)=0x94) r5 = inotify_init1(0x80800) dup2(r4, r5) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1eec7e667e9c22c674d6eb942b78258369909dc", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000000280)) sendmsg$IPVS_CMD_GET_INFO(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(r2, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}, 0x10}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(0xffffffffffffffff, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) ioctl(r1, 0x2285, &(0x7f0000007000)='S') [ 411.972494] binder: 26690:26694 ioctl c0306201 200001c0 returned -22 [ 412.003333] binder: 26690:26694 BC_REQUEST_DEATH_NOTIFICATION invalid ref 3 2018/03/31 03:07:48 executing program 2: sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r0 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) r1 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) fchdir(0xffffffffffffffff) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) getsockopt$inet6_tcp_buf(r0, 0x6, 0xf, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_pid(r3, &(0x7f0000000100)=ANY=[], 0x1023c) fadvise64(r2, 0x0, 0x0, 0x4) ioctl$TUNGETFEATURES(r2, 0x800454cf, &(0x7f00000002c0)) fallocate(r2, 0x0, 0x0, 0xffff) r4 = inotify_init1(0x0) open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) r5 = inotify_init1(0x80800) dup2(r4, 0xffffffffffffffff) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1eec7e667e9c22c674d6eb942b78258369909dc", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000000280)) sendmsg$IPVS_CMD_GET_INFO(r1, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(r1, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) ioctl(r0, 0x2285, &(0x7f0000007000)='S') [ 412.018898] binder: 26690:26694 Acquire 1 refcount change on invalid ref 0 ret -22 [ 412.026756] binder: 26690:26694 BC_ACQUIRE_DONE u0000000000000000 no match [ 412.033938] binder: 26690:26694 unknown command 0 2018/03/31 03:07:48 executing program 5: sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r0 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) r1 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) fchdir(0xffffffffffffffff) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) getsockopt$inet6_tcp_buf(r0, 0x6, 0xf, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_pid(r3, &(0x7f0000000100)=ANY=[], 0x1023c) fadvise64(r2, 0x0, 0x0, 0x4) ioctl$TUNGETFEATURES(r2, 0x800454cf, &(0x7f00000002c0)) fallocate(r2, 0x0, 0x0, 0xffff) r4 = inotify_init1(0x0) open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) r5 = inotify_init1(0x80800) r6 = dup2(r4, r5) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1eec7e667e9c22c674d6eb942b78258369909dc", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000000040)) sendmsg$IPVS_CMD_GET_INFO(r1, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) splice(r3, &(0x7f0000000280), r4, &(0x7f0000000440), 0x4, 0x0) ioctl$KVM_X86_SETUP_MCE(r2, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) ioctl$VHOST_SET_VRING_ENDIAN(r6, 0x4008af13, &(0x7f0000000480)={0x2, 0x9}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(r1, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) ioctl(r0, 0x2285, &(0x7f0000007000)='S') 2018/03/31 03:07:48 executing program 7: sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r0 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) r1 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) ioctl$EVIOCSABS0(r1, 0x401845c0, &(0x7f0000000440)={0x3, 0x3, 0xfffffffffffff000, 0x6, 0x2f, 0x1f}) fchdir(0xffffffffffffffff) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) getsockopt$inet6_tcp_buf(r0, 0x6, 0xf, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) setsockopt$nfc_llcp_NFC_LLCP_MIUX(r1, 0x118, 0x1, &(0x7f0000000480)=0x5, 0x4) write$cgroup_pid(r3, &(0x7f0000000100)=ANY=[], 0x1023c) fadvise64(r2, 0x0, 0x0, 0x4) ioctl$TUNGETFEATURES(r2, 0x800454cf, &(0x7f00000002c0)) fallocate(r2, 0x0, 0x0, 0xffff) setsockopt$inet6_MRT6_DEL_MFC(r2, 0x29, 0xcd, &(0x7f0000000580)={{0xa, 0x4e22, 0xffff, @mcast2={0xff, 0x2, [], 0x1}}, {0xa, 0x4e20, 0xf29, @ipv4={[], [0xff, 0xff], @loopback=0x7f000001}}, 0x4, [0x5, 0xfff, 0x9, 0x3, 0x7, 0x80000001, 0x7, 0xffff]}, 0x5c) r4 = inotify_init1(0x0) open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) r5 = inotify_init1(0x80800) dup2(r4, r5) fstatfs(r4, &(0x7f0000000040)=""/62) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1eec7e667e9c22c674d6eb942b78258369909dc", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000000280)) sendmsg$IPVS_CMD_GET_INFO(r1, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(r2, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(r1, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) write$sndseq(r3, &(0x7f0000000600)=[{0x3, 0x6, 0xffffffffffffffff, 0x20, @tick=0x200, {0x7, 0x1}, {0xfffffffffffffff8, 0xa479}, @raw8={"333133f23f8c3c4216385fec"}}, {0xc730, 0x4, 0x6, 0x7fffffff, @time={0x0, 0x989680}, {0x7, 0x1f}, {0x9, 0x8}, @result={0x8000, 0x5}}, {0x6, 0x8, 0x42065f2c, 0x5, @tick=0x7, {0x3}, {0x1000, 0x7ff}, @queue={0x100000000, {0x8, 0xfffffffffffff800}}}], 0x90) ioctl(r0, 0x2285, &(0x7f0000007000)='S') 2018/03/31 03:07:48 executing program 4: r0 = syz_open_dev$binder(&(0x7f00000004c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) getgroups(0x0, &(0x7f0000000500)) mmap$binder(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) mlock2(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x74, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0c6300000e630c40030000000000000000000000056304400000000009631040", @ANYBLOB, @ANYBLOB="000000000000000000634040000000000000000002000000000000000000000001000000000000000000000018000000000000001000000000000000", @ANYPTR=&(0x7f0000000080)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00H\x00\x00\x00\x00\x00\x00\x00'], @ANYRES64, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0xeb, 0x0, &(0x7f00000002c0)="e718c6edde7a3b7c6af63e413cd5ffd2355006b90295e59b944ae30b53c5e0fb06504316e64898a349e3220fa658c2092306f433254289bcf5cf48a952c6e7eb4c54969299c6123213c5518ec0276eec669de3b62c531bcf2ba950c84bb12b57275938926ff74b0a8fe76d6e8de191b41f549e02c8262b5bf0d716c5f23d4dae1e2d8aac7c0b2386ed16e3b0c7fb6e60c5bbd3d1efb87f99573a5ced5b7f13f75995a776f3c7e6ed23b5056ebec90c762d6ebdd8a7de0f61884f12294d1a1a3696ca768758bc197a050a453209d4fe9930a7053742a70a6fe08461645091bc00c6f25addfbc55c3d37fe35"}) [ 412.101044] binder: 26690:26694 ioctl c0306201 200001c0 returned -22 2018/03/31 03:07:48 executing program 3: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ppp\x00', 0x40000, 0x0) ioctl$FIONREAD(r0, 0x541b, &(0x7f0000000440)) sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r1 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) r2 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) fchdir(0xffffffffffffffff) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) socket(0xf, 0x7, 0x8) getsockopt$inet6_tcp_buf(r1, 0x6, 0xf, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) r4 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_pid(r4, &(0x7f0000000100)=ANY=[], 0x1023c) fadvise64(r3, 0x0, 0x0, 0x4) ioctl$TUNGETFEATURES(r3, 0x800454cf, &(0x7f00000002c0)) fallocate(r3, 0x0, 0x0, 0xffff) r5 = inotify_init1(0x0) open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) getsockopt$inet6_buf(r4, 0x29, 0x2a, &(0x7f0000000580)=""/148, &(0x7f0000000480)=0x94) r6 = inotify_init1(0x80800) dup2(r5, r6) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1eec7e667e9c22c674d6eb942b78258369909dc", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") ioctl$sock_SIOCGPGRP(r4, 0x8904, &(0x7f0000000280)) sendmsg$IPVS_CMD_GET_INFO(r2, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(r3, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}, 0x10}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(r2, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) ioctl(r1, 0x2285, &(0x7f0000007000)='S') 2018/03/31 03:07:48 executing program 2: sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r0 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) r1 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) fchdir(0xffffffffffffffff) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) getsockopt$inet6_tcp_buf(r0, 0x6, 0xf, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_pid(r3, &(0x7f0000000100)=ANY=[], 0x1023c) fadvise64(r2, 0x0, 0x0, 0x4) ioctl$TUNGETFEATURES(r2, 0x800454cf, &(0x7f00000002c0)) fallocate(r2, 0x0, 0x0, 0xffff) r4 = inotify_init1(0x0) open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) r5 = inotify_init1(0x80800) dup2(r4, 0xffffffffffffffff) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1eec7e667e9c22c674d6eb942b78258369909dc", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000000280)) sendmsg$IPVS_CMD_GET_INFO(r1, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(r1, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) ioctl(r0, 0x2285, &(0x7f0000007000)='S') 2018/03/31 03:07:48 executing program 6: sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0), 0x0, &(0x7f00001f9fe0)}, 0x0) r0 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) r1 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) fchdir(0xffffffffffffffff) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) getsockopt$inet6_tcp_buf(r0, 0x6, 0xf, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_pid(r3, &(0x7f0000000100)=ANY=[], 0x1023c) fadvise64(r2, 0x0, 0x0, 0x4) ioctl$TUNGETFEATURES(r2, 0x800454cf, &(0x7f00000002c0)) fallocate(r2, 0x0, 0x0, 0xffff) r4 = inotify_init1(0x0) open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) r5 = inotify_init1(0x80800) dup2(r4, r5) fstatfs(r4, &(0x7f0000000040)=""/62) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000000280)) sendmsg$IPVS_CMD_GET_INFO(r1, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(r2, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(r1, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) ioctl(r0, 0x2285, &(0x7f0000007000)='S') 2018/03/31 03:07:48 executing program 2: sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r0 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) r1 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) fchdir(0xffffffffffffffff) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) getsockopt$inet6_tcp_buf(r0, 0x6, 0xf, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_pid(r3, &(0x7f0000000100)=ANY=[], 0x1023c) fadvise64(r2, 0x0, 0x0, 0x4) ioctl$TUNGETFEATURES(r2, 0x800454cf, &(0x7f00000002c0)) fallocate(r2, 0x0, 0x0, 0xffff) r4 = inotify_init1(0x0) open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) r5 = inotify_init1(0x80800) dup2(r4, 0xffffffffffffffff) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1eec7e667e9c22c674d6eb942b78258369909dc", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000000280)) sendmsg$IPVS_CMD_GET_INFO(r1, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(r1, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) ioctl(r0, 0x2285, &(0x7f0000007000)='S') [ 412.246286] net/sunrpc/rpc_pipe.c: rpc_populate failed to populate directory / [ 412.257948] binder: 26724:26729 BC_REQUEST_DEATH_NOTIFICATION invalid ref 3 2018/03/31 03:07:48 executing program 5: sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r0 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) r1 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) fchdir(0xffffffffffffffff) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) getsockopt$inet6_tcp_buf(r0, 0x6, 0xf, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_pid(r3, &(0x7f0000000100)=ANY=[], 0x1023c) fadvise64(r2, 0x0, 0x0, 0x4) ioctl$TUNGETFEATURES(r2, 0x800454cf, &(0x7f00000002c0)) fallocate(r2, 0x0, 0x0, 0xffff) r4 = inotify_init1(0x0) open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) r5 = inotify_init1(0x80800) dup2(r4, r5) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1eec7e667e9c22c674d6eb942b78258369909dc", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000000280)) sendmsg$IPVS_CMD_GET_INFO(r1, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(r2, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_TPR_ACCESS_REPORTING(r0, 0xc028ae92, &(0x7f0000000040)={0x5, 0x101}) ioctl$SIOCSIFMTU(r1, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) ioctl(r0, 0x2285, &(0x7f0000007000)='S') [ 412.287989] binder: 26724:26729 Acquire 1 refcount change on invalid ref 0 ret -22 [ 412.295807] binder: 26724:26729 BC_ACQUIRE_DONE u0000000000000000 no match [ 412.302875] binder: 26724:26729 unknown command 0 [ 412.368352] binder: 26724:26729 ioctl c0306201 200001c0 returned -22 [ 412.391858] binder: 26724:26750 BC_REQUEST_DEATH_NOTIFICATION invalid ref 3 [ 412.422234] binder: 26724:26750 Acquire 1 refcount change on invalid ref 0 ret -22 [ 412.430107] binder: 26724:26750 BC_ACQUIRE_DONE u0000000000000000 no match [ 412.437144] binder: 26724:26750 unknown command 0 [ 412.453683] binder: 26724:26750 ioctl c0306201 200001c0 returned -22 2018/03/31 03:07:48 executing program 0: openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x20000, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f00000000c0)='/dev/snd/timer\x00', 0x0, 0x0) read(r0, &(0x7f0000ec6000)=""/50, 0x32) socket$bt_cmtp(0x1f, 0x3, 0x5) r1 = syz_open_dev$amidi(&(0x7f00000001c0)='/dev/amidi#\x00', 0x0, 0x0) fanotify_mark(r1, 0x8, 0x48000000, r1, &(0x7f0000000440)='./file0\x00') accept4$vsock_stream(r1, &(0x7f0000000340)={0x28, 0x0, 0xffffffff, @my=0x0}, 0x10, 0x80000) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000400)={{0x80100000001}}) ioctl$SNDRV_TIMER_IOCTL_PARAMS(r0, 0x40505412, &(0x7f000001cfb0)={0x0, 0x0, 0x0, 0x0, 0xf}) read(r0, &(0x7f0000000200)=""/228, 0xe4) r2 = openat$cuse(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/cuse\x00', 0x400000, 0x0) getsockopt$netrom_NETROM_T1(r2, 0x103, 0x1, &(0x7f0000000600), &(0x7f0000000640)=0x4) ioctl$SNDRV_TIMER_IOCTL_START(r0, 0x54a0) ioctl$TUNSETVNETHDRSZ(r1, 0x400454d8, &(0x7f0000000100)=0xff) setsockopt$netlink_NETLINK_LISTEN_ALL_NSID(r1, 0x10e, 0x8, &(0x7f00000004c0)=0x2, 0x4) socket$nl_xfrm(0x10, 0x3, 0x6) r3 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vga_arbiter\x00', 0x1, 0x0) ioctl$KVM_SET_NR_MMU_PAGES(r2, 0xae44, 0x40) ioctl$KVM_CREATE_PIT2(r2, 0x4040ae77, &(0x7f0000000480)) setsockopt$inet6_tcp_TCP_MD5SIG(r1, 0x6, 0xe, &(0x7f00000006c0)={@in={{0x2, 0x4e20, @multicast1=0xe0000001}}, 0x7, 0xe0000000, 0xffffffffffff8000, "389dd286ff487f1e964fb55e628561c0e620046d6e86a4726c8ec882f4aa6e7ed1a553bd06e1b47aa7661d2496adb6503ef31f2731aeb4e81f0e678fadcdab97d05d735afad460273afda1888f7ad7ef"}, 0xd8) r4 = dup2(0xffffffffffffffff, r3) bind$bt_l2cap(r4, &(0x7f0000000500)={0x1f, 0x4820, {0xd, 0x0, 0x0, 0x8006, 0x5, 0x3}, 0xfffffffffffffffd, 0xb0}, 0xe) preadv(r4, &(0x7f00000007c0)=[{&(0x7f0000000140)=""/100, 0x64}, {&(0x7f0000000240)=""/66, 0x42}, {&(0x7f00000002c0)=""/115, 0x73}, {&(0x7f0000000380)=""/71, 0x47}], 0x4, 0x16) 2018/03/31 03:07:48 executing program 2: sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r0 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) r1 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) fchdir(0xffffffffffffffff) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) getsockopt$inet6_tcp_buf(r0, 0x6, 0xf, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_pid(r3, &(0x7f0000000100)=ANY=[], 0x1023c) fadvise64(r2, 0x0, 0x0, 0x4) ioctl$TUNGETFEATURES(r2, 0x800454cf, &(0x7f00000002c0)) fallocate(r2, 0x0, 0x0, 0xffff) r4 = inotify_init1(0x0) open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) r5 = inotify_init1(0x80800) dup2(r4, r5) clone(0x0, &(0x7f0000000200), &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000000280)) sendmsg$IPVS_CMD_GET_INFO(r1, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(r1, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) ioctl(r0, 0x2285, &(0x7f0000007000)='S') 2018/03/31 03:07:48 executing program 5: sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r0 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) r1 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) fchdir(0xffffffffffffffff) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) getsockopt$inet6_tcp_buf(r0, 0x6, 0xf, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_pid(r3, &(0x7f0000000100)=ANY=[], 0x1023c) fadvise64(r2, 0x0, 0x0, 0x4) ioctl$TUNGETFEATURES(r2, 0x800454cf, &(0x7f00000002c0)) fallocate(r2, 0x0, 0x0, 0xffff) r4 = inotify_init1(0x0) open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) r5 = inotify_init1(0x80800) dup2(r4, r5) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1eec7e667e9c22c674d6eb942b78258369909dc", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000000280)) sendmsg$IPVS_CMD_GET_INFO(r1, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) socket$unix(0x1, 0x2, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(r2, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(r1, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) ioctl(r0, 0x2285, &(0x7f0000007000)='S') 2018/03/31 03:07:48 executing program 1 (fault-call:10 fault-nth:41): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x2800000, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="8da4363a00000000000000000000000000000000000000000000000000000000ecf6f2a3299748aeb81e1b00920efd9a000001000000000001000000000000005f42485266535f4d050000000000000000104000000000000000020000000000000000000000000000000000000000000000800200000000007000000000000006000000000000000100000000000000001000000010000000100000001000006100000004000000000000000000000000000000000000000000000045010000000000000000000000010000000000000000008002000000000000800000000000001000000010000000100000000000000000000000000000000000000000000000000000000000000000c08de47c70514c95b95e109e96a0b90decf6f2a3299748aeb81e1b00920efd9a00", 0x12c, 0x10000}], 0x0, &(0x7f0000014300)) mkdir(&(0x7f0000000040)='./file0\x00', 0x1c1) syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000180)="2f2f66696c653002", 0x80, 0x1, &(0x7f0000000900)=[{&(0x7f0000000400)="726b0bf4cf9ea0007fa7cf2e5c463c327b275b956e7a407a7776f3f680f45f33407d01287d4ef58cd8d319309c29643917d4bc86f568f8852b2e6c7cee837e0715e7aa7f82e970e6d76f2290b63efeed63f0785b36f4e95bdf2f07271dbd7d278d79d59de5", 0x65, 0x4}], 0x240000, &(0x7f0000000a00)={'nouuid,'}) r0 = open(&(0x7f00000002c0)='./file0\x00', 0x0, 0x0) symlinkat(&(0x7f0000000240)='./file0/file0/file0\x00', r0, &(0x7f0000000140)='./file0\x00') ioctl$UFFDIO_UNREGISTER(r0, 0x8010aa01, &(0x7f00000003c0)={&(0x7f0000ffc000/0x1000)=nil, 0x1000}) syz_open_pts(r0, 0x646041) unlinkat(r0, &(0x7f0000000080)='./file0/file0/file0\x00', 0x0) renameat(r0, &(0x7f0000000040)="2f2f66696c653002", 0xffffffffffffffff, &(0x7f0000000100)='./file1\x00') mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f0000000280)='./file0/file0\x00', &(0x7f0000026ff8)='./file0\x00', &(0x7f0000000240)='rpc_pipefs\x00', 0x0, &(0x7f0000ae2fff)) umount2(&(0x7f0000000000)='./file0\x00', 0x0) fcntl$notify(r0, 0x402, 0x1b) symlinkat(&(0x7f0000000800)='./file0\x00', 0xffffffffffffffff, &(0x7f0000000780)='./file0/file0\x00') mkdir(&(0x7f0000000380)='./file0\x00', 0x2) renameat(r0, &(0x7f0000000300)="2f2f66696c653002", 0xffffffffffffffff, &(0x7f0000000340)='./file1\x00') 2018/03/31 03:07:48 executing program 4: r0 = syz_open_dev$binder(&(0x7f00000004c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) getgroups(0x0, &(0x7f0000000500)) mmap$binder(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=ANY=[], 0xd5, 0x0, &(0x7f00000002c0)="e718c6edde7a3b7c6af63e413cd5ffd2355006b90295e59b944ae30b53c5e0fb06504316e64898a349e3220fa648a952c6e7eb4c54969299c6123213c5518ec0276eec669de3b62c531bcf2ba950c84bb12b57275938926ff74b0a8fe76d6e8de191b41f549e02c8262b5bf0d7160b2386ed16e3b0c7fb6e60c5bbd3d1efb87f99573a5ced5b7f13f75995a776f3c7e6ed23b5056ebec90c762d6ebdd8a7de0f61884f12294d1a1a3696ca768758bc197a050a453209d4fe995091bc00c6f25addfbc55c3d37fe3500000000000000000000000000"}) 2018/03/31 03:07:48 executing program 6: sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)}], 0x1, &(0x7f00001f9fe0)}, 0x0) r0 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) r1 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) fchdir(0xffffffffffffffff) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) getsockopt$inet6_tcp_buf(r0, 0x6, 0xf, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_pid(r3, &(0x7f0000000100)=ANY=[], 0x1023c) fadvise64(r2, 0x0, 0x0, 0x4) ioctl$TUNGETFEATURES(r2, 0x800454cf, &(0x7f00000002c0)) fallocate(r2, 0x0, 0x0, 0xffff) r4 = inotify_init1(0x0) open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) r5 = inotify_init1(0x80800) dup2(r4, r5) fstatfs(r4, &(0x7f0000000040)=""/62) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000000280)) sendmsg$IPVS_CMD_GET_INFO(r1, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(r2, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(r1, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) ioctl(r0, 0x2285, &(0x7f0000007000)='S') 2018/03/31 03:07:48 executing program 3: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ppp\x00', 0x40000, 0x0) ioctl$FIONREAD(r0, 0x541b, &(0x7f0000000440)) sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r1 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) r2 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) fchdir(0xffffffffffffffff) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) socket(0xf, 0x7, 0x8) getsockopt$inet6_tcp_buf(r1, 0x6, 0xf, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) r4 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_pid(r4, &(0x7f0000000100)=ANY=[], 0x1023c) fadvise64(r3, 0x0, 0x0, 0x4) ioctl$TUNGETFEATURES(r3, 0x800454cf, &(0x7f00000002c0)) fallocate(r3, 0x0, 0x0, 0xffff) r5 = inotify_init1(0x0) open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) getsockopt$inet6_buf(r4, 0x29, 0x2a, &(0x7f0000000580)=""/148, &(0x7f0000000480)=0x94) r6 = inotify_init1(0x80800) dup2(r5, r6) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1eec7e667e9c22c674d6eb942b78258369909dc", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") ioctl$sock_SIOCGPGRP(r4, 0x8904, &(0x7f0000000280)) sendmsg$IPVS_CMD_GET_INFO(r2, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(r3, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}, 0x10}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(r2, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) ioctl(r1, 0x2285, &(0x7f0000007000)='S') 2018/03/31 03:07:48 executing program 7: sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r0 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) r1 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) fchdir(0xffffffffffffffff) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) getsockopt$inet6_tcp_buf(r0, 0x6, 0xf, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_pid(r3, &(0x7f0000000100)=ANY=[], 0x105e7) fadvise64(r2, 0x0, 0x0, 0x4) ioctl$TUNGETFEATURES(r2, 0x800454cf, &(0x7f00000002c0)) fallocate(r2, 0x0, 0x0, 0xffff) r4 = inotify_init1(0x80000) open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) r5 = inotify_init1(0x80800) dup2(r4, r5) fstatfs(r4, &(0x7f0000000040)=""/62) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1eec7e667e9c22c674d6eb942b78258369909dc", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000000280)) sendmsg$IPVS_CMD_GET_INFO(r1, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000440)={'syzkaller0\x00', 0x0}) setsockopt$packet_drop_memb(r0, 0x107, 0x2, &(0x7f0000000480)={r6, 0x1, 0x6}, 0x10) ioctl$KVM_X86_SETUP_MCE(r2, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(r1, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) ioctl(r0, 0x2285, &(0x7f0000007000)='S') [ 412.680461] FAULT_INJECTION: forcing a failure. [ 412.680461] name failslab, interval 1, probability 0, space 0, times 0 [ 412.692066] CPU: 0 PID: 26763 Comm: syz-executor1 Not tainted 4.16.0-rc7+ #7 [ 412.699247] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 412.708591] Call Trace: [ 412.711177] dump_stack+0x194/0x24d [ 412.714806] ? arch_local_irq_restore+0x53/0x53 [ 412.719484] should_fail+0x8c0/0xa40 [ 412.723195] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 412.728637] ? __lock_is_held+0xb6/0x140 [ 412.732676] ? mark_held_locks+0xaf/0x100 [ 412.736802] ? __raw_spin_lock_init+0x1c/0x100 [ 412.741360] ? find_held_lock+0x35/0x1d0 [ 412.745400] ? __lock_is_held+0xb6/0x140 [ 412.749441] ? check_same_owner+0x320/0x320 [ 412.753737] ? d_alloc+0x269/0x340 [ 412.757255] ? rcu_note_context_switch+0x710/0x710 [ 412.762170] ? lock_release+0xa40/0xa40 [ 412.766129] should_failslab+0xec/0x120 [ 412.770080] kmem_cache_alloc+0x47/0x760 [ 412.774125] ? d_drop+0x51/0x60 [ 412.777381] ? rpc_i_callback+0x30/0x30 [ 412.781329] rpc_alloc_inode+0x1a/0x20 [ 412.785191] alloc_inode+0x65/0x180 [ 412.788796] new_inode_pseudo+0x69/0x190 [ 412.792833] ? prune_icache_sb+0x1a0/0x1a0 [ 412.797043] ? do_raw_spin_trylock+0x190/0x190 [ 412.801600] ? d_add+0xa70/0xa70 [ 412.804944] new_inode+0x1c/0x40 [ 412.808288] rpc_get_inode+0x20/0x1e0 [ 412.812064] __rpc_create_common+0x5d/0x1d0 [ 412.816365] rpc_populate.constprop.15+0x1ad/0x340 [ 412.821273] rpc_fill_super+0x379/0xae0 [ 412.825223] ? cap_capable+0x1b5/0x230 [ 412.829085] ? rpc_remove_pipe_dir_object+0x6d0/0x6d0 [ 412.834253] ? security_capable+0x8e/0xc0 [ 412.838380] ? rpc_remove_pipe_dir_object+0x6d0/0x6d0 [ 412.843546] ? ns_capable_common+0xcf/0x160 [ 412.847842] ? rpc_remove_pipe_dir_object+0x6d0/0x6d0 [ 412.853007] mount_ns+0xc4/0x190 [ 412.856354] rpc_mount+0x9e/0xd0 [ 412.859697] mount_fs+0x66/0x2d0 [ 412.863043] vfs_kern_mount.part.26+0xc6/0x4a0 [ 412.867602] ? may_umount+0xa0/0xa0 [ 412.871204] ? _raw_read_unlock+0x22/0x30 [ 412.875324] ? __get_fs_type+0x8a/0xc0 [ 412.879188] do_mount+0xea4/0x2bb0 [ 412.882704] ? copy_mount_string+0x40/0x40 [ 412.886912] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 412.891902] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 412.896633] ? retint_kernel+0x10/0x10 [ 412.900499] ? copy_mount_options+0x18b/0x2e0 [ 412.904966] ? copy_mount_options+0x191/0x2e0 [ 412.909435] ? copy_mount_options+0x1f7/0x2e0 [ 412.913907] SyS_mount+0xab/0x120 [ 412.917332] ? copy_mnt_ns+0xb30/0xb30 [ 412.921193] do_syscall_64+0x281/0x940 [ 412.925055] ? vmalloc_sync_all+0x30/0x30 [ 412.929175] ? _raw_spin_unlock_irq+0x27/0x70 [ 412.933730] ? finish_task_switch+0x1c1/0x7e0 [ 412.938198] ? syscall_return_slowpath+0x550/0x550 [ 412.943104] ? syscall_return_slowpath+0x2ac/0x550 [ 412.948012] ? prepare_exit_to_usermode+0x350/0x350 [ 412.953010] ? entry_SYSCALL_64_after_hwframe+0x52/0xb7 [ 412.958352] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 412.963173] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 412.968338] RIP: 0033:0x454e79 [ 412.971505] RSP: 002b:00007fb29f67ac68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 412.979190] RAX: ffffffffffffffda RBX: 00007fb29f67b6d4 RCX: 0000000000454e79 [ 412.986433] RDX: 0000000020000240 RSI: 0000000020026ff8 RDI: 0000000020000280 [ 412.993678] RBP: 000000000072bea0 R08: 0000000020ae2fff R09: 0000000000000000 [ 413.000921] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000014 [ 413.008167] R13: 00000000000003fa R14: 00000000006f8010 R15: 0000000000000029 [ 413.015506] net/sunrpc/rpc_pipe.c: __rpc_create_common failed to allocate inode for dentry nfs 2018/03/31 03:07:49 executing program 6: sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e023", 0xe}], 0x1, &(0x7f00001f9fe0)}, 0x0) r0 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) r1 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) fchdir(0xffffffffffffffff) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) getsockopt$inet6_tcp_buf(r0, 0x6, 0xf, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_pid(r3, &(0x7f0000000100)=ANY=[], 0x1023c) fadvise64(r2, 0x0, 0x0, 0x4) ioctl$TUNGETFEATURES(r2, 0x800454cf, &(0x7f00000002c0)) fallocate(r2, 0x0, 0x0, 0xffff) r4 = inotify_init1(0x0) open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) r5 = inotify_init1(0x80800) dup2(r4, r5) fstatfs(r4, &(0x7f0000000040)=""/62) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000000280)) sendmsg$IPVS_CMD_GET_INFO(r1, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(r2, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(r1, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) ioctl(r0, 0x2285, &(0x7f0000007000)='S') 2018/03/31 03:07:49 executing program 4: r0 = syz_open_dev$binder(&(0x7f00000004c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) getgroups(0x0, &(0x7f0000000500)) mmap$binder(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0xfd, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="0c6300000e630c40030000000000000000000000056304400000000009631040", @ANYRES64=r0, @ANYBLOB="000000000005042b4e0000000000008000000000000000f2ff0000000000000000000000000000000000000000007c23ef3fd2c42f40c8153eacb6f2e897615eaade297b322bf3108917ab32f613ef5ec31e14c1c304390b5b6847f1e41e2da2edd48a1d76445f233a279e3d8f50dc83f9624e82e96970927d932d9439e7d8022e7d0a07fc5e0f26b9a1aba934cf400913e2490073390e03415514eca83a800efd190000000000000000000000000000ba49c3dd639eac3a8f80bc0610", @ANYPTR=&(0x7f0000000080)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00H\x00\x00\x00\x00\x00\x00\x00'], @ANYRES64, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0xeb, 0x0, &(0x7f00000002c0)="e718c6edde7a3b7c6af63e413cd5ffd2355006b90295e59b944ae30b53c5e0fb06504316e64898a349e3220fa658c2092306f433254289bcf5cf48a952c6e7eb4c54969299c6123213c5518ec0276eec669de3b62c531bcf2ba950c84bb12b57275938926ff74b0a8fe76d6e8de191b41f549e02c8262b5bf0d716c5f23d4dae1e2d8aac7c0b2386ed16e3b0c7fb6e60c5bbd3d1efb87f99573a5ced5b7f13f75995a776f3c7e6ed23b5056ebec90c762d6ebdd8a7de0f61884f12294d1a1a3696ca768758bc197a050a453209d4fe9930a7053742a70a6fe08461645091bc00c6f25addfbc55c3d37fe35"}) 2018/03/31 03:07:49 executing program 5: sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r0 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) r1 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) fchdir(0xffffffffffffffff) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) getsockopt$inet6_tcp_buf(r0, 0x6, 0xf, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) ioctl$DRM_IOCTL_MARK_BUFS(r2, 0x40206417, &(0x7f0000000040)={0x1, 0x5, 0x1, 0x5, 0xc, 0x6}) write$cgroup_pid(r3, &(0x7f0000000100)=ANY=[], 0x1023c) fadvise64(r2, 0x0, 0x8000000000000, 0x4) ioctl$TUNGETFEATURES(r2, 0x800454cf, &(0x7f00000002c0)) ioctl$TUNSETLINK(r1, 0x400454cd, 0x104) fallocate(r2, 0x0, 0x0, 0xffff) recvfrom$ax25(r0, &(0x7f00000004c0)=""/33, 0x21, 0x20, &(0x7f0000000580)={0x3, {"8b4941f05c01f1"}, 0x7fff}, 0x10) r4 = inotify_init1(0x0) r5 = open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) r6 = inotify_init1(0x80800) r7 = dup2(r4, r6) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1eec7e667e9c22c674d6eb942b78258369909dc", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000000280)) sendmsg$IPVS_CMD_GET_INFO(r1, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f00000008c0)={&(0x7f0000000900)=ANY=[@ANYBLOB="ad3817fc41a75130deaf807faa063ce14c6acb5df6154b3509dc2e47458efc7acc9c35e56b1f85a3981f913934719cbea42e64d180b72f27f1c7897aab9eb107433f53358831fd0565ad1867d735317b403232696db18f72c6b43bf0ff5b2711796737ffde7f4de0d2a53016243868280556584eee9846737535aae942be196e3607d095acbd6be8c13c92ee107ba158e3dd0a3869f7636e2842a8d2895e5d2be3401575a8b92d30e1b4d3fb76046945b6bfba6bb775f8d852ba1a1c5f31df6e00000000000000000000000000cb69a03cf33aa51f3b279a0dc647f87025d6cef54ac0cdb3b3e067912eaefea72703ccaa9c2af10eb86965fc9e9ee8"], 0x1}, 0x1}, 0x100000000000) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(r3, 0x84, 0x6e, &(0x7f0000000680), 0xfffffd98) ioctl$KVM_X86_SETUP_MCE(r2, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(r1, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) getsockopt$inet_sctp_SCTP_GET_LOCAL_ADDRS(r7, 0x84, 0x6d, &(0x7f0000000a00)=ANY=[@ANYRES32=0x0, @ANYBLOB="e9000000a0e91360097b5170c8e5dc16f98347a556f8299586fad73d3f70c114ac7bee5f00992ebeae9807138e1de96734e1c45aa0c253dc9fb7caeaa509e62bc426c2b756902e7389720b4438c0eba5cadc18ccd95726957676414b13becb2c2ee0aedf9656d9227dca480006b379cf2d00768054e54edac22d82698d73a6e41737f888320fe7793af0b162e0c0c5cf21d9242e3b24b226c1ce98967c8f56fbbdc191ddeef0865aea4708f2bface220cb17521a8d50b96241b07891613bd68314f43fe0fc5bac4d33b1d3fa68f20a65a7a59e2fcb9b00e8367351f6fc5aa5fcd9f7c402dd4ebf7aa017eb6a9c7b892be940563b910acd3c00dbd542e4b31eddde6fa2d5bad78209242b60dc6dda3599e657e597eefa39e4afbda3b4f1e428679591ad4f762d7b32a84206fdbc650cfa4f49c889f60d5992e828f1ad0b51a476709f93fa5b800531af52f616c00c6ae66bd7007a553a8f4aac969bb82501f1759f92e92f0e83f0e87e3eef2acbef2142f97a00d0e7c81a5ae68e38bd6d8fb50a213a5471898169f4b40505bddfbda8c0cfaab1e1d472f79082e7ed21026b7f36d25115e864ef55db9c2c141e009db17e3093330ff82186e811621261e63093eef767b119158b9421313f7917967bd76b8be506ce6eb84a91efae1fb8650781203ee64d9965c0a8ebd19929e6892bc4588fa87b7d8b15a0ff22deee7286868f3d3033560dcd20764dbb5b3ef9322f70244c542d602e30b66a3600da28e20587c3c93ec0d39dda0e8b50ec09e16a0ce6c18cfef6ac2639e424526788c3030f9a7ed16524559f20e5a3be4a41361096f5432c19edba39a34c119b4524deea9e9bfef142deb43ae85d9ddef879367aa79c974edd27ebc71dafba305cfd58b819b60e9fb124a48f93896f1b2716b9978d2d1d2d0b14380c9659271d27176a5c39166802c78ab782cec0d667f80ae303f8df90aebf79364dae5ba2bc2f7e14c2779a687d367b5975d00e733cc181c60f45f9cbaa96d9f9a748782fab6702e97013247704fca7231891b7c29b3c9e182d07c722e54f8db906d2393a7e6770"], &(0x7f00000006c0)=0xf1) getsockopt$inet_sctp_SCTP_CONTEXT(r5, 0x84, 0x11, &(0x7f0000000700)={r8, 0x6}, &(0x7f0000000740)=0x8) ioctl(r0, 0x2285, &(0x7f0000007000)='S') 2018/03/31 03:07:49 executing program 2: sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r0 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) r1 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) fchdir(0xffffffffffffffff) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) getsockopt$inet6_tcp_buf(r0, 0x6, 0xf, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_pid(r3, &(0x7f0000000100)=ANY=[], 0x1023c) fadvise64(r2, 0x0, 0x0, 0x4) ioctl$TUNGETFEATURES(r2, 0x800454cf, &(0x7f00000002c0)) fallocate(r2, 0x0, 0x0, 0xffff) r4 = inotify_init1(0x0) open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) r5 = inotify_init1(0x80800) dup2(r4, r5) clone(0x0, &(0x7f0000000200), &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000000280)) sendmsg$IPVS_CMD_GET_INFO(r1, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(r1, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) ioctl(r0, 0x2285, &(0x7f0000007000)='S') 2018/03/31 03:07:49 executing program 6: sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f80000000000", 0x15}], 0x1, &(0x7f00001f9fe0)}, 0x0) r0 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) r1 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) fchdir(0xffffffffffffffff) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) getsockopt$inet6_tcp_buf(r0, 0x6, 0xf, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_pid(r3, &(0x7f0000000100)=ANY=[], 0x1023c) fadvise64(r2, 0x0, 0x0, 0x4) ioctl$TUNGETFEATURES(r2, 0x800454cf, &(0x7f00000002c0)) fallocate(r2, 0x0, 0x0, 0xffff) r4 = inotify_init1(0x0) open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) r5 = inotify_init1(0x80800) dup2(r4, r5) fstatfs(r4, &(0x7f0000000040)=""/62) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000000280)) sendmsg$IPVS_CMD_GET_INFO(r1, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(r2, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(r1, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) ioctl(r0, 0x2285, &(0x7f0000007000)='S') 2018/03/31 03:07:49 executing program 3: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ppp\x00', 0x40000, 0x0) ioctl$FIONREAD(r0, 0x541b, &(0x7f0000000440)) sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r1 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) r2 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) fchdir(0xffffffffffffffff) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) socket(0xf, 0x7, 0x8) getsockopt$inet6_tcp_buf(r1, 0x6, 0xf, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) r4 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_pid(r4, &(0x7f0000000100)=ANY=[], 0x1023c) fadvise64(r3, 0x0, 0x0, 0x4) ioctl$TUNGETFEATURES(r3, 0x800454cf, &(0x7f00000002c0)) fallocate(r3, 0x0, 0x0, 0xffff) r5 = inotify_init1(0x0) open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) getsockopt$inet6_buf(r4, 0x29, 0x2a, &(0x7f0000000580)=""/148, &(0x7f0000000480)=0x94) r6 = inotify_init1(0x80800) dup2(r5, r6) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1eec7e667e9c22c674d6eb942b78258369909dc", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") ioctl$sock_SIOCGPGRP(r4, 0x8904, &(0x7f0000000280)) sendmsg$IPVS_CMD_GET_INFO(r2, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(r3, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}, 0x10}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(r2, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) ioctl(r1, 0x2285, &(0x7f0000007000)='S') 2018/03/31 03:07:49 executing program 7: sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r0 = syz_open_dev$sg(&(0x7f00000005c0)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) r1 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) fchdir(0xffffffffffffffff) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) getsockopt$inet6_tcp_buf(r0, 0x6, 0xf, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_pid(r3, &(0x7f0000000640)=ANY=[], 0x0) fadvise64(r2, 0x0, 0x0, 0x4) ioctl$TUNGETFEATURES(r2, 0x800454cf, &(0x7f00000002c0)) fallocate(r2, 0x0, 0x0, 0xffff) r4 = inotify_init1(0x0) ioctl$KVM_IOEVENTFD(r1, 0x4040ae79, &(0x7f0000000580)={0xf004, &(0x7f00000004c0), 0x8, r3, 0x9}) open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) r5 = inotify_init1(0x80800) dup2(r4, r5) fstatfs(r4, &(0x7f0000000040)=""/62) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1eec7e667e9c22c674d6eb942b78258369909dc", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000000280)) sendmsg$IPVS_CMD_GET_INFO(r1, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(r2, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) r6 = syz_open_dev$mouse(&(0x7f0000000440)='/dev/input/mouse#\x00', 0x1, 0x408600) ioctl$sock_bt_cmtp_CMTPCONNADD(r6, 0x400443c8, &(0x7f0000000480)={r1, 0x5}) r7 = perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(r1, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) r8 = socket$inet6_tcp(0xa, 0x1, 0x0) getsockopt$inet6_IPV6_FLOWLABEL_MGR(r8, 0x29, 0x20, &(0x7f0000000080)={@remote={0xfe, 0x80, [], 0xbb}}, &(0x7f0000000040)=0x1a) ioctl(r7, 0x2285, &(0x7f0000000700)="53310698d8f798cf7d10e467d0a19474490369afefa2b1b03ac968c9aa9d3aeeefcf7b350a3446c2f8c025d5004315d9d09b179c6d819532907e2c2dae474953620da78d949eca95e6330910672d63b0873285a798d48b0bddcfa106f0430610c3b754c32efea2a48e3f9845fb92d848b2cd14124b1fbcb49168e8b62b2c3422e1d881087d88c103b29341ecb55eddcce1a2e217b00c68596d645bab4bb60c5ec57a9933a76927822968ea15c878d1e6f43fb745239fe9066e3221eb822a221e97f4f8c93b331997997f1ab9d0000000000000") 2018/03/31 03:07:49 executing program 6: sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003", 0x18}], 0x1, &(0x7f00001f9fe0)}, 0x0) r0 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) r1 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) fchdir(0xffffffffffffffff) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) getsockopt$inet6_tcp_buf(r0, 0x6, 0xf, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_pid(r3, &(0x7f0000000100)=ANY=[], 0x1023c) fadvise64(r2, 0x0, 0x0, 0x4) ioctl$TUNGETFEATURES(r2, 0x800454cf, &(0x7f00000002c0)) fallocate(r2, 0x0, 0x0, 0xffff) r4 = inotify_init1(0x0) open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) r5 = inotify_init1(0x80800) dup2(r4, r5) fstatfs(r4, &(0x7f0000000040)=""/62) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000000280)) sendmsg$IPVS_CMD_GET_INFO(r1, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(r2, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(r1, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) ioctl(r0, 0x2285, &(0x7f0000007000)='S') [ 413.212319] binder: 26789:26790 BC_REQUEST_DEATH_NOTIFICATION invalid ref 3 [ 413.240820] binder: 26789:26790 Acquire 1 refcount change on invalid ref 0 ret -22 [ 413.248799] binder: 26789:26790 BC_ACQUIRE_DONE u0000000000000013 no match [ 413.255871] binder: 26789:26790 unknown command 78 [ 413.318364] binder: 26789:26790 ioctl c0306201 200001c0 returned -22 [ 413.339383] net/sunrpc/rpc_pipe.c: rpc_populate failed to populate directory / 2018/03/31 03:07:50 executing program 0: openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x20000, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f00000000c0)='/dev/snd/timer\x00', 0x0, 0x0) read(r0, &(0x7f0000ec6000)=""/50, 0x32) r1 = socket$bt_cmtp(0x1f, 0x3, 0x5) ioctl$sock_bt_cmtp_CMTPGETCONNINFO(r1, 0x800443d3, &(0x7f0000000080)={{0x6, 0x6, 0xffffffffffffff0b, 0xb73, 0x3ff, 0xfff}, 0xf32, 0x80000001, 0x7}) r2 = syz_open_dev$amidi(&(0x7f00000001c0)='/dev/amidi#\x00', 0x0, 0x0) accept4$vsock_stream(r2, &(0x7f0000000340)={0x28, 0x0, 0xffffffff, @my=0x0}, 0x10, 0x80000) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000400)={{0x80100000001}}) ioctl$SNDRV_TIMER_IOCTL_PARAMS(r0, 0x40505412, &(0x7f000001cfb0)={0x0, 0x0, 0x0, 0x0, 0xf}) read(r0, &(0x7f0000000200)=""/228, 0xe4) r3 = openat$cuse(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/cuse\x00', 0x400000, 0x0) getsockopt$netrom_NETROM_T1(r3, 0x103, 0x1, &(0x7f0000000600), &(0x7f0000000640)=0x4) ioctl$SNDRV_TIMER_IOCTL_START(r0, 0x54a0) fcntl$setflags(r1, 0x2, 0x1) socket$nl_xfrm(0x10, 0x3, 0x6) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000680)='/dev/vga_arbiter\x00', 0x8000, 0x0) ioctl$KVM_SET_NR_MMU_PAGES(r3, 0xae44, 0x40) ioctl$KVM_CREATE_PIT2(r3, 0x4040ae77, &(0x7f0000000440)={0x1f}) r4 = dup2(r2, r1) bind$bt_l2cap(r4, &(0x7f0000000040)={0x1f, 0x5b91, {0xd, 0x0, 0x0, 0x8006, 0x5, 0x6}, 0x0, 0x5}, 0xe) preadv(r4, &(0x7f00000007c0)=[{&(0x7f0000000140)=""/100, 0x64}, {&(0x7f0000000240)=""/66, 0x42}, {&(0x7f00000002c0)=""/115, 0x73}, {&(0x7f0000000380)=""/71, 0x47}], 0x4, 0x16) 2018/03/31 03:07:50 executing program 3: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ppp\x00', 0x40000, 0x0) ioctl$FIONREAD(r0, 0x541b, &(0x7f0000000440)) sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) r1 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) fchdir(0xffffffffffffffff) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) socket(0xf, 0x7, 0x8) getsockopt$inet6_tcp_buf(0xffffffffffffffff, 0x6, 0xf, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_pid(r3, &(0x7f0000000100)=ANY=[], 0x1023c) fadvise64(r2, 0x0, 0x0, 0x4) ioctl$TUNGETFEATURES(r2, 0x800454cf, &(0x7f00000002c0)) fallocate(r2, 0x0, 0x0, 0xffff) r4 = inotify_init1(0x0) open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) getsockopt$inet6_buf(r3, 0x29, 0x2a, &(0x7f0000000580)=""/148, &(0x7f0000000480)=0x94) r5 = inotify_init1(0x80800) dup2(r4, r5) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1eec7e667e9c22c674d6eb942b78258369909dc", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000000280)) sendmsg$IPVS_CMD_GET_INFO(r1, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(r2, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}, 0x10}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(r1, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) ioctl(0xffffffffffffffff, 0x2285, &(0x7f0000007000)='S') 2018/03/31 03:07:50 executing program 7: sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r0 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) r1 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) fchdir(0xffffffffffffffff) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) getsockopt$inet6_tcp_buf(r0, 0x6, 0xf, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_pid(r3, &(0x7f0000000100)=ANY=[], 0x1023c) fadvise64(r2, 0x0, 0x0, 0x4) r4 = msgget(0x1, 0x82) msgctl$IPC_STAT(r4, 0x2, &(0x7f0000000580)=""/230) ioctl$TUNGETFEATURES(r2, 0x800454cf, &(0x7f00000002c0)) fallocate(r2, 0x0, 0x0, 0xffff) r5 = inotify_init1(0x0) r6 = open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) r7 = inotify_init1(0x80800) r8 = dup2(r5, r7) fstatfs(r5, &(0x7f0000000040)=""/62) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1eec7e667e9c22c674d6eb942b78258369909dc", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") fcntl$getownex(r6, 0x10, &(0x7f0000000440)={0x0, 0x0}) fcntl$setown(r8, 0x8, r9) ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000000280)) sendmsg$IPVS_CMD_GET_INFO(r1, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(r2, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(r1, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) ioctl(r0, 0x2285, &(0x7f0000007000)='S') 2018/03/31 03:07:50 executing program 4: r0 = syz_open_dev$binder(&(0x7f00000004c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket(0x5, 0x800, 0x3f) accept$packet(0xffffffffffffff9c, &(0x7f0000001a00)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @link_local}, &(0x7f0000001a40)=0x14) preadv(r1, &(0x7f0000000a00)=[{&(0x7f00000003c0)=""/244, 0xf4}, {&(0x7f00000000c0)=""/32, 0x20}, {&(0x7f0000000200)=""/190, 0xbe}, {&(0x7f0000000940)=""/167, 0xa7}, {&(0x7f0000000180)=""/19, 0x13}], 0x5, 0x0) setsockopt$inet6_mreq(r1, 0x29, 0x14, &(0x7f0000001a80)={@remote={0xfe, 0x80, [], 0xbb}, r2}, 0x14) ioctl$sock_inet6_SIOCDELRT(r1, 0x890c, &(0x7f0000000a80)={@mcast1={0xff, 0x1, [], 0x1}, @loopback={0x0, 0x1}, @empty, 0x2, 0x9, 0x4, 0x100, 0x100, 0x200, r2}) getgroups(0x0, &(0x7f0000000500)) mmap$binder(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) getpeername$unix(r1, &(0x7f0000000b40), &(0x7f0000000bc0)=0x6e) r3 = memfd_create(&(0x7f0000000000)='/dev/binder#\x00', 0x2) pipe(&(0x7f0000000b00)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$IPT_SO_SET_REPLACE(r3, 0x0, 0x40, &(0x7f0000000500)=ANY=[@ANYBLOB="66696c74657200000000000000000000000000000000000000000000000000000e00000004000000e0030000ffffffff180100004802000000000000ffffffffffffffff480300004803000048030000ffffffff04000000", @ANYPTR=&(0x7f0000000040)=ANY=[@ANYBLOB="0000000000000000000000001b3100000000000000000000000000000000000000f4a45500000000000000000000000000400000000000000000000000000000"], @ANYBLOB="ffffffffe0000001ffffffffffffff00697036746e6c3000000000000000000074756e6c300000000000000000000000000000000000000000000000ff0000000000000000000000000000000000000000000000000000000000ff000000000000000000000000000000dc0002400000000000000000000000000000f00018010000000000000000000000000000000000000000000000002800736f636b65740000000000000000000000000000000000000000000000030400000000000000300061646472747970650000000000000000000000000000000000000000000003004100000000000000000000000000280052454a4543540000000000000000000000000000000000000000000000000f0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000080130010000000000000000000000000000000000000000000000004000736574000000000000000000000000000000000000000000000000000000090000000800000080000000510d000006000000000000801f000000c9daa50030006463637000000000000000000000000000000000000000000000000000004e204e224e244e2304000000bd000400280053594e50524f58590000000000000000000000000000000000000000000006e08a290000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d80000010000000000000000000000000000000000000000000000004000736574000000000000000000000000000000000000000000000000000000008000000002000000020000020000000500000001800000810000002401370a2800534554000000000000000000000000000000000000000000000000000001b10503028f0e0600000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000000feffffff00000000"], 0x440) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x74, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0c6300000e630c40030000000000000000000000056304400000000009631040", @ANYBLOB, @ANYBLOB="000000000000000000634040000000000000000002000000000000000000000001000000000000000000000018000000000000001000000000000000", @ANYPTR=&(0x7f0000000080)=ANY=[@ANYBLOB="0000000000000033fe52c96dd55e3400"], @ANYRES64, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0xeb, 0x0, &(0x7f00000002c0)="e718c6edde7a3b7c6af63e413cd5ffd2355006b90295e59b944ae30b53c5e0fb06504316e64898a349e3220fa658c2092306f433254289bcf5cf48a952c6e7eb4c54969299c6123213c5518ec0276eec669de3b62c531bcf2ba950c84bb12b57275938926ff74b0a8fe76d6e8de191b41f549e02c8262b5bf0d716c5f23d4dae1e2d8aac7c0b2386ed16e3b0c7fb6e60c5bbd3d1efb87f99573a5ced5b7f13f75995a776f3c7e6ed23b5056ebec90c762d6ebdd8a7de0f61884f12294d1a1a3696ca768758bc197a050a453209d4fe9930a7053742a70a6fe08461645091bc00c6f25addfbc55c3d37fe35"}) ioctl$VHOST_RESET_OWNER(r4, 0xaf02, 0x0) 2018/03/31 03:07:50 executing program 2: sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r0 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) r1 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) fchdir(0xffffffffffffffff) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) getsockopt$inet6_tcp_buf(r0, 0x6, 0xf, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_pid(r3, &(0x7f0000000100)=ANY=[], 0x1023c) fadvise64(r2, 0x0, 0x0, 0x4) ioctl$TUNGETFEATURES(r2, 0x800454cf, &(0x7f00000002c0)) fallocate(r2, 0x0, 0x0, 0xffff) r4 = inotify_init1(0x0) open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) r5 = inotify_init1(0x80800) dup2(r4, r5) clone(0x0, &(0x7f0000000200), &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000000280)) sendmsg$IPVS_CMD_GET_INFO(r1, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(r1, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) ioctl(r0, 0x2285, &(0x7f0000007000)='S') 2018/03/31 03:07:50 executing program 5: sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r0 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) getsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x75, &(0x7f0000000040)={0x0, 0x4}, &(0x7f0000000440)=0x8) getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(r0, 0x84, 0xf, &(0x7f0000000580)={r1, @in6={{0xa, 0x4e24, 0xffffffff, @ipv4={[], [0xff, 0xff], @multicast2=0xe0000002}, 0x3}}, 0x3, 0x5, 0x1, 0xff, 0xffffffffffffff80}, &(0x7f0000000480)=0x98) r2 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) fchdir(0xffffffffffffffff) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) getsockopt$inet6_tcp_buf(r0, 0x6, 0x1d, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) r4 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_pid(r4, &(0x7f0000000100)=ANY=[], 0x1023c) ioctl$UFFDIO_COPY(r3, 0xc028aa03, &(0x7f0000000640)={&(0x7f0000ffb000/0x4000)=nil, 0x4000}) fadvise64(r3, 0x0, 0x0, 0x4) ioctl$TUNGETFEATURES(r3, 0x800454cf, &(0x7f00000002c0)) syz_open_dev$mice(&(0x7f0000000740)='/dev/input/mice\x00', 0x0, 0x0) fallocate(r3, 0x0, 0x0, 0xffff) r5 = inotify_init1(0x0) open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) time(&(0x7f00000004c0)) r6 = inotify_init1(0x80800) dup2(r5, r6) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1eec7e667e9c22c674d6eb942b78258369909dc", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") ioctl$sock_SIOCGPGRP(r4, 0x8904, &(0x7f0000000280)) sendmsg$IPVS_CMD_GET_INFO(r2, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(r3, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) ioctl$EVIOCSMASK(r3, 0x40104593, &(0x7f0000000700)={0x4, 0x41, &(0x7f0000000680)="68b89c0e84707cafb599ae37f8c888c7e97a23decda34c3cedcf6231156aaf549f6e601f1a0ce778284b900a24976e5fb485911b584986ec3d472daf40783b3b81"}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(r2, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) ioctl(r0, 0x2285, &(0x7f0000007000)='S') 2018/03/31 03:07:50 executing program 6: sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a5", 0x1a}], 0x1, &(0x7f00001f9fe0)}, 0x0) r0 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) r1 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) fchdir(0xffffffffffffffff) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) getsockopt$inet6_tcp_buf(r0, 0x6, 0xf, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_pid(r3, &(0x7f0000000100)=ANY=[], 0x1023c) fadvise64(r2, 0x0, 0x0, 0x4) ioctl$TUNGETFEATURES(r2, 0x800454cf, &(0x7f00000002c0)) fallocate(r2, 0x0, 0x0, 0xffff) r4 = inotify_init1(0x0) open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) r5 = inotify_init1(0x80800) dup2(r4, r5) fstatfs(r4, &(0x7f0000000040)=""/62) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000000280)) sendmsg$IPVS_CMD_GET_INFO(r1, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(r2, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(r1, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) ioctl(r0, 0x2285, &(0x7f0000007000)='S') 2018/03/31 03:07:50 executing program 1 (fault-call:10 fault-nth:42): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x2800000, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="8da4363a00000000000000000000000000000000000000000000000000000000ecf6f2a3299748aeb81e1b00920efd9a000001000000000001000000000000005f42485266535f4d050000000000000000104000000000000000020000000000000000000000000000000000000000000000800200000000007000000000000006000000000000000100000000000000001000000010000000100000001000006100000004000000000000000000000000000000000000000000000045010000000000000000000000010000000000000000008002000000000000800000000000001000000010000000100000000000000000000000000000000000000000000000000000000000000000c08de47c70514c95b95e109e96a0b90decf6f2a3299748aeb81e1b00920efd9a00", 0x12c, 0x10000}], 0x0, &(0x7f0000014300)) mkdir(&(0x7f0000000040)='./file0\x00', 0x1c1) syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000180)="2f2f66696c653002", 0x80, 0x1, &(0x7f0000000900)=[{&(0x7f0000000400)="726b0bf4cf9ea0007fa7cf2e5c463c327b275b956e7a407a7776f3f680f45f33407d01287d4ef58cd8d319309c29643917d4bc86f568f8852b2e6c7cee837e0715e7aa7f82e970e6d76f2290b63efeed63f0785b36f4e95bdf2f07271dbd7d278d79d59de5", 0x65, 0x4}], 0x240000, &(0x7f0000000a00)={'nouuid,'}) r0 = open(&(0x7f00000002c0)='./file0\x00', 0x0, 0x0) symlinkat(&(0x7f0000000240)='./file0/file0/file0\x00', r0, &(0x7f0000000140)='./file0\x00') ioctl$UFFDIO_UNREGISTER(r0, 0x8010aa01, &(0x7f00000003c0)={&(0x7f0000ffc000/0x1000)=nil, 0x1000}) syz_open_pts(r0, 0x646041) unlinkat(r0, &(0x7f0000000080)='./file0/file0/file0\x00', 0x0) renameat(r0, &(0x7f0000000040)="2f2f66696c653002", 0xffffffffffffffff, &(0x7f0000000100)='./file1\x00') mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f0000000280)='./file0/file0\x00', &(0x7f0000026ff8)='./file0\x00', &(0x7f0000000240)='rpc_pipefs\x00', 0x0, &(0x7f0000ae2fff)) umount2(&(0x7f0000000000)='./file0\x00', 0x0) fcntl$notify(r0, 0x402, 0x1b) symlinkat(&(0x7f0000000800)='./file0\x00', 0xffffffffffffffff, &(0x7f0000000780)='./file0/file0\x00') mkdir(&(0x7f0000000380)='./file0\x00', 0x2) renameat(r0, &(0x7f0000000300)="2f2f66696c653002", 0xffffffffffffffff, &(0x7f0000000340)='./file1\x00') [ 413.784858] FAULT_INJECTION: forcing a failure. [ 413.784858] name failslab, interval 1, probability 0, space 0, times 0 [ 413.796190] CPU: 1 PID: 26828 Comm: syz-executor1 Not tainted 4.16.0-rc7+ #7 [ 413.803372] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 413.812719] Call Trace: [ 413.815312] dump_stack+0x194/0x24d [ 413.818939] ? arch_local_irq_restore+0x53/0x53 [ 413.823605] ? finish_task_switch+0x1c1/0x7e0 [ 413.828101] ? finish_task_switch+0x182/0x7e0 [ 413.832613] should_fail+0x8c0/0xa40 [ 413.836337] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 413.841440] ? __lock_acquire+0x664/0x3e00 [ 413.845675] ? __sched_text_start+0x8/0x8 [ 413.849815] ? find_held_lock+0x35/0x1d0 [ 413.853878] ? __lock_is_held+0xb6/0x140 [ 413.857945] ? check_same_owner+0x320/0x320 [ 413.862266] ? __d_lookup+0x4f4/0x830 [ 413.866062] ? lockdep_init_map+0x9/0x10 [ 413.870127] should_failslab+0xec/0x120 [ 413.874094] kmem_cache_alloc+0x47/0x760 [ 413.878157] __d_alloc+0xc1/0xbd0 [ 413.881606] ? shrink_dcache_for_umount+0x290/0x290 [ 413.886616] ? d_alloc_parallel+0x1b40/0x1b40 [ 413.891109] ? lock_release+0xa40/0xa40 [ 413.895083] ? mark_held_locks+0xaf/0x100 [ 413.899225] ? d_lookup+0x133/0x2e0 [ 413.902849] ? d_lookup+0x1d5/0x2e0 [ 413.906474] d_alloc+0x8e/0x340 [ 413.909751] ? __d_alloc+0xbd0/0xbd0 [ 413.913456] ? full_name_hash+0x9b/0xe0 [ 413.917431] __rpc_lookup_create_exclusive+0x183/0x1d0 [ 413.922707] ? rpc_d_lookup_sb+0x1a0/0x1a0 [ 413.926946] rpc_populate.constprop.15+0xa3/0x340 [ 413.931791] rpc_fill_super+0x379/0xae0 [ 413.935765] ? cap_capable+0x1b5/0x230 [ 413.939653] ? rpc_remove_pipe_dir_object+0x6d0/0x6d0 [ 413.944842] ? security_capable+0x8e/0xc0 [ 413.948980] ? rpc_remove_pipe_dir_object+0x6d0/0x6d0 [ 413.954150] ? ns_capable_common+0xcf/0x160 [ 413.958449] ? rpc_remove_pipe_dir_object+0x6d0/0x6d0 [ 413.963616] mount_ns+0xc4/0x190 [ 413.966961] rpc_mount+0x9e/0xd0 [ 413.970304] mount_fs+0x66/0x2d0 [ 413.973651] vfs_kern_mount.part.26+0xc6/0x4a0 [ 413.978208] ? may_umount+0xa0/0xa0 [ 413.981812] ? _raw_read_unlock+0x22/0x30 [ 413.985934] ? __get_fs_type+0x8a/0xc0 [ 413.989799] do_mount+0xea4/0x2bb0 [ 413.993319] ? copy_mount_string+0x40/0x40 [ 413.997530] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 414.002526] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 414.007260] ? retint_kernel+0x10/0x10 [ 414.011125] ? copy_mount_options+0x149/0x2e0 [ 414.015595] ? __sanitizer_cov_trace_pc+0x3b/0x50 [ 414.020412] ? copy_mount_options+0x1f7/0x2e0 [ 414.024883] SyS_mount+0xab/0x120 [ 414.028310] ? copy_mnt_ns+0xb30/0xb30 [ 414.032174] do_syscall_64+0x281/0x940 [ 414.036038] ? vmalloc_sync_all+0x30/0x30 [ 414.040160] ? _raw_spin_unlock_irq+0x27/0x70 [ 414.044629] ? finish_task_switch+0x1c1/0x7e0 [ 414.049100] ? syscall_return_slowpath+0x550/0x550 [ 414.054006] ? syscall_return_slowpath+0x2ac/0x550 [ 414.058914] ? prepare_exit_to_usermode+0x350/0x350 [ 414.063905] ? entry_SYSCALL_64_after_hwframe+0x52/0xb7 [ 414.069246] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 414.074065] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 414.079228] RIP: 0033:0x454e79 2018/03/31 03:07:50 executing program 3: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ppp\x00', 0x40000, 0x0) ioctl$FIONREAD(r0, 0x541b, &(0x7f0000000440)) sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) r1 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) fchdir(0xffffffffffffffff) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) socket(0xf, 0x7, 0x8) getsockopt$inet6_tcp_buf(0xffffffffffffffff, 0x6, 0xf, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_pid(r3, &(0x7f0000000100)=ANY=[], 0x1023c) fadvise64(r2, 0x0, 0x0, 0x4) ioctl$TUNGETFEATURES(r2, 0x800454cf, &(0x7f00000002c0)) fallocate(r2, 0x0, 0x0, 0xffff) r4 = inotify_init1(0x0) open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) getsockopt$inet6_buf(r3, 0x29, 0x2a, &(0x7f0000000580)=""/148, &(0x7f0000000480)=0x94) r5 = inotify_init1(0x80800) dup2(r4, r5) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1eec7e667e9c22c674d6eb942b78258369909dc", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000000280)) sendmsg$IPVS_CMD_GET_INFO(r1, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(r2, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}, 0x10}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(r1, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) ioctl(0xffffffffffffffff, 0x2285, &(0x7f0000007000)='S') 2018/03/31 03:07:50 executing program 6: sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r0 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)) r1 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) fchdir(0xffffffffffffffff) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) getsockopt$inet6_tcp_buf(r0, 0x6, 0xf, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_pid(r3, &(0x7f0000000100)=ANY=[], 0x1023c) fadvise64(r2, 0x0, 0x0, 0x4) ioctl$TUNGETFEATURES(r2, 0x800454cf, &(0x7f00000002c0)) fallocate(r2, 0x0, 0x0, 0xffff) r4 = inotify_init1(0x0) open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) r5 = inotify_init1(0x80800) dup2(r4, r5) fstatfs(r4, &(0x7f0000000040)=""/62) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000000280)) sendmsg$IPVS_CMD_GET_INFO(r1, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(r2, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(r1, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) ioctl(r0, 0x2285, &(0x7f0000007000)='S') 2018/03/31 03:07:50 executing program 2: sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r0 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) r1 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) fchdir(0xffffffffffffffff) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) getsockopt$inet6_tcp_buf(r0, 0x6, 0xf, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_pid(r3, &(0x7f0000000100)=ANY=[], 0x1023c) fadvise64(r2, 0x0, 0x0, 0x4) ioctl$TUNGETFEATURES(r2, 0x800454cf, &(0x7f00000002c0)) fallocate(r2, 0x0, 0x0, 0xffff) r4 = inotify_init1(0x0) open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) r5 = inotify_init1(0x80800) dup2(r4, r5) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000000280)) sendmsg$IPVS_CMD_GET_INFO(r1, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(r1, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) ioctl(r0, 0x2285, &(0x7f0000007000)='S') [ 414.082392] RSP: 002b:00007fb29f67ac68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 414.090075] RAX: ffffffffffffffda RBX: 00007fb29f67b6d4 RCX: 0000000000454e79 [ 414.097318] RDX: 0000000020000240 RSI: 0000000020026ff8 RDI: 0000000020000280 [ 414.104564] RBP: 000000000072bea0 R08: 0000000020ae2fff R09: 0000000000000000 [ 414.111808] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000014 [ 414.119053] R13: 00000000000003fa R14: 00000000006f8010 R15: 000000000000002a 2018/03/31 03:07:50 executing program 3: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ppp\x00', 0x40000, 0x0) ioctl$FIONREAD(r0, 0x541b, &(0x7f0000000440)) sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) r1 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) fchdir(0xffffffffffffffff) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) socket(0xf, 0x7, 0x8) getsockopt$inet6_tcp_buf(0xffffffffffffffff, 0x6, 0xf, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_pid(r3, &(0x7f0000000100)=ANY=[], 0x1023c) fadvise64(r2, 0x0, 0x0, 0x4) ioctl$TUNGETFEATURES(r2, 0x800454cf, &(0x7f00000002c0)) fallocate(r2, 0x0, 0x0, 0xffff) r4 = inotify_init1(0x0) open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) getsockopt$inet6_buf(r3, 0x29, 0x2a, &(0x7f0000000580)=""/148, &(0x7f0000000480)=0x94) r5 = inotify_init1(0x80800) dup2(r4, r5) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1eec7e667e9c22c674d6eb942b78258369909dc", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000000280)) sendmsg$IPVS_CMD_GET_INFO(r1, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(r2, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}, 0x10}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(r1, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) ioctl(0xffffffffffffffff, 0x2285, &(0x7f0000007000)='S') [ 414.164815] binder: 26826:26831 BC_REQUEST_DEATH_NOTIFICATION invalid ref 3 [ 414.181378] binder: 26826:26831 Acquire 1 refcount change on invalid ref 0 ret -22 [ 414.189178] binder: 26826:26831 BC_ACQUIRE_DONE u0000000000000000 no match [ 414.194013] net/sunrpc/rpc_pipe.c: rpc_populate failed to populate directory / [ 414.196227] binder: 26826:26831 unknown command 0 2018/03/31 03:07:50 executing program 1 (fault-call:10 fault-nth:43): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x2800000, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="8da4363a00000000000000000000000000000000000000000000000000000000ecf6f2a3299748aeb81e1b00920efd9a000001000000000001000000000000005f42485266535f4d050000000000000000104000000000000000020000000000000000000000000000000000000000000000800200000000007000000000000006000000000000000100000000000000001000000010000000100000001000006100000004000000000000000000000000000000000000000000000045010000000000000000000000010000000000000000008002000000000000800000000000001000000010000000100000000000000000000000000000000000000000000000000000000000000000c08de47c70514c95b95e109e96a0b90decf6f2a3299748aeb81e1b00920efd9a00", 0x12c, 0x10000}], 0x0, &(0x7f0000014300)) mkdir(&(0x7f0000000040)='./file0\x00', 0x1c1) syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000180)="2f2f66696c653002", 0x80, 0x1, &(0x7f0000000900)=[{&(0x7f0000000400)="726b0bf4cf9ea0007fa7cf2e5c463c327b275b956e7a407a7776f3f680f45f33407d01287d4ef58cd8d319309c29643917d4bc86f568f8852b2e6c7cee837e0715e7aa7f82e970e6d76f2290b63efeed63f0785b36f4e95bdf2f07271dbd7d278d79d59de5", 0x65, 0x4}], 0x240000, &(0x7f0000000a00)={'nouuid,'}) r0 = open(&(0x7f00000002c0)='./file0\x00', 0x0, 0x0) symlinkat(&(0x7f0000000240)='./file0/file0/file0\x00', r0, &(0x7f0000000140)='./file0\x00') ioctl$UFFDIO_UNREGISTER(r0, 0x8010aa01, &(0x7f00000003c0)={&(0x7f0000ffc000/0x1000)=nil, 0x1000}) syz_open_pts(r0, 0x646041) unlinkat(r0, &(0x7f0000000080)='./file0/file0/file0\x00', 0x0) renameat(r0, &(0x7f0000000040)="2f2f66696c653002", 0xffffffffffffffff, &(0x7f0000000100)='./file1\x00') mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f0000000280)='./file0/file0\x00', &(0x7f0000026ff8)='./file0\x00', &(0x7f0000000240)='rpc_pipefs\x00', 0x0, &(0x7f0000ae2fff)) umount2(&(0x7f0000000000)='./file0\x00', 0x0) fcntl$notify(r0, 0x402, 0x1b) symlinkat(&(0x7f0000000800)='./file0\x00', 0xffffffffffffffff, &(0x7f0000000780)='./file0/file0\x00') mkdir(&(0x7f0000000380)='./file0\x00', 0x2) renameat(r0, &(0x7f0000000300)="2f2f66696c653002", 0xffffffffffffffff, &(0x7f0000000340)='./file1\x00') 2018/03/31 03:07:50 executing program 5: sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r0 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) r1 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) fchdir(0xffffffffffffffff) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) getsockopt$inet6_tcp_buf(r0, 0x6, 0xf, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) r3 = creat(&(0x7f0000000080)='./file0\x00', 0xfffffffffffffffe) write$cgroup_pid(r3, &(0x7f0000000100)=ANY=[], 0x1023c) fadvise64(r2, 0x0, 0x0, 0x4) ioctl$TUNGETFEATURES(r2, 0x800454cf, &(0x7f00000002c0)) fallocate(r2, 0x0, 0x0, 0xffff) r4 = inotify_init1(0x0) open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) r5 = inotify_init1(0x80800) dup2(r4, r5) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1eec7e667e9c22c674d6eb942b78258369909dc", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000000280)) sendmsg$IPVS_CMD_GET_INFO(r1, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(r2, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(r1, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) ioctl(r0, 0x2285, &(0x7f0000007000)='S') fchmod(r2, 0x100) [ 414.230206] binder: 26826:26831 ioctl c0306201 200001c0 returned -22 [ 414.282889] binder: 26826:26858 BC_REQUEST_DEATH_NOTIFICATION invalid ref 3 [ 414.294593] FAULT_INJECTION: forcing a failure. [ 414.294593] name failslab, interval 1, probability 0, space 0, times 0 [ 414.305875] CPU: 1 PID: 26863 Comm: syz-executor1 Not tainted 4.16.0-rc7+ #7 [ 414.313049] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 414.315097] binder: 26826:26858 Acquire 1 refcount change on invalid ref 0 ret -22 [ 414.322390] Call Trace: [ 414.322408] dump_stack+0x194/0x24d [ 414.322422] ? arch_local_irq_restore+0x53/0x53 [ 414.322442] should_fail+0x8c0/0xa40 [ 414.322454] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 414.330179] binder: 26826:26858 BC_ACQUIRE_DONE u0000000000000000 no match [ 414.332722] ? __lock_is_held+0xb6/0x140 [ 414.332736] ? mark_held_locks+0xaf/0x100 [ 414.332747] ? __raw_spin_lock_init+0x1c/0x100 [ 414.332758] ? find_held_lock+0x35/0x1d0 [ 414.336381] binder: 26826:26858 unknown command 0 [ 414.341010] ? __lock_is_held+0xb6/0x140 [ 414.341030] ? check_same_owner+0x320/0x320 [ 414.341041] ? d_alloc+0x269/0x340 [ 414.367281] binder: 26826:26858 ioctl c0306201 200001c0 returned -22 [ 414.369532] ? rcu_note_context_switch+0x710/0x710 [ 414.369543] ? lock_release+0xa40/0xa40 [ 414.369560] should_failslab+0xec/0x120 [ 414.369569] kmem_cache_alloc+0x47/0x760 [ 414.369580] ? d_drop+0x51/0x60 [ 414.369590] ? rpc_i_callback+0x30/0x30 [ 414.420835] rpc_alloc_inode+0x1a/0x20 [ 414.424698] alloc_inode+0x65/0x180 [ 414.428303] new_inode_pseudo+0x69/0x190 [ 414.432337] ? prune_icache_sb+0x1a0/0x1a0 [ 414.436549] ? do_raw_spin_trylock+0x190/0x190 [ 414.441108] ? d_add+0xa70/0xa70 [ 414.444452] new_inode+0x1c/0x40 [ 414.447798] rpc_get_inode+0x20/0x1e0 [ 414.451575] __rpc_create_common+0x5d/0x1d0 [ 414.455872] rpc_populate.constprop.15+0x1ad/0x340 [ 414.460778] rpc_fill_super+0x379/0xae0 [ 414.464731] ? cap_capable+0x1b5/0x230 [ 414.468593] ? rpc_remove_pipe_dir_object+0x6d0/0x6d0 [ 414.473761] ? security_capable+0x8e/0xc0 [ 414.477886] ? rpc_remove_pipe_dir_object+0x6d0/0x6d0 [ 414.483050] ? ns_capable_common+0xcf/0x160 [ 414.487349] ? rpc_remove_pipe_dir_object+0x6d0/0x6d0 [ 414.492514] mount_ns+0xc4/0x190 [ 414.495855] rpc_mount+0x9e/0xd0 [ 414.499196] mount_fs+0x66/0x2d0 [ 414.502541] vfs_kern_mount.part.26+0xc6/0x4a0 [ 414.507098] ? may_umount+0xa0/0xa0 [ 414.510701] ? _raw_read_unlock+0x22/0x30 [ 414.514822] ? __get_fs_type+0x8a/0xc0 [ 414.518689] do_mount+0xea4/0x2bb0 [ 414.522205] ? copy_mount_string+0x40/0x40 [ 414.526415] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 414.531406] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 414.536143] ? retint_kernel+0x10/0x10 [ 414.540013] ? copy_mount_options+0x181/0x2e0 [ 414.544487] ? copy_mount_options+0x1f7/0x2e0 [ 414.548957] SyS_mount+0xab/0x120 [ 414.552383] ? copy_mnt_ns+0xb30/0xb30 [ 414.556247] do_syscall_64+0x281/0x940 [ 414.560109] ? vmalloc_sync_all+0x30/0x30 [ 414.564233] ? trace_event_raw_event_sys_exit+0x260/0x260 [ 414.569744] ? syscall_return_slowpath+0x550/0x550 [ 414.574647] ? syscall_return_slowpath+0x2ac/0x550 [ 414.579552] ? entry_SYSCALL_64_after_hwframe+0x52/0xb7 [ 414.584893] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 414.589712] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 414.594876] RIP: 0033:0x454e79 [ 414.598041] RSP: 002b:00007fb29f67ac68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 414.605730] RAX: ffffffffffffffda RBX: 00007fb29f67b6d4 RCX: 0000000000454e79 [ 414.612976] RDX: 0000000020000240 RSI: 0000000020026ff8 RDI: 0000000020000280 [ 414.620222] RBP: 000000000072bea0 R08: 0000000020ae2fff R09: 0000000000000000 [ 414.627468] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000014 [ 414.634713] R13: 00000000000003fa R14: 00000000006f8010 R15: 000000000000002b [ 414.642203] net/sunrpc/rpc_pipe.c: __rpc_create_common failed to allocate inode for dentry portmap [ 414.677658] net/sunrpc/rpc_pipe.c: rpc_populate failed to populate directory / 2018/03/31 03:07:51 executing program 6: sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r0 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) r1 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) fchdir(0xffffffffffffffff) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) getsockopt$inet6_tcp_buf(0xffffffffffffffff, 0x6, 0xf, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_pid(r3, &(0x7f0000000100)=ANY=[], 0x1023c) fadvise64(r2, 0x0, 0x0, 0x4) ioctl$TUNGETFEATURES(r2, 0x800454cf, &(0x7f00000002c0)) fallocate(r2, 0x0, 0x0, 0xffff) r4 = inotify_init1(0x0) open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) r5 = inotify_init1(0x80800) dup2(r4, r5) fstatfs(r4, &(0x7f0000000040)=""/62) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000000280)) sendmsg$IPVS_CMD_GET_INFO(r1, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(r2, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(r1, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) ioctl(r0, 0x2285, &(0x7f0000007000)='S') 2018/03/31 03:07:51 executing program 4: r0 = syz_open_dev$sg(&(0x7f0000000180)='/dev/sg#\x00', 0x0, 0x4c0800) getsockopt$inet_sctp6_SCTP_INITMSG(r0, 0x84, 0x2, &(0x7f0000000400), &(0x7f00000003c0)=0x8) r1 = syz_open_dev$binder(&(0x7f00000004c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) getgroups(0x28e, &(0x7f0000000500)) mmap$binder(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) fstatfs(r1, &(0x7f00000000c0)=""/9) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000000000), &(0x7f0000000040)=0xc) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000001c0)={0x74, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0c6300000e630c40030000000000000000000000056304400000000009631040", @ANYBLOB, @ANYBLOB="000000000000000000634040000000000000000002000000000000000000000001000000000000000000000018000000000000001000000000000000", @ANYPTR=&(0x7f0000000080)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00H\x00\x00\x00\x00\x00\x00\x00'], @ANYRES64, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0xeb, 0x0, &(0x7f00000002c0)="e718c6edde7a3b7c6af63e413cd5ffd2355006b90295e59b944ae30b53c5e0fb06504316e64898a349e3220fa658c2092306f433254289bcf5cf48a952c6e7eb4c54969299c6123213c5518ec0276eec669de3b62c531bcf2ba950c84bb12b57275938926ff74b0a8fe76d6e8de191b41f549e02c8262b5bf0d716c5f23d4dae1e2d8aac7c0b2386ed16e3b0c7fb6e60c5bbd3d1efb87f99573a5ced5b7f13f75995a776f3c7e6ed23b5056ebec90c762d6ebdd8a7de0f61884f12294d1a1a3696ca768758bc197a050a453209d4fe9930a7053742a70a6fe08461645091bc00c6f25addfbc55c3d37fe35"}) r3 = dup3(r2, r2, 0x80000) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(r3, 0x40605346, &(0x7f0000000200)={0xffffffffffff8001, 0x2, {0x1, 0x3, 0x592, 0x0, 0x62}}) 2018/03/31 03:07:51 executing program 2: sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r0 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) r1 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) fchdir(0xffffffffffffffff) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) getsockopt$inet6_tcp_buf(r0, 0x6, 0xf, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_pid(r3, &(0x7f0000000100)=ANY=[], 0x1023c) fadvise64(r2, 0x0, 0x0, 0x4) ioctl$TUNGETFEATURES(r2, 0x800454cf, &(0x7f00000002c0)) fallocate(r2, 0x0, 0x0, 0xffff) r4 = inotify_init1(0x0) open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) r5 = inotify_init1(0x80800) dup2(r4, r5) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000000280)) sendmsg$IPVS_CMD_GET_INFO(r1, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(r1, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) ioctl(r0, 0x2285, &(0x7f0000007000)='S') 2018/03/31 03:07:51 executing program 7: sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r0 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) r1 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) fchdir(0xffffffffffffffff) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) getsockopt$inet6_tcp_buf(r0, 0x6, 0xf, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_pid(r3, &(0x7f0000000100)=ANY=[], 0x1023c) getsockopt$inet_sctp6_SCTP_STATUS(r2, 0x84, 0xe, &(0x7f0000000440)={0x0, 0x7b, 0x51a1736e, 0x7, 0x6, 0x20, 0x80000001, 0x8, {0x0, @in={{0x2, 0x4e24, @local={0xac, 0x14, 0x14, 0xaa}}}, 0x7, 0x8, 0x9, 0x4, 0x1}}, &(0x7f0000000580)=0xb0) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r3, 0x84, 0x9, &(0x7f00000005c0)={r4, @in={{0x2, 0x4e23, @rand_addr=0x9}}, 0x3, 0x7, 0xfffffffffffff0be, 0x6119, 0x8}, 0x98) fadvise64(r2, 0x0, 0x0, 0x4) ioctl$TUNGETFEATURES(r2, 0x800454cf, &(0x7f00000002c0)) fallocate(r2, 0x0, 0x0, 0xffff) r5 = inotify_init1(0x0) open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) r6 = inotify_init1(0x80800) dup2(r5, r6) fstatfs(r5, &(0x7f0000000040)=""/62) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1eec7e667e9c22c674d6eb942b78258369909dc", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000000280)) sendmsg$IPVS_CMD_GET_INFO(r1, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(r2, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(r1, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) ioctl(r0, 0x2285, &(0x7f0000007000)='S') 2018/03/31 03:07:51 executing program 1 (fault-call:10 fault-nth:44): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x2800000, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="8da4363a00000000000000000000000000000000000000000000000000000000ecf6f2a3299748aeb81e1b00920efd9a000001000000000001000000000000005f42485266535f4d050000000000000000104000000000000000020000000000000000000000000000000000000000000000800200000000007000000000000006000000000000000100000000000000001000000010000000100000001000006100000004000000000000000000000000000000000000000000000045010000000000000000000000010000000000000000008002000000000000800000000000001000000010000000100000000000000000000000000000000000000000000000000000000000000000c08de47c70514c95b95e109e96a0b90decf6f2a3299748aeb81e1b00920efd9a00", 0x12c, 0x10000}], 0x0, &(0x7f0000014300)) mkdir(&(0x7f0000000040)='./file0\x00', 0x1c1) syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000180)="2f2f66696c653002", 0x80, 0x1, &(0x7f0000000900)=[{&(0x7f0000000400)="726b0bf4cf9ea0007fa7cf2e5c463c327b275b956e7a407a7776f3f680f45f33407d01287d4ef58cd8d319309c29643917d4bc86f568f8852b2e6c7cee837e0715e7aa7f82e970e6d76f2290b63efeed63f0785b36f4e95bdf2f07271dbd7d278d79d59de5", 0x65, 0x4}], 0x240000, &(0x7f0000000a00)={'nouuid,'}) r0 = open(&(0x7f00000002c0)='./file0\x00', 0x0, 0x0) symlinkat(&(0x7f0000000240)='./file0/file0/file0\x00', r0, &(0x7f0000000140)='./file0\x00') ioctl$UFFDIO_UNREGISTER(r0, 0x8010aa01, &(0x7f00000003c0)={&(0x7f0000ffc000/0x1000)=nil, 0x1000}) syz_open_pts(r0, 0x646041) unlinkat(r0, &(0x7f0000000080)='./file0/file0/file0\x00', 0x0) renameat(r0, &(0x7f0000000040)="2f2f66696c653002", 0xffffffffffffffff, &(0x7f0000000100)='./file1\x00') mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f0000000280)='./file0/file0\x00', &(0x7f0000026ff8)='./file0\x00', &(0x7f0000000240)='rpc_pipefs\x00', 0x0, &(0x7f0000ae2fff)) umount2(&(0x7f0000000000)='./file0\x00', 0x0) fcntl$notify(r0, 0x402, 0x1b) symlinkat(&(0x7f0000000800)='./file0\x00', 0xffffffffffffffff, &(0x7f0000000780)='./file0/file0\x00') mkdir(&(0x7f0000000380)='./file0\x00', 0x2) renameat(r0, &(0x7f0000000300)="2f2f66696c653002", 0xffffffffffffffff, &(0x7f0000000340)='./file1\x00') 2018/03/31 03:07:51 executing program 5: sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r0 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) r1 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) fchdir(0xffffffffffffffff) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) getsockopt$inet6_tcp_buf(r0, 0x6, 0xf, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_pid(r3, &(0x7f0000000100)=ANY=[], 0x1023c) fadvise64(r2, 0x0, 0x0, 0x4) ioctl$TUNGETFEATURES(r2, 0x800454cf, &(0x7f00000002c0)) fallocate(r2, 0x0, 0x0, 0xffff) r4 = inotify_init1(0x0) open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) r5 = inotify_init1(0x80800) dup2(r4, r5) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1eec7e667e9c22c674d6eb942b78258369909dc", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000000280)) sendmsg$IPVS_CMD_GET_INFO(r1, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(r2, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(r1, 0x8922, &(0x7f0000000040)={'ipddp0\x00', 0xfffffffffffffffe}) ioctl(r0, 0x2285, &(0x7f0000007000)='S') 2018/03/31 03:07:51 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x20000, 0x0) r1 = syz_open_dev$sndtimer(&(0x7f00000000c0)='/dev/snd/timer\x00', 0x0, 0x0) read(r1, &(0x7f0000ec6000)=""/50, 0x32) r2 = socket$bt_cmtp(0x1f, 0x3, 0x5) ioctl$sock_bt_cmtp_CMTPGETCONNINFO(r2, 0x800443d3, &(0x7f0000000080)={{0x6, 0x6, 0xffffffffffffff0b, 0xb73, 0x3ff, 0xfff}, 0xf32, 0x80000001, 0x7}) r3 = syz_open_dev$amidi(&(0x7f00000001c0)='/dev/amidi#\x00', 0x0, 0x0) r4 = accept4$vsock_stream(r3, &(0x7f0000000340)={0x28, 0x0, 0xffffffff, @my=0x0}, 0x10, 0x80000) ioctl$SNDRV_TIMER_IOCTL_SELECT(r1, 0x40345410, &(0x7f0000000400)={{0x80100000001}}) ioctl$SNDRV_TIMER_IOCTL_PARAMS(r1, 0x40505412, &(0x7f000001cfb0)={0x0, 0x0, 0x0, 0x0, 0xf}) read(r1, &(0x7f0000000200)=""/228, 0xe4) r5 = openat$cuse(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/cuse\x00', 0x400000, 0x0) getsockopt$netrom_NETROM_T1(r5, 0x103, 0x1, &(0x7f0000000600), &(0x7f0000000640)=0x4) ioctl$TCSBRKP(r4, 0x5425, 0x617) ioctl$SNDRV_TIMER_IOCTL_START(r1, 0x54a0) socket$nl_xfrm(0x10, 0x3, 0x6) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000680)='/dev/vga_arbiter\x00', 0x8000, 0x0) ioctl$KVM_SET_NR_MMU_PAGES(r5, 0xae44, 0x40) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f0000000480)) r6 = dup2(0xffffffffffffffff, r0) bind$bt_l2cap(r6, &(0x7f0000000040)={0x1f, 0x5b91, {0xd, 0x0, 0x0, 0x8006, 0x5, 0x6}, 0x0, 0x5}, 0xe) preadv(r6, &(0x7f00000007c0)=[{&(0x7f0000000140)=""/100, 0x64}, {&(0x7f0000000240)=""/66, 0x42}, {&(0x7f00000002c0)=""/115, 0x73}, {&(0x7f0000000380)=""/71, 0x47}], 0x4, 0x16) 2018/03/31 03:07:51 executing program 3: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ppp\x00', 0x40000, 0x0) ioctl$FIONREAD(r0, 0x541b, &(0x7f0000000440)) r1 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) r2 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) fchdir(0xffffffffffffffff) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) socket(0xf, 0x7, 0x8) getsockopt$inet6_tcp_buf(r1, 0x6, 0xf, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) r4 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_pid(r4, &(0x7f0000000100)=ANY=[], 0x1023c) fadvise64(r3, 0x0, 0x0, 0x4) ioctl$TUNGETFEATURES(r3, 0x800454cf, &(0x7f00000002c0)) fallocate(r3, 0x0, 0x0, 0xffff) r5 = inotify_init1(0x0) open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) getsockopt$inet6_buf(r4, 0x29, 0x2a, &(0x7f0000000580)=""/148, &(0x7f0000000480)=0x94) r6 = inotify_init1(0x80800) dup2(r5, r6) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1eec7e667e9c22c674d6eb942b78258369909dc", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") ioctl$sock_SIOCGPGRP(r4, 0x8904, &(0x7f0000000280)) sendmsg$IPVS_CMD_GET_INFO(r2, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(r3, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}, 0x10}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(r2, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) ioctl(r1, 0x2285, &(0x7f0000007000)='S') [ 415.229005] FAULT_INJECTION: forcing a failure. [ 415.229005] name failslab, interval 1, probability 0, space 0, times 0 [ 415.240525] CPU: 1 PID: 26882 Comm: syz-executor1 Not tainted 4.16.0-rc7+ #7 [ 415.247714] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 415.257062] Call Trace: [ 415.259651] dump_stack+0x194/0x24d [ 415.263281] ? arch_local_irq_restore+0x53/0x53 [ 415.267957] should_fail+0x8c0/0xa40 [ 415.271670] ? unwind_next_frame.part.6+0x1a6/0xb40 [ 415.276686] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 415.281790] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 415.286985] ? __lock_acquire+0x664/0x3e00 [ 415.291223] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 415.296421] ? find_held_lock+0x35/0x1d0 [ 415.300482] ? __lock_is_held+0xb6/0x140 [ 415.304551] ? check_same_owner+0x320/0x320 [ 415.308868] ? __d_lookup+0x4f4/0x830 [ 415.312668] ? rcu_note_context_switch+0x710/0x710 [ 415.317601] should_failslab+0xec/0x120 [ 415.321571] kmem_cache_alloc+0x47/0x760 [ 415.325634] __d_alloc+0xc1/0xbd0 [ 415.329087] ? shrink_dcache_for_umount+0x290/0x290 [ 415.334101] ? d_alloc_parallel+0x1b40/0x1b40 [ 415.338597] ? lock_release+0xa40/0xa40 [ 415.342575] ? mark_held_locks+0xaf/0x100 [ 415.346728] ? d_lookup+0x133/0x2e0 [ 415.350362] ? d_lookup+0x1d5/0x2e0 [ 415.353986] d_alloc+0x8e/0x340 [ 415.357259] ? __d_alloc+0xbd0/0xbd0 [ 415.360965] ? full_name_hash+0x9b/0xe0 [ 415.364946] __rpc_lookup_create_exclusive+0x183/0x1d0 [ 415.370224] ? rpc_d_lookup_sb+0x1a0/0x1a0 [ 415.374459] rpc_populate.constprop.15+0xa3/0x340 [ 415.379303] rpc_fill_super+0x379/0xae0 [ 415.383283] ? cap_capable+0x1b5/0x230 [ 415.387171] ? rpc_remove_pipe_dir_object+0x6d0/0x6d0 [ 415.392355] ? security_capable+0x8e/0xc0 [ 415.396501] ? rpc_remove_pipe_dir_object+0x6d0/0x6d0 [ 415.401688] ? ns_capable_common+0xcf/0x160 [ 415.406007] ? rpc_remove_pipe_dir_object+0x6d0/0x6d0 [ 415.411190] mount_ns+0xc4/0x190 [ 415.414549] rpc_mount+0x9e/0xd0 [ 415.417910] mount_fs+0x66/0x2d0 [ 415.421275] vfs_kern_mount.part.26+0xc6/0x4a0 [ 415.425851] ? may_umount+0xa0/0xa0 [ 415.429472] ? _raw_read_unlock+0x22/0x30 [ 415.433644] ? __get_fs_type+0x8a/0xc0 [ 415.437531] do_mount+0xea4/0x2bb0 [ 415.441072] ? copy_mount_string+0x40/0x40 [ 415.445299] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 415.450311] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 415.455066] ? retint_kernel+0x10/0x10 [ 415.458954] ? copy_mount_options+0x18b/0x2e0 [ 415.463446] ? copy_mount_options+0x193/0x2e0 [ 415.467939] ? copy_mount_options+0x1f7/0x2e0 [ 415.472434] SyS_mount+0xab/0x120 [ 415.475888] ? copy_mnt_ns+0xb30/0xb30 [ 415.479768] do_syscall_64+0x281/0x940 [ 415.483648] ? vmalloc_sync_all+0x30/0x30 [ 415.487791] ? _raw_spin_unlock_irq+0x27/0x70 [ 415.492278] ? finish_task_switch+0x1c1/0x7e0 [ 415.497317] ? syscall_return_slowpath+0x550/0x550 [ 415.502241] ? syscall_return_slowpath+0x2ac/0x550 [ 415.507168] ? prepare_exit_to_usermode+0x350/0x350 [ 415.512182] ? entry_SYSCALL_64_after_hwframe+0x52/0xb7 [ 415.517547] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 415.522397] entry_SYSCALL_64_after_hwframe+0x42/0xb7 2018/03/31 03:07:51 executing program 6: sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r0 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) r1 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) fchdir(0xffffffffffffffff) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) getsockopt$inet6_tcp_buf(0xffffffffffffffff, 0x6, 0xf, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_pid(r3, &(0x7f0000000100)=ANY=[], 0x1023c) fadvise64(r2, 0x0, 0x0, 0x4) ioctl$TUNGETFEATURES(r2, 0x800454cf, &(0x7f00000002c0)) fallocate(r2, 0x0, 0x0, 0xffff) r4 = inotify_init1(0x0) open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) r5 = inotify_init1(0x80800) dup2(r4, r5) fstatfs(r4, &(0x7f0000000040)=""/62) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000000280)) sendmsg$IPVS_CMD_GET_INFO(r1, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(r2, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(r1, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) ioctl(r0, 0x2285, &(0x7f0000007000)='S') 2018/03/31 03:07:51 executing program 6: sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r0 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) r1 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) fchdir(0xffffffffffffffff) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) getsockopt$inet6_tcp_buf(0xffffffffffffffff, 0x6, 0xf, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_pid(r3, &(0x7f0000000100)=ANY=[], 0x1023c) fadvise64(r2, 0x0, 0x0, 0x4) ioctl$TUNGETFEATURES(r2, 0x800454cf, &(0x7f00000002c0)) fallocate(r2, 0x0, 0x0, 0xffff) r4 = inotify_init1(0x0) open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) r5 = inotify_init1(0x80800) dup2(r4, r5) fstatfs(r4, &(0x7f0000000040)=""/62) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000000280)) sendmsg$IPVS_CMD_GET_INFO(r1, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(r2, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(r1, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) ioctl(r0, 0x2285, &(0x7f0000007000)='S') 2018/03/31 03:07:51 executing program 7: sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r0 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) r1 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) fchdir(0xffffffffffffffff) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) getsockopt$inet6_tcp_buf(r0, 0x6, 0xf, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) r4 = syz_genetlink_get_family_id$fou(&(0x7f0000000480)='fou\x00') sendmsg$FOU_CMD_GET(r1, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000580)={&(0x7f00000004c0)={0x24, r4, 0x8, 0x70bd26, 0x25dfdbfc, {0x3}, [@FOU_ATTR_IPPROTO={0x8, 0x3, 0x1d}, @FOU_ATTR_PORT={0x8, 0x1, 0x4e24}]}, 0x24}, 0x1}, 0x40000) write$cgroup_pid(r3, &(0x7f0000000100)=ANY=[], 0x1023c) fadvise64(r2, 0x0, 0x0, 0x4) ioctl$TUNGETFEATURES(r2, 0x800454cf, &(0x7f00000002c0)) fallocate(r2, 0x0, 0x0, 0xffff) r5 = inotify_init1(0x0) open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) r6 = inotify_init1(0x80800) dup2(r5, r6) fstatfs(r5, &(0x7f0000000040)=""/62) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1eec7e667e9c22c674d6eb942b78258369909dc", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000000280)) sendmsg$IPVS_CMD_GET_INFO(r1, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(r2, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(r1, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) ioctl(r0, 0x2285, &(0x7f0000007000)='S') 2018/03/31 03:07:51 executing program 6: sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r0 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) r1 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) fchdir(0xffffffffffffffff) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) getsockopt$inet6_tcp_buf(r0, 0x6, 0x0, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_pid(r3, &(0x7f0000000100)=ANY=[], 0x1023c) fadvise64(r2, 0x0, 0x0, 0x4) ioctl$TUNGETFEATURES(r2, 0x800454cf, &(0x7f00000002c0)) fallocate(r2, 0x0, 0x0, 0xffff) r4 = inotify_init1(0x0) open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) r5 = inotify_init1(0x80800) dup2(r4, r5) fstatfs(r4, &(0x7f0000000040)=""/62) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000000280)) sendmsg$IPVS_CMD_GET_INFO(r1, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(r2, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(r1, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) ioctl(r0, 0x2285, &(0x7f0000007000)='S') 2018/03/31 03:07:51 executing program 5: sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r0 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) r1 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) fchdir(0xffffffffffffffff) connect$bt_rfcomm(r1, &(0x7f0000000580)={0x1f, {0x0, 0x0, 0x400, 0x4, 0x1, 0xc0}}, 0xa) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) getsockopt$inet6_tcp_buf(r0, 0x6, 0xf, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_pid(r2, &(0x7f0000001dc0)=ANY=[@ANYBLOB="72d7578312d91968a71d89829afd833d60df4231aaeed40b976c824413baf91d6607b0390d49de5b428ac6a442250a7a86fff7649a756ec26e21dbe2366a936a4bef89b0dc3a165db1a347a6f6b4a0d50c97c6", @ANYRES32=r1, @ANYPTR64=&(0x7f00000018c0)=ANY=[@ANYBLOB="965c5a1ec40b371cc500b8a76f5504e2ca32ae71f97e08f2589eb2fecd7317f64182563e7ac768a5a1d4923e75d704bc0a6357f8e0d0ffe71ec9e42fd7eee48b156ce53dfeef12ff789a25e340a9e0b90e170961415263fa648351b54dd779128c48768d5bdc8c377f890a0b8063e0cbc6443fbe20aff0e88d61777f42837b23681a65f457839f1951a7e91fc19404760ca0ffe664759ba6c3f640bc76c3df7ee64a380760a3c4ed490cd5e3824a497587", @ANYRES64, @ANYRES16=r3, @ANYRES32=r0, @ANYRES16=r3, @ANYBLOB="670443d3c19d64b6a0119ff12ec816bbc4f1a16e1d39117c5c798f4303c41d0089eb955f41070b06eecafc78e500f899711ee96cc4bf9709f0dc94885d3506baedff4e67c345aa8984f5894eb5b84f786dac32dc54bc315e979c28235c35d40fc711817b7063b1725d177a121fc7da1c4b27097f6935455db250d7e6af34856c51b5139eff5bd767cf0f751ebc6bf853134b4cf61319afffad347db833518feee6c329b7953559989e0e2d1c7877c6288ce8d068a80ac80314eea0851ba6228e1e2765b357a4dd3f49ed", @ANYRES64=r3, @ANYRES16], @ANYBLOB="dcc27c38ce629dc53ca688ccaa5573d56cc92535203a070c83961059307084724d18bc79e0e2727166afb1a4f7b56de306dcd18795d7d0fbca252f7e88e167f4f103dcdb6466b7576b0432c65bdebb45bfd15d575a68645436c7834c5010697c9b5f661bf6e503fac957061cb35a3fa5440c9be920dd674dbfc13bc0d345f513d78084c1f0e5403e58e118cc736e80e54a1584fe872247008eda41db7af0", @ANYPTR64=&(0x7f0000002040)=ANY=[@ANYRES64=r0, @ANYBLOB="0d4a4fe15ab3945b613123117fa10bedd645447086196f53a790ab197176d8c7925c2f9a9df7c072dc3ed1e43f984d2fbea6b697e59dc98b39c4922f5b7af885a38699354f5b6dc0c5479502a457fd5c4ae5b88e3509094d9c5a728ce8f1f85404140b1c897477cca97cec12c5a8", @ANYPTR64=&(0x7f0000001f80)=ANY=[@ANYRES32=r0, @ANYRES16=r3], @ANYPTR64=&(0x7f0000001fc0)=ANY=[@ANYPTR], @ANYBLOB="273916affa059cb58d9f2361be440ede3f08cabe25fd038a55644bcffdf5e4d6a916c70f603671ebc312c57eb9592ed4e790cc7accb15049a21958ef369ee753b24ca9d0c15fdc8169be55e852879e4952cee2215f403ee131790e0985399639040e3683979d94ee92d2097faec63a6dab7892cc3949681e4943c3c9461fc3923ab6e5efca2f3fcb5af8045d1b2892e9fdeae8fd39f91ca5a3e7708a0db1685f2b64815bbdc5ea33d2f6d95f05206e4639ad30fb20d13e02c45322", @ANYBLOB="1483307e0d1bf876e3f3e1e11cb1f6787bc20365dc67f94941cc5cb41746b711f779b1ec68c74352e8a9dee439312a1703ce8b13038124e9e68e189dc8f4fc1232dee52a06ccf1e726a1d589aaf05ba78483c7bfff4e1627ae238b157ea9f8e19ddd9c0b69ca43be428776b7399d0172ebc88c7f339bfecb697000dc653d6c47a212511f7b5f85213516cdcb65b4d14670ad95f47d893656b3759947e7899d005523a1c3db24ab08b430ba9ac75348642d3f1e0d929c6ced89d6b84766332ffacc6345344267421e84ca1fce752fea3ef354f74aa5e874f13099cb0d8308af146af74f83e9c320244592b9e3", @ANYPTR64=&(0x7f0000002000)=ANY=[@ANYRES16=r1, @ANYPTR64, @ANYPTR, @ANYRES64=r3], @ANYRES32, @ANYRES64=r2, @ANYRES16=r2], @ANYRES16=r0, @ANYBLOB="d587de86962259cfbdcc60ff85984584ec62d5523275f5e4b6d61dd3ee6a32fe14195377ee8d49e37c38eb930b5583c583284c5be110d2c6414231e06695539817de2833b4aece8458710d4189a973f1d9684e443fdef4a9e4098465e955ec41c9b49429b04c0628d788c9d575e43b620184316c20f8d4906410ef028427005a00b28a0352f842", @ANYPTR64=&(0x7f0000000640)=ANY=[@ANYPTR64=&(0x7f0000000440)=ANY=[@ANYRES32=r1, @ANYPTR64, @ANYRES32=r1, @ANYRES64, @ANYPTR], @ANYRES64=r1, @ANYRES64=r1, @ANYRES32, @ANYRES64=r0, @ANYPTR64=&(0x7f00000004c0)=ANY=[@ANYPTR, @ANYRES16=r0]], @ANYRES32=r2, @ANYRES64=r3], 0x1a2) fadvise64(r2, 0x0, 0x0, 0x4) ioctl$TUNGETFEATURES(r2, 0x800454cf, &(0x7f00000002c0)) fallocate(r2, 0x0, 0x0, 0xffff) r4 = inotify_init1(0x0) r5 = open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) r6 = inotify_init1(0x80000) dup2(r4, r6) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1eec7e667e9c22c674d6eb942b78258369909dc", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000000280)) sendmsg$IPVS_CMD_GET_INFO(r5, &(0x7f0000000480)={&(0x7f0000000680)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x1) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(r2, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(r1, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) ioctl$DRM_IOCTL_ADD_CTX(r2, 0xc0086420, &(0x7f0000000040)={0x0}) ioctl$DRM_IOCTL_NEW_CTX(r2, 0x40086425, &(0x7f0000000540)={r7, 0x1}) ioctl(r0, 0x2285, &(0x7f00000001c0)="ea768649a62271efdc0d78") [ 415.527578] RIP: 0033:0x454e79 [ 415.530756] RSP: 002b:00007fb29f67ac68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 415.538454] RAX: ffffffffffffffda RBX: 00007fb29f67b6d4 RCX: 0000000000454e79 [ 415.545714] RDX: 0000000020000240 RSI: 0000000020026ff8 RDI: 0000000020000280 [ 415.552972] RBP: 000000000072bea0 R08: 0000000020ae2fff R09: 0000000000000000 [ 415.560230] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000014 [ 415.567492] R13: 00000000000003fa R14: 00000000006f8010 R15: 000000000000002c [ 415.607524] binder: 26879:26911 BC_REQUEST_DEATH_NOTIFICATION invalid ref 3 [ 415.628123] binder: 26879:26911 Acquire 1 refcount change on invalid ref 0 ret -22 [ 415.635936] binder: 26879:26911 BC_ACQUIRE_DONE u0000000000000000 no match [ 415.642987] binder: 26879:26911 unknown command 0 [ 415.643557] net/sunrpc/rpc_pipe.c: rpc_populate failed to populate directory / [ 415.691963] binder: 26879:26911 ioctl c0306201 200001c0 returned -22 [ 415.724261] binder: 26879:26923 BC_REQUEST_DEATH_NOTIFICATION invalid ref 3 [ 415.738624] binder: 26879:26923 Acquire 1 refcount change on invalid ref 0 ret -22 [ 415.746417] binder: 26879:26923 BC_ACQUIRE_DONE u0000000000000000 no match [ 415.753475] binder: 26879:26923 unknown command 0 [ 415.759244] binder: 26879:26923 ioctl c0306201 200001c0 returned -22 2018/03/31 03:07:52 executing program 6: sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r0 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) r1 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) fchdir(0xffffffffffffffff) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) getsockopt$inet6_tcp_buf(r0, 0x6, 0x0, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_pid(r3, &(0x7f0000000100)=ANY=[], 0x1023c) fadvise64(r2, 0x0, 0x0, 0x4) ioctl$TUNGETFEATURES(r2, 0x800454cf, &(0x7f00000002c0)) fallocate(r2, 0x0, 0x0, 0xffff) r4 = inotify_init1(0x0) open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) r5 = inotify_init1(0x80800) dup2(r4, r5) fstatfs(r4, &(0x7f0000000040)=""/62) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000000280)) sendmsg$IPVS_CMD_GET_INFO(r1, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(r2, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(r1, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) ioctl(r0, 0x2285, &(0x7f0000007000)='S') 2018/03/31 03:07:52 executing program 3: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ppp\x00', 0x40000, 0x0) ioctl$FIONREAD(r0, 0x541b, &(0x7f0000000440)) r1 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) r2 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) fchdir(0xffffffffffffffff) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) socket(0xf, 0x7, 0x8) getsockopt$inet6_tcp_buf(r1, 0x6, 0xf, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) r4 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_pid(r4, &(0x7f0000000100)=ANY=[], 0x1023c) fadvise64(r3, 0x0, 0x0, 0x4) ioctl$TUNGETFEATURES(r3, 0x800454cf, &(0x7f00000002c0)) fallocate(r3, 0x0, 0x0, 0xffff) r5 = inotify_init1(0x0) open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) getsockopt$inet6_buf(r4, 0x29, 0x2a, &(0x7f0000000580)=""/148, &(0x7f0000000480)=0x94) r6 = inotify_init1(0x80800) dup2(r5, r6) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1eec7e667e9c22c674d6eb942b78258369909dc", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") ioctl$sock_SIOCGPGRP(r4, 0x8904, &(0x7f0000000280)) sendmsg$IPVS_CMD_GET_INFO(r2, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(r3, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}, 0x10}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(r2, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) ioctl(r1, 0x2285, &(0x7f0000007000)='S') 2018/03/31 03:07:52 executing program 2: sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r0 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) r1 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) fchdir(0xffffffffffffffff) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) getsockopt$inet6_tcp_buf(r0, 0x6, 0xf, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_pid(r3, &(0x7f0000000100)=ANY=[], 0x1023c) fadvise64(r2, 0x0, 0x0, 0x4) ioctl$TUNGETFEATURES(r2, 0x800454cf, &(0x7f00000002c0)) fallocate(r2, 0x0, 0x0, 0xffff) r4 = inotify_init1(0x0) open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) r5 = inotify_init1(0x80800) dup2(r4, r5) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000000280)) sendmsg$IPVS_CMD_GET_INFO(r1, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(r1, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) ioctl(r0, 0x2285, &(0x7f0000007000)='S') 2018/03/31 03:07:52 executing program 5: sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r0 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) r1 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) fchdir(0xffffffffffffffff) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) getsockopt$inet6_tcp_buf(r0, 0x6, 0xf, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_pid(r0, &(0x7f00000004c0)=ANY=[@ANYRES32=r1, @ANYRES64=r0, @ANYPTR=&(0x7f0000000580)=ANY=[@ANYPTR64, @ANYRES32=r1, @ANYPTR64=&(0x7f0000000040)=ANY=[@ANYRES64=r0, @ANYPTR], @ANYBLOB="bca9a6cdabde942c6c820121ae9309940669c5482d", @ANYBLOB="e61df3d2ded84ce87ec5208c5ecfb4f311ae0e19936727e378beabcdd192a5a1a01a66485173995821f6d5904e5ebcc632a548045e05770cc8ec9bdd99cc5f4427ed87219b7a0d27f912932b130d316a58fba03f0a", @ANYRES16=r2, @ANYBLOB="ddc1f20069c5fde89b07098efc0d3d2afb4e83b0fae2fa8818fa4e5a60f84069ba0514a1407d314620cacd6f2e575bd07838e30d2f20d2cc80998a78831eec4d56af0057a398081a", @ANYBLOB="cc4f", @ANYRES64=r0], @ANYPTR=&(0x7f0000000480)=ANY=[@ANYRES64, @ANYPTR64=&(0x7f0000000440)=ANY=[@ANYRES64=r0, @ANYPTR64]], @ANYRES32=r2, @ANYRES32, @ANYRES32=r0], 0x3942) fadvise64(r2, 0x0, 0x0, 0x4) ioctl$TUNGETFEATURES(r2, 0x800454cf, &(0x7f00000002c0)) fallocate(r2, 0x0, 0x0, 0xffff) r4 = inotify_init1(0x0) open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) inotify_init1(0x80800) dup2(r1, r4) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1eec7e667e9c22c674d6eb942b78258369909dc", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000000280)) sendmsg$IPVS_CMD_GET_INFO(r1, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0x92, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(r2, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(r1, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) ioctl(r0, 0x2285, &(0x7f0000007000)='S') 2018/03/31 03:07:52 executing program 1 (fault-call:10 fault-nth:45): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x2800000, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="8da4363a00000000000000000000000000000000000000000000000000000000ecf6f2a3299748aeb81e1b00920efd9a000001000000000001000000000000005f42485266535f4d050000000000000000104000000000000000020000000000000000000000000000000000000000000000800200000000007000000000000006000000000000000100000000000000001000000010000000100000001000006100000004000000000000000000000000000000000000000000000045010000000000000000000000010000000000000000008002000000000000800000000000001000000010000000100000000000000000000000000000000000000000000000000000000000000000c08de47c70514c95b95e109e96a0b90decf6f2a3299748aeb81e1b00920efd9a00", 0x12c, 0x10000}], 0x0, &(0x7f0000014300)) mkdir(&(0x7f0000000040)='./file0\x00', 0x1c1) syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000180)="2f2f66696c653002", 0x80, 0x1, &(0x7f0000000900)=[{&(0x7f0000000400)="726b0bf4cf9ea0007fa7cf2e5c463c327b275b956e7a407a7776f3f680f45f33407d01287d4ef58cd8d319309c29643917d4bc86f568f8852b2e6c7cee837e0715e7aa7f82e970e6d76f2290b63efeed63f0785b36f4e95bdf2f07271dbd7d278d79d59de5", 0x65, 0x4}], 0x240000, &(0x7f0000000a00)={'nouuid,'}) r0 = open(&(0x7f00000002c0)='./file0\x00', 0x0, 0x0) symlinkat(&(0x7f0000000240)='./file0/file0/file0\x00', r0, &(0x7f0000000140)='./file0\x00') ioctl$UFFDIO_UNREGISTER(r0, 0x8010aa01, &(0x7f00000003c0)={&(0x7f0000ffc000/0x1000)=nil, 0x1000}) syz_open_pts(r0, 0x646041) unlinkat(r0, &(0x7f0000000080)='./file0/file0/file0\x00', 0x0) renameat(r0, &(0x7f0000000040)="2f2f66696c653002", 0xffffffffffffffff, &(0x7f0000000100)='./file1\x00') mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f0000000280)='./file0/file0\x00', &(0x7f0000026ff8)='./file0\x00', &(0x7f0000000240)='rpc_pipefs\x00', 0x0, &(0x7f0000ae2fff)) umount2(&(0x7f0000000000)='./file0\x00', 0x0) fcntl$notify(r0, 0x402, 0x1b) symlinkat(&(0x7f0000000800)='./file0\x00', 0xffffffffffffffff, &(0x7f0000000780)='./file0/file0\x00') mkdir(&(0x7f0000000380)='./file0\x00', 0x2) renameat(r0, &(0x7f0000000300)="2f2f66696c653002", 0xffffffffffffffff, &(0x7f0000000340)='./file1\x00') 2018/03/31 03:07:52 executing program 7: sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r0 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) r1 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) fchdir(0xffffffffffffffff) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) getsockopt$inet6_tcp_buf(r0, 0x6, 0xf, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_pid(r3, &(0x7f0000000100)=ANY=[], 0x1023c) fadvise64(r2, 0x0, 0x0, 0x4) ioctl$TUNGETFEATURES(r2, 0x800454cf, &(0x7f00000002c0)) fallocate(r2, 0x0, 0x0, 0xffff) r4 = inotify_init1(0x0) open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) r5 = inotify_init1(0x80800) dup2(r4, r5) fstatfs(r4, &(0x7f0000000040)=""/62) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1eec7e667e9c22c674d6eb942b78258369909dc", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000000280)) sendmsg$IPVS_CMD_GET_INFO(r1, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(r2, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(r1, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) setsockopt$IP_VS_SO_SET_DEL(r0, 0x0, 0x484, &(0x7f0000000440)={0x0, @rand_addr=0x80000001, 0x4e24, 0x3, 'lblcr\x00', 0x1, 0xc6, 0x6d}, 0x2c) ioctl(r0, 0x2285, &(0x7f0000007000)='S') 2018/03/31 03:07:52 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x20000, 0x0) r1 = syz_open_dev$sndtimer(&(0x7f00000000c0)='/dev/snd/timer\x00', 0x0, 0x0) read(r1, &(0x7f0000ec6000)=""/50, 0x32) r2 = socket$bt_cmtp(0x1f, 0x3, 0x5) ioctl$sock_bt_cmtp_CMTPGETCONNINFO(r2, 0x800443d3, &(0x7f0000000080)={{0x6, 0x6, 0xffffffffffffff0b, 0xb73, 0x3ff, 0xfff}, 0xf32, 0x80000001, 0x7}) r3 = syz_open_dev$amidi(&(0x7f00000001c0)='/dev/amidi#\x00', 0x0, 0x0) accept4$vsock_stream(r3, &(0x7f0000000340)={0x28, 0x0, 0xffffffff, @my=0x0}, 0x10, 0x80000) ioctl$SNDRV_TIMER_IOCTL_SELECT(r1, 0x40345410, &(0x7f0000000400)={{0x80100000001}}) ioctl$SNDRV_TIMER_IOCTL_PARAMS(r1, 0x40505412, &(0x7f000001cfb0)={0x0, 0x0, 0x0, 0x0, 0xf}) read(r1, &(0x7f0000000200)=""/228, 0xe4) socketpair$inet_udp(0x2, 0x2, 0x0, &(0x7f00000004c0)) r4 = openat$cuse(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/cuse\x00', 0x400000, 0x0) getsockopt$netrom_NETROM_T1(r4, 0x103, 0x1, &(0x7f0000000600), &(0x7f0000000640)=0x4) ioctl$SNDRV_TIMER_IOCTL_START(r1, 0x54a0) socket$nl_xfrm(0x10, 0x3, 0x6) getsockopt$inet6_IPV6_XFRM_POLICY(r4, 0x29, 0x23, &(0x7f00000006c0)={{{@in6=@mcast2, @in6=@ipv4}}, {{@in6}, 0x0, @in=@dev}}, &(0x7f0000000500)=0xe8) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000680)='/dev/vga_arbiter\x00', 0x8000, 0x0) ioctl$KVM_SET_NR_MMU_PAGES(r4, 0xae44, 0x40) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f0000000480)) openat$hwrng(0xffffffffffffff9c, &(0x7f0000000440)='/dev/hwrng\x00', 0x1, 0x0) r5 = dup2(0xffffffffffffffff, r0) bind$bt_l2cap(r5, &(0x7f0000000040)={0x1f, 0x5b91, {0xd, 0x0, 0x0, 0x8006, 0x5, 0x6}, 0x0, 0x5}, 0xe) preadv(r5, &(0x7f00000007c0)=[{&(0x7f0000000140)=""/100, 0x64}, {&(0x7f0000000240)=""/66, 0x42}, {&(0x7f00000002c0)=""/115, 0x73}, {&(0x7f0000000380)=""/71, 0x47}], 0x4, 0x16) 2018/03/31 03:07:52 executing program 4: r0 = syz_open_dev$binder(&(0x7f00000004c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) getgroups(0x0, &(0x7f0000000500)) mmap$binder(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/pfkey\x00', 0x10000, 0x0) connect$unix(r1, &(0x7f0000000200)=@file={0x1, './file0\x00'}, 0x6e) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x74, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0c6300000e630c40030000000000000000000000056304400000000009631040", @ANYBLOB, @ANYBLOB="000000000000000000634040000000000000000002000000000000000000000001000000000000000000000018000000000000001000000000000000", @ANYPTR=&(0x7f0000000080)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00H\x00\x00\x00\x00\x00\x00\x00'], @ANYRES64, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0xeb, 0x0, &(0x7f00000002c0)="e718c6edde7a3b7c6af63e413cd5ffd2355006b90295e59b944ae30b53c5e0fb06504316e64898a349e3220fa658c2092306f433254289bcf5cf48a952c6e7eb4c54969299c6123213c5518ec0276eec669de3b62c531bcf2ba950c84bb12b57275938926ff74b0a8fe76d6e8de191b41f549e02c8262b5bf0d716c5f23d4dae1e2d8aac7c0b2386ed16e3b0c7fb6e60c5bbd3d1efb87f99573a5ced5b7f13f75995a776f3c7e6ed23b5056ebec90c762d6ebdd8a7de0f61884f12294d1a1a3696ca768758bc197a050a453209d4fe9930a7053742a70a6fe08461645091bc00c6f25addfbc55c3d37fe35"}) [ 416.306432] FAULT_INJECTION: forcing a failure. [ 416.306432] name failslab, interval 1, probability 0, space 0, times 0 [ 416.317878] CPU: 0 PID: 26937 Comm: syz-executor1 Not tainted 4.16.0-rc7+ #7 [ 416.325065] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 416.332470] binder: 26939:26942 BC_REQUEST_DEATH_NOTIFICATION invalid ref 3 [ 416.334406] Call Trace: [ 416.334423] dump_stack+0x194/0x24d [ 416.334437] ? arch_local_irq_restore+0x53/0x53 [ 416.334460] should_fail+0x8c0/0xa40 [ 416.356083] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 416.361173] ? __lock_is_held+0xb6/0x140 [ 416.365211] ? mark_held_locks+0xaf/0x100 [ 416.369335] ? __raw_spin_lock_init+0x1c/0x100 [ 416.373897] ? find_held_lock+0x35/0x1d0 [ 416.377940] ? __lock_is_held+0xb6/0x140 [ 416.381986] ? check_same_owner+0x320/0x320 [ 416.386284] ? d_alloc+0x269/0x340 [ 416.389808] ? rcu_note_context_switch+0x710/0x710 [ 416.394717] ? lock_release+0xa40/0xa40 [ 416.398673] should_failslab+0xec/0x120 [ 416.402627] kmem_cache_alloc+0x47/0x760 [ 416.406670] ? d_drop+0x51/0x60 [ 416.409929] ? rpc_i_callback+0x30/0x30 [ 416.413880] rpc_alloc_inode+0x1a/0x20 [ 416.417744] alloc_inode+0x65/0x180 [ 416.421347] new_inode_pseudo+0x69/0x190 [ 416.425384] ? prune_icache_sb+0x1a0/0x1a0 [ 416.429595] ? do_raw_spin_trylock+0x190/0x190 [ 416.434150] ? d_add+0xa70/0xa70 [ 416.437494] new_inode+0x1c/0x40 [ 416.440838] rpc_get_inode+0x20/0x1e0 [ 416.444614] __rpc_create_common+0x5d/0x1d0 [ 416.448914] rpc_populate.constprop.15+0x1ad/0x340 [ 416.453823] rpc_fill_super+0x379/0xae0 [ 416.457773] ? cap_capable+0x1b5/0x230 [ 416.461636] ? rpc_remove_pipe_dir_object+0x6d0/0x6d0 [ 416.466806] ? security_capable+0x8e/0xc0 [ 416.470929] ? rpc_remove_pipe_dir_object+0x6d0/0x6d0 [ 416.476093] ? ns_capable_common+0xcf/0x160 [ 416.480391] ? rpc_remove_pipe_dir_object+0x6d0/0x6d0 [ 416.485554] mount_ns+0xc4/0x190 [ 416.488898] rpc_mount+0x9e/0xd0 [ 416.492242] mount_fs+0x66/0x2d0 [ 416.495586] vfs_kern_mount.part.26+0xc6/0x4a0 [ 416.500142] ? may_umount+0xa0/0xa0 [ 416.503744] ? _raw_read_unlock+0x22/0x30 [ 416.507868] ? __get_fs_type+0x8a/0xc0 [ 416.511731] do_mount+0xea4/0x2bb0 [ 416.515249] ? copy_mount_string+0x40/0x40 [ 416.519460] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 416.524454] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 416.529188] ? retint_kernel+0x10/0x10 [ 416.533054] ? copy_mount_options+0x18b/0x2e0 [ 416.537524] ? copy_mount_options+0x196/0x2e0 [ 416.541994] ? copy_mount_options+0x1f7/0x2e0 [ 416.546469] SyS_mount+0xab/0x120 [ 416.549894] ? copy_mnt_ns+0xb30/0xb30 [ 416.553757] do_syscall_64+0x281/0x940 [ 416.557619] ? vmalloc_sync_all+0x30/0x30 [ 416.561743] ? _raw_spin_unlock_irq+0x27/0x70 [ 416.566212] ? finish_task_switch+0x1c1/0x7e0 [ 416.570682] ? syscall_return_slowpath+0x550/0x550 [ 416.575584] ? syscall_return_slowpath+0x2ac/0x550 [ 416.580488] ? prepare_exit_to_usermode+0x350/0x350 [ 416.585479] ? entry_SYSCALL_64_after_hwframe+0x52/0xb7 [ 416.590820] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 416.595640] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 416.600808] RIP: 0033:0x454e79 [ 416.603972] RSP: 002b:00007fb29f67ac68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 416.611658] RAX: ffffffffffffffda RBX: 00007fb29f67b6d4 RCX: 0000000000454e79 [ 416.618900] RDX: 0000000020000240 RSI: 0000000020026ff8 RDI: 0000000020000280 [ 416.626145] RBP: 000000000072bea0 R08: 0000000020ae2fff R09: 0000000000000000 [ 416.633392] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000014 [ 416.640655] R13: 00000000000003fa R14: 00000000006f8010 R15: 000000000000002d [ 416.647981] net/sunrpc/rpc_pipe.c: __rpc_create_common failed to allocate inode for dentry statd [ 416.665339] binder: 26939:26942 Acquire 1 refcount change on invalid ref 0 ret -22 [ 416.673170] binder: 26939:26942 BC_ACQUIRE_DONE u0000000000000000 no match [ 416.680238] binder: 26939:26942 unknown command 0 2018/03/31 03:07:53 executing program 2: sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r0 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) r1 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) fchdir(0xffffffffffffffff) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) getsockopt$inet6_tcp_buf(r0, 0x6, 0xf, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_pid(r3, &(0x7f0000000100)=ANY=[], 0x1023c) fadvise64(r2, 0x0, 0x0, 0x4) ioctl$TUNGETFEATURES(r2, 0x800454cf, &(0x7f00000002c0)) fallocate(r2, 0x0, 0x0, 0xffff) r4 = inotify_init1(0x0) open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) r5 = inotify_init1(0x80800) dup2(r4, r5) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000000280)) sendmsg$IPVS_CMD_GET_INFO(r1, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(r1, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) ioctl(r0, 0x2285, &(0x7f0000007000)='S') 2018/03/31 03:07:53 executing program 6: sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r0 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) r1 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) fchdir(0xffffffffffffffff) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) getsockopt$inet6_tcp_buf(r0, 0x6, 0x0, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_pid(r3, &(0x7f0000000100)=ANY=[], 0x1023c) fadvise64(r2, 0x0, 0x0, 0x4) ioctl$TUNGETFEATURES(r2, 0x800454cf, &(0x7f00000002c0)) fallocate(r2, 0x0, 0x0, 0xffff) r4 = inotify_init1(0x0) open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) r5 = inotify_init1(0x80800) dup2(r4, r5) fstatfs(r4, &(0x7f0000000040)=""/62) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000000280)) sendmsg$IPVS_CMD_GET_INFO(r1, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(r2, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(r1, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) ioctl(r0, 0x2285, &(0x7f0000007000)='S') [ 416.725046] binder: 26939:26942 ioctl c0306201 200001c0 returned -22 2018/03/31 03:07:53 executing program 3: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ppp\x00', 0x40000, 0x0) ioctl$FIONREAD(r0, 0x541b, &(0x7f0000000440)) r1 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) r2 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) fchdir(0xffffffffffffffff) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) socket(0xf, 0x7, 0x8) getsockopt$inet6_tcp_buf(r1, 0x6, 0xf, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) r4 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_pid(r4, &(0x7f0000000100)=ANY=[], 0x1023c) fadvise64(r3, 0x0, 0x0, 0x4) ioctl$TUNGETFEATURES(r3, 0x800454cf, &(0x7f00000002c0)) fallocate(r3, 0x0, 0x0, 0xffff) r5 = inotify_init1(0x0) open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) getsockopt$inet6_buf(r4, 0x29, 0x2a, &(0x7f0000000580)=""/148, &(0x7f0000000480)=0x94) r6 = inotify_init1(0x80800) dup2(r5, r6) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1eec7e667e9c22c674d6eb942b78258369909dc", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") ioctl$sock_SIOCGPGRP(r4, 0x8904, &(0x7f0000000280)) sendmsg$IPVS_CMD_GET_INFO(r2, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(r3, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}, 0x10}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(r2, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) ioctl(r1, 0x2285, &(0x7f0000007000)='S') 2018/03/31 03:07:53 executing program 5: sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r0 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) r1 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) fchdir(0xffffffffffffffff) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) getsockopt$inet6_tcp_buf(r0, 0x6, 0xf, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_pid(r3, &(0x7f0000000100)=ANY=[], 0x1023c) fadvise64(r2, 0x0, 0x0, 0x4) ioctl$TUNGETFEATURES(r2, 0x800454cf, &(0x7f00000002c0)) fallocate(r2, 0x0, 0x0, 0xffff) r4 = inotify_init1(0x0) open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) r5 = inotify_init1(0x80800) dup2(r4, r5) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1eec7e667e9c22c674d6eb942b78258369909dc", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000000280)) sendmsg$IPVS_CMD_GET_INFO(r1, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(r2, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(r1, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) ioctl(r0, 0x2285, &(0x7f0000007000)='S') getresgid(&(0x7f0000000040), &(0x7f0000000440)=0x0, &(0x7f0000000480)) ioctl$TUNSETGROUP(r2, 0x400454ce, r6) 2018/03/31 03:07:53 executing program 4: r0 = syz_open_dev$binder(&(0x7f00000004c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) getgid() fstat(r0, &(0x7f0000000000)) getgroups(0x35b, &(0x7f0000000180)) mmap$binder(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) r1 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vga_arbiter\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_PAUSE(r1, 0x54a3) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x74, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0c6300000e630c40030000000000000000000000056304400000000009631040", @ANYBLOB, @ANYBLOB="000000000000000000634040000000000000000002000000000000000000000001000000000000000000000018000000000000001000000000000000", @ANYPTR=&(0x7f0000000080)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00H\x00\x00\x00\x00\x00\x00\x00'], @ANYRES64, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0xeb, 0x0, &(0x7f00000002c0)="e718c6edde7a3b7c6af63e413cd5ffd2355006b90295e59b944ae30b53c5e0fb06504316e64898a349e3220fa658c2092306f433254289bcf5cf48a952c6e7eb4c54969299c6123213c5518ec0276eec669de3b62c531bcf2ba950c84bb12b57275938926ff74b0a8fe76d6e8de191b41f549e02c8262b5bf0d716c5f23d4dae1e2d8aac7c0b2386ed16e3b0c7fb6e60c5bbd3d1efb87f99573a5ced5b7f13f75995a776f3c7e6ed23b5056ebec90c762d6ebdd8a7de0f61884f12294d1a1a3696ca768758bc197a050a453209d4fe9930a7053742a70a6fe08461645091bc00c6f25addfbc55c3d37fe35"}) [ 416.791184] net/sunrpc/rpc_pipe.c: rpc_populate failed to populate directory / 2018/03/31 03:07:53 executing program 1 (fault-call:10 fault-nth:46): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x2800000, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="8da4363a00000000000000000000000000000000000000000000000000000000ecf6f2a3299748aeb81e1b00920efd9a000001000000000001000000000000005f42485266535f4d050000000000000000104000000000000000020000000000000000000000000000000000000000000000800200000000007000000000000006000000000000000100000000000000001000000010000000100000001000006100000004000000000000000000000000000000000000000000000045010000000000000000000000010000000000000000008002000000000000800000000000001000000010000000100000000000000000000000000000000000000000000000000000000000000000c08de47c70514c95b95e109e96a0b90decf6f2a3299748aeb81e1b00920efd9a00", 0x12c, 0x10000}], 0x0, &(0x7f0000014300)) mkdir(&(0x7f0000000040)='./file0\x00', 0x1c1) syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000180)="2f2f66696c653002", 0x80, 0x1, &(0x7f0000000900)=[{&(0x7f0000000400)="726b0bf4cf9ea0007fa7cf2e5c463c327b275b956e7a407a7776f3f680f45f33407d01287d4ef58cd8d319309c29643917d4bc86f568f8852b2e6c7cee837e0715e7aa7f82e970e6d76f2290b63efeed63f0785b36f4e95bdf2f07271dbd7d278d79d59de5", 0x65, 0x4}], 0x240000, &(0x7f0000000a00)={'nouuid,'}) r0 = open(&(0x7f00000002c0)='./file0\x00', 0x0, 0x0) symlinkat(&(0x7f0000000240)='./file0/file0/file0\x00', r0, &(0x7f0000000140)='./file0\x00') ioctl$UFFDIO_UNREGISTER(r0, 0x8010aa01, &(0x7f00000003c0)={&(0x7f0000ffc000/0x1000)=nil, 0x1000}) syz_open_pts(r0, 0x646041) unlinkat(r0, &(0x7f0000000080)='./file0/file0/file0\x00', 0x0) renameat(r0, &(0x7f0000000040)="2f2f66696c653002", 0xffffffffffffffff, &(0x7f0000000100)='./file1\x00') mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f0000000280)='./file0/file0\x00', &(0x7f0000026ff8)='./file0\x00', &(0x7f0000000240)='rpc_pipefs\x00', 0x0, &(0x7f0000ae2fff)) umount2(&(0x7f0000000000)='./file0\x00', 0x0) fcntl$notify(r0, 0x402, 0x1b) symlinkat(&(0x7f0000000800)='./file0\x00', 0xffffffffffffffff, &(0x7f0000000780)='./file0/file0\x00') mkdir(&(0x7f0000000380)='./file0\x00', 0x2) renameat(r0, &(0x7f0000000300)="2f2f66696c653002", 0xffffffffffffffff, &(0x7f0000000340)='./file1\x00') 2018/03/31 03:07:53 executing program 7: sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000440)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) r1 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) fchdir(0xffffffffffffffff) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) getsockopt$inet6_tcp_buf(r0, 0x6, 0xf, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_pid(r3, &(0x7f0000000100)=ANY=[], 0x1023c) fadvise64(r2, 0x0, 0x0, 0x4) ioctl$TUNGETFEATURES(r2, 0x800454cf, &(0x7f00000002c0)) fcntl$F_GET_RW_HINT(r3, 0x40b, &(0x7f00000004c0)) fallocate(r2, 0x0, 0x0, 0xffff) open(&(0x7f0000000580)='./file0\x00', 0x200000, 0x20) r4 = inotify_init1(0x0) open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) r5 = inotify_init1(0x80800) dup2(r4, r5) fstatfs(r4, &(0x7f0000000040)=""/62) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1eec7e667e9c22c674d6eb942b78258369909dc", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000000280)) sendmsg$IPVS_CMD_GET_INFO(r1, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(r2, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) setsockopt$inet_sctp_SCTP_AUTOCLOSE(r2, 0x84, 0x4, &(0x7f0000000480), 0x4) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(r1, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) ioctl(r0, 0x2285, &(0x7f0000007000)='S') [ 416.859840] binder: 26963:26967 BC_REQUEST_DEATH_NOTIFICATION invalid ref 3 [ 416.886670] binder: 26963:26967 Acquire 1 refcount change on invalid ref 0 ret -22 [ 416.894523] binder: 26963:26967 BC_ACQUIRE_DONE u0000000000000000 no match [ 416.901574] binder: 26963:26967 unknown command 0 2018/03/31 03:07:53 executing program 6: sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r0 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) r1 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) fchdir(0xffffffffffffffff) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) getsockopt$inet6_tcp_buf(r0, 0x6, 0xf, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_pid(0xffffffffffffffff, &(0x7f0000000100)=ANY=[], 0x1023c) fadvise64(r2, 0x0, 0x0, 0x4) ioctl$TUNGETFEATURES(r2, 0x800454cf, &(0x7f00000002c0)) fallocate(r2, 0x0, 0x0, 0xffff) r4 = inotify_init1(0x0) open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) r5 = inotify_init1(0x80800) dup2(r4, r5) fstatfs(r4, &(0x7f0000000040)=""/62) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000000280)) sendmsg$IPVS_CMD_GET_INFO(r1, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(r2, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(r1, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) ioctl(r0, 0x2285, &(0x7f0000007000)='S') 2018/03/31 03:07:53 executing program 2: sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r0 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) r1 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) fchdir(0xffffffffffffffff) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) getsockopt$inet6_tcp_buf(r0, 0x6, 0xf, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_pid(r3, &(0x7f0000000100)=ANY=[], 0x1023c) fadvise64(r2, 0x0, 0x0, 0x4) ioctl$TUNGETFEATURES(r2, 0x800454cf, &(0x7f00000002c0)) fallocate(r2, 0x0, 0x0, 0xffff) r4 = inotify_init1(0x0) open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) r5 = inotify_init1(0x80800) dup2(r4, r5) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000000280)) sendmsg$IPVS_CMD_GET_INFO(r1, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(r1, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) ioctl(r0, 0x2285, &(0x7f0000007000)='S') [ 416.913818] binder: 26963:26967 ioctl c0306201 200001c0 returned -22 2018/03/31 03:07:53 executing program 4: r0 = syz_open_dev$binder(&(0x7f00000004c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer\x00', 0x604400, 0x0) ioctl$EVIOCGNAME(r1, 0x80404506, &(0x7f00000003c0)=""/231) getgroups(0x0, &(0x7f0000000500)) mmap$binder(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x74, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0c6300000e630c40030000000000000000000000056304400000000009631040", @ANYBLOB, @ANYBLOB="000000000000000000634040000000000000000002000000000000000000000001000000000000000000000018000000000000001000000000000000", @ANYPTR=&(0x7f0000000080)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00H\x00\x00\x00\x00\x00\x00\x00'], @ANYRES64, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0xeb, 0x0, &(0x7f00000002c0)="e718c6edde7a3b7c6af63e413cd5ffd2355006b90295e59b944ae30b53c5e0fb06504316e64898a349e3220fa658c2092306f433254289bcf5cf48a952c6e7eb4c54969299c6123213c5518ec0276eec669de3b62c531bcf2ba950c84bb12b57275938926ff74b0a8fe76d6e8de191b41f549e02c8262b5bf0d716c5f23d4dae1e2d8aac7c0b2386ed16e3b0c7fb6e60c5bbd3d1efb87f99573a5ced5b7f13f75995a776f3c7e6ed23b5056ebec90c762d6ebdd8a7de0f61884f12294d1a1a3696ca768758bc197a050a453209d4fe9930a7053742a70a6fe08461645091bc00c6f25addfbc55c3d37fe35"}) [ 416.954991] FAULT_INJECTION: forcing a failure. [ 416.954991] name failslab, interval 1, probability 0, space 0, times 0 [ 416.966354] CPU: 1 PID: 26971 Comm: syz-executor1 Not tainted 4.16.0-rc7+ #7 [ 416.973540] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 416.982885] Call Trace: [ 416.985473] dump_stack+0x194/0x24d [ 416.989104] ? arch_local_irq_restore+0x53/0x53 [ 416.993776] should_fail+0x8c0/0xa40 [ 416.997488] ? fault_create_debugfs_attr+0x1f0/0x1f0 2018/03/31 03:07:53 executing program 3: openat$ppp(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ppp\x00', 0x40000, 0x0) sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r0 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) r1 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) fchdir(0xffffffffffffffff) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) socket(0xf, 0x7, 0x8) getsockopt$inet6_tcp_buf(r0, 0x6, 0xf, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_pid(r3, &(0x7f0000000100)=ANY=[], 0x1023c) fadvise64(r2, 0x0, 0x0, 0x4) ioctl$TUNGETFEATURES(r2, 0x800454cf, &(0x7f00000002c0)) fallocate(r2, 0x0, 0x0, 0xffff) r4 = inotify_init1(0x0) open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) getsockopt$inet6_buf(r3, 0x29, 0x2a, &(0x7f0000000580)=""/148, &(0x7f0000000480)=0x94) r5 = inotify_init1(0x80800) dup2(r4, r5) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1eec7e667e9c22c674d6eb942b78258369909dc", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000000280)) sendmsg$IPVS_CMD_GET_INFO(r1, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(r2, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}, 0x10}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(r1, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) ioctl(r0, 0x2285, &(0x7f0000007000)='S') [ 417.002582] ? __lock_is_held+0xb6/0x140 [ 417.006639] ? mark_held_locks+0xaf/0x100 [ 417.010780] ? __raw_spin_lock_init+0x1c/0x100 [ 417.015364] ? find_held_lock+0x35/0x1d0 [ 417.019425] ? __lock_is_held+0xb6/0x140 [ 417.023494] ? check_same_owner+0x320/0x320 [ 417.027810] ? d_alloc+0x269/0x340 [ 417.031348] ? rcu_note_context_switch+0x710/0x710 [ 417.036274] ? lock_release+0xa40/0xa40 [ 417.040255] should_failslab+0xec/0x120 [ 417.044223] kmem_cache_alloc+0x47/0x760 [ 417.048294] ? d_drop+0x51/0x60 [ 417.051573] ? rpc_i_callback+0x30/0x30 [ 417.055542] rpc_alloc_inode+0x1a/0x20 [ 417.059425] alloc_inode+0x65/0x180 [ 417.063048] new_inode_pseudo+0x69/0x190 [ 417.067101] ? prune_icache_sb+0x1a0/0x1a0 [ 417.071334] ? do_raw_spin_trylock+0x190/0x190 [ 417.075910] ? d_add+0xa70/0xa70 [ 417.077945] binder: 26979:26983 BC_REQUEST_DEATH_NOTIFICATION invalid ref 3 [ 417.079269] new_inode+0x1c/0x40 [ 417.079282] rpc_get_inode+0x20/0x1e0 [ 417.079293] __rpc_create_common+0x5d/0x1d0 [ 417.079308] rpc_populate.constprop.15+0x1ad/0x340 [ 417.079321] rpc_fill_super+0x379/0xae0 [ 417.106683] ? cap_capable+0x1b5/0x230 [ 417.110551] ? rpc_remove_pipe_dir_object+0x6d0/0x6d0 [ 417.115717] ? security_capable+0x8e/0xc0 [ 417.119842] ? rpc_remove_pipe_dir_object+0x6d0/0x6d0 [ 417.125011] ? ns_capable_common+0xcf/0x160 [ 417.129311] ? rpc_remove_pipe_dir_object+0x6d0/0x6d0 [ 417.134473] mount_ns+0xc4/0x190 [ 417.137815] rpc_mount+0x9e/0xd0 [ 417.141156] mount_fs+0x66/0x2d0 [ 417.144500] vfs_kern_mount.part.26+0xc6/0x4a0 [ 417.149058] ? may_umount+0xa0/0xa0 [ 417.152662] ? _raw_read_unlock+0x22/0x30 [ 417.156784] ? __get_fs_type+0x8a/0xc0 [ 417.160648] do_mount+0xea4/0x2bb0 [ 417.164167] ? copy_mount_string+0x40/0x40 [ 417.168377] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 417.173370] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 417.178103] ? retint_kernel+0x10/0x10 [ 417.181967] ? copy_mount_options+0x18b/0x2e0 [ 417.186449] ? audit_kill_trees+0x430/0x430 [ 417.190749] ? copy_mount_options+0x1f7/0x2e0 [ 417.195219] SyS_mount+0xab/0x120 [ 417.198649] ? copy_mnt_ns+0xb30/0xb30 [ 417.202513] do_syscall_64+0x281/0x940 [ 417.206378] ? vmalloc_sync_all+0x30/0x30 [ 417.210500] ? _raw_spin_unlock_irq+0x27/0x70 [ 417.214972] ? finish_task_switch+0x1c1/0x7e0 [ 417.219445] ? syscall_return_slowpath+0x550/0x550 [ 417.224348] ? syscall_return_slowpath+0x2ac/0x550 [ 417.229253] ? prepare_exit_to_usermode+0x350/0x350 [ 417.234250] ? entry_SYSCALL_64_after_hwframe+0x52/0xb7 [ 417.239588] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 417.244409] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 417.249571] RIP: 0033:0x454e79 [ 417.252738] RSP: 002b:00007fb29f67ac68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 417.260419] RAX: ffffffffffffffda RBX: 00007fb29f67b6d4 RCX: 0000000000454e79 [ 417.267666] RDX: 0000000020000240 RSI: 0000000020026ff8 RDI: 0000000020000280 [ 417.274909] RBP: 000000000072bea0 R08: 0000000020ae2fff R09: 0000000000000000 [ 417.282152] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000014 [ 417.289395] R13: 00000000000003fa R14: 00000000006f8010 R15: 000000000000002e [ 417.296937] net/sunrpc/rpc_pipe.c: __rpc_create_common failed to allocate inode for dentry nfsd4_cb 2018/03/31 03:07:53 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x20000, 0x0) r1 = syz_open_dev$sndtimer(&(0x7f00000000c0)='/dev/snd/timer\x00', 0x0, 0x0) read(r1, &(0x7f0000ec6000)=""/50, 0x32) r2 = socket$bt_cmtp(0x1f, 0x3, 0x5) ioctl$sock_bt_cmtp_CMTPGETCONNINFO(r2, 0x800443d3, &(0x7f0000000080)={{0x6, 0x6, 0xffffffffffffff0b, 0xb73, 0x3ff, 0xfff}, 0xf32, 0x80000001, 0x7}) r3 = syz_open_dev$amidi(&(0x7f00000001c0)='/dev/amidi#\x00', 0x0, 0x0) accept4$vsock_stream(r3, &(0x7f0000000340)={0x28, 0x0, 0xffffffff, @my=0x0}, 0x10, 0x80000) ioctl$SNDRV_TIMER_IOCTL_SELECT(r1, 0x40345410, &(0x7f0000000400)={{0x80100000001}}) ioctl$SNDRV_TIMER_IOCTL_PARAMS(r1, 0x40505412, &(0x7f000001cfb0)={0x0, 0x0, 0x0, 0x0, 0xf}) read(r3, &(0x7f0000000200)=""/228, 0x56c) r4 = openat$cuse(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/cuse\x00', 0x400000, 0x0) getsockopt$netrom_NETROM_T1(r4, 0x103, 0x1, &(0x7f0000000600), &(0x7f0000000640)=0x4) ioctl$SNDRV_TIMER_IOCTL_START(r1, 0x54a0) socket$nl_xfrm(0x10, 0x3, 0x6) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000680)='/dev/vga_arbiter\x00', 0x8000, 0x0) ioctl$KVM_SET_NR_MMU_PAGES(r4, 0xae44, 0x40) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f0000000480)) r5 = dup2(0xffffffffffffffff, r0) bind$bt_l2cap(r5, &(0x7f0000000040)={0x1f, 0x5b91, {0xd, 0x0, 0x0, 0x8006, 0x5, 0x6}, 0x0, 0x5}, 0xe) preadv(r5, &(0x7f00000007c0)=[{&(0x7f0000000140)=""/100, 0x64}, {&(0x7f0000000240)=""/66, 0x42}, {&(0x7f00000002c0)=""/115, 0x73}, {&(0x7f0000000380)=""/71, 0x47}], 0x4, 0x16) 2018/03/31 03:07:53 executing program 2: sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r0 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) r1 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) fchdir(0xffffffffffffffff) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) getsockopt$inet6_tcp_buf(r0, 0x6, 0xf, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_pid(r3, &(0x7f0000000100)=ANY=[], 0x1023c) fadvise64(r2, 0x0, 0x0, 0x4) ioctl$TUNGETFEATURES(r2, 0x800454cf, &(0x7f00000002c0)) fallocate(r2, 0x0, 0x0, 0xffff) r4 = inotify_init1(0x0) open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) r5 = inotify_init1(0x80800) dup2(r4, r5) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000000280)) sendmsg$IPVS_CMD_GET_INFO(r1, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(r1, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) ioctl(r0, 0x2285, &(0x7f0000007000)='S') 2018/03/31 03:07:53 executing program 5: sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r0 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) r1 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) fchdir(0xffffffffffffffff) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) getsockopt$inet6_tcp_buf(r0, 0x6, 0xf, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_pid(r3, &(0x7f0000000100)=ANY=[], 0x1023c) fadvise64(r2, 0x0, 0x0, 0x4) ioctl$TUNGETFEATURES(r2, 0x800454cf, &(0x7f00000002c0)) fallocate(r2, 0x0, 0x0, 0xffff) r4 = inotify_init1(0x0) r5 = open(&(0x7f0000000440)='./file0/file0\x00', 0x181000, 0x0) r6 = inotify_init1(0x80800) dup2(r4, r6) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1eec7e667e9c22c674d6eb942b78258369909dc", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000000280)) ftruncate(r5, 0x574) sendmsg$IPVS_CMD_GET_INFO(r1, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(r2, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) set_thread_area(&(0x7f0000000040)={0x81, 0xffffffff, 0x0, 0x0, 0x8, 0xff7, 0x80000000, 0xd87b, 0xf6c, 0xffffffff}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(r1, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) ioctl(r0, 0x2285, &(0x7f0000007000)='S') [ 417.322945] binder: 26979:26983 Acquire 1 refcount change on invalid ref 0 ret -22 [ 417.330764] binder: 26979:26983 BC_ACQUIRE_DONE u0000000000000000 no match [ 417.337830] binder: 26979:26983 unknown command 0 2018/03/31 03:07:53 executing program 3: openat$ppp(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ppp\x00', 0x40000, 0x0) sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r0 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) r1 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) fchdir(0xffffffffffffffff) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) socket(0xf, 0x7, 0x8) getsockopt$inet6_tcp_buf(r0, 0x6, 0xf, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_pid(r3, &(0x7f0000000100)=ANY=[], 0x1023c) fadvise64(r2, 0x0, 0x0, 0x4) ioctl$TUNGETFEATURES(r2, 0x800454cf, &(0x7f00000002c0)) fallocate(r2, 0x0, 0x0, 0xffff) r4 = inotify_init1(0x0) open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) getsockopt$inet6_buf(r3, 0x29, 0x2a, &(0x7f0000000580)=""/148, &(0x7f0000000480)=0x94) r5 = inotify_init1(0x80800) dup2(r4, r5) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1eec7e667e9c22c674d6eb942b78258369909dc", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000000280)) sendmsg$IPVS_CMD_GET_INFO(r1, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(r2, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}, 0x10}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(r1, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) ioctl(r0, 0x2285, &(0x7f0000007000)='S') [ 417.384090] binder: 26979:26983 ioctl c0306201 200001c0 returned -22 [ 417.502663] net/sunrpc/rpc_pipe.c: rpc_populate failed to populate directory / 2018/03/31 03:07:54 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x20000, 0x0) r1 = syz_open_dev$sndtimer(&(0x7f0000000440)='/dev/snd/timer\x00', 0x0, 0x0) read(r1, &(0x7f0000ec6000)=""/50, 0x32) r2 = socket$bt_cmtp(0x1f, 0x3, 0x5) ioctl$sock_bt_cmtp_CMTPGETCONNINFO(r2, 0x800443d3, &(0x7f0000000080)={{0x6, 0x6, 0xffffffffffffff0b, 0xb73, 0x3ff, 0xfff}, 0xf32, 0x80000001, 0x7}) r3 = syz_open_dev$amidi(&(0x7f00000001c0)='/dev/amidi#\x00', 0x0, 0x0) accept4$vsock_stream(r3, &(0x7f0000000340)={0x28, 0x0, 0xffffffff, @my=0x0}, 0x10, 0x80000) ioctl$SNDRV_TIMER_IOCTL_SELECT(r1, 0x40345410, &(0x7f0000000400)={{0x80100000001}}) ioctl$SNDRV_TIMER_IOCTL_PARAMS(r1, 0x40505412, &(0x7f000001cfb0)={0x0, 0x0, 0x0, 0x0, 0xf}) read(r1, &(0x7f0000000200)=""/228, 0xe4) r4 = openat$cuse(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/cuse\x00', 0x400000, 0x0) getsockopt$netrom_NETROM_T1(r4, 0x103, 0x1, &(0x7f0000000600), &(0x7f0000000640)=0x4) ioctl$SNDRV_TIMER_IOCTL_START(r1, 0x54a0) socket$nl_xfrm(0x10, 0x3, 0x6) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/vga_arbiter\x00', 0x8000, 0x0) ioctl$KVM_SET_NR_MMU_PAGES(r4, 0xae44, 0x40) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f0000000480)) r5 = dup2(0xffffffffffffffff, r0) bind$bt_l2cap(r5, &(0x7f0000000040)={0x1f, 0x5b91, {0xd, 0x0, 0x0, 0x8006, 0x5, 0x6}, 0x0, 0x5}, 0xe) preadv(r5, &(0x7f00000007c0)=[{&(0x7f0000000140)=""/100, 0x64}, {&(0x7f0000000240)=""/66, 0x42}, {&(0x7f00000002c0)=""/115, 0x73}, {&(0x7f0000000380)=""/71, 0x47}], 0x4, 0x16) 2018/03/31 03:07:54 executing program 5: sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r0 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) r1 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) fchdir(0xffffffffffffffff) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) getsockopt$inet6_tcp_buf(r0, 0x6, 0xf, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_pid(r3, &(0x7f0000000100)=ANY=[], 0x1023c) fadvise64(r2, 0x0, 0x0, 0x4) ioctl$TUNGETFEATURES(r2, 0x800454cf, &(0x7f00000002c0)) fallocate(r2, 0x0, 0x0, 0xffff) r4 = inotify_init1(0x0) open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) r5 = inotify_init1(0x80800) dup2(r4, r5) ioctl$fiemap(r5, 0xc020660b, &(0x7f0000000580)={0x6, 0x81, 0x2, 0x8, 0x5, [{0x5, 0xc7f4ad6, 0x5, 0x0, 0x0, 0x5}, {0x8, 0x200, 0x4, 0x0, 0x0, 0x804}, {0x5, 0x2, 0x1ff, 0x0, 0x0, 0xc00}, {0x2, 0x7, 0xd5, 0x0, 0x0, 0x1200}, {0x401, 0x2, 0x9, 0x0, 0x0, 0x204}]}) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1eec7e667e9c22c674d6eb942b78258369909dc", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000000280)) sendmsg$IPVS_CMD_GET_INFO(r1, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(r2, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) epoll_ctl$EPOLL_CTL_DEL(r3, 0x2, r4) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(r1, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) ioctl(r0, 0x2285, &(0x7f0000007000)='S') 2018/03/31 03:07:54 executing program 2: sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r0 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) r1 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) fchdir(0xffffffffffffffff) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) getsockopt$inet6_tcp_buf(r0, 0x6, 0xf, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_pid(r3, &(0x7f0000000100)=ANY=[], 0x1023c) fadvise64(r2, 0x0, 0x0, 0x4) ioctl$TUNGETFEATURES(r2, 0x800454cf, &(0x7f00000002c0)) fallocate(r2, 0x0, 0x0, 0xffff) r4 = inotify_init1(0x0) open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) r5 = inotify_init1(0x80800) dup2(r4, r5) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1eec7e667e9c22c674d6e", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000000280)) sendmsg$IPVS_CMD_GET_INFO(r1, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(r1, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) ioctl(r0, 0x2285, &(0x7f0000007000)='S') 2018/03/31 03:07:54 executing program 3: openat$ppp(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ppp\x00', 0x40000, 0x0) sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r0 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) r1 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) fchdir(0xffffffffffffffff) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) socket(0xf, 0x7, 0x8) getsockopt$inet6_tcp_buf(r0, 0x6, 0xf, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_pid(r3, &(0x7f0000000100)=ANY=[], 0x1023c) fadvise64(r2, 0x0, 0x0, 0x4) ioctl$TUNGETFEATURES(r2, 0x800454cf, &(0x7f00000002c0)) fallocate(r2, 0x0, 0x0, 0xffff) r4 = inotify_init1(0x0) open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) getsockopt$inet6_buf(r3, 0x29, 0x2a, &(0x7f0000000580)=""/148, &(0x7f0000000480)=0x94) r5 = inotify_init1(0x80800) dup2(r4, r5) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1eec7e667e9c22c674d6eb942b78258369909dc", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000000280)) sendmsg$IPVS_CMD_GET_INFO(r1, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(r2, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}, 0x10}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(r1, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) ioctl(r0, 0x2285, &(0x7f0000007000)='S') 2018/03/31 03:07:54 executing program 7: sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r0 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) r1 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) fchdir(0xffffffffffffffff) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) getsockopt$inet6_tcp_buf(r0, 0x6, 0xf, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_pid(r3, &(0x7f0000000100)=ANY=[], 0x1023c) fadvise64(r2, 0x0, 0x0, 0x4) ioctl$TUNGETFEATURES(r2, 0x800454cf, &(0x7f00000002c0)) fallocate(r2, 0x0, 0x0, 0xffff) r4 = inotify_init1(0x0) open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) r5 = inotify_init1(0x80800) r6 = dup2(r4, r5) getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r0, 0x84, 0x6, &(0x7f0000000440)={0x0, @in={{0x2, 0x4e23}}}, &(0x7f0000000580)=0x84) getsockopt$inet_sctp_SCTP_I_WANT_MAPPED_V4_ADDR(r6, 0x84, 0xc, &(0x7f0000000640), &(0x7f0000000680)=0x4) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r6, 0x84, 0x10, &(0x7f00000005c0)=@assoc_value={r7, 0x9249}, &(0x7f0000000600)=0x8) fstatfs(r4, &(0x7f0000000040)=""/62) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1eec7e667e9c22c674d6eb942b78258369909dc", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000000280)) sendmsg$IPVS_CMD_GET_INFO(r1, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(r2, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(r1, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) ioctl(r0, 0x2285, &(0x7f0000007000)='S') 2018/03/31 03:07:54 executing program 4: getgroups(0x0, &(0x7f0000000500)) r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ppp\x00', 0x800, 0x0) ioctl$SNDRV_CTL_IOCTL_TLV_READ(r0, 0xc008551a, &(0x7f0000000040)={0x3, 0x1c, [0x8, 0x6, 0x9, 0x5, 0x5, 0x100000002, 0x2b]}) mmap$binder(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f00000001c0)={0x74, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0c6300000e630c40030000000000000000000000056304400000000009631040", @ANYBLOB, @ANYBLOB="000000000000000000634040000000000000000002000000000000000000000001000000000000000000000018000000000000001000000000000000", @ANYPTR=&(0x7f0000000080)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00H\x00\x00\x00\x00\x00\x00\x00'], @ANYRES64, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0xeb, 0x0, &(0x7f00000002c0)="e718c6edde7a3b7c6af63e413cd5ffd2355006b90295e59b944ae30b53c5e0fb06504316e64898a349e3220fa658c2092306f433254289bcf5cf48a952c6e7eb4c54969299c6123213c5518ec0276eec669de3b62c531bcf2ba950c84bb12b57275938926ff74b0a8fe76d6e8de191b41f549e02c8262b5bf0d716c5f23d4dae1e2d8aac7c0b2386ed16e3b0c7fb6e60c5bbd3d1efb87f99573a5ced5b7f13f75995a776f3c7e6ed23b5056ebec90c762d6ebdd8a7de0f61884f12294d1a1a3696ca768758bc197a050a453209d4fe9930a7053742a70a6fe08461645091bc00c6f25addfbc55c3d37fe35"}) 2018/03/31 03:07:54 executing program 1 (fault-call:10 fault-nth:47): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x2800000, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="8da4363a00000000000000000000000000000000000000000000000000000000ecf6f2a3299748aeb81e1b00920efd9a000001000000000001000000000000005f42485266535f4d050000000000000000104000000000000000020000000000000000000000000000000000000000000000800200000000007000000000000006000000000000000100000000000000001000000010000000100000001000006100000004000000000000000000000000000000000000000000000045010000000000000000000000010000000000000000008002000000000000800000000000001000000010000000100000000000000000000000000000000000000000000000000000000000000000c08de47c70514c95b95e109e96a0b90decf6f2a3299748aeb81e1b00920efd9a00", 0x12c, 0x10000}], 0x0, &(0x7f0000014300)) mkdir(&(0x7f0000000040)='./file0\x00', 0x1c1) syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000180)="2f2f66696c653002", 0x80, 0x1, &(0x7f0000000900)=[{&(0x7f0000000400)="726b0bf4cf9ea0007fa7cf2e5c463c327b275b956e7a407a7776f3f680f45f33407d01287d4ef58cd8d319309c29643917d4bc86f568f8852b2e6c7cee837e0715e7aa7f82e970e6d76f2290b63efeed63f0785b36f4e95bdf2f07271dbd7d278d79d59de5", 0x65, 0x4}], 0x240000, &(0x7f0000000a00)={'nouuid,'}) r0 = open(&(0x7f00000002c0)='./file0\x00', 0x0, 0x0) symlinkat(&(0x7f0000000240)='./file0/file0/file0\x00', r0, &(0x7f0000000140)='./file0\x00') ioctl$UFFDIO_UNREGISTER(r0, 0x8010aa01, &(0x7f00000003c0)={&(0x7f0000ffc000/0x1000)=nil, 0x1000}) syz_open_pts(r0, 0x646041) unlinkat(r0, &(0x7f0000000080)='./file0/file0/file0\x00', 0x0) renameat(r0, &(0x7f0000000040)="2f2f66696c653002", 0xffffffffffffffff, &(0x7f0000000100)='./file1\x00') mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f0000000280)='./file0/file0\x00', &(0x7f0000026ff8)='./file0\x00', &(0x7f0000000240)='rpc_pipefs\x00', 0x0, &(0x7f0000ae2fff)) umount2(&(0x7f0000000000)='./file0\x00', 0x0) fcntl$notify(r0, 0x402, 0x1b) symlinkat(&(0x7f0000000800)='./file0\x00', 0xffffffffffffffff, &(0x7f0000000780)='./file0/file0\x00') mkdir(&(0x7f0000000380)='./file0\x00', 0x2) renameat(r0, &(0x7f0000000300)="2f2f66696c653002", 0xffffffffffffffff, &(0x7f0000000340)='./file1\x00') 2018/03/31 03:07:54 executing program 6: sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r0 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) r1 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) fchdir(0xffffffffffffffff) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) getsockopt$inet6_tcp_buf(r0, 0x6, 0xf, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_pid(0xffffffffffffffff, &(0x7f0000000100)=ANY=[], 0x1023c) fadvise64(r2, 0x0, 0x0, 0x4) ioctl$TUNGETFEATURES(r2, 0x800454cf, &(0x7f00000002c0)) fallocate(r2, 0x0, 0x0, 0xffff) r4 = inotify_init1(0x0) open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) r5 = inotify_init1(0x80800) dup2(r4, r5) fstatfs(r4, &(0x7f0000000040)=""/62) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000000280)) sendmsg$IPVS_CMD_GET_INFO(r1, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(r2, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(r1, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) ioctl(r0, 0x2285, &(0x7f0000007000)='S') [ 418.253089] FAULT_INJECTION: forcing a failure. [ 418.253089] name failslab, interval 1, probability 0, space 0, times 0 [ 418.264596] CPU: 0 PID: 27017 Comm: syz-executor1 Not tainted 4.16.0-rc7+ #7 [ 418.271785] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 418.281146] Call Trace: [ 418.283759] dump_stack+0x194/0x24d [ 418.287392] ? arch_local_irq_restore+0x53/0x53 [ 418.292062] should_fail+0x8c0/0xa40 [ 418.295758] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 418.300837] ? __lock_is_held+0xb6/0x140 [ 418.304876] ? mark_held_locks+0xaf/0x100 [ 418.309004] ? __raw_spin_lock_init+0x1c/0x100 [ 418.313571] ? find_held_lock+0x35/0x1d0 [ 418.317608] ? __lock_is_held+0xb6/0x140 [ 418.321654] ? check_same_owner+0x320/0x320 [ 418.325965] ? d_alloc+0x269/0x340 [ 418.329483] ? rcu_note_context_switch+0x710/0x710 [ 418.334390] ? lock_release+0xa40/0xa40 [ 418.338344] should_failslab+0xec/0x120 [ 418.342295] kmem_cache_alloc+0x47/0x760 [ 418.346332] ? d_drop+0x51/0x60 [ 418.349587] ? rpc_i_callback+0x30/0x30 [ 418.353538] rpc_alloc_inode+0x1a/0x20 [ 418.357400] alloc_inode+0x65/0x180 [ 418.361005] new_inode_pseudo+0x69/0x190 [ 418.365046] ? prune_icache_sb+0x1a0/0x1a0 [ 418.369255] ? do_raw_spin_trylock+0x190/0x190 [ 418.373815] ? d_add+0xa70/0xa70 [ 418.377163] new_inode+0x1c/0x40 [ 418.380510] rpc_get_inode+0x20/0x1e0 [ 418.384287] __rpc_create_common+0x5d/0x1d0 [ 418.388587] rpc_populate.constprop.15+0x1ad/0x340 [ 418.393496] rpc_fill_super+0x379/0xae0 [ 418.397472] ? cap_capable+0x1b5/0x230 [ 418.401339] ? rpc_remove_pipe_dir_object+0x6d0/0x6d0 [ 418.406510] ? security_capable+0x8e/0xc0 [ 418.410639] ? rpc_remove_pipe_dir_object+0x6d0/0x6d0 [ 418.415805] ? ns_capable_common+0xcf/0x160 [ 418.420103] ? rpc_remove_pipe_dir_object+0x6d0/0x6d0 [ 418.425279] mount_ns+0xc4/0x190 [ 418.428621] rpc_mount+0x9e/0xd0 [ 418.431966] mount_fs+0x66/0x2d0 [ 418.435310] vfs_kern_mount.part.26+0xc6/0x4a0 [ 418.439869] ? may_umount+0xa0/0xa0 [ 418.443473] ? _raw_read_unlock+0x22/0x30 [ 418.447596] ? __get_fs_type+0x8a/0xc0 [ 418.451459] do_mount+0xea4/0x2bb0 [ 418.454974] ? copy_mount_string+0x40/0x40 [ 418.459184] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 418.464178] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 418.468911] ? retint_kernel+0x10/0x10 [ 418.472777] ? copy_mount_options+0x18b/0x2e0 [ 418.477246] ? copy_mount_options+0x193/0x2e0 [ 418.481718] ? copy_mount_options+0x1f7/0x2e0 [ 418.486188] SyS_mount+0xab/0x120 [ 418.489613] ? copy_mnt_ns+0xb30/0xb30 [ 418.493479] do_syscall_64+0x281/0x940 [ 418.497341] ? vmalloc_sync_all+0x30/0x30 [ 418.501463] ? _raw_spin_unlock_irq+0x27/0x70 [ 418.505933] ? finish_task_switch+0x1c1/0x7e0 [ 418.510404] ? syscall_return_slowpath+0x550/0x550 [ 418.515309] ? syscall_return_slowpath+0x2ac/0x550 [ 418.520212] ? prepare_exit_to_usermode+0x350/0x350 [ 418.525204] ? entry_SYSCALL_64_after_hwframe+0x52/0xb7 [ 418.530542] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 418.535367] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 418.540529] RIP: 0033:0x454e79 [ 418.543694] RSP: 002b:00007fb29f67ac68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 418.551376] RAX: ffffffffffffffda RBX: 00007fb29f67b6d4 RCX: 0000000000454e79 [ 418.558632] RDX: 0000000020000240 RSI: 0000000020026ff8 RDI: 0000000020000280 [ 418.565877] RBP: 000000000072bea0 R08: 0000000020ae2fff R09: 0000000000000000 [ 418.573122] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000014 [ 418.580367] R13: 00000000000003fa R14: 00000000006f8010 R15: 000000000000002f [ 418.587837] net/sunrpc/rpc_pipe.c: __rpc_create_common failed to allocate inode for dentry nfsd4_cb 2018/03/31 03:07:54 executing program 2: sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r0 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) r1 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) fchdir(0xffffffffffffffff) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) getsockopt$inet6_tcp_buf(r0, 0x6, 0xf, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_pid(r3, &(0x7f0000000100)=ANY=[], 0x1023c) fadvise64(r2, 0x0, 0x0, 0x4) ioctl$TUNGETFEATURES(r2, 0x800454cf, &(0x7f00000002c0)) fallocate(r2, 0x0, 0x0, 0xffff) r4 = inotify_init1(0x0) open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) r5 = inotify_init1(0x80800) dup2(r4, r5) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1eec7e667e9c22c674d6e", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000000280)) sendmsg$IPVS_CMD_GET_INFO(r1, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(r1, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) ioctl(r0, 0x2285, &(0x7f0000007000)='S') 2018/03/31 03:07:55 executing program 4: r0 = syz_open_dev$binder(&(0x7f00000004c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) getgroups(0x0, &(0x7f0000000500)) mmap$binder(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x1010, r0, 0x0) mmap$binder(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x74, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0c6300000e630c40030000000000000000000000056304400000000009631040", @ANYBLOB, @ANYBLOB="000000000000000000634040000000000000000002000000000000000000000001000000000000000000000018000000000000001000000000000000", @ANYPTR=&(0x7f0000000080)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00H\x00\x00\x00\x00\x00\x00\x00'], @ANYRES64, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0xeb, 0x0, &(0x7f00000002c0)="e718c6edde7a3b7c6af63e413cd5ffd2355006b90295e59b944ae30b53c5e0fb06504316e64898a349e3220fa658c2092306f433254289bcf5cf48a952c6e7eb4c54969299c6123213c5518ec0276eec669de3b62c531bcf2ba950c84bb12b57275938926ff74b0a8fe76d6e8de191b41f549e02c8262b5bf0d716c5f23d4dae1e2d8aac7c0b2386ed16e3b0c7fb6e60c5bbd3d1efb87f99573a5ced5b7f13f75995a776f3c7e6ed23b5056ebec90c762d6ebdd8a7de0f61884f12294d1a1a3696ca768758bc197a050a453209d4fe9930a7053742a70a6fe08461645091bc00c6f25addfbc55c3d37fe35"}) 2018/03/31 03:07:55 executing program 3: ioctl$FIONREAD(0xffffffffffffffff, 0x541b, &(0x7f0000000440)) sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r0 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) r1 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) fchdir(0xffffffffffffffff) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) socket(0xf, 0x7, 0x8) getsockopt$inet6_tcp_buf(r0, 0x6, 0xf, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_pid(r3, &(0x7f0000000100)=ANY=[], 0x1023c) fadvise64(r2, 0x0, 0x0, 0x4) ioctl$TUNGETFEATURES(r2, 0x800454cf, &(0x7f00000002c0)) fallocate(r2, 0x0, 0x0, 0xffff) r4 = inotify_init1(0x0) open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) getsockopt$inet6_buf(r3, 0x29, 0x2a, &(0x7f0000000580)=""/148, &(0x7f0000000480)=0x94) r5 = inotify_init1(0x80800) dup2(r4, r5) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1eec7e667e9c22c674d6eb942b78258369909dc", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000000280)) sendmsg$IPVS_CMD_GET_INFO(r1, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(r2, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}, 0x10}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(r1, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) ioctl(r0, 0x2285, &(0x7f0000007000)='S') [ 418.703938] binder: 27036:27038 BC_REQUEST_DEATH_NOTIFICATION invalid ref 3 [ 418.726280] binder: 27036:27038 Acquire 1 refcount change on invalid ref 0 ret -22 [ 418.734154] binder: 27036:27038 BC_ACQUIRE_DONE u0000000000000000 no match [ 418.741204] binder: 27036:27038 unknown command 0 [ 418.756122] binder: 27036:27038 ioctl c0306201 200001c0 returned -22 [ 418.765932] net/sunrpc/rpc_pipe.c: rpc_populate failed to populate directory / [ 418.778236] binder: 27036:27045 BC_REQUEST_DEATH_NOTIFICATION invalid ref 3 [ 418.801333] binder: 27036:27045 Acquire 1 refcount change on invalid ref 0 ret -22 [ 418.809156] binder: 27036:27045 BC_ACQUIRE_DONE u0000000000000000 no match [ 418.816261] binder: 27036:27045 unknown command 0 [ 418.822088] binder: 27036:27045 ioctl c0306201 200001c0 returned -22 2018/03/31 03:07:56 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x20000, 0x0) r1 = syz_open_dev$sndtimer(&(0x7f00000000c0)='/dev/snd/timer\x00', 0x0, 0x0) read(r1, &(0x7f0000ec6000)=""/50, 0x32) r2 = socket$bt_cmtp(0x1f, 0x3, 0x5) ioctl$sock_bt_cmtp_CMTPGETCONNINFO(r2, 0x800443d3, &(0x7f0000000080)={{0x6, 0x6, 0xffffffffffffff0b, 0xb73, 0x3ff, 0xfff}, 0xf32, 0x80000001, 0x7}) r3 = syz_open_dev$amidi(&(0x7f00000001c0)='/dev/amidi#\x00', 0x0, 0x0) accept4$vsock_stream(r3, &(0x7f0000000340)={0x28, 0x0, 0xffffffff, @reserved=0x1}, 0xc, 0x80000) ioctl$SNDRV_TIMER_IOCTL_SELECT(r1, 0x40345410, &(0x7f0000000400)={{0x80100000001}}) ioctl$SNDRV_TIMER_IOCTL_PARAMS(r1, 0x40505412, &(0x7f000001cfb0)={0x0, 0x0, 0x0, 0x0, 0xf}) read(r1, &(0x7f0000000200)=""/228, 0xe4) r4 = openat$cuse(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/cuse\x00', 0x400000, 0x0) getsockopt$netrom_NETROM_T1(r4, 0x103, 0x1, &(0x7f0000000600), &(0x7f0000000640)=0x4) ioctl$SNDRV_TIMER_IOCTL_START(r1, 0x54a0) socket$nl_xfrm(0x10, 0x3, 0x6) fcntl$addseals(r2, 0x409, 0x8) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000680)='/dev/vga_arbiter\x00', 0x8000, 0x0) ioctl$KVM_SET_NR_MMU_PAGES(r4, 0xae44, 0x40) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f0000000480)) r5 = dup2(r2, r0) bind$bt_l2cap(r5, &(0x7f0000000040)={0x1f, 0x5b91, {0xd, 0x0, 0x0, 0x8006, 0x5, 0x6}, 0x0, 0x5}, 0xe) preadv(r5, &(0x7f00000007c0)=[{&(0x7f0000000140)=""/100, 0x64}, {&(0x7f0000000240)=""/66, 0x42}, {&(0x7f00000002c0)=""/115, 0x73}, {&(0x7f0000000380)=""/71, 0x47}], 0x4, 0x16) 2018/03/31 03:07:56 executing program 6: sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r0 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) r1 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) fchdir(0xffffffffffffffff) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) getsockopt$inet6_tcp_buf(r0, 0x6, 0xf, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_pid(0xffffffffffffffff, &(0x7f0000000100)=ANY=[], 0x1023c) fadvise64(r2, 0x0, 0x0, 0x4) ioctl$TUNGETFEATURES(r2, 0x800454cf, &(0x7f00000002c0)) fallocate(r2, 0x0, 0x0, 0xffff) r4 = inotify_init1(0x0) open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) r5 = inotify_init1(0x80800) dup2(r4, r5) fstatfs(r4, &(0x7f0000000040)=""/62) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000000280)) sendmsg$IPVS_CMD_GET_INFO(r1, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(r2, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(r1, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) ioctl(r0, 0x2285, &(0x7f0000007000)='S') 2018/03/31 03:07:56 executing program 1 (fault-call:10 fault-nth:48): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x2800000, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="8da4363a00000000000000000000000000000000000000000000000000000000ecf6f2a3299748aeb81e1b00920efd9a000001000000000001000000000000005f42485266535f4d050000000000000000104000000000000000020000000000000000000000000000000000000000000000800200000000007000000000000006000000000000000100000000000000001000000010000000100000001000006100000004000000000000000000000000000000000000000000000045010000000000000000000000010000000000000000008002000000000000800000000000001000000010000000100000000000000000000000000000000000000000000000000000000000000000c08de47c70514c95b95e109e96a0b90decf6f2a3299748aeb81e1b00920efd9a00", 0x12c, 0x10000}], 0x0, &(0x7f0000014300)) mkdir(&(0x7f0000000040)='./file0\x00', 0x1c1) syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000180)="2f2f66696c653002", 0x80, 0x1, &(0x7f0000000900)=[{&(0x7f0000000400)="726b0bf4cf9ea0007fa7cf2e5c463c327b275b956e7a407a7776f3f680f45f33407d01287d4ef58cd8d319309c29643917d4bc86f568f8852b2e6c7cee837e0715e7aa7f82e970e6d76f2290b63efeed63f0785b36f4e95bdf2f07271dbd7d278d79d59de5", 0x65, 0x4}], 0x240000, &(0x7f0000000a00)={'nouuid,'}) r0 = open(&(0x7f00000002c0)='./file0\x00', 0x0, 0x0) symlinkat(&(0x7f0000000240)='./file0/file0/file0\x00', r0, &(0x7f0000000140)='./file0\x00') ioctl$UFFDIO_UNREGISTER(r0, 0x8010aa01, &(0x7f00000003c0)={&(0x7f0000ffc000/0x1000)=nil, 0x1000}) syz_open_pts(r0, 0x646041) unlinkat(r0, &(0x7f0000000080)='./file0/file0/file0\x00', 0x0) renameat(r0, &(0x7f0000000040)="2f2f66696c653002", 0xffffffffffffffff, &(0x7f0000000100)='./file1\x00') mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f0000000280)='./file0/file0\x00', &(0x7f0000026ff8)='./file0\x00', &(0x7f0000000240)='rpc_pipefs\x00', 0x0, &(0x7f0000ae2fff)) umount2(&(0x7f0000000000)='./file0\x00', 0x0) fcntl$notify(r0, 0x402, 0x1b) symlinkat(&(0x7f0000000800)='./file0\x00', 0xffffffffffffffff, &(0x7f0000000780)='./file0/file0\x00') mkdir(&(0x7f0000000380)='./file0\x00', 0x2) renameat(r0, &(0x7f0000000300)="2f2f66696c653002", 0xffffffffffffffff, &(0x7f0000000340)='./file1\x00') 2018/03/31 03:07:56 executing program 5: sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r0 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) r1 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) fchdir(0xffffffffffffffff) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) getsockopt$inet6_tcp_buf(r0, 0x6, 0xf, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_pid(r3, &(0x7f0000000100)=ANY=[], 0x1023c) fadvise64(r2, 0x0, 0x0, 0x4) ioctl$TUNGETFEATURES(r2, 0x800454cf, &(0x7f00000002c0)) fallocate(r2, 0x0, 0x0, 0xffff) getsockopt$sock_timeval(r3, 0x1, 0x15, &(0x7f0000000040), &(0x7f0000000440)=0x10) r4 = inotify_init1(0x0) open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) r5 = inotify_init1(0x80800) dup2(r4, r5) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1eec7e667e9c22c674d6eb942b78258369909dc", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000000280)) sendmsg$IPVS_CMD_GET_INFO(r1, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(r2, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(r1, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) ioctl(r0, 0x2285, &(0x7f0000007000)='S') 2018/03/31 03:07:56 executing program 7: sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r0 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) r1 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) fchdir(0xffffffffffffffff) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) getsockopt$inet6_tcp_buf(r0, 0x6, 0xf, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_pid(r3, &(0x7f0000000100)=ANY=[], 0x1023c) fadvise64(r2, 0x0, 0x0, 0x4) ioctl$TUNGETFEATURES(r2, 0x800454cf, &(0x7f00000002c0)) fallocate(r2, 0x0, 0x0, 0xffff) r4 = inotify_init1(0x0) open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) r5 = inotify_init1(0x80800) dup2(r4, r5) fstatfs(r4, &(0x7f0000000040)=""/62) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1eec7e667e9c22c674d6eb942b78258369909dc", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000000280)) sendmsg$IPVS_CMD_GET_INFO(r1, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) linkat(r0, &(0x7f0000000440)='./file0\x00', r0, &(0x7f0000000480)='./file0\x00', 0x1000) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(r2, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(r1, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) ioctl(r0, 0x2285, &(0x7f0000007000)='S') 2018/03/31 03:07:56 executing program 2: sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r0 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) r1 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) fchdir(0xffffffffffffffff) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) getsockopt$inet6_tcp_buf(r0, 0x6, 0xf, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_pid(r3, &(0x7f0000000100)=ANY=[], 0x1023c) fadvise64(r2, 0x0, 0x0, 0x4) ioctl$TUNGETFEATURES(r2, 0x800454cf, &(0x7f00000002c0)) fallocate(r2, 0x0, 0x0, 0xffff) r4 = inotify_init1(0x0) open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) r5 = inotify_init1(0x80800) dup2(r4, r5) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1eec7e667e9c22c674d6e", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000000280)) sendmsg$IPVS_CMD_GET_INFO(r1, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(r1, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) ioctl(r0, 0x2285, &(0x7f0000007000)='S') 2018/03/31 03:07:56 executing program 4: r0 = syz_open_dev$binder(&(0x7f00000004c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) getgroups(0x0, &(0x7f0000000500)) mmap$binder(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x74, 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="0c6300000e630c40030000000000000000000000056304400000000009631040", @ANYBLOB, @ANYBLOB="000000000000000000634040000000000000000002000000000000000000000001000000000000000000000018000000000000001000000000000000", @ANYPTR=&(0x7f0000000080)=ANY=[@ANYBLOB="0000000000000000486125d83a000000"], @ANYRES64, @ANYBLOB="0000000000090000c406ceac23e79a765165a758470effb91989a05c9e4f64935595d63507e472444a2893fa09b2332bbfdd344254de08b4e3a84a01fc96d50eda109b14a32b332f94f7d367f811d58f62f437b8e8fe9f"], 0xeb, 0x0, &(0x7f00000002c0)="e718c6edde7a3b7c6af63e413cd5ffd2355006b90295e59b944ae30b53c5e0fb06504316e64898a349e3220fa658c2092306f433254289bcf5cf48a952c6e7eb4c54969299c6123213c5518ec0276eec669de3b62c531bcf2ba950c84bb12b57275938926ff74b0a8fe76d6e8de191b41f549e02c8262b5bf0d716c5f23d4dae1e2d8aac7c0b2386ed16e3b0c7fb6e60c5bbd3d1efb87f99573a5ced5b7f13f75995a776f3c7e6ed23b5056ebec90c762d6ebdd8a7de0f61884f12294d1a1a3696ca768758bc197a050a453209d4fe9930a7053742a70a6fe08461645091bc00c6f25addfbc55c3d37fe35"}) r1 = accept4(0xffffffffffffff9c, 0x0, &(0x7f0000000000), 0x800) getpeername$netlink(r1, &(0x7f0000000040), &(0x7f00000000c0)=0xc) accept$packet(r1, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @random}, &(0x7f0000000200)=0x14) getsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x23, &(0x7f00000003c0)={{{@in6=@mcast2, @in=@loopback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@loopback}, 0x0, @in=@dev}}, &(0x7f0000000240)=0xe8) setsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f0000000500)={{{@in6=@remote={0xfe, 0x80, [], 0xbb}, @in=@remote={0xac, 0x14, 0x14, 0xbb}, 0x4e22, 0x8, 0x4e22, 0x8, 0xa, 0x80, 0x80, 0x33, r2, r3}, {0x484d, 0x3, 0x9, 0x6b68, 0x4a8, 0x4, 0x7, 0x2}, {0x0, 0x1, 0x6, 0x4}, 0x3f, 0x6e6bbe, 0x2, 0x1, 0x3, 0x3}, {{@in6=@mcast1={0xff, 0x1, [], 0x1}, 0x4d5, 0x3f}, 0x0, @in=@multicast2=0xe0000002, 0x4, 0x3, 0x3, 0xffffffff, 0xffffffff, 0x80000001, 0x4}}, 0xe8) 2018/03/31 03:07:56 executing program 3: ioctl$FIONREAD(0xffffffffffffffff, 0x541b, &(0x7f0000000440)) sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r0 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) r1 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) fchdir(0xffffffffffffffff) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) socket(0xf, 0x7, 0x8) getsockopt$inet6_tcp_buf(r0, 0x6, 0xf, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_pid(r3, &(0x7f0000000100)=ANY=[], 0x1023c) fadvise64(r2, 0x0, 0x0, 0x4) ioctl$TUNGETFEATURES(r2, 0x800454cf, &(0x7f00000002c0)) fallocate(r2, 0x0, 0x0, 0xffff) r4 = inotify_init1(0x0) open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) getsockopt$inet6_buf(r3, 0x29, 0x2a, &(0x7f0000000580)=""/148, &(0x7f0000000480)=0x94) r5 = inotify_init1(0x80800) dup2(r4, r5) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1eec7e667e9c22c674d6eb942b78258369909dc", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000000280)) sendmsg$IPVS_CMD_GET_INFO(r1, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(r2, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}, 0x10}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(r1, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) ioctl(r0, 0x2285, &(0x7f0000007000)='S') [ 419.792866] FAULT_INJECTION: forcing a failure. [ 419.792866] name failslab, interval 1, probability 0, space 0, times 0 [ 419.804184] CPU: 1 PID: 27060 Comm: syz-executor1 Not tainted 4.16.0-rc7+ #7 [ 419.811371] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 419.820719] Call Trace: [ 419.823318] dump_stack+0x194/0x24d [ 419.826953] ? arch_local_irq_restore+0x53/0x53 [ 419.831627] should_fail+0x8c0/0xa40 [ 419.835340] ? unwind_next_frame.part.6+0x1a6/0xb40 [ 419.840356] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 419.845463] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 419.850652] ? __lock_acquire+0x664/0x3e00 [ 419.854882] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 419.860071] ? find_held_lock+0x35/0x1d0 [ 419.864133] ? __lock_is_held+0xb6/0x140 [ 419.868202] ? check_same_owner+0x320/0x320 [ 419.872524] ? __d_lookup+0x4f4/0x830 [ 419.876324] ? rcu_note_context_switch+0x710/0x710 [ 419.881255] should_failslab+0xec/0x120 [ 419.885225] kmem_cache_alloc+0x47/0x760 [ 419.889286] __d_alloc+0xc1/0xbd0 [ 419.892737] ? shrink_dcache_for_umount+0x290/0x290 [ 419.897759] ? d_alloc_parallel+0x1b40/0x1b40 [ 419.902253] ? lock_release+0xa40/0xa40 [ 419.906230] ? mark_held_locks+0xaf/0x100 [ 419.910373] ? d_lookup+0x133/0x2e0 [ 419.913995] ? d_lookup+0x1d5/0x2e0 [ 419.917620] d_alloc+0x8e/0x340 [ 419.920892] ? __d_alloc+0xbd0/0xbd0 [ 419.924598] ? full_name_hash+0x9b/0xe0 [ 419.928573] __rpc_lookup_create_exclusive+0x183/0x1d0 [ 419.933843] ? rpc_d_lookup_sb+0x1a0/0x1a0 [ 419.938073] rpc_populate.constprop.15+0xa3/0x340 [ 419.942897] rpc_fill_super+0x379/0xae0 [ 419.946851] ? cap_capable+0x1b5/0x230 [ 419.950716] ? rpc_remove_pipe_dir_object+0x6d0/0x6d0 [ 419.955885] ? security_capable+0x8e/0xc0 [ 419.960019] ? rpc_remove_pipe_dir_object+0x6d0/0x6d0 [ 419.965187] ? ns_capable_common+0xcf/0x160 [ 419.969485] ? rpc_remove_pipe_dir_object+0x6d0/0x6d0 [ 419.974649] mount_ns+0xc4/0x190 [ 419.977993] rpc_mount+0x9e/0xd0 [ 419.981340] mount_fs+0x66/0x2d0 [ 419.984686] vfs_kern_mount.part.26+0xc6/0x4a0 [ 419.989244] ? may_umount+0xa0/0xa0 [ 419.992846] ? _raw_read_unlock+0x22/0x30 [ 419.996970] ? __get_fs_type+0x8a/0xc0 [ 420.000838] do_mount+0xea4/0x2bb0 [ 420.004358] ? copy_mount_string+0x40/0x40 [ 420.008571] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 420.013562] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 420.018303] ? retint_kernel+0x10/0x10 [ 420.022167] ? copy_mount_options+0x18b/0x2e0 [ 420.026637] ? copy_mount_options+0x193/0x2e0 [ 420.031149] ? copy_mount_options+0x1f7/0x2e0 [ 420.035619] SyS_mount+0xab/0x120 [ 420.039046] ? copy_mnt_ns+0xb30/0xb30 [ 420.042912] do_syscall_64+0x281/0x940 [ 420.046776] ? vmalloc_sync_all+0x30/0x30 [ 420.050898] ? _raw_spin_unlock_irq+0x27/0x70 [ 420.055369] ? finish_task_switch+0x1c1/0x7e0 [ 420.059840] ? syscall_return_slowpath+0x550/0x550 [ 420.064742] ? syscall_return_slowpath+0x2ac/0x550 [ 420.069647] ? prepare_exit_to_usermode+0x350/0x350 [ 420.074639] ? entry_SYSCALL_64_after_hwframe+0x52/0xb7 [ 420.079980] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 420.084802] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 420.089964] RIP: 0033:0x454e79 2018/03/31 03:07:56 executing program 6: sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r0 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) r1 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) fchdir(0xffffffffffffffff) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) getsockopt$inet6_tcp_buf(r0, 0x6, 0xf, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_pid(r3, &(0x7f0000000100)=ANY=[], 0x1023c) fadvise64(0xffffffffffffffff, 0x0, 0x0, 0x4) ioctl$TUNGETFEATURES(r2, 0x800454cf, &(0x7f00000002c0)) fallocate(r2, 0x0, 0x0, 0xffff) r4 = inotify_init1(0x0) open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) r5 = inotify_init1(0x80800) dup2(r4, r5) fstatfs(r4, &(0x7f0000000040)=""/62) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000000280)) sendmsg$IPVS_CMD_GET_INFO(r1, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(r2, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(r1, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) ioctl(r0, 0x2285, &(0x7f0000007000)='S') [ 420.093128] RSP: 002b:00007fb29f67ac68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 420.100811] RAX: ffffffffffffffda RBX: 00007fb29f67b6d4 RCX: 0000000000454e79 [ 420.108055] RDX: 0000000020000240 RSI: 0000000020026ff8 RDI: 0000000020000280 [ 420.115299] RBP: 000000000072bea0 R08: 0000000020ae2fff R09: 0000000000000000 [ 420.122545] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000014 [ 420.129789] R13: 00000000000003fa R14: 00000000006f8010 R15: 0000000000000030 2018/03/31 03:07:56 executing program 3: ioctl$FIONREAD(0xffffffffffffffff, 0x541b, &(0x7f0000000440)) sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r0 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) r1 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) fchdir(0xffffffffffffffff) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) socket(0xf, 0x7, 0x8) getsockopt$inet6_tcp_buf(r0, 0x6, 0xf, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_pid(r3, &(0x7f0000000100)=ANY=[], 0x1023c) fadvise64(r2, 0x0, 0x0, 0x4) ioctl$TUNGETFEATURES(r2, 0x800454cf, &(0x7f00000002c0)) fallocate(r2, 0x0, 0x0, 0xffff) r4 = inotify_init1(0x0) open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) getsockopt$inet6_buf(r3, 0x29, 0x2a, &(0x7f0000000580)=""/148, &(0x7f0000000480)=0x94) r5 = inotify_init1(0x80800) dup2(r4, r5) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1eec7e667e9c22c674d6eb942b78258369909dc", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000000280)) sendmsg$IPVS_CMD_GET_INFO(r1, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(r2, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}, 0x10}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(r1, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) ioctl(r0, 0x2285, &(0x7f0000007000)='S') [ 420.153194] binder: 27061:27064 BC_REQUEST_DEATH_NOTIFICATION invalid ref 3 2018/03/31 03:07:56 executing program 2: sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r0 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) r1 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) fchdir(0xffffffffffffffff) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) getsockopt$inet6_tcp_buf(r0, 0x6, 0xf, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_pid(r3, &(0x7f0000000100)=ANY=[], 0x1023c) fadvise64(r2, 0x0, 0x0, 0x4) ioctl$TUNGETFEATURES(r2, 0x800454cf, &(0x7f00000002c0)) fallocate(r2, 0x0, 0x0, 0xffff) r4 = inotify_init1(0x0) open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) r5 = inotify_init1(0x80800) dup2(r4, r5) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1eec7e667e9c22c674d6eb942b78258", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000000280)) sendmsg$IPVS_CMD_GET_INFO(r1, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(r1, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) ioctl(r0, 0x2285, &(0x7f0000007000)='S') 2018/03/31 03:07:56 executing program 6: sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r0 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) r1 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) fchdir(0xffffffffffffffff) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) getsockopt$inet6_tcp_buf(r0, 0x6, 0xf, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_pid(r3, &(0x7f0000000100)=ANY=[], 0x1023c) fadvise64(0xffffffffffffffff, 0x0, 0x0, 0x4) ioctl$TUNGETFEATURES(r2, 0x800454cf, &(0x7f00000002c0)) fallocate(r2, 0x0, 0x0, 0xffff) r4 = inotify_init1(0x0) open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) r5 = inotify_init1(0x80800) dup2(r4, r5) fstatfs(r4, &(0x7f0000000040)=""/62) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000000280)) sendmsg$IPVS_CMD_GET_INFO(r1, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(r2, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(r1, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) ioctl(r0, 0x2285, &(0x7f0000007000)='S') [ 420.200623] binder: 27061:27064 Acquire 1 refcount change on invalid ref 0 ret -22 [ 420.208450] binder: 27061:27064 BC_ACQUIRE_DONE u0000000000000000 no match [ 420.215493] binder: 27061:27064 unknown command 0 2018/03/31 03:07:56 executing program 7: sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) r0 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) getsockopt$inet6_tcp_buf(0xffffffffffffffff, 0x6, 0xf, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_pid(r2, &(0x7f0000000100)=ANY=[], 0x1023c) fadvise64(r1, 0x0, 0x0, 0x4) ioctl$TUNGETFEATURES(r1, 0x800454cf, &(0x7f00000002c0)) fallocate(r1, 0x0, 0x0, 0xffff) r3 = inotify_init1(0x80800) open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) r4 = inotify_init1(0x80800) r5 = dup2(r3, r4) fstatfs(r3, &(0x7f0000000040)=""/62) signalfd(r5, &(0x7f0000000440)={0x9}, 0x8) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1eec7e667e9c22c674d6eb942b78258369909dc", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") ioctl$sock_SIOCGPGRP(r2, 0x8904, &(0x7f0000000280)) sendmsg$IPVS_CMD_GET_INFO(r0, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(r0, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) ioctl(0xffffffffffffffff, 0x2285, &(0x7f0000007000)='S') [ 420.256314] net/sunrpc/rpc_pipe.c: rpc_populate failed to populate directory / 2018/03/31 03:07:56 executing program 2: sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r0 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) r1 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) fchdir(0xffffffffffffffff) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) getsockopt$inet6_tcp_buf(r0, 0x6, 0xf, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_pid(r3, &(0x7f0000000100)=ANY=[], 0x1023c) fadvise64(r2, 0x0, 0x0, 0x4) ioctl$TUNGETFEATURES(r2, 0x800454cf, &(0x7f00000002c0)) fallocate(r2, 0x0, 0x0, 0xffff) r4 = inotify_init1(0x0) open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) r5 = inotify_init1(0x80800) dup2(r4, r5) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1eec7e667e9c22c674d6eb942b78258", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000000280)) sendmsg$IPVS_CMD_GET_INFO(r1, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(r1, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) ioctl(r0, 0x2285, &(0x7f0000007000)='S') 2018/03/31 03:07:56 executing program 3: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ppp\x00', 0x0, 0x0) ioctl$FIONREAD(r0, 0x541b, &(0x7f0000000440)) sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r1 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) r2 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) fchdir(0xffffffffffffffff) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) socket(0xf, 0x7, 0x8) getsockopt$inet6_tcp_buf(r1, 0x6, 0xf, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) r4 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_pid(r4, &(0x7f0000000100)=ANY=[], 0x1023c) fadvise64(r3, 0x0, 0x0, 0x4) ioctl$TUNGETFEATURES(r3, 0x800454cf, &(0x7f00000002c0)) fallocate(r3, 0x0, 0x0, 0xffff) r5 = inotify_init1(0x0) open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) getsockopt$inet6_buf(r4, 0x29, 0x2a, &(0x7f0000000580)=""/148, &(0x7f0000000480)=0x94) r6 = inotify_init1(0x80800) dup2(r5, r6) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1eec7e667e9c22c674d6eb942b78258369909dc", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") ioctl$sock_SIOCGPGRP(r4, 0x8904, &(0x7f0000000280)) sendmsg$IPVS_CMD_GET_INFO(r2, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(r3, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}, 0x10}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(r2, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) ioctl(r1, 0x2285, &(0x7f0000007000)='S') [ 420.297890] binder: 27061:27064 ioctl c0306201 200001c0 returned -22 2018/03/31 03:07:56 executing program 5: sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r0 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) r1 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) fchdir(0xffffffffffffffff) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) getsockopt$inet6_tcp_buf(r0, 0x6, 0xf, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_pid(r3, &(0x7f0000000100)=ANY=[], 0x1023c) fadvise64(r2, 0x0, 0x0, 0x4) ioctl$TUNGETFEATURES(r2, 0x800454cf, &(0x7f00000002c0)) fallocate(r2, 0x0, 0x0, 0xffff) r4 = inotify_init1(0x0) r5 = open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) r6 = inotify_init1(0x80800) r7 = dup2(r4, r6) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1eec7e667e9c22c674d6eb942b78258369909dc", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000000280)=0x0) sendmsg$IPVS_CMD_GET_INFO(r3, &(0x7f0000000540)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x3}, 0xc, &(0x7f0000000500)={&(0x7f0000001bc0)=ANY=[@ANYRES16=r6, @ANYRES32, @ANYPTR, @ANYRES64=r6, @ANYPTR=&(0x7f0000000480)=ANY=[@ANYRES64=r4, @ANYBLOB="03a378ffe4c124c67b99646239e12ed18aca96384df659b11aaeb9a05dac6a6414bad9d026ebb8060ba648b9cee1d259570d998b63b38cf50ce7950cb051b9d1ace2c1612445b77c1e0ce195a023361e6c18e51f37ce9db372e6bf440888d3560c1464cd8e82486bbd2ef515"], @ANYPTR=&(0x7f0000001b80)=ANY=[@ANYPTR64=&(0x7f0000000580)=ANY=[@ANYRES32=r8, @ANYBLOB="2c7c188fa7dbaf152b1178589dcbf4b11df2e21ce47bcd7d15c649e58ca5be8832b3b6f5cf065247979fec5de2973da74dd29e7af13ef7de20544913344eecd467e75310989a192b6ee5b434d7dd80fa8453acc6925f1d9765cdc791538363412c3cd4e6b048a19a8cc28d40c0a5cef1697ca6d1121496c72da877668f104753afa1e510bd2e4dccf836f71c629372312c6de3c92f1a34a2c863dc35ee82f369e7d198580038b852a689d286261fa86c4c16e9117f80d9d548ea287a5bdd0133", @ANYPTR64, @ANYBLOB="7bf183a8cb95537094cc9fa0bd7a7eb0d25b27fd3479f0e4578c97530ceb6e8b900de1c78d8f906a232be0b474b8bb5bef80164ad229a11bd043e5a56a3146963448eed5775ec420e9b06a7e7f110b2eaf756d184adf230cce3cf8adf1b7d313630c9101d287bf9fecf852b82d0a1ff4e17a770ab8a2b07da2c7eadf69d83fadc8c953d2651e597be73c3ef1a80b7ec6cccba18ccc3425c890ba09219b23875392439dc0808cfd20855a457fe828cd0ad80d7406501aacfa4905543a346d8d25582cd197d0daf904ae9c90421cec0e3084948e8389c32bcd88a5dd3f2321d2e8d5fc3cae1f7edd64fbe4eda4a880cc227097e9e68d", @ANYBLOB="11ea04045e60f6110d8871b64560939da600a3fba88b5d9fc8b9883dce96d1313a1fb217e072f51c1dd5ffa0fc193b15aa", @ANYBLOB="b646cd9c5d1bd87800da85ea1b3dd99a54d26525bf033bf01af8145a21dce92d5f391319ef8b568761da115116f698ff8a3063c5ff5b582f796e24da88ed48d94392db0a31d02576210a565d535edf12fd3693f34aee8edcd74625f8e960f5dff447cfe14963519762b3f1f7e0a869bb0a38b35975e2f7b30424d1f1bc42d8fc03b80803200f58640a6519a2df0d8df935def8d45d20a514f3adfd4337f15327d8ae5fcc1d364d26e0e30f47f0820377962d85a849b0037437be9b084d822930ebeab331066d610975b1d260c83d1029788f3114c40a24ac74ce7c9900035481ab30720ba8d5b6192dabefa4e4f9af45e0b9488bec95b1bf35eaf8"], @ANYRES64, @ANYPTR=&(0x7f0000000880)=ANY=[@ANYRES16, @ANYRES16=r4], @ANYPTR64=&(0x7f00000008c0)=ANY=[@ANYPTR, @ANYBLOB="baf7940e460554afc2614a8701a4928889ef8365", @ANYPTR, @ANYBLOB="26189554f25b557781b4982e8e0b7334221cb54aa61db597557a09e1352027588ca96a527b66204054c5b11e6b171397b206b2747988341253cbb8928274613861057962f53cce065f113bdd", @ANYPTR, @ANYPTR64, @ANYRES32, @ANYRES64=r2], @ANYPTR64=&(0x7f0000000980)=ANY=[@ANYBLOB="62cee3fa41922730a02db4f0cab3d7cc6c0fb2112bebca04059b31c6bb0355d2d94ed52a5db6a32ba00a21d0bdff185b28957009b344395ff7842f73ac8215f35174eb3ccfa85c862cc357a3c554723d4574a42de29673d157bb0ebcf95245990922381174c7", @ANYRES32=r5, @ANYRES32=r4, @ANYBLOB="37796c86f327b09d40743ccc32eee9cd207b183a8361b7810a81aa7040cd91760c8c6ebee15a9604a2f5b862786031b79d3e964f1d3eb8128f978de84f7a765f6e704b9186ab32faf2ff501f0c1138f74893b102b8eee685c6cfcd77c86f25fe0b20c755a6e47ffd4e8c1cf69a924d7b87ef8b978d8b9c90b661ce672530dd5285af51535a1ad383d225fc65982454cd8f80bf9aa20778ead1404ab21830db66be271273afb602b88d768e335c8ee1fd3c35293235412758637a44c3f196491dc8ddb102a4dc9b1400ff", @ANYRES16=r4, @ANYRES64=r7, @ANYRES32=r4, @ANYPTR, @ANYBLOB="7ee4366e69336b9e40f3794e436e9c53a77e5c755e55cd083848af15b0644807f2d74a1af62ac74c0422c46400b6f27b16374f047301849f4d69036fa11f44ecd3f9b897327d24ef4ff91e6a050333b1965af4fe98e36d96e36fb4ba5e41b21e30f1a975f5c2c1ea0a1d99d8b815e4183918c2851f352489793d755016f4a24530d9559d248dfa53e7edb15389f013efc821697f76beaa834386aea387110884b005e198a22b4951d61e8f302f193f5152cc7716dce7d2d569e8ae0d2fd849a6b1fec7b36040c3a2dc4fedad959f6996c5bbf965fc8d17b3bbde023269d8cdca53e57bfaf810d3e82fe4aabaaf8c75cd0f7b8418bd7e003fb77b06d2d7e3065f1201e1d223ddc5aefe933a10d98ac7d6b8944b983d4c2dad3168231a7bf85f66077e4ac9851066f8f3024db4b0e22b030a47aa2468cb542403a74d646e2287af7b2e93779ae40a38e387c8faf4d093f06fe8ec090c1ebaf398ac7f4b2d5da7f80609983a733c11502c57410b756cfdac71768bb3972ed336b12be65f770d536d07716e8dbd98a2aa7da0ed13908a316e781fc223bea0a534d648a5325e0a9b843095b3e08b032c68649d1cb3457dca6afc10379935e0c1986e15d7a1c0c6a728a1cc43d6854c32635b151aa9ff2f2969b3c336bffcf3f2c65acb367274656de05e34e1f7711c556c5aa05dff80f6f4c465e533f681e89b6b76ba813b71115addf33f59d69e6ccf549ad24f89a4fde06cf83755ae61a39d5f51050b24e119d57aefe870b157655fa15de86bdca7f18693c3955f4705bb3a992e3529a5172a26eef5a090c7ec467d57c9e04362656e234db34a27390380ed779e19b8089ae2bc12d4a557553d78bdfbe711fac3bacab14e77637ff69040444a98db6cf270be73ef83bb9081dd5e7bd758768fe716698969a55776e28e4237ef1480108e33d576056730b7f5a1e28ff52ef5b2ab3591bc31de24944bc4f99910d818587af4f89bfa5ca5862d5bf7cbccb608ed90b7a4dfe0406352620ba9d6aba1d165319ea275594209605b4cf647d9b30b1fc06387543502c8b457b51b9f98f20943e511897aa4ca477dd521ca39728a05ebb154b062ada96a5636bd7041393d49df7e62eea4916bbfeab6ef25467aaf3eb3a1c44aaf9a35e84e6c3f6e181b7f601ad5b475bcd9783e905757d8a3697ed9efd9318df8356a79b84e45ed8634d3cfb21b466bcd364e951c4b17c82eeb0ad829919362b874a71f3e95a26b25ee630a2c76bb1930b8ccc12c0407f739384ce5901dd59bc17d372de0f94c32837f7fa6dafe099d19049739ce10c7997a1b76dd7a045fc7c5e5ed543ac3135bd528a2ad40e008dd8ac23a765f0788d64ac6671924cee7f1a50d71e7591d5b2f2d7df79d67649d0a12e752aff10ffbad54534c8ee5f6bbd010ed79042c1ffbf22a1d22593e7dcafe0b84cbb5a8405ae28304360fbc8962dbf476b501e0b3b6e363a88761a6ab78fcd9037aed40db83f0d39d4f58f2dfad8b575855a17fe6aae1eba145e5b12707312b0dcf16e0bf8894da73bcdd5f9bcba93921bfab351140f3441924001461ea8c6beb75c35056ba154120072259571826d8c66da4437eefb42880f116fd0baa68dca75c17d195fa010d83d6cfe7d36841acf44d2b0831c04190686d768aa848fb8ab71dc8f4cc40ca8a4c60c2093f6c2deacd4ebf72d291b41118352ee615e61bd99a8b45aa773bd056bc399d70fbaab92b0125b96def47cd20e2a2d40c958d5ae128c90169377cd70686f387847ece2774b83ec9928051339d68d45c1d18cc32d5781e30facd018be75812d504730f8730eaa960016d3af4f25c1c8f8ab082fed6501c3b2f3caa82af1ab074f15e5057dc1a67cc504c85599b756eb489918123e59962b5fdcbddf1bb9fad65a514af5b672ed6836e96da282dcd7cffc27124454e04693d8157dc7a66ce1f10b169114d391455ccfa0ec7fc4f7e6ae7a1bb45bdb84385585a33a3352fd8bea5b8c1565a021190ab831003131c8de3f1a49b48241a2432de83600a63ab0e415d4fbb364131f430d6163ab9c6ff5d1c12dd4fab3a6338636b0b899ac0a01cf15ebf79779f9081bac9db4ce361bfbac766142b14db71f7c352be75e681056cc732f1e1304ed71856a9fbb669ff57852dcd868e1be72b0cf20cda5919cb4f14464f607ce09118c3cd58f40d29d7b38a0653b50c50994a6b610867894384ba5976415e71a2270b473876598a6bd8ffa7b718d88f69633e2ec958db4bfad9ade70353ab456192105e9e8ed4f9bd080edef9ebe27013bae033e37fc4c8785e2c64dd3889254c19bc040649f0373b4022ed2fc6bb2965eb51b30296a77dfe9b9a9ed75dc64f479c150de5043f04158fd675bd70ccbff38268d228716a0ca5de86d86a438d6f458246dad068efc4544e7dd00e56be3a47a12ca7b8812dd050fbe70680756af6758300d1dca7eafa3ec2409132ef6a6ae25446ed988c5ed54df0e49589ae397c6dc1cfbf23cb837eb677e973e352da3addbb06f5e04b763b80f44cb748360df3bb06b57acb64de6b0e2be484432c644798ba2ca40877d02fde7f93ed27774e60c67c9b7025cef8af5663665d2d82d6ebcb8450d449a1add562725ef22f3c96a7b6dd1c7cf85cd82d7e98428144216c7778370b2e8f985cd684a56021b3fd5ff1f843a48a93e4ecfebd6aba49f367e90c23236ad84035859bbaea5bd26221240c814105b98052e32cd79910085260ee48722c3677c3e2d01cf5d12f83da63847b1b5ab03e5596074535d2ac03d82db4b1b59487af1751bfcc3eba1c9de0c0bfd08881b68273b28ff4cd9f7a51ed2131b0b32ec7862a37da8e2f6e9aff36ebb0c0c4e565d7981c9c62e96a7dc7872d4a81a088e6029da72c8de262852bd1330d117b0faf36ccf7862f027f5168ca2585b92d1f3f18e6d6ee792bae47d5e303a6dce6283be76de3c3b3909d3a5b533ca3633b37745ec2e343de305cd02e8f1f64073aa39da67e445717d5b9f78bc0b5cbb28fe2e90e89d2b6f2f8cdac88d0a59e4d0990fad88683a686ad382f6775690aaf8b42ae0593fa6d2f8278c4318a52d98c342f6aa24e99c0f073b99213eb3bb18d6fbf70cf115c9edd058581145cfea550da828bd40698db8e2404af286ebcd49736fc8e93bd195f80a36136893c625201ca71988df80889fa0d60a84c639ce924bbd935b8191a2f8d90673d51aeb471784dc93cac8b6a3bef1d06e3586f03aaa4432cb78e48022942417043e80a149d9004e762b66a8d6b81dc60329481906e55b2a8b668b7fac8d62bea86d2dd341bfb3d2ef11cbfd0d12d3c6c407ac44d6d88302d15d373ccb911a47533c30a8db810240bf7982a4562fa561ad0b3806a5a41c240997df2f47fd80b21703fc2cea886b8445db573683dc41ddc52efb435ec37073534034f56b38406412657dfc4c9d02c27b2d3d48baac492e9d5f1b3613da5108403b344fc6e2262d1abc24f81e2676b8b3c682bea891c764806c535c9751e87e6b11b6c636e603385256226cdaecddbdb862178a9181ceb5eab2af1266f7624344ad8c27ea343e568330a6e88a86b66c192b50afc470727a07090b29dfce3a58341ff8f5c8730c04d8abdbcf47fc6fff36b0d2450475e14ed731c16bfc653248b967a072a5aa93cf9fd13554160f6d7682b291a46ef9576a53b73f30ee4cf2a04b51c539a5e019bd76b7765750e326d9605aef0102fa37c223cbaf1540f59990b0d953f57d3455ddc46a1e78e7bd65172776574782381575d893a654887d6a6f75d448c61e1697365b235f25a12d35f431da2e7120a4322409c7a9383270508a08675b7186adb206217651118697748ad2b81f79c1343dc5a5d6c771a33714a5499c63ae1dd82ea22d0d76bd4167fae82be389e13e91c9963ed9bcc307d390f8ae11a1ce6d89a94af8f367ccab2a3a58ed79971836f16fc787b1e451f16182ad790a412a8da4d8ca8b4cd8f57eed766315847986aeaab347076f97a918bb6c38d87282784d1ebc04b76b07f69c191c5bd188f829125670ae44660b03f661ccf0c2044444ad47ffdb3f7ea276487329866b141868e897c077e30da7a101a525e24254eb019527013bf0a47cf8fe41340fbc17822abd8b0a59070c73155e42e7f07db2f603d4e4f6cdd2f676f8044c40598131c145d8f1ed5b3df778360e342017516906fa023aeb85604a6074c934c110038b0bb1a13c0f5f01698cf6b5a2cb7e22b1d7577741e654c9a203a20a1ecb5a80a0d2f78a6fb5f3d12840d570b1eb5e3850e8f5198ef5dbfbbcd5f9601aa60c25eb5a5c6aa6b836aa14397ba6fc328a9421c95e0a5d2e8a83acba0288781a46740bb8f9bc55095936eea96047575bd174cc5ab07cb1d315ad29cc7285e67914aafffd13fa0bc4a6b7668d6eedfe5c50f95db0d26d40bd03defb5e859aaccde62c22b418c51fb1f6d44a98824482cb5d965409d0dbe4aca923ceccefad71945ca32499ef878665d87dc200795e2099fd676c9a37d5514a9a3a3c608924bbb96aa31f5764fd2c4f4a751237654506ec9bab466b6735e2af5412a44ed919250d9072307a09e44a0d0f510f6fb16a52d571f9578088f5f709c3b92fd264b41ab9e2f48a09599f9cc7cef87ff68c2f648e413ec966f11e21a60127205df1f2b6b61d2866c209995ba30fa394f50869b0a4ae63715ce10a1cbce9bcfb25c0031b870542b3ab8a924822c4615b2e6d499d1d63e2e7b9d6c1eb073656ad9bead8424f87c4fead8952364811ff59fcd45616ef27264cbe5aad9356cd9a2f233889284749da9075f7d3dd1834c5c35d4ff71d5a46e07d4d41cd9dda4d43bd30176fbae5d0d21fdab87b9f3ba408bb67e5ab09aa7cdf259cd6fe338b2d4375b89c826a7c6b866f95ac8e55ff9f00453056eaf1bc7b7ef753f4acecf78ec927987fd86e8d47bfc3af540f066a9251ca55508e3f175fe55d420f30e575fdb3ddf85e02ae5281997b824e03f05000d03c3520a79c0b27a5ea8dde4e865aaab56f680ac87fce0f72f00f3fe2fb7cd3f89f565c2622de07862f50d44484e1034a1419be4d3ad0a8397f330e1d197bce4339e1eb62ce99a9c71a0b12dc889cec7664fd288c04f7ae04b5df444687ded85ea7831c9cc39087d8ade3c708580243cec5435cfefc23050280a9190165d9f0d1d39aca34bbb2eb6b93fe8054f2579be17fc5d5c80163ce52a96709a6c6f7013bed2d877ecb9c5a9d2cc0577a5ea4d8ddd53dfdcc242e456cdc4986e2c2ea4283c0d4a69adecb75b94741f2ed4b59de8a5edadaf3b8d7d89e331019146ee3dbc951b9ed02a3bc23abc9948b48bbaf8e612eba02c2129bba748f4cd985a6bdf3cfc447568e9c9bc9ee23b3679f5e9a9a4d40c569ec5106be36fd4f7b0a8dd0dfbcecc4ad01a50b7955ee674522924f9f8847787f8133b34047f039351e41844212a9c5740112acca0fc9f828f516ed34ee259ea6061cb18e33d073aaaf9447956c7cf11c9d0a5626677ba6ed65ec98f608bca975d342d0b8feaab78d22ab57b5d8b3cdbd1da3aa86866f61a325be4f86ec0793ade5bbc0f59f172e80c877c6c8e71fed0f72e56546b60c7038e4be0d4dbed7d7f5c9ce4361594ab6128db260a432cab98404ab4b44821b26f71a49807461b6f96dcee22896163f3f15cff5801f91d7aec1e84e0fc845eb84ddb6feac278909691997e8749e338682001a745fa849d904651c6c9f6ae011663b1d10c401698860c9b10af8122973d041bd9eed9adf8d97b06b98cc85b59af", @ANYBLOB="20c9a07556cad0b9efccb3cf532764b8d34a159ed97f6be9883a89d9a0f6a1a944f48101b07c8125394463592080c195527cd612356464211445768b1beb2310a3efcf4c487b98c6b19d92676ab99d8e2c081955f08df98a15a66e85f7f0c0213be91c9f2620ae7ee4be405b96d7ecc917c92b0ddf3067c7f65981faa29fb196"]]], 0x6}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(r2, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(r1, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) ioctl(r0, 0x2285, &(0x7f0000007000)='S') [ 420.346763] binder: 27061:27064 BC_REQUEST_DEATH_NOTIFICATION invalid ref 3 [ 420.371549] binder: 27061:27064 Acquire 1 refcount change on invalid ref 0 ret -22 [ 420.379360] binder: 27061:27064 BC_ACQUIRE_DONE u0000000000000000 no match [ 420.386429] binder: 27061:27064 unknown command 0 [ 420.409449] binder: 27061:27064 ioctl c0306201 200001c0 returned -22 2018/03/31 03:07:57 executing program 7: sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r0 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) r1 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) fchdir(0xffffffffffffffff) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) getsockopt$inet6_tcp_buf(r0, 0x6, 0xf, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_pid(r3, &(0x7f0000000100)=ANY=[], 0x1023c) fadvise64(r2, 0x0, 0x0, 0x4) ioctl$TUNGETFEATURES(r2, 0x800454cf, &(0x7f00000002c0)) fallocate(r2, 0x0, 0x0, 0xffff) r4 = inotify_init1(0x0) open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) r5 = inotify_init1(0x80800) dup2(r4, r5) fstatfs(r4, &(0x7f0000000040)=""/62) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1eec7e667e9c22c674d6eb942b78258369909dc", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000000280)) sendmsg$IPVS_CMD_GET_INFO(r1, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000480)={0x400000000002, 0x3, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(r1, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) ioctl(r0, 0x2285, &(0x7f0000007000)='S') 2018/03/31 03:07:57 executing program 6: sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r0 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) r1 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) fchdir(0xffffffffffffffff) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) getsockopt$inet6_tcp_buf(r0, 0x6, 0xf, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_pid(r3, &(0x7f0000000100)=ANY=[], 0x1023c) fadvise64(0xffffffffffffffff, 0x0, 0x0, 0x4) ioctl$TUNGETFEATURES(r2, 0x800454cf, &(0x7f00000002c0)) fallocate(r2, 0x0, 0x0, 0xffff) r4 = inotify_init1(0x0) open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) r5 = inotify_init1(0x80800) dup2(r4, r5) fstatfs(r4, &(0x7f0000000040)=""/62) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000000280)) sendmsg$IPVS_CMD_GET_INFO(r1, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(r2, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(r1, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) ioctl(r0, 0x2285, &(0x7f0000007000)='S') 2018/03/31 03:07:57 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x20000, 0x0) r2 = syz_open_dev$sndtimer(&(0x7f00000000c0)='/dev/snd/timer\x00', 0x0, 0x0) read(r2, &(0x7f0000ec6000)=""/50, 0x32) r3 = socket$bt_cmtp(0x1f, 0x3, 0x5) ioctl$sock_bt_cmtp_CMTPGETCONNINFO(r3, 0x800443d3, &(0x7f0000000080)={{0x6, 0x6, 0xffffffffffffff0b, 0xb73, 0x3ff, 0xfff}, 0xf32, 0x80000001, 0x7}) r4 = syz_open_dev$amidi(&(0x7f00000001c0)='/dev/amidi#\x00', 0x0, 0x0) accept4$vsock_stream(r4, &(0x7f0000000340)={0x28, 0x0, 0xffffffff, @my=0x0}, 0x10, 0x80000) creat(&(0x7f0000000440)='./file0\x00', 0x10) getsockopt$inet_sctp_SCTP_RECVNXTINFO(r1, 0x84, 0x21, &(0x7f00000004c0), &(0x7f0000000500)=0x4) ioctl$SNDRV_TIMER_IOCTL_SELECT(r2, 0x40345410, &(0x7f0000000400)={{0x80100000001}}) ioctl$SNDRV_TIMER_IOCTL_PARAMS(r2, 0x40505412, &(0x7f000001cfb0)={0x0, 0x0, 0x400000, 0x0, 0xf}) read(r2, &(0x7f0000000200)=""/228, 0xe4) r5 = openat$cuse(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/cuse\x00', 0x400000, 0x0) getsockopt$netrom_NETROM_T1(r5, 0x103, 0x1, &(0x7f0000000600), &(0x7f0000000640)=0x4) ioctl$SNDRV_TIMER_IOCTL_START(r5, 0x54a0) socket$nl_xfrm(0x10, 0x3, 0x6) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000680)='/dev/vga_arbiter\x00', 0x8000, 0x0) ioctl$KVM_SET_NR_MMU_PAGES(r5, 0xae44, 0x40) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f0000000480)) r6 = dup2(0xffffffffffffffff, r0) bind$bt_l2cap(r6, &(0x7f0000000040)={0x1f, 0x5b91, {0xd, 0x0, 0x0, 0x8006, 0x5, 0x6}, 0x0, 0x5}, 0xe) preadv(r6, &(0x7f00000007c0)=[{&(0x7f0000000140)=""/100, 0x64}, {&(0x7f0000000240)=""/66, 0x42}, {&(0x7f00000002c0)=""/115, 0x73}, {&(0x7f0000000380)=""/71, 0x47}], 0x4, 0x16) 2018/03/31 03:07:57 executing program 1 (fault-call:10 fault-nth:49): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x2800000, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="8da4363a00000000000000000000000000000000000000000000000000000000ecf6f2a3299748aeb81e1b00920efd9a000001000000000001000000000000005f42485266535f4d050000000000000000104000000000000000020000000000000000000000000000000000000000000000800200000000007000000000000006000000000000000100000000000000001000000010000000100000001000006100000004000000000000000000000000000000000000000000000045010000000000000000000000010000000000000000008002000000000000800000000000001000000010000000100000000000000000000000000000000000000000000000000000000000000000c08de47c70514c95b95e109e96a0b90decf6f2a3299748aeb81e1b00920efd9a00", 0x12c, 0x10000}], 0x0, &(0x7f0000014300)) mkdir(&(0x7f0000000040)='./file0\x00', 0x1c1) syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000180)="2f2f66696c653002", 0x80, 0x1, &(0x7f0000000900)=[{&(0x7f0000000400)="726b0bf4cf9ea0007fa7cf2e5c463c327b275b956e7a407a7776f3f680f45f33407d01287d4ef58cd8d319309c29643917d4bc86f568f8852b2e6c7cee837e0715e7aa7f82e970e6d76f2290b63efeed63f0785b36f4e95bdf2f07271dbd7d278d79d59de5", 0x65, 0x4}], 0x240000, &(0x7f0000000a00)={'nouuid,'}) r0 = open(&(0x7f00000002c0)='./file0\x00', 0x0, 0x0) symlinkat(&(0x7f0000000240)='./file0/file0/file0\x00', r0, &(0x7f0000000140)='./file0\x00') ioctl$UFFDIO_UNREGISTER(r0, 0x8010aa01, &(0x7f00000003c0)={&(0x7f0000ffc000/0x1000)=nil, 0x1000}) syz_open_pts(r0, 0x646041) unlinkat(r0, &(0x7f0000000080)='./file0/file0/file0\x00', 0x0) renameat(r0, &(0x7f0000000040)="2f2f66696c653002", 0xffffffffffffffff, &(0x7f0000000100)='./file1\x00') mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f0000000280)='./file0/file0\x00', &(0x7f0000026ff8)='./file0\x00', &(0x7f0000000240)='rpc_pipefs\x00', 0x0, &(0x7f0000ae2fff)) umount2(&(0x7f0000000000)='./file0\x00', 0x0) fcntl$notify(r0, 0x402, 0x1b) symlinkat(&(0x7f0000000800)='./file0\x00', 0xffffffffffffffff, &(0x7f0000000780)='./file0/file0\x00') mkdir(&(0x7f0000000380)='./file0\x00', 0x2) renameat(r0, &(0x7f0000000300)="2f2f66696c653002", 0xffffffffffffffff, &(0x7f0000000340)='./file1\x00') 2018/03/31 03:07:57 executing program 2: sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r0 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) r1 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) fchdir(0xffffffffffffffff) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) getsockopt$inet6_tcp_buf(r0, 0x6, 0xf, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_pid(r3, &(0x7f0000000100)=ANY=[], 0x1023c) fadvise64(r2, 0x0, 0x0, 0x4) ioctl$TUNGETFEATURES(r2, 0x800454cf, &(0x7f00000002c0)) fallocate(r2, 0x0, 0x0, 0xffff) r4 = inotify_init1(0x0) open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) r5 = inotify_init1(0x80800) dup2(r4, r5) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1eec7e667e9c22c674d6eb942b78258", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000000280)) sendmsg$IPVS_CMD_GET_INFO(r1, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(r1, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) ioctl(r0, 0x2285, &(0x7f0000007000)='S') 2018/03/31 03:07:57 executing program 4: r0 = syz_open_dev$binder(&(0x7f00000004c0)='/dev/binder#\x00', 0x0, 0x801) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ppp\x00', 0x4000, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(r1, 0x84, 0x6e, &(0x7f0000000200)=[@in={0x2, 0x4e24, @loopback=0x7f000001}, @in={0x2, 0x4e22, @multicast1=0xe0000001}, @in6={0xa, 0x4e23, 0x6, @dev={0xfe, 0x80, [], 0xf}, 0x6}, @in6={0xa, 0x4e23, 0x4, @empty, 0x4}, @in={0x2, 0x4e21, @loopback=0x7f000001}, @in={0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x13}}], 0x78) getgroups(0x0, &(0x7f0000000500)) rt_sigreturn() mmap$binder(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x74, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0c6300000e630c40030000000000000000000000056304400000000009631040", @ANYBLOB, @ANYBLOB="000000000000000000638069ad3600000000000000000000000100000000000000000000001800000000000000ff030000", @ANYPTR=&(0x7f0000000080)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00H\x00\x00\x00\x00\x00\x00\x00'], @ANYRES64, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0xeb, 0x0, &(0x7f00000002c0)="e718c6edde7a3b7c6af63e413cd5ffd2355006b90295e59b944ae30b53c5e0fb06504316e64898a349e3220fa658c2092306f433254289bcf5cf48a952c6e7eb4c54969299c6123213c5518ec0276eec669de3b62c531bcf2ba950c84bb12b57275938926ff74b0a8fe76d6e8de191b41f549e02c8262b5bf0d716c5f23d4dae1e2d8aac7c0b2386ed16e3b0c7fb6e60c5bbd3d1efb87f99573a5ced5b7f13f75995a776f3c7e6ed23b5056ebec90c762d6ebdd8a7de0f61884f12294d1a1a3696ca768758bc197a050a453209d4fe9930a7053742a70a6fe08461645091bc00c6f25addfbc55c3d37fe35"}) 2018/03/31 03:07:57 executing program 3: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ppp\x00', 0x0, 0x0) ioctl$FIONREAD(r0, 0x541b, &(0x7f0000000440)) sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r1 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) r2 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) fchdir(0xffffffffffffffff) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) socket(0xf, 0x7, 0x8) getsockopt$inet6_tcp_buf(r1, 0x6, 0xf, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) r4 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_pid(r4, &(0x7f0000000100)=ANY=[], 0x1023c) fadvise64(r3, 0x0, 0x0, 0x4) ioctl$TUNGETFEATURES(r3, 0x800454cf, &(0x7f00000002c0)) fallocate(r3, 0x0, 0x0, 0xffff) r5 = inotify_init1(0x0) open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) getsockopt$inet6_buf(r4, 0x29, 0x2a, &(0x7f0000000580)=""/148, &(0x7f0000000480)=0x94) r6 = inotify_init1(0x80800) dup2(r5, r6) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1eec7e667e9c22c674d6eb942b78258369909dc", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") ioctl$sock_SIOCGPGRP(r4, 0x8904, &(0x7f0000000280)) sendmsg$IPVS_CMD_GET_INFO(r2, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(r3, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}, 0x10}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(r2, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) ioctl(r1, 0x2285, &(0x7f0000007000)='S') 2018/03/31 03:07:57 executing program 5: sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r0 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) r1 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) fchdir(0xffffffffffffffff) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) getsockopt$inet6_tcp_buf(r0, 0x6, 0xf, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_pid(r3, &(0x7f0000000100)=ANY=[], 0x1023c) fadvise64(r2, 0x0, 0x0, 0x4) ioctl$TUNGETFEATURES(r2, 0x800454cf, &(0x7f00000002c0)) fallocate(r2, 0x0, 0x0, 0xffff) r4 = inotify_init1(0x0) open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) r5 = inotify_init1(0x80800) dup2(r4, r5) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1eec7e667e9c22c674d6eb942b78258369909dc", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000000280)) sendmsg$IPVS_CMD_GET_INFO(r1, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(r2, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) readlink(&(0x7f0000000040)='./file0\x00', &(0x7f0000000440)=""/70, 0x46) ioctl$SIOCSIFMTU(r1, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) ioctl(r0, 0x2285, &(0x7f0000007000)='S') [ 420.923336] FAULT_INJECTION: forcing a failure. [ 420.923336] name failslab, interval 1, probability 0, space 0, times 0 [ 420.934657] CPU: 0 PID: 27121 Comm: syz-executor1 Not tainted 4.16.0-rc7+ #7 [ 420.941849] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 420.951201] Call Trace: [ 420.953780] dump_stack+0x194/0x24d [ 420.957385] ? arch_local_irq_restore+0x53/0x53 [ 420.962038] should_fail+0x8c0/0xa40 [ 420.965730] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 420.970808] ? __lock_is_held+0xb6/0x140 [ 420.974848] ? mark_held_locks+0xaf/0x100 [ 420.978971] ? __raw_spin_lock_init+0x1c/0x100 [ 420.983529] ? find_held_lock+0x35/0x1d0 [ 420.987567] ? __lock_is_held+0xb6/0x140 [ 420.991607] ? check_same_owner+0x320/0x320 [ 420.995902] ? d_alloc+0x269/0x340 [ 420.999511] ? rcu_note_context_switch+0x710/0x710 [ 421.004413] ? lock_release+0xa40/0xa40 [ 421.008371] should_failslab+0xec/0x120 [ 421.012320] kmem_cache_alloc+0x47/0x760 [ 421.016359] ? d_drop+0x51/0x60 [ 421.019613] ? rpc_i_callback+0x30/0x30 [ 421.023561] rpc_alloc_inode+0x1a/0x20 [ 421.027425] alloc_inode+0x65/0x180 [ 421.031031] new_inode_pseudo+0x69/0x190 [ 421.035066] ? prune_icache_sb+0x1a0/0x1a0 [ 421.039275] ? do_raw_spin_trylock+0x190/0x190 [ 421.043833] ? d_add+0xa70/0xa70 [ 421.047179] new_inode+0x1c/0x40 [ 421.050523] rpc_get_inode+0x20/0x1e0 [ 421.054306] __rpc_create_common+0x5d/0x1d0 [ 421.058604] rpc_populate.constprop.15+0x1ad/0x340 [ 421.063513] rpc_fill_super+0x379/0xae0 [ 421.067464] ? cap_capable+0x1b5/0x230 [ 421.071326] ? rpc_remove_pipe_dir_object+0x6d0/0x6d0 [ 421.076492] ? security_capable+0x8e/0xc0 [ 421.080616] ? rpc_remove_pipe_dir_object+0x6d0/0x6d0 [ 421.085780] ? ns_capable_common+0xcf/0x160 [ 421.090084] ? rpc_remove_pipe_dir_object+0x6d0/0x6d0 [ 421.095246] mount_ns+0xc4/0x190 [ 421.098586] rpc_mount+0x9e/0xd0 [ 421.101930] mount_fs+0x66/0x2d0 [ 421.105275] vfs_kern_mount.part.26+0xc6/0x4a0 [ 421.109833] ? may_umount+0xa0/0xa0 [ 421.113433] ? _raw_read_unlock+0x22/0x30 [ 421.117557] ? __get_fs_type+0x8a/0xc0 [ 421.121425] do_mount+0xea4/0x2bb0 [ 421.124943] ? copy_mount_string+0x40/0x40 [ 421.129155] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 421.134147] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 421.138881] ? retint_kernel+0x10/0x10 [ 421.142748] ? audit_kill_trees+0x430/0x430 [ 421.147046] ? copy_mount_options+0x1f7/0x2e0 [ 421.151515] SyS_mount+0xab/0x120 [ 421.154944] ? copy_mnt_ns+0xb30/0xb30 [ 421.158807] do_syscall_64+0x281/0x940 [ 421.162670] ? vmalloc_sync_all+0x30/0x30 [ 421.166790] ? _raw_spin_unlock_irq+0x27/0x70 [ 421.171261] ? finish_task_switch+0x1c1/0x7e0 [ 421.175730] ? syscall_return_slowpath+0x550/0x550 [ 421.180633] ? syscall_return_slowpath+0x2ac/0x550 [ 421.185536] ? prepare_exit_to_usermode+0x350/0x350 [ 421.190527] ? entry_SYSCALL_64_after_hwframe+0x52/0xb7 [ 421.195864] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 421.200683] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 421.205849] RIP: 0033:0x454e79 [ 421.209016] RSP: 002b:00007fb29f67ac68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 421.216701] RAX: ffffffffffffffda RBX: 00007fb29f67b6d4 RCX: 0000000000454e79 2018/03/31 03:07:57 executing program 4: r0 = syz_open_dev$binder(&(0x7f00000004c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) getgroups(0x0, &(0x7f0000000500)) mmap$binder(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) r1 = accept4(0xffffffffffffff9c, 0x0, &(0x7f0000000000), 0x80000) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(0xffffffffffffff9c, 0x84, 0x10, &(0x7f0000000180)=@sack_info={0x0, 0x6, 0x9}, &(0x7f0000000200)=0xc) setsockopt$inet_sctp6_SCTP_RESET_STREAMS(r1, 0x84, 0x77, &(0x7f0000000040)=ANY=[@ANYRES32=r2, @ANYBLOB="7f0003000100620007004e8d7b865a614a4df702b2a3000000000000000000"], 0xe) getsockname$packet(r1, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @dev}, &(0x7f0000000240)=0x14) sendto(r1, &(0x7f00000003c0)="41496bff0a30e081a093025b10b19646bfce29efbbea0eae3cb820e56f26de633caa8a4d4f58b40ad49a0c1c662e5f9592c2210a4fac8e240c168b3e01d8cdd52e1bcdc4d716b08df575d4b871fa12345c20f1edfcfcf2aeb3a6e25eaf333b21233d0397d853b32e70e6a04c25f7e23dfe01110659e40fcd60feb5980fad4481230e43ec97b7ef2eda9994b3647d53ddd6b271c044173fd817ba861a68d63b8f0d22e195f2cf751128b009241b", 0xad, 0x24000000, &(0x7f0000000500)=@nfc_llcp={0x27, 0x0, 0x2, 0x7, 0x3, 0x3, "0ce4bf5c35e7ac89fa2813481ec93668675afafdbbf33ce78f83a6c365be46532babb16209a858bf3cae98d31c37ba257b0cb01318ee14e85574ecaf011f52", 0x23}, 0x80) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x74, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0c6300000e630c40030000000000000000000000056304400000000009631040", @ANYBLOB, @ANYBLOB="000000000000000000634040000000000000000002000000000000000000000001000000000000000000000018000000000000001000000000000000", @ANYPTR=&(0x7f0000000080)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00H\x00\x00\x00\x00\x00\x00\x00'], @ANYRES64, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0xeb, 0x0, &(0x7f00000002c0)="e718c6edde7a3b7c6af63e413cd5ffd2355006b90295e59b944ae30b53c5e0fb06504316e64898a349e3220fa658c2092306f433254289bcf5cf48a952c6e7eb4c54969299c6123213c5518ec0276eec669de3b62c531bcf2ba950c84bb12b57275938926ff74b0a8fe76d6e8de191b41f549e02c8262b5bf0d716c5f23d4dae1e2d8aac7c0b2386ed16e3b0c7fb6e60c5bbd3d1efb87f99573a5ced5b7f13f75995a776f3c7e6ed23b5056ebec90c762d6ebdd8a7de0f61884f12294d1a1a3696ca768758bc197a050a453209d4fe9930a7053742a70a6fe08461645091bc00c6f25addfbc55c3d37fe35"}) [ 421.223944] RDX: 0000000020000240 RSI: 0000000020026ff8 RDI: 0000000020000280 [ 421.231187] RBP: 000000000072bea0 R08: 0000000020ae2fff R09: 0000000000000000 [ 421.238429] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000014 [ 421.245672] R13: 00000000000003fa R14: 00000000006f8010 R15: 0000000000000031 [ 421.253145] net/sunrpc/rpc_pipe.c: __rpc_create_common failed to allocate inode for dentry cache 2018/03/31 03:07:57 executing program 3: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ppp\x00', 0x0, 0x0) ioctl$FIONREAD(r0, 0x541b, &(0x7f0000000440)) sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r1 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) r2 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) fchdir(0xffffffffffffffff) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) socket(0xf, 0x7, 0x8) getsockopt$inet6_tcp_buf(r1, 0x6, 0xf, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) r4 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_pid(r4, &(0x7f0000000100)=ANY=[], 0x1023c) fadvise64(r3, 0x0, 0x0, 0x4) ioctl$TUNGETFEATURES(r3, 0x800454cf, &(0x7f00000002c0)) fallocate(r3, 0x0, 0x0, 0xffff) r5 = inotify_init1(0x0) open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) getsockopt$inet6_buf(r4, 0x29, 0x2a, &(0x7f0000000580)=""/148, &(0x7f0000000480)=0x94) r6 = inotify_init1(0x80800) dup2(r5, r6) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1eec7e667e9c22c674d6eb942b78258369909dc", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") ioctl$sock_SIOCGPGRP(r4, 0x8904, &(0x7f0000000280)) sendmsg$IPVS_CMD_GET_INFO(r2, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(r3, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}, 0x10}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(r2, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) ioctl(r1, 0x2285, &(0x7f0000007000)='S') 2018/03/31 03:07:57 executing program 2: sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r0 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) r1 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) fchdir(0xffffffffffffffff) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) getsockopt$inet6_tcp_buf(r0, 0x6, 0xf, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_pid(r3, &(0x7f0000000100)=ANY=[], 0x1023c) fadvise64(r2, 0x0, 0x0, 0x4) ioctl$TUNGETFEATURES(r2, 0x800454cf, &(0x7f00000002c0)) fallocate(r2, 0x0, 0x0, 0xffff) r4 = inotify_init1(0x0) open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) r5 = inotify_init1(0x80800) dup2(r4, r5) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1eec7e667e9c22c674d6eb942b782583699", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000000280)) sendmsg$IPVS_CMD_GET_INFO(r1, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(r1, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) ioctl(r0, 0x2285, &(0x7f0000007000)='S') [ 421.319049] binder: 27128:27133 BC_REQUEST_DEATH_NOTIFICATION invalid ref 3 [ 421.340225] binder: 27128:27133 Acquire 1 refcount change on invalid ref 0 ret -22 [ 421.348063] binder: 27128:27133 BC_ACQUIRE_DONE u0000000000000000 no match [ 421.355045] net/sunrpc/rpc_pipe.c: rpc_populate failed to populate directory / [ 421.355234] binder: 27128:27133 unknown command 0 2018/03/31 03:07:57 executing program 6: sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r0 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) r1 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) fchdir(0xffffffffffffffff) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) getsockopt$inet6_tcp_buf(r0, 0x6, 0xf, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_pid(r3, &(0x7f0000000100)=ANY=[], 0x1023c) fadvise64(r2, 0x0, 0x0, 0x0) ioctl$TUNGETFEATURES(r2, 0x800454cf, &(0x7f00000002c0)) fallocate(r2, 0x0, 0x0, 0xffff) r4 = inotify_init1(0x0) open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) r5 = inotify_init1(0x80800) dup2(r4, r5) fstatfs(r4, &(0x7f0000000040)=""/62) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000000280)) sendmsg$IPVS_CMD_GET_INFO(r1, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(r2, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(r1, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) ioctl(r0, 0x2285, &(0x7f0000007000)='S') 2018/03/31 03:07:57 executing program 1 (fault-call:10 fault-nth:50): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x2800000, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="8da4363a00000000000000000000000000000000000000000000000000000000ecf6f2a3299748aeb81e1b00920efd9a000001000000000001000000000000005f42485266535f4d050000000000000000104000000000000000020000000000000000000000000000000000000000000000800200000000007000000000000006000000000000000100000000000000001000000010000000100000001000006100000004000000000000000000000000000000000000000000000045010000000000000000000000010000000000000000008002000000000000800000000000001000000010000000100000000000000000000000000000000000000000000000000000000000000000c08de47c70514c95b95e109e96a0b90decf6f2a3299748aeb81e1b00920efd9a00", 0x12c, 0x10000}], 0x0, &(0x7f0000014300)) mkdir(&(0x7f0000000040)='./file0\x00', 0x1c1) syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000180)="2f2f66696c653002", 0x80, 0x1, &(0x7f0000000900)=[{&(0x7f0000000400)="726b0bf4cf9ea0007fa7cf2e5c463c327b275b956e7a407a7776f3f680f45f33407d01287d4ef58cd8d319309c29643917d4bc86f568f8852b2e6c7cee837e0715e7aa7f82e970e6d76f2290b63efeed63f0785b36f4e95bdf2f07271dbd7d278d79d59de5", 0x65, 0x4}], 0x240000, &(0x7f0000000a00)={'nouuid,'}) r0 = open(&(0x7f00000002c0)='./file0\x00', 0x0, 0x0) symlinkat(&(0x7f0000000240)='./file0/file0/file0\x00', r0, &(0x7f0000000140)='./file0\x00') ioctl$UFFDIO_UNREGISTER(r0, 0x8010aa01, &(0x7f00000003c0)={&(0x7f0000ffc000/0x1000)=nil, 0x1000}) syz_open_pts(r0, 0x646041) unlinkat(r0, &(0x7f0000000080)='./file0/file0/file0\x00', 0x0) renameat(r0, &(0x7f0000000040)="2f2f66696c653002", 0xffffffffffffffff, &(0x7f0000000100)='./file1\x00') mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f0000000280)='./file0/file0\x00', &(0x7f0000026ff8)='./file0\x00', &(0x7f0000000240)='rpc_pipefs\x00', 0x0, &(0x7f0000ae2fff)) umount2(&(0x7f0000000000)='./file0\x00', 0x0) fcntl$notify(r0, 0x402, 0x1b) symlinkat(&(0x7f0000000800)='./file0\x00', 0xffffffffffffffff, &(0x7f0000000780)='./file0/file0\x00') mkdir(&(0x7f0000000380)='./file0\x00', 0x2) renameat(r0, &(0x7f0000000300)="2f2f66696c653002", 0xffffffffffffffff, &(0x7f0000000340)='./file1\x00') 2018/03/31 03:07:57 executing program 5: sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r0 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) r1 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) fchdir(r1) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) getsockopt$inet6_tcp_buf(r0, 0x6, 0xf, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_pid(r3, &(0x7f0000000100)=ANY=[], 0x1023c) getsockopt$inet_buf(r3, 0x0, 0x4, &(0x7f0000000440)=""/67, &(0x7f0000000040)=0x43) fadvise64(r2, 0x0, 0x0, 0x4) ioctl$TUNGETFEATURES(r2, 0x800454cf, &(0x7f00000002c0)) fallocate(r2, 0x0, 0x0, 0xffff) r4 = inotify_init1(0x0) open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) r5 = inotify_init1(0x80800) dup2(r4, r5) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1eec7e667e9c22c674d6eb942b78258369909dc", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000000280)) sendmsg$IPVS_CMD_GET_INFO(r1, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(r2, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(r1, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) ioctl(r0, 0x2285, &(0x7f0000007000)='S') [ 421.440089] binder: 27128:27133 ioctl c0306201 200001c0 returned -22 2018/03/31 03:07:57 executing program 2: sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r0 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) r1 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) fchdir(0xffffffffffffffff) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) getsockopt$inet6_tcp_buf(r0, 0x6, 0xf, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_pid(r3, &(0x7f0000000100)=ANY=[], 0x1023c) fadvise64(r2, 0x0, 0x0, 0x4) ioctl$TUNGETFEATURES(r2, 0x800454cf, &(0x7f00000002c0)) fallocate(r2, 0x0, 0x0, 0xffff) r4 = inotify_init1(0x0) open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) r5 = inotify_init1(0x80800) dup2(r4, r5) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1eec7e667e9c22c674d6eb942b782583699", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000000280)) sendmsg$IPVS_CMD_GET_INFO(r1, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(r1, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) ioctl(r0, 0x2285, &(0x7f0000007000)='S') 2018/03/31 03:07:57 executing program 6: sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r0 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) r1 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) fchdir(0xffffffffffffffff) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) getsockopt$inet6_tcp_buf(r0, 0x6, 0xf, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_pid(r3, &(0x7f0000000100)=ANY=[], 0x1023c) fadvise64(r2, 0x0, 0x0, 0x0) ioctl$TUNGETFEATURES(r2, 0x800454cf, &(0x7f00000002c0)) fallocate(r2, 0x0, 0x0, 0xffff) r4 = inotify_init1(0x0) open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) r5 = inotify_init1(0x80800) dup2(r4, r5) fstatfs(r4, &(0x7f0000000040)=""/62) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000000280)) sendmsg$IPVS_CMD_GET_INFO(r1, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(r2, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(r1, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) ioctl(r0, 0x2285, &(0x7f0000007000)='S') [ 421.501432] binder: 27128:27152 BC_REQUEST_DEATH_NOTIFICATION invalid ref 3 [ 421.522897] binder: 27128:27152 Acquire 1 refcount change on invalid ref 0 ret -22 [ 421.530895] binder: 27128:27152 BC_ACQUIRE_DONE u0000000000000000 no match [ 421.537948] binder: 27128:27152 unknown command 0 [ 421.548572] FAULT_INJECTION: forcing a failure. [ 421.548572] name failslab, interval 1, probability 0, space 0, times 0 [ 421.559843] CPU: 1 PID: 27150 Comm: syz-executor1 Not tainted 4.16.0-rc7+ #7 [ 421.567027] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 421.576375] Call Trace: [ 421.578964] dump_stack+0x194/0x24d [ 421.582604] ? arch_local_irq_restore+0x53/0x53 [ 421.587282] should_fail+0x8c0/0xa40 [ 421.590997] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 421.596099] ? __lock_is_held+0xb6/0x140 [ 421.599123] binder: 27128:27152 ioctl c0306201 200001c0 returned -22 [ 421.600153] ? mark_held_locks+0xaf/0x100 [ 421.600164] ? __raw_spin_lock_init+0x1c/0x100 [ 421.600177] ? find_held_lock+0x35/0x1d0 [ 421.600191] ? __lock_is_held+0xb6/0x140 [ 421.600207] ? check_same_owner+0x320/0x320 [ 421.627763] ? d_alloc+0x269/0x340 [ 421.631301] ? rcu_note_context_switch+0x710/0x710 [ 421.636226] ? lock_release+0xa40/0xa40 [ 421.640208] should_failslab+0xec/0x120 [ 421.644180] kmem_cache_alloc+0x47/0x760 [ 421.648243] ? d_drop+0x51/0x60 [ 421.651519] ? rpc_i_callback+0x30/0x30 [ 421.655490] rpc_alloc_inode+0x1a/0x20 [ 421.659366] alloc_inode+0x65/0x180 [ 421.662985] new_inode_pseudo+0x69/0x190 [ 421.667040] ? prune_icache_sb+0x1a0/0x1a0 [ 421.671269] ? do_raw_spin_trylock+0x190/0x190 [ 421.675842] ? d_add+0xa70/0xa70 [ 421.679205] new_inode+0x1c/0x40 [ 421.682559] rpc_get_inode+0x20/0x1e0 [ 421.686359] __rpc_create_common+0x5d/0x1d0 [ 421.690674] rpc_populate.constprop.15+0x1ad/0x340 [ 421.695600] rpc_fill_super+0x379/0xae0 [ 421.699569] ? cap_capable+0x1b5/0x230 [ 421.703445] ? rpc_remove_pipe_dir_object+0x6d0/0x6d0 [ 421.708631] ? security_capable+0x8e/0xc0 [ 421.712791] ? rpc_remove_pipe_dir_object+0x6d0/0x6d0 [ 421.717977] ? ns_capable_common+0xcf/0x160 [ 421.722291] ? rpc_remove_pipe_dir_object+0x6d0/0x6d0 [ 421.727475] mount_ns+0xc4/0x190 [ 421.730836] rpc_mount+0x9e/0xd0 [ 421.734198] mount_fs+0x66/0x2d0 [ 421.737561] vfs_kern_mount.part.26+0xc6/0x4a0 [ 421.742139] ? may_umount+0xa0/0xa0 [ 421.745763] ? _raw_read_unlock+0x22/0x30 2018/03/31 03:07:58 executing program 7: sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r0 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) r1 = memfd_create(&(0x7f0000000100)="0692", 0x0) fchdir(0xffffffffffffffff) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) getsockopt$inet6_tcp_buf(r0, 0x6, 0xf, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_pid(r3, &(0x7f0000000100)=ANY=[], 0x1023c) fadvise64(r3, 0x1, 0x9, 0x7) ioctl$TUNGETFEATURES(r2, 0x800454cf, &(0x7f00000002c0)) fallocate(r2, 0x0, 0x0, 0xffff) r4 = inotify_init1(0x0) r5 = inotify_init1(0x80800) r6 = dup2(r4, r5) fstatfs(r4, &(0x7f0000000040)=""/62) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1eec7e667e9c22c674d6eb942b78258369909dc", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000000280)) sendmsg$IPVS_CMD_GET_INFO(r1, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) getsockopt$inet6_mreq(r2, 0x29, 0x1f, &(0x7f0000002580)={@ipv4={[], [], @multicast1}, 0x0}, &(0x7f00000025c0)=0x14) ioctl$sock_inet6_SIOCSIFDSTADDR(r0, 0x8918, &(0x7f0000002600)={@empty, 0x6a, r7}) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(r2, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) ftruncate(r0, 0x51) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) getsockopt$inet_sctp_SCTP_PARTIAL_DELIVERY_POINT(r6, 0x84, 0x13, &(0x7f0000000440)={0x0, 0xef}, &(0x7f0000000480)=0x8) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f00000004c0)={r8, 0xbc, &(0x7f0000000580)=[@in={0x2, 0x4e20, @multicast2=0xe0000002}, @in6={0xa, 0x4e22, 0x3, @dev={0xfe, 0x80, [], 0x16}, 0x5}, @in6={0xa, 0x4e22, 0x1, @mcast1={0xff, 0x1, [], 0x1}, 0xfffffffffffffffe}, @in={0x2, 0x4e24, @multicast2=0xe0000002}, @in6={0xa, 0x4e22, 0xfffffffffffff44a, @remote={0xfe, 0x80, [], 0xbb}}, @in6={0xa, 0x4e20, 0x5, @loopback={0x0, 0x1}}, @in6={0xa, 0x4e21, 0x2, @mcast1={0xff, 0x1, [], 0x1}, 0x1}, @in={0x2, 0x4e21, @local={0xac, 0x14, 0x14, 0xaa}}]}, &(0x7f0000000640)=0x10) ioctl$SIOCSIFMTU(r1, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) ioctl(r0, 0x2285, &(0x7f0000007000)='S') 2018/03/31 03:07:58 executing program 6: sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r0 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) r1 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) fchdir(0xffffffffffffffff) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) getsockopt$inet6_tcp_buf(r0, 0x6, 0xf, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_pid(r3, &(0x7f0000000100)=ANY=[], 0x1023c) fadvise64(r2, 0x0, 0x0, 0x0) ioctl$TUNGETFEATURES(r2, 0x800454cf, &(0x7f00000002c0)) fallocate(r2, 0x0, 0x0, 0xffff) r4 = inotify_init1(0x0) open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) r5 = inotify_init1(0x80800) dup2(r4, r5) fstatfs(r4, &(0x7f0000000040)=""/62) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000000280)) sendmsg$IPVS_CMD_GET_INFO(r1, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(r2, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(r1, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) ioctl(r0, 0x2285, &(0x7f0000007000)='S') [ 421.749904] ? __get_fs_type+0x8a/0xc0 [ 421.753787] do_mount+0xea4/0x2bb0 [ 421.757324] ? copy_mount_string+0x40/0x40 [ 421.761558] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 421.766569] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 421.771324] ? retint_kernel+0x10/0x10 [ 421.775207] ? copy_mount_options+0x18b/0x2e0 [ 421.779695] ? copy_mount_options+0x193/0x2e0 [ 421.785049] ? copy_mount_options+0x1f7/0x2e0 [ 421.789537] SyS_mount+0xab/0x120 [ 421.792984] ? copy_mnt_ns+0xb30/0xb30 [ 421.796869] do_syscall_64+0x281/0x940 [ 421.800749] ? vmalloc_sync_all+0x30/0x30 [ 421.804889] ? _raw_spin_unlock_irq+0x27/0x70 [ 421.809378] ? finish_task_switch+0x1c1/0x7e0 [ 421.813872] ? syscall_return_slowpath+0x550/0x550 [ 421.818807] ? syscall_return_slowpath+0x2ac/0x550 [ 421.823743] ? prepare_exit_to_usermode+0x350/0x350 [ 421.828754] ? entry_SYSCALL_64_after_hwframe+0x52/0xb7 [ 421.834109] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 421.838948] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 421.844123] RIP: 0033:0x454e79 [ 421.847303] RSP: 002b:00007fb29f67ac68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 421.855005] RAX: ffffffffffffffda RBX: 00007fb29f67b6d4 RCX: 0000000000454e79 [ 421.862265] RDX: 0000000020000240 RSI: 0000000020026ff8 RDI: 0000000020000280 [ 421.869520] RBP: 000000000072bea0 R08: 0000000020ae2fff R09: 0000000000000000 [ 421.876769] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000014 [ 421.884018] R13: 00000000000003fa R14: 00000000006f8010 R15: 0000000000000032 [ 421.891475] net/sunrpc/rpc_pipe.c: __rpc_create_common failed to allocate inode for dentry nfsd [ 421.908764] net/sunrpc/rpc_pipe.c: rpc_populate failed to populate directory / 2018/03/31 03:07:58 executing program 1 (fault-call:10 fault-nth:51): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x2800000, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="8da4363a00000000000000000000000000000000000000000000000000000000ecf6f2a3299748aeb81e1b00920efd9a000001000000000001000000000000005f42485266535f4d050000000000000000104000000000000000020000000000000000000000000000000000000000000000800200000000007000000000000006000000000000000100000000000000001000000010000000100000001000006100000004000000000000000000000000000000000000000000000045010000000000000000000000010000000000000000008002000000000000800000000000001000000010000000100000000000000000000000000000000000000000000000000000000000000000c08de47c70514c95b95e109e96a0b90decf6f2a3299748aeb81e1b00920efd9a00", 0x12c, 0x10000}], 0x0, &(0x7f0000014300)) mkdir(&(0x7f0000000040)='./file0\x00', 0x1c1) syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000180)="2f2f66696c653002", 0x80, 0x1, &(0x7f0000000900)=[{&(0x7f0000000400)="726b0bf4cf9ea0007fa7cf2e5c463c327b275b956e7a407a7776f3f680f45f33407d01287d4ef58cd8d319309c29643917d4bc86f568f8852b2e6c7cee837e0715e7aa7f82e970e6d76f2290b63efeed63f0785b36f4e95bdf2f07271dbd7d278d79d59de5", 0x65, 0x4}], 0x240000, &(0x7f0000000a00)={'nouuid,'}) r0 = open(&(0x7f00000002c0)='./file0\x00', 0x0, 0x0) symlinkat(&(0x7f0000000240)='./file0/file0/file0\x00', r0, &(0x7f0000000140)='./file0\x00') ioctl$UFFDIO_UNREGISTER(r0, 0x8010aa01, &(0x7f00000003c0)={&(0x7f0000ffc000/0x1000)=nil, 0x1000}) syz_open_pts(r0, 0x646041) unlinkat(r0, &(0x7f0000000080)='./file0/file0/file0\x00', 0x0) renameat(r0, &(0x7f0000000040)="2f2f66696c653002", 0xffffffffffffffff, &(0x7f0000000100)='./file1\x00') mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f0000000280)='./file0/file0\x00', &(0x7f0000026ff8)='./file0\x00', &(0x7f0000000240)='rpc_pipefs\x00', 0x0, &(0x7f0000ae2fff)) umount2(&(0x7f0000000000)='./file0\x00', 0x0) fcntl$notify(r0, 0x402, 0x1b) symlinkat(&(0x7f0000000800)='./file0\x00', 0xffffffffffffffff, &(0x7f0000000780)='./file0/file0\x00') mkdir(&(0x7f0000000380)='./file0\x00', 0x2) renameat(r0, &(0x7f0000000300)="2f2f66696c653002", 0xffffffffffffffff, &(0x7f0000000340)='./file1\x00') 2018/03/31 03:07:58 executing program 3: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ppp\x00', 0x40000, 0x0) ioctl$FIONREAD(0xffffffffffffffff, 0x541b, &(0x7f0000000440)) sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r1 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) r2 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) fchdir(0xffffffffffffffff) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) socket(0xf, 0x7, 0x8) getsockopt$inet6_tcp_buf(r1, 0x6, 0xf, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) r4 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_pid(r4, &(0x7f0000000100)=ANY=[], 0x1023c) fadvise64(r3, 0x0, 0x0, 0x4) ioctl$TUNGETFEATURES(r3, 0x800454cf, &(0x7f00000002c0)) fallocate(r3, 0x0, 0x0, 0xffff) r5 = inotify_init1(0x0) open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) getsockopt$inet6_buf(r4, 0x29, 0x2a, &(0x7f0000000580)=""/148, &(0x7f0000000480)=0x94) r6 = inotify_init1(0x80800) dup2(r5, r6) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1eec7e667e9c22c674d6eb942b78258369909dc", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") ioctl$sock_SIOCGPGRP(r4, 0x8904, &(0x7f0000000280)) sendmsg$IPVS_CMD_GET_INFO(r2, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(r3, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}, 0x10}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(r2, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) ioctl(r1, 0x2285, &(0x7f0000007000)='S') 2018/03/31 03:07:58 executing program 4: r0 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000180)='/proc/self/net/pfkey\x00', 0x0, 0x0) ioctl$KVM_SET_ONE_REG(r0, 0x4010aeac, &(0x7f0000000240)={0xffffffffffffff01, 0x3}) r1 = dup(0xffffffffffffffff) setsockopt$bt_BT_VOICE(r1, 0x112, 0xb, &(0x7f0000000000), 0x2) r2 = syz_open_dev$binder(&(0x7f00000004c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000040)={0x0, 0x0, 0x0}, &(0x7f00000000c0)=0xc) getgroups(0xe27, &(0x7f0000000200)=[r3, r3, r3, r3]) mmap$binder(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000001c0)={0x74, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0c6300000e630c40030000000000000000000000056304400000000009631040", @ANYBLOB, @ANYBLOB="000000000000000000634040000000000000000002000000000000000000000001000000000000000000000018000000000000001000000000000000", @ANYPTR=&(0x7f0000000080)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00H\x00\x00\x00\x00\x00\x00\x00'], @ANYRES64, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0xeb, 0x0, &(0x7f00000002c0)="e718c6edde7a3b7c6af63e413cd5ffd2355006b90295e59b944ae30b53c5e0fb06504316e64898a349e3220fa658c2092306f433254289bcf5cf48a952c6e7eb4c54969299c6123213c5518ec0276eec669de3b62c531bcf2ba950c84bb12b57275938926ff74b0a8fe76d6e8de191b41f549e02c8262b5bf0d716c5f23d4dae1e2d8aac7c0b2386ed16e3b0c7fb6e60c5bbd3d1efb87f99573a5ced5b7f13f75995a776f3c7e6ed23b5056ebec90c762d6ebdd8a7de0f61884f12294d1a1a3696ca768758bc197a050a453209d4fe9930a7053742a70a6fe08461645091bc00c6f25addfbc55c3d37fe35"}) 2018/03/31 03:07:58 executing program 5: sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r0 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) r1 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) fchdir(r1) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) socketpair$inet6_udp(0xa, 0x2, 0x0, &(0x7f0000000280)) fstat(r1, &(0x7f0000000440)) getsockopt$inet6_tcp_buf(r0, 0x6, 0xf, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_pid(r3, &(0x7f0000000100)=ANY=[], 0x0) fadvise64(r2, 0x0, 0x0, 0x4) ioctl$TUNGETFEATURES(r2, 0x800454cf, &(0x7f00000002c0)) fallocate(r2, 0x0, 0x0, 0xffff) r4 = inotify_init1(0x0) open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) r5 = inotify_init1(0x80800) ioctl$TCSETA(r1, 0x5406, &(0x7f0000000040)={0xa7, 0xffffffff, 0x5, 0xbb4, 0x148d, 0x6, 0x5, 0x40a, 0x3, 0x1}) dup2(r4, r5) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1eec7e667e9c22c674d6eb942b78258369909dc", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f00000004c0)) iopl(0x3) sendmsg$IPVS_CMD_GET_INFO(r1, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(r2, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(r1, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) ioctl(r0, 0x2285, &(0x7f0000007000)='S') r6 = syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0)='IPVS\x00') sendmsg$IPVS_CMD_SET_CONFIG(r3, &(0x7f00000006c0)={&(0x7f0000000580)={0x10, 0x0, 0x0, 0x800108}, 0xc, &(0x7f0000000680)={&(0x7f0000000600)={0x74, r6, 0x10, 0x70bd2d, 0x25dfdbfb, {0xc}, [@IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x3f}, @IPVS_CMD_ATTR_DAEMON={0x44, 0x3, [@IPVS_DAEMON_ATTR_SYNC_ID={0x8, 0x3, 0x1}, @IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @mcast2={0xff, 0x2, [], 0x1}}, @IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'erspan0\x00'}, @IPVS_DAEMON_ATTR_STATE={0x8, 0x1}, @IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5}]}, @IPVS_CMD_ATTR_DAEMON={0x14, 0x3, [@IPVS_DAEMON_ATTR_MCAST_TTL={0x8, 0x8, 0x200}, @IPVS_DAEMON_ATTR_MCAST_PORT={0x8, 0x7, 0x4e22}]}]}, 0x74}, 0x1, 0x0, 0x0, 0x4008014}, 0x20000000) 2018/03/31 03:07:58 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000700)='/dev/kvm\x00', 0x20000, 0x0) r1 = syz_open_dev$sndtimer(&(0x7f00000000c0)='/dev/snd/timer\x00', 0x0, 0x0) read(r1, &(0x7f0000ec6000)=""/50, 0x32) r2 = socket$bt_cmtp(0x1f, 0x3, 0x5) ioctl$sock_bt_cmtp_CMTPGETCONNINFO(r2, 0x800443d3, &(0x7f0000000080)={{0xbb, 0x4000000007fff, 0xffffffffffffff0b, 0x3ff, 0x403, 0xfff}, 0x20, 0x82000001, 0x5}) r3 = syz_open_dev$amidi(&(0x7f00000001c0)='/dev/amidi#\x00', 0x0, 0x0) accept4$vsock_stream(r3, &(0x7f0000000340)={0x28, 0x0, 0xffffffff, @my=0x0}, 0x10, 0x80000) ioctl$SNDRV_TIMER_IOCTL_SELECT(r1, 0x40345410, &(0x7f0000000400)={{0x80100000001}}) ioctl$SNDRV_TIMER_IOCTL_PARAMS(r1, 0x40505412, &(0x7f000001cfb0)={0x0, 0x0, 0x0, 0x0, 0xf}) read(r1, &(0x7f0000000200)=""/228, 0xe4) sendto$unix(r3, &(0x7f0000000500)="e6b12efd55a3a87db6a497205e4464f60bc4c82f34b806235fbd3ebc8faab04b32bfd0cc45e3630067c0f72c2cea155f88e86e112f3f48f45538ee996fe3f414ac061a73ebad24974c90a06f587cb34138be47a29378cd06776908778c3f4fb47d2a2ebe23fa1f9574bd", 0x6a, 0x94, 0x0, 0x0) r4 = openat$cuse(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/cuse\x00', 0x400000, 0x0) getsockopt$IP6T_SO_GET_ENTRIES(r3, 0x29, 0x41, &(0x7f0000000800)=ANY=[@ANYBLOB="66686c746572000000000000000000000000000000000000000000000000000093000000f0edfbae534ae8c49967dcce4c1aeddf9bf0744f273543aa8ef5c3dc99e783202a1615b0baad1c2200e1eec871845eb0bbd5a356b8422837ec06edd3b12ec72f55e0b30a4e653ed726835f6725806c672c373789ac093b2beb7fca236214cb73acda2b76ecf0469e70858ca202d17da8ab00d9d983bfd11bbc8f3c24e0b01fb8483ed481cf4a483ff0b002cb8d89eaf5f1a28844bcf67ce7881268fe26df9b909374b61625ecdbf273d2c3ab1aaa1247eb4675136f6b595767981a359e1c8dfa61c7a56e27fe88bc316b6826feb85cb323b1b7ee7a6f0821ff07cf693f27c0efc1fd3122d620d67535b9a0c7e198dc7b19f4497efc288862ba0a94a9393e671fd7f51edf3ef90dc59e0a636c19e75ffdd37acb79033227ef229ca3202b5604e41f080dde880db96ce1a320ea88e71485a9bd3bb7331e14cfda1aad7bd75dbdc6d73b8b40cf9b7e43a786867cd4b6ceafd9e5b43a362072d6876b952ac57314b0d767871345b9e3f993b49cd112e04401de85d68762650fa909bf889858249fb574f96c8c6da3c738bb0090a74f5ecb682e9e097f7e99c09bf299424a00dd2c7fa822472611b75fd4dd06534511603ca2fd6e1f468426210ec8121a781cae4b96b427f1bb779a3a326ba052589bd4268f9c08767f1f02ef5bb2884aca7c4b30d6c80888278f2c9fb16a3d5f8a30f08ae743626fde0e4e38e0e5bce8789899a2fbd701ba0620a6f38a552a5e9ee9d95da8364c53209761696c1cae6d8764bb43f6608b5d4848a1cf750967"], &(0x7f00000006c0)=0xb7) getsockopt$netrom_NETROM_T1(r4, 0x103, 0x1, &(0x7f0000000600), &(0x7f0000000640)=0x4) ioctl$SNDRV_TIMER_IOCTL_START(r1, 0x54a0) socket$nl_xfrm(0x10, 0x3, 0x6) r5 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000680)='/dev/vga_arbiter\x00', 0x8000, 0x0) ioctl$KVM_SET_NR_MMU_PAGES(r4, 0xae44, 0x40) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f0000000480)) ioctl$VHOST_VSOCK_SET_GUEST_CID(r5, 0x4008af60, &(0x7f0000000000)={@reserved=0x1}) r6 = dup2(0xffffffffffffffff, r0) bind$bt_l2cap(r6, &(0x7f0000000040)={0x1f, 0x5b91, {0xd, 0x0, 0x0, 0x8006, 0x5, 0x6}, 0x0, 0x5}, 0xe) ioctl$DRM_IOCTL_AGP_ALLOC(r6, 0xc0206434, &(0x7f0000000440)={0x1, 0x0, 0x2, 0x7ff}) ioctl$DRM_IOCTL_AGP_BIND(r3, 0x40106436, &(0x7f00000004c0)={r7, 0xb6b}) preadv(r6, &(0x7f00000007c0)=[{&(0x7f0000000140)=""/100, 0x64}, {&(0x7f0000000240)=""/66, 0x42}, {&(0x7f00000002c0)=""/115, 0x73}, {&(0x7f0000000380)=""/71, 0x47}], 0x4, 0x16) 2018/03/31 03:07:58 executing program 2: sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r0 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) r1 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) fchdir(0xffffffffffffffff) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) getsockopt$inet6_tcp_buf(r0, 0x6, 0xf, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_pid(r3, &(0x7f0000000100)=ANY=[], 0x1023c) fadvise64(r2, 0x0, 0x0, 0x4) ioctl$TUNGETFEATURES(r2, 0x800454cf, &(0x7f00000002c0)) fallocate(r2, 0x0, 0x0, 0xffff) r4 = inotify_init1(0x0) open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) r5 = inotify_init1(0x80800) dup2(r4, r5) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1eec7e667e9c22c674d6eb942b782583699", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000000280)) sendmsg$IPVS_CMD_GET_INFO(r1, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(r1, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) ioctl(r0, 0x2285, &(0x7f0000007000)='S') 2018/03/31 03:07:58 executing program 7: sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r0 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) r1 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) fchdir(0xffffffffffffffff) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) getsockopt$inet6_tcp_buf(r0, 0x6, 0xf, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_pid(r3, &(0x7f0000000100)=ANY=[], 0x1023c) fadvise64(r2, 0x0, 0x0, 0x4) setsockopt$inet_MCAST_MSFILTER(r0, 0x0, 0x30, &(0x7f0000000580)={0x4, {{0x2, 0x4e21, @remote={0xac, 0x14, 0x14, 0xbb}}}, 0x1, 0x2, [{{0x2, 0x4e21}}, {{0x2, 0x4e24, @local={0xac, 0x14, 0x14, 0xaa}}}]}, 0x190) ioctl$TUNGETFEATURES(r2, 0x800454cf, &(0x7f00000002c0)) fallocate(r2, 0x0, 0x0, 0xffff) r4 = inotify_init1(0x0) open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) dup2(r4, 0xffffffffffffffff) fstatfs(r4, &(0x7f0000000040)=""/62) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1eec7e667e9c22c674d6eb942b78258369909dc", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000000280)) sendmsg$IPVS_CMD_GET_INFO(r1, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(r2, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(r1, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) ioctl(r0, 0x2285, &(0x7f0000007000)='S') 2018/03/31 03:07:58 executing program 6: sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r0 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) r1 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) fchdir(0xffffffffffffffff) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) getsockopt$inet6_tcp_buf(r0, 0x6, 0xf, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_pid(r3, &(0x7f0000000100)=ANY=[], 0x1023c) fadvise64(r2, 0x0, 0x0, 0x4) ioctl$TUNGETFEATURES(0xffffffffffffffff, 0x800454cf, &(0x7f00000002c0)) fallocate(r2, 0x0, 0x0, 0xffff) r4 = inotify_init1(0x0) open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) r5 = inotify_init1(0x80800) dup2(r4, r5) fstatfs(r4, &(0x7f0000000040)=""/62) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000000280)) sendmsg$IPVS_CMD_GET_INFO(r1, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(r2, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(r1, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) ioctl(r0, 0x2285, &(0x7f0000007000)='S') [ 422.154795] FAULT_INJECTION: forcing a failure. [ 422.154795] name failslab, interval 1, probability 0, space 0, times 0 [ 422.166125] CPU: 1 PID: 27189 Comm: syz-executor1 Not tainted 4.16.0-rc7+ #7 [ 422.173308] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 422.182654] Call Trace: [ 422.184296] binder: 27183:27190 BC_REQUEST_DEATH_NOTIFICATION invalid ref 3 [ 422.185234] dump_stack+0x194/0x24d [ 422.185249] ? arch_local_irq_restore+0x53/0x53 [ 422.185269] should_fail+0x8c0/0xa40 [ 422.185283] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 422.185295] ? __lock_is_held+0xb6/0x140 [ 422.204061] binder: 27183:27190 Acquire 1 refcount change on invalid ref 0 ret -22 [ 422.204348] ? mark_held_locks+0xaf/0x100 [ 422.209496] binder: 27183:27190 BC_ACQUIRE_DONE u0000000000000000 no match [ 422.213470] ? __raw_spin_lock_init+0x1c/0x100 [ 422.213484] ? find_held_lock+0x35/0x1d0 [ 422.213496] ? __lock_is_held+0xb6/0x140 [ 422.221192] binder: 27183:27190 unknown command 0 [ 422.225312] ? check_same_owner+0x320/0x320 [ 422.225319] ? d_alloc+0x269/0x340 [ 422.225332] ? rcu_note_context_switch+0x710/0x710 [ 422.256838] binder: 27183:27190 ioctl c0306201 200001c0 returned -22 [ 422.257599] ? lock_release+0xa40/0xa40 [ 422.257617] should_failslab+0xec/0x120 [ 422.257627] kmem_cache_alloc+0x47/0x760 [ 422.257640] ? d_drop+0x51/0x60 [ 422.257649] ? rpc_i_callback+0x30/0x30 [ 422.257659] rpc_alloc_inode+0x1a/0x20 [ 422.292109] alloc_inode+0x65/0x180 [ 422.295737] binder: 27183:27200 BC_REQUEST_DEATH_NOTIFICATION invalid ref 3 [ 422.295747] new_inode_pseudo+0x69/0x190 [ 422.295757] ? prune_icache_sb+0x1a0/0x1a0 [ 422.311111] ? do_raw_spin_trylock+0x190/0x190 [ 422.311502] binder: 27183:27200 Acquire 1 refcount change on invalid ref 0 ret -22 [ 422.315685] ? d_add+0xa70/0xa70 [ 422.315699] new_inode+0x1c/0x40 [ 422.315709] rpc_get_inode+0x20/0x1e0 [ 422.315720] __rpc_create_common+0x5d/0x1d0 [ 422.315733] rpc_populate.constprop.15+0x1ad/0x340 [ 422.315747] rpc_fill_super+0x379/0xae0 [ 422.315759] ? cap_capable+0x1b5/0x230 2018/03/31 03:07:58 executing program 2: sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r0 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) r1 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) fchdir(0xffffffffffffffff) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) getsockopt$inet6_tcp_buf(r0, 0x6, 0xf, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_pid(r3, &(0x7f0000000100)=ANY=[], 0x1023c) fadvise64(r2, 0x0, 0x0, 0x4) ioctl$TUNGETFEATURES(r2, 0x800454cf, &(0x7f00000002c0)) fallocate(r2, 0x0, 0x0, 0xffff) r4 = inotify_init1(0x0) open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) r5 = inotify_init1(0x80800) dup2(r4, r5) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1eec7e667e9c22c674d6eb942b78258369909", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000000280)) sendmsg$IPVS_CMD_GET_INFO(r1, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(r1, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) ioctl(r0, 0x2285, &(0x7f0000007000)='S') 2018/03/31 03:07:58 executing program 4: r0 = syz_open_dev$binder(&(0x7f00000004c0)='/dev/binder#\x00', 0x0, 0x800) getgroups(0x0, &(0x7f0000000500)) mmap$binder(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x2000084, 0x10, r0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x74, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="0c6300000e630c0104000000000009631040", @ANYBLOB="dee64c6c6481f2b355773311c450b9cca299999ba825575e201174f8a2f607645ad3c2caf81ebf8235f04e6be3f4a1fc48deb58a121b021dfb539f5d82f427b0271711cb111e3088c8ee6a", @ANYBLOB="000000000000000000634040000000000000000002000000000000000000000001000000000000000000000018000000000000001000000000000000", @ANYPTR=&(0x7f0000000080)=ANY=[@ANYBLOB="00004bc200e91659f4096d2a9b"], @ANYRES64, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0xeb, 0x0, &(0x7f00000002c0)="e718c6edde7a3b7c6af63e413cd5ffd2355006b90295e59b944ae30b53c5e0fb06504316e64898a349e3220fa658c2092306f433254289bcf5cf48a952c6e7eb4c54969299c6123213c5518ec0276eec669de3b62c531bcf2ba950c84bb12b57275938926ff74b0a8fe76d6e8de191b41f549e02c8262b5bf0d716c5f23d4dae1e2d8aac7c0b2386ed16e3b0c7fb6e60c5bbd3d1efb87f99573a5ced5b7f13f75995a776f3c7e6ed23b5056ebec90c762d6ebdd8a7de0f61884f12294d1a1a3696ca768758bc197a050a453209d4fe9930a7053742a70a6fe08461645091bc00c6f25addfbc55c3d37fe35"}) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='net/snmp6\x00') clock_gettime(0x0, &(0x7f00000020c0)={0x0, 0x0}) recvmmsg(r1, &(0x7f0000001fc0)=[{{&(0x7f00000000c0)=@pptp, 0x80, &(0x7f0000000700)=[{&(0x7f0000000040)=""/43, 0x2b}, {&(0x7f0000000140)=""/117, 0x75}, {&(0x7f00000003c0)=""/2, 0x2}, {&(0x7f0000000400)=""/80, 0x50}, {&(0x7f0000000500)=""/225, 0xe1}, {&(0x7f0000000600)=""/234, 0xea}], 0x6, &(0x7f0000000780)=""/124, 0x7c, 0xfffffffeffffffff}, 0x4cdbf8e8}, {{&(0x7f0000000800)=@llc={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @broadcast}, 0x80, &(0x7f0000000480)=[{&(0x7f0000000880)=""/111, 0x6f}], 0x1, 0x0, 0x0, 0x7}, 0xfffffffffffffff8}, {{&(0x7f0000000900)=@hci, 0x80, &(0x7f0000001d40)=[{&(0x7f0000000980)=""/4096, 0x1000}, {&(0x7f0000001980)=""/123, 0x7b}, {&(0x7f0000001a00)=""/77, 0x4d}, {&(0x7f0000001a80)=""/254, 0xfe}, {&(0x7f0000001b80)=""/106, 0x6a}, {&(0x7f0000001c00)=""/119, 0x77}, {&(0x7f0000001c80)=""/165, 0xa5}], 0x7, &(0x7f0000001dc0)=""/10, 0xa, 0x1}, 0x4}, {{&(0x7f0000001e00)=@pppol2tpv3in6={0x0, 0x0, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, @local}}}, 0x80, &(0x7f0000001e80), 0x0, &(0x7f0000001ec0)=""/239, 0xef, 0xff}, 0x1}], 0x4, 0x100, &(0x7f0000002100)={r2, r3+10000000}) [ 422.315769] ? rpc_remove_pipe_dir_object+0x6d0/0x6d0 [ 422.315780] ? security_capable+0x8e/0xc0 [ 422.323502] binder: 27183:27200 BC_ACQUIRE_DONE u0000000000000000 no match [ 422.326817] ? rpc_remove_pipe_dir_object+0x6d0/0x6d0 [ 422.326827] ? ns_capable_common+0xcf/0x160 [ 422.326837] ? rpc_remove_pipe_dir_object+0x6d0/0x6d0 [ 422.326848] mount_ns+0xc4/0x190 [ 422.330201] binder: 27183:27200 unknown command 0 [ 422.333962] rpc_mount+0x9e/0xd0 [ 422.333973] mount_fs+0x66/0x2d0 [ 422.333984] vfs_kern_mount.part.26+0xc6/0x4a0 [ 422.333994] ? may_umount+0xa0/0xa0 [ 422.347624] binder: 27183:27200 ioctl c0306201 200001c0 returned -22 [ 422.351014] ? _raw_read_unlock+0x22/0x30 [ 422.351025] ? __get_fs_type+0x8a/0xc0 [ 422.351038] do_mount+0xea4/0x2bb0 [ 422.351052] ? copy_mount_string+0x40/0x40 [ 422.351065] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 422.351076] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 422.351090] ? retint_kernel+0x10/0x10 [ 422.351103] ? copy_mount_options+0x18b/0x2e0 [ 422.351112] ? copy_mount_options+0x193/0x2e0 [ 422.351121] ? copy_mount_options+0x1f7/0x2e0 [ 422.351130] SyS_mount+0xab/0x120 [ 422.447140] binder: 27213:27215 unknown command 17589006 [ 422.449840] ? copy_mnt_ns+0xb30/0xb30 [ 422.449854] do_syscall_64+0x281/0x940 [ 422.449864] ? vmalloc_sync_all+0x30/0x30 [ 422.449875] ? _raw_spin_unlock_irq+0x27/0x70 [ 422.449885] ? finish_task_switch+0x1c1/0x7e0 [ 422.449895] ? syscall_return_slowpath+0x550/0x550 [ 422.449904] ? syscall_return_slowpath+0x2ac/0x550 [ 422.449914] ? prepare_exit_to_usermode+0x350/0x350 [ 422.469882] binder: 27213:27215 ioctl c0306201 200001c0 returned -22 2018/03/31 03:07:58 executing program 2: sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r0 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) r1 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) fchdir(0xffffffffffffffff) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) getsockopt$inet6_tcp_buf(r0, 0x6, 0xf, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_pid(r3, &(0x7f0000000100)=ANY=[], 0x1023c) fadvise64(r2, 0x0, 0x0, 0x4) ioctl$TUNGETFEATURES(r2, 0x800454cf, &(0x7f00000002c0)) fallocate(r2, 0x0, 0x0, 0xffff) r4 = inotify_init1(0x0) open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) r5 = inotify_init1(0x80800) dup2(r4, r5) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1eec7e667e9c22c674d6eb942b78258369909", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000000280)) sendmsg$IPVS_CMD_GET_INFO(r1, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(r1, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) ioctl(r0, 0x2285, &(0x7f0000007000)='S') [ 422.470990] ? entry_SYSCALL_64_after_hwframe+0x52/0xb7 [ 422.471006] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 422.471021] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 422.471029] RIP: 0033:0x454e79 [ 422.471035] RSP: 002b:00007fb29f67ac68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 422.471045] RAX: ffffffffffffffda RBX: 00007fb29f67b6d4 RCX: 0000000000454e79 [ 422.471051] RDX: 0000000020000240 RSI: 0000000020026ff8 RDI: 0000000020000280 [ 422.471056] RBP: 000000000072bea0 R08: 0000000020ae2fff R09: 0000000000000000 2018/03/31 03:07:58 executing program 5: sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r0 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) r1 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) fchdir(0xffffffffffffffff) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) getsockopt$inet6_tcp_buf(r0, 0x6, 0xf, &(0x7f0000000440)=""/87, &(0x7f00000003c0)=0x57) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_pid(r3, &(0x7f0000000100)=ANY=[], 0x1023c) fadvise64(r2, 0x0, 0x0, 0x4) ioctl$TUNGETFEATURES(r2, 0x800454cf, &(0x7f00000002c0)) fallocate(r2, 0x0, 0x3, 0xffff) r4 = inotify_init1(0x0) open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) r5 = inotify_init1(0x80800) dup2(r4, r5) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1eec7e667e9c22c674d6eb942b78258369909dc", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000000280)) sendmsg$IPVS_CMD_GET_INFO(r1, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(r2, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(r1, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) ioctl(r0, 0x2285, &(0x7f0000007000)='S') 2018/03/31 03:07:58 executing program 7: sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r0 = syz_open_dev$sg(&(0x7f00000005c0)='/dev/sg#\x00', 0x6, 0x20000000012000) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) ioctl$KVM_SET_BOOT_CPU_ID(r0, 0xae78, &(0x7f00000004c0)) r1 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) fchdir(0xffffffffffffffff) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) ioctl$RNDADDTOENTCNT(r1, 0x40045201, &(0x7f0000000440)=0xa4) getsockopt$inet6_tcp_buf(r0, 0x6, 0xf, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_pid(r3, &(0x7f0000000100)=ANY=[], 0x1023c) fadvise64(r2, 0x0, 0x0, 0x4) ioctl$TUNGETFEATURES(r2, 0x800454cf, &(0x7f00000002c0)) fallocate(r2, 0x0, 0x0, 0xffff) r4 = inotify_init1(0x0) open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) r5 = inotify_init1(0x80800) dup2(r4, r5) fstatfs(r4, &(0x7f0000000040)=""/62) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1eec7e667e9c22c674d6eb942b78258369909dc", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") socketpair$packet(0x11, 0x3, 0x300, &(0x7f0000000480)) ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000000280)) sendmsg$IPVS_CMD_GET_INFO(r1, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(r2, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$SIOCSIFMTU(r1, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) ioctl(r0, 0x2285, &(0x7f0000007000)='S') setsockopt$IP_VS_SO_SET_ZERO(r2, 0x0, 0x48f, &(0x7f0000000580)={0x29, @multicast1=0xe0000001, 0x4e21, 0x2, 'wlc\x00', 0x0, 0x7fff, 0x26}, 0x2c) 2018/03/31 03:07:58 executing program 6: sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r0 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) r1 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) fchdir(0xffffffffffffffff) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) getsockopt$inet6_tcp_buf(r0, 0x6, 0xf, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_pid(r3, &(0x7f0000000100)=ANY=[], 0x1023c) fadvise64(r2, 0x0, 0x0, 0x4) ioctl$TUNGETFEATURES(0xffffffffffffffff, 0x800454cf, &(0x7f00000002c0)) fallocate(r2, 0x0, 0x0, 0xffff) r4 = inotify_init1(0x0) open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) r5 = inotify_init1(0x80800) dup2(r4, r5) fstatfs(r4, &(0x7f0000000040)=""/62) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000000280)) sendmsg$IPVS_CMD_GET_INFO(r1, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(r2, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(r1, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) ioctl(r0, 0x2285, &(0x7f0000007000)='S') [ 422.471061] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000014 [ 422.471068] R13: 00000000000003fa R14: 00000000006f8010 R15: 0000000000000033 [ 422.496884] binder: 27213:27215 unknown command 17589006 [ 422.499152] net/sunrpc/rpc_pipe.c: __rpc_create_common failed to allocate inode for dentry nfsd [ 422.521647] net/sunrpc/rpc_pipe.c: rpc_populate failed to populate directory / [ 422.574755] binder: 27213:27215 ioctl c0306201 200001c0 returned -22 2018/03/31 03:07:58 executing program 1 (fault-call:10 fault-nth:52): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x2800000, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="8da4363a00000000000000000000000000000000000000000000000000000000ecf6f2a3299748aeb81e1b00920efd9a000001000000000001000000000000005f42485266535f4d050000000000000000104000000000000000020000000000000000000000000000000000000000000000800200000000007000000000000006000000000000000100000000000000001000000010000000100000001000006100000004000000000000000000000000000000000000000000000045010000000000000000000000010000000000000000008002000000000000800000000000001000000010000000100000000000000000000000000000000000000000000000000000000000000000c08de47c70514c95b95e109e96a0b90decf6f2a3299748aeb81e1b00920efd9a00", 0x12c, 0x10000}], 0x0, &(0x7f0000014300)) mkdir(&(0x7f0000000040)='./file0\x00', 0x1c1) syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000180)="2f2f66696c653002", 0x80, 0x1, &(0x7f0000000900)=[{&(0x7f0000000400)="726b0bf4cf9ea0007fa7cf2e5c463c327b275b956e7a407a7776f3f680f45f33407d01287d4ef58cd8d319309c29643917d4bc86f568f8852b2e6c7cee837e0715e7aa7f82e970e6d76f2290b63efeed63f0785b36f4e95bdf2f07271dbd7d278d79d59de5", 0x65, 0x4}], 0x240000, &(0x7f0000000a00)={'nouuid,'}) r0 = open(&(0x7f00000002c0)='./file0\x00', 0x0, 0x0) symlinkat(&(0x7f0000000240)='./file0/file0/file0\x00', r0, &(0x7f0000000140)='./file0\x00') ioctl$UFFDIO_UNREGISTER(r0, 0x8010aa01, &(0x7f00000003c0)={&(0x7f0000ffc000/0x1000)=nil, 0x1000}) syz_open_pts(r0, 0x646041) unlinkat(r0, &(0x7f0000000080)='./file0/file0/file0\x00', 0x0) renameat(r0, &(0x7f0000000040)="2f2f66696c653002", 0xffffffffffffffff, &(0x7f0000000100)='./file1\x00') mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f0000000280)='./file0/file0\x00', &(0x7f0000026ff8)='./file0\x00', &(0x7f0000000240)='rpc_pipefs\x00', 0x0, &(0x7f0000ae2fff)) umount2(&(0x7f0000000000)='./file0\x00', 0x0) fcntl$notify(r0, 0x402, 0x1b) symlinkat(&(0x7f0000000800)='./file0\x00', 0xffffffffffffffff, &(0x7f0000000780)='./file0/file0\x00') mkdir(&(0x7f0000000380)='./file0\x00', 0x2) renameat(r0, &(0x7f0000000300)="2f2f66696c653002", 0xffffffffffffffff, &(0x7f0000000340)='./file1\x00') [ 422.696787] FAULT_INJECTION: forcing a failure. [ 422.696787] name failslab, interval 1, probability 0, space 0, times 0 [ 422.708189] CPU: 1 PID: 27233 Comm: syz-executor1 Not tainted 4.16.0-rc7+ #7 [ 422.715374] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 422.724723] Call Trace: [ 422.727311] dump_stack+0x194/0x24d [ 422.730940] ? arch_local_irq_restore+0x53/0x53 [ 422.735618] should_fail+0x8c0/0xa40 [ 422.739332] ? unwind_next_frame.part.6+0x1a6/0xb40 [ 422.744352] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 422.749457] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 422.754650] ? __lock_acquire+0x664/0x3e00 [ 422.758876] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 422.764049] ? find_held_lock+0x35/0x1d0 [ 422.768090] ? __lock_is_held+0xb6/0x140 [ 422.772131] ? check_same_owner+0x320/0x320 [ 422.776440] ? __d_lookup+0x4f4/0x830 [ 422.780226] ? rcu_note_context_switch+0x710/0x710 [ 422.785145] should_failslab+0xec/0x120 [ 422.789106] kmem_cache_alloc+0x47/0x760 [ 422.793146] __d_alloc+0xc1/0xbd0 [ 422.796576] ? shrink_dcache_for_umount+0x290/0x290 [ 422.801574] ? d_alloc_parallel+0x1b40/0x1b40 [ 422.806064] ? lock_release+0xa40/0xa40 [ 422.810022] ? mark_held_locks+0xaf/0x100 [ 422.814150] ? d_lookup+0x133/0x2e0 [ 422.817753] ? d_lookup+0x1d5/0x2e0 [ 422.821367] d_alloc+0x8e/0x340 [ 422.824630] ? __d_alloc+0xbd0/0xbd0 [ 422.828319] ? full_name_hash+0x9b/0xe0 [ 422.832288] __rpc_lookup_create_exclusive+0x183/0x1d0 [ 422.837549] ? rpc_d_lookup_sb+0x1a0/0x1a0 [ 422.841770] rpc_populate.constprop.15+0xa3/0x340 [ 422.846602] rpc_fill_super+0x379/0xae0 [ 422.850560] ? cap_capable+0x1b5/0x230 [ 422.854424] ? rpc_remove_pipe_dir_object+0x6d0/0x6d0 [ 422.859591] ? security_capable+0x8e/0xc0 [ 422.863712] ? rpc_remove_pipe_dir_object+0x6d0/0x6d0 [ 422.868886] ? ns_capable_common+0xcf/0x160 [ 422.873183] ? rpc_remove_pipe_dir_object+0x6d0/0x6d0 [ 422.878348] mount_ns+0xc4/0x190 [ 422.881704] rpc_mount+0x9e/0xd0 [ 422.885059] mount_fs+0x66/0x2d0 [ 422.888415] vfs_kern_mount.part.26+0xc6/0x4a0 [ 422.892971] ? may_umount+0xa0/0xa0 [ 422.896573] ? _raw_read_unlock+0x22/0x30 [ 422.900694] ? __get_fs_type+0x8a/0xc0 [ 422.904558] do_mount+0xea4/0x2bb0 [ 422.908074] ? copy_mount_string+0x40/0x40 [ 422.912289] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 422.917297] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 422.922051] ? retint_kernel+0x10/0x10 [ 422.925926] ? copy_mount_options+0x18b/0x2e0 [ 422.930405] ? copy_mount_options+0x193/0x2e0 [ 422.934890] ? copy_mount_options+0x1f7/0x2e0 [ 422.939372] SyS_mount+0xab/0x120 [ 422.942806] ? copy_mnt_ns+0xb30/0xb30 [ 422.946677] do_syscall_64+0x281/0x940 [ 422.950540] ? trace_event_raw_event_sys_exit+0x260/0x260 [ 422.956053] ? syscall_return_slowpath+0x550/0x550 [ 422.960967] ? syscall_return_slowpath+0x2ac/0x550 [ 422.965877] ? entry_SYSCALL_64_after_hwframe+0x52/0xb7 [ 422.971218] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 422.976044] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 422.981213] RIP: 0033:0x454e79 [ 422.984384] RSP: 002b:00007fb29f67ac68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 422.992065] RAX: ffffffffffffffda RBX: 00007fb29f67b6d4 RCX: 0000000000454e79 [ 422.999308] RDX: 0000000020000240 RSI: 0000000020026ff8 RDI: 0000000020000280 [ 423.006551] RBP: 000000000072bea0 R08: 0000000020ae2fff R09: 0000000000000000 [ 423.013795] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000014 [ 423.021042] R13: 00000000000003fa R14: 00000000006f8010 R15: 0000000000000034 [ 423.031577] net/sunrpc/rpc_pipe.c: rpc_populate failed to populate directory / 2018/03/31 03:07:59 executing program 2: sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r0 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) r1 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) fchdir(0xffffffffffffffff) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) getsockopt$inet6_tcp_buf(r0, 0x6, 0xf, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_pid(r3, &(0x7f0000000100)=ANY=[], 0x1023c) fadvise64(r2, 0x0, 0x0, 0x4) ioctl$TUNGETFEATURES(r2, 0x800454cf, &(0x7f00000002c0)) fallocate(r2, 0x0, 0x0, 0xffff) r4 = inotify_init1(0x0) open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) r5 = inotify_init1(0x80800) dup2(r4, r5) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1eec7e667e9c22c674d6eb942b78258369909", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000000280)) sendmsg$IPVS_CMD_GET_INFO(r1, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(r1, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) ioctl(r0, 0x2285, &(0x7f0000007000)='S') 2018/03/31 03:07:59 executing program 5: sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r0 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) r1 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) fchdir(0xffffffffffffffff) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) getsockopt$inet6_tcp_buf(r0, 0x6, 0xf, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_pid(r3, &(0x7f0000000100)=ANY=[], 0x1023c) fadvise64(r2, 0x0, 0x0, 0x4) ioctl$TUNGETFEATURES(r2, 0x800454cf, &(0x7f00000002c0)) fallocate(r2, 0x0, 0x0, 0xffff) r4 = inotify_init1(0x0) open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) r5 = inotify_init1(0x80800) dup2(r4, r5) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1eec7e667e9c22c674d6eb942b78258369909dc", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000000280)) sendmsg$IPVS_CMD_GET_INFO(r1, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(r2, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$UFFDIO_UNREGISTER(r3, 0x8010aa01, &(0x7f0000000040)={&(0x7f0000ffc000/0x4000)=nil, 0x4000}) ioctl$SIOCSIFMTU(r1, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) ioctl(r0, 0x2285, &(0x7f0000007000)='S') 2018/03/31 03:07:59 executing program 3: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ppp\x00', 0x40000, 0x0) ioctl$FIONREAD(0xffffffffffffffff, 0x541b, &(0x7f0000000440)) sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r1 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) r2 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) fchdir(0xffffffffffffffff) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) socket(0xf, 0x7, 0x8) getsockopt$inet6_tcp_buf(r1, 0x6, 0xf, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) r4 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_pid(r4, &(0x7f0000000100)=ANY=[], 0x1023c) fadvise64(r3, 0x0, 0x0, 0x4) ioctl$TUNGETFEATURES(r3, 0x800454cf, &(0x7f00000002c0)) fallocate(r3, 0x0, 0x0, 0xffff) r5 = inotify_init1(0x0) open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) getsockopt$inet6_buf(r4, 0x29, 0x2a, &(0x7f0000000580)=""/148, &(0x7f0000000480)=0x94) r6 = inotify_init1(0x80800) dup2(r5, r6) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1eec7e667e9c22c674d6eb942b78258369909dc", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") ioctl$sock_SIOCGPGRP(r4, 0x8904, &(0x7f0000000280)) sendmsg$IPVS_CMD_GET_INFO(r2, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(r3, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}, 0x10}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(r2, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) ioctl(r1, 0x2285, &(0x7f0000007000)='S') 2018/03/31 03:07:59 executing program 4: r0 = syz_open_dev$binder(&(0x7f00000004c0)='/dev/binder#\x00', 0x0, 0x0) getgroups(0x0, &(0x7f0000000500)) mmap$binder(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000000)='hugetlb.2MB.usage_in_bytes\x00', 0x0, 0x0) getsockopt$inet_tcp_buf(r1, 0x6, 0xe, &(0x7f00000002c0)=""/149, &(0x7f0000000040)=0x95) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0xfb, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="0c7700000e630c40030000000010000000000000056304402000000009631040d5035abe15a85938704d34f9c96d8fa50984acf4a47c73013db99d01848c309f8ae64a38393cd191", @ANYBLOB, @ANYBLOB="000000000000000000634040000000000000000002000000000000000000000001000000000000000000000018000000000000001000000000000000", @ANYPTR=&(0x7f0000000080)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00H\x00\x00\x00\x00\x00\x00\x00'], @ANYRES64, @ANYBLOB], 0xfffffffffffffc81, 0x0, &(0x7f00000000c0)="e718c6edde7a3b7c6af63e413cd5ffd2355006b90295e59b944ae30b53c5e0fb06504316e64898a349e3220fa658c2092306f433254289bcf5cf48a952c6e7eb4c54969299c6123213c5518ec0276eec669de3b62c531bcf2ba950c84bb12b57275938926ff74b0a8fe76d6e8de191b41f549e02c8262b5bf0d716c5f23d4dae1e2d8aac7c0b2386ed16e3b0c7fb6e60c5bbd3d1efb87f99573a5ced5b7f13f75995a776f3c7e6ed23b5056ebec90c762d6ebdd8a7de0f61884f12294d1a1a3696ca768758bc197a050a453209d4fe9930a7053742a70a6fe08461645091bc00c6f25addfbc55c3d37fe35"}) 2018/03/31 03:07:59 executing program 1 (fault-call:10 fault-nth:53): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x2800000, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="8da4363a00000000000000000000000000000000000000000000000000000000ecf6f2a3299748aeb81e1b00920efd9a000001000000000001000000000000005f42485266535f4d050000000000000000104000000000000000020000000000000000000000000000000000000000000000800200000000007000000000000006000000000000000100000000000000001000000010000000100000001000006100000004000000000000000000000000000000000000000000000045010000000000000000000000010000000000000000008002000000000000800000000000001000000010000000100000000000000000000000000000000000000000000000000000000000000000c08de47c70514c95b95e109e96a0b90decf6f2a3299748aeb81e1b00920efd9a00", 0x12c, 0x10000}], 0x0, &(0x7f0000014300)) mkdir(&(0x7f0000000040)='./file0\x00', 0x1c1) syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000180)="2f2f66696c653002", 0x80, 0x1, &(0x7f0000000900)=[{&(0x7f0000000400)="726b0bf4cf9ea0007fa7cf2e5c463c327b275b956e7a407a7776f3f680f45f33407d01287d4ef58cd8d319309c29643917d4bc86f568f8852b2e6c7cee837e0715e7aa7f82e970e6d76f2290b63efeed63f0785b36f4e95bdf2f07271dbd7d278d79d59de5", 0x65, 0x4}], 0x240000, &(0x7f0000000a00)={'nouuid,'}) r0 = open(&(0x7f00000002c0)='./file0\x00', 0x0, 0x0) symlinkat(&(0x7f0000000240)='./file0/file0/file0\x00', r0, &(0x7f0000000140)='./file0\x00') ioctl$UFFDIO_UNREGISTER(r0, 0x8010aa01, &(0x7f00000003c0)={&(0x7f0000ffc000/0x1000)=nil, 0x1000}) syz_open_pts(r0, 0x646041) unlinkat(r0, &(0x7f0000000080)='./file0/file0/file0\x00', 0x0) renameat(r0, &(0x7f0000000040)="2f2f66696c653002", 0xffffffffffffffff, &(0x7f0000000100)='./file1\x00') mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f0000000280)='./file0/file0\x00', &(0x7f0000026ff8)='./file0\x00', &(0x7f0000000240)='rpc_pipefs\x00', 0x0, &(0x7f0000ae2fff)) umount2(&(0x7f0000000000)='./file0\x00', 0x0) fcntl$notify(r0, 0x402, 0x1b) symlinkat(&(0x7f0000000800)='./file0\x00', 0xffffffffffffffff, &(0x7f0000000780)='./file0/file0\x00') mkdir(&(0x7f0000000380)='./file0\x00', 0x2) renameat(r0, &(0x7f0000000300)="2f2f66696c653002", 0xffffffffffffffff, &(0x7f0000000340)='./file1\x00') 2018/03/31 03:07:59 executing program 6: sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r0 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) r1 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) fchdir(0xffffffffffffffff) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) getsockopt$inet6_tcp_buf(r0, 0x6, 0xf, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_pid(r3, &(0x7f0000000100)=ANY=[], 0x1023c) fadvise64(r2, 0x0, 0x0, 0x4) ioctl$TUNGETFEATURES(0xffffffffffffffff, 0x800454cf, &(0x7f00000002c0)) fallocate(r2, 0x0, 0x0, 0xffff) r4 = inotify_init1(0x0) open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) r5 = inotify_init1(0x80800) dup2(r4, r5) fstatfs(r4, &(0x7f0000000040)=""/62) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000000280)) sendmsg$IPVS_CMD_GET_INFO(r1, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(r2, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(r1, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) ioctl(r0, 0x2285, &(0x7f0000007000)='S') 2018/03/31 03:07:59 executing program 7: sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r0 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) r1 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) fchdir(0xffffffffffffffff) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) getsockopt$inet6_tcp_buf(r0, 0x6, 0xf, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_pid(r3, &(0x7f0000000100)=ANY=[], 0x1023c) ioctl$sock_FIOGETOWN(r0, 0x8903, &(0x7f00000001c0)=0x0) move_pages(r4, 0x9, &(0x7f00000004c0)=[&(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffd000/0x2000)=nil], 0x0, &(0x7f0000000540)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x4) fadvise64(r2, 0x0, 0x0, 0x4) ioctl$TUNGETFEATURES(r2, 0x800454cf, &(0x7f00000002c0)) fallocate(r2, 0x0, 0x0, 0xffff) r5 = inotify_init1(0x0) open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) r6 = inotify_init1(0x80800) dup2(r5, r6) fstatfs(r5, &(0x7f0000000040)=""/62) pwrite64(r3, &(0x7f0000000440)="c27a3179690a5cfad3e2ff34169c07895a89a7c3d903210ca6dda59ebd5bad9a72fe6b0a743778456cc96f7e87e9ae6a7a4589e746722281767fa72f7946694f3890ce1b82b8c8d909a41685b680644bc408e151ac645c91a467c4a4efbfaf0543923b5bfd43d6a933de908249a80b833020b174b0994e0480ee", 0x7a, 0x0) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1eec7e667e9c22c674d6eb942b78258369909dc", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000000280)) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(r2, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(r1, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) ioctl(r0, 0x2285, &(0x7f0000007000)='S') 2018/03/31 03:07:59 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x20000, 0x0) r1 = syz_open_dev$sndtimer(&(0x7f00000000c0)='/dev/snd/timer\x00', 0x0, 0x0) read(r1, &(0x7f0000ec6000)=""/50, 0x32) r2 = socket$bt_cmtp(0x1f, 0x3, 0x5) ioctl$sock_bt_cmtp_CMTPGETCONNINFO(r2, 0x800443d3, &(0x7f0000000080)={{0x6, 0x6, 0xffffffffffffff0b, 0xb73, 0x3ff, 0xfff}, 0xf32, 0x80000001, 0x7}) r3 = syz_open_dev$amidi(&(0x7f00000001c0)='/dev/amidi#\x00', 0x0, 0x0) accept4$vsock_stream(r3, &(0x7f0000000340)={0x28, 0x0, 0xffffffff, @my=0x0}, 0x10, 0x80000) ioctl$SNDRV_TIMER_IOCTL_SELECT(r1, 0x40345410, &(0x7f0000000400)={{0x80100000001}}) ioctl$SNDRV_TIMER_IOCTL_PARAMS(r1, 0x40505412, &(0x7f000001cfb0)={0x0, 0x0, 0x0, 0x0, 0xf}) read(r1, &(0x7f0000000200)=""/228, 0xe4) r4 = openat$cuse(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/cuse\x00', 0x400000, 0x0) getsockopt$netrom_NETROM_T1(r4, 0x103, 0x1, &(0x7f0000000600), &(0x7f0000000640)=0x4) ioctl$SNDRV_TIMER_IOCTL_START(r1, 0x54a0) socket$nl_xfrm(0x10, 0x3, 0x6) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000680)='/dev/vga_arbiter\x00', 0x8000, 0x0) ioctl$KVM_SET_NR_MMU_PAGES(r4, 0xae44, 0x40) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f0000000480)) r5 = dup2(0xffffffffffffffff, r0) bind$bt_l2cap(r5, &(0x7f0000000040)={0x1f, 0x5b91, {0xd, 0x0, 0x0, 0x8006, 0x5, 0x6}, 0x0, 0x5}, 0xe) preadv(r5, &(0x7f00000007c0)=[{&(0x7f0000000140)=""/100, 0x64}, {&(0x7f0000000240)=""/66, 0x42}, {&(0x7f00000002c0)=""/115, 0x73}, {&(0x7f0000000380)=""/71, 0x47}], 0x4, 0x16) [ 423.279561] FAULT_INJECTION: forcing a failure. [ 423.279561] name failslab, interval 1, probability 0, space 0, times 0 [ 423.291014] CPU: 0 PID: 27256 Comm: syz-executor1 Not tainted 4.16.0-rc7+ #7 [ 423.298201] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 423.307569] Call Trace: [ 423.310160] dump_stack+0x194/0x24d [ 423.313803] ? arch_local_irq_restore+0x53/0x53 [ 423.318480] should_fail+0x8c0/0xa40 [ 423.322191] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 423.327299] ? __lock_is_held+0xb6/0x140 [ 423.331361] ? mark_held_locks+0xaf/0x100 [ 423.335505] ? __raw_spin_lock_init+0x1c/0x100 [ 423.340085] ? find_held_lock+0x35/0x1d0 [ 423.344157] ? __lock_is_held+0xb6/0x140 [ 423.348233] ? check_same_owner+0x320/0x320 [ 423.352553] ? d_alloc+0x269/0x340 [ 423.356095] ? rcu_note_context_switch+0x710/0x710 [ 423.361018] ? lock_release+0xa40/0xa40 [ 423.364995] should_failslab+0xec/0x120 [ 423.368966] kmem_cache_alloc+0x47/0x760 [ 423.373029] ? d_drop+0x51/0x60 [ 423.376304] ? rpc_i_callback+0x30/0x30 [ 423.380276] rpc_alloc_inode+0x1a/0x20 [ 423.384157] alloc_inode+0x65/0x180 [ 423.387789] new_inode_pseudo+0x69/0x190 [ 423.391847] ? prune_icache_sb+0x1a0/0x1a0 [ 423.396076] ? do_raw_spin_trylock+0x190/0x190 [ 423.400652] ? d_add+0xa70/0xa70 [ 423.404014] new_inode+0x1c/0x40 [ 423.407375] rpc_get_inode+0x20/0x1e0 [ 423.411171] __rpc_create_common+0x5d/0x1d0 [ 423.415492] rpc_populate.constprop.15+0x1ad/0x340 [ 423.420420] rpc_fill_super+0x379/0xae0 [ 423.424391] ? cap_capable+0x1b5/0x230 [ 423.428274] ? rpc_remove_pipe_dir_object+0x6d0/0x6d0 [ 423.433461] ? security_capable+0x8e/0xc0 [ 423.437601] ? rpc_remove_pipe_dir_object+0x6d0/0x6d0 [ 423.442772] ? ns_capable_common+0xcf/0x160 [ 423.447072] ? rpc_remove_pipe_dir_object+0x6d0/0x6d0 [ 423.452240] mount_ns+0xc4/0x190 [ 423.455587] rpc_mount+0x9e/0xd0 [ 423.458931] mount_fs+0x66/0x2d0 [ 423.462274] vfs_kern_mount.part.26+0xc6/0x4a0 [ 423.466834] ? may_umount+0xa0/0xa0 [ 423.470438] ? _raw_read_unlock+0x22/0x30 [ 423.474562] ? __get_fs_type+0x8a/0xc0 [ 423.478426] do_mount+0xea4/0x2bb0 [ 423.481945] ? copy_mount_string+0x40/0x40 [ 423.486159] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 423.491152] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 423.495892] ? retint_kernel+0x10/0x10 [ 423.499758] ? copy_mount_options+0x18b/0x2e0 [ 423.504229] ? copy_mount_options+0x193/0x2e0 [ 423.508697] ? copy_mount_options+0x1f7/0x2e0 [ 423.513167] SyS_mount+0xab/0x120 [ 423.516593] ? copy_mnt_ns+0xb30/0xb30 [ 423.520459] do_syscall_64+0x281/0x940 [ 423.524323] ? vmalloc_sync_all+0x30/0x30 [ 423.528447] ? _raw_spin_unlock_irq+0x27/0x70 [ 423.532916] ? finish_task_switch+0x1c1/0x7e0 [ 423.537386] ? syscall_return_slowpath+0x550/0x550 [ 423.542292] ? syscall_return_slowpath+0x2ac/0x550 [ 423.547197] ? prepare_exit_to_usermode+0x350/0x350 [ 423.552195] ? entry_SYSCALL_64_after_hwframe+0x52/0xb7 [ 423.557539] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 423.562363] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 423.567528] RIP: 0033:0x454e79 [ 423.570692] RSP: 002b:00007fb29f67ac68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 2018/03/31 03:07:59 executing program 5: sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r0 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) r1 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) fchdir(r1) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) getsockopt$inet6_tcp_buf(r0, 0x6, 0xf, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_pid(r3, &(0x7f0000000100)=ANY=[], 0x1023c) fadvise64(r2, 0x0, 0x0, 0x4) ioctl$TUNGETFEATURES(r2, 0x800454cf, &(0x7f00000002c0)) fallocate(r2, 0x0, 0x0, 0xffff) r4 = inotify_init1(0x0) open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) r5 = inotify_init1(0x80800) dup2(r4, r5) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1eec7e667e9c22c674d6eb942b78258369909dc", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000000280)) sendmsg$IPVS_CMD_GET_INFO(r1, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(r2, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(r1, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) ioctl(r0, 0x2285, &(0x7f0000007000)='S') [ 423.578377] RAX: ffffffffffffffda RBX: 00007fb29f67b6d4 RCX: 0000000000454e79 [ 423.585621] RDX: 0000000020000240 RSI: 0000000020026ff8 RDI: 0000000020000280 [ 423.592864] RBP: 000000000072bea0 R08: 0000000020ae2fff R09: 0000000000000000 [ 423.600108] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000014 [ 423.607352] R13: 00000000000003fa R14: 00000000006f8010 R15: 0000000000000035 [ 423.615343] net/sunrpc/rpc_pipe.c: __rpc_create_common failed to allocate inode for dentry gssd 2018/03/31 03:08:00 executing program 2: sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r0 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) r1 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) fchdir(0xffffffffffffffff) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) getsockopt$inet6_tcp_buf(r0, 0x6, 0xf, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_pid(r3, &(0x7f0000000100)=ANY=[], 0x1023c) fadvise64(r2, 0x0, 0x0, 0x4) ioctl$TUNGETFEATURES(r2, 0x800454cf, &(0x7f00000002c0)) fallocate(r2, 0x0, 0x0, 0xffff) r4 = inotify_init1(0x0) open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) r5 = inotify_init1(0x80800) dup2(r4, r5) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1eec7e667e9c22c674d6eb942b78258369909dc", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)) ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000000280)) sendmsg$IPVS_CMD_GET_INFO(r1, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(r1, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) ioctl(r0, 0x2285, &(0x7f0000007000)='S') [ 423.632051] binder: 27249:27267 unknown command 30476 [ 423.648248] binder: 27249:27267 ioctl c0306201 200001c0 returned -22 2018/03/31 03:08:00 executing program 6: sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r0 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) r1 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) fchdir(0xffffffffffffffff) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) getsockopt$inet6_tcp_buf(r0, 0x6, 0xf, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_pid(r3, &(0x7f0000000100)=ANY=[], 0x1023c) fadvise64(r2, 0x0, 0x0, 0x4) ioctl$TUNGETFEATURES(r2, 0x800454cf, &(0x7f00000002c0)) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xffff) r4 = inotify_init1(0x0) open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) r5 = inotify_init1(0x80800) dup2(r4, r5) fstatfs(r4, &(0x7f0000000040)=""/62) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000000280)) sendmsg$IPVS_CMD_GET_INFO(r1, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(r2, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(r1, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) ioctl(r0, 0x2285, &(0x7f0000007000)='S') 2018/03/31 03:08:00 executing program 3: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ppp\x00', 0x40000, 0x0) ioctl$FIONREAD(0xffffffffffffffff, 0x541b, &(0x7f0000000440)) sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r1 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) r2 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) fchdir(0xffffffffffffffff) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) socket(0xf, 0x7, 0x8) getsockopt$inet6_tcp_buf(r1, 0x6, 0xf, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) r4 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_pid(r4, &(0x7f0000000100)=ANY=[], 0x1023c) fadvise64(r3, 0x0, 0x0, 0x4) ioctl$TUNGETFEATURES(r3, 0x800454cf, &(0x7f00000002c0)) fallocate(r3, 0x0, 0x0, 0xffff) r5 = inotify_init1(0x0) open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) getsockopt$inet6_buf(r4, 0x29, 0x2a, &(0x7f0000000580)=""/148, &(0x7f0000000480)=0x94) r6 = inotify_init1(0x80800) dup2(r5, r6) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1eec7e667e9c22c674d6eb942b78258369909dc", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") ioctl$sock_SIOCGPGRP(r4, 0x8904, &(0x7f0000000280)) sendmsg$IPVS_CMD_GET_INFO(r2, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(r3, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}, 0x10}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(r2, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) ioctl(r1, 0x2285, &(0x7f0000007000)='S') 2018/03/31 03:08:00 executing program 1 (fault-call:10 fault-nth:54): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x2800000, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="8da4363a00000000000000000000000000000000000000000000000000000000ecf6f2a3299748aeb81e1b00920efd9a000001000000000001000000000000005f42485266535f4d050000000000000000104000000000000000020000000000000000000000000000000000000000000000800200000000007000000000000006000000000000000100000000000000001000000010000000100000001000006100000004000000000000000000000000000000000000000000000045010000000000000000000000010000000000000000008002000000000000800000000000001000000010000000100000000000000000000000000000000000000000000000000000000000000000c08de47c70514c95b95e109e96a0b90decf6f2a3299748aeb81e1b00920efd9a00", 0x12c, 0x10000}], 0x0, &(0x7f0000014300)) mkdir(&(0x7f0000000040)='./file0\x00', 0x1c1) syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000180)="2f2f66696c653002", 0x80, 0x1, &(0x7f0000000900)=[{&(0x7f0000000400)="726b0bf4cf9ea0007fa7cf2e5c463c327b275b956e7a407a7776f3f680f45f33407d01287d4ef58cd8d319309c29643917d4bc86f568f8852b2e6c7cee837e0715e7aa7f82e970e6d76f2290b63efeed63f0785b36f4e95bdf2f07271dbd7d278d79d59de5", 0x65, 0x4}], 0x240000, &(0x7f0000000a00)={'nouuid,'}) r0 = open(&(0x7f00000002c0)='./file0\x00', 0x0, 0x0) symlinkat(&(0x7f0000000240)='./file0/file0/file0\x00', r0, &(0x7f0000000140)='./file0\x00') ioctl$UFFDIO_UNREGISTER(r0, 0x8010aa01, &(0x7f00000003c0)={&(0x7f0000ffc000/0x1000)=nil, 0x1000}) syz_open_pts(r0, 0x646041) unlinkat(r0, &(0x7f0000000080)='./file0/file0/file0\x00', 0x0) renameat(r0, &(0x7f0000000040)="2f2f66696c653002", 0xffffffffffffffff, &(0x7f0000000100)='./file1\x00') mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f0000000280)='./file0/file0\x00', &(0x7f0000026ff8)='./file0\x00', &(0x7f0000000240)='rpc_pipefs\x00', 0x0, &(0x7f0000ae2fff)) umount2(&(0x7f0000000000)='./file0\x00', 0x0) fcntl$notify(r0, 0x402, 0x1b) symlinkat(&(0x7f0000000800)='./file0\x00', 0xffffffffffffffff, &(0x7f0000000780)='./file0/file0\x00') mkdir(&(0x7f0000000380)='./file0\x00', 0x2) renameat(r0, &(0x7f0000000300)="2f2f66696c653002", 0xffffffffffffffff, &(0x7f0000000340)='./file1\x00') [ 423.688452] net/sunrpc/rpc_pipe.c: rpc_populate failed to populate directory / 2018/03/31 03:08:00 executing program 4: r0 = syz_open_dev$binder(&(0x7f00000004c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) getgroups(0x0, &(0x7f00000000c0)) mmap$binder(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) r1 = getegid() getgroups(0xa, &(0x7f0000000000)=[0x0, 0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0, 0x0]) r3 = accept$inet6(0xffffffffffffff9c, 0x0, &(0x7f00000000c0)) getsockopt$sock_cred(r3, 0x1, 0x11, &(0x7f0000000180), &(0x7f0000000200)=0xc) setgroups(0x2, &(0x7f0000000040)=[r1, r2]) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x74, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0c6300000e630c400300000000000000000000000009631040", @ANYBLOB, @ANYBLOB="000000000000000000634040000000000000000002000000000000000000000001000000000000000000000018000000000000001000000000000000", @ANYPTR=&(0x7f0000000080)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00H\x00\x00\x00\x00\x00\x00\x00'], @ANYRES64, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0xeb, 0x0, &(0x7f00000002c0)="e718c6edde7a3b7c6af63e413cd5ffd2355006b90295e59b944ae30b53c5e0fb06504316e64898a349e3220fa658c2092306f433254289bcf5cf48a952c6e7eb4c54969299c6123213c5518ec0276eec669de3b62c531bcf2ba950c84bb12b57275938926ff74b0a8fe76d6e8de191b41f549e02c8262b5bf0d716c5f23d4dae1e2d8aac7c0b2386ed16e3b0c7fb6e60c5bbd3d1efb87f99573a5ced5b7f13f75995a776f3c7e6ed23b5056ebec90c762d6ebdd8a7de0f61884f12294d1a1a3696ca768758bc197a050a453209d4fe9930a7053742a70a6fe08461645091bc00c6f25addfbc55c3d37fe35"}) 2018/03/31 03:08:00 executing program 5: r0 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) r1 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) fchdir(0xffffffffffffffff) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) getsockopt$inet6_tcp_buf(r0, 0x6, 0xf, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_pid(r3, &(0x7f0000000100)=ANY=[], 0x1023c) fadvise64(r2, 0x0, 0x0, 0x4) ioctl$TUNGETFEATURES(r2, 0x800454cf, &(0x7f00000002c0)) fallocate(r2, 0x0, 0x0, 0xffff) r4 = inotify_init1(0x0) getsockopt(r0, 0x400000000000, 0x4, &(0x7f0000000040)=""/54, &(0x7f0000000440)=0x36) open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) r5 = inotify_init1(0x80800) dup2(r4, r5) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1eec7e667e9c22c674d6eb942b78258369909dc", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000000280)) sendmsg$IPVS_CMD_GET_INFO(r1, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(r2, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(r1, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) ioctl(r0, 0x2285, &(0x7f0000007000)='S') 2018/03/31 03:08:00 executing program 2: sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r0 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) r1 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) fchdir(0xffffffffffffffff) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) getsockopt$inet6_tcp_buf(r0, 0x6, 0xf, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_pid(r3, &(0x7f0000000100)=ANY=[], 0x1023c) fadvise64(r2, 0x0, 0x0, 0x4) ioctl$TUNGETFEATURES(r2, 0x800454cf, &(0x7f00000002c0)) fallocate(r2, 0x0, 0x0, 0xffff) r4 = inotify_init1(0x0) open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) r5 = inotify_init1(0x80800) dup2(r4, r5) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1eec7e667e9c22c674d6eb942b78258369909dc", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)) ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000000280)) sendmsg$IPVS_CMD_GET_INFO(r1, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(r1, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) ioctl(r0, 0x2285, &(0x7f0000007000)='S') 2018/03/31 03:08:00 executing program 7: sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r0 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) r1 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) fchdir(0xffffffffffffffff) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) getsockopt$inet6_tcp_buf(r0, 0x6, 0xf, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) epoll_ctl$EPOLL_CTL_DEL(r2, 0x2, r0) write$cgroup_pid(r3, &(0x7f0000000100)=ANY=[], 0x1023c) fadvise64(r2, 0x0, 0x0, 0x4) ioctl$TUNGETFEATURES(r2, 0x800454cf, &(0x7f00000002c0)) fallocate(r2, 0x0, 0x0, 0xffff) r4 = inotify_init1(0x0) open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) r5 = inotify_init1(0x80800) dup2(r4, r5) fstatfs(r4, &(0x7f0000000040)=""/62) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1eec7e667e9c22c674d6eb942b78258369909dc", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000000280)) sendmsg$IPVS_CMD_GET_INFO(r1, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(r2, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(r1, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) ioctl(r0, 0x2285, &(0x7f0000007000)='S') 2018/03/31 03:08:00 executing program 6: sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r0 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) r1 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) fchdir(0xffffffffffffffff) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) getsockopt$inet6_tcp_buf(r0, 0x6, 0xf, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_pid(r3, &(0x7f0000000100)=ANY=[], 0x1023c) fadvise64(r2, 0x0, 0x0, 0x4) ioctl$TUNGETFEATURES(r2, 0x800454cf, &(0x7f00000002c0)) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xffff) r4 = inotify_init1(0x0) open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) r5 = inotify_init1(0x80800) dup2(r4, r5) fstatfs(r4, &(0x7f0000000040)=""/62) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000000280)) sendmsg$IPVS_CMD_GET_INFO(r1, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(r2, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(r1, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) ioctl(r0, 0x2285, &(0x7f0000007000)='S') [ 423.804911] binder: 27284:27288 BC_REQUEST_DEATH_NOTIFICATION invalid ref 3 [ 423.812113] binder: 27284:27288 unknown command 274925824 [ 423.843108] binder: 27284:27288 ioctl c0306201 200001c0 returned -22 [ 423.888257] binder: 27284:27295 BC_REQUEST_DEATH_NOTIFICATION invalid ref 3 [ 423.895483] binder: 27284:27295 unknown command 274925824 [ 423.918722] binder: 27284:27295 ioctl c0306201 200001c0 returned -22 [ 424.011071] FAULT_INJECTION: forcing a failure. [ 424.011071] name failslab, interval 1, probability 0, space 0, times 0 [ 424.022449] CPU: 1 PID: 27303 Comm: syz-executor1 Not tainted 4.16.0-rc7+ #7 [ 424.029627] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 424.038973] Call Trace: [ 424.041563] dump_stack+0x194/0x24d [ 424.045190] ? arch_local_irq_restore+0x53/0x53 [ 424.049862] should_fail+0x8c0/0xa40 [ 424.053589] ? unwind_next_frame.part.6+0x1a6/0xb40 [ 424.058592] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 424.063690] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 424.068881] ? __lock_acquire+0x664/0x3e00 [ 424.073104] ? find_held_lock+0x35/0x1d0 [ 424.077145] ? __lock_is_held+0xb6/0x140 [ 424.081185] ? check_same_owner+0x320/0x320 [ 424.085480] ? __d_lookup+0x4f4/0x830 [ 424.089256] ? rcu_note_context_switch+0x710/0x710 [ 424.094164] should_failslab+0xec/0x120 [ 424.098115] kmem_cache_alloc+0x47/0x760 [ 424.102168] __d_alloc+0xc1/0xbd0 [ 424.105619] ? shrink_dcache_for_umount+0x290/0x290 [ 424.110618] ? d_alloc_parallel+0x1b40/0x1b40 [ 424.115093] ? lock_release+0xa40/0xa40 [ 424.119042] ? mark_held_locks+0xaf/0x100 [ 424.123164] ? d_lookup+0x133/0x2e0 [ 424.126768] ? d_lookup+0x1d5/0x2e0 [ 424.130374] d_alloc+0x8e/0x340 [ 424.133635] ? __d_alloc+0xbd0/0xbd0 [ 424.137332] ? full_name_hash+0x9b/0xe0 [ 424.141298] __rpc_lookup_create_exclusive+0x183/0x1d0 [ 424.146559] ? down_write+0x87/0x120 [ 424.150257] ? rpc_d_lookup_sb+0x1a0/0x1a0 [ 424.154467] ? down_read+0x150/0x150 [ 424.158156] ? __d_lookup+0x830/0x830 [ 424.161934] rpc_populate.constprop.15+0xa3/0x340 [ 424.166755] rpc_fill_super+0x464/0xae0 [ 424.170713] ? rpc_remove_pipe_dir_object+0x6d0/0x6d0 [ 424.175885] ? security_capable+0x8e/0xc0 [ 424.180010] ? rpc_remove_pipe_dir_object+0x6d0/0x6d0 [ 424.185181] ? ns_capable_common+0xcf/0x160 [ 424.189484] ? rpc_remove_pipe_dir_object+0x6d0/0x6d0 [ 424.194664] mount_ns+0xc4/0x190 [ 424.198006] rpc_mount+0x9e/0xd0 [ 424.201356] mount_fs+0x66/0x2d0 [ 424.204709] vfs_kern_mount.part.26+0xc6/0x4a0 [ 424.209265] ? may_umount+0xa0/0xa0 [ 424.212868] ? _raw_read_unlock+0x22/0x30 [ 424.216988] ? __get_fs_type+0x8a/0xc0 [ 424.220851] do_mount+0xea4/0x2bb0 [ 424.224368] ? copy_mount_string+0x40/0x40 [ 424.228577] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 424.233566] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 424.238310] ? retint_kernel+0x10/0x10 [ 424.242181] ? copy_mount_options+0x18b/0x2e0 [ 424.246652] ? copy_mount_options+0x193/0x2e0 [ 424.251121] ? copy_mount_options+0x1f7/0x2e0 [ 424.255588] SyS_mount+0xab/0x120 [ 424.259017] ? copy_mnt_ns+0xb30/0xb30 [ 424.262890] do_syscall_64+0x281/0x940 [ 424.266756] ? vmalloc_sync_all+0x30/0x30 [ 424.270879] ? syscall_return_slowpath+0x550/0x550 [ 424.275785] ? syscall_return_slowpath+0x2ac/0x550 [ 424.280688] ? prepare_exit_to_usermode+0x350/0x350 [ 424.285681] ? entry_SYSCALL_64_after_hwframe+0x52/0xb7 [ 424.291029] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 424.295858] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 424.301026] RIP: 0033:0x454e79 [ 424.304198] RSP: 002b:00007fb29f67ac68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 424.311895] RAX: ffffffffffffffda RBX: 00007fb29f67b6d4 RCX: 0000000000454e79 [ 424.319148] RDX: 0000000020000240 RSI: 0000000020026ff8 RDI: 0000000020000280 [ 424.326391] RBP: 000000000072bea0 R08: 0000000020ae2fff R09: 0000000000000000 [ 424.333639] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000014 [ 424.340882] R13: 00000000000003fa R14: 00000000006f8010 R15: 0000000000000036 [ 424.348279] net/sunrpc/rpc_pipe.c: rpc_populate failed to populate directory gssd 2018/03/31 03:08:00 executing program 6: sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r0 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) r1 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) fchdir(0xffffffffffffffff) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) getsockopt$inet6_tcp_buf(r0, 0x6, 0xf, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_pid(r3, &(0x7f0000000100)=ANY=[], 0x1023c) fadvise64(r2, 0x0, 0x0, 0x4) ioctl$TUNGETFEATURES(r2, 0x800454cf, &(0x7f00000002c0)) fallocate(0xffffffffffffffff, 0x0, 0x0, 0xffff) r4 = inotify_init1(0x0) open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) r5 = inotify_init1(0x80800) dup2(r4, r5) fstatfs(r4, &(0x7f0000000040)=""/62) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000000280)) sendmsg$IPVS_CMD_GET_INFO(r1, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(r2, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(r1, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) ioctl(r0, 0x2285, &(0x7f0000007000)='S') 2018/03/31 03:08:00 executing program 4: r0 = syz_open_dev$binder(&(0x7f00000004c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) getgroups(0x0, &(0x7f0000000500)) mmap$binder(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x74, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0c6300000e630c40030000000000000000000000056304400000000009631040", @ANYBLOB, @ANYBLOB="000000000000000000634040000000000000000002000000000000000000000001000000000000000000000018000000000000001000000000000000", @ANYPTR=&(0x7f0000000080)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00H\x00\x00\x00\x00\x00\x00\x00'], @ANYRES64, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0xeb, 0x0, &(0x7f00000002c0)="e718c6edde7a3b7c6af63e413cd5ffd2355006b90295e59b944ae30b53c5e0fb06504316e64898a349e3220fa658c2092306f433254289bcf5cf48a952c6e7eb4c54969299c6123213c5518ec0276eec669de3b62c531bcf2ba950c84bb12b57275938926ff74b0a8fe76d6e8de191b41f549e02c8262b5bf0d716c5f23d4dae1e2d8aac7c0b2386ed16e3b0c7fb6e60c5bbd3d1efb87f99573a5ced5b7f13f75995a776f3c7e6ed23b5056ebec90c762d6ebdd8a7de0f61884f12294d1a1a3696ca768758bc197a050a453209d4fe9930a7053742a70a6fe08461645091bc00c6f25addfbc55c3d37fe35"}) r1 = syz_open_dev$amidi(&(0x7f0000000000)='/dev/amidi#\x00', 0x489c, 0x100) ioctl$KDGETKEYCODE(r1, 0x4b4c, &(0x7f0000000180)={0xc, 0x20000000000003f4}) getsockopt$inet_sctp6_SCTP_GET_PEER_ADDRS(r1, 0x84, 0x6c, &(0x7f0000000500)={0x0, 0xf6, "40650d99d99dd1f070900b0972920753d9a1a2a698da7fc4a89e4f7814496686c554d5ea50d035ab84ac43372a22c9c22a2825df8b38ed77029926d39b6afb81a06dbebef972cdbfb685b3c4137922273ca38aaaa93c7d663ffb4fce68741d7bb9d5a756e4c750c676a2540f6d3850d4bbdbc18528dbd79402efbda8facda87107b1d05336d388314a762d65e837fbb2336a95fbeffff6c92ec521cfcecd2022641e7bf39501dbae1bc0c5b9d027ca8b9f2ead684f3de08f57fec2156305122ebd8e96aff7e5f2407b84287990128f35dfa092bc6683292c5d9d3f93e6e4b23b94122ead88c5fd7bbe8335677e2c6767237a1cbb76cc"}, &(0x7f00000000c0)=0xfe) getsockopt$inet_sctp6_SCTP_ASSOCINFO(r1, 0x84, 0x1, &(0x7f0000000480)={r2, 0x2f5, 0x6, 0x3, 0x2}, &(0x7f0000000600)=0x14) getsockopt$inet_sctp_SCTP_PRIMARY_ADDR(r1, 0x84, 0x6, &(0x7f0000000200)={0x0, @in={{0x2, 0x4e21, @loopback=0x7f000001}}}, &(0x7f0000000040)=0x84) setsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r1, 0x84, 0x6, &(0x7f00000003c0)={r3, @in6={{0xa, 0x4e24, 0x31d, @loopback={0x0, 0x1}}}}, 0x84) 2018/03/31 03:08:00 executing program 2: sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r0 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) r1 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) fchdir(0xffffffffffffffff) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) getsockopt$inet6_tcp_buf(r0, 0x6, 0xf, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_pid(r3, &(0x7f0000000100)=ANY=[], 0x1023c) fadvise64(r2, 0x0, 0x0, 0x4) ioctl$TUNGETFEATURES(r2, 0x800454cf, &(0x7f00000002c0)) fallocate(r2, 0x0, 0x0, 0xffff) r4 = inotify_init1(0x0) open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) r5 = inotify_init1(0x80800) dup2(r4, r5) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1eec7e667e9c22c674d6eb942b78258369909dc", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)) ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000000280)) sendmsg$IPVS_CMD_GET_INFO(r1, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(r1, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) ioctl(r0, 0x2285, &(0x7f0000007000)='S') 2018/03/31 03:08:00 executing program 7: sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r0 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) r1 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) fchdir(0xffffffffffffffff) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) getsockopt$inet6_tcp_buf(r0, 0x6, 0xf, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_pid(r3, &(0x7f0000000100)=ANY=[], 0x1023c) fadvise64(r2, 0x0, 0x0, 0x4) ioctl$TUNGETFEATURES(r2, 0x800454cf, &(0x7f00000002c0)) fallocate(r2, 0x0, 0x0, 0xffff) r4 = inotify_init1(0x0) open(&(0x7f0000fa3000)='./file0\x00', 0x80000, 0x0) r5 = inotify_init1(0x80800) dup2(r4, r5) fstatfs(r4, &(0x7f0000000040)=""/62) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1eec7e667e9c22c674d6eb942b78258369909dc", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000000280)) sendmsg$IPVS_CMD_GET_INFO(r1, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(r2, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(r1, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) ioctl(r0, 0x2285, &(0x7f0000007000)='S') 2018/03/31 03:08:00 executing program 5: sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r0 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) r1 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) fchdir(0xffffffffffffffff) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) getsockopt$inet6_tcp_buf(r0, 0x6, 0xf, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_pid(r3, &(0x7f0000000100)=ANY=[], 0x1023c) fadvise64(r2, 0x0, 0x0, 0x4) lstat(&(0x7f0000000040)='./file0\x00', &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0}) getresgid(&(0x7f00000004c0)=0x0, &(0x7f0000000580), &(0x7f00000005c0)) fchown(r1, r4, r5) ioctl$TUNGETFEATURES(r2, 0x800454cf, &(0x7f00000002c0)) fallocate(r2, 0x0, 0x0, 0xffff) r6 = inotify_init1(0x0) open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) r7 = inotify_init1(0x80800) dup2(r6, r7) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1eec7e667e9c22c674d6eb942b78258369909dc", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000000280)) ppoll(&(0x7f0000000600)=[{r2, 0x1009}, {r2, 0xa0}, {r7}, {r3, 0x8}], 0x4, &(0x7f0000000640)={0x0, 0x989680}, &(0x7f0000000680)={0x3}, 0x8) sendmsg$IPVS_CMD_GET_INFO(r1, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(r2, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(r1, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) ioctl(r0, 0x2285, &(0x7f0000007000)='S') 2018/03/31 03:08:00 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x20000, 0x0) read(0xffffffffffffffff, &(0x7f0000ec6000)=""/50, 0x32) r1 = socket$bt_cmtp(0x1f, 0x3, 0x5) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) bind$inet(r2, &(0x7f0000000440)={0x2, 0x4e20, @rand_addr=0x100000000}, 0x10) ioctl$sock_bt_cmtp_CMTPGETCONNINFO(r1, 0x800443d3, &(0x7f0000000080)={{0x6, 0x6, 0xffffffffffffff0b, 0xb73, 0x3ff, 0xfff}, 0xf32, 0x80000001, 0x7}) r3 = syz_open_dev$amidi(&(0x7f00000001c0)='/dev/amidi#\x00', 0x0, 0x0) accept4$vsock_stream(r3, &(0x7f0000000340)={0x28, 0x0, 0xffffffff, @my=0x0}, 0x10, 0x80000) ioctl$SNDRV_TIMER_IOCTL_SELECT(0xffffffffffffffff, 0x40345410, &(0x7f0000000400)={{0x80100000001}}) setsockopt$inet_sctp6_SCTP_DISABLE_FRAGMENTS(r3, 0x84, 0x8, &(0x7f0000000780)=0x6, 0x4) ioctl$SNDRV_TIMER_IOCTL_PARAMS(0xffffffffffffffff, 0x40505412, &(0x7f000001cfb0)={0x0, 0x0, 0x0, 0x0, 0xf}) read(0xffffffffffffffff, &(0x7f0000000200)=""/228, 0xe4) r4 = openat$cuse(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/cuse\x00', 0x400000, 0x0) getsockopt$netrom_NETROM_T1(r4, 0x103, 0x1, &(0x7f0000000600), &(0x7f0000000640)=0x4) ioctl$SNDRV_TIMER_IOCTL_START(0xffffffffffffffff, 0x54a0) ioctl$EVIOCGRAB(r3, 0x40044590, &(0x7f00000000c0)=0x82) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000680)='/dev/vga_arbiter\x00', 0x8000, 0x0) ioctl$KVM_SET_NR_MMU_PAGES(r4, 0xae44, 0x40) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f0000000480)) r5 = dup2(0xffffffffffffffff, r0) r6 = getpgrp(0x0) sendmsg$nl_netfilter(r4, &(0x7f0000000740)={&(0x7f00000006c0)={0x10, 0x0, 0x0, 0x6}, 0xc, &(0x7f0000000700)={&(0x7f0000000a80)=ANY=[@ANYBLOB="e80100000100020029bd7000fcdbdf250f000001d4b40e45b237be3e401b274070fea085089876bee35af40c00d9969b027a9fd2bf06fa8e87ead4c94ef0cd4d08cc03dbb6822c38bde8cec403f632a1296144ba6b7584f14bc05bca2b5dc664a910fa35ac9711e2b97ea3dd8307bb1c15f8da17f67e5c1cd53b9bb946980a4e762d0b138c82a452c671b0f9cd6b57e6f440faaf79111cc2d1d91d0dfe6d83f9d8898288217aab0c6ef710064a18ba0ad02c29e34ac852517d54dac2dabb75e66a7b88299814007a00ff01a0de2bb7ccff4df3a91d26da3502000000000000000000000000000188fba10aee223a1f65c7290799aa4d40b3b3cb696eca8e98dabdb4a1258f6b3da7c76c5eccffd2b35a0ef8bf2d60823742c7d84ed2e615b4e3c64c7bcee8d1199942c1ed0343a3e5387ffd1bc8ca8889bf987c3e796a3ee29efe5ae4cf1aafebb7c8694204c7bef474c0d1c2c7ed90fe5ba8750bbdc733c81e86de67bdecc11888bd9ca0236a0c66109397a1faa61585f25000740008009200d0dc7008c512c81546d98b00000000000000bb7fe211ce4f9b0ae2daa1af3d4d6cf05569dd2f34320909612a862aab0bc472b36bfec967ded97a3a95088d6c9fd2ab786b3d9a8cece6cc0cfd1ec58e5ae93a016f6e5e4403ce7d69d4d63d916e68472895a92bfac19e13e8dd86d9d358", @ANYRES32=r6, @ANYBLOB="44000a00f03ca634fcebbf323202084c87e673b533dab48d97dff2c913d15954324e2eb2760df3789f3b87e7ba4f99f391023a5c6098bc0d8645f6ec1a82f06bc0ae000020002000080087000600000014000200ff0200000000000000000000000000010c0060000400000000000000"], 0x1e8}, 0x1, 0x0, 0x0, 0x40001}, 0x4) bind$bt_l2cap(r5, &(0x7f0000000040)={0x1f, 0x5b91, {0xd, 0x0, 0x0, 0x8006, 0x5, 0x6}, 0x0, 0x5}, 0xe) ioctl$KVM_GET_SUPPORTED_CPUID(r4, 0xc008ae05, &(0x7f00000004c0)=""/243) preadv(r5, &(0x7f00000007c0)=[{&(0x7f0000000140)=""/100, 0x64}, {&(0x7f0000000240)=""/66, 0x42}, {&(0x7f00000002c0)=""/115, 0x73}, {&(0x7f0000000380)=""/71, 0x47}], 0x4, 0x16) 2018/03/31 03:08:00 executing program 3: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ppp\x00', 0x40000, 0x0) ioctl$FIONREAD(r0, 0x541b, &(0x7f0000000440)) sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0), 0x0, &(0x7f00001f9fe0)}, 0x0) r1 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) r2 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) fchdir(0xffffffffffffffff) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) socket(0xf, 0x7, 0x8) getsockopt$inet6_tcp_buf(r1, 0x6, 0xf, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) r4 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_pid(r4, &(0x7f0000000100)=ANY=[], 0x1023c) fadvise64(r3, 0x0, 0x0, 0x4) ioctl$TUNGETFEATURES(r3, 0x800454cf, &(0x7f00000002c0)) fallocate(r3, 0x0, 0x0, 0xffff) r5 = inotify_init1(0x0) open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) getsockopt$inet6_buf(r4, 0x29, 0x2a, &(0x7f0000000580)=""/148, &(0x7f0000000480)=0x94) r6 = inotify_init1(0x80800) dup2(r5, r6) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1eec7e667e9c22c674d6eb942b78258369909dc", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") ioctl$sock_SIOCGPGRP(r4, 0x8904, &(0x7f0000000280)) sendmsg$IPVS_CMD_GET_INFO(r2, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(r3, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}, 0x10}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(r2, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) ioctl(r1, 0x2285, &(0x7f0000007000)='S') 2018/03/31 03:08:00 executing program 1 (fault-call:10 fault-nth:55): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x2800000, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="8da4363a00000000000000000000000000000000000000000000000000000000ecf6f2a3299748aeb81e1b00920efd9a000001000000000001000000000000005f42485266535f4d050000000000000000104000000000000000020000000000000000000000000000000000000000000000800200000000007000000000000006000000000000000100000000000000001000000010000000100000001000006100000004000000000000000000000000000000000000000000000045010000000000000000000000010000000000000000008002000000000000800000000000001000000010000000100000000000000000000000000000000000000000000000000000000000000000c08de47c70514c95b95e109e96a0b90decf6f2a3299748aeb81e1b00920efd9a00", 0x12c, 0x10000}], 0x0, &(0x7f0000014300)) mkdir(&(0x7f0000000040)='./file0\x00', 0x1c1) syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000180)="2f2f66696c653002", 0x80, 0x1, &(0x7f0000000900)=[{&(0x7f0000000400)="726b0bf4cf9ea0007fa7cf2e5c463c327b275b956e7a407a7776f3f680f45f33407d01287d4ef58cd8d319309c29643917d4bc86f568f8852b2e6c7cee837e0715e7aa7f82e970e6d76f2290b63efeed63f0785b36f4e95bdf2f07271dbd7d278d79d59de5", 0x65, 0x4}], 0x240000, &(0x7f0000000a00)={'nouuid,'}) r0 = open(&(0x7f00000002c0)='./file0\x00', 0x0, 0x0) symlinkat(&(0x7f0000000240)='./file0/file0/file0\x00', r0, &(0x7f0000000140)='./file0\x00') ioctl$UFFDIO_UNREGISTER(r0, 0x8010aa01, &(0x7f00000003c0)={&(0x7f0000ffc000/0x1000)=nil, 0x1000}) syz_open_pts(r0, 0x646041) unlinkat(r0, &(0x7f0000000080)='./file0/file0/file0\x00', 0x0) renameat(r0, &(0x7f0000000040)="2f2f66696c653002", 0xffffffffffffffff, &(0x7f0000000100)='./file1\x00') mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f0000000280)='./file0/file0\x00', &(0x7f0000026ff8)='./file0\x00', &(0x7f0000000240)='rpc_pipefs\x00', 0x0, &(0x7f0000ae2fff)) umount2(&(0x7f0000000000)='./file0\x00', 0x0) fcntl$notify(r0, 0x402, 0x1b) symlinkat(&(0x7f0000000800)='./file0\x00', 0xffffffffffffffff, &(0x7f0000000780)='./file0/file0\x00') mkdir(&(0x7f0000000380)='./file0\x00', 0x2) renameat(r0, &(0x7f0000000300)="2f2f66696c653002", 0xffffffffffffffff, &(0x7f0000000340)='./file1\x00') [ 424.484704] binder: 27317:27330 BC_REQUEST_DEATH_NOTIFICATION invalid ref 3 [ 424.493227] FAULT_INJECTION: forcing a failure. [ 424.493227] name failslab, interval 1, probability 0, space 0, times 0 [ 424.504557] CPU: 1 PID: 27326 Comm: syz-executor1 Not tainted 4.16.0-rc7+ #7 [ 424.511740] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 424.521088] Call Trace: [ 424.523686] dump_stack+0x194/0x24d [ 424.527323] ? arch_local_irq_restore+0x53/0x53 [ 424.532005] should_fail+0x8c0/0xa40 [ 424.535719] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 424.540818] ? __lock_is_held+0xb6/0x140 [ 424.544880] ? mark_held_locks+0xaf/0x100 [ 424.549029] ? __raw_spin_lock_init+0x1c/0x100 [ 424.553615] ? find_held_lock+0x35/0x1d0 [ 424.557681] ? __lock_is_held+0xb6/0x140 [ 424.561746] ? check_same_owner+0x320/0x320 [ 424.566065] ? d_alloc+0x269/0x340 [ 424.569601] ? rcu_note_context_switch+0x710/0x710 [ 424.574534] ? lock_release+0xa40/0xa40 [ 424.578513] should_failslab+0xec/0x120 2018/03/31 03:08:00 executing program 3: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ppp\x00', 0x40000, 0x0) ioctl$FIONREAD(r0, 0x541b, &(0x7f0000000440)) sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0), 0x0, &(0x7f00001f9fe0)}, 0x0) r1 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) r2 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) fchdir(0xffffffffffffffff) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) socket(0xf, 0x7, 0x8) getsockopt$inet6_tcp_buf(r1, 0x6, 0xf, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) r4 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_pid(r4, &(0x7f0000000100)=ANY=[], 0x1023c) fadvise64(r3, 0x0, 0x0, 0x4) ioctl$TUNGETFEATURES(r3, 0x800454cf, &(0x7f00000002c0)) fallocate(r3, 0x0, 0x0, 0xffff) r5 = inotify_init1(0x0) open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) getsockopt$inet6_buf(r4, 0x29, 0x2a, &(0x7f0000000580)=""/148, &(0x7f0000000480)=0x94) r6 = inotify_init1(0x80800) dup2(r5, r6) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1eec7e667e9c22c674d6eb942b78258369909dc", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") ioctl$sock_SIOCGPGRP(r4, 0x8904, &(0x7f0000000280)) sendmsg$IPVS_CMD_GET_INFO(r2, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(r3, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}, 0x10}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(r2, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) ioctl(r1, 0x2285, &(0x7f0000007000)='S') 2018/03/31 03:08:00 executing program 6: sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r0 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) r1 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) fchdir(0xffffffffffffffff) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) getsockopt$inet6_tcp_buf(r0, 0x6, 0xf, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_pid(r3, &(0x7f0000000100)=ANY=[], 0x1023c) fadvise64(r2, 0x0, 0x0, 0x4) ioctl$TUNGETFEATURES(r2, 0x800454cf, &(0x7f00000002c0)) fallocate(r2, 0x0, 0x0, 0x0) r4 = inotify_init1(0x0) open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) r5 = inotify_init1(0x80800) dup2(r4, r5) fstatfs(r4, &(0x7f0000000040)=""/62) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000000280)) sendmsg$IPVS_CMD_GET_INFO(r1, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(r2, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(r1, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) ioctl(r0, 0x2285, &(0x7f0000007000)='S') [ 424.582481] kmem_cache_alloc+0x47/0x760 [ 424.586539] ? d_drop+0x51/0x60 [ 424.589816] ? rpc_i_callback+0x30/0x30 [ 424.593785] rpc_alloc_inode+0x1a/0x20 [ 424.597664] alloc_inode+0x65/0x180 [ 424.597845] binder: 27317:27330 Acquire 1 refcount change on invalid ref 0 ret -22 [ 424.601281] new_inode_pseudo+0x69/0x190 [ 424.601293] ? prune_icache_sb+0x1a0/0x1a0 [ 424.601304] ? do_raw_spin_trylock+0x190/0x190 [ 424.601316] ? d_add+0xa70/0xa70 [ 424.601329] new_inode+0x1c/0x40 [ 424.601338] rpc_get_inode+0x20/0x1e0 2018/03/31 03:08:00 executing program 5: sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r0 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) r1 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) fchdir(0xffffffffffffffff) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) getsockopt$inet6_tcp_buf(r0, 0x6, 0xf, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_pid(r3, &(0x7f0000000100)=ANY=[], 0x1023c) fadvise64(r2, 0x0, 0x0, 0x4) ioctl$TUNGETFEATURES(r2, 0x800454cf, &(0x7f00000002c0)) fallocate(r2, 0x0, 0x0, 0xffff) r4 = inotify_init1(0x0) open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) r5 = inotify_init1(0x80800) dup2(r4, r5) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1eec7e667e9c22c674d6eb942b78258369909dc", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000000280)) bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000040)={r1, &(0x7f0000000440)="baf31acee75ec434788c6c1daededb619fbc7bd67378e2e95c61a6785765b274585d3ce5dff9521d88d308d33b751914d5b9963eb5efe216e507911f0fb9445c2ec5828640fc155421b13980ec3f01ab59afb634f3bf46cf226e65f8286f6c543aeed500c1e6cc9e59"}, 0x10) sendmsg$IPVS_CMD_GET_INFO(r1, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(r2, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(r1, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) ioctl(r0, 0x2285, &(0x7f0000007000)='S') 2018/03/31 03:08:01 executing program 2: sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r0 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) r1 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) fchdir(0xffffffffffffffff) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) getsockopt$inet6_tcp_buf(r0, 0x6, 0xf, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_pid(r3, &(0x7f0000000100)=ANY=[], 0x1023c) fadvise64(r2, 0x0, 0x0, 0x4) ioctl$TUNGETFEATURES(r2, 0x800454cf, &(0x7f00000002c0)) fallocate(r2, 0x0, 0x0, 0xffff) r4 = inotify_init1(0x0) open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) r5 = inotify_init1(0x80800) dup2(r4, r5) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1eec7e667e9c22c674d6eb942b78258369909dc", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74d") ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000000280)) sendmsg$IPVS_CMD_GET_INFO(r1, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(r1, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) ioctl(r0, 0x2285, &(0x7f0000007000)='S') [ 424.601347] __rpc_create_common+0x5d/0x1d0 [ 424.601353] ? __d_lookup+0x830/0x830 [ 424.601363] rpc_populate.constprop.15+0x1ad/0x340 [ 424.601376] rpc_fill_super+0x464/0xae0 [ 424.601388] ? rpc_remove_pipe_dir_object+0x6d0/0x6d0 [ 424.609108] binder: 27317:27330 BC_ACQUIRE_DONE u0000000000000000 no match [ 424.613127] ? security_capable+0x8e/0xc0 [ 424.613138] ? rpc_remove_pipe_dir_object+0x6d0/0x6d0 [ 424.613147] ? ns_capable_common+0xcf/0x160 [ 424.613159] ? rpc_remove_pipe_dir_object+0x6d0/0x6d0 [ 424.617385] binder: 27317:27330 unknown command 0 [ 424.621926] mount_ns+0xc4/0x190 [ 424.621938] rpc_mount+0x9e/0xd0 [ 424.621948] mount_fs+0x66/0x2d0 [ 424.691053] binder: 27317:27330 ioctl c0306201 200001c0 returned -22 [ 424.691793] vfs_kern_mount.part.26+0xc6/0x4a0 [ 424.691806] ? may_umount+0xa0/0xa0 [ 424.709829] ? _raw_read_unlock+0x22/0x30 [ 424.713973] ? __get_fs_type+0x8a/0xc0 [ 424.717854] do_mount+0xea4/0x2bb0 [ 424.721392] ? copy_mount_string+0x40/0x40 [ 424.725623] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 424.730638] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 424.735397] ? retint_kernel+0x10/0x10 [ 424.739284] ? copy_mount_options+0x18b/0x2e0 [ 424.743772] ? copy_mount_options+0x193/0x2e0 [ 424.748267] ? copy_mount_options+0x1f7/0x2e0 [ 424.752757] SyS_mount+0xab/0x120 [ 424.756203] ? copy_mnt_ns+0xb30/0xb30 [ 424.760088] do_syscall_64+0x281/0x940 [ 424.763967] ? vmalloc_sync_all+0x30/0x30 [ 424.768110] ? _raw_spin_unlock_irq+0x27/0x70 [ 424.772605] ? finish_task_switch+0x1c1/0x7e0 [ 424.777094] ? syscall_return_slowpath+0x550/0x550 [ 424.782016] ? syscall_return_slowpath+0x2ac/0x550 [ 424.786937] ? prepare_exit_to_usermode+0x350/0x350 [ 424.791950] ? entry_SYSCALL_64_after_hwframe+0x52/0xb7 [ 424.797305] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 424.802144] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 424.807320] RIP: 0033:0x454e79 [ 424.810498] RSP: 002b:00007fb29f67ac68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 424.818202] RAX: ffffffffffffffda RBX: 00007fb29f67b6d4 RCX: 0000000000454e79 [ 424.825464] RDX: 0000000020000240 RSI: 0000000020026ff8 RDI: 0000000020000280 2018/03/31 03:08:01 executing program 2: sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r0 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) r1 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) fchdir(0xffffffffffffffff) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) getsockopt$inet6_tcp_buf(r0, 0x6, 0xf, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_pid(r3, &(0x7f0000000100)=ANY=[], 0x1023c) fadvise64(r2, 0x0, 0x0, 0x4) ioctl$TUNGETFEATURES(r2, 0x800454cf, &(0x7f00000002c0)) fallocate(r2, 0x0, 0x0, 0xffff) r4 = inotify_init1(0x0) open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) r5 = inotify_init1(0x80800) dup2(r4, r5) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1eec7e667e9c22c674d6eb942b78258369909dc", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74d") ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000000280)) sendmsg$IPVS_CMD_GET_INFO(r1, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(r1, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) ioctl(r0, 0x2285, &(0x7f0000007000)='S') 2018/03/31 03:08:01 executing program 5: sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r0 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) r1 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) fchdir(0xffffffffffffffff) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) getsockopt$inet6_tcp_buf(r0, 0x6, 0xf, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_pid(r3, &(0x7f0000000100)=ANY=[], 0x1023c) fadvise64(r2, 0x0, 0x0, 0x4) ioctl$TUNGETFEATURES(r2, 0x800454cf, &(0x7f00000002c0)) fallocate(r2, 0x0, 0x0, 0xffff) r4 = inotify_init1(0x0) r5 = open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) dup2(r4, r5) r6 = socket$alg(0x26, 0x5, 0x0) bind$alg(r6, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'cryptd(sha3-384-generic)\x00'}, 0x58) r7 = accept$alg(r6, 0x0, 0x0) sendmmsg$alg(r7, &(0x7f0000000f40)=[{0x0, 0x0, &(0x7f0000000640), 0x107, &(0x7f0000000680)}], 0xc95d03eb8aea92df, 0x0) r8 = inotify_init1(0x80800) fcntl$getownex(r4, 0x10, &(0x7f0000000040)={0x0, 0x0}) timer_create(0x2, &(0x7f0000000440)={0x0, 0x22, 0x2, @tid=r9}, &(0x7f0000000480)) dup2(r4, r8) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1eec7e667e9c22c674d6eb942b78258369909dc", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000000280)) sendmsg$IPVS_CMD_GET_INFO(r1, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(r2, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(r3, 0x8922, &(0x7f00000004c0)={'\x00', 0x80000001}) 2018/03/31 03:08:01 executing program 2: sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r0 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) r1 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) fchdir(0xffffffffffffffff) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) getsockopt$inet6_tcp_buf(r0, 0x6, 0xf, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_pid(r3, &(0x7f0000000100)=ANY=[], 0x1023c) fadvise64(r2, 0x0, 0x0, 0x4) ioctl$TUNGETFEATURES(r2, 0x800454cf, &(0x7f00000002c0)) fallocate(r2, 0x0, 0x0, 0xffff) r4 = inotify_init1(0x0) open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) r5 = inotify_init1(0x80800) dup2(r4, r5) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1eec7e667e9c22c674d6eb942b78258369909dc", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74d") ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000000280)) sendmsg$IPVS_CMD_GET_INFO(r1, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(r1, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) ioctl(r0, 0x2285, &(0x7f0000007000)='S') 2018/03/31 03:08:01 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x20000, 0x0) r1 = syz_open_dev$sndtimer(&(0x7f00000000c0)='/dev/snd/timer\x00', 0x0, 0x0) read(r1, &(0x7f0000ec6000)=""/50, 0x32) r2 = socket$bt_cmtp(0x1f, 0x3, 0x5) ioctl$sock_bt_cmtp_CMTPGETCONNINFO(r2, 0x800443d3, &(0x7f0000000080)={{0x6, 0x6, 0xffffffffffffff0b, 0xb73, 0x3ff, 0xfff}, 0xf32, 0x80000001, 0x7}) r3 = syz_open_dev$amidi(&(0x7f00000001c0)='/dev/amidi#\x00', 0x0, 0x0) accept4$vsock_stream(r3, &(0x7f0000000340)={0x28, 0x0, 0xffffffff, @my=0x0}, 0x10, 0x80000) ioctl$SNDRV_TIMER_IOCTL_SELECT(r1, 0x40345410, &(0x7f0000000400)={{0x80100000001}}) ioctl$SNDRV_TIMER_IOCTL_PARAMS(r1, 0x40505412, &(0x7f000001cfb0)={0x0, 0x0, 0x0, 0x0, 0xf}) read(r1, &(0x7f0000000200)=""/228, 0xe4) r4 = openat$cuse(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/cuse\x00', 0x400000, 0x0) getsockopt$netrom_NETROM_T1(r4, 0x103, 0x1, &(0x7f0000000600), &(0x7f0000000640)=0x4) ioctl$SNDRV_TIMER_IOCTL_START(r4, 0x54a0) socket$nl_xfrm(0x10, 0x3, 0x6) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000680)='/dev/vga_arbiter\x00', 0x8000, 0x0) ioctl$KVM_SET_NR_MMU_PAGES(r4, 0xae44, 0x40) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f0000000480)) r5 = dup2(0xffffffffffffffff, r0) bind$bt_l2cap(r5, &(0x7f0000000040)={0x1f, 0x5b91, {0xd, 0x0, 0x0, 0x8006, 0x5, 0x6}, 0x0, 0x5}, 0xe) preadv(r5, &(0x7f00000007c0)=[{&(0x7f0000000140)=""/100, 0x64}, {&(0x7f0000000240)=""/66, 0x42}, {&(0x7f00000002c0)=""/115, 0x73}, {&(0x7f0000000380)=""/71, 0x47}], 0x4, 0x16) [ 424.832725] RBP: 000000000072bea0 R08: 0000000020ae2fff R09: 0000000000000000 [ 424.839984] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000014 [ 424.847246] R13: 00000000000003fa R14: 00000000006f8010 R15: 0000000000000037 [ 424.854703] net/sunrpc/rpc_pipe.c: __rpc_create_common failed to allocate inode for dentry clntXX [ 424.916418] binder: 27317:27330 BC_REQUEST_DEATH_NOTIFICATION invalid ref 3 [ 424.936856] binder: 27317:27330 Acquire 1 refcount change on invalid ref 0 ret -22 [ 424.944705] binder: 27317:27330 BC_ACQUIRE_DONE u0000000000000000 no match [ 424.951765] binder: 27317:27330 unknown command 0 [ 424.982559] binder: 27317:27330 ioctl c0306201 200001c0 returned -22 [ 424.989467] net/sunrpc/rpc_pipe.c: rpc_populate failed to populate directory gssd 2018/03/31 03:08:02 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x20000, 0x0) r1 = syz_open_dev$sndtimer(&(0x7f00000000c0)='/dev/snd/timer\x00', 0x0, 0x0) read(r1, &(0x7f0000ec6000)=""/50, 0x32) r2 = socket$bt_cmtp(0x1f, 0x3, 0x5) ioctl$sock_bt_cmtp_CMTPGETCONNINFO(r2, 0x800443d3, &(0x7f0000000080)={{0x6, 0x6, 0xffffffffffffff0b, 0xb73, 0x3ff, 0xfff}, 0xf32, 0x80000001, 0x7}) pipe2(&(0x7f0000000440)={0xffffffffffffffff}, 0x84000) sendmsg$nfc_llcp(r3, &(0x7f00000009c0)={&(0x7f00000004c0)={0x27, 0x1, 0x1, 0x7, 0x5, 0x3, "47eb90efab36dc4dfee70f189876bc8a1efe6e723251801d88e465fbecf490ba54dfc5d27224edac9f672959bf8400301b7bf4345cb335dc01e88d17012158", 0x3e}, 0x60, &(0x7f0000000580)=[{&(0x7f00000006c0)="de1cc29fc6b564f15f8539946d666f803d712565ca27c5e94d181982b63fe9d99d26a1ccd74ea3f1ec7d2530b06b9971e9ee355fe4aba5736ad2b4b94e6dc79588015d5ea4acddbcab82f3ce5dbd98ce2831c156c1069fd9c3519308e8de52c4db55eab18c1826ecc3db37b11059f661967c6b4d72d59f343f3e81ad20261907d2f7750e4b4237f7f409b32d4de50e281f53a00e4f30f682edb7554b90b700425b36b15154efc44a74d21c389523b938dc163b38b59cc12c8f47fb1617d46313d7fc5842014361551a6bf8506699a7508bd97396bfd37d2f82e80c3df56a22332755be261e", 0xe5}, {&(0x7f0000000540)="38777291074543", 0x7}, {&(0x7f0000000800)="1b0f03ea39fcb491dd495e8739ea72f64951fc5302d1fdc9ef72f516a191dbc9628a42925ea2afd0d7d6167f2668b434817134115ddb2e64fb6dbfd4029950b828383184a779fde13e596d7b9a", 0x4d}, {&(0x7f0000000880)="cda3f2f8978a6bd5517f2e4467254d362f74627c97f4ad39495bfe2d6b399a5825ba0efecd53dfcb2e33ac8b9478573d97c7a9d353866355b85a2c225f47ba84f023358f532af8af738d5017e3b7ee7b5246aabcba2e1b2ca26205cad0a2b102d9d9e17c04b381ddc223cce30c188f04f3eb785d8c875754f1ce4f1ca529421bfc51e704b1a464882e46c121b7caa91d851214807d1368dc2c17", 0x9a}], 0x4, &(0x7f0000000940)={0x70, 0x116, 0xd02, "4d7f51f3c335a658d28fd1a75059b8195b27dfa2153c214298face042bab1a63519f2c5ba4256408cb82340962d3f4a98844b48061a04d7ddfdab071a2db081a2dcdcf454949d0a7853d19e66d2106ee958244c13f31f8ef45f01f"}, 0x70, 0x40000}, 0x8091) r4 = syz_open_dev$amidi(&(0x7f00000001c0)='/dev/amidi#\x00', 0x0, 0x0) accept4$vsock_stream(r4, &(0x7f0000000340)={0x28, 0x0, 0xffffffff, @my=0x0}, 0x10, 0x80000) ioctl$SNDRV_TIMER_IOCTL_SELECT(r1, 0x40345410, &(0x7f0000000400)={{0x80100000001}}) ioctl$SNDRV_TIMER_IOCTL_PARAMS(r1, 0x40505412, &(0x7f000001cfb0)={0x0, 0x0, 0x0, 0x0, 0xf}) read(r1, &(0x7f0000000200)=""/228, 0xe4) r5 = openat$cuse(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/cuse\x00', 0x400000, 0x0) getsockopt$netrom_NETROM_T1(r5, 0x103, 0x1, &(0x7f0000000600), &(0x7f0000000640)=0x4) ioctl$SNDRV_TIMER_IOCTL_START(r1, 0x54a0) socket$nl_xfrm(0x10, 0x3, 0x6) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000680)='/dev/vga_arbiter\x00', 0x8000, 0x0) ioctl$KVM_SET_NR_MMU_PAGES(r5, 0xae44, 0x40) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f0000000480)) syz_open_dev$sndtimer(&(0x7f0000000a00)='/dev/snd/timer\x00', 0x0, 0x24c42) r6 = dup2(0xffffffffffffffff, r0) bind$bt_l2cap(r6, &(0x7f0000000040)={0x1f, 0x5b91, {0xd, 0x0, 0x0, 0x8006, 0x5, 0x6}, 0x0, 0x5}, 0xe) preadv(r6, &(0x7f00000007c0)=[{&(0x7f0000000140)=""/100, 0x64}, {&(0x7f0000000240)=""/66, 0x42}, {&(0x7f00000002c0)=""/115, 0x73}, {&(0x7f0000000380)=""/71, 0x47}], 0x4, 0x16) 2018/03/31 03:08:02 executing program 1 (fault-call:10 fault-nth:56): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x2800000, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="8da4363a00000000000000000000000000000000000000000000000000000000ecf6f2a3299748aeb81e1b00920efd9a000001000000000001000000000000005f42485266535f4d050000000000000000104000000000000000020000000000000000000000000000000000000000000000800200000000007000000000000006000000000000000100000000000000001000000010000000100000001000006100000004000000000000000000000000000000000000000000000045010000000000000000000000010000000000000000008002000000000000800000000000001000000010000000100000000000000000000000000000000000000000000000000000000000000000c08de47c70514c95b95e109e96a0b90decf6f2a3299748aeb81e1b00920efd9a00", 0x12c, 0x10000}], 0x0, &(0x7f0000014300)) mkdir(&(0x7f0000000040)='./file0\x00', 0x1c1) syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000180)="2f2f66696c653002", 0x80, 0x1, &(0x7f0000000900)=[{&(0x7f0000000400)="726b0bf4cf9ea0007fa7cf2e5c463c327b275b956e7a407a7776f3f680f45f33407d01287d4ef58cd8d319309c29643917d4bc86f568f8852b2e6c7cee837e0715e7aa7f82e970e6d76f2290b63efeed63f0785b36f4e95bdf2f07271dbd7d278d79d59de5", 0x65, 0x4}], 0x240000, &(0x7f0000000a00)={'nouuid,'}) r0 = open(&(0x7f00000002c0)='./file0\x00', 0x0, 0x0) symlinkat(&(0x7f0000000240)='./file0/file0/file0\x00', r0, &(0x7f0000000140)='./file0\x00') ioctl$UFFDIO_UNREGISTER(r0, 0x8010aa01, &(0x7f00000003c0)={&(0x7f0000ffc000/0x1000)=nil, 0x1000}) syz_open_pts(r0, 0x646041) unlinkat(r0, &(0x7f0000000080)='./file0/file0/file0\x00', 0x0) renameat(r0, &(0x7f0000000040)="2f2f66696c653002", 0xffffffffffffffff, &(0x7f0000000100)='./file1\x00') mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f0000000280)='./file0/file0\x00', &(0x7f0000026ff8)='./file0\x00', &(0x7f0000000240)='rpc_pipefs\x00', 0x0, &(0x7f0000ae2fff)) umount2(&(0x7f0000000000)='./file0\x00', 0x0) fcntl$notify(r0, 0x402, 0x1b) symlinkat(&(0x7f0000000800)='./file0\x00', 0xffffffffffffffff, &(0x7f0000000780)='./file0/file0\x00') mkdir(&(0x7f0000000380)='./file0\x00', 0x2) renameat(r0, &(0x7f0000000300)="2f2f66696c653002", 0xffffffffffffffff, &(0x7f0000000340)='./file1\x00') 2018/03/31 03:08:02 executing program 4: r0 = syz_open_dev$binder(&(0x7f00000004c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) getgroups(0x0, &(0x7f0000000500)) mmap$binder(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x398, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0c6300000e630c40030000000000000000000000056304400000000009631040", @ANYBLOB, @ANYBLOB="000000000000000000634040000000000000000002000000000000000000000001000000000000000000000018000000000000001000000000000000", @ANYPTR=&(0x7f0000000080)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00H\x00\x00\x00\x00\x00\x00\x00'], @ANYRES64, @ANYBLOB="0000770000fd0000"], 0xeb, 0x0, &(0x7f00000002c0)="e718c6edde7a3b7c6af63e413cd5ffd2355006b90295e59b944ae30b53c5e0fb06504316e64898a349e3220fa658c2092306f433254289bcf5cf48a952c6e7eb4c54969299c6123213c5518ec0276eec669de3b62c531bcf2ba950c84bb12b57275938926ff74b0a8fe76d6e8de191b41f549e02c8262b5bf0d716c5f23d4dae1e2d8aac7c0b2386ed16e3b0c7fb6e60c5bbd3d1efb87f99573a5ced5b7f13f75995a776f3c7e6ed23b5056ebec90c762d6ebdd8a7de0f61884f12294d1a1a3696ca768758bc197a050a453209d4fe9930a7053742a70a6fe08461645091bc00c6f25addfbc55c3d37fe35"}) 2018/03/31 03:08:02 executing program 2: sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r0 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) r1 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) fchdir(0xffffffffffffffff) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) getsockopt$inet6_tcp_buf(r0, 0x6, 0xf, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_pid(r3, &(0x7f0000000100)=ANY=[], 0x1023c) fadvise64(r2, 0x0, 0x0, 0x4) ioctl$TUNGETFEATURES(r2, 0x800454cf, &(0x7f00000002c0)) fallocate(r2, 0x0, 0x0, 0xffff) r4 = inotify_init1(0x0) open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) r5 = inotify_init1(0x80800) dup2(r4, r5) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1eec7e667e9c22c674d6eb942b78258369909dc", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000280)) sendmsg$IPVS_CMD_GET_INFO(r1, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(r1, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) ioctl(r0, 0x2285, &(0x7f0000007000)='S') 2018/03/31 03:08:02 executing program 3: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ppp\x00', 0x40000, 0x0) ioctl$FIONREAD(r0, 0x541b, &(0x7f0000000440)) sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0), 0x0, &(0x7f00001f9fe0)}, 0x0) r1 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) r2 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) fchdir(0xffffffffffffffff) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) socket(0xf, 0x7, 0x8) getsockopt$inet6_tcp_buf(r1, 0x6, 0xf, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) r4 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_pid(r4, &(0x7f0000000100)=ANY=[], 0x1023c) fadvise64(r3, 0x0, 0x0, 0x4) ioctl$TUNGETFEATURES(r3, 0x800454cf, &(0x7f00000002c0)) fallocate(r3, 0x0, 0x0, 0xffff) r5 = inotify_init1(0x0) open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) getsockopt$inet6_buf(r4, 0x29, 0x2a, &(0x7f0000000580)=""/148, &(0x7f0000000480)=0x94) r6 = inotify_init1(0x80800) dup2(r5, r6) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1eec7e667e9c22c674d6eb942b78258369909dc", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") ioctl$sock_SIOCGPGRP(r4, 0x8904, &(0x7f0000000280)) sendmsg$IPVS_CMD_GET_INFO(r2, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(r3, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}, 0x10}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(r2, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) ioctl(r1, 0x2285, &(0x7f0000007000)='S') 2018/03/31 03:08:02 executing program 7: sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r0 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) r1 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) fchdir(0xffffffffffffffff) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) getsockopt$inet6_tcp_buf(r0, 0x6, 0xf, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_pid(r3, &(0x7f0000000100)=ANY=[], 0x1023c) fadvise64(r2, 0x0, 0x0, 0x4) ioctl$TUNGETFEATURES(r2, 0x800454cf, &(0x7f00000002c0)) fallocate(r2, 0x0, 0x0, 0xffff) r4 = inotify_init1(0x0) open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) inotify_init1(0x80800) ioctl$GIO_SCRNMAP(r0, 0x4b40, &(0x7f0000000580)=""/147) r5 = dup2(r4, r1) fstatfs(r4, &(0x7f0000000040)=""/62) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1eec7e667e9c22c674d6eb942b78258369909dc", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000000280)) sendmsg$IPVS_CMD_GET_INFO(r1, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(r2, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) getsockopt$inet_sctp_SCTP_PR_ASSOC_STATUS(r1, 0x84, 0x73, &(0x7f0000000440)={0x0, 0xb77, 0x20, 0x5, 0x1}, &(0x7f0000000480)=0x18) setsockopt$inet_sctp_SCTP_RESET_STREAMS(r5, 0x84, 0x77, &(0x7f00000004c0)={r6, 0x4, 0x1, [0x0]}, 0xa) ioctl$SIOCSIFMTU(r1, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) ioctl(r0, 0x2285, &(0x7f0000007000)='S') 2018/03/31 03:08:02 executing program 5: sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r0 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) r1 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) fchdir(0xffffffffffffffff) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) getsockopt$inet6_tcp_buf(r0, 0x6, 0xf, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) syz_mount_image$minix(&(0x7f0000000440)='minix\x00', &(0x7f0000000480)='./file0\x00', 0x8000, 0x7, &(0x7f0000003880)=[{&(0x7f0000000580)="c69affbac87b9bbeacd5dd9ac46d44444d6d75d74bfa712756e1b512d1ee9e2ea2e77e09587adca37a916bb472514ecfb451d6f69740bbcb45cccbb71ac6ab4581d28d31072bdf9af8f37c86fafbbf3bcc1d28d4b44b1ce078b78661554f3f8fb1a4baed30fe820a63d6daf58f61bba9852ca664c0056ff268fa87c08ffd8311b6bc3d299532173d20439453ba6c152df9b3da58d2a21e37abf7bf6e3bfe6f800a5312808585eed0042ee2d4b783fb83a4f6a1542f9f4a39f54c9ead2d8a43753a21048a1efbddca767d900f0c6b6accc6a8d6469a1e3de3b77eba4369aa1990eb223c3dac4e5a30fc0d58bfac927f424e4f", 0xf2, 0x7a}, {&(0x7f0000000680)="d6e0d6cbad112ee946074a795cc555e391391c69cb8b8aa8f20a18161ab4357fe706b09171b5a8f018e83bcfe66050b45042c90ed6f0920c30cabe2337f1b8e0f93e3a2781641f54914baca4dc7e3356159de08a0f9f0ceb8c804bd6123e5f2d6b08f217aa9e162dbde44f8bbf95c26213e807cda6a44125fc172916dd7b5d815faefd639d31c299025ffbfebb5ed47fdf8e51af0d3d5512ea02ab1c7313527464468d3b58552fa40d890f0696de7e7b192ed33426dfed5e8d01558546d59ca2879b81b2ae", 0xc5, 0x1}, {&(0x7f00000004c0)="307e59443a62fafbf2d4920d1d1a12446de8ae2c74755041ce91b0c0800fb1b26a2a7afcb71b123d1fffe3", 0x2b, 0x8}, {&(0x7f0000000780)="3ac2a0cc01528d0948578604e364e56d69c3da2190d6c9843ebdaffe1c4cac156b6998ae32b5b1a7b89157a81a298cabe1deaf9b0c81f7d1740cdd796b93d277d36df502c9520696f84b9e38db2dd4524cb01af33b6e8cea66fe9276a7f0711b0d797fa007f2163a7cd5390ba555fce694bf133cc83076375bf70b8c0408dec1b215767875e4d7a6fc488cbf2f559105ba580cc835d1ff4c335182989099a0b6ca002b9f36fa54fdf58f0fe244f22e8bb76b07cffa5e424c7625735778c1d52ce70e9505dc6e7d12c3d883a74cbe00d890aaac769717fd3c5c331ea50342119a23e753cbfaf2f87f038a4f4a47b0455caa09f1", 0xf3, 0x8}, {&(0x7f0000000880)="8a649bd8e153d1a1d672bc255610aca009365d6d715812c33ef083a0b8d5898ced4d275913032fa75e0f78cebd610df978deb4893a478ae0e1e728bd3f201b737f392deeb547c98f995c6ade762c10625f2e19b717e12da7d07a4ec275e586d8469a818efa9f16546b75f0d3113a39fb95e8d97ef269cde1625d11da245ce1c6077d2c16bd6b179bca3efb4378c1e8ec04e8247440d8c52203c9c6bb3ef3ae978f55bd8aed78c9f77239060670f980b052a614e43d3e7d34fd57403d1785639c017a9c6390c840c9169973d8ec76ecea8d53313bc84c94c1aa71a9ede43c24b705fe7fbe75d4de53ed2b0c25957b9b6e1fcd2005fe40ccf9f866335a4ca205bc589c394df3ccb870fd7d5607546b16ac2b2e7124e7e8e9af1f518bebf88a378c8d68c45fc3f69fe760e0781f216b837a8b8ccf3384448289eb987273caaf35a00796f9c6cea830380c555d79ff0eb1cc34ff49dea11f72448b50777c1c962bf4ad4c1aecda0b1bef489c7ba0507f2edd5e4b7ee5736709d92e8d05c79d9678f7ab9304252a08d537791090c68bcc15731db09855a3684df54a654b7c3a4a35f4ca7e54b746b7ac3217069319c2d5ebf935c730ea5f40c57911667475935a5f7f42c94e0455584bf6b49e5f3354510239d60d20f160765c00dd5361a34e24d2e4f619583a1a89ffa93823e68ec48b396d43c52dd4507b8f3660b560dd24e1aeecf0b85db9a5b50bcd24989d2dae4a9795cb3be12b7b7e842477cd77b549a1e23b2082a733f913cff845252efa690b4e0f0f35b4825f9b874994d778901c5ec7b798319012441f6769ddb793646b4ab3bfef52ddaa0c2a53392ace1d8d36560a3c31cfd72b3272c148b64875ce8dc936352a0bb98b44eccf5ae0cc3c3476d90b1b2b86a591e9a20e67e9a75cc328ab90f0d55f1d3f6db4e8b61ea2cecfe7a73f94ad4b9e4d9c6cf8e652b544c1a84bac9523e3356c99745f7cad66c808fe49ad3294b7552b89759430ef013a86afcd56f4671c47406e2339ad54c678838f351809b70224dd5c7712263fd896da643710d7cc1a8d9912dfab0273fede24817223c8c2004f1b4d1a73027066bcd1d7a5910093049c9af722e9082464d5b4b312e6980f679f71f3bc489abeeaa5642b368b708f51bd6f7f8dd57a69ee1212378dc2530d8ff42a573dee7474a0fc0d0bb7cce684b8368f5311185fcf1111e00771060b5c28a0d177c59a51b780d572f94c03356aa2f4bf131c22e19942336e59c555c49eef6a7d82e4d42f3b59eb5e9ffa5497a8fbba29d66b2cfa005b1a27735d4b9786cf26ebe79dedf50c7b1bcdde99747493f72a406c0eb08336c9326057d43f5ae13dcf1077b463a818280618872d270c7d139cc892924fc3bef5c8d71c27c401886c417249445ab3bee48c044fa4a936ba4f58c746aa6d5c8c8a55d0259a2bda5521d2d450be12c3080618a1f96d6c598ff3eaaf5b12948468e5db4f2c3624d4cae209f1f343199ea683972906b54cbda53059ffe850bc25ee1f8df389fe1a8189e88bd7f97f360d9d4f7cd79e70fa06183b6445a6e6744f2ad57e20eebaa4bd9ee272db445ede3cf86d3fc02a9e06d2473d541c50fbe9111e2e361e13dc8823b711d5edd3e3156706c83d9c7aa7d564f95271ca18092d6807b3e908bd66b2edc9380efe493ed509b294c08671261c3be9647932153ad718c32a095224e8d5a5446a225db22e5767ccac98c0298e0a6a659bc914fc470f4474555d7df29349539323a5866ba1fa386a1ab9f082ac179961a5abae2731fa78558cb474ac8f385781589cf5333e90bf12d04cfe1bd22f4ebe8b8d6b48b03bbf29d00e17eba79f0110e51e7424f0438385a26b8a1c822b8bf0112378142df16d641f07275f1ebf03c0c90db676fa77fbfd84faf22a99d5e79c17819eb7a481aa0b7c74fe49c138bd066756b15f19e9e5b5e6a655c680ba38c23a7d6afe2d6603a1cd21f2d21137163ae6ae47d89896a7fcc39361549f4c18747581557ba85d7f5618da74293cfae3f4ee7dc908077da20903c1f5c0894d37a6ffc76110629ea41bc474c7f7783279648a36f1f7b08c8e98999c039e271d4048392a3679d50ff1a9ff1bf1857e53a859d0184bf8d1774a9d60b4fc78462bf14f4d4d7bf1989cfb9485412c4dce449e698790934c142707f47159920d2104cb4eac990904e4c2c7884530a4d25b2c118c8e9b0520ac5854e830e9964412b41d14adaeb10774b301794e7a88b1e084b4f731846cbc6fe0af52f12456cb0955795318915460e357038653551f8c56742a086eecd25cc9688ab0241d6e6bb51ac8b1f116b1c4f49e51ca9136d28cea54851acc2c71ae17cb0d8739f727a71fcedc4693e6969795bd84c789b71c606f20d600004d7ad4b2b5faced3ef78e52442131e583323b07d56a7778724afaf6547eb1a18db0bbfee9f96115a849e66fe4b7ab7b8a686ece1c2aabdceb8afdf274bd5521e26fd1a8e3c16b9e69b95995ae34cfbcb9b3155263a7efe876971632a33f4295d4c96b9c6a24e90540cb2536a0a2e03e3baa6ce232ceb31fdc47d7be2c7493671094b375b4c8e7321055a32ddc592ad56a2984c2ff0cda945aedb2a8d664840b9331a5202ad1e1c323efd34c97ae559a3e0ab9db7e7363b0665d0e60461d7d2f00dc593f0a369d3d25171f1bba533b595d935829888925bbf3b08150bb72badcf653ba1087824f4351b5255b77645963e44419e9f84302c8e60574666228fa654495d910e91bb09c27ce2b63556bdee819e041f565cc17643d2393a1ee2497b740a923d99620c8e1edcea306a9d09269883d93926f24064334c57af9d15856065007e1f8289be6d51300d4e2b3fc04ad373a2a5780d932f945bc5d2933ed73b7894a438d2c84382bf7d29fbb161d9f4f1be5cf8576bbd13041c042a86e46eb839d4b2565ab2c584ce0063a599230f8261a88320474cf58d8f128bd885851e63c6a19b69c3798e2e5e422621557eb5958d3525b2effd41a45d5f8ccc7967e36dea362cbfc5bfdba8959973f2ebcfaf836bf912a955b72baf037624cc1ecc32c1519af9e2dbec70c344557f1bca29cbd85c806db0550af1726fbdcd33d96b6d771aaa01b07f4ed72150e52b619ce075a838a9aa40e811170e5ee108382b605f2bda53fbcd88e10ce594b13def55e7933b9126cf87dbeb2c9dc4f168d585efb8d5520931f1053479795b5bf3767e7a5c1947fc9714dc065148246e917c6f023fc0974d48545b73dc671f0d41ea14a75c306e9b45218e7a40caa76e2c8e429c7bf2cffd7e4b97ed7d1797a3820276009b275ec0c09318046f943c7ee08af06e752da95ec2115d5d06dc2924abe6bcd280e9fff7f6c2a342771697cfa650554aa812e224eeec543e8e96b00fb2f7d6a76bc727900450ecb0f1d96c131556b93406218cb7316df5e42b4db45da90191b17a8864e9e728d3a896b6711f800d82126a850c76d36f5d742623b16cf296aebfc51058c548b998b589de8621cb2fc273b265b6fd3c9ae452e5ea60d0d3c3dd5e16f50510d693561a3ccb209dc649a6809563a1cdc8d7ffffdf62b91746204bca86f61a94a8d076356007d9b3a25a990e21b063a48ea6a5980f13c40624c6d32df0c15e9c6d9fb01cea2039584760cc5e22d13a01d9de849a095fa7919e962c4cc31376a936a53dd851b163ef532018fb610127dddf431dd771c1c54acc0ccab1b948a14b043b1ff18c9a38eef63f24940df87ea32fc98be7c43793c0cb57b12f3e9ad13e1c4658125192b2b53a39db455fa59bd9e75e03b135bfdacfb8ae79c8b667c90fd778baeb72ba5f3f362f87b01440290053aaa261d7f4f89741d68c37a7f7ba3228c26d9e1883833d396cfe922caf4785850d78745d1f78fa13b6ff72f61d5fc8a691520f01e961849cf1900f1f678ffef2b17fc7dd8021a0b991727259f1e40e7d1ee2f0714f20864b208cb842a1a01c45271f4d56b1ec05153e3a0fb659590de576b8bda76ef4cc3f50273258cb155a6af580bc027ed177489c476099b4f80988b4c9b138cd5010662386e521161da79b3cd9b752ad0c5766d29a7414a8fdbef1bc4a6e1f962f56c63c0e09715196e9a05faefc58aba779d90be680c47c94c3c5be44ccb26ba5bf4f0df42d210e97508ab434d629e83635b7b039776cbe655c6d00637246723dba59a91deef660c68c2135d6c0c89bdf0b25f302089a143720c2f6ed1a776ec49ee79620344a8a1ca81e7d01fb34c99335350f136a5954404bd571be694dca328d50cdeb069383d590359c767e5cb5470a862ea20a9884517727c55a157d4fa0a1ad3ba3dcf76567b77ddb92081422bb121df9df51c99a67e8d5dddda92bddd3b835d7b1ec756c5695a8c9c89da7073ec8901dae3d275ddbecedc10fbc88231c98c0ee1ddcc33b81c0e187b3a913f1e59730b1ee0cdc3caac57811713abf2c61aeb1ffe0bc25784c8b6597545a81e49d531d9a69fecbd0ed0389507c981c9204eedaa66a0952ff7d6da24a594d2b59fd44567b59b74097b8cdf6c88c85878dd88955d0ac9b78939b459f8bd7d5340bbc0ac6245bd63697accbc74127635a008ad54b4a87100119b867ea4edeb1510b2e8ff599c55fce1cc838ef778f528ee77ece6e1155730ff42d28aad923f3292899eb3bc995a26e5c93ad09ef88e839bcf57e3a0ddfb74bc284a422ca27320a76e6e27739724bd4b197907aeb79aa8c9760f47e1c8b0c01111fecf64e513bc8a3d7e76f3449a80ad434fd27fad9ca86088cdbba212dcea5b75ccd9e6d88ed3da9c3d629326076cea749ffdec47725f8337830b8bd6a30ad7c58efec975fc8ecab3176eceb0e97157f8531021d54fcc876b0dda444ccc2c9e12a58f9090d7f17ee094c8b210604bd4a0906226cfb911b7c696468dc617bcd5d3f5309cf7fde3393e43e5cf044c14375528c01e9f9f66b63628347d42dcd28cd814c2a763e7f0f027a63e132cb4c8c96dd7e252e1a901df7ca7e9de9c7e76e656c53ed234db93ac41c367fa888c13175509b280d4c696666e2f39559b78b0234e8b5e2e0b0508318c81b713c1679cb82e2479b0fe49fa0ce14ce79986ebdd5f05ab60d7be6ae7420cd96049286e460425cf55eb4b89f05fa3127b45b3bdc2cdf656a9a9e783680cd13130a5c2cc552f62f8492f982063cde4b7111cc0f58db355fc7db71cd8c48b4469529970e34ca14652dcdc9408aa6bf64664d9ed883046b152dfacbbafb04073e41fa5282f420a4cd181908c696a23487c93ba8feca3f3f0beb8dd6150f8300139a1657e93db77823b7657b093e0a9541963e3dac6a399001b72456437bda09b77f1db1d3f99d16d00a9da70f5b1113f054094b3b1d4b0a037fc87f7c46ea1a3c21faf6a1077f2733621b7aa9d446134e72062c430055cdbbf027ffe280742270a817f030ee23aeffb0f709430a510eee1365f84c179383e9cd9579c136aacf5d0a683ff83dd99e29492d9dcd7495f2ef3ba7590695d98e6a07ce81a8e1c79fe66cf14afda939c08c6f5a2286b2f2764b4d21e9147787d79a514eba2b8d7c23c1c2ab8418e30973c6dab2541c5923a9a9c5b1b5a41045ea015c7c1f04082e7ea7d49b9746e35839683c28d395410491e3f863272127ac7d726b85a1f6043f660ab1fc9c1fcc72893fe9af05fb0d43fb31cb57808797ba0f680f4fc444f6ea3c0b2e814cd4c1e9bfc104d578530cf18be65bc4ea739ddac86eca14aa2627491b607c751050f867541026ebc41197c2547ea5fe5b726e65", 0x1000, 0xc2e2}, {&(0x7f0000001880)="aa624bed8776a85abdda20f64ee3d7a6b77d45bd58bba4fb2a263589530dcb71d0453044d9ad70020ffcb00ade2e744dfaf42f2666a346f1166d7a560839b1286ee42f1b370b2a2a93151aeb0e47aa927bc6a9d600de22756f4f0a7309caba91bd8a3762e0fa6a1e35603359cb5b91f13a5b1a41edd36429d3569902907af03fad5838990452a2df5f1034be0a035fa65b2fd77372c3bda303daa109160e18a4ed558fed741edb01056408a733e28ad71c7e0bf4fb01d1501a5b7c9144c289915b6366b452ab203d35d9904feab54fa359cc5ad0d82dfeecbccf8f74581330cde1ad46df9442a8e087d3da41c95bd1e49b2573da8f37723f9dfc01d39498d6ee94fce79829e78876e0b83cda6371a9c08fe80eb5271777607e131d9bd0589a56c369513f5b6e8cae98d235909b67fe1f7b1b804d90e3b1f0ca8f78f6f4f96a9647f19536a58ed6a90d90164e9c1b87232f9a282f7005c61a5192f89a6031b852aa6bf697f9afded26c799315c418b9cef7b5d64ef664e438b4af2169039ab99b597953571b8bfcad5771240d9882692ce6075ece7392bda9ade1b91586a9e9cc97a62d80ad32502dfd256153fc8c5a65c5d66907744bb92d4fbf90952356a34d83a196effe6ec7ac036f77d6b5ed6b4f42100876fa3dad7cb954dd987d695c243ff0123e2911963b149065d178e9f6283009cf6e8b11b4146629c9de802f6682e13744404c18765ceea3f80f1690c9a14615847e52384f98c6a4fd32c4a07dd742dcbcd09fe6d97c35f6672a8d5c3ff51aaedcee1a23dc56c343f95ddab6c77a958b6b79b5e4f3d7db8fa010b848771094a363049c640913dba8e9f3b6c76d32867a88afa6185f83f47189467d37d870d0f0284e539daa08f9a202e7228f8a891427faaffb6666f33464b9009878e8b49088a0bafa617d131bd1c72d4749abd711162296d99dbc50bfc7ccc85d303c6492407c2d5ecfa8bf7c08996b1eb71d17f0fc394a02df6aee8d82185bf1b548dea89de383c362989b029c710750a52d18a77baa0cc99c1c0c8ded13e79cdd0fb85316648501e7b59916b59a7be0918de47dc0f6438d6712ba786ed0fdc10b078200ed2c3f411e6991b76b353dd1a0212405adcad72a7376857156f4e7e81443d6a39dad95fd9dd3954bc56abf3ebd2920a3618d7130c20464299d84c2b8ab9b62a00966fbb0272491d4dd6234a98e370c0c7c3b8cec25dbe9cc18834d655f87fd1a9530b0c61e79dd97120d599f178d9bd9212f83bce04c43db2f329d4e20af05a594758a93ac563182ad5aadf9020e30a526bf4648d10b8aa331206449ce6dda723946939ba0b80ee3b7622df91583e6d088d875dd3ca21538101e5d83d78515cdc64b2faee6171e9eafec1cf6aa51a158fbf4fe0fbf10ef0d27aa0a89b9d2142006491d9f8646caee46029a9086a9a65e819611b75114b3bf770996083af753bae7c86a8f469462790903f45365598a2396dc2aae09ca6d002e41ea2a3cef63350d23c414d7ef2fda4fee7150443882c7b6dbd6a794d8e825b196e3a834e5592972d01983e5d66a8df37c05f11f2e7d9ae449b21427841235ccec79c472307e2291fa8ec53cbea18ec94b48ede236cad9d765cf96a09aaed4fe3c9bb6de0da849b61049a799360f86d48c0d54159b4491110e2b6f868432c023bd13f67012a3d3092b5cab51e5e7338d24d62bb601f454fae8ecacfa23ac806cfedf64d18654d6f8d72b1388459bb73bf740ed0d61993dc876469515d94b8357af8494de5fe12af8b6ef608cd32bc1d454f1543490e32a429c22bb5cd70592bb0e5fcbcceb3ce7dbaff5e0601091bb58e2274d2652e750f332ca4af93522e59264f5a99b440127061a9f8c47a5cd0972369190585597dfdf1aed6131e47c1cee368b4f60fd8c992b3bdcbe5c2def9ebf2d76753619631a1fb65e81959f4fd85ef03e10f9a22e6ac6248ad17db83c7e6a09bd19e697362bec6825023bc12ff782b1335c31b9da67876c636d6a35e6733fbe7a58dfffb00ad727410cabfd60ad0a9645b9f0783b4df70cbf539318580f225766a12d7d1f1f0f961782863bb2ffb6da8935b3b31b8985abaf0a25d8bbbf8dc69df7f26d5f75067c930b60cb20cbead945619c13062eb25309f3ec465cf8de04a887a30f0507ea3ffec06b16765ce1389ec0c20f031c70d537c3736ababcf4e808754eb3bbc5c0518c32827549a1dab666fed33b20ae9b23e0b06118d3d2d1ae5ba0fa3d9cfd1c05295f9c37b2f5b47cc04a626c759d28fcba74a7fbd2c21f88c711f9075b0d303cf32ed20fec66a75635b16c89d34be28a45a416f81958dc5244a46a83c6c546f0d3949ceab86bbf5434f90949cc444fb17dfcf16b9c7ee6f4027895b48090435e13f745525b970a2367af3e392822dbf0aa26e2158b532a0f8864e76d122096aa21e7d7a64d25fb9b1cd9d2ab9fb0199e5c534027ca7b4affc86c6c7d8df2ee54414fa4d3acbafb297c7b049bb7158650232d426f51f557f72d5bfce1a4183dddc290781e067fb6f1fa199a46e20e3246ea50a6524a0381b76454c1b663fe055d8131e620ea27bad34cdafba28ab49ceb6414781e2c84991ba3735f6d78e824e1b8f589ad9b2a8256433affdc6895b30c65b532c8f8874aa6d0f5db4696b8394bb7164bad8e8dd17f5494fc35ee37bc251d533f64cb4549cea45b0353d9c77eacd53fd938ddabbdd1fcdfe86babcddfe67d1a3a69f42aa150e58d4fa029ac5e3c12aee06d878bb571436275214dabcb1f1c702535f11bc481989dc8a25448d9397140c632eee9446820810616d7d944217c9f9f1324b72fb9b5027108d68c193ea098156f1f4c2d7d5bf92546e5155f52c1ac858a47eb7876815c7bb4a68f3dc75ccf2ba31d5b8c9db01dd3382f9c25fc3156a8d02e29d71d922897ba65f1a54ac8718b585201de0bed1708dc3fe8a9b567a609a2df78ee58cb3f485b18913130f7c4df98e9165ddf7c4086669c2b3b2ed5a53ce6a5792f2bdee74904e452d4b2ccd1cca925d9c0e8669204de63078e710e2b8106698276d9f5a248b8faaf884958a0c88806a5fbafcd7796230175ea5e5c3657ad0baf5a1871f71d8469c8d209451951ec5fa9a6619b48f9c43e51a918b0baaab330a7137d833c6ad12f7de8be4eef7f129c9871f93204279cee36d31ede8739df8acb3b880c8a05ccdc1ec918b6188a587ee40c64b2be4c3e4c263d963b9103b1ee054130f5f0ada6d62873724907ffe121520edf25c096a3d7817fe8ed3fe5b6f6476b1501988ae558c54746e308fcf5f629c4f4f665d3376b7f90019d099855d39d00a678599596cf2e3deb050b7ab65cdaa16bd4cfdaff709ee1545d3a34318e410e8b3a79212b7ed908febf4dc342655c6a2a45782d2b131799bf02722416ada691243c284868dc69640fa2f54b6b2e2456c3b4f045d26c979aec5ed0bff50d9fc19e232de50e0c2656a354e6e3f3d78d059e5371d385191dd438be78e24a74a9507756768e907c789c612ffb6739410126671180725908eca305128d534b57e5671655365701636ce2a85db7c0168b489c3868f5f6b199bc044632f0827e832034f1f1015f75eaab6250451cff8b3ca37785926b12fb51a14890e26f3cf0fce6d3a67dee62eaecb0bbf129b371d39f3bb08b9708af61be9de7c3e5831c21ad25e37af7686daac384bd3099b378b7a2011b5c9f9d9f7aab2e80ff978b96c2a1d55023c74f84808fae653e2488dd528d1adebea80db151c7a4d53954671ef26b3d79fd52dc32921db86162308dcb76188bb27e3b45058850861ecbb6ac972ae41c7d2102fc4b5d639dc792b13d69a80c6b7f3ddfa994813947542c4890cc896c07b9e3859c76b8d8eecfa1098a2107233491b6095b54f2970ae9ab8cb002d1bbb8db1b0a59386d089035fba6db1659f15395358eeb5a58764dcb3fdfb465ccc5e6600e2f857960796cc54a6084dde1282a81cf39eac69dc793c4130af0d02f325020fac2fc3c41783a60967f6281d8896ee005aaa48a5121c0cf99796293fc9edbc3bd169cd58b7f88b59ddc6fdb9a05b989963844a6bad1011bf9c19c6566bde431114d4d4476a21fa1c906966cb814b0b576e45ef35b020f96537d093fd499f830e05733f30a160feab842515d141c3031706326139d11adb9ff6bc9e39e1418312ad7d0dcd4b68e7124d73162f405868751f1ddfcbcfc45f225cce66ff7ea1af6b9b701d4135a4245147a0cd332e6d731fe5cb3c889cf72add1142ea1ceadb558cede52c3315bfc1a8ca0d71c30f6117b8f0c4f2ca404a37d93cc65d023f9b2f2b86373fa667ecdf02025c3a83d59cb84b380030b937d4ea483c243ce518a78a1d846c87a431663f4f30f7129113159b8327a3455442d1c407223d3aed9bef184353c02a6edbd03692c513a781e443b132cb20c4e6f4784cfe88e5eee5eba3aab7b9897ba916533516115c128a20a3469c47c5f489617eaaf83384386689ee75632644649e00cbd00c007efddde0f4a84c7e80695b1a7fed3d03b5e720b39ffaa28d8d0d1d722cfdd53b2e48086a02f74d1c8774a8703368d08af6ef304c956aa4fa0755e8b6b618316aea938fc12c9d99fc669529cb7307c9a7b98fe3e6f5fd584da8e45e64231d4dd5fdfa5b95a5f339313e4da14b77ac8d1393801004c73337e8b58ad8f42cc352ed1350edd8f78f0d161f7f534aed3f939b1f24d144413ae0a50f6bbe4814df0ae0ee44af2851b2fab339bbb124d000e80a41143e5c90c75c38cb3a25ed56217e64d392da02c53261320965b1c3b894249e1b6063e05a54a43b22c6cc7db0cce306d6b3f17893c0ae5665e3581252a465b52e5f05af32b2f2bc1b8a0c1d078802fe6ba1c0fd77eed01d7ef986aa0db567a229aec7cb9d3079a64be91153a5d9baf3f17f978c4c395e36d7f8ba2d83dc99ff0174b3e6ad140c11f0cededa7a4ff939e1b2608b47ecc8ead94d1609a02b50120ed7dd2f442a930d2ba7369aca2e9bfebd9ac1a6fa0d038aaee2c5793fb303fa6437eb9d28c8a0b64efb890a2289e9f029c2c0787d3c4245b8715aad434f10214402df8f78532a7d2360b5077f4e77345842433ec76110abd19808b562f1f04ddb0b2f8a8dde90efef7cc160e688caf58c04139f7459b8213b858a70152f6e44c1e5d27521e0c8a861bfcdae92ba9680c89f360098a59cb46bebfea16809091733cbcca8f2a1550aee1a14ce5191d56cd7bf721b4ab5daa6017fdcedd11eba4039494da005cb329047ddd556e0a08a7b59bb930b8cdffbaa7b22dd9990946290e2e76b3b2703f2d7a2711f0d6299fde6018b95572d496bc2167a205d8572838d72584c4ef0ab131d5f774dd1e9bc2bcf0fdcb8d1c79099237676c1b677f72241d5de4e61919c9a8097bc64f27714fe22427ca1ee8475d5282af77bcc72f314d0df6a0f55d31226599b912800c584b9fac4d3c3fc1d024f91125d3c280f48e630b43c39493c2faec9903ffc2bc2a0c7fe482690d58db71fdf2d90b8491d639c6e75ac18eac2ac327dac1489a733681c7195afbec9f43f06e827c50abade3645a5a5a9e3873b894a9c102a24137062f9f75bd2e42e6bfd648eb69f3ef4cf49ac2671061c12d2a6fe95d0375d331f5f739dd3134c02e276fd4bf5f9a18deb153e95ebcd9bed50210b1e6147a09e6683ab3954e45fff0bd55a58bb0a8361a1d85f1c45173ac80a1ff5775c229737e59870ef3f3355b43dd0c88216d6115b97515e456dd7a856024146d50c87ca679", 0x1000, 0x732}, {&(0x7f0000002880)="fc3728941e9f8df0113ffa6f6534f028097c5f709c1f60c7c3cf6934fe54742abfd0fa6a1aad82c1596b8c291f31826b01f7b3858e806469b3793db85e323563fba5dbc65b92beec6ab3c2633b3c99e2e7d6edab6aadad2f763c6213614862714e1eafef6b1dce653996084653f371d2ebc3a58dccc79f9557aade7f8e8bae85c352c2418df971560b0c4f28b5d720cfcdd440b87f0257d8a3f282a9495806c9ac82a1b5aa762527d944573a5887df3ab1f6f0bc39844488196073521ce3482fcd576fa6fe908976f9adef5118d52a050d03862dfc8e503873526dbc732758de4b606e7390068469fd8aa387ce36b8f7061006fec3cf1fc11ccb80100d32525fdebb207da216b0bf2c3ddfb2ca8919e9dc775e3985f4c92ccf7257b4c4d80886e42ae40176757688009af5edf9ee5f255c94c76e483848447d4a6958b63baa8cfd385f1fa1f500d68ed1d7229e774bfe0c0421a11582040dcf8edb8c812483f7346a85656731ddde7d84330209be7984d7e8d8c26f77751a04e5e3458615c496cbfce878504cbb2ef963eda113214da9715d55c10349247dd5f08fb9350db292cdc0ae4b3c10d9919e8b4d4338f682caf08744e94f1dada6eff39e5327f8cbcfa934724067e767a9e274ba118a909cddd88f5911e83697b9166e6b1e94ff94004ef96c7a1c4982eafbda63ce7da152c8c7a963e346c1fc7ca2dbbbd848fd5d27cbc66fa016a28072ab7b875acee3356210c5d09a86887eea72c18c24b1bb466f8e68280770a0114e1d94c4ca61457908de5aec0d75f4cefd97f38e2a493ccc6bae7d02288402ad5e29d427e4dd1760befa4d01dbc61af82f88cae8adcb4926483534993f41a373164ccafd41c1724c8c7493da2284c8f8a1aee6b832567ee83955d153f26ff238cf86910f02760880c58e7e8277f9b5b56fa7361b4cd44885484e4c23b154c2368e319853caf5cff09a68ba6b18f9e94050ce009fae8c9a68d1e8a076af061e83e63df839f24799cab6924ec13e07077cbf53c1f3499c38155f2f9bd1e70b598da3c5659620f5b4ce61d58eb1ec7d742126dd7d84ac26846afe4a695e0e5a6ce9d6c0fa16146027380f1dbc83a9255a2a9ad31ecda43d161203b9806ccf2b10ff77986113a4fadbc0537315952595c0d984a18a5037f2ba23c5694ccd7c14f95dcb883b7b5d600133d27cb57bc5f8a3c4ca29a9e435162f763e7a1acba3f176da256d687db336e53203c0946e1e340acf4388a47ec219caf931b758955097fa51f83ba3d4b121b5a444cd1c409c2bb737b619efe9c63e21947dfeed9d236cf98b44407f59bac32047914d6fee393459cf051d0d25d5ee79c62404ed1fd34ad6c8bdd50103a96d051f3fb9c162e6277c3987cc203dbf070b2f95b37bc7118ac33576224163066be9e187bc855dd5302fd76393541ecc2ea7469c2183d9eefd5605c0b12ac1bca3a94e5b858f53ae2b0713d9c95f4d3d0c2cf7e1438ffceb908d030d0e8e2f5735daf3eb9313925506c2c915e5037fa8a38edc0e4ce08fb26e18aad45f0459ced84582eb6ecc30143e1075ffa64314c35bbe29ff99ec56916779166f46b103b2194c9287044bb4522b6f614de6f98d2e6e7d55c16be99bdebe4559ecd74c6fdf0793d2d78ba3660a4465f8e8eccace1eeeed2152c2d045c49ed916608a41d3c6dd9edf8ecbffc9633e6528140e292d2503ea697dc6e6af2fdca7701ccf1b4ee6473b053ab8de10a39b427776a48e345927563f74110cb4d1d95f4bbf19db23b3c887d1be1336f2c0c64032ddac3e8d374ff03230d3e036b29767be09fbe61f139b1e42af568d9cd2d83ea7d4c150d94d560b7a37fbfc3e5acdaeee50d1035194d6d6e2892f05ce03f20d4c57ce01d7cc904b39238764fa9dae93658f7a7c24755c72efb29dfecd0d26903e8851e3b17f534243cd54cdda8a8027e636f9bc5774eb93ce46bb1c957bec9113e98e135541c92c4f4c07701adf622ae7f9affa9e870a2fd0c8d7010e319f97cafa77288462992b583b2359207a04a131802467282e1f22c09e073d953d6863a43f0a6e77eaf653dd5aa896a3bbda188a967c8bdc640a36ed29113504e339acebf8c04ede67b0406dbc934e2fa79eec3bb31a793f560fcb9b0d9051a9e089101565af02a161d45d05cfabb1595fb95284735d06f8515796827f9fc21a6a0b666cdb1620bb0e8c6143469c7660e6a9a0fc7cd6c4fa4653754a33f85de365d60636bb700ec358a0066b9605f61658c728836e98310842b672d2f6a8e4392bcc86f6f8e49849531da30f113576ecca632c51f0b3139f5429a29ec95ca77c06929300b09547f963a0e27512d6b7072608f09e2177bd6b8b1bbd18e25f99c620a22c3fcdfc2fa24215e73d1da966b47d494a6b2affd0f65ca71b16c708546d5e8b7aa1d7c3382a83ed4921598b5dcffcb67ed2eaf10e21903688dae2a55de8ce2a3b66718f0aba4be160f85913ad14c2289298c245302de6fa8317f960f958730d96d5277ee8972e43311e5dddd61647b99f71a0a783c97f00b4ebd0cf741598c5e267939c8a2bfc3bc01349654ef1f6127b833cf76406034a929cfc25ad19fb282017a10a0a1e219d93e95b40ad2fbcc521c64f9693c28be071c47fcdf7b7dd99f90530ac25695832e8a2a6d6df96d0938a8ff1df04ace4715f52659fd249c4090b0112418d61f660a3da9ac69a0149b581e3d2b3e6dcd03a836ca517a4bbfa3354476d234f8afbd655e09f465a3774b407bcba4920a4feb50599db1c7673db0d88d2bd0db0504a9febe86b94e3dfee8672b09b941bad1616bc90dd7620d8bb8ec96861fe474feabd86d4e253c03c4bf91234156b2e91c57ab229cf5b22deb35af38d10ebca92c71152bf3b5280735d153e16f98ea617b75003d0259a72137eab5edf7b0e1e6dbfd2de0f94677230efb14f78e31f79ee353229ea257e6a312ba3fe74438ad6cbb743b74f2f4a5455b8e764d4311a4a602eec38a07aade98db8cddb87755238f596e8e6417031265770301e6c6236a577c1eeb5684268f04aa2370066a5129a133946b5a5efdcffb8f3650587d7d73bd4b56baad7d2f7a900d850ec3d54e0763e7dd6a61a719c2efd8222b6c3df9f2c91406da84b8984808603fbaa00a0539373c1a2c417cf510841d7075e7986d0ad0579ec3db4441310ea7281872245e38d7f4df88bce67957d46e1ac2debe01e69d26ba7d568337c19e1de7739df31440d70a6acb8d0d2360f9f28fdc61d8ce1e12639e3281ac890c0dfffd7b716da32b9290400725d5b836a6fcafd7e49d08a2fafa447adc1b5f14f415a2a17c008eedac4d0962a83fdd2932d5abd3bc0ba74b8bcc53a5bb0af28a3c8624ebd8b5219b178a45f0a957d50c33147583e7b2ef81bb7f64bd4b711e546bf1c5297b209ed61a2b38102fece905ae75d1eba3c5e0a199e5dcce2b2ca9cf5fbe1147ca692e2f55d7148550618802766c5f9163cd3e8a2011fef9b26e769530c977c28e76f050884c428104f21681a50198e8a9cdfa40077e520f42ab6a19bcd4ae30971ba1332a3651cc6d77bdf145aa0f46559d52cbf5ebad16431e60c51777a35f39a0f2fa865a8c08874af8eb38e95e633f42852e80c26ac4593ec48aaeaadb0d0832b3d312cc524cc93aeab6fae65718752aaf6dfd040c19050d37c5c26fd9465df4717d91a6d2a1c8f14752e9b3b6d5f2c2c367fa03f82bffade1fb046874e4b4cab840680ce18fa9702309c00dea165b61af83069c9a82f3030f06441dca537ba894d66db8ad55a681e841536706ccb7bd182dc97d5dc6c277c38c2858a5b93fec734d5d0e2141b12fc1ef2aee345e8adc0dc432349a9e8d0b3020ddf34a0808c8e0cdd39ea05300b570ec0c33cb5e88b1d157dc973799152b812b2bd8719f430af7ab839be9bc5e406b6598f334f6ae048f6e7e70f10f499cf25dfecaa8c31b93a4b6b3d3460ecd6cd1509d39931f8d3393cc0e9d3510b11f83014b6893fe6d447bbc6a9afeac314e5f58981f20b295654d843ab1902d911a6bf95e230ed93cd3538752cc8cc90f7e551c33dd22a8045fdb0e945c24293500c2d560d12754c90703aa7264cf7539130edbfd8444e6cd72d8daa4064f732c228c30f9cd895b740e8d422346a3c068bb39a5f2e3e5aee0844b9fc0a223796105a6ec67061872dd369ac47ac2d006069f90f651d43c61b4d7280f09b0b3ec4cb3ba0e755fda0d13bc67255e783543f662177335437721baf85a9c4d485bebc42f09ecddd16d467f2787eb7304b75775fe312f90fdb4256523ac8181506a14d9081fcb13ba3aff5fdc23e53592f65160c19f68ba5e6c1c805a2dc4d8a2ccf86d33f2022a14fc21868d942c08512e3a12d7a13812e4413dcc6794733abc9a3147ab681c3d364fb7de46a867ca9c8e0da54f1bb1935d6954668f9f5962ffe2dfd760336c83d72c5c58f75a61592064ab743debfbbebf4466975e35946cdd2928a3fdadad86c8914d197155fba7065308ae16e9771750d5fe86136c7a462f6fa8cd9070fc05dc3a439351f1ed369353ec7aa85890901ddc0b4590ae94c862fedfa3e89aa56ed6c8e12c7d27901bfb406d5c7fcd8a1c5f66357eb34f6dc1f8fb3856f5685b910f96f2da5fceb854ea9e027dac606d43d49e14f397455158c0db79df497a697836b6f401d871099fb2922b34aae73aa94808b5cb6da05629d021836ca0e27d6c045674e56118016378f5cdbdee200e35e57384d357e560c34fea336593f2dd1094739448b413181f1478f881a300f10f623cfdbc5da526e8cb9bc79a979d0a8c4c2074f80b46432ca90ea03ca8c0d0a626e6b99ffcb3690e8e4115cb073f375452bda1bb030a902f5b896a76f35635cca77b36b2670580ad3733f4231a0037aa262a02c1e99acf46d2e86f2712aca4d938843ea37e6096396acc88fd4d8dc971c7629512593b20f997d827f2a2c48839b3bd86640557db965b6e7c8fd8b0b74795aaea340c0562b465b953e380ab6b4f76be877715ff9f6a7863ff082498d7635c576b5b9e6bc01438c6d209704fcc4db4a86bdb29e78aca539eeedeeea96c8a73452c7232930ede6f1427f5742427b0e336116d300d6549bf64c9fcb7cafdefa32bf2ac6b4358657aa7602196b383dad4b9d8c7f535a468793941f0917e14bb3a519cc9e042eab9ef2d0c993a005758f868a0cf15d01ee5e9a17be43eaaeaf592586d372418cbba2cc853fd7c3f421ba5807a194f76455cc99cd115ef0f837c1c6f497d6aded01d2b34d9333edba395037a909251330dcf39a2bfcf6a7f307bf584dd35fdefc9c69e1630c6d9394c88b63df9e347eda80e22c07c2590405b40caf0d6f7ca00fed1f9641c83695fd8181d84310da0865b82141e76f4548ca13779ca51d979033622be64ee9750c528e53f579d0bfa23242313187acaa425be930695d4e8f2b9f3760ab0eb6e9c68b5bbf0b8b3efb1a054f7d9977b1d5dcfb53757d600713bf8524fd7b1d2765d150ed27db82f89f1bcac2930e476b99c003bca81c8bbb138fed5570a946dece7dc176cc3f02cfa7a466cbaeb7289bd8ba76c5bbf6d4e11e7174387ebb75f5a044ce0d069272bb52c84dc0ba4502de7e0495fd68f49d93e3c679569c5b22e7416d00ee5a90a2ba72281c79bb8f2df70d04967ffc57872abd8946fa6cdd9df68904b156752bf14c9e966ee5807b3d137f6009d9f4667e90cfde80d03879d477f7bd60cf2bbf1b33e0d5aae2605ed873693a0f9fe4210561aa86fcd2e7a733599a0f", 0x1000, 0x4}], 0x80, 0x0) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) ioctl$sock_FIOGETOWN(r2, 0x8903, &(0x7f0000000040)) write$cgroup_pid(r3, &(0x7f0000000100)=ANY=[], 0x1023c) fadvise64(r2, 0x0, 0x0, 0x4) ioctl$TUNGETFEATURES(r2, 0x800454cf, &(0x7f00000002c0)) fallocate(r2, 0x0, 0x0, 0xffff) r4 = inotify_init1(0x0) open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) r5 = inotify_init1(0x80800) dup2(r4, r5) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1eec7e667e9c22c674d6eb942b78258369909dc", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000000280)) sendmsg$IPVS_CMD_GET_INFO(r1, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(r2, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(r1, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) ioctl(r0, 0x2285, &(0x7f0000007000)='S') 2018/03/31 03:08:02 executing program 6: sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r0 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) r1 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) fchdir(0xffffffffffffffff) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) getsockopt$inet6_tcp_buf(r0, 0x6, 0xf, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_pid(r3, &(0x7f0000000100)=ANY=[], 0x1023c) fadvise64(r2, 0x0, 0x0, 0x4) ioctl$TUNGETFEATURES(r2, 0x800454cf, &(0x7f00000002c0)) fallocate(r2, 0x0, 0x0, 0x0) r4 = inotify_init1(0x0) open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) r5 = inotify_init1(0x80800) dup2(r4, r5) fstatfs(r4, &(0x7f0000000040)=""/62) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000000280)) sendmsg$IPVS_CMD_GET_INFO(r1, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(r2, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(r1, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) ioctl(r0, 0x2285, &(0x7f0000007000)='S') [ 426.141745] FAULT_INJECTION: forcing a failure. [ 426.141745] name failslab, interval 1, probability 0, space 0, times 0 [ 426.153318] CPU: 0 PID: 27392 Comm: syz-executor1 Not tainted 4.16.0-rc7+ #7 [ 426.160508] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 426.169865] Call Trace: [ 426.172455] dump_stack+0x194/0x24d [ 426.176089] ? arch_local_irq_restore+0x53/0x53 [ 426.180758] should_fail+0x8c0/0xa40 [ 426.184456] ? unwind_next_frame.part.6+0x1a6/0xb40 [ 426.189453] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 426.194541] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 426.199711] ? __lock_acquire+0x664/0x3e00 [ 426.203924] ? find_held_lock+0x35/0x1d0 [ 426.207966] ? __lock_is_held+0xb6/0x140 [ 426.212014] ? check_same_owner+0x320/0x320 [ 426.216313] ? __d_lookup+0x4f4/0x830 [ 426.220092] ? rcu_note_context_switch+0x710/0x710 [ 426.225005] should_failslab+0xec/0x120 [ 426.228959] kmem_cache_alloc+0x47/0x760 [ 426.233002] __d_alloc+0xc1/0xbd0 [ 426.236435] ? shrink_dcache_for_umount+0x290/0x290 [ 426.241429] ? d_alloc_parallel+0x1b40/0x1b40 [ 426.245905] ? lock_release+0xa40/0xa40 [ 426.249859] ? mark_held_locks+0xaf/0x100 [ 426.253986] ? d_lookup+0x133/0x2e0 [ 426.257592] ? d_lookup+0x1d5/0x2e0 [ 426.261194] d_alloc+0x8e/0x340 [ 426.264450] ? __d_alloc+0xbd0/0xbd0 [ 426.268137] ? full_name_hash+0x9b/0xe0 [ 426.272092] __rpc_lookup_create_exclusive+0x183/0x1d0 [ 426.277345] ? down_write+0x87/0x120 [ 426.281035] ? rpc_d_lookup_sb+0x1a0/0x1a0 [ 426.285247] ? down_read+0x150/0x150 [ 426.288936] ? __d_lookup+0x830/0x830 [ 426.292717] rpc_populate.constprop.15+0xa3/0x340 [ 426.297540] rpc_fill_super+0x831/0xae0 [ 426.301492] ? rpc_remove_pipe_dir_object+0x6d0/0x6d0 [ 426.306661] ? security_capable+0x8e/0xc0 [ 426.310786] ? rpc_remove_pipe_dir_object+0x6d0/0x6d0 [ 426.315951] ? ns_capable_common+0xcf/0x160 [ 426.320253] ? rpc_remove_pipe_dir_object+0x6d0/0x6d0 [ 426.325418] mount_ns+0xc4/0x190 [ 426.328763] rpc_mount+0x9e/0xd0 [ 426.332106] mount_fs+0x66/0x2d0 [ 426.335551] vfs_kern_mount.part.26+0xc6/0x4a0 [ 426.340107] ? may_umount+0xa0/0xa0 [ 426.343709] ? _raw_read_unlock+0x22/0x30 [ 426.347836] ? __get_fs_type+0x8a/0xc0 [ 426.351700] do_mount+0xea4/0x2bb0 [ 426.355216] ? copy_mount_string+0x40/0x40 [ 426.359428] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 426.364421] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 426.369155] ? retint_kernel+0x10/0x10 [ 426.373026] ? copy_mount_options+0x18b/0x2e0 [ 426.377496] ? copy_mount_options+0x193/0x2e0 [ 426.381987] ? copy_mount_options+0x1f7/0x2e0 [ 426.386461] SyS_mount+0xab/0x120 [ 426.389891] ? copy_mnt_ns+0xb30/0xb30 [ 426.393752] do_syscall_64+0x281/0x940 [ 426.397612] ? vmalloc_sync_all+0x30/0x30 [ 426.401736] ? _raw_spin_unlock_irq+0x27/0x70 [ 426.406206] ? finish_task_switch+0x1c1/0x7e0 [ 426.410680] ? syscall_return_slowpath+0x550/0x550 [ 426.415587] ? syscall_return_slowpath+0x2ac/0x550 [ 426.420490] ? prepare_exit_to_usermode+0x350/0x350 [ 426.425486] ? entry_SYSCALL_64_after_hwframe+0x52/0xb7 [ 426.430827] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 426.435647] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 426.440812] RIP: 0033:0x454e79 [ 426.443980] RSP: 002b:00007fb29f67ac68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 426.451664] RAX: ffffffffffffffda RBX: 00007fb29f67b6d4 RCX: 0000000000454e79 [ 426.458909] RDX: 0000000020000240 RSI: 0000000020026ff8 RDI: 0000000020000280 [ 426.466154] RBP: 000000000072bea0 R08: 0000000020ae2fff R09: 0000000000000000 [ 426.473397] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000014 [ 426.480639] R13: 00000000000003fa R14: 00000000006f8010 R15: 0000000000000038 2018/03/31 03:08:02 executing program 6: sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r0 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) r1 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) fchdir(0xffffffffffffffff) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) getsockopt$inet6_tcp_buf(r0, 0x6, 0xf, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_pid(r3, &(0x7f0000000100)=ANY=[], 0x1023c) fadvise64(r2, 0x0, 0x0, 0x4) ioctl$TUNGETFEATURES(r2, 0x800454cf, &(0x7f00000002c0)) fallocate(r2, 0x0, 0x0, 0x0) r4 = inotify_init1(0x0) open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) r5 = inotify_init1(0x80800) dup2(r4, r5) fstatfs(r4, &(0x7f0000000040)=""/62) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000000280)) sendmsg$IPVS_CMD_GET_INFO(r1, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(r2, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(r1, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) ioctl(r0, 0x2285, &(0x7f0000007000)='S') [ 426.488194] net/sunrpc/rpc_pipe.c: rpc_populate failed to populate directory clntXX [ 426.502300] binder: 27387:27393 BC_REQUEST_DEATH_NOTIFICATION invalid ref 3 [ 426.519711] binder: 27387:27393 Acquire 1 refcount change on invalid ref 0 ret -22 [ 426.527591] binder: 27387:27393 BC_ACQUIRE_DONE u0000000000000000 no match [ 426.534661] binder: 27387:27393 unknown command 0 2018/03/31 03:08:02 executing program 5: sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r0 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) r1 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) fchdir(0xffffffffffffffff) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) getsockopt$inet6_tcp_buf(r0, 0x6, 0xf, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r1, 0x84, 0x22, &(0x7f0000000440)={0x3, 0x5, 0x8, 0x9, 0x0}, &(0x7f0000000480)=0x10) getsockopt$inet_sctp_SCTP_PEER_ADDR_THLDS(r0, 0x84, 0x1f, &(0x7f0000000580)={r3, @in6={{0xa, 0x4e22, 0x7, @ipv4={[], [0xff, 0xff], @rand_addr=0x9}, 0x2}}, 0x8}, &(0x7f00000004c0)=0x90) r4 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_pid(r4, &(0x7f0000000100)=ANY=[], 0x1023c) fadvise64(r2, 0x0, 0x0, 0x4) ioctl$TUNGETFEATURES(r2, 0x800454cf, &(0x7f00000002c0)) fallocate(r2, 0x1, 0x7, 0x10000) r5 = inotify_init1(0x0) open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) r6 = inotify_init1(0x80800) r7 = dup2(r5, r6) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1eec7e667e9c22c674d6eb942b78258369909dc", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") ioctl$sock_SIOCGPGRP(r4, 0x8904, &(0x7f0000000280)) sendmsg$IPVS_CMD_GET_INFO(r1, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(r2, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(r1, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) ioctl(r0, 0x2285, &(0x7f0000007000)='S') setsockopt$inet_sctp6_SCTP_EVENTS(r7, 0x84, 0xb, &(0x7f0000000040)={0x9, 0x400, 0x157, 0x8, 0xfffffffffffffffd, 0x7, 0x2, 0x13fb4b9c, 0x7, 0x4, 0x6}, 0x4) 2018/03/31 03:08:02 executing program 2: sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r0 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) r1 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) fchdir(0xffffffffffffffff) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) getsockopt$inet6_tcp_buf(r0, 0x6, 0xf, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_pid(r3, &(0x7f0000000100)=ANY=[], 0x1023c) fadvise64(r2, 0x0, 0x0, 0x4) ioctl$TUNGETFEATURES(r2, 0x800454cf, &(0x7f00000002c0)) fallocate(r2, 0x0, 0x0, 0xffff) r4 = inotify_init1(0x0) open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) r5 = inotify_init1(0x80800) dup2(r4, r5) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1eec7e667e9c22c674d6eb942b78258369909dc", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000280)) sendmsg$IPVS_CMD_GET_INFO(r1, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(r1, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) ioctl(r0, 0x2285, &(0x7f0000007000)='S') 2018/03/31 03:08:02 executing program 3: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ppp\x00', 0x40000, 0x0) ioctl$FIONREAD(r0, 0x541b, &(0x7f0000000440)) sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)}], 0x1, &(0x7f00001f9fe0)}, 0x0) r1 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) r2 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) fchdir(0xffffffffffffffff) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) socket(0xf, 0x7, 0x8) getsockopt$inet6_tcp_buf(r1, 0x6, 0xf, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) r4 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_pid(r4, &(0x7f0000000100)=ANY=[], 0x1023c) fadvise64(r3, 0x0, 0x0, 0x4) ioctl$TUNGETFEATURES(r3, 0x800454cf, &(0x7f00000002c0)) fallocate(r3, 0x0, 0x0, 0xffff) r5 = inotify_init1(0x0) open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) getsockopt$inet6_buf(r4, 0x29, 0x2a, &(0x7f0000000580)=""/148, &(0x7f0000000480)=0x94) r6 = inotify_init1(0x80800) dup2(r5, r6) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1eec7e667e9c22c674d6eb942b78258369909dc", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") ioctl$sock_SIOCGPGRP(r4, 0x8904, &(0x7f0000000280)) sendmsg$IPVS_CMD_GET_INFO(r2, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(r3, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}, 0x10}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(r2, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) ioctl(r1, 0x2285, &(0x7f0000007000)='S') [ 426.589504] binder: 27387:27393 ioctl c0306201 200001c0 returned -22 2018/03/31 03:08:02 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) getgroups(0x0, &(0x7f0000000500)) mmap$binder(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x74, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="0c6300000e630c40030000000000000000000000056304400000000009631040", @ANYBLOB="08000000655227088c078d74b31e9e9bd7701365a2c2872c798608383072b8cfbef4b93735135964c941c93f031988b7fba6406afc2fb3cf971adac9fe674db0d878d5eafa5af33dff55e8e0", @ANYBLOB="0000ed416ad01eb752b072c29500000000000000634040000000000000000002000000000000000000008927000100001e000000cee4d43329a39954d2ccba343fd60d2ce4e859b166b6b2fbf381a350172c1516cfc0697ce9af", @ANYPTR=&(0x7f0000000080)=ANY=[@ANYBLOB="000000000000000048000000e0ff0000"], @ANYRES64, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0xeb, 0x0, &(0x7f00000002c0)="e718c6edde7a3b7c6af63e413cd5ffd2355006b90295e59b944ae30b53c5e0fb06504316e64898a349e3220fa658c2092306f433254289bcf5cf48a952c6e7eb4c54969299c6123213c5518ec0276eec669de3b62c531bcf2ba950c84bb12b57275938926ff74b0a8fe76d6e8de191b41f549e02c8262b5bf0d716c5f23d4dae1e2d8aac7c0b2386ed16e3b0c7fb6e60c5bbd3d1efb87f99573a5ced5b7f13f75995a776f3c7e6ed23b5056ebec90c762d6ebdd8a7de0f61884f12294d1a1a3696ca768758bc197a050a453209d4fe9930a7053742a70a6fe08461645091bc00c6f25addfbc55c3d37fe35"}) 2018/03/31 03:08:03 executing program 2: sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r0 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) r1 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) fchdir(0xffffffffffffffff) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) getsockopt$inet6_tcp_buf(r0, 0x6, 0xf, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_pid(r3, &(0x7f0000000100)=ANY=[], 0x1023c) fadvise64(r2, 0x0, 0x0, 0x4) ioctl$TUNGETFEATURES(r2, 0x800454cf, &(0x7f00000002c0)) fallocate(r2, 0x0, 0x0, 0xffff) r4 = inotify_init1(0x0) open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) r5 = inotify_init1(0x80800) dup2(r4, r5) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1eec7e667e9c22c674d6eb942b78258369909dc", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000280)) sendmsg$IPVS_CMD_GET_INFO(r1, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(r1, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) ioctl(r0, 0x2285, &(0x7f0000007000)='S') 2018/03/31 03:08:03 executing program 1 (fault-call:10 fault-nth:57): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x2800000, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="8da4363a00000000000000000000000000000000000000000000000000000000ecf6f2a3299748aeb81e1b00920efd9a000001000000000001000000000000005f42485266535f4d050000000000000000104000000000000000020000000000000000000000000000000000000000000000800200000000007000000000000006000000000000000100000000000000001000000010000000100000001000006100000004000000000000000000000000000000000000000000000045010000000000000000000000010000000000000000008002000000000000800000000000001000000010000000100000000000000000000000000000000000000000000000000000000000000000c08de47c70514c95b95e109e96a0b90decf6f2a3299748aeb81e1b00920efd9a00", 0x12c, 0x10000}], 0x0, &(0x7f0000014300)) mkdir(&(0x7f0000000040)='./file0\x00', 0x1c1) syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000180)="2f2f66696c653002", 0x80, 0x1, &(0x7f0000000900)=[{&(0x7f0000000400)="726b0bf4cf9ea0007fa7cf2e5c463c327b275b956e7a407a7776f3f680f45f33407d01287d4ef58cd8d319309c29643917d4bc86f568f8852b2e6c7cee837e0715e7aa7f82e970e6d76f2290b63efeed63f0785b36f4e95bdf2f07271dbd7d278d79d59de5", 0x65, 0x4}], 0x240000, &(0x7f0000000a00)={'nouuid,'}) r0 = open(&(0x7f00000002c0)='./file0\x00', 0x0, 0x0) symlinkat(&(0x7f0000000240)='./file0/file0/file0\x00', r0, &(0x7f0000000140)='./file0\x00') ioctl$UFFDIO_UNREGISTER(r0, 0x8010aa01, &(0x7f00000003c0)={&(0x7f0000ffc000/0x1000)=nil, 0x1000}) syz_open_pts(r0, 0x646041) unlinkat(r0, &(0x7f0000000080)='./file0/file0/file0\x00', 0x0) renameat(r0, &(0x7f0000000040)="2f2f66696c653002", 0xffffffffffffffff, &(0x7f0000000100)='./file1\x00') mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f0000000280)='./file0/file0\x00', &(0x7f0000026ff8)='./file0\x00', &(0x7f0000000240)='rpc_pipefs\x00', 0x0, &(0x7f0000ae2fff)) umount2(&(0x7f0000000000)='./file0\x00', 0x0) fcntl$notify(r0, 0x402, 0x1b) symlinkat(&(0x7f0000000800)='./file0\x00', 0xffffffffffffffff, &(0x7f0000000780)='./file0/file0\x00') mkdir(&(0x7f0000000380)='./file0\x00', 0x2) renameat(r0, &(0x7f0000000300)="2f2f66696c653002", 0xffffffffffffffff, &(0x7f0000000340)='./file1\x00') 2018/03/31 03:08:03 executing program 6: sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r0 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) r1 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) fchdir(0xffffffffffffffff) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) getsockopt$inet6_tcp_buf(r0, 0x6, 0xf, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_pid(r3, &(0x7f0000000100)=ANY=[], 0x1023c) fadvise64(r2, 0x0, 0x0, 0x4) ioctl$TUNGETFEATURES(r2, 0x800454cf, &(0x7f00000002c0)) fallocate(r2, 0x0, 0x0, 0xffff) r4 = inotify_init1(0x0) open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) r5 = inotify_init1(0x0) dup2(r4, r5) fstatfs(r4, &(0x7f0000000040)=""/62) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000000280)) sendmsg$IPVS_CMD_GET_INFO(r1, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(r2, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(r1, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) ioctl(r0, 0x2285, &(0x7f0000007000)='S') [ 426.743727] binder: 27416:27424 BC_REQUEST_DEATH_NOTIFICATION invalid ref 3 [ 426.767989] FAULT_INJECTION: forcing a failure. [ 426.767989] name failslab, interval 1, probability 0, space 0, times 0 [ 426.779302] CPU: 1 PID: 27427 Comm: syz-executor1 Not tainted 4.16.0-rc7+ #7 [ 426.786488] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 426.795843] Call Trace: [ 426.798439] dump_stack+0x194/0x24d [ 426.802068] ? arch_local_irq_restore+0x53/0x53 [ 426.806739] should_fail+0x8c0/0xa40 [ 426.810452] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 426.815552] ? __lock_is_held+0xb6/0x140 [ 426.819608] ? mark_held_locks+0xaf/0x100 [ 426.823756] ? __raw_spin_lock_init+0x1c/0x100 [ 426.824193] binder: 27416:27424 Acquire 1 refcount change on invalid ref 0 ret -22 [ 426.828329] ? find_held_lock+0x35/0x1d0 [ 426.828345] ? __lock_is_held+0xb6/0x140 [ 426.828364] ? check_same_owner+0x320/0x320 [ 426.828373] ? d_alloc+0x269/0x340 [ 426.836098] binder: 27416:27424 BC_ACQUIRE_DONE u0827526500000008 no match [ 426.840109] ? rcu_note_context_switch+0x710/0x710 [ 426.840119] ? lock_release+0xa40/0xa40 [ 426.840136] should_failslab+0xec/0x120 [ 426.840146] kmem_cache_alloc+0x47/0x760 [ 426.844206] binder: 27416:27424 unknown command 1695772887 [ 426.848503] ? d_drop+0x51/0x60 [ 426.848515] ? rpc_i_callback+0x30/0x30 [ 426.848523] rpc_alloc_inode+0x1a/0x20 [ 426.848530] alloc_inode+0x65/0x180 [ 426.848540] new_inode_pseudo+0x69/0x190 [ 426.872075] binder: 27416:27424 ioctl c0306201 200001c0 returned -22 [ 426.875896] ? prune_icache_sb+0x1a0/0x1a0 [ 426.875908] ? do_raw_spin_trylock+0x190/0x190 [ 426.875918] ? d_add+0xa70/0xa70 [ 426.875930] new_inode+0x1c/0x40 [ 426.875940] rpc_get_inode+0x20/0x1e0 [ 426.875950] __rpc_create_common+0x5d/0x1d0 [ 426.875957] ? __d_lookup+0x830/0x830 [ 426.875967] rpc_populate.constprop.15+0x126/0x340 [ 426.939023] rpc_fill_super+0x831/0xae0 [ 426.942998] ? rpc_remove_pipe_dir_object+0x6d0/0x6d0 [ 426.948184] ? security_capable+0x8e/0xc0 [ 426.952328] ? rpc_remove_pipe_dir_object+0x6d0/0x6d0 [ 426.957512] ? ns_capable_common+0xcf/0x160 [ 426.961830] ? rpc_remove_pipe_dir_object+0x6d0/0x6d0 [ 426.967014] mount_ns+0xc4/0x190 [ 426.970375] rpc_mount+0x9e/0xd0 [ 426.973741] mount_fs+0x66/0x2d0 [ 426.977108] vfs_kern_mount.part.26+0xc6/0x4a0 [ 426.981682] ? may_umount+0xa0/0xa0 [ 426.985286] ? _raw_read_unlock+0x22/0x30 [ 426.989409] ? __get_fs_type+0x8a/0xc0 [ 426.993290] do_mount+0xea4/0x2bb0 [ 426.996806] ? copy_mount_string+0x40/0x40 [ 427.001021] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 427.006027] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 427.010768] ? retint_kernel+0x10/0x10 [ 427.014632] ? copy_mount_options+0x18b/0x2e0 [ 427.019100] ? copy_mount_options+0x193/0x2e0 [ 427.023567] ? copy_mount_options+0x1f7/0x2e0 [ 427.028041] SyS_mount+0xab/0x120 [ 427.031467] ? copy_mnt_ns+0xb30/0xb30 [ 427.035330] do_syscall_64+0x281/0x940 [ 427.039189] ? vmalloc_sync_all+0x30/0x30 [ 427.043315] ? _raw_spin_unlock_irq+0x27/0x70 [ 427.047783] ? finish_task_switch+0x1c1/0x7e0 [ 427.052254] ? syscall_return_slowpath+0x550/0x550 [ 427.057157] ? syscall_return_slowpath+0x2ac/0x550 [ 427.062061] ? prepare_exit_to_usermode+0x350/0x350 [ 427.067064] ? entry_SYSCALL_64_after_hwframe+0x52/0xb7 [ 427.072409] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 427.077227] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 427.082389] RIP: 0033:0x454e79 [ 427.085554] RSP: 002b:00007fb29f67ac68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 427.093245] RAX: ffffffffffffffda RBX: 00007fb29f67b6d4 RCX: 0000000000454e79 [ 427.100487] RDX: 0000000020000240 RSI: 0000000020026ff8 RDI: 0000000020000280 [ 427.107730] RBP: 000000000072bea0 R08: 0000000020ae2fff R09: 0000000000000000 [ 427.114972] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000014 [ 427.122216] R13: 00000000000003fa R14: 00000000006f8010 R15: 0000000000000039 [ 427.129640] net/sunrpc/rpc_pipe.c: __rpc_create_common failed to allocate inode for dentry info [ 427.138564] net/sunrpc/rpc_pipe.c: rpc_populate failed to populate directory clntXX 2018/03/31 03:08:03 executing program 5: sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r0 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) r1 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) fchdir(0xffffffffffffffff) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) getsockopt$inet6_tcp_buf(r0, 0x6, 0xf, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_pid(r3, &(0x7f0000000100)=ANY=[], 0x1023c) fadvise64(r2, 0x0, 0x0, 0x4) socket(0x9, 0x4, 0x8) ioctl$TUNGETFEATURES(r2, 0x800454cf, &(0x7f00000002c0)) fallocate(r2, 0x0, 0x0, 0xffff) r4 = inotify_init1(0x0) open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) r5 = inotify_init1(0x80800) r6 = dup2(r4, r5) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1eec7e667e9c22c674d6eb942b78258369909dc", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000000280)) bind$pptp(r6, &(0x7f0000000440)={0x18, 0x2, {0x3, @rand_addr=0x7}}, 0x1e) sendmsg$IPVS_CMD_GET_INFO(r1, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(r2, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) r7 = perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) fcntl$getflags(r7, 0x3) ioctl$SIOCSIFMTU(r1, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) ioctl(r0, 0x2285, &(0x7f0000007000)='S') syz_open_dev$adsp(&(0x7f0000000040)='/dev/adsp#\x00', 0xfff, 0x40) 2018/03/31 03:08:03 executing program 7: sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r0 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) r1 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) fchdir(0xffffffffffffffff) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) getsockopt$inet6_tcp_buf(r0, 0x6, 0xf, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_pid(r3, &(0x7f0000000100)=ANY=[], 0x1023c) fadvise64(r2, 0x0, 0x0, 0x4) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$TUNGETFEATURES(r2, 0x800454cf, &(0x7f00000002c0)) fallocate(r2, 0x0, 0x0, 0xffff) r4 = inotify_init1(0x0) open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) r5 = inotify_init1(0x80800) dup2(r4, r5) fstatfs(r4, &(0x7f0000000040)=""/62) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1eec7e667e9c22c674d6eb942b78258369909dc", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000000280)) sendmsg$IPVS_CMD_GET_INFO(r1, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(r2, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(r1, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) ioctl(r0, 0x2285, &(0x7f0000007000)='S') 2018/03/31 03:08:03 executing program 3: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ppp\x00', 0x40000, 0x0) ioctl$FIONREAD(r0, 0x541b, &(0x7f0000000440)) sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)}], 0x1, &(0x7f00001f9fe0)}, 0x0) r1 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) r2 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) fchdir(0xffffffffffffffff) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) socket(0xf, 0x7, 0x8) getsockopt$inet6_tcp_buf(r1, 0x6, 0xf, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) r4 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_pid(r4, &(0x7f0000000100)=ANY=[], 0x1023c) fadvise64(r3, 0x0, 0x0, 0x4) ioctl$TUNGETFEATURES(r3, 0x800454cf, &(0x7f00000002c0)) fallocate(r3, 0x0, 0x0, 0xffff) r5 = inotify_init1(0x0) open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) getsockopt$inet6_buf(r4, 0x29, 0x2a, &(0x7f0000000580)=""/148, &(0x7f0000000480)=0x94) r6 = inotify_init1(0x80800) dup2(r5, r6) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1eec7e667e9c22c674d6eb942b78258369909dc", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") ioctl$sock_SIOCGPGRP(r4, 0x8904, &(0x7f0000000280)) sendmsg$IPVS_CMD_GET_INFO(r2, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(r3, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}, 0x10}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(r2, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) ioctl(r1, 0x2285, &(0x7f0000007000)='S') 2018/03/31 03:08:03 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x20000, 0x0) r1 = syz_open_dev$sndtimer(&(0x7f00000000c0)='/dev/snd/timer\x00', 0x0, 0x0) read(r1, &(0x7f0000ec6000)=""/50, 0x32) r2 = socket$bt_hidp(0x1f, 0x3, 0x6) ioctl$sock_inet_SIOCSIFFLAGS(r2, 0x8914, &(0x7f00000004c0)={'ipddp0\x00', 0x2000}) r3 = socket$bt_cmtp(0x1f, 0x3, 0x5) ioctl$sock_bt_cmtp_CMTPGETCONNINFO(r3, 0x800443d3, &(0x7f0000000080)={{0x6, 0x6, 0xffffffffffffff0b, 0xb73, 0x3ff, 0xfff}, 0xf32, 0x80000001, 0x7}) r4 = syz_open_dev$amidi(&(0x7f00000001c0)='/dev/amidi#\x00', 0x0, 0x0) accept4$vsock_stream(r4, &(0x7f0000000340)={0x28, 0x0, 0xffffffff, @my=0x0}, 0x10, 0x80000) ioctl$SNDRV_TIMER_IOCTL_SELECT(r1, 0x40345410, &(0x7f0000000400)={{0x80100000001}}) ioctl$SNDRV_TIMER_IOCTL_PARAMS(r1, 0x40505412, &(0x7f000001cfb0)={0x0, 0x0, 0x0, 0x0, 0xf}) read(r1, &(0x7f0000000200)=""/228, 0xe4) r5 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000440)='/dev/cuse\x00', 0x2441a7daf3fdfd28, 0x0) getsockopt$netrom_NETROM_T1(r5, 0x103, 0x1, &(0x7f0000000600), &(0x7f0000000640)=0x4) ioctl$SNDRV_TIMER_IOCTL_START(r1, 0x54a0) socket$nl_xfrm(0x10, 0x3, 0x6) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000680)='/dev/vga_arbiter\x00', 0x8000, 0x0) ioctl$KVM_SET_NR_MMU_PAGES(r5, 0xae44, 0x40) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f0000000480)) r6 = dup2(0xffffffffffffffff, r0) bind$bt_l2cap(r6, &(0x7f0000000040)={0x1f, 0x5b91, {0xd, 0x0, 0x0, 0x8006, 0x5, 0x6}, 0x0, 0x5}, 0xe) preadv(r6, &(0x7f00000007c0)=[{&(0x7f0000000140)=""/100, 0x64}, {&(0x7f0000000240)=""/66, 0x42}, {&(0x7f00000002c0)=""/115, 0x73}, {&(0x7f0000000380)=""/71, 0x47}], 0x4, 0x16) 2018/03/31 03:08:03 executing program 4: r0 = socket$inet6_sctp(0xa, 0x0, 0x84) r1 = socket$inet_tcp(0x2, 0x1, 0x0) tee(r0, r1, 0x0, 0xe) r2 = syz_open_dev$binder(&(0x7f00000004c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) mmap$binder(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000001c0)={0x74, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0c6300000e630c40030000000000000000000000056304400000000009631040", @ANYBLOB, @ANYBLOB="000000000000000000634040000000000000000002000000000000000000000001000000000000000000000018000000000000001000000000000000", @ANYPTR=&(0x7f0000000080)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00H\x00\x00\x00\x00\x00\x00\x00'], @ANYRES64, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0xeb, 0x0, &(0x7f00000002c0)="e718c6edde7a3b7c6af63e413cd5ffd2355006b90295e59b944ae30b53c5e0fb06504316e64898a349e3220fa658c2092306f433254289bcf5cf48a952c6e7eb4c54969299c6123213c5518ec0276eec669de3b62c531bcf2ba950c84bb12b57275938926ff74b0a8fe76d6e8de191b41f549e02c8262b5bf0d716c5f23d4dae1e2d8aac7c0b2386ed16e3b0c7fb6e60c5bbd3d1efb87f99573a5ced5b7f13f75995a776f3c7e6ed23b5056ebec90c762d6ebdd8a7de0f61884f12294d1a1a3696ca768758bc197a050a453209d4fe9930a7053742a70a6fe08461645091bc00c6f25addfbc55c3d37fe35"}) 2018/03/31 03:08:03 executing program 2: sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r0 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) r1 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) fchdir(0xffffffffffffffff) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) getsockopt$inet6_tcp_buf(r0, 0x6, 0xf, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_pid(r3, &(0x7f0000000100)=ANY=[], 0x1023c) fadvise64(r2, 0x0, 0x0, 0x4) ioctl$TUNGETFEATURES(r2, 0x800454cf, &(0x7f00000002c0)) fallocate(r2, 0x0, 0x0, 0xffff) r4 = inotify_init1(0x0) open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) r5 = inotify_init1(0x80800) dup2(r4, r5) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1eec7e667e9c22c674d6eb942b78258369909dc", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000000280)) sendmsg$IPVS_CMD_GET_INFO(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(r1, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) ioctl(r0, 0x2285, &(0x7f0000007000)='S') 2018/03/31 03:08:03 executing program 1 (fault-call:10 fault-nth:58): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x2800000, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="8da4363a00000000000000000000000000000000000000000000000000000000ecf6f2a3299748aeb81e1b00920efd9a000001000000000001000000000000005f42485266535f4d050000000000000000104000000000000000020000000000000000000000000000000000000000000000800200000000007000000000000006000000000000000100000000000000001000000010000000100000001000006100000004000000000000000000000000000000000000000000000045010000000000000000000000010000000000000000008002000000000000800000000000001000000010000000100000000000000000000000000000000000000000000000000000000000000000c08de47c70514c95b95e109e96a0b90decf6f2a3299748aeb81e1b00920efd9a00", 0x12c, 0x10000}], 0x0, &(0x7f0000014300)) mkdir(&(0x7f0000000040)='./file0\x00', 0x1c1) syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000180)="2f2f66696c653002", 0x80, 0x1, &(0x7f0000000900)=[{&(0x7f0000000400)="726b0bf4cf9ea0007fa7cf2e5c463c327b275b956e7a407a7776f3f680f45f33407d01287d4ef58cd8d319309c29643917d4bc86f568f8852b2e6c7cee837e0715e7aa7f82e970e6d76f2290b63efeed63f0785b36f4e95bdf2f07271dbd7d278d79d59de5", 0x65, 0x4}], 0x240000, &(0x7f0000000a00)={'nouuid,'}) r0 = open(&(0x7f00000002c0)='./file0\x00', 0x0, 0x0) symlinkat(&(0x7f0000000240)='./file0/file0/file0\x00', r0, &(0x7f0000000140)='./file0\x00') ioctl$UFFDIO_UNREGISTER(r0, 0x8010aa01, &(0x7f00000003c0)={&(0x7f0000ffc000/0x1000)=nil, 0x1000}) syz_open_pts(r0, 0x646041) unlinkat(r0, &(0x7f0000000080)='./file0/file0/file0\x00', 0x0) renameat(r0, &(0x7f0000000040)="2f2f66696c653002", 0xffffffffffffffff, &(0x7f0000000100)='./file1\x00') mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f0000000280)='./file0/file0\x00', &(0x7f0000026ff8)='./file0\x00', &(0x7f0000000240)='rpc_pipefs\x00', 0x0, &(0x7f0000ae2fff)) umount2(&(0x7f0000000000)='./file0\x00', 0x0) fcntl$notify(r0, 0x402, 0x1b) symlinkat(&(0x7f0000000800)='./file0\x00', 0xffffffffffffffff, &(0x7f0000000780)='./file0/file0\x00') mkdir(&(0x7f0000000380)='./file0\x00', 0x2) renameat(r0, &(0x7f0000000300)="2f2f66696c653002", 0xffffffffffffffff, &(0x7f0000000340)='./file1\x00') 2018/03/31 03:08:03 executing program 6: sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r0 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) r1 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) fchdir(0xffffffffffffffff) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) getsockopt$inet6_tcp_buf(r0, 0x6, 0xf, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_pid(r3, &(0x7f0000000100)=ANY=[], 0x1023c) fadvise64(r2, 0x0, 0x0, 0x4) ioctl$TUNGETFEATURES(r2, 0x800454cf, &(0x7f00000002c0)) fallocate(r2, 0x0, 0x0, 0xffff) r4 = inotify_init1(0x0) open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) r5 = inotify_init1(0x0) dup2(r4, r5) fstatfs(r4, &(0x7f0000000040)=""/62) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000000280)) sendmsg$IPVS_CMD_GET_INFO(r1, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(r2, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(r1, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) ioctl(r0, 0x2285, &(0x7f0000007000)='S') [ 427.604545] FAULT_INJECTION: forcing a failure. [ 427.604545] name failslab, interval 1, probability 0, space 0, times 0 [ 427.616519] CPU: 0 PID: 27450 Comm: syz-executor1 Not tainted 4.16.0-rc7+ #7 [ 427.623708] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 427.633056] Call Trace: [ 427.635642] dump_stack+0x194/0x24d [ 427.639273] ? arch_local_irq_restore+0x53/0x53 [ 427.643948] should_fail+0x8c0/0xa40 [ 427.647663] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 427.652762] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 427.657947] ? __lock_acquire+0x664/0x3e00 [ 427.662615] ? __lock_acquire+0x664/0x3e00 [ 427.666842] ? find_held_lock+0x35/0x1d0 [ 427.670889] ? __lock_is_held+0xb6/0x140 [ 427.674935] ? check_same_owner+0x320/0x320 [ 427.679232] ? __d_lookup+0x4f4/0x830 [ 427.683013] ? rcu_note_context_switch+0x710/0x710 [ 427.687926] should_failslab+0xec/0x120 [ 427.691875] kmem_cache_alloc+0x47/0x760 [ 427.695914] __d_alloc+0xc1/0xbd0 [ 427.699346] ? shrink_dcache_for_umount+0x290/0x290 [ 427.704337] ? d_alloc_parallel+0x1b40/0x1b40 [ 427.708810] ? lock_release+0xa40/0xa40 [ 427.712854] ? mark_held_locks+0xaf/0x100 [ 427.716979] ? d_lookup+0x133/0x2e0 [ 427.720582] ? d_lookup+0x1d5/0x2e0 [ 427.724184] ? current_kernel_time64+0x1d4/0x2f0 [ 427.728926] d_alloc+0x8e/0x340 [ 427.732182] ? __d_alloc+0xbd0/0xbd0 [ 427.735872] ? full_name_hash+0x9b/0xe0 [ 427.739825] __rpc_lookup_create_exclusive+0x183/0x1d0 [ 427.745078] ? down_write_nested+0x8b/0x120 [ 427.749372] ? rpc_d_lookup_sb+0x1a0/0x1a0 [ 427.753584] ? _down_write_nest_lock+0x120/0x120 [ 427.758316] ? __d_lookup+0x830/0x830 [ 427.762096] rpc_mkpipe_dentry+0xf8/0x360 [ 427.766223] rpc_fill_super+0x85e/0xae0 [ 427.770173] ? rpc_remove_pipe_dir_object+0x6d0/0x6d0 [ 427.775338] ? security_capable+0x8e/0xc0 [ 427.779461] ? rpc_remove_pipe_dir_object+0x6d0/0x6d0 [ 427.784634] ? ns_capable_common+0xcf/0x160 [ 427.788933] ? rpc_remove_pipe_dir_object+0x6d0/0x6d0 [ 427.794096] mount_ns+0xc4/0x190 [ 427.797437] rpc_mount+0x9e/0xd0 [ 427.800780] mount_fs+0x66/0x2d0 [ 427.804125] vfs_kern_mount.part.26+0xc6/0x4a0 [ 427.808680] ? may_umount+0xa0/0xa0 [ 427.812282] ? _raw_read_unlock+0x22/0x30 [ 427.816405] ? __get_fs_type+0x8a/0xc0 [ 427.820269] do_mount+0xea4/0x2bb0 [ 427.823786] ? copy_mount_string+0x40/0x40 [ 427.827995] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 427.832991] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 427.837727] ? retint_kernel+0x10/0x10 [ 427.841592] ? copy_mount_options+0x18b/0x2e0 [ 427.846060] ? copy_mount_options+0x193/0x2e0 [ 427.850530] ? copy_mount_options+0x1f7/0x2e0 [ 427.854999] SyS_mount+0xab/0x120 [ 427.858432] ? copy_mnt_ns+0xb30/0xb30 [ 427.862293] do_syscall_64+0x281/0x940 [ 427.866157] ? vmalloc_sync_all+0x30/0x30 [ 427.870277] ? _raw_spin_unlock_irq+0x27/0x70 [ 427.874747] ? finish_task_switch+0x1c1/0x7e0 [ 427.879219] ? syscall_return_slowpath+0x550/0x550 [ 427.884125] ? syscall_return_slowpath+0x2ac/0x550 [ 427.889039] ? prepare_exit_to_usermode+0x350/0x350 [ 427.894030] ? entry_SYSCALL_64_after_hwframe+0x52/0xb7 [ 427.899368] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 427.904188] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 427.909352] RIP: 0033:0x454e79 [ 427.912516] RSP: 002b:00007fb29f67ac68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 427.920198] RAX: ffffffffffffffda RBX: 00007fb29f67b6d4 RCX: 0000000000454e79 [ 427.927441] RDX: 0000000020000240 RSI: 0000000020026ff8 RDI: 0000000020000280 [ 427.934687] RBP: 000000000072bea0 R08: 0000000020ae2fff R09: 0000000000000000 [ 427.941930] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000014 [ 427.949173] R13: 00000000000003fa R14: 00000000006f8010 R15: 000000000000003a 2018/03/31 03:08:04 executing program 2: sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r0 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) r1 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) fchdir(0xffffffffffffffff) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) getsockopt$inet6_tcp_buf(r0, 0x6, 0xf, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_pid(r3, &(0x7f0000000100)=ANY=[], 0x1023c) fadvise64(r2, 0x0, 0x0, 0x4) ioctl$TUNGETFEATURES(r2, 0x800454cf, &(0x7f00000002c0)) fallocate(r2, 0x0, 0x0, 0xffff) r4 = inotify_init1(0x0) open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) r5 = inotify_init1(0x80800) dup2(r4, r5) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1eec7e667e9c22c674d6eb942b78258369909dc", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000000280)) sendmsg$IPVS_CMD_GET_INFO(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(r1, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) ioctl(r0, 0x2285, &(0x7f0000007000)='S') 2018/03/31 03:08:04 executing program 6: sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r0 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) r1 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) fchdir(0xffffffffffffffff) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) getsockopt$inet6_tcp_buf(r0, 0x6, 0xf, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_pid(r3, &(0x7f0000000100)=ANY=[], 0x1023c) fadvise64(r2, 0x0, 0x0, 0x4) ioctl$TUNGETFEATURES(r2, 0x800454cf, &(0x7f00000002c0)) fallocate(r2, 0x0, 0x0, 0xffff) r4 = inotify_init1(0x0) open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) r5 = inotify_init1(0x0) dup2(r4, r5) fstatfs(r4, &(0x7f0000000040)=""/62) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000000280)) sendmsg$IPVS_CMD_GET_INFO(r1, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(r2, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(r1, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) ioctl(r0, 0x2285, &(0x7f0000007000)='S') 2018/03/31 03:08:04 executing program 3: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ppp\x00', 0x40000, 0x0) ioctl$FIONREAD(r0, 0x541b, &(0x7f0000000440)) sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)}], 0x1, &(0x7f00001f9fe0)}, 0x0) r1 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) r2 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) fchdir(0xffffffffffffffff) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) socket(0xf, 0x7, 0x8) getsockopt$inet6_tcp_buf(r1, 0x6, 0xf, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) r4 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_pid(r4, &(0x7f0000000100)=ANY=[], 0x1023c) fadvise64(r3, 0x0, 0x0, 0x4) ioctl$TUNGETFEATURES(r3, 0x800454cf, &(0x7f00000002c0)) fallocate(r3, 0x0, 0x0, 0xffff) r5 = inotify_init1(0x0) open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) getsockopt$inet6_buf(r4, 0x29, 0x2a, &(0x7f0000000580)=""/148, &(0x7f0000000480)=0x94) r6 = inotify_init1(0x80800) dup2(r5, r6) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1eec7e667e9c22c674d6eb942b78258369909dc", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") ioctl$sock_SIOCGPGRP(r4, 0x8904, &(0x7f0000000280)) sendmsg$IPVS_CMD_GET_INFO(r2, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(r3, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}, 0x10}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(r2, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) ioctl(r1, 0x2285, &(0x7f0000007000)='S') [ 428.009685] binder: 27441:27443 BC_REQUEST_DEATH_NOTIFICATION invalid ref 3 [ 428.037400] binder: 27441:27443 Acquire 1 refcount change on invalid ref 0 ret -22 [ 428.045218] binder: 27441:27443 BC_ACQUIRE_DONE u0000000000000000 no match [ 428.052418] binder: 27441:27443 unknown command 0 2018/03/31 03:08:04 executing program 2: sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r0 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) r1 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) fchdir(0xffffffffffffffff) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) getsockopt$inet6_tcp_buf(r0, 0x6, 0xf, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_pid(r3, &(0x7f0000000100)=ANY=[], 0x1023c) fadvise64(r2, 0x0, 0x0, 0x4) ioctl$TUNGETFEATURES(r2, 0x800454cf, &(0x7f00000002c0)) fallocate(r2, 0x0, 0x0, 0xffff) r4 = inotify_init1(0x0) open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) r5 = inotify_init1(0x80800) dup2(r4, r5) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1eec7e667e9c22c674d6eb942b78258369909dc", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000000280)) sendmsg$IPVS_CMD_GET_INFO(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(r1, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) ioctl(r0, 0x2285, &(0x7f0000007000)='S') 2018/03/31 03:08:04 executing program 7: sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r0 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) r1 = memfd_create(&(0x7f0000000440)=']\x00', 0x5) fchdir(0xffffffffffffffff) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) getsockopt$inet6_tcp_buf(r0, 0x6, 0xf, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_pid(r3, &(0x7f0000000100)=ANY=[], 0x1023c) fadvise64(r2, 0x0, 0x0, 0x4) ioctl$TUNGETFEATURES(r2, 0x800454cf, &(0x7f00000002c0)) fallocate(r2, 0x0, 0x0, 0xffff) r4 = inotify_init1(0x0) open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) r5 = inotify_init1(0x80800) dup2(r4, r5) fstatfs(r4, &(0x7f0000000040)=""/62) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1eec7e667e9c22c674d6eb942b78258369909dc", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000000280)) sendmsg$IPVS_CMD_GET_INFO(r1, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(r2, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(r1, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) ioctl(r0, 0x2285, &(0x7f0000007000)='S') [ 428.094197] binder: 27441:27443 ioctl c0306201 200001c0 returned -22 2018/03/31 03:08:04 executing program 5: 2018/03/31 03:08:04 executing program 4: r0 = syz_open_dev$binder(&(0x7f00000004c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) munlockall() getgroups(0x0, &(0x7f0000000500)) mmap$binder(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x74, 0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="0c6300000c400300000000000000000000000563044000006f0009631040", @ANYBLOB="312e529163d38f4f22764b6f1e063ba002cc292c27fc5b643f39988394a40f8ec00f09e8afea6b39e762035f5a1cd55094706284d3572df3212b5d0eb2d75c294548509f55e2e7d2bfe542d83666a75ea5305e660830b96295c02adfbe076a3bf5df1df129ab1da4aa20b4b467b7d9df3d61fce56915c93c584a6154f6f2c17576072ff9a17df08dc38658577778dfbcd6cb1ab134497cb4", @ANYBLOB="000000000000000000634040000000000000000002000000000000000000000001000000000000000000000018000000000000001000000000000000", @ANYPTR=&(0x7f0000000000)=ANY=[@ANYBLOB="00000000000000004800000000000000ff17a98dbf4c73eedbdbfc281882d3af4ccdd218cd71d8c63be0f3e6f8ea8ca1fe0ae63c00117bdee0f52ea4a0df54f6b4dd6e912604845df78e462bc1aad4ccf87a250c74d850f0237c67db15679323e8e3b5b5b61dd488a824686d2e007a43d1c8ce4d6f4dba"], @ANYRES64, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0xeb, 0x0, &(0x7f00000002c0)="e718c6edde7a3b7c6af63e413cd5ffd2355006b90295e59b944ae30b53c5e0fb06504316e64898a349e3220fa658c2092306f433254289bcf5cf48a952c6e7eb4c54969299c6123213c5518ec0276eec669de3b62c531bcf2ba950c84bb12b57275938926ff74b0a8fe76d6e8de191b41f549e02c8262b5bf0d716c5f23d4dae1e2d8aac7c0b2386ed16e3b0c7fb6e60c5bbd3d1efb87f99573a5ced5b7f13f75995a776f3c7e6ed23b5056ebec90c762d6ebdd8a7de0f61884f12294d1a1a3696ca768758bc197a050a453209d4fe9930a7053742a70a6fe08461645091bc00c6f25addfbc55c3d37fe35"}) 2018/03/31 03:08:04 executing program 3: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ppp\x00', 0x40000, 0x0) ioctl$FIONREAD(r0, 0x541b, &(0x7f0000000440)) sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e023", 0xe}], 0x1, &(0x7f00001f9fe0)}, 0x0) r1 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) r2 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) fchdir(0xffffffffffffffff) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) socket(0xf, 0x7, 0x8) getsockopt$inet6_tcp_buf(r1, 0x6, 0xf, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) r4 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_pid(r4, &(0x7f0000000100)=ANY=[], 0x1023c) fadvise64(r3, 0x0, 0x0, 0x4) ioctl$TUNGETFEATURES(r3, 0x800454cf, &(0x7f00000002c0)) fallocate(r3, 0x0, 0x0, 0xffff) r5 = inotify_init1(0x0) open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) getsockopt$inet6_buf(r4, 0x29, 0x2a, &(0x7f0000000580)=""/148, &(0x7f0000000480)=0x94) r6 = inotify_init1(0x80800) dup2(r5, r6) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1eec7e667e9c22c674d6eb942b78258369909dc", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") ioctl$sock_SIOCGPGRP(r4, 0x8904, &(0x7f0000000280)) sendmsg$IPVS_CMD_GET_INFO(r2, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(r3, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}, 0x10}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(r2, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) ioctl(r1, 0x2285, &(0x7f0000007000)='S') 2018/03/31 03:08:04 executing program 5: 2018/03/31 03:08:04 executing program 1 (fault-call:10 fault-nth:59): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x2800000, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="8da4363a00000000000000000000000000000000000000000000000000000000ecf6f2a3299748aeb81e1b00920efd9a000001000000000001000000000000005f42485266535f4d050000000000000000104000000000000000020000000000000000000000000000000000000000000000800200000000007000000000000006000000000000000100000000000000001000000010000000100000001000006100000004000000000000000000000000000000000000000000000045010000000000000000000000010000000000000000008002000000000000800000000000001000000010000000100000000000000000000000000000000000000000000000000000000000000000c08de47c70514c95b95e109e96a0b90decf6f2a3299748aeb81e1b00920efd9a00", 0x12c, 0x10000}], 0x0, &(0x7f0000014300)) mkdir(&(0x7f0000000040)='./file0\x00', 0x1c1) syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000180)="2f2f66696c653002", 0x80, 0x1, &(0x7f0000000900)=[{&(0x7f0000000400)="726b0bf4cf9ea0007fa7cf2e5c463c327b275b956e7a407a7776f3f680f45f33407d01287d4ef58cd8d319309c29643917d4bc86f568f8852b2e6c7cee837e0715e7aa7f82e970e6d76f2290b63efeed63f0785b36f4e95bdf2f07271dbd7d278d79d59de5", 0x65, 0x4}], 0x240000, &(0x7f0000000a00)={'nouuid,'}) r0 = open(&(0x7f00000002c0)='./file0\x00', 0x0, 0x0) symlinkat(&(0x7f0000000240)='./file0/file0/file0\x00', r0, &(0x7f0000000140)='./file0\x00') ioctl$UFFDIO_UNREGISTER(r0, 0x8010aa01, &(0x7f00000003c0)={&(0x7f0000ffc000/0x1000)=nil, 0x1000}) syz_open_pts(r0, 0x646041) unlinkat(r0, &(0x7f0000000080)='./file0/file0/file0\x00', 0x0) renameat(r0, &(0x7f0000000040)="2f2f66696c653002", 0xffffffffffffffff, &(0x7f0000000100)='./file1\x00') mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f0000000280)='./file0/file0\x00', &(0x7f0000026ff8)='./file0\x00', &(0x7f0000000240)='rpc_pipefs\x00', 0x0, &(0x7f0000ae2fff)) umount2(&(0x7f0000000000)='./file0\x00', 0x0) fcntl$notify(r0, 0x402, 0x1b) symlinkat(&(0x7f0000000800)='./file0\x00', 0xffffffffffffffff, &(0x7f0000000780)='./file0/file0\x00') mkdir(&(0x7f0000000380)='./file0\x00', 0x2) renameat(r0, &(0x7f0000000300)="2f2f66696c653002", 0xffffffffffffffff, &(0x7f0000000340)='./file1\x00') [ 428.238623] binder: 27487:27489 unknown command 213004 [ 428.269730] binder: 27487:27489 ioctl c0306201 200001c0 returned -22 [ 428.298650] FAULT_INJECTION: forcing a failure. [ 428.298650] name failslab, interval 1, probability 0, space 0, times 0 [ 428.309939] CPU: 1 PID: 27497 Comm: syz-executor1 Not tainted 4.16.0-rc7+ #7 [ 428.317116] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 428.326463] Call Trace: [ 428.329050] dump_stack+0x194/0x24d [ 428.332680] ? arch_local_irq_restore+0x53/0x53 [ 428.337358] should_fail+0x8c0/0xa40 [ 428.341074] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 428.346179] ? __lock_is_held+0xb6/0x140 [ 428.350242] ? mark_held_locks+0xaf/0x100 [ 428.354388] ? __raw_spin_lock_init+0x1c/0x100 [ 428.358959] ? find_held_lock+0x35/0x1d0 [ 428.362998] ? __lock_is_held+0xb6/0x140 [ 428.367061] ? check_same_owner+0x320/0x320 [ 428.371376] ? d_alloc+0x269/0x340 [ 428.374907] ? rcu_note_context_switch+0x710/0x710 [ 428.379819] ? lock_release+0xa40/0xa40 [ 428.383805] should_failslab+0xec/0x120 [ 428.387779] kmem_cache_alloc+0x47/0x760 [ 428.391840] ? d_drop+0x51/0x60 [ 428.395114] ? rpc_i_callback+0x30/0x30 [ 428.399081] rpc_alloc_inode+0x1a/0x20 [ 428.402961] alloc_inode+0x65/0x180 [ 428.406585] new_inode_pseudo+0x69/0x190 [ 428.410638] ? prune_icache_sb+0x1a0/0x1a0 [ 428.414867] ? do_raw_spin_trylock+0x190/0x190 [ 428.419444] ? d_add+0xa70/0xa70 [ 428.422220] binder: 27487:27499 unknown command 213004 [ 428.422809] new_inode+0x1c/0x40 [ 428.428256] binder: 27487:27499 ioctl c0306201 200001c0 returned -22 [ 428.431439] rpc_get_inode+0x20/0x1e0 [ 428.431449] __rpc_create_common+0x5d/0x1d0 [ 428.431460] rpc_mkpipe_dentry+0x122/0x360 [ 428.431473] rpc_fill_super+0x85e/0xae0 [ 428.431486] ? rpc_remove_pipe_dir_object+0x6d0/0x6d0 [ 428.431499] ? security_capable+0x8e/0xc0 [ 428.431509] ? rpc_remove_pipe_dir_object+0x6d0/0x6d0 [ 428.431520] ? ns_capable_common+0xcf/0x160 [ 428.472996] ? rpc_remove_pipe_dir_object+0x6d0/0x6d0 [ 428.478165] mount_ns+0xc4/0x190 [ 428.481508] rpc_mount+0x9e/0xd0 [ 428.484848] mount_fs+0x66/0x2d0 [ 428.488193] vfs_kern_mount.part.26+0xc6/0x4a0 [ 428.492753] ? may_umount+0xa0/0xa0 [ 428.496370] ? _raw_read_unlock+0x22/0x30 [ 428.500502] ? __get_fs_type+0x8a/0xc0 [ 428.504366] do_mount+0xea4/0x2bb0 [ 428.507882] ? copy_mount_string+0x40/0x40 [ 428.512100] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 428.517092] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 428.521825] ? retint_kernel+0x10/0x10 [ 428.525690] ? copy_mount_options+0x149/0x2e0 [ 428.530163] ? __sanitizer_cov_trace_pc+0x38/0x50 [ 428.534980] ? copy_mount_options+0x1f7/0x2e0 [ 428.539449] SyS_mount+0xab/0x120 [ 428.542874] ? copy_mnt_ns+0xb30/0xb30 [ 428.546737] do_syscall_64+0x281/0x940 [ 428.550597] ? vmalloc_sync_all+0x30/0x30 [ 428.554718] ? _raw_spin_unlock_irq+0x27/0x70 [ 428.559192] ? finish_task_switch+0x1c1/0x7e0 [ 428.563666] ? syscall_return_slowpath+0x550/0x550 [ 428.568576] ? syscall_return_slowpath+0x2ac/0x550 [ 428.573484] ? prepare_exit_to_usermode+0x350/0x350 [ 428.578476] ? entry_SYSCALL_64_after_hwframe+0x52/0xb7 [ 428.583820] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 428.588661] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 428.593831] RIP: 0033:0x454e79 [ 428.596994] RSP: 002b:00007fb29f67ac68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 428.604681] RAX: ffffffffffffffda RBX: 00007fb29f67b6d4 RCX: 0000000000454e79 [ 428.611927] RDX: 0000000020000240 RSI: 0000000020026ff8 RDI: 0000000020000280 [ 428.619183] RBP: 000000000072bea0 R08: 0000000020ae2fff R09: 0000000000000000 [ 428.626431] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000014 [ 428.633677] R13: 00000000000003fa R14: 00000000006f8010 R15: 000000000000003b [ 428.641069] net/sunrpc/rpc_pipe.c: __rpc_create_common failed to allocate inode for dentry gssd [ 428.649980] net/sunrpc/rpc_pipe.c: rpc_mkpipe_dentry() failed to create pipe clntXX/gssd (errno = -12) 2018/03/31 03:08:05 executing program 6: sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r0 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) r1 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) fchdir(0xffffffffffffffff) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) getsockopt$inet6_tcp_buf(r0, 0x6, 0xf, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_pid(r3, &(0x7f0000000100)=ANY=[], 0x1023c) fadvise64(r2, 0x0, 0x0, 0x4) ioctl$TUNGETFEATURES(r2, 0x800454cf, &(0x7f00000002c0)) fallocate(r2, 0x0, 0x0, 0xffff) r4 = inotify_init1(0x0) open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) r5 = inotify_init1(0x80800) dup2(0xffffffffffffffff, r5) fstatfs(r4, &(0x7f0000000040)=""/62) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000000280)) sendmsg$IPVS_CMD_GET_INFO(r1, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(r2, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(r1, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) ioctl(r0, 0x2285, &(0x7f0000007000)='S') 2018/03/31 03:08:05 executing program 2: sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r0 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) r1 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) fchdir(0xffffffffffffffff) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) getsockopt$inet6_tcp_buf(r0, 0x6, 0xf, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_pid(r3, &(0x7f0000000100)=ANY=[], 0x1023c) fadvise64(r2, 0x0, 0x0, 0x4) ioctl$TUNGETFEATURES(r2, 0x800454cf, &(0x7f00000002c0)) fallocate(r2, 0x0, 0x0, 0xffff) r4 = inotify_init1(0x0) open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) r5 = inotify_init1(0x80800) dup2(r4, r5) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1eec7e667e9c22c674d6eb942b78258369909dc", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000000280)) sendmsg$IPVS_CMD_GET_INFO(r1, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f00000000c0)={0x0, 0x0, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(r1, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) ioctl(r0, 0x2285, &(0x7f0000007000)='S') 2018/03/31 03:08:05 executing program 1 (fault-call:10 fault-nth:60): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x2800000, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="8da4363a00000000000000000000000000000000000000000000000000000000ecf6f2a3299748aeb81e1b00920efd9a000001000000000001000000000000005f42485266535f4d050000000000000000104000000000000000020000000000000000000000000000000000000000000000800200000000007000000000000006000000000000000100000000000000001000000010000000100000001000006100000004000000000000000000000000000000000000000000000045010000000000000000000000010000000000000000008002000000000000800000000000001000000010000000100000000000000000000000000000000000000000000000000000000000000000c08de47c70514c95b95e109e96a0b90decf6f2a3299748aeb81e1b00920efd9a00", 0x12c, 0x10000}], 0x0, &(0x7f0000014300)) mkdir(&(0x7f0000000040)='./file0\x00', 0x1c1) syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000180)="2f2f66696c653002", 0x80, 0x1, &(0x7f0000000900)=[{&(0x7f0000000400)="726b0bf4cf9ea0007fa7cf2e5c463c327b275b956e7a407a7776f3f680f45f33407d01287d4ef58cd8d319309c29643917d4bc86f568f8852b2e6c7cee837e0715e7aa7f82e970e6d76f2290b63efeed63f0785b36f4e95bdf2f07271dbd7d278d79d59de5", 0x65, 0x4}], 0x240000, &(0x7f0000000a00)={'nouuid,'}) r0 = open(&(0x7f00000002c0)='./file0\x00', 0x0, 0x0) symlinkat(&(0x7f0000000240)='./file0/file0/file0\x00', r0, &(0x7f0000000140)='./file0\x00') ioctl$UFFDIO_UNREGISTER(r0, 0x8010aa01, &(0x7f00000003c0)={&(0x7f0000ffc000/0x1000)=nil, 0x1000}) syz_open_pts(r0, 0x646041) unlinkat(r0, &(0x7f0000000080)='./file0/file0/file0\x00', 0x0) renameat(r0, &(0x7f0000000040)="2f2f66696c653002", 0xffffffffffffffff, &(0x7f0000000100)='./file1\x00') mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(&(0x7f0000000280)='./file0/file0\x00', &(0x7f0000026ff8)='./file0\x00', &(0x7f0000000240)='rpc_pipefs\x00', 0x0, &(0x7f0000ae2fff)) umount2(&(0x7f0000000000)='./file0\x00', 0x0) fcntl$notify(r0, 0x402, 0x1b) symlinkat(&(0x7f0000000800)='./file0\x00', 0xffffffffffffffff, &(0x7f0000000780)='./file0/file0\x00') mkdir(&(0x7f0000000380)='./file0\x00', 0x2) renameat(r0, &(0x7f0000000300)="2f2f66696c653002", 0xffffffffffffffff, &(0x7f0000000340)='./file1\x00') 2018/03/31 03:08:05 executing program 7: sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e02348f800000000001c0003f2a576", 0x1b}], 0x1, &(0x7f00001f9fe0)}, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000440)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) r1 = memfd_create(&(0x7f0000000480)=']\x00', 0x1) fchdir(0xffffffffffffffff) r2 = creat(&(0x7f0000000080)='./file0\x00', 0x0) getsockopt$inet6_tcp_buf(r0, 0x6, 0xf, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_pid(r3, &(0x7f0000000100)=ANY=[@ANYPTR64=&(0x7f0000000580)=ANY=[@ANYRES64=r0, @ANYBLOB="c348385580d511daacdafdee63bb477860ebff57de0a0a9715ef501cc7b98ff7e96d28dd10ac4fa124c68cfe45d980d45957085dc5f946eb9a3d47092459da1ae9f72bc0d5f66683d883de888f6714289c64be8633642d4792e93c060d13602ebe94a735ed16d4630635640be91b4a0426b24788f868184ec8a612537c0adc5b4d37ff957098922a8d9b0beef83147205a296c4ec13fd3622d1897915bf28ab6d7224360d040a195301e0cba031ca71d3d3a5543d28658a20bc6dee620599ce4acf586b21ed3f97ad1a1ce6cc33ed6bfe2532a33", @ANYRES32=r2, @ANYBLOB="eb70a85154de040057009c085918e568e722d30b19475fad33c33bc81e78"], @ANYRES32=r3, @ANYPTR64=&(0x7f0000000680)=ANY=[@ANYRES64, @ANYRES16=r3, @ANYBLOB="f659994675bd44dda59ae5badc66b642707fedae12c08b0b9c47fd9ab5b33d76a5719ac5d23dbf189be2d8775eb1d090c3f1e1889084a79c114871a6b79cd0c25209e63bd032038e2bee75bc6f009d37ad945eea3a1e719e8609aefaefc5fd3927f1c5a94ebb512b1c01d51980531161aeeb17d72619fd56a80efb10162edf4e9c6c9561c1111469c795a5c53c4e93aff87b4d49597a8aa0de23804d415eee0d5a88353ec3fae168a9ee1521b8ce0d26696b4a7aa24483962fb8884db461ff9d89b65139df52958804f1a8e5b2fc00f3c51f92f98b9a144e5306ec629cb3ce8d86667501303732f15be8ab7648dade478a003e1171", @ANYRES32=r1, @ANYRES32=r3, @ANYBLOB="69c8e5ff0dce1940ea4e77394f62b2334a1e90e6aace69ab37c2ad2791b7c63670857aa48ff25981ed646bbf87042927d6de963b64d4128506ecfb1f1f5724d5f46824e783a1f08d5302f3a937087ca4a4181a59bba5f64cc6806e4ace49ac78359bf71932b37e5c9ddde8b80587dbec8a43b87f3946a5be54f91282692277d7eead31f157fb72545e06d3f45701c81c95a690ee3cdbfa0b95876a9c2cbf27178e800bb45e8216ef5f6556e57b88f0d7496096489ef1b9750fdedc2bf51cd5438a745565c5a66b36ddb7b0f0650329a6afdd", @ANYBLOB="3a9fcd889a624177dc899cfeb318c440abf53dbaa2c82c36ffe0e72517c2688be60e5535bbb9ec17de0afc5444035ab98fa4d6773190c90d9972e6b050e93f9cf17b0fc79d6d4a33c9335301b6e2cfbd69b1bdd56be2e276106fcc545cf622f6e3d15d81446508c8e01c0f8fbe0169477d1c72333ab036e73dd03f09d253c03db7432b8e8dab66bad1fd73fd3e5e8f16ff829be7ab3b4ab0848b1df8224a0adabdbe1aa39b789d6c42fd815d24098bbcf95f40a12d70703439b33bc9cf36c175ff98849dd0ad8b9028c31b267ce16021406926f90a44d99dcaf7d4acec6a45d3cf209df90d5f46aa78c217c80f0ae404f01dd577e5f85c7f077d832ea24c7c7ec2fd1344d9c8c71e4551c612453ff46d2aa467632e5f9e900b8b82174cfc713eca4cd3603af0098a250c3a705a5685626d4fb8444bdc72bb250473689ebfa69f3d25d38eff7e452b0d37fb9c0189c892327a800070821f4633bdf87393af6d6ad1b805c4c2ce7f95459ef633ca5d265928d52c462dbbaee2a627a60fced073cfe29f093076efa79d07103907efd1608e56f72e7a05c6fac96c0447918e25085e80abba5d94d3cc0277bbfca272c7d9fd333fac7f0f5affa1966ad45ff4606d5fcf7e652c9c4c8fc8580ea7a3edb6ba63668cec869079e4930ccc683340d59c05178c30a6675512234a432c70a4059df9512bbe7be1c564cd86644d5b818e432ba9ae71ce8968617ef7df6b315f93a377f1175c1a18cd1fc8e661e76da3347bcf673539efcdcb8c5eb722190223015af355baab38b71f6b927afd559b06a2f5771ce25e962077d28e90688ee8bd03844d0a73038b3ff0e44855b3e7d9cf5e9f0331ff031a63b1f9fbd0d0bbab8b57f0195f0f72a88cee047e762cc30ef532e90d687e0be70019d38ceca27beb13288a0273b9163ac13ffd410feec089f12f6d520a65bfcbe84ff9c4fcc006fe745de2720f3e812640774add714310589895bdbdce91c0f1e41723e0bea5fa93615da7ea7c42b19fddd334cd98981879f7aef471a7921a7932f734b6907fc9a691cfec9c88b274dce1b20596af673c4fbaaee05bb86bcf59f47f32a7ca07c272640c4b3c8ae9509f3ff99c9a3132a83b672108a30f75b52cc7a35e478b0287634e0455bb398d2e4333a76857558cce066d69d42913f3b3b998fdcae45592c665a5eaa7e595f159448f7df6d90c149731343982474a1eb8dc53060e299a1cc52c18c3cbcaa79962317a0141048752e808a8fc96bb65326fad9896792a8ab19d1d647b95575c20c256c472d4f991600a1aaab9c8c828474816b8066b0a780b8bc213bac19fcc8a662f4d07962d81f53399aee1c8b42a150243f4bf0d8f7b6776dbb6bfefe693fbd7edad92f9c90764b5c863d42d8a898572288f84713cddd2a0074b583d4a69d50d20402dc1a0bbd81157cb9a2d6d47431009afaeb47d52ab0aae1794ac139a65ebdeb4f321c8129f67b6d2d16c1bbbef16ecebcec2f5a9d9d696f221856f2ffbfc46a6ab366b13f435c839ea096d486934969945cbb39a81fd720b0a622555d26e957ffcca5049a3ed47f4e915509407c0e2acf0fcedb87845f7c4d8b1745fa638d0aa72cff58b81896861939333ffe08830fc065ff926a1540b0903efec75116b27cc0429f427df4da3c059f2b139bab7e3cd960165622048c81d2f06d23c2bd387069d4fc0bd5fe55a20b3bdf39fcfa4c9e0460366fd3da1bef19efb27c39dbd8f32f93d83bc3e766c0da0cc57659ee3d707811fe66b834fc8f1eed7a143a0c034678cc5802a9e5b9136b9aa47b028a0f5703af1be61c1d685b5ad0d3dabc9695080f98b25c06204a344d4517ba55b56cff6d7d4df6e0c32c81479bce85d6d8ff3c0209c5b8dc153cd45e6922c014a752e3dda62c7ebdd9ac79725879220bc4616489fdb7a1bd7d1b821ec661b91252b6214b1a495580c1552534025a03ae4a6ffdc488b2e2061b3ac19cd7bc0e914d2ff7408ba5bf813e5d76cb74fccc02e24bbd8655eb485f5a7c274dd2c03df29ca032497e97f86ed45f28e673f87a393ff4660c46f0e79fa517c01a07751f1f408268e15c6eadc838cfe1eec7d648c02011ecb224b8bb8e54549ba8859615a334a5625ab23c735595cdae7a3f7287727f5a74adc7ab046769dfa82b9b600e88bb6793ad2973e8cb5606f4bf85977d11758eefd066773b3945b85677d623753ad0c5e0f8d89068d373dbb6233bbe4777c490462efa0db4323d5969d4104466dd0951f78315c7a2d2dc89e258230fc020e6bb55cff7b1d9ffc356561c493cfd630c5f5c5fc1c2d252585e84cce0000807c04e0563679b634bfc3e824bf5be08f50d092ce9f3d3407f6f7a5ce9f3cabbce65a79abaa74ce4f2ddb1fc276249736f5c4bd00a418f9368267b3cdd70382d54ebe4900efe83222743439dba4b8d38e6376ac365cb12886bef11554b214d6f729c5b2995d0b516c66ebed92b11f7c451433fe252b1b722c0df14e4caa74cf72c65b175b4f9f4aa782fc1c34da5531e32f0ac23e4c41dcd08e3ebb29898cf22cbc13bd168a93549d7110812208ebf84776e03835006d65b155534c2462a526d5113c3f574d11454503a44b5b2e8a20835a54508581d60c5f93ecc68475e347e72d04fcab3eb2861889beff57d0c9e124a204dbf04dbddcde7682eb136f023e98408146ef5122dd902ac9cabd9e49a55bd74cfab72a15e8c36688d762e1a7b94d1f4491b26afacbf55ac43c8b61cc3ef5311598530d725fabe9f572454a0944537c0b0d5ddc1e34d0073b899f33f294a801b1d3faa584403f37c688790144f2b7356253f5c28ad289396b0be2d073feeaca2939bb53b90364513e58a4e17edfaa6acf0c6483e0a167d4cf662c79ae53f93cc980ae44ce2638ec758b847462f8c5e2756b87ae5abbd6210b405ca1da7de734e2a2d2dc7470d72a702e6da06d78fb4894ac5a808b254bf69f0ed57ec3ff5a1f6762eb7a14479fa1de8cee5357024878019e2cff321c82fd8d6f803a75ccd39da73fcf427c3f3c79f809f7b0489bf87c9101e257c1717039fcea6975a755eca59e91d37858b014cde52bfd7883c021a5dbaeea5806590c98fd261966271589e33ebcc20ee427f8bef9eabfbc5dce4d60e77197ce2b125ce14f5737d819e0751872d10a790a445956ef87579f347311ace1080a745bb900021feb47d4e2d44388c730f233f692c881df3aaa1f7b30e54543d5e42f2208303f7101cfc878b5d56f28d0b07d7c1624cf879d3d2ffc83a2b786ca6f9777f09a6c26512f3d47f15b3b8eacc739d6e079c83760f37177d1a7ace67cffdd2ee0d6c31702e08c1db38c2f47b9d776f3b8333c45ecb8494d36c5b536c2b18ac5bcca9bbe126644843a32523b40ea6edc02abc0b8b7f80d2da188e65bbdca639719b04cfa1b12e3a98f11d9b5c6024fbd72c6c486204c0e9c7c6628e5f6dee5be9db4b919405a8899061b76f56130c06465ecf85f819bfcad0e438ee0eafa7595fcb1b6bd51bb899d8271513cd7bf55ab0989decc62c63916b220f65e62222c569a6e2320ac25a145904b5da798331f5d1f2089d982ccef8e30f4871a799bedfeeced8dbe6b9b765d7161fadd97e3568ecdf226b2b64bd90dcb32e07c85acceb14c1e5f5827d030c3a585538b816ff4d8b62861f49f527330ff26be8f846e520b5f1ae5d31a306770629cd1e5a2d0b9e19332141cbbe35f6cc81d5c3bab3cb7175a8c03a37166679d46738f35e5077fb1fda93f264286c83c491da7bec2ee4429b324b6011558d28b14d66a882d9a3ed36e43207b68bc805ba5d8a58510468d75096966d25b9e100ef69bce8bd071f32d5d3e92450893b18be17e1d14226163dde6637a68e0bc11c880aceacdaf2d76b4d176aac0b502032496ff02521e2f80c61c4385c835d86d8f0357bf8732db7add6b68544e1d25a8616735260c91f1397969b71daff2e8f30517133244dc887f15f6aae6777d27f844aad1496c75660e69eaae417de98e65b983e4a5b286feb6130ba20de6b0c705a4d451665b95f5cbadd8b8484c3c7435487388edef82b765e4d4e0f91f7d39ab9755a7dfa6cad1f2c112d3a315ec845b144137452ceb28b9ce3b2a14a0e0a162eb3ffef95aa57c7e704b6acf915680ceb99885ac5485fbc425a37b5c17f486d0a433c0bde7880bc91faa325b235bf5d933e8d41f5f5c863946a846ae528ba5ec47d4abd2903c5b37aff7f9fca5ac4c18ecbd34b95dff913d6688a71b3260ede9b3506707a79713c490651e71c6d398ab92366fb5c8546dedf38de0c9a6154474e9f62b3cb566189a1791248194a9a6bfaf7ddd2b873d52559f6662179e4aee950248a6f31d3f511d7cc6ad68383206c57bb6fb0e212bca1118f2c97ba44323a517da7a4307d4b35450812ec2ba0c510c95ef32f9ff8eb553eacd6192ca182c02653cfba2678a6fb551d2619f64baf4971cf850857789215fbfb338865a61c592274622b3cad8bad905ec9a823b7111640770928a7ac99a543598ac5f6fe4c9b0cee0561530c3d807243f894f76475bf6324104a65fb741ed5c52be4e1706bb61a151440fcb9c149e94d3abe920b8f24232ba63e1b798bc0c345937203f2c7488610965f27c4b44baf18a3fa8308b3379fd89bbef3542d6e633d48699d98253f4516adcf4c50fe2e3f65cf3b2254426526a85c4b70c275945f756246989285b32a12d9af24de9a02f3b02e0caf75b5bb716ae3373a34ab505eff2706d1e3a362b5b7ab84e2c50ac912d5b7891b07db0b3a86e990276e34f90bfb8d67ce0e0b5b373ca163e8af0c72ebca2eb1185b20c311a786e3f7fef0a84abfcb9d91c8cb33942ee42bdfadd978a4a6ef5b570e9c67f150cebd43ac88ecde4a8fa81330376b53959d6ed207094472deee1f99ce419112356cd4697e729bddb0539a8cdb0f3f24bda21aa7030a903ff30f6d43b9c61cfa3d89671fbf455e2d9bee74cc9c11bdd8131b3bd8734162d579e29c876c0fb2e21e7b6ba7878106a5e6de6569cb75bd8acbe46a278410bf6906630a9f5cf5b87dc258a3b514c49298b3c0a453dca306d27165755f3675e093df153c915d54147efd5e7f7f1df2606b7e21e132be5440f077db6db0bb60e466a0d633641b6e6c861ca2f81a39a3e9f1f0d251ea6f5f19aa9d4ab4f688f7d6722e33a6a26879f643050f59e7bdd4567941eb9895b74480e7ac06b8b7ed10d874b5965f10c22522fef3dfc63e8c5eeb07d13e99af9948edd598f50f3a9ed1ddf4f136bb58d840f0ba56c52d67cd5c37f158f80ab11c8e77e4d1ff935d0079d7a8f3da49e63c14710eb9c5f9834919069b737b65036002e8915c58c604ab6cd5bcf744123bddb26234d14bb2e8721894bc604fe98ad4070c90f78fce67d517f34a9e7bc5d9ef7ad8e19b064a659ba2e68484fb447afb031fcd8213556d865eaddfc37252bfe2f0d63278af80fedb0739262741193f68a5ea35155c86442369a1891f68b4f9e5f5e4298c26dec1de29d421bf0a73db894ab37333dbff590857d34fc13bf4a62cd485c206d8bb877c1d475bd464dc39381b94092ca4243871c0c816a75e9b0e4b72b5ebdad340ed634d7fc7abbc6832c424eaea9a78c29b495571b0bf5a49a17aa47374cf391c6d7f87edc98258f4c95433783d6bbaaddc644047f2100a0065e1dfa01f7bc5e7824db8c48774916c02b17fa89ff2d595a75cb1cdbd8aded2639fc804495019ac629d984b204c9f574263391607c2402db9e1c69b639a7fd9a7cc6529420dc", @ANYPTR64]], 0xfffffffffffffecd) fadvise64(r2, 0x0, 0x0, 0x4) ioctl$TUNGETFEATURES(r2, 0x800454cf, &(0x7f00000002c0)) fallocate(r2, 0x0, 0x0, 0xffff) r4 = inotify_init1(0x0) open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) r5 = inotify_init1(0x80800) dup2(r4, r5) getsockopt$bt_BT_SECURITY(r2, 0x112, 0x4, &(0x7f00000004c0), 0x2) fstatfs(r4, &(0x7f0000000040)=""/62) clone(0x0, &(0x7f00000018c0)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1eec7e667e9c22c674d6eb942b78258369909dc", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000000280)) sendmsg$IPVS_CMD_GET_INFO(r1, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(r2, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(r1, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) syz_open_dev$adsp(&(0x7f0000001880)='/dev/adsp#\x00', 0xffffffffffffffe1, 0xc0100) ioctl(r0, 0x2285, &(0x7f0000007000)='S') 2018/03/31 03:08:05 executing program 5: 2018/03/31 03:08:05 executing program 4: sync() getpid() r0 = syz_open_dev$midi(&(0x7f0000000000)='/dev/midi#\x00', 0x100000001, 0x0) ioctl$TUNSETVNETHDRSZ(r0, 0x400454d8, &(0x7f0000000040)=0x100000000) r1 = syz_open_dev$binder(&(0x7f00000004c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) getgroups(0x0, &(0x7f0000000500)) mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2000020, 0x10, 0xffffffffffffffff, 0x54) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000001c0)={0x74, 0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="0c6300000e630c40030000000000000000000000056304400000000009631040", @ANYBLOB="668c6e368ff715ad89db63cbf952d674027ece5f97237b7740c09526758ecd49af1d1791a5d561b32003e9577f3948ca765ea8178770048e816a613084ae7f45c63e65edbcfdc6fa1e3b0230a589612300ec71b4a5e1eb2cdda2863660c386a1b505abb6b7df45d9878f3b048a579f8eb02a0395db9b6e0f9c0e07c64cf7485b256cd20ed0061c15bb04c80af7cf0dec4d2b3ea07026344aea6e300e9302c67f70b822d5b68f009c932d7eea73ed1acbd26e2b0e28b33d9e93070a0898447ce93cc0a74e7c4df0f3ccc63b04b31428e7b2123c7fb41e453273b9253c0d326517826a661e0dbeaa55983dad66", @ANYBLOB="000000000000000000000000000200000000000000001400000100000000000000000000a80f9ac899beb50018001b0000000000104a0000000082ec0a120000a6d54f726c829fd3159a4f73fa78779447f6f83950fedddf7929dd66d9d1e906c5b86128689ac0a35f63b768110a60a8e7aed3a3b9fa85c7c220e555867de13a358d319978f7d63a8ed1afa629a744a2cc31de06b4e4472d6ba9625e4d129012d54523dde9424c616004b22b1e81bee2f812e31d4adea61cdbbe66f8af7836611548f4556d8dfc87597257b10d6258e07c7f33ee94c0c29a2b46b04f203ccd", @ANYPTR=&(0x7f0000000080)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00H\x00\x00\x00\x00\x00\x00\x00'], @ANYRES64, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0xeb, 0x0, &(0x7f00000002c0)="e718c6edde7a3b7c6af63e413cd5ffd2355006b90295e59b944ae30b53c5e0fb06504316e64898a349e3220fa658c2092306f433254289bcf5cf48a952c6e7eb4c54969299c6123213c5518ec0276eec669de3b62c531bcf2ba950c84bb12b57275938926ff74b0a8fe76d6e8de191b41f549e02c8262b5bf0d716c5f23d4dae1e2d8aac7c0b2386ed16e3b0c7fb6e60c5bbd3d1efb87f99573a5ced5b7f13f75995a776f3c7e6ed23b5056ebec90c762d6ebdd8a7de0f61884f12294d1a1a3696ca768758bc197a050a453209d4fe9930a7053742a70a6fe08461645091bc00c6f25addfbc55c3d37fe35"}) 2018/03/31 03:08:05 executing program 3: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ppp\x00', 0x40000, 0x0) ioctl$FIONREAD(r0, 0x541b, &(0x7f0000000440)) sendmsg$unix(0xffffffffffffffff, &(0x7f0000833000)={&(0x7f0000564000)=@abs, 0x6e, &(0x7f0000451ff0)=[{&(0x7f0000007000)="002a932f01000000cf960802e023", 0xe}], 0x1, &(0x7f00001f9fe0)}, 0x0) r1 = syz_open_dev$sg(&(0x7f0000b7aff7)='/dev/sg#\x00', 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000007000)={0x0, 0x0, 0x80da14}) r2 = memfd_create(&(0x7f0000000100)=']\x00', 0x0) fchdir(0xffffffffffffffff) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x0) socket(0xf, 0x7, 0x8) getsockopt$inet6_tcp_buf(r1, 0x6, 0xf, &(0x7f0000000340)=""/87, &(0x7f00000003c0)=0x57) r4 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_pid(r4, &(0x7f0000000100)=ANY=[], 0x1023c) fadvise64(r3, 0x0, 0x0, 0x4) ioctl$TUNGETFEATURES(r3, 0x800454cf, &(0x7f00000002c0)) fallocate(r3, 0x0, 0x0, 0xffff) r5 = inotify_init1(0x0) open(&(0x7f0000fa3000)='./file0\x00', 0x0, 0x0) getsockopt$inet6_buf(r4, 0x29, 0x2a, &(0x7f0000000580)=""/148, &(0x7f0000000480)=0x94) r6 = inotify_init1(0x80800) dup2(r5, r6) clone(0x0, &(0x7f0000000200)="17dd6280de3693223b6fdbc70650db5722605e7d4cfec7dee9e7ca3a83bd750a10fca3bdd2c2fde305012a95b619af30af684bba6e9e2031b1eec7e667e9c22c674d6eb942b78258369909dc", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000300)="f74dda") ioctl$sock_SIOCGPGRP(r4, 0x8904, &(0x7f0000000280)) sendmsg$IPVS_CMD_GET_INFO(r2, &(0x7f0000000540)={&(0x7f00000001c0)={0x10}, 0xc, &(0x7f0000000500)={&(0x7f0000000640)=ANY=[]}, 0x1}, 0x0) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000000)) ioctl$KVM_X86_SETUP_MCE(r3, 0x4008ae9c, &(0x7f00000000c0)={0x2, 0x0, 0x8}) perf_event_open(&(0x7f0000940000)={0x0, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000a3c000)}, 0x10}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(r2, 0x8922, &(0x7f0000000400)={'ipddp0\x00'}) ioctl(r1, 0x2285, &(0x7f0000007000)='S') 2018/03/31 03:08:05 executing program 0: openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x20000, 0x0) r0 = syz_open_dev$sndtimer(&(0x7f00000000c0)='/dev/snd/timer\x00', 0x0, 0x0) read(r0, &(0x7f0000ec6000)=""/50, 0x32) r1 = socket$bt_cmtp(0x1f, 0x3, 0x5) ioctl$sock_bt_cmtp_CMTPGETCONNINFO(r1, 0x800443d3, &(0x7f0000000080)={{0x6, 0x6, 0xffffffffffffff0b, 0xb73, 0x3ff, 0xfff}, 0xf32, 0x80000001, 0x7}) r2 = syz_open_dev$amidi(&(0x7f0000000500)='/dev/amidi#\x00', 0x6bbf, 0x400) accept4$vsock_stream(r2, &(0x7f0000000340)={0x28, 0x0, 0xffffffff, @my=0x0}, 0x10, 0x80000) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000400)={{0x80100000001}}) ioctl$SNDRV_TIMER_IOCTL_PARAMS(r0, 0x40505412, &(0x7f000001cfb0)={0x0, 0x0, 0x0, 0x0, 0xf}) read(r0, &(0x7f0000000200)=""/228, 0xe4) r3 = openat$cuse(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/cuse\x00', 0x400000, 0x0) getsockopt$netrom_NETROM_T1(r3, 0x103, 0x1, &(0x7f0000000600), &(0x7f0000000640)=0x4) ioctl$SNDRV_TIMER_IOCTL_START(r0, 0x54a0) ioctl$GIO_UNIMAP(r2, 0x4b66, &(0x7f00000004c0)={0x4, &(0x7f0000000440)=[{}, {}, {}, {}]}) socket$nl_xfrm(0x10, 0x3, 0x6) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000680)='/dev/vga_arbiter\x00', 0x8000, 0x0) ioctl$KVM_SET_NR_MMU_PAGES(r3, 0xae44, 0x40) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f0000000480)) r4 = dup2(0xffffffffffffffff, 0xffffffffffffffff) bind$bt_l2cap(r4, &(0x7f0000000040)={0x1f, 0x5b91, {0xd, 0x0, 0x0, 0x8006, 0x5, 0x6}, 0x0, 0x5}, 0xe) preadv(r4, &(0x7f00000007c0)=[{&(0x7f0000000140)=""/100, 0x64}, {&(0x7f0000000240)=""/66, 0x42}, {&(0x7f00000002c0)=""/115, 0x73}, {&(0x7f0000000380)=""/71, 0x47}], 0x4, 0x16) [ 428.812806] FAULT_INJECTION: forcing a failure. [ 428.812806] name failslab, interval 1, probability 0, space 0, times 0 [ 428.824594] CPU: 1 PID: 27511 Comm: syz-executor1 Not tainted 4.16.0-rc7+ #7 [ 428.831783] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 428.841131] Call Trace: [ 428.843719] dump_stack+0x194/0x24d [ 428.847356] ? arch_local_irq_restore+0x53/0x53 [ 428.852029] should_fail+0x8c0/0xa40 [ 428.855744] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 428.860844] ? debug_check_no_locks_freed+0x3c0/0x3c0 [ 428.866036] ? __lock_acquire+0x664/0x3e00 [ 428.870277] ? find_held_lock+0x35/0x1d0 [ 428.874337] ? __lock_is_held+0xb6/0x140 [ 428.878405] ? check_same_owner+0x320/0x320 [ 428.882718] ? __d_lookup+0x4f4/0x830 [ 428.886522] ? rcu_note_context_switch+0x710/0x710 [ 428.891455] should_failslab+0xec/0x120 [ 428.895428] kmem_cache_alloc+0x47/0x760 [ 428.899490] __d_alloc+0xc1/0xbd0 [ 428.902940] ? shrink_dcache_for_umount+0x290/0x290 [ 428.907953] ? d_alloc_parallel+0x1b40/0x1b40 [ 428.912448] ? lock_release+0xa40/0xa40 [ 428.916414] ? d_alloc_parallel+0x1b40/0x1b40 [ 428.920915] ? mark_held_locks+0xaf/0x100 [ 428.925055] ? d_lookup+0x133/0x2e0 [ 428.928679] ? d_lookup+0x1d5/0x2e0 [ 428.932302] d_alloc+0x8e/0x340 [ 428.935578] ? __d_alloc+0xbd0/0xbd0 [ 428.939284] ? full_name_hash+0x9b/0xe0 [ 428.943263] __rpc_lookup_create_exclusive+0x183/0x1d0 [ 428.948532] ? down_write_nested+0x8b/0x120 [ 428.952847] ? rpc_d_lookup_sb+0x1a0/0x1a0 [ 428.957077] ? _down_write_nest_lock+0x120/0x120 [ 428.961828] ? rpc_d_lookup_sb+0x115/0x1a0 [ 428.966056] ? lock_release+0xa40/0xa40 [ 428.970031] rpc_mkpipe_dentry+0xf8/0x360 [ 428.974179] nfs4blocklayout_register_sb+0x4b/0x70 [ 428.979113] rpc_pipefs_event+0x3a4/0x480 [ 428.983269] ? nfs4blocklayout_net_init+0x460/0x460 [ 428.988279] ? lock_release+0xa40/0xa40 [ 428.992242] ? check_same_owner+0x320/0x320 [ 428.996582] ? dput.part.20+0x1d9/0x830 [ 429.000536] notifier_call_chain+0x136/0x2c0 [ 429.004920] ? unregister_die_notifier+0x20/0x20 [ 429.009656] ? down_read+0x96/0x150 [ 429.013263] ? blocking_notifier_call_chain+0xe1/0x190 [ 429.018522] ? __down_interruptible+0x6b0/0x6b0 [ 429.023167] ? _raw_spin_unlock+0x22/0x30 [ 429.027295] blocking_notifier_call_chain+0x102/0x190 [ 429.032463] ? srcu_init_notifier_head+0x80/0x80 [ 429.037200] rpc_fill_super+0x525/0xae0 [ 429.041150] ? rpc_remove_pipe_dir_object+0x6d0/0x6d0 [ 429.046317] ? security_capable+0x8e/0xc0 [ 429.050440] ? rpc_remove_pipe_dir_object+0x6d0/0x6d0 [ 429.055605] ? ns_capable_common+0xcf/0x160 [ 429.059901] ? rpc_remove_pipe_dir_object+0x6d0/0x6d0 [ 429.065068] mount_ns+0xc4/0x190 [ 429.068413] rpc_mount+0x9e/0xd0 [ 429.071758] mount_fs+0x66/0x2d0 [ 429.075104] vfs_kern_mount.part.26+0xc6/0x4a0 [ 429.079660] ? may_umount+0xa0/0xa0 [ 429.083264] ? _raw_read_unlock+0x22/0x30 [ 429.087386] ? __get_fs_type+0x8a/0xc0 [ 429.091251] do_mount+0xea4/0x2bb0 [ 429.094768] ? copy_mount_string+0x40/0x40 [ 429.098981] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 429.103972] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 429.108706] ? retint_kernel+0x10/0x10 [ 429.112570] ? copy_mount_options+0x18b/0x2e0 [ 429.117043] ? copy_mount_options+0x196/0x2e0 [ 429.121514] ? copy_mount_options+0x1f7/0x2e0 [ 429.125984] SyS_mount+0xab/0x120 [ 429.129420] ? copy_mnt_ns+0xb30/0xb30 [ 429.133281] do_syscall_64+0x281/0x940 [ 429.137146] ? vmalloc_sync_all+0x30/0x30 [ 429.141270] ? _raw_spin_unlock_irq+0x27/0x70 [ 429.145741] ? finish_task_switch+0x1c1/0x7e0 [ 429.150211] ? syscall_return_slowpath+0x550/0x550 [ 429.155116] ? syscall_return_slowpath+0x2ac/0x550 [ 429.160025] ? prepare_exit_to_usermode+0x350/0x350 [ 429.165023] ? entry_SYSCALL_64_after_hwframe+0x52/0xb7 [ 429.170364] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 429.175186] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 429.180350] RIP: 0033:0x454e79 [ 429.183552] RSP: 002b:00007fb29f67ac68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 429.191236] RAX: ffffffffffffffda RBX: 00007fb29f67b6d4 RCX: 0000000000454e79 [ 429.198481] RDX: 0000000020000240 RSI: 0000000020026ff8 RDI: 0000000020000280 [ 429.205727] RBP: 000000000072bea0 R08: 0000000020ae2fff R09: 0000000000000000 [ 429.212971] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000014 [ 429.220215] R13: 00000000000003fa R14: 00000000006f8010 R15: 000000000000003c [ 429.232405] list_del corruption. prev->next should be 00000000e0f1c59a, but was 0000000048814478 [ 429.242494] ------------[ cut here ]------------ [ 429.247239] kernel BUG at lib/list_debug.c:53! [ 429.251871] invalid opcode: 0000 [#1] SMP KASAN [ 429.256525] Dumping ftrace buffer: [ 429.260049] (ftrace buffer empty) [ 429.263745] Modules linked in: [ 429.266927] CPU: 0 PID: 27511 Comm: syz-executor1 Not tainted 4.16.0-rc7+ #7 [ 429.274092] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 429.283448] RIP: 0010:__list_del_entry_valid+0xef/0x150 [ 429.288795] RSP: 0018:ffff8801775b77a0 EFLAGS: 00010282 [ 429.294148] RAX: 0000000000000054 RBX: ffff880172e58b10 RCX: 0000000000000000 [ 429.301407] RDX: 0000000000000054 RSI: ffffc90004ee0000 RDI: ffffed002eeb6ee8 [ 429.308665] RBP: ffff8801775b77b8 R08: 1ffff1002eeb6e40 R09: 0000000000000000 [ 429.315925] R10: ffff8801775b7778 R11: 0000000000000000 R12: ffff880172e58990 [ 429.323189] R13: 1ffff1002eeb6efd R14: ffff880172e58820 R15: dffffc0000000000 [ 429.330454] FS: 00007fb29f67b700(0000) GS:ffff8801db000000(0000) knlGS:0000000000000000 [ 429.338665] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 429.344533] CR2: 0000000020fa3000 CR3: 00000001d6eb0001 CR4: 00000000001606f0 [ 429.351795] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 429.359052] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 429.366307] Call Trace: [ 429.368890] __dentry_kill+0x260/0x700 [ 429.372770] ? check_and_drop+0x1b0/0x1b0 [ 429.376903] ? d_path+0x930/0x930 [ 429.380348] ? rcu_note_context_switch+0x710/0x710 [ 429.385270] dput.part.20+0x5a0/0x830 [ 429.389055] ? d_path+0x930/0x930 [ 429.392481] ? rpc_show_info+0x460/0x460 [ 429.396514] ? d_delete+0x181/0x280 [ 429.400116] dput+0x1f/0x30 [ 429.403024] rpc_fill_super+0x628/0xae0 [ 429.406973] ? rpc_remove_pipe_dir_object+0x6d0/0x6d0 [ 429.412138] ? security_capable+0x8e/0xc0 [ 429.416258] ? rpc_remove_pipe_dir_object+0x6d0/0x6d0 [ 429.421420] ? ns_capable_common+0xcf/0x160 [ 429.425719] ? rpc_remove_pipe_dir_object+0x6d0/0x6d0 [ 429.430878] mount_ns+0xc4/0x190 [ 429.434218] rpc_mount+0x9e/0xd0 [ 429.437557] mount_fs+0x66/0x2d0 [ 429.440899] vfs_kern_mount.part.26+0xc6/0x4a0 [ 429.445456] ? may_umount+0xa0/0xa0 [ 429.449057] ? _raw_read_unlock+0x22/0x30 [ 429.453176] ? __get_fs_type+0x8a/0xc0 [ 429.457038] do_mount+0xea4/0x2bb0 [ 429.460553] ? copy_mount_string+0x40/0x40 [ 429.464759] ? trace_hardirqs_on_caller+0x421/0x5c0 [ 429.469748] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 429.474479] ? retint_kernel+0x10/0x10 [ 429.478340] ? copy_mount_options+0x18b/0x2e0 [ 429.482807] ? copy_mount_options+0x196/0x2e0 [ 429.487275] ? copy_mount_options+0x1f7/0x2e0 [ 429.491837] SyS_mount+0xab/0x120 [ 429.495265] ? copy_mnt_ns+0xb30/0xb30 [ 429.499126] do_syscall_64+0x281/0x940 [ 429.502986] ? vmalloc_sync_all+0x30/0x30 [ 429.507112] ? _raw_spin_unlock_irq+0x27/0x70 [ 429.511581] ? finish_task_switch+0x1c1/0x7e0 [ 429.516049] ? syscall_return_slowpath+0x550/0x550 [ 429.520953] ? syscall_return_slowpath+0x2ac/0x550 [ 429.525854] ? prepare_exit_to_usermode+0x350/0x350 [ 429.530867] ? entry_SYSCALL_64_after_hwframe+0x52/0xb7 [ 429.536207] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 429.541026] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 429.546186] RIP: 0033:0x454e79 [ 429.549351] RSP: 002b:00007fb29f67ac68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 429.557031] RAX: ffffffffffffffda RBX: 00007fb29f67b6d4 RCX: 0000000000454e79 [ 429.564273] RDX: 0000000020000240 RSI: 0000000020026ff8 RDI: 0000000020000280 [ 429.571521] RBP: 000000000072bea0 R08: 0000000020ae2fff R09: 0000000000000000 [ 429.578761] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000014 [ 429.586006] R13: 00000000000003fa R14: 00000000006f8010 R15: 000000000000003c [ 429.593253] Code: 4c 89 e2 48 c7 c7 40 b9 75 87 e8 55 12 48 fe 0f 0b 48 c7 c7 a0 b9 75 87 e8 47 12 48 fe 0f 0b 48 c7 c7 00 ba 75 87 e8 39 12 48 fe <0f> 0b 48 c7 c7 60 ba 75 87 e8 2b 12 48 fe 0f 0b 48 89 df 48 89 [ 429.612360] RIP: __list_del_entry_valid+0xef/0x150 RSP: ffff8801775b77a0 [ 429.619743] ---[ end trace 52e17721a99409f2 ]--- [ 429.624524] Kernel panic - not syncing: Fatal exception [ 429.630303] Dumping ftrace buffer: [ 429.633821] (ftrace buffer empty) [ 429.637516] Kernel Offset: disabled [ 429.641116] Rebooting in 86400 seconds..