ady set [ 145.000865] binder: 8021:8065 ioctl 40046207 0 returned -16 [ 145.003381] binder_alloc: 8021: binder_alloc_buf, no vma [ 145.012136] binder: 8021:8072 transaction failed 29189/-3, size 0-0 line 2967 [ 145.032337] binder: 8021:8065 ERROR: BC_REGISTER_LOOPER called without request [ 145.039818] binder: 8021:8072 got reply transaction with no transaction stack [ 145.047137] binder: 8021:8072 transaction failed 29201/-71, size 0-0 line 2759 20:42:23 executing program 6: r0 = socket$inet6(0xa, 0x80002, 0x0) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x0, 0x0, @local, 0x2}, 0x1c) sendto$inet6(r0, &(0x7f0000000300), 0xfd90, 0x400806e, &(0x7f00000000c0)={0xa, 0x4e23, 0x0, @ipv4={[], [], @multicast2}}, 0x1c) connect$inet6(r0, &(0x7f00000001c0)={0xa, 0x0, 0x0, @ipv4}, 0x1c) sendto$inet6(r0, &(0x7f0000000140), 0x0, 0x0, &(0x7f0000000180), 0x1c) 20:42:23 executing program 5: mkdir(&(0x7f000082f000)='./control\x00', 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x1032, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000e4c000)) r1 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0) write$sndseq(r1, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) mount(&(0x7f0000000100)='./control\x00', &(0x7f0000000640)='./control/file0\x00', &(0x7f0000000140)='proc\x00', 0x0, &(0x7f00000001c0)) lchown(&(0x7f0000000040)='./control/file0\x00', 0x0, 0x0) close(r0) 20:42:23 executing program 1: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040)='/dev/net/tun\x00', 0x0, 0x0) socket$inet_icmp_raw(0x2, 0x3, 0x1) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000140)={&(0x7f00000000c0), 0xc, &(0x7f0000000100)={&(0x7f0000000180)=@newlink={0x28, 0x10, 0xc362e63b3f31ba5f, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x3}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0) r2 = socket$packet(0x11, 0x3, 0x300) dup2(r2, r0) 20:42:23 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire], 0x0, 0x0, &(0x7f0000002000)}) r2 = dup2(r1, 0xffffffffffffffff) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000002c0)={0x10, 0x0, &(0x7f0000000200)=[@request_death], 0x0, 0x0, &(0x7f0000000280)}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000c6dfd0)={0x8, 0x0, &(0x7f0000dd0000)=[@acquire={0x400c630e}], 0x0, 0x0, &(0x7f0000008f37)}) 20:42:23 executing program 2: r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCSIFADDR(r0, 0x8916, &(0x7f00000000c0)={'bond_slave_0\x00'}) ioctl$sock_inet_SIOCSIFADDR(r0, 0x8916, &(0x7f0000000000)={'bond_slave_0\x00', {0x2, 0x0, @local}}) 20:42:23 executing program 7: r0 = syz_open_dev$binder(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000000c0)={0x4, 0x0, &(0x7f0000000100)=[@register_looper], 0x1, 0x6c000000, &(0x7f0000000280)='\b'}) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000008fd0)={0x4c, 0x0, &(0x7f0000000140)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000100)}}}], 0x0, 0x0, &(0x7f0000fedffe)}) 20:42:23 executing program 4: preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000080)=""/148, 0x289}], 0x1, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/arp\x00') preadv(r0, &(0x7f0000000480), 0x10000000000002a1, 0x10400003) ioctl$TUNGETSNDBUF(0xffffffffffffffff, 0x800454d3, &(0x7f0000000000)) ioctl$PERF_EVENT_IOC_RESET(0xffffffffffffffff, 0x2403, 0x5) fcntl$setown(r0, 0x8, 0x0) r1 = epoll_create1(0x80006) r2 = socket(0x1d, 0x0, 0x1116) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r2, &(0x7f0000000000)={0xfffffffe8000201f}) setsockopt$inet_udp_int(r2, 0x11, 0x6f, &(0x7f0000000100)=0x7, 0x4) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r1, &(0x7f0000000540)={0x20000003}) ioctl$sock_netdev_private(r3, 0x89f0, &(0x7f0000000480)="dd6c4aae95babf1ba2cec8b824c3d8fd5e5e2a57f332e1c96456a1d00ea4ce51a18b3bfae24dc491ada880e92ffe5376d59852e5ee1b2cde661cadfb31d0a597bb36b5180ca4958e224ea71a6b099d1592d459f4f498fce378ebf9ec4774f407b189a23bfebadf74943b2858f72fd422c838df1af095ff") ioctl$BLKSECDISCARD(r3, 0x127d, &(0x7f0000000300)=0x6bb) r5 = perf_event_open(&(0x7f0000000140)={0x2, 0xb1, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) fcntl$getown(r5, 0x9) r6 = mq_open(&(0x7f00005a1ffb)='eth0\x00', 0x42, 0x0, &(0x7f0000000000)={0x0, 0x6, 0x4}) mq_notify(r6, &(0x7f0000000140)={0x0, 0x2e, 0x1, @thr={&(0x7f0000000040)="7be4d6b00202ca53878499e01146863a2e7c8ca45e1910e5eba6453bb6f234b5a1b1bca731970a74bfc8e1793749ea18156c9b8a615bfa2f506fcf44060d36e38f66f111149434d5139e416358ea33f34b4507cdc299f7868d5f186e6bd604", &(0x7f00000000c0)="3c5d8da40d1477844fc4c160b6004a90edc520a6935a49cf5da4c2b525d13146ed27d429c762a4b0e9aaed82555cd1ae800d"}}) r7 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rtc0\x00', 0x101004, 0x0) preadv(r7, &(0x7f0000000440)=[{&(0x7f0000000340)=""/249, 0xf9}], 0x1, 0x0) pipe2(&(0x7f0000000580)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) ioctl$SG_GET_PACK_ID(r8, 0x227c, &(0x7f00000005c0)) mq_timedsend(r6, &(0x7f00000e6000), 0x0, 0xe7, &(0x7f0000e0b000)) getsockopt$inet_udp_int(r3, 0x11, 0x1, &(0x7f0000000280), &(0x7f0000000640)=0x4) write$eventfd(r4, &(0x7f00000002c0)=0x43, 0x8) setsockopt$inet_mreq(r2, 0x0, 0x23, &(0x7f0000000500)={@local, @rand_addr=0x800}, 0x8) syz_genetlink_get_family_id$team(&(0x7f0000000780)='team\x00') 20:42:23 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) fcntl$dupfd(r0, 0x0, r0) openat$ppp(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/ppp\x00', 0x0, 0x0) setsockopt$inet_MCAST_MSFILTER(0xffffffffffffffff, 0x0, 0x30, &(0x7f0000000580)=ANY=[], 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000140)=0x78, 0x4) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e23, @broadcast}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000b86000)={0x1, &(0x7f0000f40ff8)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10) sendto$inet(r0, &(0x7f0000a88f88), 0xfffffffffffffe6e, 0x20000000, &(0x7f0000e68000)={0x2, 0x4004e23, @local}, 0x10) recvmsg(r0, &(0x7f0000000240)={&(0x7f0000000040)=@nfc, 0x80, &(0x7f00000001c0)=[{&(0x7f0000003ac0)=""/4096, 0x1000}], 0x1, &(0x7f00000000c0)=""/20, 0x14}, 0x100) [ 145.156273] binder: undelivered TRANSACTION_COMPLETE [ 145.161668] binder: undelivered TRANSACTION_ERROR: 29201 20:42:23 executing program 5: mkdir(&(0x7f000082f000)='./control\x00', 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x1032, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0) write$sndseq(r1, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) mount(&(0x7f0000000100)='./control\x00', &(0x7f0000000640)='./control/file0\x00', &(0x7f0000000140)='proc\x00', 0x0, &(0x7f00000001c0)) lchown(&(0x7f0000000040)='./control/file0\x00', 0x0, 0x0) close(r0) 20:42:23 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire], 0x0, 0x0, &(0x7f0000002000)}) r2 = dup2(r1, 0xffffffffffffffff) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000002c0)={0x10, 0x0, &(0x7f0000000200)=[@request_death], 0x0, 0x0, &(0x7f0000000280)}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000c6dfd0)={0x8, 0x0, &(0x7f0000dd0000)=[@acquire={0x400c630e}], 0x0, 0x0, &(0x7f0000008f37)}) [ 145.201150] binder: 8084:8088 ERROR: BC_REGISTER_LOOPER called without request [ 145.214115] binder: undelivered TRANSACTION_COMPLETE [ 145.219312] binder: undelivered transaction 58, process died. [ 145.247977] binder: undelivered TRANSACTION_ERROR: 29189 20:42:24 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire], 0x0, 0x0, &(0x7f0000002000)}) r2 = dup2(r1, 0xffffffffffffffff) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000002c0)={0x10, 0x0, &(0x7f0000000200)=[@request_death], 0x0, 0x0, &(0x7f0000000280)}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000c6dfd0)={0x8, 0x0, &(0x7f0000dd0000)=[@acquire={0x400c630e}], 0x0, 0x0, &(0x7f0000008f37)}) 20:42:24 executing program 5: mkdir(&(0x7f000082f000)='./control\x00', 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x1032, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0) write$sndseq(r1, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) mount(&(0x7f0000000100)='./control\x00', &(0x7f0000000640)='./control/file0\x00', &(0x7f0000000140)='proc\x00', 0x0, &(0x7f00000001c0)) lchown(&(0x7f0000000040)='./control/file0\x00', 0x0, 0x0) close(r0) 20:42:24 executing program 6: r0 = socket$inet6(0xa, 0x80002, 0x0) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x0, 0x0, @local, 0x2}, 0x1c) sendto$inet6(r0, &(0x7f0000000300), 0xfd90, 0x400806e, &(0x7f00000000c0)={0xa, 0x4e23, 0x0, @ipv4={[], [], @multicast2}}, 0x1c) connect$inet6(r0, &(0x7f00000001c0)={0xa, 0x0, 0x0, @ipv4}, 0x1c) sendto$inet6(r0, &(0x7f0000000140), 0x0, 0x0, &(0x7f0000000180), 0x1c) [ 145.308581] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready 20:42:24 executing program 5: mkdir(&(0x7f000082f000)='./control\x00', 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x1032, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0) write$sndseq(r1, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) mount(&(0x7f0000000100)='./control\x00', &(0x7f0000000640)='./control/file0\x00', &(0x7f0000000140)='proc\x00', 0x0, &(0x7f00000001c0)) lchown(&(0x7f0000000040)='./control/file0\x00', 0x0, 0x0) close(r0) 20:42:24 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire], 0x0, 0x0, &(0x7f0000002000)}) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f00000002c0)={0x10, 0x0, &(0x7f0000000200)=[@request_death], 0x0, 0x0, &(0x7f0000000280)}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000c6dfd0)={0x8, 0x0, &(0x7f0000dd0000)=[@acquire={0x400c630e}], 0x0, 0x0, &(0x7f0000008f37)}) [ 145.369382] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready 20:42:24 executing program 6: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000000000)={0x100000000000000, 0x0, &(0x7f00008feff0)={&(0x7f00000001c0)=ANY=[@ANYBLOB="020d0000100000000000000000000000030006000200000002000000dd00000100000000000000000800120002000200000000007d22000018000000030300000000030000000000000000bd03000000160000000301000000000000000000000000000000000000030005000000000002000000000000010000000000000000"], 0x80}}, 0x0) 20:42:24 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire], 0x0, 0x0, &(0x7f0000002000)}) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f00000002c0)={0x10, 0x0, &(0x7f0000000200)=[@request_death], 0x0, 0x0, &(0x7f0000000280)}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000c6dfd0)={0x8, 0x0, &(0x7f0000dd0000)=[@acquire={0x400c630e}], 0x0, 0x0, &(0x7f0000008f37)}) 20:42:24 executing program 2: r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCSIFADDR(r0, 0x8916, &(0x7f00000000c0)={'bond_slave_0\x00'}) ioctl$sock_inet_SIOCSIFADDR(r0, 0x8916, &(0x7f0000000000)={'bond_slave_0\x00', {0x2, 0x0, @local}}) [ 145.649709] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 145.659953] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready 20:42:24 executing program 1: mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x0, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000480)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000200)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) ioctl$UFFDIO_ZEROPAGE(r0, 0xc020aa04, &(0x7f0000000140)={{&(0x7f0000011000/0x2000)=nil, 0x2000}}) 20:42:24 executing program 5: mkdir(&(0x7f000082f000)='./control\x00', 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x1032, 0xffffffffffffffff, 0x0) ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, &(0x7f0000e4c000)) ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r0 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0) write$sndseq(r0, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) mount(&(0x7f0000000100)='./control\x00', &(0x7f0000000640)='./control/file0\x00', &(0x7f0000000140)='proc\x00', 0x0, &(0x7f00000001c0)) lchown(&(0x7f0000000040)='./control/file0\x00', 0x0, 0x0) close(0xffffffffffffffff) 20:42:24 executing program 6: r0 = perf_event_open(&(0x7f0000aaa000)={0x2, 0x70, 0x857, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fcntl$dupfd(r0, 0x406, r0) r1 = openat$full(0xffffffffffffff9c, &(0x7f0000000080)='/dev/full\x00', 0x101000, 0x0) mq_timedreceive(r1, &(0x7f0000000100)=""/214, 0xfffffffffffffd5b, 0x1000000000000009, &(0x7f0000000200)={0x0, 0x1c9c380}) setsockopt$inet_tcp_TCP_MD5SIG(r1, 0x6, 0xe, &(0x7f0000000400)={@in6={{0xa, 0x4e23, 0x3f, @local, 0x401}}, 0x0, 0x87a8, 0xfffffffffffffffe, "0f6433406c2cd5fb5dccf596637432a8f0d1f602980df9463c97fabeb3b87fbdf9cd5eb04afdc723de4bcb0ec12f491fc8314ea5841c3ef474097f3eb2fe5779b2b6e42b927d25019cd9e9aee85ae2d6"}, 0xd8) fcntl$getownex(r0, 0x10, &(0x7f0000000580)={0x0, 0x0}) r3 = getpgrp(r2) r4 = syz_open_procfs(r3, &(0x7f0000000340)="6e65742f6970365f666c6f776c6162656c006ec03114893458edc1c9d8dc4b0d8dae982640d0e6bb51d7ff596e1c92de0eaa319198e91f0a4d43697c2bcd77f017365af160acf33bd66432ebe50c0e8bdaf7fc39feff34ef27a1397193227f4733c145e66536c6c275112520e72b3097843b5cdac480c3b1384ebf592505f88589fcd2d7") r5 = openat$full(0xffffffffffffff9c, &(0x7f0000000240)='/dev/full\x00', 0x400, 0x0) socket$inet6(0xa, 0x2, 0x0) r6 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup.cpu\x00', 0x200002, 0x0) fchdir(r6) r7 = creat(&(0x7f0000000700)='./bus\x00', 0x0) fcntl$setstatus(r7, 0x4, 0x6100) ftruncate(r7, 0x8200) r8 = open(&(0x7f000000fffa)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x800002, 0x11, r8, 0x0) socket$inet_udp(0x2, 0x2, 0x0) r9 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r9, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2}, 0x1c) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r9, 0x29, 0x20, &(0x7f0000000080)={@mcast2, 0x0, 0x0, 0x3, 0x1}, 0x20) sendfile(r4, r4, &(0x7f00000002c0)=0x202, 0xd9) syz_open_procfs$namespace(r3, &(0x7f0000000280)='ns/mnt\x00') ioctl$EVIOCGEFFECTS(r1, 0x80044584, &(0x7f00000005c0)=""/213) getsockname(r8, &(0x7f0000000500)=@vsock={0x0, 0x0, 0x0, @my}, &(0x7f00000000c0)=0x80) ioctl$SCSI_IOCTL_STOP_UNIT(r5, 0x6) symlink(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='\x00') 20:42:24 executing program 7: r0 = syz_open_dev$binder(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000000c0)={0x4, 0x0, &(0x7f0000000100)=[@register_looper], 0x1, 0x6c000000, &(0x7f0000000280)='\b'}) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000008fd0)={0x4c, 0x0, &(0x7f0000000140)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000100)}}}], 0x0, 0x0, &(0x7f0000fedffe)}) 20:42:24 executing program 4: preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000080)=""/148, 0x289}], 0x1, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/arp\x00') preadv(r0, &(0x7f0000000480), 0x10000000000002a1, 0x10400003) ioctl$TUNGETSNDBUF(0xffffffffffffffff, 0x800454d3, &(0x7f0000000000)) ioctl$PERF_EVENT_IOC_RESET(0xffffffffffffffff, 0x2403, 0x5) fcntl$setown(r0, 0x8, 0x0) r1 = epoll_create1(0x80006) r2 = socket(0x1d, 0x0, 0x1116) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r2, &(0x7f0000000000)={0xfffffffe8000201f}) setsockopt$inet_udp_int(r2, 0x11, 0x6f, &(0x7f0000000100)=0x7, 0x4) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r1, &(0x7f0000000540)={0x20000003}) ioctl$sock_netdev_private(r3, 0x89f0, &(0x7f0000000480)="dd6c4aae95babf1ba2cec8b824c3d8fd5e5e2a57f332e1c96456a1d00ea4ce51a18b3bfae24dc491ada880e92ffe5376d59852e5ee1b2cde661cadfb31d0a597bb36b5180ca4958e224ea71a6b099d1592d459f4f498fce378ebf9ec4774f407b189a23bfebadf74943b2858f72fd422c838df1af095ff") ioctl$BLKSECDISCARD(r3, 0x127d, &(0x7f0000000300)=0x6bb) r5 = perf_event_open(&(0x7f0000000140)={0x2, 0xb1, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) fcntl$getown(r5, 0x9) r6 = mq_open(&(0x7f00005a1ffb)='eth0\x00', 0x42, 0x0, &(0x7f0000000000)={0x0, 0x6, 0x4}) mq_notify(r6, &(0x7f0000000140)={0x0, 0x2e, 0x1, @thr={&(0x7f0000000040)="7be4d6b00202ca53878499e01146863a2e7c8ca45e1910e5eba6453bb6f234b5a1b1bca731970a74bfc8e1793749ea18156c9b8a615bfa2f506fcf44060d36e38f66f111149434d5139e416358ea33f34b4507cdc299f7868d5f186e6bd604", &(0x7f00000000c0)="3c5d8da40d1477844fc4c160b6004a90edc520a6935a49cf5da4c2b525d13146ed27d429c762a4b0e9aaed82555cd1ae800d"}}) r7 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rtc0\x00', 0x101004, 0x0) preadv(r7, &(0x7f0000000440)=[{&(0x7f0000000340)=""/249, 0xf9}], 0x1, 0x0) pipe2(&(0x7f0000000580), 0x0) ppoll(&(0x7f00000001c0)=[{r6, 0x8000}, {r7, 0x420}], 0x2, &(0x7f0000000200)={0x77359400}, &(0x7f0000000240)={0x9}, 0x8) mq_timedsend(r6, &(0x7f00000e6000), 0x0, 0xe7, &(0x7f0000e0b000)) getsockopt$inet_udp_int(r3, 0x11, 0x1, &(0x7f0000000280), &(0x7f0000000640)=0x4) write$eventfd(r4, &(0x7f00000002c0)=0x43, 0x8) setsockopt$inet_mreq(r2, 0x0, 0x23, &(0x7f0000000500)={@local, @rand_addr=0x800}, 0x8) syz_genetlink_get_family_id$team(&(0x7f0000000780)='team\x00') 20:42:24 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire], 0x0, 0x0, &(0x7f0000002000)}) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f00000002c0)={0x10, 0x0, &(0x7f0000000200)=[@request_death], 0x0, 0x0, &(0x7f0000000280)}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000c6dfd0)={0x8, 0x0, &(0x7f0000dd0000)=[@acquire={0x400c630e}], 0x0, 0x0, &(0x7f0000008f37)}) 20:42:24 executing program 2: r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCSIFADDR(r0, 0x8916, &(0x7f00000000c0)={'bond_slave_0\x00'}) ioctl$sock_inet_SIOCSIFADDR(r0, 0x8916, &(0x7f0000000000)={'bond_slave_0\x00', {0x2, 0x0, @local}}) 20:42:24 executing program 5: mkdir(&(0x7f000082f000)='./control\x00', 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x1032, 0xffffffffffffffff, 0x0) ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, &(0x7f0000e4c000)) ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r0 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0) write$sndseq(r0, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) mount(&(0x7f0000000100)='./control\x00', &(0x7f0000000640)='./control/file0\x00', &(0x7f0000000140)='proc\x00', 0x0, &(0x7f00000001c0)) lchown(&(0x7f0000000040)='./control/file0\x00', 0x0, 0x0) close(0xffffffffffffffff) 20:42:24 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000ad7000)={0x1, &(0x7f0000acbff8)=[{0x6, 0x0, 0x0, 0x6}]}, 0x10) bind$inet6(r0, &(0x7f0000000080)={0xa, 0x4e22}, 0x1c) sendto$inet6(r0, &(0x7f00000005c0)="dd", 0x1, 0x200408d4, &(0x7f000072e000)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) sendto$inet6(r0, &(0x7f00000002c0)='\b/C,', 0x4, 0x3fffffa, &(0x7f0000000280)={0xa, 0x0, 0x0, @remote}, 0x1c) setsockopt$inet6_tcp_TLS_TX(r0, 0x6, 0x1, &(0x7f0000000000), 0x4) 20:42:24 executing program 6: r0 = socket$l2tp(0x18, 0x1, 0x1) connect$l2tp(r0, &(0x7f0000000040)=@pppol2tp={0x18, 0x1, {0x0, r0, {0x2, 0x4e23, @local}, 0x3, 0x0, 0x5}}, 0x26) 20:42:24 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) fcntl$dupfd(r0, 0x0, r0) openat$ppp(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/ppp\x00', 0x0, 0x0) setsockopt$inet_MCAST_MSFILTER(0xffffffffffffffff, 0x0, 0x30, &(0x7f0000000580)=ANY=[], 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000140)=0x78, 0x4) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e23, @broadcast}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000b86000)={0x1, &(0x7f0000f40ff8)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10) sendto$inet(r0, &(0x7f0000a88f88), 0xfffffffffffffe6e, 0x20000000, &(0x7f0000e68000)={0x2, 0x4004e23, @local}, 0x10) recvmsg(r0, &(0x7f0000000240)={&(0x7f0000000040)=@nfc, 0x80, &(0x7f00000001c0)=[{&(0x7f0000003ac0)=""/4096, 0x1000}], 0x1, &(0x7f00000000c0)=""/20, 0x14}, 0x100) [ 146.115433] binder: 8146:8147 ERROR: BC_REGISTER_LOOPER called without request 20:42:24 executing program 6: capset(&(0x7f0000000100), &(0x7f0000000140)) r0 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000000), 0x1c) 20:42:24 executing program 1: r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_MCAST_MSFILTER(r0, 0x29, 0x30, &(0x7f00000002c0)={0x0, {{0xa, 0x0, 0x0, @mcast2}}}, 0x90) 20:42:24 executing program 5: mkdir(&(0x7f000082f000)='./control\x00', 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x1032, 0xffffffffffffffff, 0x0) ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, &(0x7f0000e4c000)) ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r0 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0) write$sndseq(r0, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) mount(&(0x7f0000000100)='./control\x00', &(0x7f0000000640)='./control/file0\x00', &(0x7f0000000140)='proc\x00', 0x0, &(0x7f00000001c0)) lchown(&(0x7f0000000040)='./control/file0\x00', 0x0, 0x0) close(0xffffffffffffffff) 20:42:24 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire], 0x0, 0x0, &(0x7f0000002000)}) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000200), 0x0, 0x0, &(0x7f0000000280)}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000c6dfd0)={0x8, 0x0, &(0x7f0000dd0000)=[@acquire={0x400c630e}], 0x0, 0x0, &(0x7f0000008f37)}) 20:42:25 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire], 0x0, 0x0, &(0x7f0000002000)}) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000200), 0x0, 0x0, &(0x7f0000000280)}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000c6dfd0)={0x8, 0x0, &(0x7f0000dd0000)=[@acquire={0x400c630e}], 0x0, 0x0, &(0x7f0000008f37)}) 20:42:25 executing program 5: mkdir(&(0x7f000082f000)='./control\x00', 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000e4c000)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0) write$sndseq(r1, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) mount(&(0x7f0000000100)='./control\x00', &(0x7f0000000640)='./control/file0\x00', &(0x7f0000000140)='proc\x00', 0x0, &(0x7f00000001c0)) lchown(&(0x7f0000000040)='./control/file0\x00', 0x0, 0x0) close(r0) 20:42:25 executing program 2: r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCSIFADDR(r0, 0x8916, &(0x7f0000000000)={'bond_slave_0\x00', {0x2, 0x0, @local}}) 20:42:25 executing program 6: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x81000000000002, &(0x7f0000003840)=0x78, 0x1c4) bind$inet(r0, &(0x7f0000000140)={0x2, 0x4e23, @rand_addr}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000001940)='illinois\x00', 0x36) sendto$inet(r0, &(0x7f0000a88f88), 0xfffffffffffffe54, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @loopback}, 0x10) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000100), 0x921b527a62bfd8af) setsockopt$IP_VS_SO_SET_DELDEST(r0, 0x0, 0x488, &(0x7f0000001380)={{0x1d, @dev={0xac, 0x14, 0x14, 0x12}, 0x4e21, 0x2, 'lblc\x00', 0x22, 0x2, 0x34}, {@local, 0x4e22, 0x0, 0xfffffffffffffffb, 0x200, 0x40}}, 0x44) getsockname$inet(r0, &(0x7f0000001300)={0x0, 0x0, @remote}, &(0x7f0000001340)=0x10) r1 = socket$inet(0x2, 0x5, 0x7) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000000), &(0x7f00000000c0)=0xc) accept4$inet(r1, &(0x7f0000000180)={0x0, 0x0, @remote}, &(0x7f0000000280)=0x10, 0x80800) recvmsg(r0, &(0x7f0000000240)={&(0x7f0000000040)=@nfc, 0x80, &(0x7f00000001c0)=[{&(0x7f0000003ac0)=""/4096, 0x1000}], 0x1, &(0x7f0000000200)=""/20, 0x14}, 0x100) write$binfmt_elf64(r0, &(0x7f00000002c0)=ANY=[@ANYBLOB="7f454c4600250000050000000000000003003e00060000002c010000000000004000000000000000e1000000000000000500000087003800020002000700ea000200007001000000ea0a000000000000f7ffffffffffffff00000000ffffffff00000000000000000100000001000000010000000000000001000070040000000500000000000000000000000000000005000000000000000100000001000000ff0f00000000000000fcfffffffffffff423273d395b5dfe49a633eb0eb0263328129db30c89d614ca312379424593d1149401363a977a2b10bc8394762bab422771360aa38dc889b26829f721e3098b0f80c2f4ee55bcf0df04911af0a6a16e0ab5b5bb1e2227df0cb7b403be567ea3b9adef738dd4b7efbd9e56dfc0dc488a064d4ad246d477bc8fedb6c1fbcdb1469e544a6ac9afa9987b94c8d1209a41a79416931a8f43bd761418a2c47221a2a4d6bee2592cd6eab8fa3ac582965b48d68fb1dde708c99018c2a2f1628c0adb0dc15872d102a327e9f073a52942892de4cc873d54064f08aec25e76cde841dd1e09db3f59955450018b682981af9bf3133a11fbf7915b41105bd663e6f7116777b3cb43f260d25a06d22119ca7674f7d9eeb496cccae5ea73758600072b6f0c2a39d824fa2001cb9377fbc132be60c8b0bf6ac0a892b355685d62cb7077a1e889c359d7bfc544111c6ca232e6c6593a0b8f085567b065536d649fea6d4e202254fc1a0dedba780af208b0457ed33958cfd97c0155f59b06d997423bb3b6f3d5e01c8b74030434cacb0e50dcc661aff03a72021b6011f6ff05f6070f0bcb7d75cbf1668562cd6599dcf1eac792c47370ac83b2730215d9955f6fa81f59d3209fbaf52f41f8c413432d976fe6eb3ae98661de6250e09bcf7b82d0492b349ca022abade27ee2d41aa83ba7d2ed5193dda7e9c78769b1b779a1e91e12e0fa1d057e1aef4b856ab0f2dabc8b207f09d78e1f83461ccac0b2558732ea70d369973971d2c6d94081f33308b1e4b27a2ce6f45838809407045aa63b6219d82564c7323f73bfc2260fd95e5e8eeca550ba9adcca477de69469764858d7aa3ab8afd99e883c43dacae12ac88e7fea5a99df90755e5caf59185794ed6419a22fe36d9070ed6558b090cb871914491e2a135047b729107896b784bf87c941f7b993033898b993c83b8bcec93aed20e900921e8c8e716321ad5664665e7f89839258d1477a2e8fceaa9280b9c9dc53b5ed4bd907c3942d8fac1eff961bf3040ae0faed3985bccc35551fdfcd52907750828fc988e60aec5b577af9769cebc8d6e87a826826f8362c84fe7ec9e6d3cc39c1b6b6b9005eaaf0d9037fa576757018d3f60fbab576284cd7343e70a4b8143dc67e94c1090b7376eec330f5995c4b3a119646b4a953cf0669d6e52264827bbbae2c7565529a68f46f5e1a23137059867d0192caf6b22e2d74f8fbe12a139bc90a0d12b6acc0a106ba4fc2baf87c254bb540835206fc5f63dbc82581cec68813c331af00086cae971610587c4683d5f1b0dd68b8a419f581f0387cc9d1a435e329a0595d73b8b7948923d498ad8ba4489b1ea23c331ca752bfd46de13faee26e7e2e9b11dd7151883ac8112c0ba049070bcf00881cc0a37395f1a102cddda4b0b903b0233461e70254e6a75b9c29c02fce51b630d5cd58867e5f8e5b47fdb2fb53e0b9485f1079ddb39d7b3ef5d8d37be9a08714575e454274581a8ad758ba53da32d2c893e8a40de0febf31f84016558a9db7c53dec27895d69fa1a34e4b5b856f4d0974a9dd4031e28632a245b921a576f1a19f47d7ba08e9ca94a7ae46c89b379d90e0dfdcffb790586d920ea79f94af735aa51695dfe0c9c73a44b277e877b473b43f5c3a960d7c5e22678ab3f7cf46bdf23cbbd31df613827f8e23f7b2c71be25eab7dbd56f7b426b784583ec97db1659afc521a84e709cd879f8e5afe72366ffcd05c29b92ad59b3fe569e0b92c7978630ff418af3b81e35a19df805a2b89b9b87a13109c19ea941e9b9f6ee1c47708870abfda2debce7eae0f356bc896a5a207f6bc3ed4186117e1ae9b861d3a9a94520a6df99fd700c6fc3b82467a1257c2040dd34b2fb30c032224e6b864900f93168e387edaeeedaebf8b7b40d4caaa97c85229e63770ced3382013fd11010d0ee46333666aaec98aacc511c92be9e55eee400c74ab4614552624ad88f5d63b6f87e85826ee7cf6f15418f9712c6d07f36a54f097d9bc48b3035ae569af4753e7831dc520fe4726d0c96d0cb7b45e5ca5006884d38ed8e8ead8d4a7da76f9bcfd848fd27345bec7dd4356ef7b11a0cd3113bd9d9bd72597daf8e25b987b6a17329b9c581e7e647eddd060553fd6e6d90bc07ffc5ca9eb6e9ce36aa545ac0f6e242e381282522481668f05909a69db9c8f417ce2406fb727c11fa8ed3ec6f0c7fed51414f3286075c414753979f58a70d97539c1215ad15f4f2bdc9cb27e00245bb2291f767d4c581387a63022c727026043c0180a848edd1c3fffff21c3fe0b11c65caca8941959536882277e3dc9e61da52527a24e2d79a497a80b33b24f1ca184d56ad13194867d7a0a424977b5f256a4643460a03007ccf2abb042c6a8f357e8c67298f4ee68fa10d82aeec9c63884f43927692db04bfa6651a630ff1e945d5c2ceb1552d0cd69830f257e5d2b500e4447f03edc78938d82871b7075be875dee546cd23ae617356f51fe8f1fb11417e63a436d7ca0ecd22fab3719ab5b4a4fa0ac2b6a44002fdddb61f7d6fe2beac291455b144cff1da4cb487c430a42cd6dee2b0752536175bdeb3abf2a393823dddf4567d7a6ac785662eb272ea9ea223e0d63a2d027fc3bfa6da9c1537a5c207c9f2495bd45eee778875ba641ceb20f3fb23d57269a4e40e0baea56d0b4247f12ebb7cf6ee0e64b0d521c8636ca845287f002adfde004e37bee0451540bcabf455b43233e287e4ce36ebbf2cf0dde125b72b90c40cc5bdf77f66b07bf5423a80409e1e95424e2d63c09e621354d87d29d28758c290f29746e00e72e1f6ee9fc93841a7a4ec7420c1d78c09f9355b41c5b6a2e94d84218428a4e4e40bcab84f0cdc9a230101146a11e1f36367b4b5f21e76b5e58c31aec27a47e7ce6c22d29c553f03d0515199b541750e92718c53542cb8c0e4202c89b5bc2a4e3cd4fd1e33ba846b2d2d1c94d2e73327b1d327fe80ff1113634e2e94769b97a1088c2f00001fd26ffbf3b4b82036e960a01efd1eecb0e4cff79c5943cb7f3390757f2ebaa20ac131cddf19065dad03237cca7406b5c30228494fe25d1be39d26631795f3b0a16ac6c8c27e37a75bce127c582beed29fe6137efe5ac28a2a89597db762a5d0215e318e92f17f36e3fcbc68c8233d2f0c433f9e11b2819ade8026682c9c966d13605ba9cfa66d91f8203260ed06d8c53912b2c25be01165ebda24e3b70c4fa4a99c56470ee40080aa92272d6ba4a0906d5b8df7039b82bf83378b78ce124aca8b7944fffdd65bfca51e33614282fb1738dd43c6b95f2bc5e9b24605ff3fb5a06ece40c2c4a86b93acdde534777d47c5196e7ef7d65ff45606324b402aa6b81afa463f63f96bc442cd25a033b7b6feed08de0f00bccb16c439813c6c4b1d1733bb55a6245a9180ec71a7f31631613c60af161f5ef64493b859a6c4baa9e381125098916475483ddfe0dccb4141f74e366a28b4fdeef59bb22f6f525c493912a044bd99a3b4b86b2834a4f837d58d4292a22a730b6a2e5ec7bf358c2016326fff4889d5d5e1beec898a3a88d0f4a450d86548a1a9b1cc1bee45e6a4e2c4e09cd69a51d46190755bd42c1e53d4a1f80010da651d6c500a066afa9c98755acf643ff381af66742c6e091746c77e0f14f2583d6d70339ed50e9da34a0aa8820359872132179f087f16cdaf3636688927e39a857a99f911d08406b6addefa9f895f3b29812234eaf4d5a93b9363fa02a4ee9fe8676811004fabc8121f7639e9f92c0d7f796a6355e984d7a85aadc6220847666f8f52c4571516eb1a9fc487e918956411823e1edef555a61ba7d45931457b221bdcc8aaad58e8007497a8846278e0aed68926d3ea9fd96a89ccc89627c86da315c3eb5445bf799df613befe958390660f6c9f7ac02e3187100f18ea3bfacf9662601fc9868329b3524cb8c07850726355bd748f7c51b32e6c4341676cef6af55351e599d196b02bd38d63bf0cd20b85f4bc79a2895b9c5c4d46090b4e1a10394f8ba7209d45d3878dc9b3e7ec3510073424b92a7448f9d8d9c15fff2a1c0e6dde7e6ad83f6243b21c6c14bd1b36e834b9cdc2b09022c0ddad8b5cdedb4a9e401acd96b77825cf6cb459e0c70b310c4d6f7a192c6766e75b4b50e64680b8bbe41065eac33f24c280ae6d89ef5fad05d8a9b635b052176cc3a9c2c9ffd43c0530deafd29079147dd34b5cd866e7feffe95f76695a40c216729ab52614cb603b6065e88ce689e29e016313ebc63814b33ffc28f8bbe846e6c5aceb44e92af060d2e3407c2ecb95be53e68a2dd5cac2cebc0d202fb01557e017fccda71d8dfab8c686dd8b0aba628417e3e347000000a07f8faeb2edf59a513dbf07325bf6e2604d7f00e7ecaef489fa240d7c962c654c803898146af6ff04c01117033cb7e1d960e0996d5ad4261514c61ea804e2effcaa4478cf3e39cfd79f8649886892bc2ee8459333e01de02cc747a728f4543619037f0e4e461ded523d75cc9fa8461a46ffa6ace8895f062df6f9ef9af0ee03bc156b3197fe6348a4d84e5da4c058e9d4e8722e30cea964e8f1c96070a8f973c6646c0730f5c46309537c87ef3c61eaa3ee7447ded16b4012c13aacd49c4db459676de562f749dfcb22d80c6d998c5b1cfba66cb84a803f5cfcb1c68a08711308f536f5c2ba4daa8b14f90132012efb0749df28fcf75bc3afc818706550a2f07398745d67b1dda4015e816daf6655c8540e23a5719e413a59cbdab51bf05a8c65f1b3270386676f22bb81351d9480675f1c169bf833467c832d736364bcfc2f314cc43656e1ea5077c9433362e96b4fde669f97cab4d70b66ab2dea08953a9d4223a5be36bd3bb93d7a0d51b3770f656f698e272e6c8cf175df0729b38bdd56227a245fd65cd227beced78d2f3816ddc6e458de06b859efc50dfc719a93d60ad660a7fac045631bbff7401d8db635dfc0f16941957d253e4bf297b4e03103bea91a94cfbdac5d4ffb6e6d371369a2744537539b5d1220f2555509996acc58a9a21b0b607a9062fccd469133c5b2db1c0b62ed0205be7bc55e457e44e6a509863ccfca7dd770d2681a002de566c048833cba7135497e3e8430b1dd50d8810143f0947ca665726d33e87a090750371f6059e4270005b61f9f46e0ba5e49313055cf1c25c20945ae0ae7564f246c3c454c0e8a26947ffb1b80f2b7b4f5b82a4f4011446f675bace0f202750ccf6e145285bf4e294825b25f45ff78cf787ba58e28595fe76d023109c363f27b4236b406228cf4e28bf5e27887f912970eff09ebd02258df3b6d1047d53be10c58efab6849353c9287a4376a05eedb5e049363d3882feaa030cd868b912c1d4754248f7a0a0338f0d3b3c5147f3db59ab3300e5781c006499efdb1064908b03c373e42a2204e3f984c8fced1601bf09a0620b551627580477f58e393a25c81a680da7f00000000726722863be650d125c08b9bd28a9d1b69b59e0de9e82acdaf745a831d68f5fb10293d331f921ef5596e72cfeef75d9fb9ae80676c5e52c0d4949c07af"], 0x1007) [ 146.364832] IPVS: set_ctl: invalid protocol: 29 172.20.20.18:20001 20:42:25 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire], 0x0, 0x0, &(0x7f0000002000)}) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000200), 0x0, 0x0, &(0x7f0000000280)}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000c6dfd0)={0x8, 0x0, &(0x7f0000dd0000)=[@acquire={0x400c630e}], 0x0, 0x0, &(0x7f0000008f37)}) 20:42:25 executing program 4: preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000080)=""/148, 0x289}], 0x1, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/arp\x00') preadv(r0, &(0x7f0000000480), 0x10000000000002a1, 0x10400003) ioctl$TUNGETSNDBUF(0xffffffffffffffff, 0x800454d3, &(0x7f0000000000)) ioctl$PERF_EVENT_IOC_RESET(0xffffffffffffffff, 0x2403, 0x5) fcntl$setown(r0, 0x8, 0x0) r1 = epoll_create1(0x80006) r2 = socket(0x1d, 0x0, 0x1116) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r2, &(0x7f0000000000)={0xfffffffe8000201f}) setsockopt$inet_udp_int(r2, 0x11, 0x6f, &(0x7f0000000100)=0x7, 0x4) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r1, &(0x7f0000000540)={0x20000003}) ioctl$sock_netdev_private(r3, 0x89f0, &(0x7f0000000480)="dd6c4aae95babf1ba2cec8b824c3d8fd5e5e2a57f332e1c96456a1d00ea4ce51a18b3bfae24dc491ada880e92ffe5376d59852e5ee1b2cde661cadfb31d0a597bb36b5180ca4958e224ea71a6b099d1592d459f4f498fce378ebf9ec4774f407b189a23bfebadf74943b2858f72fd422c838df1af095ff") ioctl$BLKSECDISCARD(r3, 0x127d, &(0x7f0000000300)=0x6bb) r5 = perf_event_open(&(0x7f0000000140)={0x2, 0xb1, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) fcntl$getown(r5, 0x9) r6 = mq_open(&(0x7f00005a1ffb)='eth0\x00', 0x42, 0x0, &(0x7f0000000000)={0x0, 0x6, 0x4}) mq_notify(r6, &(0x7f0000000140)={0x0, 0x2e, 0x1, @thr={&(0x7f0000000040)="7be4d6b00202ca53878499e01146863a2e7c8ca45e1910e5eba6453bb6f234b5a1b1bca731970a74bfc8e1793749ea18156c9b8a615bfa2f506fcf44060d36e38f66f111149434d5139e416358ea33f34b4507cdc299f7868d5f186e6bd604", &(0x7f00000000c0)="3c5d8da40d1477844fc4c160b6004a90edc520a6935a49cf5da4c2b525d13146ed27d429c762a4b0e9aaed82555cd1ae800d"}}) r7 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rtc0\x00', 0x101004, 0x0) preadv(r7, &(0x7f0000000440)=[{&(0x7f0000000340)=""/249, 0xf9}], 0x1, 0x0) ioctl$SG_GET_PACK_ID(0xffffffffffffffff, 0x227c, &(0x7f00000005c0)) ppoll(&(0x7f00000001c0)=[{r6, 0x8000}, {r7, 0x420}], 0x2, &(0x7f0000000200)={0x77359400}, &(0x7f0000000240)={0x9}, 0x8) mq_timedsend(r6, &(0x7f00000e6000), 0x0, 0xe7, &(0x7f0000e0b000)) getsockopt$inet_udp_int(r3, 0x11, 0x1, &(0x7f0000000280), &(0x7f0000000640)=0x4) write$eventfd(r4, &(0x7f00000002c0)=0x43, 0x8) setsockopt$inet_mreq(r2, 0x0, 0x23, &(0x7f0000000500)={@local, @rand_addr=0x800}, 0x8) syz_genetlink_get_family_id$team(&(0x7f0000000780)='team\x00') 20:42:25 executing program 1: r0 = memfd_create(&(0x7f0000033ff3)='\x00', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000027ff3)='/dev/snd/seq\x00', 0x0, 0x20005) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000037000)={0x0, 0x0, 0x0, "9ede7a8c5ae95e48000000000000007f4f13eeab65c0322901dc6bd36cde2c51f01b7f0b014f9f91eeb7c37c7240f476c8d753d000aa0500000074dbcfa6dc4d"}) write$sndseq(r0, &(0x7f000000a000)=[{0x0, 0x3, 0x0, 0x0, @tick=0xfffffffffffffffd, {}, {}, @ext={0x0, &(0x7f0000038ffe)}}], 0x30) write$tun(r2, &(0x7f0000000000)={@void, @void, @arp=@ether_ipv4={0x1, 0x800, 0x6, 0x4, 0x0, @empty, @remote, @empty, @multicast1}}, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r1, 0x4040534e, &(0x7f0000000080)={0x4a48b125e13656f}) 20:42:25 executing program 2: r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCSIFADDR(r0, 0x8916, &(0x7f0000000000)={'bond_slave_0\x00', {0x2, 0x0, @local}}) 20:42:25 executing program 7: r0 = syz_open_dev$binder(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000000c0)={0x4, 0x0, &(0x7f0000000100)=[@register_looper], 0x1, 0x6c000000, &(0x7f0000000280)='\b'}) r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000008fd0)={0x4c, 0x0, &(0x7f0000000140)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000100)}}}], 0x0, 0x0, &(0x7f0000fedffe)}) 20:42:25 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire], 0x0, 0x0, &(0x7f0000002000)}) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000002c0)={0x10, 0x0, &(0x7f0000000200)=[@request_death], 0x0, 0x0, &(0x7f0000000280)}) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000c6dfd0)={0x8, 0x0, &(0x7f0000dd0000)=[@acquire={0x400c630e}], 0x0, 0x0, &(0x7f0000008f37)}) 20:42:25 executing program 5: mkdir(&(0x7f000082f000)='./control\x00', 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000e4c000)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0) write$sndseq(r1, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) mount(&(0x7f0000000100)='./control\x00', &(0x7f0000000640)='./control/file0\x00', &(0x7f0000000140)='proc\x00', 0x0, &(0x7f00000001c0)) lchown(&(0x7f0000000040)='./control/file0\x00', 0x0, 0x0) close(r0) 20:42:25 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) fcntl$dupfd(r0, 0x0, r0) openat$ppp(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/ppp\x00', 0x0, 0x0) setsockopt$inet_MCAST_MSFILTER(0xffffffffffffffff, 0x0, 0x30, &(0x7f0000000580)=ANY=[], 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000140)=0x78, 0x4) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e23, @broadcast}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000b86000)={0x1, &(0x7f0000f40ff8)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10) sendto$inet(r0, &(0x7f0000a88f88), 0xfffffffffffffe6e, 0x20000000, &(0x7f0000e68000)={0x2, 0x4004e23, @local}, 0x10) recvmsg(r0, &(0x7f0000000240)={&(0x7f0000000040)=@nfc, 0x80, &(0x7f00000001c0)=[{&(0x7f0000003ac0)=""/4096, 0x1000}], 0x1, &(0x7f00000000c0)=""/20, 0x14}, 0x100) 20:42:25 executing program 1: r0 = memfd_create(&(0x7f0000033ff3)='\x00', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000027ff3)='/dev/snd/seq\x00', 0x0, 0x20005) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000037000)={0x0, 0x0, 0x0, "9ede7a8c5ae95e48000000000000007f4f13eeab65c0322901dc6bd36cde2c51f01b7f0b014f9f91eeb7c37c7240f476c8d753d000aa0500000074dbcfa6dc4d"}) write$sndseq(r0, &(0x7f000000a000)=[{0x0, 0x3, 0x0, 0x0, @tick=0xfffffffffffffffd, {}, {}, @ext={0x0, &(0x7f0000038ffe)}}], 0x30) write$tun(r2, &(0x7f0000000000)={@void, @void, @arp=@ether_ipv4={0x1, 0x800, 0x6, 0x4, 0x0, @empty, @remote, @empty, @multicast1}}, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r1, 0x4040534e, &(0x7f0000000080)={0x4a48b125e13656f}) 20:42:25 executing program 6: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_mreqn(r0, 0x0, 0x27, &(0x7f0000683ff4)={@multicast2, @loopback}, 0xc) setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000000)={@multicast2, @loopback, 0x0, 0x3, [@loopback, @local, @multicast2]}, 0x1c) setsockopt$inet_mreqsrc(r0, 0x0, 0x25, &(0x7f0000231000)={@multicast2, @loopback, @loopback}, 0xc) [ 147.153537] IPVS: set_ctl: invalid protocol: 29 172.20.20.18:20001 [ 147.186273] binder: 8212:8213 ERROR: BC_REGISTER_LOOPER called without request 20:42:25 executing program 5: mkdir(&(0x7f000082f000)='./control\x00', 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000e4c000)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0) write$sndseq(r1, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) mount(&(0x7f0000000100)='./control\x00', &(0x7f0000000640)='./control/file0\x00', &(0x7f0000000140)='proc\x00', 0x0, &(0x7f00000001c0)) lchown(&(0x7f0000000040)='./control/file0\x00', 0x0, 0x0) close(r0) 20:42:25 executing program 2: r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCSIFADDR(r0, 0x8916, &(0x7f0000000000)={'bond_slave_0\x00', {0x2, 0x0, @local}}) 20:42:25 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire], 0x0, 0x0, &(0x7f0000002000)}) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000002c0)={0x10, 0x0, &(0x7f0000000200)=[@request_death], 0x0, 0x0, &(0x7f0000000280)}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000c6dfd0)={0x0, 0x0, &(0x7f0000dd0000), 0x0, 0x0, &(0x7f0000008f37)}) 20:42:26 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCSARP(r0, 0x8953, &(0x7f0000000100)={{}, {0x0, @link_local}, 0x0, {0x2, 0x0, @remote}}) [ 147.234844] binder: 8212:8213 transaction failed 29189/-22, size 0-0 line 2852 [ 147.267754] binder: undelivered TRANSACTION_ERROR: 29189 20:42:26 executing program 6: r0 = socket$netlink(0x10, 0x3, 0x100000000002) connect$netlink(r0, &(0x7f0000000000), 0xc) close(r0) 20:42:26 executing program 7: r0 = syz_open_dev$binder(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000000c0)={0x4, 0x0, &(0x7f0000000100)=[@register_looper], 0x1, 0x6c000000, &(0x7f0000000280)='\b'}) r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000008fd0)={0x4c, 0x0, &(0x7f0000000140)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000100)}}}], 0x0, 0x0, &(0x7f0000fedffe)}) 20:42:26 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire], 0x0, 0x0, &(0x7f0000002000)}) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000002c0)={0x10, 0x0, &(0x7f0000000200)=[@request_death], 0x0, 0x0, &(0x7f0000000280)}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000c6dfd0)={0x0, 0x0, &(0x7f0000dd0000), 0x0, 0x0, &(0x7f0000008f37)}) [ 147.373215] binder: 8249:8250 ERROR: BC_REGISTER_LOOPER called without request [ 147.402871] binder: 8249:8250 transaction failed 29189/-22, size 0-0 line 2852 [ 147.416942] binder: undelivered TRANSACTION_ERROR: 29189 20:42:26 executing program 4: preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000080)=""/148, 0x289}], 0x1, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/arp\x00') preadv(r0, &(0x7f0000000480), 0x10000000000002a1, 0x10400003) ioctl$TUNGETSNDBUF(0xffffffffffffffff, 0x800454d3, &(0x7f0000000000)) ioctl$PERF_EVENT_IOC_RESET(0xffffffffffffffff, 0x2403, 0x5) fcntl$setown(r0, 0x8, 0x0) r1 = epoll_create1(0x80006) r2 = socket(0x1d, 0x0, 0x1116) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r2, &(0x7f0000000000)={0xfffffffe8000201f}) setsockopt$inet_udp_int(r2, 0x11, 0x6f, &(0x7f0000000100)=0x7, 0x4) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r1, &(0x7f0000000540)={0x20000003}) ioctl$sock_netdev_private(r3, 0x89f0, &(0x7f0000000480)="dd6c4aae95babf1ba2cec8b824c3d8fd5e5e2a57f332e1c96456a1d00ea4ce51a18b3bfae24dc491ada880e92ffe5376d59852e5ee1b2cde661cadfb31d0a597bb36b5180ca4958e224ea71a6b099d1592d459f4f498fce378ebf9ec4774f407b189a23bfebadf74943b2858f72fd422c838df1af095ff") ioctl$BLKSECDISCARD(r3, 0x127d, &(0x7f0000000300)=0x6bb) r5 = perf_event_open(&(0x7f0000000140)={0x2, 0xb1, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) fcntl$getown(r5, 0x9) r6 = mq_open(&(0x7f00005a1ffb)='eth0\x00', 0x42, 0x0, &(0x7f0000000000)={0x0, 0x6, 0x4}) mq_notify(r6, &(0x7f0000000140)={0x0, 0x2e, 0x1, @thr={&(0x7f0000000040)="7be4d6b00202ca53878499e01146863a2e7c8ca45e1910e5eba6453bb6f234b5a1b1bca731970a74bfc8e1793749ea18156c9b8a615bfa2f506fcf44060d36e38f66f111149434d5139e416358ea33f34b4507cdc299f7868d5f186e6bd604", &(0x7f00000000c0)="3c5d8da40d1477844fc4c160b6004a90edc520a6935a49cf5da4c2b525d13146ed27d429c762a4b0e9aaed82555cd1ae800d"}}) r7 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rtc0\x00', 0x101004, 0x0) pipe2(&(0x7f0000000580)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) ioctl$SG_GET_PACK_ID(r8, 0x227c, &(0x7f00000005c0)) ppoll(&(0x7f00000001c0)=[{r6, 0x8000}, {r7, 0x420}], 0x2, &(0x7f0000000200)={0x77359400}, &(0x7f0000000240)={0x9}, 0x8) mq_timedsend(r6, &(0x7f00000e6000), 0x0, 0xe7, &(0x7f0000e0b000)) getsockopt$inet_udp_int(r3, 0x11, 0x1, &(0x7f0000000280), &(0x7f0000000640)=0x4) write$eventfd(r4, &(0x7f00000002c0)=0x43, 0x8) setsockopt$inet_mreq(r2, 0x0, 0x23, &(0x7f0000000500)={@local, @rand_addr=0x800}, 0x8) syz_genetlink_get_family_id$team(&(0x7f0000000780)='team\x00') 20:42:26 executing program 2: ioctl$sock_inet_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f00000000c0)={'bond_slave_0\x00'}) ioctl$sock_inet_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f0000000000)={'bond_slave_0\x00', {0x2, 0x0, @local}}) 20:42:26 executing program 1: r0 = socket$inet6(0xa, 0x80001, 0x0) setsockopt$inet6_MCAST_JOIN_GROUP(r0, 0x29, 0x2a, &(0x7f0000fca000)={0x100000001, {{0xa, 0x0, 0x0, @mcast1}}}, 0x88) setsockopt$inet6_group_source_req(r0, 0x29, 0x2b, &(0x7f0000000140)={0x0, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @mcast1}}}, 0x108) setsockopt$inet6_MCAST_MSFILTER(r0, 0x29, 0x30, &(0x7f0000000340)={0x1, {{0xa, 0x0, 0x0, @mcast1}}, 0x0, 0x1, [{{0xa, 0x0, 0x0, @loopback}}]}, 0x10c) 20:42:26 executing program 5: mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x1032, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000e4c000)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0) write$sndseq(r1, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) mount(&(0x7f0000000100)='./control\x00', &(0x7f0000000640)='./control/file0\x00', &(0x7f0000000140)='proc\x00', 0x0, &(0x7f00000001c0)) lchown(&(0x7f0000000040)='./control/file0\x00', 0x0, 0x0) close(r0) 20:42:26 executing program 6: rt_sigprocmask(0x0, &(0x7f0000000000)={0xfffffffffffffffd}, 0x0, 0x8) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) dup2(r0, r1) write$binfmt_script(r1, &(0x7f0000000080)={'#! ', './file0'}, 0xb) 20:42:26 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binder(&(0x7f000000fff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire], 0x0, 0x0, &(0x7f0000002000)}) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000002c0)={0x10, 0x0, &(0x7f0000000200)=[@request_death], 0x0, 0x0, &(0x7f0000000280)}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000c6dfd0)={0x0, 0x0, &(0x7f0000dd0000), 0x0, 0x0, &(0x7f0000008f37)}) 20:42:26 executing program 7: r0 = syz_open_dev$binder(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000000c0)={0x4, 0x0, &(0x7f0000000100)=[@register_looper], 0x1, 0x6c000000, &(0x7f0000000280)='\b'}) r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000008fd0)={0x4c, 0x0, &(0x7f0000000140)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000100)}}}], 0x0, 0x0, &(0x7f0000fedffe)}) 20:42:26 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) openat$ppp(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/ppp\x00', 0x0, 0x0) setsockopt$inet_MCAST_MSFILTER(0xffffffffffffffff, 0x0, 0x30, &(0x7f0000000580)=ANY=[], 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000140)=0x78, 0x4) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e23, @broadcast}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000b86000)={0x1, &(0x7f0000f40ff8)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10) sendto$inet(r0, &(0x7f0000a88f88), 0xfffffffffffffe6e, 0x20000000, &(0x7f0000e68000)={0x2, 0x4004e23, @local}, 0x10) shutdown(r1, 0x1) 20:42:26 executing program 2: ioctl$sock_inet_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f00000000c0)={'bond_slave_0\x00'}) ioctl$sock_inet_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f0000000000)={'bond_slave_0\x00', {0x2, 0x0, @local}}) 20:42:26 executing program 6: r0 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000180)={0xa, 0x0, 0x0, @mcast2, 0x9}, 0x1c) sendmmsg(r0, &(0x7f0000007e00), 0x8000289, 0x24008013) ioctl$PPPIOCGMRU(0xffffffffffffffff, 0x80047453, &(0x7f0000000140)) 20:42:26 executing program 5: mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x1032, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000e4c000)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0) write$sndseq(r1, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) mount(&(0x7f0000000100)='./control\x00', &(0x7f0000000640)='./control/file0\x00', &(0x7f0000000140)='proc\x00', 0x0, &(0x7f00000001c0)) lchown(&(0x7f0000000040)='./control/file0\x00', 0x0, 0x0) close(r0) 20:42:26 executing program 1: r0 = socket(0x200000000000011, 0x2, 0x0) sendmmsg(r0, &(0x7f00000025c0)=[{{&(0x7f0000000080)=@in6={0xa, 0x0, 0x8, @local}, 0x80, &(0x7f0000000100), 0x0, &(0x7f0000000140)}}, {{&(0x7f0000001c00)=@in6={0xa, 0x0, 0x7, @loopback}, 0x80, &(0x7f0000001f00), 0x0, &(0x7f0000003a40)=[{0xc}, {0xc}], 0x18}}], 0x2, 0x0) [ 148.185835] binder: 8269:8270 ERROR: BC_REGISTER_LOOPER called without request 20:42:26 executing program 0: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) r1 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12, 0x0, @thr={&(0x7f0000000040), &(0x7f0000000140)}}, &(0x7f0000044000)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000040000)) r2 = socket$inet(0x2, 0x1, 0x0) connect$inet(0xffffffffffffffff, &(0x7f00009322c4)={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x10) connect$inet(r2, &(0x7f0000000080)={0x2, 0x0, @loopback}, 0x10) dup2(r0, r2) tkill(r1, 0x1000000000016) [ 148.236222] binder: 8269:8270 transaction failed 29189/-22, size 0-0 line 2852 20:42:27 executing program 2: ioctl$sock_inet_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f00000000c0)={'bond_slave_0\x00'}) ioctl$sock_inet_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f0000000000)={'bond_slave_0\x00', {0x2, 0x0, @local}}) 20:42:27 executing program 5: mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x1032, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000e4c000)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0) write$sndseq(r1, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) mount(&(0x7f0000000100)='./control\x00', &(0x7f0000000640)='./control/file0\x00', &(0x7f0000000140)='proc\x00', 0x0, &(0x7f00000001c0)) lchown(&(0x7f0000000040)='./control/file0\x00', 0x0, 0x0) close(r0) 20:42:27 executing program 1: openat$sequencer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer\x00', 0x400000, 0x0) mkdir(&(0x7f00000011c0)='./file0\x00', 0x20) r0 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000001100)='/dev/rfkill\x00', 0x40, 0x0) fsetxattr(r0, &(0x7f0000001140)=@known='system.posix_acl_default\x00', &(0x7f0000001180)='cgroup,systemselinux\x00', 0x15, 0x1) mmap(&(0x7f0000000000/0xe73000)=nil, 0xe73000, 0x3, 0x32, 0xffffffffffffffff, 0x0) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = socket$l2tp(0x18, 0x1, 0x1) connect$l2tp(r2, &(0x7f0000e71000)=@pppol2tpin6={0x18, 0x1, {0x0, r1, 0x3, 0x0, 0x3, 0x0, {0xa, 0x2, 0x3, @remote, 0x4}}}, 0x32) r3 = socket$l2tp(0x18, 0x1, 0x1) connect$l2tp(r3, &(0x7f00005fafd2)=@pppol2tpv3={0x18, 0x1, {0x0, r1, {0x2, 0x1, @multicast2}, 0x4, 0x0, 0x2}}, 0x2e) [ 148.291603] binder: undelivered TRANSACTION_ERROR: 29189 20:42:27 executing program 4: preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000080)=""/148, 0x289}], 0x1, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/arp\x00') preadv(r0, &(0x7f0000000480), 0x10000000000002a1, 0x10400003) ioctl$TUNGETSNDBUF(0xffffffffffffffff, 0x800454d3, &(0x7f0000000000)) ioctl$PERF_EVENT_IOC_RESET(0xffffffffffffffff, 0x2403, 0x5) fcntl$setown(r0, 0x8, 0x0) r1 = epoll_create1(0x80006) r2 = socket(0x1d, 0x0, 0x1116) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r2, &(0x7f0000000000)={0xfffffffe8000201f}) setsockopt$inet_udp_int(r2, 0x11, 0x6f, &(0x7f0000000100)=0x7, 0x4) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r1, &(0x7f0000000540)={0x20000003}) ioctl$sock_netdev_private(r3, 0x89f0, &(0x7f0000000480)="dd6c4aae95babf1ba2cec8b824c3d8fd5e5e2a57f332e1c96456a1d00ea4ce51a18b3bfae24dc491ada880e92ffe5376d59852e5ee1b2cde661cadfb31d0a597bb36b5180ca4958e224ea71a6b099d1592d459f4f498fce378ebf9ec4774f407b189a23bfebadf74943b2858f72fd422c838df1af095ff") ioctl$BLKSECDISCARD(r3, 0x127d, &(0x7f0000000300)=0x6bb) r5 = perf_event_open(&(0x7f0000000140)={0x2, 0xb1, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) fcntl$getown(r5, 0x9) r6 = mq_open(&(0x7f00005a1ffb)='eth0\x00', 0x42, 0x0, &(0x7f0000000000)={0x0, 0x6, 0x4}) mq_notify(r6, &(0x7f0000000140)={0x0, 0x2e, 0x1, @thr={&(0x7f0000000040)="7be4d6b00202ca53878499e01146863a2e7c8ca45e1910e5eba6453bb6f234b5a1b1bca731970a74bfc8e1793749ea18156c9b8a615bfa2f506fcf44060d36e38f66f111149434d5139e416358ea33f34b4507cdc299f7868d5f186e6bd604", &(0x7f00000000c0)="3c5d8da40d1477844fc4c160b6004a90edc520a6935a49cf5da4c2b525d13146ed27d429c762a4b0e9aaed82555cd1ae800d"}}) preadv(0xffffffffffffffff, &(0x7f0000000440)=[{&(0x7f0000000340)=""/249, 0xf9}], 0x1, 0x0) pipe2(&(0x7f0000000580)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) ioctl$SG_GET_PACK_ID(r7, 0x227c, &(0x7f00000005c0)) ppoll(&(0x7f00000001c0)=[{r6, 0x8000}, {0xffffffffffffffff, 0x420}], 0x2, &(0x7f0000000200)={0x77359400}, &(0x7f0000000240)={0x9}, 0x8) mq_timedsend(r6, &(0x7f00000e6000), 0x0, 0xe7, &(0x7f0000e0b000)) getsockopt$inet_udp_int(r3, 0x11, 0x1, &(0x7f0000000280), &(0x7f0000000640)=0x4) write$eventfd(r4, &(0x7f00000002c0)=0x43, 0x8) setsockopt$inet_mreq(r2, 0x0, 0x23, &(0x7f0000000500)={@local, @rand_addr=0x800}, 0x8) syz_genetlink_get_family_id$team(&(0x7f0000000780)='team\x00') 20:42:27 executing program 7: r0 = syz_open_dev$binder(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000000c0)={0x4, 0x0, &(0x7f0000000100)=[@register_looper], 0x1, 0x6c000000, &(0x7f0000000280)='\b'}) r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000008fd0)={0x4c, 0x0, &(0x7f0000000140)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000100)}}}], 0x0, 0x0, &(0x7f0000fedffe)}) 20:42:27 executing program 6: r0 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000100)={'veth0_to_bridge\x00', 0x0}) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000080)={&(0x7f0000000000), 0xc, &(0x7f00000000c0)={&(0x7f0000000480)=@bridge_setlink={0x2c, 0x13, 0x9, 0x0, 0x0, {0x7, 0x0, 0x0, r1}, [@IFLA_AF_SPEC={0xc, 0x1a, [{0x4, 0x1c}, {0x4}]}]}, 0x2c}}, 0x0) 20:42:27 executing program 0: r0 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000400)={0xa, 0x0, 0x0, @dev, 0x5}, 0x1c) sendmsg(r0, &(0x7f0000014fc8)={&(0x7f0000006ff0)=@in={0x2, 0x4e23, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x80, &(0x7f0000000040), 0x0, &(0x7f00000000c0)=ANY=[]}, 0x0) 20:42:27 executing program 5: mkdir(&(0x7f000082f000)='./control\x00', 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x0, 0x1032, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000e4c000)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0) write$sndseq(r1, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) mount(&(0x7f0000000100)='./control\x00', &(0x7f0000000640)='./control/file0\x00', &(0x7f0000000140)='proc\x00', 0x0, &(0x7f00000001c0)) lchown(&(0x7f0000000040)='./control/file0\x00', 0x0, 0x0) close(r0) 20:42:27 executing program 2: r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f00000000c0)={'bond_slave_0\x00'}) ioctl$sock_inet_SIOCSIFADDR(r0, 0x8916, &(0x7f0000000000)={'bond_slave_0\x00', {0x2, 0x0, @local}}) 20:42:27 executing program 1: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup.cpu\x00', 0x200002, 0x0) fchdir(r0) r1 = creat(&(0x7f00000002c0)='./bus\x00', 0x40) ftruncate(r1, 0x2) r2 = open(&(0x7f000000fffa)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0xfffffffffffffffd, 0x11, r2, 0x0) finit_module(r1, &(0x7f0000000000)='./cgroup.cpu\x00', 0x2) fchdir(0xffffffffffffffff) r3 = creat(&(0x7f0000000700)='./bus\x00', 0x0) fcntl$setstatus(r3, 0x4, 0x6100) pipe2(&(0x7f0000989000), 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) mmap$binder(&(0x7f0000011000/0x1000)=nil, 0x1000, 0x0, 0x30, r3, 0x0) ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, &(0x7f0000bc8000)) set_thread_area(&(0x7f0000000080)={0x0, 0xffffffff, 0x100000000, 0x80, 0x0, 0x7, 0x7ff, 0x3, 0x2, 0x1}) ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f0000d62fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) creat(&(0x7f000009aff8)='./file0\x00', 0x0) write$sndseq(r3, &(0x7f0000011fd2), 0x0) link(&(0x7f0000f3bff8)='./file0\x00', &(0x7f00006b3ff0)='./file2\x00') r4 = open(&(0x7f000000fffa)='./bus\x00', 0x141042, 0x0) ftruncate(r3, 0x81) sendfile(r4, r4, &(0x7f0000000280), 0x2) write$evdev(r3, &(0x7f0000000200)=[{{0x0, 0x2710}}, {{0x0, 0x2710}}, {}], 0xfffffffffffffee1) 20:42:27 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) openat$ppp(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/ppp\x00', 0x0, 0x0) setsockopt$inet_MCAST_MSFILTER(0xffffffffffffffff, 0x0, 0x30, &(0x7f0000000580)=ANY=[], 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000140)=0x78, 0x4) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e23, @broadcast}, 0x10) sendto$inet(r0, &(0x7f0000a88f88), 0xfffffffffffffe6e, 0x20000000, &(0x7f0000e68000)={0x2, 0x4004e23, @local}, 0x10) shutdown(r1, 0x1) 20:42:27 executing program 2: r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f00000000c0)={'bond_slave_0\x00'}) ioctl$sock_inet_SIOCSIFADDR(r0, 0x8916, &(0x7f0000000000)={'bond_slave_0\x00', {0x2, 0x0, @local}}) 20:42:27 executing program 6: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x80000000000002, &(0x7f0000000140)=0x78, 0x4) bind$inet(r0, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f00000000c0)='reno\x00', 0x5) sendto$inet(r0, &(0x7f0000a88f88), 0xfffffffffffffe6e, 0x20000000, &(0x7f0000e68000)={0x2, 0x4004e23, @local}, 0x10) shutdown(r1, 0x1) 20:42:27 executing program 0: r0 = socket$inet6_udp(0xa, 0x2, 0x0) r1 = socket$l2tp(0x18, 0x1, 0x1) connect$l2tp(r1, &(0x7f00005fafd2)=@pppol2tpv3={0x18, 0x1, {0x0, r0, {0x2, 0x0, @multicast2}, 0x4}}, 0x2e) getsockname(r1, &(0x7f0000000000)=@ll={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @broadcast}, &(0x7f0000000080)=0x80) 20:42:27 executing program 5: mkdir(&(0x7f000082f000)='./control\x00', 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x0, 0x1032, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000e4c000)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0) write$sndseq(r1, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) mount(&(0x7f0000000100)='./control\x00', &(0x7f0000000640)='./control/file0\x00', &(0x7f0000000140)='proc\x00', 0x0, &(0x7f00000001c0)) lchown(&(0x7f0000000040)='./control/file0\x00', 0x0, 0x0) close(r0) [ 149.154712] binder: 8327:8330 ERROR: BC_REGISTER_LOOPER called without request 20:42:27 executing program 1: r0 = memfd_create(&(0x7f0000034ffe)='\x00 ', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000053ff3)='/dev/snd/seq\x00', 0x0, 0x0) dup2(r1, r0) r2 = memfd_create(&(0x7f0000000080)='\'', 0x0) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) r4 = socket$inet6(0xa, 0x1, 0x0) ioctl(r4, 0x4000008912, &(0x7f0000000100)="295ee1311f16f477671070") r5 = fcntl$dupfd(r3, 0x0, r3) r6 = ioctl$LOOP_CTL_GET_FREE(r5, 0x4c82) clock_gettime(0x0, &(0x7f0000001900)={0x0, 0x0}) timerfd_settime(r5, 0x1, &(0x7f0000001940)={{0x77359400}, {r7, r8+10000000}}, &(0x7f0000001980)) ioctl$LOOP_CTL_REMOVE(r5, 0x4c81, r6) setsockopt$inet_tcp_int(r3, 0x6, 0x80000000000002, &(0x7f0000000140)=0x78, 0x4) bind$inet(r3, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10) setsockopt$SO_ATTACH_FILTER(r3, 0x1, 0x1a, &(0x7f0000b86000)={0x1, &(0x7f0000f40ff8)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10) sendto$inet(r3, &(0x7f0000a88f88), 0xfffffffffffffe6e, 0x20000000, &(0x7f0000e68000)={0x2, 0x4004e23, @local}, 0x10) recvmsg(r3, &(0x7f00000000c0)={&(0x7f0000000040)=@nfc, 0x80, &(0x7f0000000000)=[{&(0x7f0000003ac0)=""/4096, 0xfdbf}], 0x1, &(0x7f0000000200)=""/20, 0x14}, 0x100) setsockopt$netlink_NETLINK_DROP_MEMBERSHIP(r5, 0x10e, 0x2, &(0x7f0000000180)=0xf, 0x4) setsockopt$inet_tcp_TCP_CONGESTION(r3, 0x6, 0xd, &(0x7f00000002c0)='veno\x00', 0x5) recvmsg(r4, &(0x7f00000018c0)={&(0x7f0000000240)=@hci, 0x80, &(0x7f0000001780)=[{&(0x7f0000000300)=""/200, 0xc8}, {&(0x7f0000000400)=""/88, 0x58}, {&(0x7f00000001c0)=""/63, 0x3f}, {&(0x7f0000000500)=""/4096, 0x1000}, {&(0x7f0000001500)=""/117, 0x75}, {&(0x7f0000001580)=""/75, 0x4b}, {&(0x7f0000001600)=""/152, 0x98}, {&(0x7f00000016c0)=""/13, 0xd}, {&(0x7f0000001700)=""/121, 0x79}], 0x9, &(0x7f0000001800)=""/173, 0xad, 0x4}, 0x100) shutdown(r5, 0x1) r9 = syz_open_dev$sndseq(&(0x7f0000042000)='/dev/snd/seq\x00', 0x0, 0x0) dup2(r9, r2) setsockopt$IP_VS_SO_SET_ADD(r0, 0x0, 0x482, &(0x7f00000019c0)={0x33, @remote, 0x4e20, 0x0, 'lc\x00', 0x8, 0xbf, 0x5a}, 0x2c) fcntl$dupfd(r0, 0x0, r1) 20:42:27 executing program 2: r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f00000000c0)={'bond_slave_0\x00'}) ioctl$sock_inet_SIOCSIFADDR(r0, 0x8916, &(0x7f0000000000)={'bond_slave_0\x00', {0x2, 0x0, @local}}) 20:42:28 executing program 5: mkdir(&(0x7f000082f000)='./control\x00', 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x0, 0x1032, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000e4c000)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0) write$sndseq(r1, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) mount(&(0x7f0000000100)='./control\x00', &(0x7f0000000640)='./control/file0\x00', &(0x7f0000000140)='proc\x00', 0x0, &(0x7f00000001c0)) lchown(&(0x7f0000000040)='./control/file0\x00', 0x0, 0x0) close(r0) 20:42:28 executing program 2: r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCSIFADDR(r0, 0x8916, &(0x7f00000000c0)={'bond_slave_0\x00'}) ioctl$sock_inet_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f0000000000)={'bond_slave_0\x00', {0x2, 0x0, @local}}) [ 149.956741] binder_alloc: 8327: binder_alloc_buf, no vma [ 149.962337] binder: 8327:8370 transaction failed 29189/-3, size 0-0 line 2967 20:42:28 executing program 4: preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000080)=""/148, 0x289}], 0x1, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/arp\x00') preadv(r0, &(0x7f0000000480), 0x10000000000002a1, 0x10400003) ioctl$TUNGETSNDBUF(0xffffffffffffffff, 0x800454d3, &(0x7f0000000000)) ioctl$PERF_EVENT_IOC_RESET(0xffffffffffffffff, 0x2403, 0x5) fcntl$setown(r0, 0x8, 0x0) r1 = epoll_create1(0x80006) r2 = socket(0x1d, 0x0, 0x1116) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r2, &(0x7f0000000000)={0xfffffffe8000201f}) setsockopt$inet_udp_int(r2, 0x11, 0x6f, &(0x7f0000000100)=0x7, 0x4) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r1, &(0x7f0000000540)={0x20000003}) ioctl$sock_netdev_private(r3, 0x89f0, &(0x7f0000000480)="dd6c4aae95babf1ba2cec8b824c3d8fd5e5e2a57f332e1c96456a1d00ea4ce51a18b3bfae24dc491ada880e92ffe5376d59852e5ee1b2cde661cadfb31d0a597bb36b5180ca4958e224ea71a6b099d1592d459f4f498fce378ebf9ec4774f407b189a23bfebadf74943b2858f72fd422c838df1af095ff") ioctl$BLKSECDISCARD(r3, 0x127d, &(0x7f0000000300)=0x6bb) r5 = perf_event_open(&(0x7f0000000140)={0x2, 0xb1, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) fcntl$getown(r5, 0x9) r6 = mq_open(&(0x7f00005a1ffb)='eth0\x00', 0x42, 0x0, &(0x7f0000000000)={0x0, 0x6, 0x4}) r7 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rtc0\x00', 0x101004, 0x0) preadv(r7, &(0x7f0000000440)=[{&(0x7f0000000340)=""/249, 0xf9}], 0x1, 0x0) pipe2(&(0x7f0000000580)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) ioctl$SG_GET_PACK_ID(r8, 0x227c, &(0x7f00000005c0)) ppoll(&(0x7f00000001c0)=[{r6, 0x8000}, {r7, 0x420}], 0x2, &(0x7f0000000200)={0x77359400}, &(0x7f0000000240)={0x9}, 0x8) mq_timedsend(r6, &(0x7f00000e6000), 0x0, 0xe7, &(0x7f0000e0b000)) getsockopt$inet_udp_int(r3, 0x11, 0x1, &(0x7f0000000280), &(0x7f0000000640)=0x4) write$eventfd(r4, &(0x7f00000002c0)=0x43, 0x8) setsockopt$inet_mreq(r2, 0x0, 0x23, &(0x7f0000000500)={@local, @rand_addr=0x800}, 0x8) syz_genetlink_get_family_id$team(&(0x7f0000000780)='team\x00') 20:42:28 executing program 5: mkdir(&(0x7f000082f000)='./control\x00', 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x0, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000e4c000)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0) write$sndseq(r1, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) mount(&(0x7f0000000100)='./control\x00', &(0x7f0000000640)='./control/file0\x00', &(0x7f0000000140)='proc\x00', 0x0, &(0x7f00000001c0)) lchown(&(0x7f0000000040)='./control/file0\x00', 0x0, 0x0) close(r0) 20:42:28 executing program 2: mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x0, 0x4c831, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) bind$netlink(r0, &(0x7f0000000000), 0xc) bind$netlink(r0, &(0x7f0000000100), 0xc) 20:42:28 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) openat$ppp(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/ppp\x00', 0x0, 0x0) setsockopt$inet_MCAST_MSFILTER(0xffffffffffffffff, 0x0, 0x30, &(0x7f0000000580)=ANY=[], 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000140)=0x78, 0x4) sendto$inet(r0, &(0x7f0000a88f88), 0xfffffffffffffe6e, 0x20000000, &(0x7f0000e68000)={0x2, 0x4004e23, @local}, 0x10) shutdown(r1, 0x1) 20:42:28 executing program 6: r0 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x800) setpriority(0x0, 0x0, 0x1) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008fd0)={0x4, 0x0, &(0x7f0000003fe8)=[@register_looper], 0x0, 0x0, &(0x7f0000009000)}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f000000dfd0)={0x0, 0x0, &(0x7f000000dfac), 0x1, 0x0, &(0x7f000000df36)="12"}) 20:42:28 executing program 1: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000015c0)="766574683100000000ffffffffffef00", 0xb) writev(r0, &(0x7f0000001400)=[{&(0x7f00000013c0)='8', 0x1}], 0x1) sendmsg(r0, &(0x7f0000000700)={&(0x7f0000000100)=@vsock={0x28, 0x0, 0x0, @reserved}, 0x80, &(0x7f0000000640), 0xe6, &(0x7f0000002600)}, 0x0) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='tunl0\x00', 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0), 0x6) 20:42:28 executing program 7: r0 = syz_open_dev$binder(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000000c0)={0x4, 0x0, &(0x7f0000000100)=[@register_looper], 0x1, 0x6c000000, &(0x7f0000000280)='\b'}) r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000008fd0)={0x4c, 0x0, &(0x7f0000000140)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000100)}}}], 0x0, 0x0, &(0x7f0000fedffe)}) 20:42:28 executing program 0: r0 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000180)={0xa, 0x0, 0x0, @remote, 0x9}, 0x1c) sendmmsg(r0, &(0x7f0000003a80)=[{{0x0, 0x0, &(0x7f0000000100), 0x0, &(0x7f00000002c0)=[{0xc}], 0xc, 0x4000000}, 0x6}, {{&(0x7f0000000480)=@in6={0xa, 0x4e21, 0x0, @ipv4={[], [], @rand_addr=0x6}, 0x100}, 0x80, &(0x7f0000000800)=[{&(0x7f0000000500)="62ddaac61eef6456286667a1c8fbd853ad57b69c8df3c07859632900b033b73503a84a04b4d64d9aaca9fb4179df58889c15bfeff6411d2d41bb0e6d8351115bcef958ba9c6feda75d0c9a182c236c4c11811c3b0b875c109dd65ca2700a0e0202", 0x61}, {&(0x7f0000000580)="48f5ce1f614106531c19ad01c53bfede79483699ce", 0x15}, {&(0x7f0000000640)="5b3b60afc7a27e3dfec4aa15fa6cd3d6b8ebca35f2ac26daca1cc2adf1194b5cce79b7b220c6fa91ec46eaa248112eabb768c31aca7c7f9ed11e6437ef03620e6d37ff4cfda27ec6c103f2600719b9c2d63737bf6015c6911bba77093910f6f8b92fc9165717f80a6ce93cb39c450243405c06315828d6a7ddcc2bfd5a9716c4fd613a93b5d2cc7ad87753ff5930f3157d407da95ec056213c70fa", 0x9b}, {&(0x7f0000000740)="8c6214f0cdf821d8e9762420ec719fb3e01581d03c7079495af56bf53a208fe9fab22224ab9d0a175212ae9ae50fe73e417984c37668bdecb851beede199ff07cc62d4fdbf36a037e06f46267cb6b7d0f74283335cb9176152f69076c6b3566a014a37bb2a147bdeab87938b48a2d3b03ce18bbc85b473f7f380b594e54df59e0c2457cf3167cd5d11176cb79512600d9b2b34ece74e6e3afe4aac543e33b0c77c6247f4b123966cdde80c1e287ee05a9924dcd4bafea2e1df289faeb9", 0xbd}], 0x4, &(0x7f0000000840)=[{0x100c, 0x109, 0x6, "8b1bf39bb44406b870a81606e42748d1cf0e9cc91e9a7289da96d6822da233bd8c3617fc07cd2a3870933d0230dbec2063cb7f971d60184e5ff8d2edcba826df7413ec5aad29978408a3c724c43a3e5732224a91004d4d2540d4fd35349c1cb78daa6c2456f448ea91db2df3f2fa02a15c6e7185d6313948d750766618268df56ef00eeaef38d09534a7bbb87bf8e04778c334e54d7684df57ac650903e8bf0ddcb8e798ebe3ca4bf9803d1851d9e11282fcbd210e77d040e24ac98a3fd1335188c0fc822fd41c00f497ed5e8dcecf38d1e5fdd77cb6d5848b9c5d7cdfe0a4d3b4a82552cd36fab6729185af37b8360120622ce2899fe809cf7990c11dbb74f8b67c52951e4a05b30421c52bd7527da8297a1e55aa227b05046d4a95cca52b3b32d728558cf5d2a9493bab9c13485daac7c6460ef4c1fcf34ec8aa360c9cc429d3ff1081db5ebc1f80b720a894a97452dcceaa031fab8bd217be75949e9db292578b533da67d8ecbcf9f945457700c17c4025529b0b80938b78afd06dd681e238ece0d2565ebb2098547c9bfc00e92832f8f7ff7e4a15bf441d1b2d30b8da67b2d88aa7227c7fb4855c06a51c155a6adef76b7ef654eb8c80a302075f9c120078e38b38d1850fa039d9b612bdc3562aa173c166683790cd72b0812cb0a14625b8174b8ad135d41910a400f54705f9638b8029ec45ff28ecae7da5ee2c14e24ee9732c33a7eb5d4d5f01ee7cac06767c937ea2c1a128191f96428b83109bf5e9bd0a85a79efceff50c0030f2c74f544d9f4b1cea56577327182d29799b652bbcebe5ef3177d46dd55bd155479641bb1f86a3b73a31ecb4714682bf0a107d89cff6dd06a5f472663fb7a2ec45abbe76f81a0f35572d818066961a521c2f68a2e994ddcfe5cf7dbf17accf58c2de1c98982ee0e652b857d3a110157359568e7ed06961cea2c217c25649708f5770d49e4d89d7719aac075ec3b1c53f59eeede0c34575c9a0de3ad384aa438231370fc637c7500bd8abe5199d15313027a526a2bd19a2627059e530f407fe7c18dc4ea5cda1eb55a0624983c993e704a133d306d73f0a09b89a8293d874a25f3b0bba261a6ea5454d1b14ef5b61fbaa8269cf3b8f089336c5cef2e81859151874600d8f82f80cd7fd62fc4538bec1d7fef0d19c8f9811a049cdc602ea5020781cf51ed53db31ea417db66550adce4ed67135d9136874bdd091ee247e4c362d57c7f38481c57a8c261481c32c6868c5c391ffe722a159c848e167abc250a40d42350a5435f65f93eaf31ef4cf4043772b99caa5f35d82ff8f4089429dbac92200c93edd39cad540200ad8ac4e3d220d9c9414bfdb3b64f1b5bf274f40bcdbb1a74c0ffaf5d036ac864bc6ede5f0d4a13e007b8f1ff14a82262276705a1e191dd3c388e4ee5b60191e0ca7fa47501232bacc1a6a658962c82881cd1fe09259a8c10b68e4dd5de9a88f00d760f248b76b9bec72dba9f0de9ee16c22ac51925280e6855cfe9dd02da09aefd5fc06ac8ea31d915b623379a4397b933471565dcbfc72ef4fa35181fc1fdf638e6a2a157f61ea421d75dbea0ef424bf328b3a41cbb61896d89da24b52a1d8e2137f1ee274ef5e60865120526ed50615e38114ed6b77f1388644c11753276ead599a1c45223ca6f987c622f35453ab6739fb498d5597f190b47c9d5e98f5a2ae0bd15705e6b9c307a2dadda79b3fa068303ba7c96be767587b83417c2eb9638ed82eb8a262fd739ed73e9343ac34097d26b767b2e661cf1fca05110effb0aeaca0b0825c764eb23baa76eb84774b463f88cd5edf5907a9c815ff4303017c73e8f7ba5bfce64f47afea751835b984b673ad10ab9680db7e0be8d5581ef09c28a0bebb7ea5a654fb38ef88cf37f755a63943e43c86944f30e17bb73d512efe3fa02b710a94ce1510af20bd16422197a9878dccf2753a7212a5e57f1cc63f62c6d60d284159fc74ddb48a918e2c7fbefdc7119405af33fb355e397e81a120eeac35da360c010beb67fe514e3d423157c44b0d873f1e4da40bf7e6dba154de95d061cc8aa818db2c082669c8e4121c698690d28a1e8e323d80b78c24a05734c154222b5da4108e2f7867409e249a44779bcb399b7f5dafa4327ef20d34f3d697272772f6f8aa2912fa9ac5be62930d8ff137ee3d6b4b7e7618f118e441c0c597551eecd70a80edf59cbd88f13aa8f5b63b9b37387636ae8d9b56aae0454ee140cf7c6093017f38bedcfa9a08c7a2a117be9e1019da97c37917831ddee3305115614e338a354fb84e1c4b4ce140a01a56800cc00c04643d8f217893fd1affeab19880e88014aae0d55f84808e6ffb6420cee8825fbb93dae2f939b32761bbcc19aed3c418419452518c91c16cf825db9c81e1a73094d7fd7ddbb6a2a2cf3a6210bb53b6389cbe8037e7296dc2c6af48035503ed07cb74cff4c3e0c30b1436b3f44c9a10f06c927d919e0708ad760f2d3ad637a3404a10888067feab01b578c2b324f46555e0a29a569eba441501884681fe6123bb834d411aa2af16631cfb88af3dfd0946435104427dbbccf58cdc0066ff865a94a07667554e1741c96d6962594514c9f0dad833212c73953e23f282ebbdf634c745e7e008dea7ffab16c7534fc35f4f927550e676b4c2fa09635a7b9755e91b916a8e566117314b90e5411c8d3f78c71b09eab3843f0bedab32d484a1254590931695865fe14859d8ad60978dc08da4000461e8d51ae9c2825f58107352f1b8009ed5e483320848ffbe27241a3cad53b2c562ed0e2dfb73b8e5f1d10c984820a8add73192dccca9898905110fd9622c2e60c7e8aca84d72513893f5b1bc5e2e16a09f8eb3f0d7868a4e97fdd970b06eaf4156fbef7fb94de943e6cf86fe327ba5742e46a64e8596e669df1e17e3cbebccd45e794a410c77fa7538640f40108727d4768f84fa0adf6d4dc09d54882be3ffa42fa5e0bc8eb56664b2e0fd247faf494d8a7d66a01e80c932fa8aaa132fec2c726ff9dba2a465623e23574587b19cbadef4c6ff67cda63bca28f2d1b541c125125884f31f9f228638daf8582877b03d52b7784fdbeaeb33fa1414531d85d892124f5462597b50217b4e77552bd1a67e98c8da005938c7a5b3b06e72c1867ced50562400cf7fea899fd97ea527fcb9571602f20e86c1f98eb8cfa3698c80c835538eac91165d5b1884ed26e0f75bc1e7c23ba9e2e65c75d40d05ada384807670abf3f01b45b2447eb02a337fbb17e102873fd3d7a6215c1d23a6f78bdab56a1764f5652ed0bb475c95b2e2741ad0d3b740a3523c2b05178c31292db1a95101f3b952082e8b03b7567c7afa748b2b6b2e0f2caf0dde688f6ade266505f18ad590ebe8e01c21e4348152787b890b36eb707ab48a9c8ab807815dc6d3954290f8e00ce23744ba34c33317ca8ef25710d6619c7aadd20b606890ef9b333e6cf2678b1686d9a4c270290e267c00d14a524d1e79f3573209592767e8cf9e3ab57a641ccf7f3e8fc253412a002f47c35cdd17e77ca7b83b321a0fcfcbbc66bd1def18c242ca86321a746c2b623c70c8af1d13dfcad9ee8ed9703508791c7ae76d9c5cc648ab11c4cca8ded42c1e78ff953c8115468f7623248db103a5d545702c0ec9a665744d01d219d9410ef5b38fd3fa5d18ee958742fb7945d062a7c1bcd647ff347e294ffb8a9d56501f27dae90fd768a1934806f905118d06ee7a546a25f9dbad840a1c2ec62c51d351aead64376c2f4abe328f2fa1b7ca9d61718f5f54f703bfcef4fecba802b37dbac2d613a5cab7cd569c66314f9aa110f3b51f161d3b0f7b91415a6a61c0c6cd42d09858bd1c3bb51594ed79c243395b09b0271301377fbf8d73cef9d66ebb668a3f1425ec51354211957ea55d698f0b53f200fd051d022a3f009ad7da54a048a9c3148f35cd2c6b7aba19611d06a8674076908e4e87af252e1e3b47092a91b157f172a6b9141bf58e23ab6bfd944d92849b903a861129d16b6b8f46a30e1750dc237a6d6de565e0a85883d4c2cba79210b25f3f0f9c2fb1a79b269e9f5692cabe8988b917982ec26f280c3657ff716455ccca5f6a8548139484634bab4a903e3121f90f8106fc62ec58e2c2502249757a49398719a284933f24605febe913605044e5aa3028ae436321302ad0c08ee5a6e7737f65a7be71205fcaf23406f11e8bed2aab42896a1ea8414e39d2f02ba4f4a8d58ae292ac269ef6b00e5df7c58bd38539324aeca7fa74170f58b2def0192d5dd457b6e532422548da39da209ca7d6e2e4580edb7f9ea4edd3a53743e590e3dd0181819c5843f2535fdcd14615cfe34047dae19ca62918865145a131917a80f52c27211e30ea74ccb36ebf3ebf4dc1cc5eec179df8a67824a6c160b2dee20c43e1985c86a8a8aa2e8b9d482ff70ace817b0e5d237bf98a952a000ed55f0be63970f656745f776d81edd8de36d39e83cdcc609beb9a8fa20ba887d95c4d36137692251d4bad62d7395ab4dc2963586a2dd90c8277ba7329c6665cd830ba76071200bcf1305c2d6db31cbac82710ad0c81d08257cd4852ba2758d004c20de098e0584fa51d36ef29c46f146524c47d52a10c0df712dc6b592d2551c5289526fc63e48e294dac76ee73e3b75b665baadc03717a216eb289de8c7a29d37b31905cf5f902941d5610e0ff573466fe1027607c35bf9dbd526ed7dfcc22200aa11e800b534911615b339ce78028b35d971bba941b19795760417ff27210d74e4a1340c1ca640a1ac838a712fb811601fa87a521d2166688f12262c490a8a3f19637805e10c9960d49aa18c6dd342aa086b6fc58df2a0a7169ee9b19ecea6d2bc8583a14085271c5bd06fa32514b96f1ad29598de3ff0b832b55ba5a0d1d8084bb740ac96de9a9b128610f506506b36afb78ff90cb185420f2cb5579e974b93a8c657ad7e03b089fe0ddd61d72031a94003e0291efda56a18023480b87bf37ae993ec78b2926af7ca61c8fba8c103ad988e56ae20e15b7d89010971f9db477e94b02914f82d621dfdfd3e8a97eaf30c59abd7e86a13c8cfe3cfe512e38292591a205cf360617524ae4f06588ed2a19e59675a3ba3d9d36b95bd04bac3f3206a376c4798febd2feab99868a5a2b4c3174f520f6251ad83f89b96c257ab833c5fb92de65a7a254b3bfcce375c1a061efb8c07a77c839f2663c3762316a0b7e65bb1a07ac297f01483b5bddbb4e87ab292c79892498011ff06a6b362ba1f4b2fe74d3ba6c3b263f85b42bd68445f8564c788e8af686d8ca0c25aab3f7395173db1276e1b27086228cb498604d4352c7aa8dd90f3347377c27a22e83e87fa54c6067ca14b594b70d250304575ca2c064e99b06046ba098ab9d69efcfe3f6166541f44f90f76b9e00451305fec3b4da66db8797578362d1d9a46a3199fa407983713ea5329dd6d64659c3ee66c3c1439d4ee90ff5a6dc43fd292fb53d1d8ad9b352ae0c93d9874967eae32f4a432f639b98624d52c7ea090d40b13477120483ffc862045216ef28aef6969a996b7caf1e31d623f35a9a674011052da4c242e3c16c91d64185cb114a53c170d349b192bedbfcd6d49cc842f858a97ddbd02e5f5efa7340ba4beefc0b3ab9a3124927230ab4f8fc79db3e528cc877d78e9a14ed9b48e3af0ee807506ed855d0c379d46d7b1462c8733a919a9193f6a23379392dbff373e513233b9aa941e4a929b63aca3b3d0d9024a29894c3905159beb26abf41e8a50f11ced989425dc6cbff2048fcc9d03c6d4f20c3"}, {0x100c, 0x13f, 0x7, "1fbfa7e60fa7b9982c9eca74d3217978205967e0c47da70930885cb9a4fae286323c7c9ad630ec3142d933ae6b1553ec93771a7c9f5c699f2e3c0e0fdd09dc6a8be214e8e3134579b77a4347bf621b3ce841742365951fb97e5e9a1425f26b95bd58aefe85779b9959ad0c41f4bebfc982ce6d5edce84033131d0663beabb396e001442b532b33f9d5ebe3247cfbb0a5883a6d95daf1d969410cb9fc44f3d741aa260714bed32f8d91453d1f8cbf293931fc88bda40b79391d8f33fce26e2b4ae3f3e86d4d781be300b3c0432fcf0d03063ddeb3eb8b4acaa48ce160dfca2d2749f9a8309544b7bf63fbedb4a1c1ac8aa33bb354a0914f4ac2f3f24609ef6986180de8157ceb37cbf298a6edd03ba4ba59b15a3879064aec1265cc8a6846068c9b5cf41022a926d0bf6b5398f7b28b0728cad0402a288aabe3ad997497102564bb6c015cd9662868c07639d7df1a772c8b4f6507091bf2a0f164a3d7e727502e6b4dde4e9cebdd2870eba22d2d986f135a4a09dbe65f5dd20ca42f878edce6964a53d060d8ac33852abdb91bf0983f2a0cc99f446bcf1efa63b6cfbea861608f47d1fc9982f976f68ad3c06dc1a7135a1a6252bcc1f1691b5636eb12d0619a1c6391ae41489a020c65cdfb31a3e575a545a75c3071fc0ad7638a9759a581905d678dd71f57ddbb5200a0077133cf5f6306aec0e5c5896a804d6556d6bbe7980dab21ceb9a035eb9c9afd69cf9b124d905d3a069ec08ba339f876eb7924fea5195614453c0568d9a86e134a2376d5441138c0b87f24cfc4fb9b69581b48097a8868f0a2e9b8e75068af8e6ea62e0f402bfc621097c3e1dfeba1323211b3263896eb323575aec2b41e3fbbd877f9609f7187d22da3cb44f40eb0cda54728101ea14fd7e4e00bd391a0ab3f539a9de1c97a0e65cf70bc414c62c239cd9724cc03cb0d20b28257b149d574a6fd8e21c49d49d0bbf5612fa1b3f45424e8e6602d3dd0b3c861d8335c8bc2c86277e0d08f2a1dead0f08b2a88cd16296c31badc567c55a789d2b05ba4f6dfc346ae145555271898d523b2103147fc5fb99d4c650b100a890ec37eb8f416fcc58a85e395e421ca0a34df72c5196e092bcef94c3dc65c318445a75316db6fa4edb8ba1a493202ab5735c730c850327e3550732aeea3fc8d0ae1f14ec3dc8e28f6881ef9ddf5931ec31b45437b0731125ca1d5779597955939e4788d83fbadd183471f024d57e09248466aaf7bf9afc6840b4540be00ed3bcd7ce34f4cf215b37903669df9b317476c1f170f08967f754e45b4eaabc24584e70fc1a9d6e4a90cd8fb10acb19bf98e1b7327bb9d4a523a39187ee5b672f20896ae0a914d0cc924e0f652157ed040971abda44838912f9766f8e906bcb7267570bb31c8375e0ef8d3e38721521b81881f46ce3e7f7a9e599692055775b6e56eea946fa5ac8627d1d020275ff378652b6cdcca846f21106d32b19c55442f00845cb875270cc725d4d727ff9c31b26ca1d8e076195020b2d22e84125f9cd98f6a392f541f0e83a3321f3dc1a6f94d07033ccac6b6d72d5cdc8d4d5ed9e176033f3f92d4e57866a3cc0fc5717089e328f2943f8338192635a6486fc14301f27137a68d83701755a21edacf2fbc15021125fc86fb081f11edb01dd11fafa6743b7f370f09cff658fe2e04bdebe2faecee42e7f8a7858bb6d04b3f0b0cc4d3ea32e5c051e8d67e516991f5128f774556e37adbc451d5d5411a7af1853e7a259d728f6fff9db01cc932dbd7b99286e7863235da402ced0984c0d031a07aacee56e78ea9d1c825efc84f13009420271b12ffb52adff69e475f7b7bf6b806888c304818f4ceb4fee1fbe4d9cfaa926de46f4deb554c43a0b0dadd4f4008e1dcf2ad08132baa91d1bd47007619dc9967b5c3f228405ce16550558003ecbc8927b20a579111ff497fabee2922661230f3be02400d731f0599fee770ce9a0811ae37e514ac383c93991388cb225e02890a75039ec86d6dbe4bc149d4d76e4df91d5f128f1b06eed4bee4ad39e4383bcbfca43992ff9b7d5284d6286b5bd0d934817a8f4627275f852b81388753935e0e5a1bb37c7b2b2b0064cf2e18ed9c3a534d783392b1f6be149ec7eaf5937d5822382d3de4deae860fa6469b3f81208ca43e482d0a19459ce903d2b39199cb424d2c48e7e40201d08d66704103892c7f79d7990e1b9663347143aa11835b7248cd8558ccc863d59816ec9011924bd1b8b04e250be5bda786157bfebed2b133c82a33f774352759f9e9114c5ca097081f330e1e9a32ddbdaf028dec77265024131b7c9f1735c46ddc84b9a0bb5b5bd402677423bf879dc5e946126024bb47f69aa44361a387ec8daf55e4bac65bf9a7716226e4056ed7f7c18dcccf657cf31430f4f26a6716cce6cca5acec4189c7319715ac73a779d2926f62cbeb7af47a20424abe64a282da67aa979e52b6ded0c354a10f4c8deb2209ae9c17ba714cf2bdccf6695089588f37f2c633afb59b12659c07c9ac69bd1ceeb75505ff45c9433e0b6e9e2a376ff212ec2175b9a3ffd0a4d80620167bcca453eaa70bb7d9d3f89cbbf6bf2d7c89f65ab50a4785c58b75e1b0c2f322ca5c3763734832b6c3ec6a04643e97d45740c0fdd3741fffbf8f0452ae741989df02dff9221ed8d99c6fa12b29464f211d505cbdb34d49ec67f31d092a9ba7ade730299221da66b485942b05666f4ce470aadce90989f7ec3d73fc50d77697f069b6b2971e81132bbb3c74d640d918e9d72eae34d827dd22506868af9e57a6fcc2f827cb2f4b509b1664f0da618bd3aeb4b4ecf1970861b25b498f8232f081a4794fbb17fa43ab261dd93dd24c5f1713eb565890c8fa5d618e49ba3fb6e9567be0a45f7d0cb0abe1e999d44e3099ac033f685899413c2c2e6aa09a1c738de82e705e96519717a2ad41f7922eb33222d493f6f8d0544f7739d0c67033ef096ff2c02e7fb56f54d2317b5909ce04e8f03006a90abd72198ecdf5440cf6a9a287c4df71865ce7d747d290585a469fdabc016ee103af86888e1add259b20a400e05d3cb3b3912ef7f85a70c36665d6b0f474764b06c1a90e6b7747d066e3b6b59458c92e5162fe8588b5bfefa6c47a0b6e0b269110ab812fcd6fcb524494094ef7b31cb4eb5d3665135549a08c7bca1bf6be3286650450e9ec0cf77238f241d6af9235517ad538a969856ea23f29277552242b66dc6a6cdefe71821681ae3573431c82c24e1a1e95c9c2dd815eeb34a954be91ac8b2b22b89ded6bb0ca6b63dc0d537c11fac7fc0c27a622e4c1dc6631f18bb04bc541e9366a598c11bae6d0c27fafc0b600a66c6c09e886c2843c29585af84b4f65717ba20487cd8ebea5d5cd9559ed2298c2137818d4973882186548cdbf34d283727e5c90ead260fd334cc0f037cd1335ee57914068edd5c25717642e5de7320e699c757dbde6e5a41727c9d2bed0adae790adcc52e63b1d5ca224d8aec99892c25d71d844745c341543893954d0d058a32ca5a0969df6d7d6dda596f140378729fab7f527b4966a9b71772c8deee5b1887dfb69d72a122789f628eba203c123b835f2f96a7f96af2169fbf66bbdbdefdfbeb7f09b9aef6edc1884d5c1b4b30f72741fcb71a2b4631fc42dba616b6b977ba777353b4515b8b2cf7368bc108680392d05dbe82efb167f3cde8d66bda6c62c085945c8733cae30646e7d66b061947c8a1cacd983141023a2580d43a9daacc71222784ee20a1dcee3f81d0d4c245bcd9fe3fa682743255f6a54e773e1dcb241b8a210ad1e1648fb0666f95832ec6e3893dcecb102e5e08b2618656ee8b66e77dbe6ea7f816efb3a8ff18fad968da6b219299a9ba7370a87f6caa126a5d1fe613fc1ef0159fa009e12ff594032f11b510ba5974e68f7b8d226ebbb7acc8b70aa196a3dac23eafcb80670be63e2af41dc2964a2ee54207052e55f7e7834e8e753a08e7e45596a02f6d210dca8c4deb897f2bb9efd50bf28af6107f0078cf368e2d8c555200bab8c1fb173999d89c1bbec8a364804a268a4ecc02a6c8c013823e3b3b39e32d252eda8f681f0d01d1b7d6cf9f8306df9eb47918798904582e5433655d6a8cab1a902c36e47a3e66e628d6ef2ac014ef9feb0d3fcb4cd54ce6bd0db8e525e5c867350fbb2797d92789e30c0d51f47a96e29b4b5f73e61f55392e6c4ff646b751d3b39a320bbb7ea13df1d86320c2f57486d49589769571e7fc009d7e99ab6d41f3f5880ec73a69473ce19264708c08c3769dd356a11f2d621664000ca2fbc162bc51d3a4869c189edfd721a6161460c1a8e3c6f34a3acab6ecd96e289e5b78919717d2287bdfe3800d7ab44c588d2e2a18d7f56701b65bd892d81e54d93522ce4289606550809404f142d539addfd19b676470d96ee0178734b5a39d7e41d7216d9e2ab05bbdc705d34f059d6ad2e0dd9718447a4ecedbe8e0cfb2c24ea83db4d58b760166d6a55089257b75611484b8f24b8c6e128b90f5205ee34e627e74664b2a170475560eddb5e94fdd16a4a8d47acf28dca3fe02b493eba392a2ae7cae60c6a291474a51256e80f60d1ac4dfe992d5edc0b3dff51b4b0a63fb8aa4b1161563c3d50b4669342db8d99cbe3f2ee17448ec2e5c3e78861260fc1c857b5ee927054d3ac636a35b28faee3ddb6e0cf0c0c404342adc8ba305c654df15be0d76b15c8cc60b4414339157fa01c14816eb013f963fd28e4941a0f38eb06a49a3ceca22b8245d96b98aea47e9d8ad4d1cb149d0abcf21072c5dbbfce36cdc88a1104b33e5d7e5541f427c527739e7ad26192972cc7fa74241159448890e844f27777dc6856588185b29d4694ede7b3e7e48a760828780674f7486175208cbb3153f71b447a4a8ab642d11de2687b3e2c99bf099f71aab3e17225ff3248b17f9d1cd02555e91fcb100d36b6aba4215a98d1a63dadf1c1b4ca27f79a2e65478a770f979bf0cd23af146db4422f98dbc9f93500122a28e22e09350f13a71bfc1a3089517830414c63666016a1f6e4d11001241857265c120e58cdd8a954ae58492c0dfa35bf70ff0a97ec994dd2a74a20a33944b46e5025b7d2b10332fd693ac2f8a0ae18a4d5e793bd586223257ff3d730c196b9d795a448af9d0efea548cd46eb0d8031c74316b39a50b34dda3fa803d494af312272f12b00b0b1beb7b1695603ebd31fb9a485e8bc34e904894e19cb379404f722e871ce3f1ed01f2bd27139e0cc1d108c6d208156b41b75b51ffe79c4f7ca4e18db585c03398e2b47ba5c88a0436391a4952d77244ea7165908e5df8d669e547d0ac60d799e0a21e2c09eb525e62a5dadb45f3c09c2ca5f5174869fd5f6244052e1e5dcae7663a27705c0c3105de7a192717e530be4839411787636a7883653f60a812c8eafaed0eb111fb8eaf73072703ad0b720afa5e81a364a9637b53b4911baaefe5c5cad3f7d9b518532149f70e1bf148c5b158c90dcb94d3db10fe52cdb9aa9df1c2e8e71e4fdd7a9b5d331fb9d83f91e8e521cade282ffbe05f719d07519f0ef7ddaad289bcb8b88eb4faa67fd8337426e39d6315ec3c5eac4b40fdc73a6cd7a8cc64421ff8ff2a3f81436208978b1dd56ddc35ebcb6b752f4f56917dd7e8d93572273d9ac72d8889ac9ab089b9720aa402b0eb5aee6252efa32da90699f1951888d832fa7415de856f53306bad58c5bc006e4af0fca8486a9b06c328615cac42352343f7fde2fc7e3dd0168baad6c9c1f7f84560ae233fd5ccf6777133d356fc531d3b5dcd"}], 0x2018, 0x4008090}, 0x5}], 0x2, 0x0) [ 150.075200] binder: undelivered TRANSACTION_ERROR: 29189 [ 150.113687] binder: 8376:8377 ERROR: BC_REGISTER_LOOPER called without request 20:42:28 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000872936)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x4, 0x0, &(0x7f0000005fd4)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, &(0x7f0000000040)}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x10, 0x0, &(0x7f0000000180)=[@clear_death], 0x0, 0x0, &(0x7f0000000280)}) [ 150.122747] binder: 8376:8377 ioctl c0306201 2000dfd0 returned -11 [ 150.145307] binder: 8387:8389 ERROR: BC_REGISTER_LOOPER called without request 20:42:28 executing program 1: mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000002000)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000001000)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = creat(&(0x7f0000000180)='./bus\x00', 0x0) write$eventfd(r1, &(0x7f0000000080), 0xfffffe5e) r2 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) sendfile(r2, r2, &(0x7f0000000040), 0x80000001) mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x2, 0x32, 0xffffffffffffffff, 0x0) munmap(&(0x7f0000077000/0x2000)=nil, 0x2000) dup2(r1, r0) 20:42:28 executing program 5: mkdir(&(0x7f000082f000)='./control\x00', 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x0, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000e4c000)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0) write$sndseq(r1, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) mount(&(0x7f0000000100)='./control\x00', &(0x7f0000000640)='./control/file0\x00', &(0x7f0000000140)='proc\x00', 0x0, &(0x7f00000001c0)) lchown(&(0x7f0000000040)='./control/file0\x00', 0x0, 0x0) close(r0) 20:42:28 executing program 0: mkdir(&(0x7f0000000980)='./control\x00', 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000040)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000180)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0) write$sndseq(r1, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) unlink(&(0x7f00000000c0)='./control/file0\x00') r2 = open(&(0x7f0000022ff6)='./control\x00', 0x0, 0x0) lseek(r2, 0x0, 0x2) lchown(&(0x7f00000001c0)='./control\x00', 0x0, 0x0) close(r0) [ 150.172526] binder: 8376:8395 ERROR: BC_REGISTER_LOOPER called without request 20:42:28 executing program 6: r0 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x800) setpriority(0x0, 0x0, 0x1) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008fd0)={0x4, 0x0, &(0x7f0000003fe8)=[@register_looper], 0x0, 0x0, &(0x7f0000009000)}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f000000dfd0)={0x0, 0x0, &(0x7f000000dfac), 0x1, 0x0, &(0x7f000000df36)="12"}) [ 150.210849] binder: 8399:8400 BC_CLEAR_DEATH_NOTIFICATION death notification not active [ 150.250624] binder: BINDER_SET_CONTEXT_MGR already set 20:42:28 executing program 5: mkdir(&(0x7f000082f000)='./control\x00', 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x0, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000e4c000)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0) write$sndseq(r1, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) mount(&(0x7f0000000100)='./control\x00', &(0x7f0000000640)='./control/file0\x00', &(0x7f0000000140)='proc\x00', 0x0, &(0x7f00000001c0)) lchown(&(0x7f0000000040)='./control/file0\x00', 0x0, 0x0) close(r0) 20:42:29 executing program 2: alarm(0x1f) r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000000140)=ANY=[@ANYBLOB="020d0000100000000000000006000000000000000000000002000000e000000100000000000000000800120002000200000000000000000200000000020300000000000f00000000020000000000000092ab000000000001ac1414bb000000000000000000000000030000000002000000e000000100000000020000000000008a3ac7d6e0cf191e430a8444b9f8e84757799658bf7c8bfa9d908e13dabd4c2968f7129fcd98619ceb3782b2aa53479ee1fe1811ddeb3e3334f58dbfbb6824aedf5d98e6c857a3ba0e5a3293f7d28cc830c108a10ce61489b0efd4fb7b885dffb979dfda3604ffa18cf180d4da3f13387daa75a71c82dc0690fa"], 0xfa}}, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x400000, 0x47) r2 = gettid() sched_getparam(r2, &(0x7f0000000080)) ioctl$sock_inet6_tcp_SIOCOUTQ(r1, 0x5411, &(0x7f0000000040)) pause() r3 = syz_open_dev$loop(&(0x7f00000000c0)='/dev/loop#\x00', 0x0, 0x4000000004402) mmap(&(0x7f0000000000/0xff7000)=nil, 0xff7000, 0x1, 0x32, 0xffffffffffffffff, 0x0) mincore(&(0x7f000075a000/0x4000)=nil, 0x4000, &(0x7f0000000240)=""/165) ioctl$BLKDISCARD(r3, 0x1277, &(0x7f0000000140)) 20:42:29 executing program 5: mkdir(&(0x7f000082f000)='./control\x00', 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x1032, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, &(0x7f0000e4c000)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0) write$sndseq(r1, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) mount(&(0x7f0000000100)='./control\x00', &(0x7f0000000640)='./control/file0\x00', &(0x7f0000000140)='proc\x00', 0x0, &(0x7f00000001c0)) lchown(&(0x7f0000000040)='./control/file0\x00', 0x0, 0x0) close(r0) [ 150.254350] binder: 8409:8410 ERROR: BC_REGISTER_LOOPER called without request [ 150.264230] binder: 8399:8400 ioctl 40046207 0 returned -16 [ 150.288086] binder: 8409:8410 ioctl c0306201 2000dfd0 returned -11 [ 150.938992] binder_alloc: 8387: binder_alloc_buf, no vma [ 150.944610] binder: 8387:8424 transaction failed 29189/-3, size 0-0 line 2967 20:42:29 executing program 4: preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000080)=""/148, 0x289}], 0x1, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/arp\x00') preadv(r0, &(0x7f0000000480), 0x10000000000002a1, 0x10400003) ioctl$TUNGETSNDBUF(0xffffffffffffffff, 0x800454d3, &(0x7f0000000000)) ioctl$PERF_EVENT_IOC_RESET(0xffffffffffffffff, 0x2403, 0x5) fcntl$setown(r0, 0x8, 0x0) r1 = epoll_create1(0x80006) r2 = socket(0x1d, 0x0, 0x1116) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r2, &(0x7f0000000000)={0xfffffffe8000201f}) setsockopt$inet_udp_int(r2, 0x11, 0x6f, &(0x7f0000000100)=0x7, 0x4) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r1, &(0x7f0000000540)={0x20000003}) ioctl$sock_netdev_private(r3, 0x89f0, &(0x7f0000000480)="dd6c4aae95babf1ba2cec8b824c3d8fd5e5e2a57f332e1c96456a1d00ea4ce51a18b3bfae24dc491ada880e92ffe5376d59852e5ee1b2cde661cadfb31d0a597bb36b5180ca4958e224ea71a6b099d1592d459f4f498fce378ebf9ec4774f407b189a23bfebadf74943b2858f72fd422c838df1af095ff") ioctl$BLKSECDISCARD(r3, 0x127d, &(0x7f0000000300)=0x6bb) r5 = perf_event_open(&(0x7f0000000140)={0x2, 0xb1, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) fcntl$getown(r5, 0x9) mq_notify(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x2e, 0x1, @thr={&(0x7f0000000040)="7be4d6b00202ca53878499e01146863a2e7c8ca45e1910e5eba6453bb6f234b5a1b1bca731970a74bfc8e1793749ea18156c9b8a615bfa2f506fcf44060d36e38f66f111149434d5139e416358ea33f34b4507cdc299f7868d5f186e6bd604", &(0x7f00000000c0)="3c5d8da40d1477844fc4c160b6004a90edc520a6935a49cf5da4c2b525d13146ed27d429c762a4b0e9aaed82555cd1ae800d"}}) r6 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rtc0\x00', 0x101004, 0x0) preadv(r6, &(0x7f0000000440)=[{&(0x7f0000000340)=""/249, 0xf9}], 0x1, 0x0) pipe2(&(0x7f0000000580)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) ioctl$SG_GET_PACK_ID(r7, 0x227c, &(0x7f00000005c0)) ppoll(&(0x7f00000001c0)=[{0xffffffffffffffff, 0x8000}, {r6, 0x420}], 0x2, &(0x7f0000000200)={0x77359400}, &(0x7f0000000240)={0x9}, 0x8) mq_timedsend(0xffffffffffffffff, &(0x7f00000e6000), 0x0, 0xe7, &(0x7f0000e0b000)) getsockopt$inet_udp_int(r3, 0x11, 0x1, &(0x7f0000000280), &(0x7f0000000640)=0x4) write$eventfd(r4, &(0x7f00000002c0)=0x43, 0x8) setsockopt$inet_mreq(r2, 0x0, 0x23, &(0x7f0000000500)={@local, @rand_addr=0x800}, 0x8) syz_genetlink_get_family_id$team(&(0x7f0000000780)='team\x00') 20:42:29 executing program 6: r0 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x800) setpriority(0x0, 0x0, 0x1) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008fd0)={0x4, 0x0, &(0x7f0000003fe8)=[@register_looper], 0x0, 0x0, &(0x7f0000009000)}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f000000dfd0)={0x0, 0x0, &(0x7f000000dfac), 0x1, 0x0, &(0x7f000000df36)="12"}) 20:42:29 executing program 5: mkdir(&(0x7f000082f000)='./control\x00', 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x1032, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, &(0x7f0000e4c000)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0) write$sndseq(r1, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) mount(&(0x7f0000000100)='./control\x00', &(0x7f0000000640)='./control/file0\x00', &(0x7f0000000140)='proc\x00', 0x0, &(0x7f00000001c0)) lchown(&(0x7f0000000040)='./control/file0\x00', 0x0, 0x0) close(r0) 20:42:29 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) openat$ppp(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/ppp\x00', 0x0, 0x0) setsockopt$inet_MCAST_MSFILTER(0xffffffffffffffff, 0x0, 0x30, &(0x7f0000000580)=ANY=[], 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000140)=0x78, 0x4) sendto$inet(r0, &(0x7f0000a88f88), 0xfffffffffffffe6e, 0x20000000, &(0x7f0000e68000)={0x2, 0x4004e23, @local}, 0x10) shutdown(r1, 0x1) 20:42:29 executing program 7: r0 = syz_open_dev$binder(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000000c0)={0x4, 0x0, &(0x7f0000000100)=[@register_looper], 0x1, 0x6c000000, &(0x7f0000000280)='\b'}) r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000008fd0)={0x4c, 0x0, &(0x7f0000000140)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000100)}}}], 0x0, 0x0, &(0x7f0000fedffe)}) [ 151.056815] binder: undelivered TRANSACTION_ERROR: 29189 20:42:29 executing program 6: r0 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x800) setpriority(0x0, 0x0, 0x1) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008fd0)={0x4, 0x0, &(0x7f0000003fe8)=[@register_looper], 0x0, 0x0, &(0x7f0000009000)}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f000000dfd0)={0x0, 0x0, &(0x7f000000dfac), 0x1, 0x0, &(0x7f000000df36)="12"}) 20:42:29 executing program 0: r0 = socket$inet6(0xa, 0x400000000001, 0x0) ioctl$int_in(r0, 0x5421, &(0x7f0000000100)=0xff) setsockopt$inet6_tcp_int(r0, 0x6, 0x0, &(0x7f000074fffc), 0x348) r1 = openat$null(0xffffffffffffff9c, &(0x7f0000000080)='/dev/null\x00', 0x80, 0x0) perf_event_open(&(0x7f0000aaa000)={0x0, 0x70, 0x4b}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = dup(r0) ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f00000002c0)=0x0) getpgid(r3) setsockopt$inet6_tcp_int(r2, 0x6, 0x60000008000006, &(0x7f00007b1000)=0x81, 0x4) bind$inet6(r0, &(0x7f0000000180)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r0, &(0x7f0000e77fff), 0x2bd, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) ioctl$KDSETKEYCODE(r2, 0x4b4d, &(0x7f0000000040)={0x80, 0x8}) r4 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f00000001c0)=ANY=[@ANYBLOB="020f0000100000000018410000000000030006000000000002000000e000000100000000000016fe0800120000000200000000009cf4000000000600000000000000000000000000000000000000000000000000000000000001ac1414bb000000000000000000000000030005000000000002000300e0000001000000000000"], 0x80}}, 0x0) mq_timedreceive(r1, &(0x7f0000000140)=""/30, 0x1e, 0x5, &(0x7f0000000240)={0x0, 0x989680}) ioctl$sock_inet6_tcp_SIOCINQ(r0, 0x541b, &(0x7f00000000c0)) r5 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) r6 = inotify_add_watch(r5, &(0x7f0000000280)='./bus\x00', 0x102) inotify_rm_watch(r2, r6) ftruncate(r5, 0x2007fff) sendfile(r2, r5, &(0x7f0000d83ff8), 0x8000fffffffe) poll(&(0x7f0000000300)=[{r5}, {r4, 0x20}, {r4, 0x500}, {r5, 0x8000}, {r1, 0x400}, {r0, 0x400}, {r4, 0x8400}], 0x7, 0x1) 20:42:29 executing program 5: mkdir(&(0x7f000082f000)='./control\x00', 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x1032, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, &(0x7f0000e4c000)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0) write$sndseq(r1, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) mount(&(0x7f0000000100)='./control\x00', &(0x7f0000000640)='./control/file0\x00', &(0x7f0000000140)='proc\x00', 0x0, &(0x7f00000001c0)) lchown(&(0x7f0000000040)='./control/file0\x00', 0x0, 0x0) close(r0) [ 151.127425] binder: 8435:8436 ERROR: BC_REGISTER_LOOPER called without request [ 151.128123] binder: 8437:8438 ERROR: BC_REGISTER_LOOPER called without request [ 151.156794] binder: 8435:8436 ioctl c0306201 2000dfd0 returned -11 20:42:29 executing program 5: mkdir(&(0x7f000082f000)='./control\x00', 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x1032, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000e4c000)) ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0) write$sndseq(r1, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) mount(&(0x7f0000000100)='./control\x00', &(0x7f0000000640)='./control/file0\x00', &(0x7f0000000140)='proc\x00', 0x0, &(0x7f00000001c0)) lchown(&(0x7f0000000040)='./control/file0\x00', 0x0, 0x0) close(r0) [ 151.212670] binder: 8447:8451 ERROR: BC_REGISTER_LOOPER called without request [ 151.213509] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 151.233916] binder: 8447:8451 ioctl c0306201 2000dfd0 returned -11 20:42:30 executing program 1: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0x5, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x179) r1 = socket$inet6(0xa, 0x2, 0x0) r2 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000140)='/dev/sequencer2\x00', 0x0, 0x0) ioctl$VT_WAITACTIVE(r2, 0x5607) ioctl$int_in(r0, 0x5473, &(0x7f00000000c0)=0x100000001) setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000100), 0x4) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vga_arbiter\x00', 0x101000, 0x0) ioctl$KIOCSOUND(0xffffffffffffffff, 0x4b2f, 0x3) sendto$inet6(r1, &(0x7f0000000140), 0x140, 0x0, &(0x7f0000000000)={0xa, 0x4e23, 0x0, @mcast2}, 0x1c) 20:42:30 executing program 6: r0 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x800) setpriority(0x0, 0x0, 0x1) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f000000dfd0)={0x0, 0x0, &(0x7f000000dfac), 0x1, 0x0, &(0x7f000000df36)="12"}) 20:42:30 executing program 2: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.cpu\x00', 0x200002, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$P9_RAUTH(r1, &(0x7f00000000c0)={0x14}, 0x14) ioctl$FS_IOC_RESVSP(r1, 0x402c5828, &(0x7f0000000080)={0x0, 0x0, 0x100000000000000a}) fdatasync(r1) 20:42:30 executing program 5: mkdir(&(0x7f000082f000)='./control\x00', 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x1032, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000e4c000)) ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0) write$sndseq(r1, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) mount(&(0x7f0000000100)='./control\x00', &(0x7f0000000640)='./control/file0\x00', &(0x7f0000000140)='proc\x00', 0x0, &(0x7f00000001c0)) lchown(&(0x7f0000000040)='./control/file0\x00', 0x0, 0x0) close(r0) 20:42:30 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={&(0x7f0000000300), 0xc, &(0x7f00000003c0)={&(0x7f0000000340)=@ipv4_delrule={0x30, 0x21, 0x1, 0x0, 0x0, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, [@FRA_SRC={0x8, 0x2, @local}, @FRA_GENERIC_POLICY=@FRA_IP_PROTO={0x8, 0xa}]}, 0x30}}, 0x0) r1 = getuid() fstat(r0, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) fchown(r0, r1, r2) [ 151.345815] syz-executor1 (8396) used greatest stack depth: 14464 bytes left 20:42:30 executing program 2: r0 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={&(0x7f0000000000), 0xc, &(0x7f0000000100)={&(0x7f0000000080)=@ipv4_newrule={0x20, 0x20, 0x101}, 0x20}}, 0x0) 20:42:30 executing program 6: r0 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x800) setpriority(0x0, 0x0, 0x1) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f000000dfd0)={0x0, 0x0, &(0x7f000000dfac), 0x1, 0x0, &(0x7f000000df36)="12"}) [ 151.469832] netlink: 4 bytes leftover after parsing attributes in process `syz-executor2'. [ 151.928184] binder_alloc: 8437: binder_alloc_buf, no vma [ 151.933760] binder: 8437:8493 transaction failed 29189/-3, size 0-0 line 2967 [ 152.048402] binder: undelivered TRANSACTION_ERROR: 29189 20:42:30 executing program 4: preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000080)=""/148, 0x289}], 0x1, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/arp\x00') preadv(r0, &(0x7f0000000480), 0x10000000000002a1, 0x10400003) ioctl$TUNGETSNDBUF(0xffffffffffffffff, 0x800454d3, &(0x7f0000000000)) ioctl$PERF_EVENT_IOC_RESET(0xffffffffffffffff, 0x2403, 0x5) fcntl$setown(r0, 0x8, 0x0) r1 = epoll_create1(0x80006) r2 = socket(0x1d, 0x0, 0x1116) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r2, &(0x7f0000000000)={0xfffffffe8000201f}) setsockopt$inet_udp_int(r2, 0x11, 0x6f, &(0x7f0000000100)=0x7, 0x4) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r1, &(0x7f0000000540)={0x20000003}) ioctl$sock_netdev_private(r3, 0x89f0, &(0x7f0000000480)="dd6c4aae95babf1ba2cec8b824c3d8fd5e5e2a57f332e1c96456a1d00ea4ce51a18b3bfae24dc491ada880e92ffe5376d59852e5ee1b2cde661cadfb31d0a597bb36b5180ca4958e224ea71a6b099d1592d459f4f498fce378ebf9ec4774f407b189a23bfebadf74943b2858f72fd422c838df1af095ff") ioctl$BLKSECDISCARD(r3, 0x127d, &(0x7f0000000300)=0x6bb) perf_event_open(&(0x7f0000000140)={0x2, 0xb1, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r5 = mq_open(&(0x7f00005a1ffb)='eth0\x00', 0x42, 0x0, &(0x7f0000000000)={0x0, 0x6, 0x4}) mq_notify(r5, &(0x7f0000000140)={0x0, 0x2e, 0x1, @thr={&(0x7f0000000040)="7be4d6b00202ca53878499e01146863a2e7c8ca45e1910e5eba6453bb6f234b5a1b1bca731970a74bfc8e1793749ea18156c9b8a615bfa2f506fcf44060d36e38f66f111149434d5139e416358ea33f34b4507cdc299f7868d5f186e6bd604", &(0x7f00000000c0)="3c5d8da40d1477844fc4c160b6004a90edc520a6935a49cf5da4c2b525d13146ed27d429c762a4b0e9aaed82555cd1ae800d"}}) r6 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rtc0\x00', 0x101004, 0x0) preadv(r6, &(0x7f0000000440)=[{&(0x7f0000000340)=""/249, 0xf9}], 0x1, 0x0) pipe2(&(0x7f0000000580)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) ioctl$SG_GET_PACK_ID(r7, 0x227c, &(0x7f00000005c0)) ppoll(&(0x7f00000001c0)=[{r5, 0x8000}, {r6, 0x420}], 0x2, &(0x7f0000000200)={0x77359400}, &(0x7f0000000240)={0x9}, 0x8) mq_timedsend(r5, &(0x7f00000e6000), 0x0, 0xe7, &(0x7f0000e0b000)) getsockopt$inet_udp_int(r3, 0x11, 0x1, &(0x7f0000000280), &(0x7f0000000640)=0x4) write$eventfd(r4, &(0x7f00000002c0)=0x43, 0x8) setsockopt$inet_mreq(r2, 0x0, 0x23, &(0x7f0000000500)={@local, @rand_addr=0x800}, 0x8) syz_genetlink_get_family_id$team(&(0x7f0000000780)='team\x00') 20:42:30 executing program 5: mkdir(&(0x7f000082f000)='./control\x00', 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x1032, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000e4c000)) ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0) write$sndseq(r1, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) mount(&(0x7f0000000100)='./control\x00', &(0x7f0000000640)='./control/file0\x00', &(0x7f0000000140)='proc\x00', 0x0, &(0x7f00000001c0)) lchown(&(0x7f0000000040)='./control/file0\x00', 0x0, 0x0) close(r0) 20:42:30 executing program 1: r0 = syz_open_procfs(0x0, &(0x7f0000000540)='net/netlink\x00') preadv(r0, &(0x7f0000000080), 0xa2, 0x4000000) ioctl$TCGETA(r0, 0x5405, &(0x7f0000000000)) lseek(r0, 0x1b, 0x0) fcntl$getflags(r0, 0x408) ioctl$TUNSETOWNER(r0, 0x400454cc, 0x0) setsockopt$inet_MCAST_LEAVE_GROUP(r0, 0x0, 0x2d, &(0x7f0000000180)={0x0, {{0x2, 0x4e20, @multicast2}}}, 0x84) 20:42:30 executing program 6: r0 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x800) setpriority(0x0, 0x0, 0x1) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f000000dfd0)={0x0, 0x0, &(0x7f000000dfac), 0x1, 0x0, &(0x7f000000df36)="12"}) 20:42:30 executing program 0: r0 = add_key$keyring(&(0x7f0000000040)='keyring\x00', &(0x7f0000000080), 0x0, 0x0, 0xffffffffffffffff) keyctl$chown(0x11, r0, 0x0, 0x0) 20:42:30 executing program 2: setsockopt$inet6_MRT6_DEL_MFC_PROXY(0xffffffffffffffff, 0x29, 0xd3, &(0x7f0000002000)={{0xa, 0x0, 0x80000001}, {0xa, 0x0, 0x0, @remote}}, 0x5c) sendmsg$netlink(0xffffffffffffffff, &(0x7f0000001c40)={&(0x7f00000000c0), 0xc, &(0x7f0000001640)=[{&(0x7f00000020c0)=ANY=[@ANYBLOB="1000007f2a0000010061"], 0x1}], 0x1}, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) keyctl$instantiate_iov(0x14, 0x0, &(0x7f0000001200)=[{&(0x7f0000002100)="a4491d5040a5762fa85603207dd3d950021a42017c11cab33175cd7ce3b445d92ee9b3e0ec1225e4ee86f946d411d5bc02a61a8538e2c4f148bbc2", 0x3b}], 0x1, 0x0) setsockopt$inet6_int(r0, 0x29, 0x40, &(0x7f0000001fde), 0xfffffffffffffec9) 20:42:30 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) openat$ppp(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/ppp\x00', 0x0, 0x0) setsockopt$inet_MCAST_MSFILTER(0xffffffffffffffff, 0x0, 0x30, &(0x7f0000000580)=ANY=[], 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000140)=0x78, 0x4) sendto$inet(r0, &(0x7f0000a88f88), 0xfffffffffffffe6e, 0x20000000, &(0x7f0000e68000)={0x2, 0x4004e23, @local}, 0x10) shutdown(r1, 0x1) 20:42:30 executing program 7: mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f00000000c0)={0x4, 0x0, &(0x7f0000000100)=[@register_looper], 0x1, 0x6c000000, &(0x7f0000000280)='\b'}) r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008fd0)={0x4c, 0x0, &(0x7f0000000140)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000100)}}}], 0x0, 0x0, &(0x7f0000fedffe)}) 20:42:30 executing program 6: r0 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x800) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008fd0)={0x4, 0x0, &(0x7f0000003fe8)=[@register_looper], 0x0, 0x0, &(0x7f0000009000)}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f000000dfd0)={0x0, 0x0, &(0x7f000000dfac), 0x1, 0x0, &(0x7f000000df36)="12"}) 20:42:30 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x4, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB='\x00c@@'], 0x0, 0x0, &(0x7f00000003c0)}) dup2(r0, r1) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f00000006c0)=[@increfs], 0x0, 0x0, &(0x7f0000000500)}) 20:42:30 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000deb000)={0x2, 0x3, @broadcast}, 0x10) sendto$inet(r0, &(0x7f0000fd0000), 0x0, 0x200007ff, &(0x7f0000deaff0)={0x2, 0x3, @loopback}, 0x10) sendto$inet(r0, &(0x7f00005c8000)="c3", 0x1, 0x81, &(0x7f0000e66000)={0x2, 0x0, @multicast2}, 0x10) writev(r0, &(0x7f000042a000)=[{&(0x7f00001e3f5a)='-', 0x1}], 0x1) shutdown(r0, 0x1) recvmmsg(r0, &(0x7f0000003580)=[{{&(0x7f0000001b80)=@pppol2tp={0x0, 0x0, {0x0, 0xffffffffffffffff, {0x0, 0x0, @rand_addr}}}, 0x80, &(0x7f0000002fc0)=[{&(0x7f0000001f40)=""/4096, 0x1000}], 0x1, &(0x7f0000003040)=""/56, 0x38}}, {{&(0x7f0000003080)=@ethernet={0x0, @random}, 0x80, &(0x7f0000003400), 0x0, &(0x7f0000003480)=""/236, 0xec}}], 0x2, 0x0, &(0x7f0000003700)={0x0, 0x989680}) 20:42:30 executing program 1: r0 = socket$inet6(0xa, 0x80002, 0x100000000000088) bind$inet6(r0, &(0x7f00000002c0)={0xa, 0x4e23}, 0x1c) r1 = socket$inet6(0xa, 0x802, 0x88) read(r0, &(0x7f0000000380)=""/4096, 0x1000) setsockopt$inet6_udp_int(r1, 0x11, 0x100000000a, &(0x7f00005b1ffc)=0x1, 0x4) sendto$inet6(r1, &(0x7f0000000000)="96", 0x1, 0x0, &(0x7f0000000080)={0xa, 0x4e23, 0x0, @ipv4={[], [], @remote}}, 0x1c) 20:42:30 executing program 5: mkdir(&(0x7f000082f000)='./control\x00', 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x1032, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000e4c000)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}}) r1 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0) write$sndseq(r1, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) mount(&(0x7f0000000100)='./control\x00', &(0x7f0000000640)='./control/file0\x00', &(0x7f0000000140)='proc\x00', 0x0, &(0x7f00000001c0)) lchown(&(0x7f0000000040)='./control/file0\x00', 0x0, 0x0) close(r0) [ 152.154412] binder: 8501:8502 transaction failed 29189/-22, size 0-0 line 2852 [ 152.187156] binder: undelivered TRANSACTION_ERROR: 29189 20:42:30 executing program 7: mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f00000000c0)={0x4, 0x0, &(0x7f0000000100)=[@register_looper], 0x1, 0x6c000000, &(0x7f0000000280)='\b'}) r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008fd0)={0x4c, 0x0, &(0x7f0000000140)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000100)}}}], 0x0, 0x0, &(0x7f0000fedffe)}) [ 152.218752] binder: 8520:8522 transaction failed 29189/-22, size 0-0 line 2852 [ 152.245373] binder: 8520:8527 transaction failed 29189/-22, size 0-0 line 2852 20:42:31 executing program 0: r0 = socket$inet6(0xa, 0x1, 0x0) r1 = dup(r0) bind$inet6(r0, &(0x7f0000000440)={0xa, 0x4e20}, 0x1c) sendto$inet6(r1, &(0x7f00000007c0), 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$SO_TIMESTAMPING(r1, 0x1, 0x25, &(0x7f00000004c0)=0x301, 0x4) r2 = open(&(0x7f00000008c0)='./file0\x00', 0x20141042, 0x0) getsockopt$inet6_mreq(r2, 0x29, 0x1f, &(0x7f00000000c0)={@loopback}, &(0x7f0000000480)=0x14) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000500)={'bond_slave_0\x00'}) sendmsg$TEAM_CMD_OPTIONS_SET(r2, &(0x7f00000006c0)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000680)={&(0x7f0000000180)=ANY=[@ANYBLOB="c0fdc3ce616b93ff3eaed181ddf400008986bc09282f9d547f044c0401000000cb8f008cf0ed55871e5bd9fbf65c0cac80aaa8b400000000"], 0x1}}, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net\x00', 0x200002, 0x0) socketpair$inet(0x2, 0x0, 0x0, &(0x7f00000001c0)) fchdir(0xffffffffffffffff) getsockopt$ARPT_SO_GET_REVISION_TARGET(0xffffffffffffffff, 0x0, 0x63, &(0x7f0000000140)={'icmp\x00'}, &(0x7f0000000300)=0x1e) creat(&(0x7f00000007c0)='./file0\x00', 0x0) r3 = socket$inet6(0xa, 0x1, 0x0) tee(r1, r1, 0x3f, 0xe) ioctl(r3, 0x4000008912, &(0x7f0000000100)="2957e1311f16f4776710") getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, &(0x7f0000000200)={{{@in=@multicast1, @in=@local}}, {{@in6=@remote}, 0x0, @in=@broadcast}}, &(0x7f0000000040)=0xe8) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$VT_RESIZE(0xffffffffffffffff, 0x5609, &(0x7f0000000000)) unlink(&(0x7f0000000080)='./file0\x00') ftruncate(r2, 0x280080) sendfile(r1, r2, &(0x7f0000d83ff8), 0x2008000fffffffe) 20:42:31 executing program 5: mkdir(&(0x7f000082f000)='./control\x00', 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x1032, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000e4c000)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}}) r1 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0) write$sndseq(r1, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) mount(&(0x7f0000000100)='./control\x00', &(0x7f0000000640)='./control/file0\x00', &(0x7f0000000140)='proc\x00', 0x0, &(0x7f00000001c0)) lchown(&(0x7f0000000040)='./control/file0\x00', 0x0, 0x0) close(r0) [ 152.272427] binder: 8530:8536 ERROR: BC_REGISTER_LOOPER called without request [ 152.281400] binder: 8534:8535 transaction failed 29189/-22, size 0-0 line 2852 [ 152.291803] binder: undelivered TRANSACTION_ERROR: 29189 [ 152.304469] binder: undelivered TRANSACTION_ERROR: 29189 [ 152.325923] binder: undelivered TRANSACTION_ERROR: 29189 [ 152.333810] binder: 8530:8536 ioctl c0306201 2000dfd0 returned -11 20:42:31 executing program 4: preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000080)=""/148, 0x289}], 0x1, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/arp\x00') preadv(r0, &(0x7f0000000480), 0x10000000000002a1, 0x10400003) ioctl$TUNGETSNDBUF(0xffffffffffffffff, 0x800454d3, &(0x7f0000000000)) ioctl$PERF_EVENT_IOC_RESET(0xffffffffffffffff, 0x2403, 0x5) fcntl$setown(r0, 0x8, 0x0) r1 = epoll_create1(0x80006) r2 = socket(0x1d, 0x0, 0x1116) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r2, &(0x7f0000000000)={0xfffffffe8000201f}) setsockopt$inet_udp_int(r2, 0x11, 0x6f, &(0x7f0000000100)=0x7, 0x4) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r1, &(0x7f0000000540)={0x20000003}) ioctl$sock_netdev_private(r3, 0x89f0, &(0x7f0000000480)="dd6c4aae95babf1ba2cec8b824c3d8fd5e5e2a57f332e1c96456a1d00ea4ce51a18b3bfae24dc491ada880e92ffe5376d59852e5ee1b2cde661cadfb31d0a597bb36b5180ca4958e224ea71a6b099d1592d459f4f498fce378ebf9ec4774f407b189a23bfebadf74943b2858f72fd422c838df1af095ff") ioctl$BLKSECDISCARD(r3, 0x127d, &(0x7f0000000300)=0x6bb) fcntl$getown(0xffffffffffffffff, 0x9) r5 = mq_open(&(0x7f00005a1ffb)='eth0\x00', 0x42, 0x0, &(0x7f0000000000)={0x0, 0x6, 0x4}) mq_notify(r5, &(0x7f0000000140)={0x0, 0x2e, 0x1, @thr={&(0x7f0000000040)="7be4d6b00202ca53878499e01146863a2e7c8ca45e1910e5eba6453bb6f234b5a1b1bca731970a74bfc8e1793749ea18156c9b8a615bfa2f506fcf44060d36e38f66f111149434d5139e416358ea33f34b4507cdc299f7868d5f186e6bd604", &(0x7f00000000c0)="3c5d8da40d1477844fc4c160b6004a90edc520a6935a49cf5da4c2b525d13146ed27d429c762a4b0e9aaed82555cd1ae800d"}}) r6 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rtc0\x00', 0x101004, 0x0) preadv(r6, &(0x7f0000000440)=[{&(0x7f0000000340)=""/249, 0xf9}], 0x1, 0x0) pipe2(&(0x7f0000000580)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) ioctl$SG_GET_PACK_ID(r7, 0x227c, &(0x7f00000005c0)) ppoll(&(0x7f00000001c0)=[{r5, 0x8000}, {r6, 0x420}], 0x2, &(0x7f0000000200)={0x77359400}, &(0x7f0000000240)={0x9}, 0x8) mq_timedsend(r5, &(0x7f00000e6000), 0x0, 0xe7, &(0x7f0000e0b000)) getsockopt$inet_udp_int(r3, 0x11, 0x1, &(0x7f0000000280), &(0x7f0000000640)=0x4) write$eventfd(r4, &(0x7f00000002c0)=0x43, 0x8) setsockopt$inet_mreq(r2, 0x0, 0x23, &(0x7f0000000500)={@local, @rand_addr=0x800}, 0x8) syz_genetlink_get_family_id$team(&(0x7f0000000780)='team\x00') 20:42:31 executing program 7: mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f00000000c0)={0x4, 0x0, &(0x7f0000000100)=[@register_looper], 0x1, 0x6c000000, &(0x7f0000000280)='\b'}) r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008fd0)={0x4c, 0x0, &(0x7f0000000140)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000100)}}}], 0x0, 0x0, &(0x7f0000fedffe)}) 20:42:31 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = socket$packet(0x11, 0x800000000002, 0x300) connect$inet(r0, &(0x7f0000000000)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x17}}, 0x10) setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x0, 0xfffffffffffffffc}, 0xdf) sendto$inet(r0, &(0x7f0000762fff), 0xf2c8, 0x0, &(0x7f000057bff0)={0x2, 0x4e20, @multicast1}, 0x10) r2 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r2, &(0x7f0000000000)={0xa, 0x0, 0x0, @local, 0x2}, 0x1c) sendmmsg(r2, &(0x7f00000092c0), 0x4000011, 0x0) 20:42:31 executing program 6: ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000008fd0)={0x4, 0x0, &(0x7f0000003fe8)=[@register_looper], 0x0, 0x0, &(0x7f0000009000)}) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f000000dfd0)={0x0, 0x0, &(0x7f000000dfac), 0x1, 0x0, &(0x7f000000df36)="12"}) 20:42:31 executing program 5: mkdir(&(0x7f000082f000)='./control\x00', 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x1032, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000e4c000)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}}) r1 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0) write$sndseq(r1, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) mount(&(0x7f0000000100)='./control\x00', &(0x7f0000000640)='./control/file0\x00', &(0x7f0000000140)='proc\x00', 0x0, &(0x7f00000001c0)) lchown(&(0x7f0000000040)='./control/file0\x00', 0x0, 0x0) close(r0) 20:42:31 executing program 0: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) r1 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12, 0x0, @thr={&(0x7f0000000040), &(0x7f0000000140)}}, &(0x7f0000044000)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000040000)) r2 = socket$inet(0x2, 0x1, 0x0) mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0xfffffffffffffffc, 0x8972, 0xffffffffffffffff, 0x0) bind$inet(r2, &(0x7f0000134000)={0x2, 0x4e23, @broadcast}, 0x10) connect$inet(r2, &(0x7f00000e5000)={0x2, 0x4e23, @loopback}, 0x10) connect$inet(r2, &(0x7f00009322c4)={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x10) connect$inet(r2, &(0x7f0000000080)={0x2, 0x4e23, @loopback}, 0x10) sendto$inet(r2, &(0x7f0000000000), 0x0, 0x0, 0x0, 0xffffffffffffff82) dup2(r0, r2) tkill(r1, 0x1000000000016) 20:42:31 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) openat$ppp(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/ppp\x00', 0x0, 0x0) setsockopt$inet_MCAST_MSFILTER(0xffffffffffffffff, 0x0, 0x30, &(0x7f0000000580)=ANY=[], 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e23, @broadcast}, 0x10) sendto$inet(r0, &(0x7f0000a88f88), 0xfffffffffffffe6e, 0x20000000, &(0x7f0000e68000)={0x2, 0x4004e23, @local}, 0x10) shutdown(r1, 0x1) [ 153.139881] binder: 8566:8567 transaction failed 29189/-22, size 0-0 line 2852 20:42:31 executing program 1: r0 = add_key$keyring(&(0x7f0000000000)='keyring\x00', &(0x7f0000000040), 0x0, 0x0, 0xfffffffffffffffe) keyctl$update(0x2, r0, &(0x7f0000000080), 0x0) 20:42:31 executing program 6: ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000008fd0)={0x4, 0x0, &(0x7f0000003fe8)=[@register_looper], 0x0, 0x0, &(0x7f0000009000)}) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f000000dfd0)={0x0, 0x0, &(0x7f000000dfac), 0x1, 0x0, &(0x7f000000df36)="12"}) 20:42:31 executing program 5: mkdir(&(0x7f000082f000)='./control\x00', 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x1032, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000e4c000)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0) write$sndseq(0xffffffffffffffff, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) mount(&(0x7f0000000100)='./control\x00', &(0x7f0000000640)='./control/file0\x00', &(0x7f0000000140)='proc\x00', 0x0, &(0x7f00000001c0)) lchown(&(0x7f0000000040)='./control/file0\x00', 0x0, 0x0) close(r0) 20:42:31 executing program 7: r0 = syz_open_dev$binder(&(0x7f0000000040)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000000c0)={0x4, 0x0, &(0x7f0000000100)=[@register_looper], 0x1, 0x6c000000, &(0x7f0000000280)='\b'}) r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000008fd0)={0x4c, 0x0, &(0x7f0000000140)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000100)}}}], 0x0, 0x0, &(0x7f0000fedffe)}) 20:42:31 executing program 0: r0 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c) recvmmsg(r0, &(0x7f0000000600)=[{{&(0x7f00000000c0)=@pppol2tpin6={0x0, 0x0, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, @ipv4={[], [], @remote}}}}, 0x80, &(0x7f0000000500), 0x0, &(0x7f0000000580)=""/124, 0x7c}}], 0x1, 0x0, &(0x7f0000000640)={0x0, 0x1c9c380}) recvfrom(r0, &(0x7f00000006c0)=""/160, 0xa0, 0x0, &(0x7f0000000780)=@rc, 0x80) shutdown(r0, 0x0) [ 153.188922] binder: undelivered TRANSACTION_ERROR: 29189 20:42:31 executing program 6: ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000008fd0)={0x4, 0x0, &(0x7f0000003fe8)=[@register_looper], 0x0, 0x0, &(0x7f0000009000)}) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f000000dfd0)={0x0, 0x0, &(0x7f000000dfac), 0x1, 0x0, &(0x7f000000df36)="12"}) 20:42:32 executing program 5: mkdir(&(0x7f000082f000)='./control\x00', 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x1032, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000e4c000)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0) write$sndseq(0xffffffffffffffff, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) mount(&(0x7f0000000100)='./control\x00', &(0x7f0000000640)='./control/file0\x00', &(0x7f0000000140)='proc\x00', 0x0, &(0x7f00000001c0)) lchown(&(0x7f0000000040)='./control/file0\x00', 0x0, 0x0) close(r0) 20:42:32 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000480)={&(0x7f0000000240), 0xc, &(0x7f0000000080)={&(0x7f0000000040)=@ipv6_getaddr={0x18, 0x16, 0x305}, 0x18}}, 0x0) 20:42:32 executing program 6: r0 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008fd0)={0x4, 0x0, &(0x7f0000003fe8)=[@register_looper], 0x0, 0x0, &(0x7f0000009000)}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f000000dfd0)={0x0, 0x0, &(0x7f000000dfac), 0x1, 0x0, &(0x7f000000df36)="12"}) [ 153.282066] binder: 8587:8588 ERROR: BC_REGISTER_LOOPER called without request [ 153.327736] binder: 8597:8598 ERROR: BC_REGISTER_LOOPER called without request 20:42:32 executing program 4: preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000080)=""/148, 0x289}], 0x1, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/arp\x00') preadv(r0, &(0x7f0000000480), 0x10000000000002a1, 0x10400003) ioctl$TUNGETSNDBUF(0xffffffffffffffff, 0x800454d3, &(0x7f0000000000)) ioctl$PERF_EVENT_IOC_RESET(0xffffffffffffffff, 0x2403, 0x5) fcntl$setown(r0, 0x8, 0x0) r1 = epoll_create1(0x80006) r2 = socket(0x1d, 0x0, 0x1116) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r2, &(0x7f0000000000)={0xfffffffe8000201f}) setsockopt$inet_udp_int(r2, 0x11, 0x6f, &(0x7f0000000100)=0x7, 0x4) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r1, &(0x7f0000000540)={0x20000003}) ioctl$sock_netdev_private(r3, 0x89f0, &(0x7f0000000480)="dd6c4aae95babf1ba2cec8b824c3d8fd5e5e2a57f332e1c96456a1d00ea4ce51a18b3bfae24dc491ada880e92ffe5376d59852e5ee1b2cde661cadfb31d0a597bb36b5180ca4958e224ea71a6b099d1592d459f4f498fce378ebf9ec4774f407b189a23bfebadf74943b2858f72fd422c838df1af095ff") r5 = perf_event_open(&(0x7f0000000140)={0x2, 0xb1, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) fcntl$getown(r5, 0x9) r6 = mq_open(&(0x7f00005a1ffb)='eth0\x00', 0x42, 0x0, &(0x7f0000000000)={0x0, 0x6, 0x4}) mq_notify(r6, &(0x7f0000000140)={0x0, 0x2e, 0x1, @thr={&(0x7f0000000040)="7be4d6b00202ca53878499e01146863a2e7c8ca45e1910e5eba6453bb6f234b5a1b1bca731970a74bfc8e1793749ea18156c9b8a615bfa2f506fcf44060d36e38f66f111149434d5139e416358ea33f34b4507cdc299f7868d5f186e6bd604", &(0x7f00000000c0)="3c5d8da40d1477844fc4c160b6004a90edc520a6935a49cf5da4c2b525d13146ed27d429c762a4b0e9aaed82555cd1ae800d"}}) r7 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rtc0\x00', 0x101004, 0x0) preadv(r7, &(0x7f0000000440)=[{&(0x7f0000000340)=""/249, 0xf9}], 0x1, 0x0) pipe2(&(0x7f0000000580)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) ioctl$SG_GET_PACK_ID(r8, 0x227c, &(0x7f00000005c0)) ppoll(&(0x7f00000001c0)=[{r6, 0x8000}, {r7, 0x420}], 0x2, &(0x7f0000000200)={0x77359400}, &(0x7f0000000240)={0x9}, 0x8) mq_timedsend(r6, &(0x7f00000e6000), 0x0, 0xe7, &(0x7f0000e0b000)) getsockopt$inet_udp_int(r3, 0x11, 0x1, &(0x7f0000000280), &(0x7f0000000640)=0x4) write$eventfd(r4, &(0x7f00000002c0)=0x43, 0x8) setsockopt$inet_mreq(r2, 0x0, 0x23, &(0x7f0000000500)={@local, @rand_addr=0x800}, 0x8) syz_genetlink_get_family_id$team(&(0x7f0000000780)='team\x00') 20:42:32 executing program 5: mkdir(&(0x7f000082f000)='./control\x00', 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x1032, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000e4c000)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0) write$sndseq(0xffffffffffffffff, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) mount(&(0x7f0000000100)='./control\x00', &(0x7f0000000640)='./control/file0\x00', &(0x7f0000000140)='proc\x00', 0x0, &(0x7f00000001c0)) lchown(&(0x7f0000000040)='./control/file0\x00', 0x0, 0x0) close(r0) 20:42:32 executing program 1: r0 = socket$inet6(0xa, 0x2000000802, 0x0) sendto$inet6(r0, &(0x7f0000000000), 0x0, 0xfffffffffffffffc, &(0x7f0000000080)={0xa, 0x4e23, 0x0, @remote}, 0x1c) 20:42:32 executing program 2: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000180), 0x315) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f00000002c0)="696c6c696e6f6973003adab9b9ae935e72a2e20ca00111bf788aadce7d50e1a75d4e3e76d353aaefd2076371f5646c94bb137a88bfc0ab2b45f7052c17f7f0c221c6f0bc77917e76f1473479e45d3fde5d6186c56754b3514fcd337d79079eba457f20d3aa91f1e980a8804b41fbc2d6764d05b461370b9f96ad418a28a1e0765895978e033d2e", 0x87) bind$inet(r0, &(0x7f00000001c0)={0x2, 0x4e23, @multicast2}, 0x10) sendto$inet(r0, &(0x7f0000a88f88), 0x2f0c, 0x20008001, &(0x7f0000e68000)={0x2, 0x4e23, @loopback}, 0x10) 20:42:32 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) openat$ppp(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/ppp\x00', 0x0, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e23, @broadcast}, 0x10) sendto$inet(r0, &(0x7f0000a88f88), 0xfffffffffffffe6e, 0x20000000, &(0x7f0000e68000)={0x2, 0x4004e23, @local}, 0x10) shutdown(r1, 0x1) [ 154.076333] binder: 8587:8610 transaction failed 29189/-22, size 0-0 line 2852 20:42:32 executing program 0: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={"766574000000000000000000bd6800", 0x43732e5398416f1a}) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000140)={&(0x7f00000000c0), 0xc, &(0x7f0000000100)={&(0x7f0000000180)=@newlink={0x28, 0x10, 0xc362e63b3f31ba5f, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x3}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0) read(0xffffffffffffffff, &(0x7f0000000340)=""/71, 0xfffffffffffffe73) 20:42:32 executing program 6: r0 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008fd0)={0x4, 0x0, &(0x7f0000003fe8)=[@register_looper], 0x0, 0x0, &(0x7f0000009000)}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f000000dfd0)={0x0, 0x0, &(0x7f000000dfac), 0x1, 0x0, &(0x7f000000df36)="12"}) 20:42:32 executing program 1: r0 = add_key$keyring(&(0x7f0000000000)='keyring\x00', &(0x7f0000000040), 0x0, 0x0, 0xfffffffffffffffe) keyctl$invalidate(0x15, r0) add_key$keyring(&(0x7f00000000c0)='keyring\x00', &(0x7f0000000100), 0x0, 0x0, r0) 20:42:32 executing program 5: mkdir(&(0x7f000082f000)='./control\x00', 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x1032, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000e4c000)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0) write$sndseq(r1, &(0x7f0000011fd2), 0x0) mount(&(0x7f0000000100)='./control\x00', &(0x7f0000000640)='./control/file0\x00', &(0x7f0000000140)='proc\x00', 0x0, &(0x7f00000001c0)) lchown(&(0x7f0000000040)='./control/file0\x00', 0x0, 0x0) close(r0) 20:42:32 executing program 2: socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_elf64(r0, &(0x7f0000000200)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}]}, 0xffffffffffffff41) recvfrom$unix(r1, &(0x7f0000000040)=""/4, 0xfffffffffffffda1, 0x3f00, &(0x7f0000000100)=@abs, 0xa) getpid() sendmsg$nl_netfilter(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000080), 0xc, &(0x7f00000000c0)={&(0x7f0000000280)={0x64, 0x0, 0xf, 0x200, 0x0, 0x25dfdbff, {0xc}, [@nested={0x50, 0x1c, [@generic="0a1cd88e455050850a4f2831354c6a47deb41a2189b45b9e1e8a3c3ee52ac510c586a29c387e3e0b2f4fbb5a81cab54f385307ecbcd9a2ffc199199bfb1f2025c76d03fc0b9a2355ce332f"]}]}, 0x64}, 0x1, 0x0, 0x0, 0x11}, 0x0) mprotect(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x4) 20:42:32 executing program 7: r0 = syz_open_dev$binder(&(0x7f0000000040)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000000c0)={0x4, 0x0, &(0x7f0000000100)=[@register_looper], 0x1, 0x6c000000, &(0x7f0000000280)='\b'}) r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000008fd0)={0x4c, 0x0, &(0x7f0000000140)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000100)}}}], 0x0, 0x0, &(0x7f0000fedffe)}) [ 154.187122] binder: undelivered TRANSACTION_ERROR: 29189 [ 154.205921] binder: 8626:8633 ERROR: BC_REGISTER_LOOPER called without request 20:42:32 executing program 1: setsockopt$inet6_MRT6_DEL_MFC_PROXY(0xffffffffffffffff, 0x29, 0xd3, &(0x7f0000002000)={{}, {0xa, 0x0, 0x0, @local}, 0x10000}, 0x5c) sync() setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x40, &(0x7f0000001fde), 0x4) readlinkat(0xffffffffffffffff, &(0x7f0000000440)='./file0\x00', &(0x7f0000000480)=""/17, 0x11) 20:42:33 executing program 5: mkdir(&(0x7f000082f000)='./control\x00', 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x1032, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000e4c000)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0) write$sndseq(r1, &(0x7f0000011fd2), 0x0) mount(&(0x7f0000000100)='./control\x00', &(0x7f0000000640)='./control/file0\x00', &(0x7f0000000140)='proc\x00', 0x0, &(0x7f00000001c0)) lchown(&(0x7f0000000040)='./control/file0\x00', 0x0, 0x0) close(r0) [ 154.232907] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 154.244783] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 154.263944] binder: 8639:8640 ERROR: BC_REGISTER_LOOPER called without request 20:42:33 executing program 1: open$dir(&(0x7f0000000140)='./file0\x00', 0x800, 0x4) fsync(0xffffffffffffffff) r0 = syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x1000082) add_key$user(&(0x7f0000000180)='user\x00', &(0x7f0000000540), &(0x7f0000000380), 0x0, 0x0) r1 = memfd_create(&(0x7f0000000080)="74086e750000000000000000008c00", 0x0) sendmsg(r1, &(0x7f00000004c0)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000380)="83f1df02dbd105fe2f2de598dc3a77c94dcf5b599110f144d380d2a9cc4b5ebd41ac9b367fb6a2236edc26ba339fcaa2bcd3885645fa68db3df680e3b36853d55fbb685b88c5bf1a1434", 0x4a}, {&(0x7f0000000580)="0bca04a476f9f43c30de0176648e24c781af3cf84689bcbd5e855035eaf568e1c5ab3f3dbb36270522251db55097f3d271160dfa9969bec87d1479f6ca890bf0d96154030f8d1c3441cea220f3abe711bfb842dbb0d39c741fe327d0a5ad419112c534e370803df68222175dccb2ca8934c1c6f5b5b63a00fa245dce4eb3615af3d753e06fef602394bddfba75a5352e50e4a5b6e6f17646f759825aeff5b8f36e37633c57c1980b217eab374ee35a060e7f87d4113e5a19005234c21aa0c1c0ba31d15a494c71a95647d6317c71a686047ea291a8b8a358b683fd1d5213d69e4972442fdc5d8172d67b07f2495fbcdeb1f7a356d2", 0xf5}], 0x2, &(0x7f0000000680), 0x0, 0x11}, 0x4004) flock(0xffffffffffffffff, 0x6) ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c06, 0xffffffffffffffff) pwritev(r1, &(0x7f0000000340)=[{&(0x7f00000001c0)='\'', 0x1}], 0x1, 0x1081806) ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) sendfile(r0, r0, &(0x7f0000000000), 0x2000005) ioctl$LOOP_CLR_FD(0xffffffffffffffff, 0x4c01) openat$ppp(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ppp\x00', 0x0, 0x0) 20:42:33 executing program 5: mkdir(&(0x7f000082f000)='./control\x00', 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x1032, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000e4c000)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0) write$sndseq(r1, &(0x7f0000011fd2), 0x0) mount(&(0x7f0000000100)='./control\x00', &(0x7f0000000640)='./control/file0\x00', &(0x7f0000000140)='proc\x00', 0x0, &(0x7f00000001c0)) lchown(&(0x7f0000000040)='./control/file0\x00', 0x0, 0x0) close(r0) [ 154.337609] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready 20:42:33 executing program 5: mkdir(&(0x7f000082f000)='./control\x00', 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x1032, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000e4c000)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0) write$sndseq(r1, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) mount(&(0x7f0000000100)='./control\x00', &(0x7f0000000640)='./control/file0\x00', &(0x7f0000000140)='proc\x00', 0x0, &(0x7f00000001c0)) lchown(&(0x7f0000000040)='./control/file0\x00', 0x0, 0x0) close(0xffffffffffffffff) [ 155.063953] binder: 8639:8673 transaction failed 29189/-22, size 0-0 line 2852 20:42:33 executing program 4: preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000080)=""/148, 0x289}], 0x1, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/arp\x00') preadv(r0, &(0x7f0000000480), 0x10000000000002a1, 0x10400003) ioctl$TUNGETSNDBUF(0xffffffffffffffff, 0x800454d3, &(0x7f0000000000)) ioctl$PERF_EVENT_IOC_RESET(0xffffffffffffffff, 0x2403, 0x5) fcntl$setown(r0, 0x8, 0x0) r1 = epoll_create1(0x80006) r2 = socket(0x1d, 0x0, 0x1116) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r2, &(0x7f0000000000)={0xfffffffe8000201f}) setsockopt$inet_udp_int(r2, 0x11, 0x6f, &(0x7f0000000100)=0x7, 0x4) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r1, &(0x7f0000000540)={0x20000003}) ioctl$BLKSECDISCARD(r3, 0x127d, &(0x7f0000000300)=0x6bb) r5 = perf_event_open(&(0x7f0000000140)={0x2, 0xb1, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) fcntl$getown(r5, 0x9) r6 = mq_open(&(0x7f00005a1ffb)='eth0\x00', 0x42, 0x0, &(0x7f0000000000)={0x0, 0x6, 0x4}) mq_notify(r6, &(0x7f0000000140)={0x0, 0x2e, 0x1, @thr={&(0x7f0000000040)="7be4d6b00202ca53878499e01146863a2e7c8ca45e1910e5eba6453bb6f234b5a1b1bca731970a74bfc8e1793749ea18156c9b8a615bfa2f506fcf44060d36e38f66f111149434d5139e416358ea33f34b4507cdc299f7868d5f186e6bd604", &(0x7f00000000c0)="3c5d8da40d1477844fc4c160b6004a90edc520a6935a49cf5da4c2b525d13146ed27d429c762a4b0e9aaed82555cd1ae800d"}}) r7 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rtc0\x00', 0x101004, 0x0) preadv(r7, &(0x7f0000000440)=[{&(0x7f0000000340)=""/249, 0xf9}], 0x1, 0x0) pipe2(&(0x7f0000000580)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) ioctl$SG_GET_PACK_ID(r8, 0x227c, &(0x7f00000005c0)) ppoll(&(0x7f00000001c0)=[{r6, 0x8000}, {r7, 0x420}], 0x2, &(0x7f0000000200)={0x77359400}, &(0x7f0000000240)={0x9}, 0x8) mq_timedsend(r6, &(0x7f00000e6000), 0x0, 0xe7, &(0x7f0000e0b000)) getsockopt$inet_udp_int(r3, 0x11, 0x1, &(0x7f0000000280), &(0x7f0000000640)=0x4) write$eventfd(r4, &(0x7f00000002c0)=0x43, 0x8) setsockopt$inet_mreq(r2, 0x0, 0x23, &(0x7f0000000500)={@local, @rand_addr=0x800}, 0x8) syz_genetlink_get_family_id$team(&(0x7f0000000780)='team\x00') 20:42:33 executing program 0: r0 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r0, &(0x7f0000000000)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x20}}, 0x10) setsockopt$inet_int(r0, 0x0, 0x22, &(0x7f00000001c0), 0xffffffae) sendto$inet(r0, &(0x7f0000c95ffd), 0x1c00, 0x0, &(0x7f000057bff0)={0x2, 0x4e20, @multicast1}, 0x10) 20:42:33 executing program 1: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="020a000007000000000013002dd4106205001a000000c60300000009cb27591a17cc3400000000000000a4b757ec18773f91001525be00020000000000000057e32a971bafee30c4fe4d9a20fd64042b3bd03fe4169c604c16af1e11fdc9afd43abee2fc0bf94c"], 0x67}}, 0x0) sendmmsg(r0, &(0x7f0000000180), 0x352, 0x0) 20:42:33 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e23, @broadcast}, 0x10) sendto$inet(r0, &(0x7f0000a88f88), 0xfffffffffffffe6e, 0x20000000, &(0x7f0000e68000)={0x2, 0x4004e23, @local}, 0x10) shutdown(r1, 0x1) 20:42:33 executing program 6: r0 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008fd0)={0x4, 0x0, &(0x7f0000003fe8)=[@register_looper], 0x0, 0x0, &(0x7f0000009000)}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f000000dfd0)={0x0, 0x0, &(0x7f000000dfac), 0x1, 0x0, &(0x7f000000df36)="12"}) 20:42:33 executing program 0: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup.cpu\x00', 0x200002, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000040)='./bus\x00', 0x0) rt_sigsuspend(&(0x7f0000000240), 0x8) ioctl$RTC_VL_READ(0xffffffffffffffff, 0x80047013, &(0x7f0000000340)) setsockopt$l2tp_PPPOL2TP_SO_REORDERTO(0xffffffffffffffff, 0x111, 0x5, 0xc862, 0x4) r2 = creat(&(0x7f0000000200)='./bus\x00', 0x0) openat$rtc(0xffffffffffffff9c, &(0x7f0000000140)='/dev/rtc0\x00', 0x600, 0x0) setsockopt$inet_tcp_TLS_RX(0xffffffffffffffff, 0x6, 0x2, &(0x7f0000000180), 0x4) ftruncate(r2, 0x8000001) r3 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) sendfile(r2, r3, &(0x7f0000d83ff8), 0x8000fffffffe) modify_ldt$read_default(0x2, &(0x7f0000000300)=""/5, 0x5) fcntl$setstatus(r1, 0x4, 0x6100) ftruncate(r1, 0x400000000000007) r4 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) sendfile(r1, r4, &(0x7f0000d83ff8), 0x8000fffffffe) link(&(0x7f00000001c0)='./bus\x00', &(0x7f0000000280)='./bus\x00') openat$ppp(0xffffffffffffff9c, &(0x7f0000000380)='/dev/ppp\x00', 0x0, 0x0) 20:42:33 executing program 1: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_mreqsrc(r0, 0x0, 0x27, &(0x7f000001b000)={@multicast2, @loopback, @dev}, 0xc) setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000080)=ANY=[@ANYBLOB="e0000002ac141412000000000a00000000000000ac01ee0000000002000000000000000000007f1b43d173ff58444ba61700000000000000"], 0x1) setsockopt$inet_mreqsrc(r0, 0x0, 0x26, &(0x7f0000000040)={@multicast2, @remote, @local}, 0xc) 20:42:33 executing program 7: r0 = syz_open_dev$binder(&(0x7f0000000040)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000000c0)={0x4, 0x0, &(0x7f0000000100)=[@register_looper], 0x1, 0x6c000000, &(0x7f0000000280)='\b'}) r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000008fd0)={0x4c, 0x0, &(0x7f0000000140)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000100)}}}], 0x0, 0x0, &(0x7f0000fedffe)}) 20:42:33 executing program 2: r0 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000100)={'veth0_to_bridge\x00', 0x0}) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000080)={&(0x7f0000000000), 0xc, &(0x7f00000000c0)={&(0x7f0000000040)=@ipv4_deladdr={0x20, 0x15, 0x423, 0x0, 0x0, {0x2, 0x0, 0x0, 0x0, r1}, [@IFA_LOCAL={0x8, 0x2, @rand_addr}]}, 0x20}}, 0x0) [ 155.138398] binder: 8680:8681 ERROR: BC_REGISTER_LOOPER called without request [ 155.175116] binder: undelivered TRANSACTION_ERROR: 29189 20:42:33 executing program 1: 20:42:33 executing program 1: 20:42:33 executing program 2: [ 155.228293] binder: 8697:8698 ERROR: BC_REGISTER_LOOPER called without request 20:42:34 executing program 2: 20:42:34 executing program 1: 20:42:34 executing program 1: 20:42:34 executing program 5: mkdir(&(0x7f000082f000)='./control\x00', 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x1032, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000e4c000)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0) write$sndseq(r1, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) mount(&(0x7f0000000100)='./control\x00', &(0x7f0000000640)='./control/file0\x00', &(0x7f0000000140)='proc\x00', 0x0, &(0x7f00000001c0)) lchown(&(0x7f0000000040)='./control/file0\x00', 0x0, 0x0) close(0xffffffffffffffff) [ 156.028733] binder: 8697:8729 transaction failed 29189/-22, size 0-0 line 2852 20:42:34 executing program 4: preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000080)=""/148, 0x289}], 0x1, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/arp\x00') preadv(r0, &(0x7f0000000480), 0x10000000000002a1, 0x10400003) ioctl$TUNGETSNDBUF(0xffffffffffffffff, 0x800454d3, &(0x7f0000000000)) ioctl$PERF_EVENT_IOC_RESET(0xffffffffffffffff, 0x2403, 0x5) fcntl$setown(r0, 0x8, 0x0) r1 = epoll_create1(0x80006) r2 = socket(0x1d, 0x0, 0x1116) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r2, &(0x7f0000000000)={0xfffffffe8000201f}) setsockopt$inet_udp_int(r2, 0x11, 0x6f, &(0x7f0000000100)=0x7, 0x4) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_netdev_private(r3, 0x89f0, &(0x7f0000000480)="dd6c4aae95babf1ba2cec8b824c3d8fd5e5e2a57f332e1c96456a1d00ea4ce51a18b3bfae24dc491ada880e92ffe5376d59852e5ee1b2cde661cadfb31d0a597bb36b5180ca4958e224ea71a6b099d1592d459f4f498fce378ebf9ec4774f407b189a23bfebadf74943b2858f72fd422c838df1af095ff") ioctl$BLKSECDISCARD(r3, 0x127d, &(0x7f0000000300)=0x6bb) r5 = perf_event_open(&(0x7f0000000140)={0x2, 0xb1, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) fcntl$getown(r5, 0x9) r6 = mq_open(&(0x7f00005a1ffb)='eth0\x00', 0x42, 0x0, &(0x7f0000000000)={0x0, 0x6, 0x4}) mq_notify(r6, &(0x7f0000000140)={0x0, 0x2e, 0x1, @thr={&(0x7f0000000040)="7be4d6b00202ca53878499e01146863a2e7c8ca45e1910e5eba6453bb6f234b5a1b1bca731970a74bfc8e1793749ea18156c9b8a615bfa2f506fcf44060d36e38f66f111149434d5139e416358ea33f34b4507cdc299f7868d5f186e6bd604", &(0x7f00000000c0)="3c5d8da40d1477844fc4c160b6004a90edc520a6935a49cf5da4c2b525d13146ed27d429c762a4b0e9aaed82555cd1ae800d"}}) r7 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rtc0\x00', 0x101004, 0x0) preadv(r7, &(0x7f0000000440)=[{&(0x7f0000000340)=""/249, 0xf9}], 0x1, 0x0) pipe2(&(0x7f0000000580)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) ioctl$SG_GET_PACK_ID(r8, 0x227c, &(0x7f00000005c0)) ppoll(&(0x7f00000001c0)=[{r6, 0x8000}, {r7, 0x420}], 0x2, &(0x7f0000000200)={0x77359400}, &(0x7f0000000240)={0x9}, 0x8) mq_timedsend(r6, &(0x7f00000e6000), 0x0, 0xe7, &(0x7f0000e0b000)) getsockopt$inet_udp_int(r3, 0x11, 0x1, &(0x7f0000000280), &(0x7f0000000640)=0x4) write$eventfd(r4, &(0x7f00000002c0)=0x43, 0x8) setsockopt$inet_mreq(r2, 0x0, 0x23, &(0x7f0000000500)={@local, @rand_addr=0x800}, 0x8) syz_genetlink_get_family_id$team(&(0x7f0000000780)='team\x00') 20:42:34 executing program 2: mkdir(&(0x7f000082f000)='./control\x00', 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x1032, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000e4c000)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0) write$sndseq(r1, &(0x7f0000011fd2), 0x0) mount(&(0x7f0000000100)='./control\x00', &(0x7f0000000640)='./control/file0\x00', &(0x7f0000000140)='proc\x00', 0x0, &(0x7f00000001c0)) lchown(&(0x7f0000000040)='./control/file0\x00', 0x0, 0x0) close(r0) 20:42:34 executing program 1: mkdir(&(0x7f000082f000)='./control\x00', 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x1032, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000e4c000)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}}) r1 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0) write$sndseq(r1, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) mount(&(0x7f0000000100)='./control\x00', &(0x7f0000000640)='./control/file0\x00', &(0x7f0000000140)='proc\x00', 0x0, &(0x7f00000001c0)) lchown(&(0x7f0000000040)='./control/file0\x00', 0x0, 0x0) close(r0) 20:42:34 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e23, @broadcast}, 0x10) sendto$inet(r0, &(0x7f0000a88f88), 0xfffffffffffffe6e, 0x20000000, &(0x7f0000e68000)={0x2, 0x4004e23, @local}, 0x10) shutdown(0xffffffffffffffff, 0x1) 20:42:34 executing program 6: r0 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x800) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000008fd0)={0x4, 0x0, &(0x7f0000003fe8)=[@register_looper], 0x0, 0x0, &(0x7f0000009000)}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f000000dfd0)={0x0, 0x0, &(0x7f000000dfac), 0x1, 0x0, &(0x7f000000df36)="12"}) [ 156.140855] binder: undelivered TRANSACTION_ERROR: 29189 20:42:35 executing program 0 (fault-call:2 fault-nth:0): r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCSIFADDR(r0, 0x8916, &(0x7f00000000c0)={'bond_slave_0\x00'}) ioctl$sock_inet_SIOCSIFADDR(r0, 0x8916, &(0x7f0000000000)={'bond_slave_0\x00', {0x2, 0x0, @local}}) 20:42:35 executing program 6: r0 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x800) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000008fd0)={0x4, 0x0, &(0x7f0000003fe8)=[@register_looper], 0x0, 0x0, &(0x7f0000009000)}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f000000dfd0)={0x0, 0x0, &(0x7f000000dfac), 0x1, 0x0, &(0x7f000000df36)="12"}) 20:42:35 executing program 2: preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000080)=""/148, 0x289}], 0x1, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/arp\x00') preadv(r0, &(0x7f0000000480), 0x10000000000002a1, 0x10400003) ioctl$TUNGETSNDBUF(0xffffffffffffffff, 0x800454d3, &(0x7f0000000000)) ioctl$PERF_EVENT_IOC_RESET(0xffffffffffffffff, 0x2403, 0x5) fcntl$setown(r0, 0x8, 0x0) r1 = epoll_create1(0x80006) r2 = socket(0x1d, 0x0, 0x1116) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r2, &(0x7f0000000000)={0xfffffffe8000201f}) setsockopt$inet_udp_int(r2, 0x11, 0x6f, &(0x7f0000000100)=0x7, 0x4) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r1, &(0x7f0000000540)={0x20000003}) ioctl$sock_netdev_private(r3, 0x89f0, &(0x7f0000000480)="dd6c4aae95babf1ba2cec8b824c3d8fd5e5e2a57f332e1c96456a1d00ea4ce51a18b3bfae24dc491ada880e92ffe5376d59852e5ee1b2cde661cadfb31d0a597bb36b5180ca4958e224ea71a6b099d1592d459f4f498fce378ebf9ec4774f407b189a23bfebadf74943b2858f72fd422c838df1af095ff") ioctl$BLKSECDISCARD(r3, 0x127d, &(0x7f0000000300)=0x6bb) r5 = perf_event_open(&(0x7f0000000140)={0x2, 0xb1, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) fcntl$getown(r5, 0x9) r6 = mq_open(&(0x7f00005a1ffb)='eth0\x00', 0x42, 0x0, &(0x7f0000000000)={0x0, 0x6, 0x4}) mq_notify(r6, &(0x7f0000000140)={0x0, 0x2e, 0x1, @thr={&(0x7f0000000040)="7be4d6b00202ca53878499e01146863a2e7c8ca45e1910e5eba6453bb6f234b5a1b1bca731970a74bfc8e1793749ea18156c9b8a615bfa2f506fcf44060d36e38f66f111149434d5139e416358ea33f34b4507cdc299f7868d5f186e6bd604", &(0x7f00000000c0)="3c5d8da40d1477844fc4c160b6004a90edc520a6935a49cf5da4c2b525d13146ed27d429c762a4b0e9aaed82555cd1ae800d"}}) r7 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rtc0\x00', 0x101004, 0x0) preadv(r7, &(0x7f0000000440)=[{&(0x7f0000000340)=""/249, 0xf9}], 0x1, 0x0) pipe2(&(0x7f0000000580)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) ioctl$SG_GET_PACK_ID(r8, 0x227c, &(0x7f00000005c0)) ppoll(&(0x7f00000001c0)=[{r6, 0x8000}, {r7, 0x420}], 0x2, &(0x7f0000000200)={0x77359400}, &(0x7f0000000240)={0x9}, 0x8) mq_timedsend(r6, &(0x7f00000e6000), 0x0, 0xe7, &(0x7f0000e0b000)) getsockopt$inet_udp_int(r3, 0x11, 0x1, &(0x7f0000000280), &(0x7f0000000640)=0x4) write$eventfd(r4, &(0x7f00000002c0)=0x43, 0x8) setsockopt$inet_mreq(r2, 0x0, 0x23, &(0x7f0000000500)={@local, @rand_addr=0x800}, 0x8) 20:42:35 executing program 7: r0 = syz_open_dev$binder(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x0, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000000c0)={0x4, 0x0, &(0x7f0000000100)=[@register_looper], 0x1, 0x6c000000, &(0x7f0000000280)='\b'}) r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000008fd0)={0x4c, 0x0, &(0x7f0000000140)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000100)}}}], 0x0, 0x0, &(0x7f0000fedffe)}) 20:42:35 executing program 1: preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000080)=""/148, 0x289}], 0x1, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/arp\x00') preadv(r0, &(0x7f0000000480), 0x10000000000002a1, 0x10400003) ioctl$TUNGETSNDBUF(0xffffffffffffffff, 0x800454d3, &(0x7f0000000000)) ioctl$PERF_EVENT_IOC_RESET(0xffffffffffffffff, 0x2403, 0x5) fcntl$setown(r0, 0x8, 0x0) r1 = epoll_create1(0x80006) r2 = socket(0x1d, 0x0, 0x1116) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r2, &(0x7f0000000000)={0xfffffffe8000201f}) setsockopt$inet_udp_int(r2, 0x11, 0x6f, &(0x7f0000000100)=0x7, 0x4) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r1, &(0x7f0000000540)={0x20000003}) ioctl$sock_netdev_private(r3, 0x89f0, &(0x7f0000000480)="dd6c4aae95babf1ba2cec8b824c3d8fd5e5e2a57f332e1c96456a1d00ea4ce51a18b3bfae24dc491ada880e92ffe5376d59852e5ee1b2cde661cadfb31d0a597bb36b5180ca4958e224ea71a6b099d1592d459f4f498fce378ebf9ec4774f407b189a23bfebadf74943b2858f72fd422c838df1af095ff") ioctl$BLKSECDISCARD(r3, 0x127d, &(0x7f0000000300)=0x6bb) r5 = perf_event_open(&(0x7f0000000140)={0x2, 0xb1, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) fcntl$getown(r5, 0x9) r6 = mq_open(&(0x7f00005a1ffb)='eth0\x00', 0x42, 0x0, &(0x7f0000000000)={0x0, 0x6, 0x4}) mq_notify(r6, &(0x7f0000000140)={0x0, 0x2e, 0x1, @thr={&(0x7f0000000040)="7be4d6b00202ca53878499e01146863a2e7c8ca45e1910e5eba6453bb6f234b5a1b1bca731970a74bfc8e1793749ea18156c9b8a615bfa2f506fcf44060d36e38f66f111149434d5139e416358ea33f34b4507cdc299f7868d5f186e6bd604", &(0x7f00000000c0)="3c5d8da40d1477844fc4c160b6004a90edc520a6935a49cf5da4c2b525d13146ed27d429c762a4b0e9aaed82555cd1ae800d"}}) r7 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rtc0\x00', 0x101004, 0x0) preadv(r7, &(0x7f0000000440)=[{&(0x7f0000000340)=""/249, 0xf9}], 0x1, 0x0) pipe2(&(0x7f0000000580)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) ioctl$SG_GET_PACK_ID(r8, 0x227c, &(0x7f00000005c0)) ppoll(&(0x7f00000001c0)=[{r6, 0x8000}, {r7, 0x420}], 0x2, &(0x7f0000000200)={0x77359400}, &(0x7f0000000240)={0x9}, 0x8) mq_timedsend(r6, &(0x7f00000e6000), 0x0, 0xe7, &(0x7f0000e0b000)) getsockopt$inet_udp_int(r3, 0x11, 0x1, &(0x7f0000000280), &(0x7f0000000640)=0x4) write$eventfd(r4, &(0x7f00000002c0)=0x43, 0x8) setsockopt$inet_mreq(r2, 0x0, 0x23, &(0x7f0000000500)={@local, @rand_addr=0x800}, 0x8) syz_genetlink_get_family_id$team(&(0x7f0000000780)='team\x00') 20:42:35 executing program 6: r0 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x800) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000008fd0)={0x4, 0x0, &(0x7f0000003fe8)=[@register_looper], 0x0, 0x0, &(0x7f0000009000)}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f000000dfd0)={0x0, 0x0, &(0x7f000000dfac), 0x1, 0x0, &(0x7f000000df36)="12"}) [ 156.314454] binder: 8753:8756 ERROR: BC_REGISTER_LOOPER called without request [ 156.335662] FAULT_INJECTION: forcing a failure. [ 156.335662] name failslab, interval 1, probability 0, space 0, times 1 [ 156.346981] CPU: 0 PID: 8760 Comm: syz-executor0 Not tainted 4.18.0-rc5-next-20180720+ #12 [ 156.355388] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 156.364757] Call Trace: [ 156.367355] dump_stack+0x1c9/0x2b4 [ 156.370987] ? dump_stack_print_info.cold.2+0x52/0x52 [ 156.376196] ? __mutex_lock+0x6c4/0x1680 [ 156.380270] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 156.385300] should_fail.cold.4+0xa/0x11 [ 156.389376] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 156.394496] ? alloc_set_pte+0xaf6/0x1790 [ 156.398656] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 156.403686] ? trace_hardirqs_on+0x10/0x10 [ 156.407924] ? xa_set_tag+0x40/0x40 [ 156.411551] ? environ_open+0x90/0x90 [ 156.415366] ? lock_acquire+0x1e4/0x540 [ 156.419345] ? fs_reclaim_acquire+0x20/0x20 [ 156.423666] ? lock_downgrade+0x8f0/0x8f0 [ 156.427827] ? check_same_owner+0x340/0x340 [ 156.432176] ? lock_downgrade+0x8f0/0x8f0 [ 156.436338] ? rcu_note_context_switch+0x730/0x730 [ 156.441278] __should_failslab+0x124/0x180 [ 156.445532] should_failslab+0x9/0x14 [ 156.449354] kmem_cache_alloc_trace+0x2cb/0x780 [ 156.454049] ? full_name_hash+0xc0/0x100 [ 156.458146] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 20:42:35 executing program 5: mkdir(&(0x7f000082f000)='./control\x00', 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x1032, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000e4c000)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0) write$sndseq(r1, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) mount(&(0x7f0000000100)='./control\x00', &(0x7f0000000640)='./control/file0\x00', &(0x7f0000000140)='proc\x00', 0x0, &(0x7f00000001c0)) lchown(&(0x7f0000000040)='./control/file0\x00', 0x0, 0x0) close(0xffffffffffffffff) 20:42:35 executing program 6: r0 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x800) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008fd0)={0x0, 0x0, &(0x7f0000003fe8), 0x0, 0x0, &(0x7f0000009000)}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f000000dfd0)={0x0, 0x0, &(0x7f000000dfac), 0x1, 0x0, &(0x7f000000df36)="12"}) [ 156.463709] devinet_ioctl+0xe9a/0x1d90 [ 156.467708] ? inet_ifa_byprefix+0x240/0x240 [ 156.472159] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 156.477727] inet_ioctl+0x18b/0x360 [ 156.481396] ? inet_stream_connect+0xa0/0xa0 [ 156.485841] ? _parse_integer+0x190/0x190 [ 156.490014] ? lock_release+0xa30/0xa30 [ 156.494011] ? check_same_owner+0x340/0x340 [ 156.498354] ? __check_object_size+0xa3/0x5d7 [ 156.502877] sock_do_ioctl+0xe4/0x3e0 [ 156.506698] ? __fget+0x4ac/0x740 [ 156.510173] ? compat_ifr_data_ioctl+0x170/0x170 20:42:35 executing program 6: r0 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x800) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008fd0)={0x0, 0x0, &(0x7f0000003fe8), 0x0, 0x0, &(0x7f0000009000)}) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f000000dfd0)={0x0, 0x0, &(0x7f000000dfac), 0x1, 0x0, &(0x7f000000df36)="12"}) [ 156.514946] ? lock_release+0xa30/0xa30 [ 156.518942] ? pid_task+0x115/0x200 [ 156.521651] binder: 8765:8766 ioctl c0306201 2000dfd0 returned -11 [ 156.522598] ? find_vpid+0xf0/0xf0 [ 156.522616] ? __f_unlock_pos+0x19/0x20 [ 156.522640] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 156.522656] sock_ioctl+0x30d/0x680 [ 156.522667] ? dlci_ioctl_set+0x40/0x40 [ 156.522684] ? ksys_dup3+0x690/0x690 [ 156.553002] ? kasan_check_write+0x14/0x20 [ 156.557250] ? __mutex_unlock_slowpath+0x197/0x8c0 [ 156.562198] ? fsnotify+0xbac/0x14e0 20:42:35 executing program 6: r0 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x800) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008fd0)={0x0, 0x0, &(0x7f0000003fe8), 0x0, 0x0, &(0x7f0000009000)}) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f000000dfd0)={0x0, 0x0, &(0x7f000000dfac), 0x1, 0x0, &(0x7f000000df36)="12"}) [ 156.565933] ? vfs_write+0x2f3/0x560 [ 156.569670] ? dlci_ioctl_set+0x40/0x40 [ 156.573670] do_vfs_ioctl+0x1de/0x1720 [ 156.577574] ? fsnotify_first_mark+0x350/0x350 [ 156.582173] ? __fsnotify_parent+0xcc/0x420 [ 156.586543] ? ioctl_preallocate+0x300/0x300 [ 156.590962] ? __fget_light+0x2f7/0x440 [ 156.594950] ? fget_raw+0x20/0x20 [ 156.598426] ? __sb_end_write+0xac/0xe0 [ 156.602423] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 156.607987] ? fput+0x130/0x1a0 [ 156.611343] ? ksys_write+0x1ae/0x260 20:42:35 executing program 6: r0 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x800) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008fd0)={0x0, 0x0, &(0x7f0000003fe8), 0x0, 0x0, &(0x7f0000009000)}) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f000000dfd0)={0x0, 0x0, &(0x7f000000dfac), 0x1, 0x0, &(0x7f000000df36)="12"}) [ 156.615175] ? security_file_ioctl+0x94/0xc0 [ 156.619601] ksys_ioctl+0xa9/0xd0 [ 156.623073] __x64_sys_ioctl+0x73/0xb0 [ 156.626981] do_syscall_64+0x1b9/0x820 [ 156.630886] ? finish_task_switch+0x1d3/0x870 [ 156.635405] ? syscall_return_slowpath+0x5e0/0x5e0 [ 156.640354] ? syscall_return_slowpath+0x31d/0x5e0 [ 156.645301] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 156.650322] ? prepare_exit_to_usermode+0x291/0x3b0 [ 156.655345] ? perf_trace_sys_enter+0xb10/0xb10 [ 156.660030] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 156.664918] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 156.670140] RIP: 0033:0x455ab9 [ 156.673335] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 156.692602] RSP: 002b:00007f2865266c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 156.700334] RAX: ffffffffffffffda RBX: 00007f28652676d4 RCX: 0000000000455ab9 [ 156.707620] RDX: 0000000020000000 RSI: 0000000000008916 RDI: 0000000000000013 [ 156.714897] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 156.722163] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000014 [ 156.729424] R13: 00000000004bfc03 R14: 00000000004cf4d8 R15: 0000000000000000 20:42:35 executing program 4: preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000080)=""/148, 0x289}], 0x1, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/arp\x00') preadv(r0, &(0x7f0000000480), 0x10000000000002a1, 0x10400003) ioctl$TUNGETSNDBUF(0xffffffffffffffff, 0x800454d3, &(0x7f0000000000)) ioctl$PERF_EVENT_IOC_RESET(0xffffffffffffffff, 0x2403, 0x5) fcntl$setown(r0, 0x8, 0x0) r1 = epoll_create1(0x80006) r2 = socket(0x1d, 0x0, 0x1116) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r2, &(0x7f0000000000)={0xfffffffe8000201f}) setsockopt$inet_udp_int(r2, 0x11, 0x6f, &(0x7f0000000100)=0x7, 0x4) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r1, &(0x7f0000000540)={0x20000003}) ioctl$sock_netdev_private(0xffffffffffffffff, 0x89f0, &(0x7f0000000480)="dd6c4aae95babf1ba2cec8b824c3d8fd5e5e2a57f332e1c96456a1d00ea4ce51a18b3bfae24dc491ada880e92ffe5376d59852e5ee1b2cde661cadfb31d0a597bb36b5180ca4958e224ea71a6b099d1592d459f4f498fce378ebf9ec4774f407b189a23bfebadf74943b2858f72fd422c838df1af095ff") ioctl$BLKSECDISCARD(0xffffffffffffffff, 0x127d, &(0x7f0000000300)=0x6bb) r3 = perf_event_open(&(0x7f0000000140)={0x2, 0xb1, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) fcntl$getown(r3, 0x9) r4 = mq_open(&(0x7f00005a1ffb)='eth0\x00', 0x42, 0x0, &(0x7f0000000000)={0x0, 0x6, 0x4}) mq_notify(r4, &(0x7f0000000140)={0x0, 0x2e, 0x1, @thr={&(0x7f0000000040)="7be4d6b00202ca53878499e01146863a2e7c8ca45e1910e5eba6453bb6f234b5a1b1bca731970a74bfc8e1793749ea18156c9b8a615bfa2f506fcf44060d36e38f66f111149434d5139e416358ea33f34b4507cdc299f7868d5f186e6bd604", &(0x7f00000000c0)="3c5d8da40d1477844fc4c160b6004a90edc520a6935a49cf5da4c2b525d13146ed27d429c762a4b0e9aaed82555cd1ae800d"}}) r5 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rtc0\x00', 0x101004, 0x0) preadv(r5, &(0x7f0000000440)=[{&(0x7f0000000340)=""/249, 0xf9}], 0x1, 0x0) pipe2(&(0x7f0000000580)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) ioctl$SG_GET_PACK_ID(r6, 0x227c, &(0x7f00000005c0)) ppoll(&(0x7f00000001c0)=[{r4, 0x8000}, {r5, 0x420}], 0x2, &(0x7f0000000200)={0x77359400}, &(0x7f0000000240)={0x9}, 0x8) mq_timedsend(r4, &(0x7f00000e6000), 0x0, 0xe7, &(0x7f0000e0b000)) getsockopt$inet_udp_int(0xffffffffffffffff, 0x11, 0x1, &(0x7f0000000280), &(0x7f0000000640)=0x4) write$eventfd(0xffffffffffffffff, &(0x7f00000002c0)=0x43, 0x8) setsockopt$inet_mreq(r2, 0x0, 0x23, &(0x7f0000000500)={@local, @rand_addr=0x800}, 0x8) syz_genetlink_get_family_id$team(&(0x7f0000000780)='team\x00') 20:42:35 executing program 6: r0 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x800) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008fd0)={0x0, 0x0, &(0x7f0000003fe8), 0x0, 0x0, &(0x7f0000009000)}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f000000dfd0)={0x0, 0x0, &(0x7f000000dfac), 0x0, 0x0, &(0x7f000000df36)}) 20:42:35 executing program 0 (fault-call:2 fault-nth:1): r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCSIFADDR(r0, 0x8916, &(0x7f00000000c0)={'bond_slave_0\x00'}) ioctl$sock_inet_SIOCSIFADDR(r0, 0x8916, &(0x7f0000000000)={'bond_slave_0\x00', {0x2, 0x0, @local}}) 20:42:35 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e23, @broadcast}, 0x10) sendto$inet(r0, &(0x7f0000a88f88), 0xfffffffffffffe6e, 0x20000000, &(0x7f0000e68000)={0x2, 0x4004e23, @local}, 0x10) shutdown(0xffffffffffffffff, 0x1) [ 157.096696] FAULT_INJECTION: forcing a failure. [ 157.096696] name failslab, interval 1, probability 0, space 0, times 0 [ 157.108102] CPU: 1 PID: 8788 Comm: syz-executor0 Not tainted 4.18.0-rc5-next-20180720+ #12 [ 157.114051] binder_alloc: 8753: binder_alloc_buf, no vma [ 157.116562] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 157.116576] Call Trace: [ 157.116625] dump_stack+0x1c9/0x2b4 [ 157.116662] ? dump_stack_print_info.cold.2+0x52/0x52 [ 157.122152] binder: 8753:8791 transaction failed 29189/-3, size 0-0 line 2967 [ 157.131462] should_fail.cold.4+0xa/0x11 [ 157.131482] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 157.131503] ? need_to_create_worker+0x280/0x280 [ 157.164146] ? kasan_check_read+0x11/0x20 [ 157.168313] ? do_raw_spin_unlock+0xa7/0x2f0 [ 157.172729] ? insert_work+0x375/0x4f0 [ 157.176612] ? __queue_work+0x688/0x1410 [ 157.180673] ? lock_downgrade+0x8f0/0x8f0 [ 157.184823] ? workqueue_congested+0x3c0/0x3c0 [ 157.189439] ? kasan_check_read+0x11/0x20 [ 157.193609] ? do_raw_spin_unlock+0xa7/0x2f0 [ 157.198061] ? lock_acquire+0x1e4/0x540 [ 157.202091] ? fs_reclaim_acquire+0x20/0x20 [ 157.206436] ? lock_downgrade+0x8f0/0x8f0 [ 157.210584] ? __queue_work+0x68d/0x1410 [ 157.214650] ? check_same_owner+0x340/0x340 [ 157.219004] ? rcu_note_context_switch+0x730/0x730 [ 157.223941] __should_failslab+0x124/0x180 [ 157.228181] should_failslab+0x9/0x14 [ 157.231981] kmem_cache_alloc_node+0x272/0x780 [ 157.236412] binder: undelivered TRANSACTION_ERROR: 29189 [ 157.236560] ? check_same_owner+0x340/0x340 [ 157.246422] ? rcu_note_context_switch+0x730/0x730 [ 157.251357] __alloc_skb+0x119/0x770 [ 157.255079] ? lock_downgrade+0x8f0/0x8f0 [ 157.259217] ? notifier_call_chain+0x2da/0x390 [ 157.263822] ? skb_scrub_packet+0x490/0x490 [ 157.268143] ? wq_watchdog_reset_touched+0x180/0x180 [ 157.273240] ? __x64_sys_ioctl+0x73/0xb0 [ 157.277321] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 157.282730] ? __queue_delayed_work+0x255/0x390 [ 157.287412] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 157.292942] ? delayed_work_timer_fn+0x90/0x90 [ 157.297536] ? cancel_delayed_work_sync+0x20/0x20 [ 157.302371] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 157.307918] ? rtnl_is_locked+0xb5/0xf0 [ 157.311885] rtmsg_ifa+0xed/0x1e0 [ 157.315330] __inet_insert_ifa+0x844/0xba0 [ 157.319557] ? refcount_add_not_zero_checked+0x330/0x330 [ 157.325037] ? __inet_del_ifa+0xbd0/0xbd0 [ 157.329203] ? rtnl_is_locked+0xb5/0xf0 [ 157.333169] ? rtnl_trylock+0x20/0x20 [ 157.336978] devinet_ioctl+0x1460/0x1d90 [ 157.341038] ? inet_ifa_byprefix+0x240/0x240 [ 157.345451] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 157.350984] inet_ioctl+0x18b/0x360 [ 157.354607] ? inet_stream_connect+0xa0/0xa0 [ 157.359011] ? _parse_integer+0x190/0x190 [ 157.363150] ? lock_release+0xa30/0xa30 [ 157.367140] ? check_same_owner+0x340/0x340 [ 157.371475] ? __check_object_size+0xa3/0x5d7 [ 157.375983] sock_do_ioctl+0xe4/0x3e0 [ 157.379779] ? __fget+0x4ac/0x740 [ 157.383224] ? compat_ifr_data_ioctl+0x170/0x170 [ 157.387989] ? lock_release+0xa30/0xa30 [ 157.391955] ? pid_task+0x115/0x200 [ 157.395568] ? find_vpid+0xf0/0xf0 [ 157.399096] ? __f_unlock_pos+0x19/0x20 [ 157.403079] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 157.408294] sock_ioctl+0x30d/0x680 [ 157.411914] ? dlci_ioctl_set+0x40/0x40 [ 157.415874] ? ksys_dup3+0x690/0x690 [ 157.419587] ? kasan_check_write+0x14/0x20 [ 157.423809] ? __mutex_unlock_slowpath+0x197/0x8c0 [ 157.428761] ? fsnotify+0xbac/0x14e0 [ 157.432489] ? vfs_write+0x2f3/0x560 [ 157.436188] ? dlci_ioctl_set+0x40/0x40 [ 157.440212] do_vfs_ioctl+0x1de/0x1720 [ 157.444116] ? fsnotify_first_mark+0x350/0x350 [ 157.448685] ? __fsnotify_parent+0xcc/0x420 [ 157.452993] ? ioctl_preallocate+0x300/0x300 [ 157.457386] ? __fget_light+0x2f7/0x440 [ 157.461345] ? fget_raw+0x20/0x20 [ 157.464784] ? __sb_end_write+0xac/0xe0 [ 157.468746] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 157.474270] ? fput+0x130/0x1a0 [ 157.477539] ? ksys_write+0x1ae/0x260 [ 157.481344] ? security_file_ioctl+0x94/0xc0 [ 157.485739] ksys_ioctl+0xa9/0xd0 [ 157.489178] __x64_sys_ioctl+0x73/0xb0 [ 157.493078] do_syscall_64+0x1b9/0x820 [ 157.496955] ? finish_task_switch+0x1d3/0x870 [ 157.501439] ? syscall_return_slowpath+0x5e0/0x5e0 [ 157.506370] ? syscall_return_slowpath+0x31d/0x5e0 [ 157.511292] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 157.516318] ? prepare_exit_to_usermode+0x291/0x3b0 [ 157.521338] ? perf_trace_sys_enter+0xb10/0xb10 [ 157.526043] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 157.530898] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 157.536093] RIP: 0033:0x455ab9 [ 157.539265] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 157.558441] RSP: 002b:00007f2865266c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 157.566223] RAX: ffffffffffffffda RBX: 00007f28652676d4 RCX: 0000000000455ab9 [ 157.573490] RDX: 0000000020000000 RSI: 0000000000008916 RDI: 0000000000000013 [ 157.580745] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 157.588001] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000014 20:42:36 executing program 6: r0 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x800) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008fd0)={0x0, 0x0, &(0x7f0000003fe8), 0x0, 0x0, &(0x7f0000009000)}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f000000dfd0)={0x0, 0x0, &(0x7f000000dfac), 0x0, 0x0, &(0x7f000000df36)}) 20:42:36 executing program 7: r0 = syz_open_dev$binder(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x0, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000000c0)={0x4, 0x0, &(0x7f0000000100)=[@register_looper], 0x1, 0x6c000000, &(0x7f0000000280)='\b'}) r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000008fd0)={0x4c, 0x0, &(0x7f0000000140)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000100)}}}], 0x0, 0x0, &(0x7f0000fedffe)}) [ 157.595265] R13: 00000000004bfc03 R14: 00000000004cf4d8 R15: 0000000000000001 20:42:36 executing program 2: preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000080)=""/148, 0x289}], 0x1, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/arp\x00') preadv(r0, &(0x7f0000000480), 0x10000000000002a1, 0x10400003) ioctl$TUNGETSNDBUF(0xffffffffffffffff, 0x800454d3, &(0x7f0000000000)) ioctl$PERF_EVENT_IOC_RESET(0xffffffffffffffff, 0x2403, 0x5) fcntl$setown(r0, 0x8, 0x0) r1 = epoll_create1(0x80006) r2 = socket(0x1d, 0x0, 0x1116) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r2, &(0x7f0000000000)={0xfffffffe8000201f}) setsockopt$inet_udp_int(r2, 0x11, 0x6f, &(0x7f0000000100)=0x7, 0x4) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r1, &(0x7f0000000540)={0x20000003}) ioctl$sock_netdev_private(r3, 0x89f0, &(0x7f0000000480)="dd6c4aae95babf1ba2cec8b824c3d8fd5e5e2a57f332e1c96456a1d00ea4ce51a18b3bfae24dc491ada880e92ffe5376d59852e5ee1b2cde661cadfb31d0a597bb36b5180ca4958e224ea71a6b099d1592d459f4f498fce378ebf9ec4774f407b189a23bfebadf74943b2858f72fd422c838df1af095ff") ioctl$BLKSECDISCARD(r3, 0x127d, &(0x7f0000000300)=0x6bb) r5 = perf_event_open(&(0x7f0000000140)={0x2, 0xb1, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) fcntl$getown(r5, 0x9) r6 = mq_open(&(0x7f00005a1ffb)='eth0\x00', 0x42, 0x0, &(0x7f0000000000)={0x0, 0x6, 0x4}) mq_notify(r6, &(0x7f0000000140)={0x0, 0x2e, 0x1, @thr={&(0x7f0000000040)="7be4d6b00202ca53878499e01146863a2e7c8ca45e1910e5eba6453bb6f234b5a1b1bca731970a74bfc8e1793749ea18156c9b8a615bfa2f506fcf44060d36e38f66f111149434d5139e416358ea33f34b4507cdc299f7868d5f186e6bd604", &(0x7f00000000c0)="3c5d8da40d1477844fc4c160b6004a90edc520a6935a49cf5da4c2b525d13146ed27d429c762a4b0e9aaed82555cd1ae800d"}}) r7 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rtc0\x00', 0x101004, 0x0) preadv(r7, &(0x7f0000000440)=[{&(0x7f0000000340)=""/249, 0xf9}], 0x1, 0x0) pipe2(&(0x7f0000000580)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) ioctl$SG_GET_PACK_ID(r8, 0x227c, &(0x7f00000005c0)) ppoll(&(0x7f00000001c0)=[{r6, 0x8000}, {r7, 0x420}], 0x2, &(0x7f0000000200)={0x77359400}, &(0x7f0000000240)={0x9}, 0x8) mq_timedsend(r6, &(0x7f00000e6000), 0x0, 0xe7, &(0x7f0000e0b000)) getsockopt$inet_udp_int(r3, 0x11, 0x1, &(0x7f0000000280), &(0x7f0000000640)=0x4) write$eventfd(r4, &(0x7f00000002c0)=0x43, 0x8) setsockopt$inet_mreq(r2, 0x0, 0x23, &(0x7f0000000500)={@local, @rand_addr=0x800}, 0x8) 20:42:36 executing program 0 (fault-call:2 fault-nth:2): r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCSIFADDR(r0, 0x8916, &(0x7f00000000c0)={'bond_slave_0\x00'}) ioctl$sock_inet_SIOCSIFADDR(r0, 0x8916, &(0x7f0000000000)={'bond_slave_0\x00', {0x2, 0x0, @local}}) 20:42:36 executing program 6: r0 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x800) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008fd0)={0x0, 0x0, &(0x7f0000003fe8), 0x0, 0x0, &(0x7f0000009000)}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f000000dfd0)={0x0, 0x0, &(0x7f000000dfac), 0x0, 0x0, &(0x7f000000df36)}) [ 157.658646] binder: 8801:8802 ERROR: BC_REGISTER_LOOPER called without request [ 157.737624] FAULT_INJECTION: forcing a failure. [ 157.737624] name failslab, interval 1, probability 0, space 0, times 0 [ 157.749107] CPU: 0 PID: 8805 Comm: syz-executor0 Not tainted 4.18.0-rc5-next-20180720+ #12 [ 157.757512] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 157.766883] Call Trace: [ 157.769499] dump_stack+0x1c9/0x2b4 [ 157.773152] ? dump_stack_print_info.cold.2+0x52/0x52 [ 157.778373] should_fail.cold.4+0xa/0x11 [ 157.782462] ? __kernel_text_address+0xd/0x40 20:42:36 executing program 1: preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000080)=""/148, 0x289}], 0x1, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/arp\x00') preadv(r0, &(0x7f0000000480), 0x10000000000002a1, 0x10400003) ioctl$TUNGETSNDBUF(0xffffffffffffffff, 0x800454d3, &(0x7f0000000000)) ioctl$PERF_EVENT_IOC_RESET(0xffffffffffffffff, 0x2403, 0x5) fcntl$setown(r0, 0x8, 0x0) r1 = epoll_create1(0x80006) r2 = socket(0x1d, 0x0, 0x1116) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r2, &(0x7f0000000000)={0xfffffffe8000201f}) setsockopt$inet_udp_int(r2, 0x11, 0x6f, &(0x7f0000000100)=0x7, 0x4) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r1, &(0x7f0000000540)={0x20000003}) ioctl$sock_netdev_private(r3, 0x89f0, &(0x7f0000000480)="dd6c4aae95babf1ba2cec8b824c3d8fd5e5e2a57f332e1c96456a1d00ea4ce51a18b3bfae24dc491ada880e92ffe5376d59852e5ee1b2cde661cadfb31d0a597bb36b5180ca4958e224ea71a6b099d1592d459f4f498fce378ebf9ec4774f407b189a23bfebadf74943b2858f72fd422c838df1af095ff") ioctl$BLKSECDISCARD(r3, 0x127d, &(0x7f0000000300)=0x6bb) r5 = perf_event_open(&(0x7f0000000140)={0x2, 0xb1, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) fcntl$getown(r5, 0x9) r6 = mq_open(&(0x7f00005a1ffb)='eth0\x00', 0x42, 0x0, &(0x7f0000000000)={0x0, 0x6, 0x4}) mq_notify(r6, &(0x7f0000000140)={0x0, 0x2e, 0x1, @thr={&(0x7f0000000040)="7be4d6b00202ca53878499e01146863a2e7c8ca45e1910e5eba6453bb6f234b5a1b1bca731970a74bfc8e1793749ea18156c9b8a615bfa2f506fcf44060d36e38f66f111149434d5139e416358ea33f34b4507cdc299f7868d5f186e6bd604", &(0x7f00000000c0)="3c5d8da40d1477844fc4c160b6004a90edc520a6935a49cf5da4c2b525d13146ed27d429c762a4b0e9aaed82555cd1ae800d"}}) r7 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rtc0\x00', 0x101004, 0x0) preadv(r7, &(0x7f0000000440)=[{&(0x7f0000000340)=""/249, 0xf9}], 0x1, 0x0) pipe2(&(0x7f0000000580)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) ioctl$SG_GET_PACK_ID(r8, 0x227c, &(0x7f00000005c0)) ppoll(&(0x7f00000001c0)=[{r6, 0x8000}, {r7, 0x420}], 0x2, &(0x7f0000000200)={0x77359400}, &(0x7f0000000240)={0x9}, 0x8) mq_timedsend(r6, &(0x7f00000e6000), 0x0, 0xe7, &(0x7f0000e0b000)) getsockopt$inet_udp_int(r3, 0x11, 0x1, &(0x7f0000000280), &(0x7f0000000640)=0x4) write$eventfd(r4, &(0x7f00000002c0)=0x43, 0x8) setsockopt$inet_mreq(r2, 0x0, 0x23, &(0x7f0000000500)={@local, @rand_addr=0x800}, 0x8) syz_genetlink_get_family_id$team(&(0x7f0000000780)='team\x00') [ 157.786985] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 157.792118] ? __save_stack_trace+0x8d/0xf0 [ 157.796469] ? save_stack+0xa9/0xd0 [ 157.800112] ? save_stack+0x43/0xd0 [ 157.803757] ? kasan_kmalloc+0xc4/0xe0 [ 157.807651] ? kasan_slab_alloc+0x12/0x20 [ 157.811789] ? kmem_cache_alloc_node+0x144/0x780 [ 157.816543] ? __alloc_skb+0x119/0x770 [ 157.820438] ? rtmsg_ifa+0xed/0x1e0 [ 157.824088] ? __inet_insert_ifa+0x844/0xba0 [ 157.828524] ? devinet_ioctl+0x1460/0x1d90 [ 157.832777] ? inet_ioctl+0x18b/0x360 [ 157.836599] ? sock_do_ioctl+0xe4/0x3e0 [ 157.840591] ? sock_ioctl+0x30d/0x680 [ 157.844414] ? do_vfs_ioctl+0x1de/0x1720 [ 157.848496] ? ksys_ioctl+0xa9/0xd0 [ 157.852158] ? __x64_sys_ioctl+0x73/0xb0 [ 157.856275] ? lock_acquire+0x1e4/0x540 [ 157.860266] ? fs_reclaim_acquire+0x20/0x20 [ 157.864615] ? lock_downgrade+0x8f0/0x8f0 [ 157.868768] ? do_raw_spin_unlock+0xa7/0x2f0 [ 157.873188] ? check_same_owner+0x340/0x340 [ 157.877523] ? lock_downgrade+0x8f0/0x8f0 [ 157.881680] ? rcu_note_context_switch+0x730/0x730 [ 157.886617] __should_failslab+0x124/0x180 [ 157.890877] should_failslab+0x9/0x14 [ 157.894694] kmem_cache_alloc_node_trace+0x26f/0x770 [ 157.899800] ? kasan_kmalloc+0xc4/0xe0 [ 157.903691] __kmalloc_node_track_caller+0x33/0x70 [ 157.908628] __kmalloc_reserve.isra.41+0x3a/0xe0 [ 157.913482] __alloc_skb+0x155/0x770 [ 157.917192] ? lock_downgrade+0x8f0/0x8f0 [ 157.921348] ? notifier_call_chain+0x2da/0x390 [ 157.925957] ? skb_scrub_packet+0x490/0x490 [ 157.930369] ? wq_watchdog_reset_touched+0x180/0x180 [ 157.935610] ? __x64_sys_ioctl+0x73/0xb0 [ 157.939681] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 157.945058] ? __queue_delayed_work+0x255/0x390 [ 157.949735] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 157.955289] ? delayed_work_timer_fn+0x90/0x90 [ 157.959866] ? cancel_delayed_work_sync+0x20/0x20 [ 157.964729] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 157.970277] ? rtnl_is_locked+0xb5/0xf0 [ 157.974258] rtmsg_ifa+0xed/0x1e0 [ 157.977703] __inet_insert_ifa+0x844/0xba0 [ 157.981927] ? refcount_add_not_zero_checked+0x330/0x330 [ 157.987366] ? __inet_del_ifa+0xbd0/0xbd0 [ 157.991516] ? rtnl_is_locked+0xb5/0xf0 [ 157.995495] ? rtnl_trylock+0x20/0x20 [ 157.999319] devinet_ioctl+0x1460/0x1d90 [ 158.003392] ? inet_ifa_byprefix+0x240/0x240 [ 158.007796] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 158.013328] inet_ioctl+0x18b/0x360 [ 158.016967] ? inet_stream_connect+0xa0/0xa0 [ 158.021376] ? _parse_integer+0x190/0x190 [ 158.025529] ? lock_release+0xa30/0xa30 [ 158.029516] ? check_same_owner+0x340/0x340 [ 158.033857] ? __check_object_size+0xa3/0x5d7 [ 158.038346] sock_do_ioctl+0xe4/0x3e0 [ 158.042138] ? __fget+0x4ac/0x740 [ 158.045583] ? compat_ifr_data_ioctl+0x170/0x170 [ 158.050334] ? lock_release+0xa30/0xa30 [ 158.054296] ? pid_task+0x115/0x200 [ 158.057912] ? find_vpid+0xf0/0xf0 [ 158.061437] ? __f_unlock_pos+0x19/0x20 [ 158.065402] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 158.070580] sock_ioctl+0x30d/0x680 [ 158.074192] ? dlci_ioctl_set+0x40/0x40 [ 158.078165] ? ksys_dup3+0x690/0x690 [ 158.081883] ? kasan_check_write+0x14/0x20 [ 158.086105] ? __mutex_unlock_slowpath+0x197/0x8c0 [ 158.091022] ? fsnotify+0xbac/0x14e0 [ 158.094724] ? vfs_write+0x2f3/0x560 [ 158.098425] ? dlci_ioctl_set+0x40/0x40 [ 158.102389] do_vfs_ioctl+0x1de/0x1720 [ 158.106289] ? fsnotify_first_mark+0x350/0x350 [ 158.110860] ? __fsnotify_parent+0xcc/0x420 [ 158.115174] ? ioctl_preallocate+0x300/0x300 [ 158.119594] ? __fget_light+0x2f7/0x440 [ 158.123557] ? fget_raw+0x20/0x20 [ 158.127001] ? __sb_end_write+0xac/0xe0 [ 158.130977] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 158.136554] ? fput+0x130/0x1a0 [ 158.139837] ? ksys_write+0x1ae/0x260 [ 158.143640] ? security_file_ioctl+0x94/0xc0 [ 158.148048] ksys_ioctl+0xa9/0xd0 [ 158.151521] __x64_sys_ioctl+0x73/0xb0 [ 158.155493] do_syscall_64+0x1b9/0x820 [ 158.159368] ? finish_task_switch+0x1d3/0x870 [ 158.163854] ? syscall_return_slowpath+0x5e0/0x5e0 [ 158.168784] ? syscall_return_slowpath+0x31d/0x5e0 [ 158.173699] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 158.178711] ? prepare_exit_to_usermode+0x291/0x3b0 [ 158.183724] ? perf_trace_sys_enter+0xb10/0xb10 [ 158.188393] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 158.193240] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 158.199831] RIP: 0033:0x455ab9 [ 158.203010] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 158.222188] RSP: 002b:00007f2865266c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 158.229887] RAX: ffffffffffffffda RBX: 00007f28652676d4 RCX: 0000000000455ab9 20:42:37 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e23, @broadcast}, 0x10) sendto$inet(r0, &(0x7f0000a88f88), 0xfffffffffffffe6e, 0x20000000, &(0x7f0000e68000)={0x2, 0x4004e23, @local}, 0x10) shutdown(0xffffffffffffffff, 0x1) 20:42:37 executing program 4: preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000080)=""/148, 0x289}], 0x1, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/arp\x00') preadv(r0, &(0x7f0000000480), 0x10000000000002a1, 0x10400003) ioctl$TUNGETSNDBUF(0xffffffffffffffff, 0x800454d3, &(0x7f0000000000)) ioctl$PERF_EVENT_IOC_RESET(0xffffffffffffffff, 0x2403, 0x5) fcntl$setown(r0, 0x8, 0x0) r1 = epoll_create1(0x80006) r2 = socket(0x1d, 0x0, 0x1116) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r2, &(0x7f0000000000)={0xfffffffe8000201f}) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r1, &(0x7f0000000540)={0x20000003}) ioctl$sock_netdev_private(r3, 0x89f0, &(0x7f0000000480)="dd6c4aae95babf1ba2cec8b824c3d8fd5e5e2a57f332e1c96456a1d00ea4ce51a18b3bfae24dc491ada880e92ffe5376d59852e5ee1b2cde661cadfb31d0a597bb36b5180ca4958e224ea71a6b099d1592d459f4f498fce378ebf9ec4774f407b189a23bfebadf74943b2858f72fd422c838df1af095ff") ioctl$BLKSECDISCARD(r3, 0x127d, &(0x7f0000000300)=0x6bb) r5 = perf_event_open(&(0x7f0000000140)={0x2, 0xb1, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) fcntl$getown(r5, 0x9) r6 = mq_open(&(0x7f00005a1ffb)='eth0\x00', 0x42, 0x0, &(0x7f0000000000)={0x0, 0x6, 0x4}) mq_notify(r6, &(0x7f0000000140)={0x0, 0x2e, 0x1, @thr={&(0x7f0000000040)="7be4d6b00202ca53878499e01146863a2e7c8ca45e1910e5eba6453bb6f234b5a1b1bca731970a74bfc8e1793749ea18156c9b8a615bfa2f506fcf44060d36e38f66f111149434d5139e416358ea33f34b4507cdc299f7868d5f186e6bd604", &(0x7f00000000c0)="3c5d8da40d1477844fc4c160b6004a90edc520a6935a49cf5da4c2b525d13146ed27d429c762a4b0e9aaed82555cd1ae800d"}}) r7 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rtc0\x00', 0x101004, 0x0) preadv(r7, &(0x7f0000000440)=[{&(0x7f0000000340)=""/249, 0xf9}], 0x1, 0x0) pipe2(&(0x7f0000000580)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) ioctl$SG_GET_PACK_ID(r8, 0x227c, &(0x7f00000005c0)) ppoll(&(0x7f00000001c0)=[{r6, 0x8000}, {r7, 0x420}], 0x2, &(0x7f0000000200)={0x77359400}, &(0x7f0000000240)={0x9}, 0x8) mq_timedsend(r6, &(0x7f00000e6000), 0x0, 0xe7, &(0x7f0000e0b000)) getsockopt$inet_udp_int(r3, 0x11, 0x1, &(0x7f0000000280), &(0x7f0000000640)=0x4) write$eventfd(r4, &(0x7f00000002c0)=0x43, 0x8) setsockopt$inet_mreq(r2, 0x0, 0x23, &(0x7f0000000500)={@local, @rand_addr=0x800}, 0x8) syz_genetlink_get_family_id$team(&(0x7f0000000780)='team\x00') 20:42:37 executing program 0 (fault-call:2 fault-nth:3): r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCSIFADDR(r0, 0x8916, &(0x7f00000000c0)={'bond_slave_0\x00'}) ioctl$sock_inet_SIOCSIFADDR(r0, 0x8916, &(0x7f0000000000)={'bond_slave_0\x00', {0x2, 0x0, @local}}) [ 158.237145] RDX: 0000000020000000 RSI: 0000000000008916 RDI: 0000000000000013 [ 158.244401] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 158.251761] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000014 [ 158.259030] R13: 00000000004bfc03 R14: 00000000004cf4d8 R15: 0000000000000002 [ 158.344520] FAULT_INJECTION: forcing a failure. [ 158.344520] name failslab, interval 1, probability 0, space 0, times 0 [ 158.355827] CPU: 0 PID: 8827 Comm: syz-executor0 Not tainted 4.18.0-rc5-next-20180720+ #12 [ 158.364223] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 158.373574] Call Trace: [ 158.376170] dump_stack+0x1c9/0x2b4 [ 158.379804] ? dump_stack_print_info.cold.2+0x52/0x52 [ 158.384993] ? kasan_slab_free+0xe/0x10 [ 158.388971] ? kmem_cache_free+0x86/0x2d0 [ 158.393126] ? kfree_skbmem+0x154/0x230 [ 158.397113] ? consume_skb+0x19b/0x560 [ 158.401007] ? nlmsg_notify+0xa0/0x1a0 [ 158.404903] should_fail.cold.4+0xa/0x11 [ 158.408953] ? __x64_sys_ioctl+0x73/0xb0 [ 158.413038] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 158.418151] ? kasan_check_write+0x14/0x20 [ 158.422396] ? do_raw_spin_lock+0xc1/0x200 [ 158.426642] ? trace_hardirqs_off+0xd/0x10 [ 158.430878] ? _raw_spin_unlock_irqrestore+0x63/0xc0 [ 158.436000] ? trace_hardirqs_on+0x10/0x10 [ 158.440266] ? lock_acquire+0x1e4/0x540 [ 158.444260] ? __wake_up_common_lock+0x1d0/0x330 [ 158.449022] ? lock_downgrade+0x8f0/0x8f0 [ 158.453179] ? kasan_check_read+0x11/0x20 [ 158.457342] ? do_raw_spin_unlock+0xa7/0x2f0 [ 158.458247] binder_alloc: 8801: binder_alloc_buf, no vma [ 158.461770] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 158.461795] ? kasan_check_write+0x14/0x20 [ 158.461809] ? do_raw_spin_lock+0xc1/0x200 [ 158.461826] ? trace_hardirqs_on+0xd/0x10 [ 158.461843] __should_failslab+0x124/0x180 [ 158.461857] should_failslab+0x9/0x14 [ 158.461893] kmem_cache_alloc_trace+0x4b/0x780 [ 158.467544] binder: 8801:8828 transaction failed 29189/-3, size 0-0 line 2967 [ 158.471966] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 158.471978] ? netlink_trim+0x1ba/0x380 [ 158.471994] addr_event.isra.13.part.14+0xd0/0x4f0 [ 158.472017] ? is_eth_active_slave_of_bonding_rcu.part.8+0x270/0x270 [ 158.524988] ? lock_acquire+0x1e4/0x540 [ 158.528960] ? blocking_notifier_call_chain+0x129/0x190 [ 158.534317] inetaddr_event+0x1a2/0x230 [ 158.538281] ? lock_release+0xa30/0xa30 [ 158.542254] ? inet6addr_event+0x220/0x220 [ 158.546494] ? rcu_note_context_switch+0x730/0x730 [ 158.551431] notifier_call_chain+0x180/0x390 [ 158.555850] ? unregister_die_notifier+0x20/0x20 [ 158.560600] ? __x64_sys_ioctl+0x73/0xb0 [ 158.564658] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 158.570032] blocking_notifier_call_chain+0x147/0x190 [ 158.575234] ? srcu_init_notifier_head+0xa0/0xa0 [ 158.578957] binder: undelivered TRANSACTION_ERROR: 29189 [ 158.580001] ? rtmsg_ifa+0x14e/0x1e0 [ 158.580019] __inet_insert_ifa+0x858/0xba0 20:42:37 executing program 7: r0 = syz_open_dev$binder(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x0, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000000c0)={0x4, 0x0, &(0x7f0000000100)=[@register_looper], 0x1, 0x6c000000, &(0x7f0000000280)='\b'}) r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000008fd0)={0x4c, 0x0, &(0x7f0000000140)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000100)}}}], 0x0, 0x0, &(0x7f0000fedffe)}) [ 158.580040] ? refcount_add_not_zero_checked+0x330/0x330 [ 158.580052] ? __inet_del_ifa+0xbd0/0xbd0 [ 158.580072] ? rtnl_is_locked+0xb5/0xf0 [ 158.607156] ? rtnl_trylock+0x20/0x20 [ 158.610996] devinet_ioctl+0x1460/0x1d90 [ 158.615083] ? inet_ifa_byprefix+0x240/0x240 [ 158.619521] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 158.620464] binder: 8830:8831 ERROR: BC_REGISTER_LOOPER called without request [ 158.625096] inet_ioctl+0x18b/0x360 [ 158.625112] ? inet_stream_connect+0xa0/0xa0 [ 158.625131] ? _parse_integer+0x190/0x190 [ 158.625147] ? lock_release+0xa30/0xa30 [ 158.625166] ? check_same_owner+0x340/0x340 [ 158.652949] ? __check_object_size+0xa3/0x5d7 [ 158.657451] sock_do_ioctl+0xe4/0x3e0 [ 158.661250] ? __fget+0x4ac/0x740 [ 158.664717] ? compat_ifr_data_ioctl+0x170/0x170 [ 158.669495] ? lock_release+0xa30/0xa30 [ 158.673496] ? pid_task+0x115/0x200 [ 158.677139] ? find_vpid+0xf0/0xf0 [ 158.680690] ? __f_unlock_pos+0x19/0x20 [ 158.684688] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 158.689882] sock_ioctl+0x30d/0x680 20:42:37 executing program 5: preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000080)=""/148, 0x289}], 0x1, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/arp\x00') preadv(r0, &(0x7f0000000480), 0x10000000000002a1, 0x10400003) ioctl$TUNGETSNDBUF(0xffffffffffffffff, 0x800454d3, &(0x7f0000000000)) ioctl$PERF_EVENT_IOC_RESET(0xffffffffffffffff, 0x2403, 0x5) fcntl$setown(r0, 0x8, 0x0) r1 = epoll_create1(0x80006) r2 = socket(0x1d, 0x0, 0x1116) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r2, &(0x7f0000000000)={0xfffffffe8000201f}) setsockopt$inet_udp_int(r2, 0x11, 0x6f, &(0x7f0000000100)=0x7, 0x4) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_netdev_private(r3, 0x89f0, &(0x7f0000000480)="dd6c4aae95babf1ba2cec8b824c3d8fd5e5e2a57f332e1c96456a1d00ea4ce51a18b3bfae24dc491ada880e92ffe5376d59852e5ee1b2cde661cadfb31d0a597bb36b5180ca4958e224ea71a6b099d1592d459f4f498fce378ebf9ec4774f407b189a23bfebadf74943b2858f72fd422c838df1af095ff") ioctl$BLKSECDISCARD(r3, 0x127d, &(0x7f0000000300)=0x6bb) r5 = perf_event_open(&(0x7f0000000140)={0x2, 0xb1, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) fcntl$getown(r5, 0x9) r6 = mq_open(&(0x7f00005a1ffb)='eth0\x00', 0x42, 0x0, &(0x7f0000000000)={0x0, 0x6, 0x4}) mq_notify(r6, &(0x7f0000000140)={0x0, 0x2e, 0x1, @thr={&(0x7f0000000040)="7be4d6b00202ca53878499e01146863a2e7c8ca45e1910e5eba6453bb6f234b5a1b1bca731970a74bfc8e1793749ea18156c9b8a615bfa2f506fcf44060d36e38f66f111149434d5139e416358ea33f34b4507cdc299f7868d5f186e6bd604", &(0x7f00000000c0)="3c5d8da40d1477844fc4c160b6004a90edc520a6935a49cf5da4c2b525d13146ed27d429c762a4b0e9aaed82555cd1ae800d"}}) r7 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rtc0\x00', 0x101004, 0x0) preadv(r7, &(0x7f0000000440)=[{&(0x7f0000000340)=""/249, 0xf9}], 0x1, 0x0) pipe2(&(0x7f0000000580)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) ioctl$SG_GET_PACK_ID(r8, 0x227c, &(0x7f00000005c0)) ppoll(&(0x7f00000001c0)=[{r6, 0x8000}, {r7, 0x420}], 0x2, &(0x7f0000000200)={0x77359400}, &(0x7f0000000240)={0x9}, 0x8) mq_timedsend(r6, &(0x7f00000e6000), 0x0, 0xe7, &(0x7f0000e0b000)) getsockopt$inet_udp_int(r3, 0x11, 0x1, &(0x7f0000000280), &(0x7f0000000640)=0x4) write$eventfd(r4, &(0x7f00000002c0)=0x43, 0x8) setsockopt$inet_mreq(r2, 0x0, 0x23, &(0x7f0000000500)={@local, @rand_addr=0x800}, 0x8) syz_genetlink_get_family_id$team(&(0x7f0000000780)='team\x00') 20:42:37 executing program 6: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f000095bffc)={0x0, 0x0, 0xfffffffffffffffc}, 0x4) r1 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r1, &(0x7f0000000100)={0xa, 0x0, 0x0, @dev, 0x4}, 0x1c) sendto$inet6(r1, &(0x7f0000000300), 0xfdb8, 0x0, &(0x7f00000000c0)={0xa, 0x4e23, 0x0, @ipv4={[], [], @multicast2}}, 0x1c) [ 158.693510] ? dlci_ioctl_set+0x40/0x40 [ 158.697472] ? ksys_dup3+0x690/0x690 [ 158.701181] ? kasan_check_write+0x14/0x20 [ 158.705419] ? __mutex_unlock_slowpath+0x197/0x8c0 [ 158.710354] ? fsnotify+0xbac/0x14e0 [ 158.714078] ? vfs_write+0x2f3/0x560 [ 158.717894] ? dlci_ioctl_set+0x40/0x40 [ 158.721883] do_vfs_ioctl+0x1de/0x1720 [ 158.725788] ? fsnotify_first_mark+0x350/0x350 [ 158.730384] ? __fsnotify_parent+0xcc/0x420 [ 158.734745] ? ioctl_preallocate+0x300/0x300 [ 158.739169] ? __fget_light+0x2f7/0x440 20:42:37 executing program 2: preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000080)=""/148, 0x289}], 0x1, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/arp\x00') preadv(r0, &(0x7f0000000480), 0x10000000000002a1, 0x10400003) ioctl$TUNGETSNDBUF(0xffffffffffffffff, 0x800454d3, &(0x7f0000000000)) ioctl$PERF_EVENT_IOC_RESET(0xffffffffffffffff, 0x2403, 0x5) fcntl$setown(r0, 0x8, 0x0) r1 = epoll_create1(0x80006) r2 = socket(0x1d, 0x0, 0x1116) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r2, &(0x7f0000000000)={0xfffffffe8000201f}) setsockopt$inet_udp_int(r2, 0x11, 0x6f, &(0x7f0000000100)=0x7, 0x4) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r1, &(0x7f0000000540)={0x20000003}) ioctl$sock_netdev_private(r3, 0x89f0, &(0x7f0000000480)="dd6c4aae95babf1ba2cec8b824c3d8fd5e5e2a57f332e1c96456a1d00ea4ce51a18b3bfae24dc491ada880e92ffe5376d59852e5ee1b2cde661cadfb31d0a597bb36b5180ca4958e224ea71a6b099d1592d459f4f498fce378ebf9ec4774f407b189a23bfebadf74943b2858f72fd422c838df1af095ff") ioctl$BLKSECDISCARD(r3, 0x127d, &(0x7f0000000300)=0x6bb) r5 = perf_event_open(&(0x7f0000000140)={0x2, 0xb1, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) fcntl$getown(r5, 0x9) r6 = mq_open(&(0x7f00005a1ffb)='eth0\x00', 0x42, 0x0, &(0x7f0000000000)={0x0, 0x6, 0x4}) mq_notify(r6, &(0x7f0000000140)={0x0, 0x2e, 0x1, @thr={&(0x7f0000000040)="7be4d6b00202ca53878499e01146863a2e7c8ca45e1910e5eba6453bb6f234b5a1b1bca731970a74bfc8e1793749ea18156c9b8a615bfa2f506fcf44060d36e38f66f111149434d5139e416358ea33f34b4507cdc299f7868d5f186e6bd604", &(0x7f00000000c0)="3c5d8da40d1477844fc4c160b6004a90edc520a6935a49cf5da4c2b525d13146ed27d429c762a4b0e9aaed82555cd1ae800d"}}) r7 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rtc0\x00', 0x101004, 0x0) preadv(r7, &(0x7f0000000440)=[{&(0x7f0000000340)=""/249, 0xf9}], 0x1, 0x0) pipe2(&(0x7f0000000580)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) ioctl$SG_GET_PACK_ID(r8, 0x227c, &(0x7f00000005c0)) ppoll(&(0x7f00000001c0)=[{r6, 0x8000}, {r7, 0x420}], 0x2, &(0x7f0000000200)={0x77359400}, &(0x7f0000000240)={0x9}, 0x8) mq_timedsend(r6, &(0x7f00000e6000), 0x0, 0xe7, &(0x7f0000e0b000)) getsockopt$inet_udp_int(r3, 0x11, 0x1, &(0x7f0000000280), &(0x7f0000000640)=0x4) write$eventfd(r4, &(0x7f00000002c0)=0x43, 0x8) setsockopt$inet_mreq(r2, 0x0, 0x23, &(0x7f0000000500)={@local, @rand_addr=0x800}, 0x8) [ 158.743194] ? fget_raw+0x20/0x20 [ 158.746668] ? __sb_end_write+0xac/0xe0 [ 158.750665] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 158.756238] ? fput+0x130/0x1a0 [ 158.759536] ? ksys_write+0x1ae/0x260 [ 158.763353] ? security_file_ioctl+0x94/0xc0 [ 158.767786] ksys_ioctl+0xa9/0xd0 [ 158.771236] __x64_sys_ioctl+0x73/0xb0 [ 158.775122] do_syscall_64+0x1b9/0x820 [ 158.779008] ? finish_task_switch+0x1d3/0x870 [ 158.783515] ? syscall_return_slowpath+0x5e0/0x5e0 [ 158.788463] ? syscall_return_slowpath+0x31d/0x5e0 [ 158.793408] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 158.798454] ? prepare_exit_to_usermode+0x291/0x3b0 [ 158.803504] ? perf_trace_sys_enter+0xb10/0xb10 [ 158.808197] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 158.813068] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 158.818268] RIP: 0033:0x455ab9 [ 158.821459] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 20:42:37 executing program 1: preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000080)=""/148, 0x289}], 0x1, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/arp\x00') preadv(r0, &(0x7f0000000480), 0x10000000000002a1, 0x10400003) ioctl$TUNGETSNDBUF(0xffffffffffffffff, 0x800454d3, &(0x7f0000000000)) ioctl$PERF_EVENT_IOC_RESET(0xffffffffffffffff, 0x2403, 0x5) fcntl$setown(r0, 0x8, 0x0) r1 = epoll_create1(0x80006) r2 = socket(0x1d, 0x0, 0x1116) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r2, &(0x7f0000000000)={0xfffffffe8000201f}) setsockopt$inet_udp_int(r2, 0x11, 0x6f, &(0x7f0000000100)=0x7, 0x4) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r1, &(0x7f0000000540)={0x20000003}) ioctl$sock_netdev_private(r3, 0x89f0, &(0x7f0000000480)="dd6c4aae95babf1ba2cec8b824c3d8fd5e5e2a57f332e1c96456a1d00ea4ce51a18b3bfae24dc491ada880e92ffe5376d59852e5ee1b2cde661cadfb31d0a597bb36b5180ca4958e224ea71a6b099d1592d459f4f498fce378ebf9ec4774f407b189a23bfebadf74943b2858f72fd422c838df1af095ff") ioctl$BLKSECDISCARD(r3, 0x127d, &(0x7f0000000300)=0x6bb) r5 = perf_event_open(&(0x7f0000000140)={0x2, 0xb1, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) fcntl$getown(r5, 0x9) r6 = mq_open(&(0x7f00005a1ffb)='eth0\x00', 0x42, 0x0, &(0x7f0000000000)={0x0, 0x6, 0x4}) mq_notify(r6, &(0x7f0000000140)={0x0, 0x2e, 0x1, @thr={&(0x7f0000000040)="7be4d6b00202ca53878499e01146863a2e7c8ca45e1910e5eba6453bb6f234b5a1b1bca731970a74bfc8e1793749ea18156c9b8a615bfa2f506fcf44060d36e38f66f111149434d5139e416358ea33f34b4507cdc299f7868d5f186e6bd604", &(0x7f00000000c0)="3c5d8da40d1477844fc4c160b6004a90edc520a6935a49cf5da4c2b525d13146ed27d429c762a4b0e9aaed82555cd1ae800d"}}) r7 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rtc0\x00', 0x101004, 0x0) preadv(r7, &(0x7f0000000440)=[{&(0x7f0000000340)=""/249, 0xf9}], 0x1, 0x0) pipe2(&(0x7f0000000580)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) ioctl$SG_GET_PACK_ID(r8, 0x227c, &(0x7f00000005c0)) ppoll(&(0x7f00000001c0)=[{r6, 0x8000}, {r7, 0x420}], 0x2, &(0x7f0000000200)={0x77359400}, &(0x7f0000000240)={0x9}, 0x8) mq_timedsend(r6, &(0x7f00000e6000), 0x0, 0xe7, &(0x7f0000e0b000)) getsockopt$inet_udp_int(r3, 0x11, 0x1, &(0x7f0000000280), &(0x7f0000000640)=0x4) write$eventfd(r4, &(0x7f00000002c0)=0x43, 0x8) setsockopt$inet_mreq(r2, 0x0, 0x23, &(0x7f0000000500)={@local, @rand_addr=0x800}, 0x8) syz_genetlink_get_family_id$team(&(0x7f0000000780)='team\x00') 20:42:37 executing program 0 (fault-call:2 fault-nth:4): r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCSIFADDR(r0, 0x8916, &(0x7f00000000c0)={'bond_slave_0\x00'}) ioctl$sock_inet_SIOCSIFADDR(r0, 0x8916, &(0x7f0000000000)={'bond_slave_0\x00', {0x2, 0x0, @local}}) [ 158.840807] RSP: 002b:00007f2865266c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 158.848528] RAX: ffffffffffffffda RBX: 00007f28652676d4 RCX: 0000000000455ab9 [ 158.855795] RDX: 0000000020000000 RSI: 0000000000008916 RDI: 0000000000000013 [ 158.863050] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 158.870315] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000014 [ 158.877587] R13: 00000000004bfc03 R14: 00000000004cf4d8 R15: 0000000000000003 20:42:37 executing program 6: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000500)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_ifreq(r0, 0x8932, &(0x7f0000000000)={'ip6gretap0\x00', @ifru_addrs=@rc}) [ 158.983732] FAULT_INJECTION: forcing a failure. [ 158.983732] name failslab, interval 1, probability 0, space 0, times 0 [ 158.995113] CPU: 1 PID: 8849 Comm: syz-executor0 Not tainted 4.18.0-rc5-next-20180720+ #12 [ 159.003522] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 159.012881] Call Trace: [ 159.015492] dump_stack+0x1c9/0x2b4 [ 159.019143] ? dump_stack_print_info.cold.2+0x52/0x52 [ 159.024346] ? trace_hardirqs_on+0x10/0x10 [ 159.028599] should_fail.cold.4+0xa/0x11 [ 159.032675] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 159.037781] ? enqueue_entity+0x34b/0x2130 [ 159.042041] ? x2apic_send_IPI+0xbf/0x110 [ 159.046192] ? native_smp_send_reschedule+0x68/0x90 [ 159.051213] ? resched_curr+0x10f/0x190 [ 159.055279] ? check_preempt_curr+0x22b/0x3a0 [ 159.059774] ? try_to_wake_up+0x10a/0x12b0 [ 159.064009] ? lock_acquire+0x1e4/0x540 [ 159.067992] ? fs_reclaim_acquire+0x20/0x20 [ 159.072319] ? lock_downgrade+0x8f0/0x8f0 [ 159.076470] ? check_same_owner+0x340/0x340 [ 159.080792] ? rcu_note_context_switch+0x730/0x730 [ 159.085735] ? _raw_spin_unlock_irqrestore+0x63/0xc0 [ 159.090854] __should_failslab+0x124/0x180 [ 159.095094] should_failslab+0x9/0x14 [ 159.098987] __kmalloc+0x2c8/0x760 [ 159.102529] ? migrate_swap_stop+0x850/0x850 [ 159.107303] ? fib_create_info+0x9b1/0x45e0 [ 159.111643] fib_create_info+0x9b1/0x45e0 [ 159.115828] ? lock_acquire+0x1e4/0x540 [ 159.119806] ? is_bpf_text_address+0xae/0x170 [ 159.124297] ? lock_release+0xa30/0xa30 [ 159.128274] ? trace_hardirqs_on+0x10/0x10 [ 159.132517] ? fib_info_update_nh_saddr+0x300/0x300 [ 159.137555] ? wake_up_process+0x10/0x20 [ 159.141614] ? wake_up_worker+0x117/0x190 [ 159.145766] ? need_to_create_worker+0x280/0x280 [ 159.150605] ? kasan_check_read+0x11/0x20 [ 159.154756] ? do_raw_spin_unlock+0xa7/0x2f0 [ 159.159160] ? insert_work+0x375/0x4f0 [ 159.163050] ? __queue_work+0x688/0x1410 [ 159.167121] ? lock_downgrade+0x8f0/0x8f0 [ 159.171275] ? workqueue_congested+0x3c0/0x3c0 [ 159.175869] ? kasan_check_read+0x11/0x20 [ 159.180028] ? do_raw_spin_unlock+0xa7/0x2f0 20:42:37 executing program 3: r0 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) bind$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x4e23, @broadcast}, 0x10) sendto$inet(0xffffffffffffffff, &(0x7f0000a88f88), 0xfffffffffffffe6e, 0x20000000, &(0x7f0000e68000)={0x2, 0x4004e23, @local}, 0x10) shutdown(r0, 0x1) [ 159.184431] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 159.189019] ? kasan_check_write+0x14/0x20 [ 159.193277] ? do_raw_spin_lock+0xc1/0x200 [ 159.197534] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 159.202568] ? fib_get_table+0x274/0x350 [ 159.206648] ? __queue_work+0x68d/0x1410 [ 159.210727] ? __fib_validate_source+0x1f10/0x1f10 [ 159.215764] fib_table_insert+0x1c1/0x17a0 [ 159.220022] ? fib_new_table+0xc0/0x490 [ 159.224016] ? fib_table_lookup+0x24a0/0x24a0 [ 159.228528] ? trace_hardirqs_on+0xd/0x10 20:42:37 executing program 4: preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000080)=""/148, 0x289}], 0x1, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/arp\x00') preadv(r0, &(0x7f0000000480), 0x10000000000002a1, 0x10400003) ioctl$TUNGETSNDBUF(0xffffffffffffffff, 0x800454d3, &(0x7f0000000000)) ioctl$PERF_EVENT_IOC_RESET(0xffffffffffffffff, 0x2403, 0x5) fcntl$setown(r0, 0x8, 0x0) r1 = epoll_create1(0x80006) r2 = socket(0x1d, 0x0, 0x1116) setsockopt$inet_udp_int(r2, 0x11, 0x6f, &(0x7f0000000100)=0x7, 0x4) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r1, &(0x7f0000000540)={0x20000003}) ioctl$sock_netdev_private(r3, 0x89f0, &(0x7f0000000480)="dd6c4aae95babf1ba2cec8b824c3d8fd5e5e2a57f332e1c96456a1d00ea4ce51a18b3bfae24dc491ada880e92ffe5376d59852e5ee1b2cde661cadfb31d0a597bb36b5180ca4958e224ea71a6b099d1592d459f4f498fce378ebf9ec4774f407b189a23bfebadf74943b2858f72fd422c838df1af095ff") ioctl$BLKSECDISCARD(r3, 0x127d, &(0x7f0000000300)=0x6bb) r5 = perf_event_open(&(0x7f0000000140)={0x2, 0xb1, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) fcntl$getown(r5, 0x9) r6 = mq_open(&(0x7f00005a1ffb)='eth0\x00', 0x42, 0x0, &(0x7f0000000000)={0x0, 0x6, 0x4}) mq_notify(r6, &(0x7f0000000140)={0x0, 0x2e, 0x1, @thr={&(0x7f0000000040)="7be4d6b00202ca53878499e01146863a2e7c8ca45e1910e5eba6453bb6f234b5a1b1bca731970a74bfc8e1793749ea18156c9b8a615bfa2f506fcf44060d36e38f66f111149434d5139e416358ea33f34b4507cdc299f7868d5f186e6bd604", &(0x7f00000000c0)="3c5d8da40d1477844fc4c160b6004a90edc520a6935a49cf5da4c2b525d13146ed27d429c762a4b0e9aaed82555cd1ae800d"}}) r7 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rtc0\x00', 0x101004, 0x0) preadv(r7, &(0x7f0000000440)=[{&(0x7f0000000340)=""/249, 0xf9}], 0x1, 0x0) pipe2(&(0x7f0000000580)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) ioctl$SG_GET_PACK_ID(r8, 0x227c, &(0x7f00000005c0)) ppoll(&(0x7f00000001c0)=[{r6, 0x8000}, {r7, 0x420}], 0x2, &(0x7f0000000200)={0x77359400}, &(0x7f0000000240)={0x9}, 0x8) mq_timedsend(r6, &(0x7f00000e6000), 0x0, 0xe7, &(0x7f0000e0b000)) getsockopt$inet_udp_int(r3, 0x11, 0x1, &(0x7f0000000280), &(0x7f0000000640)=0x4) write$eventfd(r4, &(0x7f00000002c0)=0x43, 0x8) setsockopt$inet_mreq(r2, 0x0, 0x23, &(0x7f0000000500)={@local, @rand_addr=0x800}, 0x8) syz_genetlink_get_family_id$team(&(0x7f0000000780)='team\x00') 20:42:37 executing program 3: r0 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) bind$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x4e23, @broadcast}, 0x10) sendto$inet(0xffffffffffffffff, &(0x7f0000a88f88), 0xfffffffffffffe6e, 0x20000000, &(0x7f0000e68000)={0x2, 0x4004e23, @local}, 0x10) shutdown(r0, 0x1) [ 159.232755] ? kasan_unpoison_shadow+0x35/0x50 [ 159.237353] ? kasan_kmalloc+0xc4/0xe0 [ 159.241259] fib_magic.isra.22+0x66b/0x890 [ 159.245508] ? fib_new_table+0x490/0x490 [ 159.249588] ? lock_acquire+0x1e4/0x540 [ 159.253578] ? blocking_notifier_call_chain+0x129/0x190 [ 159.258959] fib_add_ifaddr+0x17a/0x500 [ 159.262947] ? lock_release+0xa30/0xa30 [ 159.266943] fib_inetaddr_event+0x172/0x222 [ 159.271286] notifier_call_chain+0x180/0x390 [ 159.275718] ? unregister_die_notifier+0x20/0x20 [ 159.280488] ? __x64_sys_ioctl+0x73/0xb0 20:42:38 executing program 3: r0 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) bind$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x4e23, @broadcast}, 0x10) sendto$inet(0xffffffffffffffff, &(0x7f0000a88f88), 0xfffffffffffffe6e, 0x20000000, &(0x7f0000e68000)={0x2, 0x4004e23, @local}, 0x10) shutdown(r0, 0x1) 20:42:38 executing program 3: r0 = socket$inet(0x2, 0x0, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e23, @broadcast}, 0x10) sendto$inet(r0, &(0x7f0000a88f88), 0xfffffffffffffe6e, 0x20000000, &(0x7f0000e68000)={0x2, 0x4004e23, @local}, 0x10) shutdown(r1, 0x1) [ 159.284612] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 159.290048] blocking_notifier_call_chain+0x147/0x190 [ 159.295258] ? srcu_init_notifier_head+0xa0/0xa0 [ 159.300039] ? rtmsg_ifa+0x14e/0x1e0 [ 159.303773] __inet_insert_ifa+0x858/0xba0 [ 159.308029] ? refcount_add_not_zero_checked+0x330/0x330 [ 159.313496] ? __inet_del_ifa+0xbd0/0xbd0 [ 159.317664] ? rtnl_is_locked+0xb5/0xf0 [ 159.321661] ? rtnl_trylock+0x20/0x20 [ 159.325483] devinet_ioctl+0x1460/0x1d90 [ 159.329559] ? inet_ifa_byprefix+0x240/0x240 20:42:38 executing program 3: r0 = socket$inet(0x2, 0x0, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e23, @broadcast}, 0x10) sendto$inet(r0, &(0x7f0000a88f88), 0xfffffffffffffe6e, 0x20000000, &(0x7f0000e68000)={0x2, 0x4004e23, @local}, 0x10) shutdown(r1, 0x1) [ 159.333990] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 159.339545] inet_ioctl+0x18b/0x360 [ 159.343191] ? inet_stream_connect+0xa0/0xa0 [ 159.347618] ? _parse_integer+0x190/0x190 [ 159.351789] ? lock_release+0xa30/0xa30 [ 159.355808] ? check_same_owner+0x340/0x340 [ 159.360152] ? __check_object_size+0xa3/0x5d7 [ 159.364669] sock_do_ioctl+0xe4/0x3e0 [ 159.368484] ? __fget+0x4ac/0x740 [ 159.371951] ? compat_ifr_data_ioctl+0x170/0x170 [ 159.376722] ? lock_release+0xa30/0xa30 [ 159.380797] ? pid_task+0x115/0x200 [ 159.384440] ? find_vpid+0xf0/0xf0 [ 159.387997] ? __f_unlock_pos+0x19/0x20 [ 159.391998] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 159.397206] sock_ioctl+0x30d/0x680 [ 159.400849] ? dlci_ioctl_set+0x40/0x40 [ 159.404843] ? ksys_dup3+0x690/0x690 [ 159.408580] ? kasan_check_write+0x14/0x20 [ 159.412835] ? __mutex_unlock_slowpath+0x197/0x8c0 [ 159.417869] ? fsnotify+0xbac/0x14e0 [ 159.421638] ? vfs_write+0x2f3/0x560 [ 159.423801] binder_alloc: 8830: binder_alloc_buf, no vma [ 159.425387] ? dlci_ioctl_set+0x40/0x40 20:42:38 executing program 3: r0 = socket$inet(0x2, 0x0, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e23, @broadcast}, 0x10) sendto$inet(r0, &(0x7f0000a88f88), 0xfffffffffffffe6e, 0x20000000, &(0x7f0000e68000)={0x2, 0x4004e23, @local}, 0x10) shutdown(r1, 0x1) [ 159.425403] do_vfs_ioctl+0x1de/0x1720 [ 159.425417] ? fsnotify_first_mark+0x350/0x350 [ 159.425433] ? __fsnotify_parent+0xcc/0x420 [ 159.430910] binder: 8830:8876 transaction failed 29189/-3, size 0-0 line 2967 [ 159.434840] ? ioctl_preallocate+0x300/0x300 [ 159.434853] ? __fget_light+0x2f7/0x440 [ 159.434867] ? fget_raw+0x20/0x20 [ 159.466794] ? __sb_end_write+0xac/0xe0 [ 159.470779] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 159.476324] ? fput+0x130/0x1a0 [ 159.479598] ? ksys_write+0x1ae/0x260 [ 159.483398] ? security_file_ioctl+0x94/0xc0 [ 159.487799] ksys_ioctl+0xa9/0xd0 [ 159.491245] __x64_sys_ioctl+0x73/0xb0 [ 159.495139] do_syscall_64+0x1b9/0x820 [ 159.499025] ? finish_task_switch+0x1d3/0x870 [ 159.503532] ? syscall_return_slowpath+0x5e0/0x5e0 [ 159.508463] ? syscall_return_slowpath+0x31d/0x5e0 [ 159.513399] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 159.518419] ? prepare_exit_to_usermode+0x291/0x3b0 [ 159.523428] ? perf_trace_sys_enter+0xb10/0xb10 [ 159.528090] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 159.532928] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 159.538134] RIP: 0033:0x455ab9 [ 159.541338] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 159.560655] RSP: 002b:00007f2865266c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 159.565078] binder: undelivered TRANSACTION_ERROR: 29189 [ 159.568545] RAX: ffffffffffffffda RBX: 00007f28652676d4 RCX: 0000000000455ab9 20:42:38 executing program 6: r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_group_source_req(r0, 0x29, 0x2a, &(0x7f0000000000)={0x4, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @mcast2}}}, 0x10000004b) getsockopt$inet6_buf(r0, 0x29, 0x30, &(0x7f0000000000)=""/40, &(0x7f0000001000)=0x399) 20:42:38 executing program 0 (fault-call:2 fault-nth:5): r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCSIFADDR(r0, 0x8916, &(0x7f00000000c0)={'bond_slave_0\x00'}) ioctl$sock_inet_SIOCSIFADDR(r0, 0x8916, &(0x7f0000000000)={'bond_slave_0\x00', {0x2, 0x0, @local}}) 20:42:38 executing program 7: r0 = syz_open_dev$binder(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000000c0)={0x4, 0x0, &(0x7f0000000100)=[@register_looper], 0x1, 0x6c000000, &(0x7f0000000280)='\b'}) r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000008fd0)={0x4c, 0x0, &(0x7f0000000140)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000100)}}}], 0x0, 0x0, &(0x7f0000fedffe)}) [ 159.568554] RDX: 0000000020000000 RSI: 0000000000008916 RDI: 0000000000000013 [ 159.568561] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 159.568568] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000014 [ 159.568576] R13: 00000000004bfc03 R14: 00000000004cf4d8 R15: 0000000000000004 [ 159.673234] binder: 8893:8895 ERROR: BC_REGISTER_LOOPER called without request [ 159.716276] FAULT_INJECTION: forcing a failure. [ 159.716276] name failslab, interval 1, probability 0, space 0, times 0 [ 159.727707] CPU: 0 PID: 8896 Comm: syz-executor0 Not tainted 4.18.0-rc5-next-20180720+ #12 [ 159.736113] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 159.745455] Call Trace: [ 159.748051] dump_stack+0x1c9/0x2b4 [ 159.751678] ? dump_stack_print_info.cold.2+0x52/0x52 [ 159.756865] ? fib_create_info+0x31b3/0x45e0 [ 159.761288] should_fail.cold.4+0xa/0x11 20:42:38 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={&(0x7f0000000080), 0xc, &(0x7f0000000000)={&(0x7f00000000c0)=@ipv4_delroute={0x34, 0x19, 0x1, 0x0, 0x0, {0x2, 0x20, 0x0, 0x0, 0xff, 0x3, 0xff}, [@RTA_FLOW={0x8, 0xb, 0xbc}, @RTA_PREFSRC={0x8, 0x7, @loopback}, @RTA_DST={0x8, 0x1, @loopback}]}, 0x34}, 0x1, 0x0, 0x0, 0x4007}, 0x4000000) 20:42:38 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e23, @broadcast}, 0x10) sendto$inet(r0, &(0x7f0000a88f88), 0xfffffffffffffe6e, 0x20000000, &(0x7f0000e68000)={0x2, 0x4004e23, @local}, 0x10) shutdown(r1, 0x1) 20:42:38 executing program 6: r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_int(r0, 0x29, 0x1a, &(0x7f0000000000)=0x800, 0x4) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @multicast1}}, 0x1c) [ 159.765371] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 159.770493] ? fib_info_update_nh_saddr+0x300/0x300 [ 159.775522] ? wake_up_process+0x10/0x20 [ 159.779712] ? wake_up_worker+0x117/0x190 [ 159.783866] ? need_to_create_worker+0x280/0x280 [ 159.788635] ? kasan_check_read+0x11/0x20 [ 159.792794] ? do_raw_spin_unlock+0xa7/0x2f0 [ 159.797215] ? lock_acquire+0x1e4/0x540 [ 159.801205] ? fs_reclaim_acquire+0x20/0x20 [ 159.805541] ? lock_downgrade+0x8f0/0x8f0 [ 159.809706] ? check_same_owner+0x340/0x340 [ 159.814042] ? do_raw_spin_unlock+0xa7/0x2f0 [ 159.818464] ? rcu_note_context_switch+0x730/0x730 [ 159.823420] __should_failslab+0x124/0x180 [ 159.827844] should_failslab+0x9/0x14 [ 159.831663] kmem_cache_alloc+0x2af/0x760 [ 159.835852] ? __queue_work+0x68d/0x1410 [ 159.839935] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 159.844968] ? fib_find_alias+0x1d1/0x240 [ 159.849135] fib_table_insert+0x411/0x17a0 [ 159.853399] ? fib_table_lookup+0x24a0/0x24a0 [ 159.857914] ? trace_hardirqs_on+0xd/0x10 [ 159.862073] ? kasan_unpoison_shadow+0x35/0x50 20:42:38 executing program 1: sendmmsg(0xffffffffffffffff, &(0x7f0000007fc0)=[{{&(0x7f0000000b40)=@l2, 0x80, &(0x7f0000000180), 0x0, &(0x7f0000001000)=ANY=[@ANYBLOB="8c00000001000000a40c"], 0xa}}], 0x1, 0x0) sigaltstack(&(0x7f0000001000/0x3000)=nil, &(0x7f0000000000)) sigaltstack(&(0x7f0000001000/0x2000)=nil, &(0x7f0000000040)) 20:42:38 executing program 2: preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000080)=""/148, 0x289}], 0x1, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/arp\x00') preadv(r0, &(0x7f0000000480), 0x10000000000002a1, 0x10400003) ioctl$TUNGETSNDBUF(0xffffffffffffffff, 0x800454d3, &(0x7f0000000000)) ioctl$PERF_EVENT_IOC_RESET(0xffffffffffffffff, 0x2403, 0x5) fcntl$setown(r0, 0x8, 0x0) r1 = epoll_create1(0x80006) r2 = socket(0x1d, 0x0, 0x1116) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r2, &(0x7f0000000000)={0xfffffffe8000201f}) setsockopt$inet_udp_int(r2, 0x11, 0x6f, &(0x7f0000000100)=0x7, 0x4) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r1, &(0x7f0000000540)={0x20000003}) ioctl$sock_netdev_private(r3, 0x89f0, &(0x7f0000000480)="dd6c4aae95babf1ba2cec8b824c3d8fd5e5e2a57f332e1c96456a1d00ea4ce51a18b3bfae24dc491ada880e92ffe5376d59852e5ee1b2cde661cadfb31d0a597bb36b5180ca4958e224ea71a6b099d1592d459f4f498fce378ebf9ec4774f407b189a23bfebadf74943b2858f72fd422c838df1af095ff") ioctl$BLKSECDISCARD(r3, 0x127d, &(0x7f0000000300)=0x6bb) r5 = perf_event_open(&(0x7f0000000140)={0x2, 0xb1, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) fcntl$getown(r5, 0x9) r6 = mq_open(&(0x7f00005a1ffb)='eth0\x00', 0x42, 0x0, &(0x7f0000000000)={0x0, 0x6, 0x4}) mq_notify(r6, &(0x7f0000000140)={0x0, 0x2e, 0x1, @thr={&(0x7f0000000040)="7be4d6b00202ca53878499e01146863a2e7c8ca45e1910e5eba6453bb6f234b5a1b1bca731970a74bfc8e1793749ea18156c9b8a615bfa2f506fcf44060d36e38f66f111149434d5139e416358ea33f34b4507cdc299f7868d5f186e6bd604", &(0x7f00000000c0)="3c5d8da40d1477844fc4c160b6004a90edc520a6935a49cf5da4c2b525d13146ed27d429c762a4b0e9aaed82555cd1ae800d"}}) r7 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rtc0\x00', 0x101004, 0x0) preadv(r7, &(0x7f0000000440)=[{&(0x7f0000000340)=""/249, 0xf9}], 0x1, 0x0) pipe2(&(0x7f0000000580)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) ioctl$SG_GET_PACK_ID(r8, 0x227c, &(0x7f00000005c0)) ppoll(&(0x7f00000001c0)=[{r6, 0x8000}, {r7, 0x420}], 0x2, &(0x7f0000000200)={0x77359400}, &(0x7f0000000240)={0x9}, 0x8) mq_timedsend(r6, &(0x7f00000e6000), 0x0, 0xe7, &(0x7f0000e0b000)) getsockopt$inet_udp_int(r3, 0x11, 0x1, &(0x7f0000000280), &(0x7f0000000640)=0x4) write$eventfd(r4, &(0x7f00000002c0)=0x43, 0x8) 20:42:38 executing program 6: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000000)={@multicast2, @loopback}, 0xc) setsockopt$inet_MCAST_JOIN_GROUP(r0, 0x0, 0x2a, &(0x7f00000000c0)={0x1, {{0x2, 0x0, @multicast2}}}, 0x84) getsockopt$inet_buf(r0, 0x0, 0x29, &(0x7f0000000000)=""/145, &(0x7f0000695ffc)=0x91) 20:42:38 executing program 1: r0 = socket$inet6(0xa, 0x400000000001, 0x0) ioctl$int_in(r0, 0x5421, &(0x7f0000000100)=0xff) setsockopt$inet6_tcp_int(r0, 0x6, 0x19, &(0x7f000074fffc)=0x3, 0x348) openat$null(0xffffffffffffff9c, &(0x7f0000000080)='/dev/null\x00', 0x80, 0x0) perf_event_open(&(0x7f0000aaa000)={0x2, 0x70, 0x4b, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = dup(r0) setsockopt$inet6_tcp_int(r1, 0x6, 0x60000008000006, &(0x7f00007b1000)=0x81, 0x4) bind$inet6(r0, &(0x7f0000000180)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r0, &(0x7f0000e77fff), 0x2bd, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) ioctl$KDSETKEYCODE(r1, 0x4b4d, &(0x7f0000000040)={0x80, 0x8}) r2 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f00000001c0)={0x2, 0xf, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, [@sadb_address={0x3, 0x6, 0x0, 0x0, 0x0, @in={0x2, 0x0, @multicast1}}, @sadb_x_policy={0x8, 0x12, 0x0, 0x2, 0x0, 0x0, 0x0, {0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @in6=@loopback, @in=@remote}}, @sadb_address={0x3, 0x5, 0x0, 0x0, 0x0, @in={0x2, 0x400300, @multicast1}}]}, 0x80}}, 0x0) ioctl$sock_inet6_tcp_SIOCINQ(r0, 0x541b, &(0x7f00000000c0)) r3 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) ftruncate(r3, 0x2007fff) sendfile(r1, r3, &(0x7f0000d83ff8), 0x8000fffffffe) [ 159.866670] ? kasan_kmalloc+0xc4/0xe0 [ 159.870578] fib_magic.isra.22+0x66b/0x890 [ 159.874829] ? fib_new_table+0x490/0x490 [ 159.878913] ? lock_acquire+0x1e4/0x540 [ 159.882913] ? blocking_notifier_call_chain+0x129/0x190 [ 159.888293] fib_add_ifaddr+0x17a/0x500 [ 159.892321] ? lock_release+0xa30/0xa30 [ 159.896347] fib_inetaddr_event+0x172/0x222 [ 159.900714] notifier_call_chain+0x180/0x390 [ 159.905143] ? unregister_die_notifier+0x20/0x20 [ 159.909916] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 159.914699] blocking_notifier_call_chain+0x147/0x190 [ 159.919905] ? srcu_init_notifier_head+0xa0/0xa0 [ 159.924676] ? rtmsg_ifa+0x14e/0x1e0 [ 159.928405] __inet_insert_ifa+0x858/0xba0 [ 159.932661] ? refcount_add_not_zero_checked+0x330/0x330 [ 159.938126] ? __inet_del_ifa+0xbd0/0xbd0 [ 159.942269] ? rtnl_is_locked+0xb5/0xf0 [ 159.946236] ? rtnl_trylock+0x20/0x20 [ 159.950028] devinet_ioctl+0x1460/0x1d90 [ 159.954089] ? inet_ifa_byprefix+0x240/0x240 [ 159.958490] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 159.964018] inet_ioctl+0x18b/0x360 [ 159.967632] ? inet_stream_connect+0xa0/0xa0 [ 159.972029] ? _parse_integer+0x190/0x190 [ 159.976167] ? lock_release+0xa30/0xa30 [ 159.980124] ? check_same_owner+0x340/0x340 [ 159.984433] ? __check_object_size+0xa3/0x5d7 [ 159.988916] sock_do_ioctl+0xe4/0x3e0 [ 159.992703] ? __fget+0x4ac/0x740 [ 159.996139] ? compat_ifr_data_ioctl+0x170/0x170 [ 160.000893] ? lock_release+0xa30/0xa30 [ 160.004856] ? pid_task+0x115/0x200 [ 160.008481] ? find_vpid+0xf0/0xf0 [ 160.012013] ? __f_unlock_pos+0x19/0x20 [ 160.015977] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 160.021166] sock_ioctl+0x30d/0x680 [ 160.024784] ? dlci_ioctl_set+0x40/0x40 [ 160.028753] ? ksys_dup3+0x690/0x690 [ 160.032466] ? kasan_check_write+0x14/0x20 [ 160.036685] ? __mutex_unlock_slowpath+0x197/0x8c0 [ 160.041599] ? fsnotify+0xbac/0x14e0 [ 160.045311] ? vfs_write+0x2f3/0x560 [ 160.049021] ? dlci_ioctl_set+0x40/0x40 [ 160.052978] do_vfs_ioctl+0x1de/0x1720 [ 160.056865] ? fsnotify_first_mark+0x350/0x350 [ 160.061444] ? __fsnotify_parent+0xcc/0x420 [ 160.065753] ? ioctl_preallocate+0x300/0x300 [ 160.070144] ? __fget_light+0x2f7/0x440 [ 160.074103] ? fget_raw+0x20/0x20 [ 160.077544] ? __sb_end_write+0xac/0xe0 [ 160.081507] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 160.087034] ? fput+0x130/0x1a0 [ 160.090302] ? ksys_write+0x1ae/0x260 [ 160.094108] ? security_file_ioctl+0x94/0xc0 [ 160.098502] ksys_ioctl+0xa9/0xd0 [ 160.101941] __x64_sys_ioctl+0x73/0xb0 [ 160.105814] do_syscall_64+0x1b9/0x820 [ 160.109687] ? finish_task_switch+0x1d3/0x870 [ 160.114168] ? syscall_return_slowpath+0x5e0/0x5e0 [ 160.119604] ? syscall_return_slowpath+0x31d/0x5e0 [ 160.124518] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 160.129535] ? prepare_exit_to_usermode+0x291/0x3b0 [ 160.134542] ? perf_trace_sys_enter+0xb10/0xb10 [ 160.139201] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 160.144034] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 160.149208] RIP: 0033:0x455ab9 [ 160.152391] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 160.171566] RSP: 002b:00007f2865266c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 160.179270] RAX: ffffffffffffffda RBX: 00007f28652676d4 RCX: 0000000000455ab9 [ 160.186534] RDX: 0000000020000000 RSI: 0000000000008916 RDI: 0000000000000013 [ 160.194977] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 160.202236] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000014 [ 160.209492] R13: 00000000004bfc03 R14: 00000000004cf4d8 R15: 0000000000000005 [ 160.258975] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. 20:42:39 executing program 4: preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000080)=""/148, 0x289}], 0x1, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/arp\x00') preadv(r0, &(0x7f0000000480), 0x10000000000002a1, 0x10400003) ioctl$TUNGETSNDBUF(0xffffffffffffffff, 0x800454d3, &(0x7f0000000000)) ioctl$PERF_EVENT_IOC_RESET(0xffffffffffffffff, 0x2403, 0x5) fcntl$setown(r0, 0x8, 0x0) r1 = epoll_create1(0x80006) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, 0xffffffffffffffff, &(0x7f0000000000)={0xfffffffe8000201f}) setsockopt$inet_udp_int(0xffffffffffffffff, 0x11, 0x6f, &(0x7f0000000100)=0x7, 0x4) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r1, &(0x7f0000000540)={0x20000003}) ioctl$sock_netdev_private(r2, 0x89f0, &(0x7f0000000480)="dd6c4aae95babf1ba2cec8b824c3d8fd5e5e2a57f332e1c96456a1d00ea4ce51a18b3bfae24dc491ada880e92ffe5376d59852e5ee1b2cde661cadfb31d0a597bb36b5180ca4958e224ea71a6b099d1592d459f4f498fce378ebf9ec4774f407b189a23bfebadf74943b2858f72fd422c838df1af095ff") ioctl$BLKSECDISCARD(r2, 0x127d, &(0x7f0000000300)=0x6bb) r4 = perf_event_open(&(0x7f0000000140)={0x2, 0xb1, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) fcntl$getown(r4, 0x9) r5 = mq_open(&(0x7f00005a1ffb)='eth0\x00', 0x42, 0x0, &(0x7f0000000000)={0x0, 0x6, 0x4}) mq_notify(r5, &(0x7f0000000140)={0x0, 0x2e, 0x1, @thr={&(0x7f0000000040)="7be4d6b00202ca53878499e01146863a2e7c8ca45e1910e5eba6453bb6f234b5a1b1bca731970a74bfc8e1793749ea18156c9b8a615bfa2f506fcf44060d36e38f66f111149434d5139e416358ea33f34b4507cdc299f7868d5f186e6bd604", &(0x7f00000000c0)="3c5d8da40d1477844fc4c160b6004a90edc520a6935a49cf5da4c2b525d13146ed27d429c762a4b0e9aaed82555cd1ae800d"}}) r6 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rtc0\x00', 0x101004, 0x0) preadv(r6, &(0x7f0000000440)=[{&(0x7f0000000340)=""/249, 0xf9}], 0x1, 0x0) pipe2(&(0x7f0000000580)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) ioctl$SG_GET_PACK_ID(r7, 0x227c, &(0x7f00000005c0)) ppoll(&(0x7f00000001c0)=[{r5, 0x8000}, {r6, 0x420}], 0x2, &(0x7f0000000200)={0x77359400}, &(0x7f0000000240)={0x9}, 0x8) mq_timedsend(r5, &(0x7f00000e6000), 0x0, 0xe7, &(0x7f0000e0b000)) getsockopt$inet_udp_int(r2, 0x11, 0x1, &(0x7f0000000280), &(0x7f0000000640)=0x4) write$eventfd(r3, &(0x7f00000002c0)=0x43, 0x8) setsockopt$inet_mreq(0xffffffffffffffff, 0x0, 0x23, &(0x7f0000000500)={@local, @rand_addr=0x800}, 0x8) syz_genetlink_get_family_id$team(&(0x7f0000000780)='team\x00') 20:42:39 executing program 0 (fault-call:2 fault-nth:6): r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCSIFADDR(r0, 0x8916, &(0x7f00000000c0)={'bond_slave_0\x00'}) ioctl$sock_inet_SIOCSIFADDR(r0, 0x8916, &(0x7f0000000000)={'bond_slave_0\x00', {0x2, 0x0, @local}}) 20:42:39 executing program 6: socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = dup2(r0, r0) sendmsg$nl_route_sched(r1, &(0x7f0000000500)={&(0x7f00000002c0), 0xc, &(0x7f00000004c0)={&(0x7f0000000440)=@gettfilter={0x24}, 0x24}}, 0x801) 20:42:39 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={&(0x7f0000000080), 0xc, &(0x7f0000000000)={&(0x7f00000000c0)=@ipv4_delroute={0x34, 0x19, 0x1, 0x0, 0x0, {0x2, 0x20, 0x0, 0x0, 0xff, 0x3, 0xff}, [@RTA_FLOW={0x8, 0xb, 0xbc}, @RTA_PREFSRC={0x8, 0x7, @loopback}, @RTA_DST={0x8, 0x1, @loopback}]}, 0x34}, 0x1, 0x0, 0x0, 0x4007}, 0x4000000) 20:42:39 executing program 1: r0 = socket$inet(0x2, 0x1, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r1, &(0x7f0000011ff0)={0x2, 0x4e20, @multicast2}, 0x10) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000000c0)='veth0_to_bond\x00', 0x10) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e20, @multicast1}, 0x10) 20:42:39 executing program 1: setsockopt$inet6_MRT6_DEL_MFC_PROXY(0xffffffffffffffff, 0x29, 0xd3, &(0x7f0000002000)={{0xa, 0x0, 0x0, @ipv4={[], [], @local}}, {0xa, 0x0, 0x0, @empty, 0x1}}, 0x5c) setsockopt$inet6_tcp_TCP_REPAIR_WINDOW(0xffffffffffffffff, 0x6, 0x1d, &(0x7f0000002000)={0x0, 0x8000000000020}, 0x2a6) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_int(r0, 0x29, 0x40, &(0x7f0000001fde), 0x4) [ 160.472246] binder_alloc: 8893: binder_alloc_buf, no vma [ 160.477788] binder: 8893:8928 transaction failed 29189/-3, size 0-0 line 2967 20:42:39 executing program 6: r0 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r0, &(0x7f0000000000)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x20}}, 0x10) setsockopt$inet_int(r0, 0x0, 0x21, &(0x7f0000000080), 0x3) sendto$inet(r0, &(0x7f0000c95ffd), 0x1c00, 0x0, &(0x7f000057bff0)={0x2, 0x4e20, @multicast1}, 0x10) [ 160.574473] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 160.592178] FAULT_INJECTION: forcing a failure. [ 160.592178] name failslab, interval 1, probability 0, space 0, times 0 [ 160.592195] CPU: 1 PID: 8938 Comm: syz-executor0 Not tainted 4.18.0-rc5-next-20180720+ #12 [ 160.592203] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 160.592207] Call Trace: 20:42:39 executing program 7: r0 = syz_open_dev$binder(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000000c0)={0x4, 0x0, &(0x7f0000000100)=[@register_looper], 0x1, 0x6c000000, &(0x7f0000000280)='\b'}) r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000008fd0)={0x4c, 0x0, &(0x7f0000000140)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000100)}}}], 0x0, 0x0, &(0x7f0000fedffe)}) 20:42:39 executing program 5: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000040)={&(0x7f0000000ac0), 0xc, &(0x7f00000007c0)={&(0x7f0000005280)={0x20, 0x19, 0x2fb, 0x0, 0x0, {0x1}, [@typed={0xc, 0x2, @u64}]}, 0x20}}, 0x0) 20:42:39 executing program 1: r0 = memfd_create(&(0x7f0000000140)="7365e3757269747d2451dc094071773e74656f07", 0x0) write(r0, &(0x7f0000000040)='6', 0x1) accept4$packet(r0, &(0x7f0000000180), &(0x7f00000001c0)=0x14, 0x0) r1 = getuid() sendmsg$nl_xfrm(r0, &(0x7f00000003c0)={&(0x7f0000000100), 0xc, &(0x7f0000000380)={&(0x7f0000000200)=ANY=[@ANYBLOB="780100001600200328bd7000fddbdf2500000000000000000000000000000001fe80000000000000000000000000000a4e23fffd4e2100000a00a08021000000", @ANYRES32=r1, @ANYBLOB="7f000001000000000000000000000000000004d4ff000000ff010000000000000000000000000001ffffff7f000000006100000000000000090000000200000000000000000000000000000000000008ff7f00000000000000f0ffffffffffffb3280000000000005305000000000000000000f7ffffffffffffff0002000000000000000000000000000300000080b7020073616c73613230000000000000000000000000000000006f9d000000000000000000000000000000000000000000000000000000000000000000000000000000b00100003e80b803fe9f06d5e20e40e0c7d183476bf36a9188bf15e86c9b59fafcbc3b85c6c0c47f19bff45c4534c83a8d7f7ccbcc3416031f0100000000000000000000000000000000000000000000"], 0x3}, 0x1, 0x0, 0x0, 0x41}, 0x4000001) sendfile(r0, r0, &(0x7f0000000080), 0xb516) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0) mlock(&(0x7f000051a000/0x14000)=nil, 0x14000) [ 160.592232] dump_stack+0x1c9/0x2b4 [ 160.592259] ? dump_stack_print_info.cold.2+0x52/0x52 [ 160.606632] binder: undelivered TRANSACTION_ERROR: 29189 [ 160.611917] should_fail.cold.4+0xa/0x11 [ 160.611936] ? trace_hardirqs_on+0x10/0x10 [ 160.611955] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 160.648369] binder: 8951:8952 ERROR: BC_REGISTER_LOOPER called without request [ 160.651497] ? is_bpf_text_address+0xae/0x170 [ 160.651514] ? lock_downgrade+0x8f0/0x8f0 [ 160.651530] ? lock_release+0xa30/0xa30 [ 160.651544] ? kasan_check_read+0x11/0x20 [ 160.651558] ? rcu_is_watching+0x8c/0x150 [ 160.651576] ? rcu_cleanup_dead_rnp+0x200/0x200 [ 160.684488] ? is_bpf_text_address+0xd7/0x170 [ 160.688998] ? lock_acquire+0x1e4/0x540 [ 160.692988] ? fs_reclaim_acquire+0x20/0x20 [ 160.697325] ? lock_downgrade+0x8f0/0x8f0 [ 160.701486] ? __save_stack_trace+0x8d/0xf0 [ 160.705825] ? check_same_owner+0x340/0x340 [ 160.710162] ? rcu_note_context_switch+0x730/0x730 [ 160.715101] ? save_stack+0xa9/0xd0 [ 160.718740] __should_failslab+0x124/0x180 [ 160.722994] should_failslab+0x9/0x14 [ 160.726815] kmem_cache_alloc_node+0x272/0x780 [ 160.731424] ? fib_trie_seq_start+0x4e0/0x4e0 [ 160.735935] ? lock_downgrade+0x8f0/0x8f0 [ 160.740095] ? __x64_sys_ioctl+0x73/0xb0 [ 160.744170] __alloc_skb+0x119/0x770 [ 160.747905] ? skb_scrub_packet+0x490/0x490 [ 160.752245] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 160.757805] ? atomic_notifier_call_chain+0xf1/0x190 [ 160.762926] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 160.768474] ? call_fib_notifiers+0x6f/0x90 [ 160.772811] ? call_fib4_notifiers+0x9c/0x110 [ 160.777317] ? call_fib_entry_notifiers+0x2f1/0x500 [ 160.782347] ? kasan_kmalloc+0xc4/0xe0 [ 160.786335] rtmsg_fib+0x1f8/0x4d0 [ 160.789896] fib_table_insert+0x7a8/0x17a0 [ 160.794294] ? fib_table_lookup+0x24a0/0x24a0 [ 160.798843] ? trace_hardirqs_on+0xd/0x10 [ 160.803006] ? kasan_unpoison_shadow+0x35/0x50 [ 160.807632] ? kasan_kmalloc+0xc4/0xe0 [ 160.811530] fib_magic.isra.22+0x66b/0x890 [ 160.815774] ? fib_new_table+0x490/0x490 [ 160.819847] ? lock_acquire+0x1e4/0x540 [ 160.823826] ? blocking_notifier_call_chain+0x129/0x190 [ 160.829205] fib_add_ifaddr+0x17a/0x500 [ 160.833190] ? lock_release+0xa30/0xa30 [ 160.837175] fib_inetaddr_event+0x172/0x222 [ 160.841515] notifier_call_chain+0x180/0x390 [ 160.845944] ? unregister_die_notifier+0x20/0x20 [ 160.850708] ? __x64_sys_ioctl+0x73/0xb0 [ 160.854778] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 160.860137] blocking_notifier_call_chain+0x147/0x190 [ 160.865316] ? srcu_init_notifier_head+0xa0/0xa0 [ 160.870071] ? rtmsg_ifa+0x14e/0x1e0 [ 160.873780] __inet_insert_ifa+0x858/0xba0 [ 160.878006] ? refcount_add_not_zero_checked+0x330/0x330 [ 160.883458] ? __inet_del_ifa+0xbd0/0xbd0 [ 160.887601] ? rtnl_is_locked+0xb5/0xf0 [ 160.891564] ? rtnl_trylock+0x20/0x20 [ 160.895356] devinet_ioctl+0x1460/0x1d90 [ 160.899408] ? inet_ifa_byprefix+0x240/0x240 [ 160.903811] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 160.909340] inet_ioctl+0x18b/0x360 [ 160.912960] ? inet_stream_connect+0xa0/0xa0 [ 160.917374] ? _parse_integer+0x190/0x190 [ 160.921536] ? lock_release+0xa30/0xa30 [ 160.925501] ? check_same_owner+0x340/0x340 [ 160.929826] ? __check_object_size+0xa3/0x5d7 [ 160.934329] sock_do_ioctl+0xe4/0x3e0 [ 160.938120] ? __fget+0x4ac/0x740 [ 160.941560] ? compat_ifr_data_ioctl+0x170/0x170 [ 160.946304] ? lock_release+0xa30/0xa30 [ 160.950269] ? pid_task+0x115/0x200 [ 160.953894] ? find_vpid+0xf0/0xf0 [ 160.957603] ? __f_unlock_pos+0x19/0x20 [ 160.961568] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 160.966744] sock_ioctl+0x30d/0x680 [ 160.970360] ? dlci_ioctl_set+0x40/0x40 [ 160.974319] ? ksys_dup3+0x690/0x690 [ 160.978027] ? kasan_check_write+0x14/0x20 [ 160.982251] ? __mutex_unlock_slowpath+0x197/0x8c0 [ 160.987173] ? fsnotify+0xbac/0x14e0 [ 160.990872] ? vfs_write+0x2f3/0x560 [ 160.994575] ? dlci_ioctl_set+0x40/0x40 [ 160.998536] do_vfs_ioctl+0x1de/0x1720 [ 161.002412] ? fsnotify_first_mark+0x350/0x350 [ 161.006978] ? __fsnotify_parent+0xcc/0x420 [ 161.011290] ? ioctl_preallocate+0x300/0x300 [ 161.015687] ? __fget_light+0x2f7/0x440 [ 161.019646] ? fget_raw+0x20/0x20 [ 161.023107] ? __sb_end_write+0xac/0xe0 [ 161.027075] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 161.032599] ? fput+0x130/0x1a0 [ 161.035885] ? ksys_write+0x1ae/0x260 [ 161.039934] ? security_file_ioctl+0x94/0xc0 [ 161.044330] ksys_ioctl+0xa9/0xd0 [ 161.047770] __x64_sys_ioctl+0x73/0xb0 [ 161.051648] do_syscall_64+0x1b9/0x820 [ 161.055522] ? finish_task_switch+0x1d3/0x870 [ 161.060008] ? syscall_return_slowpath+0x5e0/0x5e0 [ 161.064930] ? syscall_return_slowpath+0x31d/0x5e0 [ 161.069844] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 161.074845] ? prepare_exit_to_usermode+0x291/0x3b0 [ 161.079865] ? perf_trace_sys_enter+0xb10/0xb10 [ 161.084528] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 161.089361] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 161.094547] RIP: 0033:0x455ab9 [ 161.097719] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 161.116893] RSP: 002b:00007f2865266c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 20:42:39 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e23, @broadcast}, 0x10) sendto$inet(r0, &(0x7f0000a88f88), 0xfffffffffffffe6e, 0x20000000, &(0x7f0000e68000)={0x2, 0x4004e23, @local}, 0x10) shutdown(r1, 0x1) 20:42:39 executing program 5: r0 = socket(0x11, 0x80002, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r1, &(0x7f00001fefe4)={0xa, 0x4e22}, 0x1c) listen(r1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) sendto$inet6(r2, &(0x7f0000000040)="e9", 0x1, 0x20000004, &(0x7f0000000000)={0xa, 0x4e22, 0x0, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0xc}}}, 0x1c) dup2(r0, r1) 20:42:39 executing program 6: r0 = socket$packet(0x11, 0x40000000000003, 0x300) setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000040)=0x4006, 0x4) sendto$inet6(r0, &(0x7f00000001c0)="0401000000c000ddb84606000000007a67e74464c47b4ddfca830895cffe7d43470b3f90a3402e04441f38ed4d0000008207d9033780398d527ed80008000100000000f73b2e5506dce5eb8f8b307756e195d9ff81021fe8ffff", 0x5a, 0x4000, &(0x7f0000001a00)={0xa, 0x100200000800, 0x9, @mcast2, 0xa}, 0x1c) [ 161.124586] RAX: ffffffffffffffda RBX: 00007f28652676d4 RCX: 0000000000455ab9 [ 161.131849] RDX: 0000000020000000 RSI: 0000000000008916 RDI: 0000000000000013 [ 161.139110] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 161.146365] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000014 [ 161.153620] R13: 00000000004bfc03 R14: 00000000004cf4d8 R15: 0000000000000006 [ 161.192148] TCP: request_sock_TCP: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. 20:42:39 executing program 2: preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000080)=""/148, 0x289}], 0x1, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/arp\x00') preadv(r0, &(0x7f0000000480), 0x10000000000002a1, 0x10400003) ioctl$TUNGETSNDBUF(0xffffffffffffffff, 0x800454d3, &(0x7f0000000000)) ioctl$PERF_EVENT_IOC_RESET(0xffffffffffffffff, 0x2403, 0x5) fcntl$setown(r0, 0x8, 0x0) r1 = epoll_create1(0x80006) r2 = socket(0x1d, 0x0, 0x1116) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r2, &(0x7f0000000000)={0xfffffffe8000201f}) setsockopt$inet_udp_int(r2, 0x11, 0x6f, &(0x7f0000000100)=0x7, 0x4) pipe(&(0x7f0000000040)={0xffffffffffffffff}) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r1, &(0x7f0000000540)={0x20000003}) ioctl$sock_netdev_private(r3, 0x89f0, &(0x7f0000000480)="dd6c4aae95babf1ba2cec8b824c3d8fd5e5e2a57f332e1c96456a1d00ea4ce51a18b3bfae24dc491ada880e92ffe5376d59852e5ee1b2cde661cadfb31d0a597bb36b5180ca4958e224ea71a6b099d1592d459f4f498fce378ebf9ec4774f407b189a23bfebadf74943b2858f72fd422c838df1af095ff") ioctl$BLKSECDISCARD(r3, 0x127d, &(0x7f0000000300)=0x6bb) r4 = perf_event_open(&(0x7f0000000140)={0x2, 0xb1, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) fcntl$getown(r4, 0x9) r5 = mq_open(&(0x7f00005a1ffb)='eth0\x00', 0x42, 0x0, &(0x7f0000000000)={0x0, 0x6, 0x4}) mq_notify(r5, &(0x7f0000000140)={0x0, 0x2e, 0x1, @thr={&(0x7f0000000040)="7be4d6b00202ca53878499e01146863a2e7c8ca45e1910e5eba6453bb6f234b5a1b1bca731970a74bfc8e1793749ea18156c9b8a615bfa2f506fcf44060d36e38f66f111149434d5139e416358ea33f34b4507cdc299f7868d5f186e6bd604", &(0x7f00000000c0)="3c5d8da40d1477844fc4c160b6004a90edc520a6935a49cf5da4c2b525d13146ed27d429c762a4b0e9aaed82555cd1ae800d"}}) r6 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rtc0\x00', 0x101004, 0x0) preadv(r6, &(0x7f0000000440)=[{&(0x7f0000000340)=""/249, 0xf9}], 0x1, 0x0) pipe2(&(0x7f0000000580)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) ioctl$SG_GET_PACK_ID(r7, 0x227c, &(0x7f00000005c0)) ppoll(&(0x7f00000001c0)=[{r5, 0x8000}, {r6, 0x420}], 0x2, &(0x7f0000000200)={0x77359400}, &(0x7f0000000240)={0x9}, 0x8) mq_timedsend(r5, &(0x7f00000e6000), 0x0, 0xe7, &(0x7f0000e0b000)) getsockopt$inet_udp_int(r3, 0x11, 0x1, &(0x7f0000000280), &(0x7f0000000640)=0x4) 20:42:39 executing program 0 (fault-call:2 fault-nth:7): r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCSIFADDR(r0, 0x8916, &(0x7f00000000c0)={'bond_slave_0\x00'}) ioctl$sock_inet_SIOCSIFADDR(r0, 0x8916, &(0x7f0000000000)={'bond_slave_0\x00', {0x2, 0x0, @local}}) 20:42:39 executing program 6: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) bind(r0, &(0x7f0000000240)=@can, 0x80) [ 161.353053] FAULT_INJECTION: forcing a failure. [ 161.353053] name failslab, interval 1, probability 0, space 0, times 0 [ 161.364385] CPU: 0 PID: 8977 Comm: syz-executor0 Not tainted 4.18.0-rc5-next-20180720+ #12 [ 161.372795] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 161.382154] Call Trace: [ 161.384755] dump_stack+0x1c9/0x2b4 [ 161.388402] ? dump_stack_print_info.cold.2+0x52/0x52 [ 161.393621] should_fail.cold.4+0xa/0x11 [ 161.397699] ? __kernel_text_address+0xd/0x40 [ 161.402221] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 161.407341] ? __save_stack_trace+0x8d/0xf0 [ 161.411688] ? save_stack+0xa9/0xd0 [ 161.415325] ? save_stack+0x43/0xd0 [ 161.418966] ? kasan_kmalloc+0xc4/0xe0 [ 161.422862] ? kasan_slab_alloc+0x12/0x20 [ 161.427016] ? kmem_cache_alloc_node+0x144/0x780 [ 161.431781] ? __alloc_skb+0x119/0x770 [ 161.435675] ? rtmsg_fib+0x1f8/0x4d0 [ 161.439396] ? fib_table_insert+0x7a8/0x17a0 [ 161.443813] ? fib_magic.isra.22+0x66b/0x890 [ 161.448171] binder_alloc: 8951: binder_alloc_buf, no vma [ 161.448236] ? fib_add_ifaddr+0x17a/0x500 [ 161.453757] binder: 8951:8985 transaction failed 29189/-3, size 0-0 line 2967 [ 161.457844] ? fib_inetaddr_event+0x172/0x222 [ 161.457859] ? notifier_call_chain+0x180/0x390 [ 161.457878] ? blocking_notifier_call_chain+0x147/0x190 [ 161.479586] ? __inet_insert_ifa+0x858/0xba0 [ 161.484004] ? inet_ioctl+0x18b/0x360 [ 161.487821] ? lock_acquire+0x1e4/0x540 [ 161.491800] ? fs_reclaim_acquire+0x20/0x20 [ 161.496133] ? lock_downgrade+0x8f0/0x8f0 [ 161.500297] ? check_same_owner+0x340/0x340 [ 161.504633] ? lock_downgrade+0x8f0/0x8f0 [ 161.508795] ? rcu_note_context_switch+0x730/0x730 [ 161.513736] __should_failslab+0x124/0x180 [ 161.517980] should_failslab+0x9/0x14 [ 161.521792] kmem_cache_alloc_node_trace+0x26f/0x770 [ 161.526901] ? kasan_kmalloc+0xc4/0xe0 [ 161.530802] __kmalloc_node_track_caller+0x33/0x70 [ 161.535749] __kmalloc_reserve.isra.41+0x3a/0xe0 [ 161.540520] __alloc_skb+0x155/0x770 [ 161.544247] ? skb_scrub_packet+0x490/0x490 [ 161.548577] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 161.554126] ? atomic_notifier_call_chain+0xf1/0x190 [ 161.559249] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 161.564796] ? call_fib_notifiers+0x6f/0x90 [ 161.569127] ? call_fib4_notifiers+0x9c/0x110 [ 161.573642] ? call_fib_entry_notifiers+0x2f1/0x500 [ 161.578668] ? kasan_kmalloc+0xc4/0xe0 [ 161.580463] binder: undelivered TRANSACTION_ERROR: 29189 [ 161.582563] rtmsg_fib+0x1f8/0x4d0 [ 161.582581] fib_table_insert+0x7a8/0x17a0 [ 161.595809] ? fib_table_lookup+0x24a0/0x24a0 [ 161.600325] ? trace_hardirqs_on+0xd/0x10 [ 161.604496] ? kasan_unpoison_shadow+0x35/0x50 [ 161.609091] ? kasan_kmalloc+0xc4/0xe0 [ 161.612989] fib_magic.isra.22+0x66b/0x890 [ 161.617236] ? fib_new_table+0x490/0x490 [ 161.621312] ? lock_acquire+0x1e4/0x540 [ 161.625322] ? blocking_notifier_call_chain+0x129/0x190 [ 161.630704] fib_add_ifaddr+0x17a/0x500 [ 161.634690] ? lock_release+0xa30/0xa30 [ 161.638676] fib_inetaddr_event+0x172/0x222 [ 161.643008] notifier_call_chain+0x180/0x390 [ 161.647431] ? unregister_die_notifier+0x20/0x20 [ 161.652201] ? __x64_sys_ioctl+0x73/0xb0 [ 161.656281] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 161.661660] blocking_notifier_call_chain+0x147/0x190 [ 161.666867] ? srcu_init_notifier_head+0xa0/0xa0 [ 161.671637] ? rtmsg_ifa+0x14e/0x1e0 [ 161.675362] __inet_insert_ifa+0x858/0xba0 [ 161.679618] ? refcount_add_not_zero_checked+0x330/0x330 [ 161.685086] ? __inet_del_ifa+0xbd0/0xbd0 [ 161.689249] ? rtnl_is_locked+0xb5/0xf0 [ 161.693237] ? rtnl_trylock+0x20/0x20 [ 161.697047] devinet_ioctl+0x1460/0x1d90 [ 161.701121] ? inet_ifa_byprefix+0x240/0x240 [ 161.705539] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 161.711089] inet_ioctl+0x18b/0x360 [ 161.714730] ? inet_stream_connect+0xa0/0xa0 [ 161.719149] ? _parse_integer+0x190/0x190 [ 161.723303] ? lock_release+0xa30/0xa30 [ 161.727278] ? check_same_owner+0x340/0x340 [ 161.731614] ? __check_object_size+0xa3/0x5d7 [ 161.736123] sock_do_ioctl+0xe4/0x3e0 [ 161.739926] ? __fget+0x4ac/0x740 [ 161.743391] ? compat_ifr_data_ioctl+0x170/0x170 [ 161.748158] ? lock_release+0xa30/0xa30 [ 161.752151] ? pid_task+0x115/0x200 [ 161.755793] ? find_vpid+0xf0/0xf0 [ 161.759340] ? __f_unlock_pos+0x19/0x20 [ 161.763331] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 161.768537] sock_ioctl+0x30d/0x680 [ 161.772189] ? dlci_ioctl_set+0x40/0x40 [ 161.776174] ? ksys_dup3+0x690/0x690 [ 161.779926] ? kasan_check_write+0x14/0x20 [ 161.784175] ? __mutex_unlock_slowpath+0x197/0x8c0 [ 161.789114] ? fsnotify+0xbac/0x14e0 [ 161.792833] ? vfs_write+0x2f3/0x560 [ 161.796553] ? dlci_ioctl_set+0x40/0x40 [ 161.800539] do_vfs_ioctl+0x1de/0x1720 [ 161.804432] ? fsnotify_first_mark+0x350/0x350 [ 161.809024] ? __fsnotify_parent+0xcc/0x420 [ 161.813361] ? ioctl_preallocate+0x300/0x300 [ 161.817781] ? __fget_light+0x2f7/0x440 [ 161.821762] ? fget_raw+0x20/0x20 [ 161.825226] ? __sb_end_write+0xac/0xe0 [ 161.829303] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 161.834854] ? fput+0x130/0x1a0 [ 161.838146] ? ksys_write+0x1ae/0x260 [ 161.841963] ? security_file_ioctl+0x94/0xc0 [ 161.846382] ksys_ioctl+0xa9/0xd0 [ 161.849843] __x64_sys_ioctl+0x73/0xb0 [ 161.853738] do_syscall_64+0x1b9/0x820 [ 161.857633] ? syscall_slow_exit_work+0x500/0x500 [ 161.862483] ? syscall_return_slowpath+0x5e0/0x5e0 [ 161.867425] ? syscall_return_slowpath+0x31d/0x5e0 [ 161.872366] ? prepare_exit_to_usermode+0x291/0x3b0 [ 161.877393] ? perf_trace_sys_enter+0xb10/0xb10 [ 161.882073] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 161.886933] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 161.892128] RIP: 0033:0x455ab9 [ 161.895317] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 161.914589] RSP: 002b:00007f2865266c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 161.922398] RAX: ffffffffffffffda RBX: 00007f28652676d4 RCX: 0000000000455ab9 [ 161.929939] RDX: 0000000020000000 RSI: 0000000000008916 RDI: 0000000000000013 [ 161.937216] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 161.944498] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000014 20:42:40 executing program 4: preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000080)=""/148, 0x289}], 0x1, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/arp\x00') preadv(r0, &(0x7f0000000480), 0x10000000000002a1, 0x10400003) ioctl$TUNGETSNDBUF(0xffffffffffffffff, 0x800454d3, &(0x7f0000000000)) ioctl$PERF_EVENT_IOC_RESET(0xffffffffffffffff, 0x2403, 0x5) fcntl$setown(r0, 0x8, 0x0) r1 = socket(0x1d, 0x0, 0x1116) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r1, &(0x7f0000000000)={0xfffffffe8000201f}) setsockopt$inet_udp_int(r1, 0x11, 0x6f, &(0x7f0000000100)=0x7, 0x4) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000540)={0x20000003}) ioctl$sock_netdev_private(r2, 0x89f0, &(0x7f0000000480)="dd6c4aae95babf1ba2cec8b824c3d8fd5e5e2a57f332e1c96456a1d00ea4ce51a18b3bfae24dc491ada880e92ffe5376d59852e5ee1b2cde661cadfb31d0a597bb36b5180ca4958e224ea71a6b099d1592d459f4f498fce378ebf9ec4774f407b189a23bfebadf74943b2858f72fd422c838df1af095ff") ioctl$BLKSECDISCARD(r2, 0x127d, &(0x7f0000000300)=0x6bb) r4 = perf_event_open(&(0x7f0000000140)={0x2, 0xb1, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) fcntl$getown(r4, 0x9) r5 = mq_open(&(0x7f00005a1ffb)='eth0\x00', 0x42, 0x0, &(0x7f0000000000)={0x0, 0x6, 0x4}) mq_notify(r5, &(0x7f0000000140)={0x0, 0x2e, 0x1, @thr={&(0x7f0000000040)="7be4d6b00202ca53878499e01146863a2e7c8ca45e1910e5eba6453bb6f234b5a1b1bca731970a74bfc8e1793749ea18156c9b8a615bfa2f506fcf44060d36e38f66f111149434d5139e416358ea33f34b4507cdc299f7868d5f186e6bd604", &(0x7f00000000c0)="3c5d8da40d1477844fc4c160b6004a90edc520a6935a49cf5da4c2b525d13146ed27d429c762a4b0e9aaed82555cd1ae800d"}}) r6 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rtc0\x00', 0x101004, 0x0) preadv(r6, &(0x7f0000000440)=[{&(0x7f0000000340)=""/249, 0xf9}], 0x1, 0x0) pipe2(&(0x7f0000000580)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) ioctl$SG_GET_PACK_ID(r7, 0x227c, &(0x7f00000005c0)) ppoll(&(0x7f00000001c0)=[{r5, 0x8000}, {r6, 0x420}], 0x2, &(0x7f0000000200)={0x77359400}, &(0x7f0000000240)={0x9}, 0x8) mq_timedsend(r5, &(0x7f00000e6000), 0x0, 0xe7, &(0x7f0000e0b000)) getsockopt$inet_udp_int(r2, 0x11, 0x1, &(0x7f0000000280), &(0x7f0000000640)=0x4) write$eventfd(r3, &(0x7f00000002c0)=0x43, 0x8) setsockopt$inet_mreq(r1, 0x0, 0x23, &(0x7f0000000500)={@local, @rand_addr=0x800}, 0x8) syz_genetlink_get_family_id$team(&(0x7f0000000780)='team\x00') 20:42:40 executing program 5: r0 = socket$inet6(0xa, 0x100800000000002, 0x88) connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @mcast1, 0x2}, 0x1c) r1 = syz_open_procfs(0x0, &(0x7f0000000300)='net/dev_mcast\x00') connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={[], [], @loopback}}, 0x1c) setsockopt$inet6_IPV6_ADDRFORM(r0, 0x29, 0x1, &(0x7f0000000080), 0x4) sendfile(r0, r1, &(0x7f0000000040), 0xcb4b) 20:42:40 executing program 6: r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f00000005c0)=0x1, 0x4) connect$inet6(r0, &(0x7f0000000240)={0xa, 0x0, 0x0, @local}, 0x1c) 20:42:40 executing program 7: r0 = syz_open_dev$binder(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000000c0)={0x4, 0x0, &(0x7f0000000100)=[@register_looper], 0x1, 0x6c000000, &(0x7f0000000280)='\b'}) r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000008fd0)={0x4c, 0x0, &(0x7f0000000140)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000100)}}}], 0x0, 0x0, &(0x7f0000fedffe)}) [ 161.951774] R13: 00000000004bfc03 R14: 00000000004cf4d8 R15: 0000000000000007 20:42:40 executing program 0 (fault-call:2 fault-nth:8): r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCSIFADDR(r0, 0x8916, &(0x7f00000000c0)={'bond_slave_0\x00'}) ioctl$sock_inet_SIOCSIFADDR(r0, 0x8916, &(0x7f0000000000)={'bond_slave_0\x00', {0x2, 0x0, @local}}) 20:42:40 executing program 6: r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f00000005c0)=0x1, 0x4) connect$inet6(r0, &(0x7f0000000240)={0xa, 0x0, 0x0, @local}, 0x1c) 20:42:40 executing program 5: r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000140)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000ffa000/0x2000)=nil, 0x2000}, 0x1}) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000140)) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000180)={{&(0x7f0000ffc000/0x4000)=nil, 0x4000}, 0x1}) [ 161.987373] binder: 8989:8991 ERROR: BC_REGISTER_LOOPER called without request 20:42:40 executing program 6: r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f00000005c0)=0x1, 0x4) connect$inet6(r0, &(0x7f0000000240)={0xa, 0x0, 0x0, @local}, 0x1c) 20:42:40 executing program 5: pipe2(&(0x7f0000f61000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r2 = userfaultfd(0x0) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000bc8000)) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000d62fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) write$sndseq(r1, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x1c) ioctl$FIONREAD(r0, 0x541b, &(0x7f0000000040)) writev(r1, &(0x7f0000000200)=[{&(0x7f00000000c0)='@', 0x1}], 0x1) dup2(r1, r2) 20:42:40 executing program 1: r0 = socket$inet6(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @local={0xfe, 0x80, [], 0xffffffffffffffff}, 0xe}, 0x1c) sendto$inet6(r0, &(0x7f0000c9f000), 0x0, 0xfffffefffffffffe, &(0x7f0000f62fe4)={0xa, 0x0, 0x0, @ipv4={[], [], @remote={0xac, 0x14, 0xffffffffffffffff}}}, 0x1c) getsockopt$inet6_int(r0, 0x29, 0x10000000000018, &(0x7f0000000180), &(0x7f0000000040)) 20:42:40 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e23, @broadcast}, 0x10) sendto$inet(r0, &(0x7f0000a88f88), 0xfffffffffffffe6e, 0x20000000, &(0x7f0000e68000)={0x2, 0x4004e23, @local}, 0x10) shutdown(r1, 0x1) 20:42:40 executing program 6: r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f00000005c0)=0x1, 0x4) connect$inet6(r0, &(0x7f0000000240)={0xa, 0x0, 0x0, @local}, 0x1c) [ 162.183473] FAULT_INJECTION: forcing a failure. [ 162.183473] name failslab, interval 1, probability 0, space 0, times 0 [ 162.196105] CPU: 0 PID: 9010 Comm: syz-executor0 Not tainted 4.18.0-rc5-next-20180720+ #12 [ 162.204515] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 162.213872] Call Trace: [ 162.216480] dump_stack+0x1c9/0x2b4 [ 162.220131] ? dump_stack_print_info.cold.2+0x52/0x52 [ 162.225344] ? __mutex_lock+0x6c4/0x1680 [ 162.229404] should_fail.cold.4+0xa/0x11 [ 162.233452] ? perf_event_update_userpage+0xd30/0xd30 [ 162.238646] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 162.243737] ? mutex_trylock+0x2b0/0x2b0 [ 162.247792] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 162.252797] ? bpf_prog_kallsyms_find+0xde/0x4c0 [ 162.257545] ? pcpu_alloc+0xf73/0x13a0 [ 162.261420] ? lock_downgrade+0x8f0/0x8f0 [ 162.265552] ? lock_downgrade+0x8f0/0x8f0 [ 162.269689] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 162.274689] ? bpf_prog_kallsyms_find+0xde/0x4c0 [ 162.279438] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 162.284448] ? lock_acquire+0x1e4/0x540 [ 162.288406] ? is_bpf_text_address+0xae/0x170 [ 162.292890] __should_failslab+0x124/0x180 [ 162.297115] should_failslab+0x9/0x14 [ 162.300906] kmem_cache_alloc_node_trace+0x5a/0x770 [ 162.305912] ? kasan_check_read+0x11/0x20 [ 162.310051] ? rcu_is_watching+0x8c/0x150 [ 162.314276] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 162.319294] __kmalloc_node_track_caller+0x33/0x70 [ 162.324247] __kmalloc_reserve.isra.41+0x3a/0xe0 [ 162.328996] pskb_expand_head+0x230/0x10e0 [ 162.333220] ? rtnetlink_put_metrics+0x3a8/0x690 [ 162.337971] ? __pskb_copy_fclone+0xeb0/0xeb0 [ 162.342477] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 162.347484] ? skb_put+0x17b/0x1e0 [ 162.351015] ? memset+0x31/0x40 [ 162.354281] ? memcpy+0x45/0x50 [ 162.357551] ? __nla_put+0x37/0x40 [ 162.361077] ? nla_put+0x11a/0x150 [ 162.364616] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 162.370156] ? fib_dump_info+0x950/0x1bc0 [ 162.374295] netlink_trim+0x2ea/0x380 [ 162.378085] ? netlink_skb_destructor+0x210/0x210 [ 162.382937] ? kasan_unpoison_shadow+0x35/0x50 [ 162.387508] ? kasan_kmalloc+0xc4/0xe0 [ 162.391387] netlink_broadcast_filtered+0x105/0x1620 [ 162.396475] ? kasan_unpoison_shadow+0x35/0x50 [ 162.401050] ? kasan_kmalloc+0xc4/0xe0 [ 162.404926] ? __netlink_sendskb+0xd0/0xd0 [ 162.409150] ? __kmalloc_node_track_caller+0x47/0x70 [ 162.414248] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 162.419773] ? __alloc_skb+0x4c6/0x770 [ 162.423647] ? skb_scrub_packet+0x490/0x490 [ 162.427967] ? __sanitizer_cov_trace_const_cmp8+0x10/0x20 [ 162.433494] ? atomic_notifier_call_chain+0xf1/0x190 [ 162.438596] nlmsg_notify+0xa0/0x1a0 [ 162.442304] rtnl_notify+0xce/0xf0 [ 162.445832] rtmsg_fib+0x369/0x4d0 [ 162.449360] fib_table_insert+0x7a8/0x17a0 [ 162.453588] ? fib_table_lookup+0x24a0/0x24a0 [ 162.458082] ? trace_hardirqs_on+0xd/0x10 [ 162.462215] ? kasan_unpoison_shadow+0x35/0x50 [ 162.466782] ? kasan_kmalloc+0xc4/0xe0 [ 162.470655] fib_magic.isra.22+0x66b/0x890 [ 162.474979] ? fib_new_table+0x490/0x490 [ 162.479033] ? lock_acquire+0x1e4/0x540 [ 162.482993] ? blocking_notifier_call_chain+0x129/0x190 [ 162.488370] fib_add_ifaddr+0x17a/0x500 [ 162.492334] ? lock_release+0xa30/0xa30 [ 162.496296] fib_inetaddr_event+0x172/0x222 [ 162.500604] notifier_call_chain+0x180/0x390 [ 162.505000] ? unregister_die_notifier+0x20/0x20 [ 162.509746] ? __x64_sys_ioctl+0x73/0xb0 [ 162.513801] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 162.519159] blocking_notifier_call_chain+0x147/0x190 [ 162.524337] ? srcu_init_notifier_head+0xa0/0xa0 [ 162.529084] ? rtmsg_ifa+0x14e/0x1e0 [ 162.532784] __inet_insert_ifa+0x858/0xba0 [ 162.537011] ? refcount_add_not_zero_checked+0x330/0x330 [ 162.542445] ? __inet_del_ifa+0xbd0/0xbd0 [ 162.546578] ? rtnl_is_locked+0xb5/0xf0 [ 162.550538] ? rtnl_trylock+0x20/0x20 [ 162.554328] devinet_ioctl+0x1460/0x1d90 [ 162.558378] ? inet_ifa_byprefix+0x240/0x240 [ 162.562775] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 162.568307] inet_ioctl+0x18b/0x360 [ 162.571925] ? inet_stream_connect+0xa0/0xa0 [ 162.576325] ? _parse_integer+0x190/0x190 [ 162.580463] ? lock_release+0xa30/0xa30 [ 162.584430] ? check_same_owner+0x340/0x340 [ 162.588744] ? __check_object_size+0xa3/0x5d7 [ 162.593234] sock_do_ioctl+0xe4/0x3e0 [ 162.597027] ? __fget+0x4ac/0x740 [ 162.600475] ? compat_ifr_data_ioctl+0x170/0x170 [ 162.605228] ? lock_release+0xa30/0xa30 [ 162.609193] ? pid_task+0x115/0x200 [ 162.612805] ? find_vpid+0xf0/0xf0 [ 162.616334] ? __f_unlock_pos+0x19/0x20 [ 162.620296] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 162.625472] sock_ioctl+0x30d/0x680 [ 162.629084] ? dlci_ioctl_set+0x40/0x40 [ 162.633053] ? ksys_dup3+0x690/0x690 [ 162.636757] ? kasan_check_write+0x14/0x20 [ 162.640983] ? __mutex_unlock_slowpath+0x197/0x8c0 [ 162.645904] ? fsnotify+0xbac/0x14e0 [ 162.649606] ? vfs_write+0x2f3/0x560 [ 162.653309] ? dlci_ioctl_set+0x40/0x40 [ 162.657269] do_vfs_ioctl+0x1de/0x1720 [ 162.661147] ? fsnotify_first_mark+0x350/0x350 [ 162.665716] ? __fsnotify_parent+0xcc/0x420 [ 162.670027] ? ioctl_preallocate+0x300/0x300 [ 162.674421] ? __fget_light+0x2f7/0x440 [ 162.678385] ? fget_raw+0x20/0x20 [ 162.681827] ? __sb_end_write+0xac/0xe0 [ 162.685794] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 162.691316] ? fput+0x130/0x1a0 [ 162.694593] ? ksys_write+0x1ae/0x260 [ 162.698383] ? security_file_ioctl+0x94/0xc0 [ 162.702776] ksys_ioctl+0xa9/0xd0 [ 162.706223] __x64_sys_ioctl+0x73/0xb0 [ 162.710098] do_syscall_64+0x1b9/0x820 [ 162.713971] ? finish_task_switch+0x1d3/0x870 [ 162.718463] ? syscall_return_slowpath+0x5e0/0x5e0 [ 162.723387] ? syscall_return_slowpath+0x31d/0x5e0 [ 162.728306] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 162.733311] ? prepare_exit_to_usermode+0x291/0x3b0 [ 162.738313] ? perf_trace_sys_enter+0xb10/0xb10 [ 162.742970] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 162.747805] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 162.752976] RIP: 0033:0x455ab9 [ 162.756147] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 162.775318] RSP: 002b:00007f2865266c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 20:42:40 executing program 6: r0 = socket$inet6(0xa, 0x1, 0x0) connect$inet6(r0, &(0x7f0000000240)={0xa, 0x0, 0x0, @local}, 0x1c) [ 162.783016] RAX: ffffffffffffffda RBX: 00007f28652676d4 RCX: 0000000000455ab9 [ 162.790533] RDX: 0000000020000000 RSI: 0000000000008916 RDI: 0000000000000013 [ 162.797807] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 162.805066] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000014 [ 162.812329] R13: 00000000004bfc03 R14: 00000000004cf4d8 R15: 0000000000000008 [ 162.825432] binder_alloc: 8989: binder_alloc_buf, no vma [ 162.831062] binder: 8989:9031 transaction failed 29189/-3, size 0-0 line 2967 20:42:41 executing program 2: preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000080)=""/148, 0x289}], 0x1, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/arp\x00') preadv(r0, &(0x7f0000000480), 0x10000000000002a1, 0x10400003) ioctl$TUNGETSNDBUF(0xffffffffffffffff, 0x800454d3, &(0x7f0000000000)) ioctl$PERF_EVENT_IOC_RESET(0xffffffffffffffff, 0x2403, 0x5) fcntl$setown(r0, 0x8, 0x0) r1 = epoll_create1(0x80006) r2 = socket(0x1d, 0x0, 0x1116) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r2, &(0x7f0000000000)={0xfffffffe8000201f}) setsockopt$inet_udp_int(r2, 0x11, 0x6f, &(0x7f0000000100)=0x7, 0x4) pipe(&(0x7f0000000040)={0xffffffffffffffff}) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r1, &(0x7f0000000540)={0x20000003}) ioctl$sock_netdev_private(r3, 0x89f0, &(0x7f0000000480)="dd6c4aae95babf1ba2cec8b824c3d8fd5e5e2a57f332e1c96456a1d00ea4ce51a18b3bfae24dc491ada880e92ffe5376d59852e5ee1b2cde661cadfb31d0a597bb36b5180ca4958e224ea71a6b099d1592d459f4f498fce378ebf9ec4774f407b189a23bfebadf74943b2858f72fd422c838df1af095ff") ioctl$BLKSECDISCARD(r3, 0x127d, &(0x7f0000000300)=0x6bb) r4 = perf_event_open(&(0x7f0000000140)={0x2, 0xb1, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) fcntl$getown(r4, 0x9) r5 = mq_open(&(0x7f00005a1ffb)='eth0\x00', 0x42, 0x0, &(0x7f0000000000)={0x0, 0x6, 0x4}) mq_notify(r5, &(0x7f0000000140)={0x0, 0x2e, 0x1, @thr={&(0x7f0000000040)="7be4d6b00202ca53878499e01146863a2e7c8ca45e1910e5eba6453bb6f234b5a1b1bca731970a74bfc8e1793749ea18156c9b8a615bfa2f506fcf44060d36e38f66f111149434d5139e416358ea33f34b4507cdc299f7868d5f186e6bd604", &(0x7f00000000c0)="3c5d8da40d1477844fc4c160b6004a90edc520a6935a49cf5da4c2b525d13146ed27d429c762a4b0e9aaed82555cd1ae800d"}}) r6 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rtc0\x00', 0x101004, 0x0) preadv(r6, &(0x7f0000000440)=[{&(0x7f0000000340)=""/249, 0xf9}], 0x1, 0x0) pipe2(&(0x7f0000000580)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) ioctl$SG_GET_PACK_ID(r7, 0x227c, &(0x7f00000005c0)) ppoll(&(0x7f00000001c0)=[{r5, 0x8000}, {r6, 0x420}], 0x2, &(0x7f0000000200)={0x77359400}, &(0x7f0000000240)={0x9}, 0x8) mq_timedsend(r5, &(0x7f00000e6000), 0x0, 0xe7, &(0x7f0000e0b000)) 20:42:41 executing program 1: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000140)=0x78, 0x4) bind$inet(r0, &(0x7f0000deb000)={0x2, 0x4e23, @broadcast}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000b86000)={0x1, &(0x7f0000f40ff8)=[{0x0, 0x0, 0x0, 0xe8}]}, 0x10) sendto$inet(r0, &(0x7f0000a88f88), 0x29f, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @loopback}, 0x10) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000100), 0x921b527a62bfd8af) write$binfmt_elf64(r0, &(0x7f0000001cc0)=ANY=[@ANYBLOB="7f454c4600000000000000000000000000000000000000000000071ef4b800004000000000000000000000000000000000000000000038000000000000000000000000000000000000000000000000000000000000000000000000000000000000f7df3d14eedbc8e1060000000000000300000000000000d0170000000000000000000000000000000000000000000000000000000000000000000000000000c67e9b79000000000000000000000000000000020000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000004000000000000fcff00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000bb967801d0c2e0b100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000fdffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e02fe28e2e1816b82c516633c667fc5600000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"], 0x439) recvmsg(r0, &(0x7f0000000240)={&(0x7f0000000040)=@nfc, 0x80, &(0x7f00000001c0)=[{&(0x7f0000003ac0)=""/4096, 0x1000}], 0x1, &(0x7f0000000200)=""/20, 0x14}, 0x100) write$binfmt_elf64(r0, &(0x7f0000002900)=ANY=[@ANYBLOB="7f454c4600250000050000000000000003003e00060000002c010000000000004000000000000000e1000000000000000500000087003800020002000700ea000200007001000000ea0a000000000000f7ffffffffffffff00000000ffffffff00000000000000000100000001000000010000000000000001000070040000000500000000000000000000000000000005000000000000000100000001000000ff0f00000000000000fcfffffffffffff423273d395b5dfe49a633eb0eb0263328129db30c89d614ca312379424593d1149401363a977a2b10bc8394762bab422771360aa38dc889b26829f721e3098b0fdf04911af0a6a16e0ab5b5bb1e2227df0cb7b403be567ea3b9adef738dd4b7efbd9e56dfc0dc488a064d4ad246d477bc8fedb6c1f6cdb1469e544a6ac9afa9987b94c8d1209a41a79416931a8f43bd761418a2c47221a2a4d6bee2592cd6eab8fa3ac582965b48d68fb1dde708c9901874b0f1628c0adb0dc15872d102a327e9f073a52942892de4cc87c25e76cde841dd1e09db3f59955450018b682981af9bf3133a11fbf7915b41105bd663e6f7116777b3cb43f260d25a06d22119ca7674f7d9eeb496cccae5ea73758600072b6f0c2a39d824fa2001cb9377fbc132be60c8b0bf6ac0a892b355685d62cb7077a1e889c359d7bfc544111c6ca232e6c6593a0b8f085567b065536d649fea6d4e202254fc1a0dedba780af208b0457ed33958cfd97c0155f59b06d997423bb3b6f3d5e01c8b74030434cacb0e50dcc661aff03a72021b6011f6ff05f6070f0bcb7d75cbf1668562cd6599dcf1eac792c47370ac83b2730215d9955f6fa81f59d3209fbaf52f41f8c413432d976fe6eb3ae98661de6250e09bcf7b82d0492b349ca022abade27ee2d41aa83ba7d2ed5193dda7e9c78769b1430e5a171e12e0fa1d057e1aef4b856ab0f2dabc8b207f09d78e1f83461ccac0b2558732ea70d369973971d2c6d94081f33308b1e4b27a2ce6f45838809407045aa63b6219d82564c7323f73bfc2260fd95e5e8eeca550b29adcca477de69469764858d7aa3ab8afd99e883c43dacae12ac88e7fea5a99df90755e5caf59185794ed6419a22fe36d9070ed6558b090cb871914491e2a135047b729107896b784bf87c941f7b993033898b993c83b8bcec93aed20e900921e8c8e716321ad5664665e7f89839258d1477a2e8fceaa9280b9c9dc53b5ed4ad907c3942d8fac1eff961bf3040ae0faed3985bccc35551fdfcd52907750828fc988e60aec5b577af9769cebc8d6e87a826826f8362c84fe7ec9e6d3cc39c1b6b6b9005eaaf0d9037fa576757018d3f60fbab576284cd7343e70a4b8143dc67e94c1090b737611c4b25bf0da519eeb0046b4a953cf0669d6e52264827bbbae2c7565529a68f46f5e1a23137059867d0192caf6b22e2d74f8fbe12a139bc90a0d12b6acc0a106ba4fc2baf87c254bb540835206fc5f63dbc82581cec68813c331af00086cae971610587c4683d5f1e329a0595d73a4489b1ea23c331ca752bfd46de13faee26e7e2e9b11dd7151883ac8112c0ba049070bcf00881cc0a37395f1a102cddda4b0b903b0233461e70254e6a75b9c29c02fce51b630d5cd58867e5f8e5b47fdb2fb53e0b9485f1079ddb39d7b3ef5d8d37be9a08714575e454274581a8ad758ba53da3546b9d12e9b5dbcfebf31f84016558a9db7c53dec27895d69fa1a34e4b5b856f4d0974a9dd4031e28632a245b921a576f1a19f47d7ba08e9ca94a7ae46c89b379d90e0dfdcffb790586d920ea79f94af735aa51695dfe0c9c73a44b277e877b473b43f5c3a960d7c5e22678ab3f7cf46bdf23cbbd31df613827f8e23f7b2c71be25eab7dbd56f7b426b784583ec97db1659afc521a84e709cd879f8e5afe7ff03ffcd05c29b92ad59b3fe569e0b92c7978630ff418af3b81e35a19df805a2b89b9b87a13109c19ea941e9b9f6ee1c47708870abfda2debce7eae0f356bc896a5a207f6bc3ed4186117e1ae9b861d3a9a94520a6df99fd700c6fc3b82467a1257c2040dd34b2fb30c032224e6b864900f93168e387edaeeedaebf8b7b40d4caaa97c85229e63770ced3382013fd11010d0ee46333666aaec98aacc511c92be9e55eee400c74ab4614552624ad88f5d63b6f87e85826ee7cf6f15418f9712c6d07f36a54f097d9bc48b3035ae569af4753e7831dc520fe4726d0c96d0cb7b45e5ca5002884d38ed8e8ead8d4a7da76f9bcfd848fd27345bec7dd4356ef7b11a0cd3113bd9d9bd72597daf8e25b987b6a17329b9c581e7e647eddd060553fd6e6d90bc07ffc5ca9eb6e9ce36aa545ac0f6e242e381282522481668f05909a69db9c8f417ce2406fb727c11fa8ed3ec6f0c7fed51414f3286075c414753979f58a70d97539c1215ad15f4f2bdc9cb27e00245bb2291f767d4c581387a63022c727026043c0180a848edd1c3fffff21c3fe0b11c65caca8941959536882277e3dc9e61da52527a24e2d79a497a80b33b24f1ca184d56ad13194867d7a0a424977b5f256a4643460a03007ccf2abb042c6a8f357e8c67298f4ee68fa10d82aeec9c63884f43927692db04bfa6651a630ff1e945d5c2ceb1552d0cd69830f257e5d2b500e4447f03edc78938d82871b7075be875dee546cd23ae617356f51fe8f1fb11417e63a436d7ca0ecd22fab3719ab5b4a4fa0ac2b6a44002fdddb61f7d6fe2beac291455b144cff1da4cb487c430a42cd6dee2b07525362b5bdeb3abf2a393823dddf4567d7a6ac785662eb272ea9ea223e0d63a2d027fc3bfa6da9c1537a5c207c9f2495bd45eee778875ba641ceb2007000000000000000e0baea56d0b4247f12ebb7cf6ee0e64b0d521c8636ca845287f752adfde004e37bee0451540bcabf455b43233e287e4ce36ebbf2cf0aa8325b72b90c40cc5bdf77f66b07bf5423a80409e1e95424e2d63c09e621354d87d29d28758c290f29746e00e72e1f6ee9fc93841a7a4ec7420c1d78c09f9355b41c5b6a2e94d84218428a4e4e40bcab84f0cdc9a230101146a11e1f36367b4b5f21e76b5e58c31aec27a47e7ce6c22d29c3f03d0515199b541750e92718c53542cb8c0e4202c89b5bc2a4e3cd4fd1e33ba846b2d2d1c94d2e73327b1d327fe80ff1113634e2e94769b97a1088c2f00001fd26ffbf3b4b82036e960a01efd1eecb0e4cff79c5943cb7f3390757f2ebaa20ac131cddf19065dad03237cca7406b5c30228494fe25d1be39d26631795f3b0a16ac6c8c27e37a75bce127c582beed29fe6137efe5ac28a2a89597db794c570055e318e92f17f36e3fcbc68c8233d2f0c433f9e11b2819ade8026682c9c966d13605ba9cfa66d91f8203260ed06d8c53912b2c25be01165ebda24e3b70c4fa4a99c56470ee40080aa92272d6ba4a0906d5b8df7039b82bf83378b78ce124aca8b7944fffdd65bfca51e33614282fb1738dd43c6b95f2bc5e9b24605ff3fb5a06ece40c2c4a86b93acdde534777d47c5196e7ef7d65ff45606324b402aa6b81afa463f63f96bc442cd25a033b7b6feed08de0f00bccb16c439813c6c4b1d1733bb55a6245a9180ec71a7f31631613c60af161f5ef64493b859a6c4baa9e3811250984db538169178a4f4cb4141f72d6a8187c01b7f4e366a28b4fdeef59bb22f6f525c493912a044bd99a3b4b86b2834a4f837d58d4292a22a730b6a2e5ec7bf358c2016326fff4889d5d5e1beec898a3a88d0f4a450d86548a1a9b1cc1bee45e6a4e2c4e09cd69a51d46190755bd42c1e53d4a1f80010da651d6c500a066afa9c98755acf643ff381af66742c6e091746c77e7af7f2583d6d70339ed50e9da34a0aa8820359872132179f087f16cdaf3636688927e39a857a99f911d08406b6addefa9f895f3bff010000eaf4d5a93b9363fa02a4ee9fe8676811004fabc8121f7639e9f92c0d7f796a6355e984d7a85aadc6220847666f8f52c4571516eb1a9fc487e918956411823e1edef555a61ba7d45931457b221bdcc8aaad58e8007497a8866278e0aed68926d3ea9fd96a89ccc89627c86da315c3eb5445bf799df613befe958390660f6c9f7ac02e3187100f18ea3bfacf9662601fc9868329b3524cb8c07850726355bd748f7c51b32e6c4341676cef6af55351e599d196d38d63bf0cd20b85f4bc79a2895b9c5c4d46090b4e1a10394f8ba7201d45d3878dc9b3e7ec3510073424b9f936d2af24ffbb86ffd499"], 0xbc7) ioctl$KDDISABIO(0xffffffffffffffff, 0x4b37) 20:42:41 executing program 0 (fault-call:2 fault-nth:9): r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCSIFADDR(r0, 0x8916, &(0x7f00000000c0)={'bond_slave_0\x00'}) ioctl$sock_inet_SIOCSIFADDR(r0, 0x8916, &(0x7f0000000000)={'bond_slave_0\x00', {0x2, 0x0, @local}}) 20:42:41 executing program 4: preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000080)=""/148, 0x289}], 0x1, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/arp\x00') preadv(r0, &(0x7f0000000480), 0x10000000000002a1, 0x10400003) ioctl$TUNGETSNDBUF(0xffffffffffffffff, 0x800454d3, &(0x7f0000000000)) ioctl$PERF_EVENT_IOC_RESET(0xffffffffffffffff, 0x2403, 0x5) r1 = epoll_create1(0x80006) r2 = socket(0x1d, 0x0, 0x1116) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r2, &(0x7f0000000000)={0xfffffffe8000201f}) setsockopt$inet_udp_int(r2, 0x11, 0x6f, &(0x7f0000000100)=0x7, 0x4) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r1, &(0x7f0000000540)={0x20000003}) ioctl$sock_netdev_private(r3, 0x89f0, &(0x7f0000000480)="dd6c4aae95babf1ba2cec8b824c3d8fd5e5e2a57f332e1c96456a1d00ea4ce51a18b3bfae24dc491ada880e92ffe5376d59852e5ee1b2cde661cadfb31d0a597bb36b5180ca4958e224ea71a6b099d1592d459f4f498fce378ebf9ec4774f407b189a23bfebadf74943b2858f72fd422c838df1af095ff") ioctl$BLKSECDISCARD(r3, 0x127d, &(0x7f0000000300)=0x6bb) r5 = perf_event_open(&(0x7f0000000140)={0x2, 0xb1, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) fcntl$getown(r5, 0x9) r6 = mq_open(&(0x7f00005a1ffb)='eth0\x00', 0x42, 0x0, &(0x7f0000000000)={0x0, 0x6, 0x4}) mq_notify(r6, &(0x7f0000000140)={0x0, 0x2e, 0x1, @thr={&(0x7f0000000040)="7be4d6b00202ca53878499e01146863a2e7c8ca45e1910e5eba6453bb6f234b5a1b1bca731970a74bfc8e1793749ea18156c9b8a615bfa2f506fcf44060d36e38f66f111149434d5139e416358ea33f34b4507cdc299f7868d5f186e6bd604", &(0x7f00000000c0)="3c5d8da40d1477844fc4c160b6004a90edc520a6935a49cf5da4c2b525d13146ed27d429c762a4b0e9aaed82555cd1ae800d"}}) r7 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rtc0\x00', 0x101004, 0x0) preadv(r7, &(0x7f0000000440)=[{&(0x7f0000000340)=""/249, 0xf9}], 0x1, 0x0) pipe2(&(0x7f0000000580)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) ioctl$SG_GET_PACK_ID(r8, 0x227c, &(0x7f00000005c0)) ppoll(&(0x7f00000001c0)=[{r6, 0x8000}, {r7, 0x420}], 0x2, &(0x7f0000000200)={0x77359400}, &(0x7f0000000240)={0x9}, 0x8) mq_timedsend(r6, &(0x7f00000e6000), 0x0, 0xe7, &(0x7f0000e0b000)) getsockopt$inet_udp_int(r3, 0x11, 0x1, &(0x7f0000000280), &(0x7f0000000640)=0x4) write$eventfd(r4, &(0x7f00000002c0)=0x43, 0x8) setsockopt$inet_mreq(r2, 0x0, 0x23, &(0x7f0000000500)={@local, @rand_addr=0x800}, 0x8) syz_genetlink_get_family_id$team(&(0x7f0000000780)='team\x00') 20:42:41 executing program 6: r0 = socket$inet6(0xa, 0x1, 0x0) connect$inet6(r0, &(0x7f0000000240)={0xa, 0x0, 0x0, @local}, 0x1c) 20:42:41 executing program 1: r0 = memfd_create(&(0x7f0000033ff3)='\x00', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000027ff3)='/dev/snd/seq\x00', 0x0, 0x20005) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000037000)={0x0, 0x0, 0x0, "9ede7a8c5ae95e48000000000000007f4f13eeab65c0322901dc6bd36cde2c51f01b7f0b014f9f91eeb7c37c7240f476c8d753d000aa0500000074dbcfa6dc4d"}) write$sndseq(r0, &(0x7f0000000040)=[{0x8, 0x3, 0x0, 0x0, @tick=0xfffffffffffffffd, {}, {}, @ext={0x0, &(0x7f0000038ffe)}}], 0x1c) write$tun(r2, &(0x7f0000000000)={@void, @void, @arp=@ether_ipv4={0x1, 0x800, 0x6, 0x4, 0x0, @empty, @remote, @empty, @multicast1}}, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r1, 0x4040534e, &(0x7f0000000080)={0x4a48b125e13656f}) [ 162.938741] FAULT_INJECTION: forcing a failure. [ 162.938741] name failslab, interval 1, probability 0, space 0, times 0 [ 162.950113] CPU: 1 PID: 9041 Comm: syz-executor0 Not tainted 4.18.0-rc5-next-20180720+ #12 [ 162.958533] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 162.961485] binder: undelivered TRANSACTION_ERROR: 29189 [ 162.967907] Call Trace: [ 162.967931] dump_stack+0x1c9/0x2b4 [ 162.967950] ? dump_stack_print_info.cold.2+0x52/0x52 [ 162.967962] ? save_stack+0xa9/0xd0 20:42:41 executing program 7: r0 = syz_open_dev$binder(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000000c0)={0x4, 0x0, &(0x7f0000000100)=[@register_looper], 0x1, 0x6c000000, &(0x7f0000000280)='\b'}) r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000008fd0)={0x4c, 0x0, &(0x7f0000000140)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000100)}}}], 0x0, 0x0, &(0x7f0000fedffe)}) 20:42:41 executing program 6: r0 = socket$inet6(0xa, 0x1, 0x0) connect$inet6(r0, &(0x7f0000000240)={0xa, 0x0, 0x0, @local}, 0x1c) [ 162.967977] ? save_stack+0x43/0xd0 [ 162.992104] should_fail.cold.4+0xa/0x11 [ 162.996191] ? fib_table_insert+0x7a8/0x17a0 [ 163.000654] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 163.005772] ? devinet_ioctl+0x1460/0x1d90 [ 163.010028] ? inet_ioctl+0x18b/0x360 [ 163.013849] ? sock_do_ioctl+0xe4/0x3e0 [ 163.017838] ? sock_ioctl+0x30d/0x680 [ 163.021689] ? do_vfs_ioctl+0x1de/0x1720 [ 163.025871] ? ksys_ioctl+0xa9/0xd0 [ 163.029516] ? __x64_sys_ioctl+0x73/0xb0 [ 163.033609] ? do_syscall_64+0x1b9/0x820 20:42:41 executing program 6: setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x1000000000021, &(0x7f00000005c0)=0x1, 0x4) connect$inet6(0xffffffffffffffff, &(0x7f0000000240)={0xa, 0x0, 0x0, @local}, 0x1c) [ 163.035260] binder: 9053:9054 ERROR: BC_REGISTER_LOOPER called without request [ 163.037702] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 163.037722] ? kasan_check_write+0x14/0x20 [ 163.037741] ? do_raw_spin_lock+0xc1/0x200 [ 163.058915] ? trace_hardirqs_off+0xd/0x10 [ 163.059005] binder: 9053:9054 transaction failed 29189/-22, size 0-0 line 2852 [ 163.063154] ? _raw_spin_unlock_irqrestore+0x63/0xc0 [ 163.063169] ? debug_check_no_obj_freed+0x30b/0x595 [ 163.063190] ? lock_acquire+0x1e4/0x540 [ 163.063204] ? fs_reclaim_acquire+0x20/0x20 20:42:41 executing program 6: setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x1000000000021, &(0x7f00000005c0)=0x1, 0x4) connect$inet6(0xffffffffffffffff, &(0x7f0000000240)={0xa, 0x0, 0x0, @local}, 0x1c) 20:42:41 executing program 7: r0 = syz_open_dev$binder(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000000c0)={0x4, 0x0, &(0x7f0000000100)=[@register_looper], 0x1, 0x6c000000, &(0x7f0000000280)='\b'}) r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000008fd0)={0x4c, 0x0, &(0x7f0000000140)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000100)}}}], 0x0, 0x0, &(0x7f0000fedffe)}) [ 163.063216] ? lock_downgrade+0x8f0/0x8f0 [ 163.063234] ? check_same_owner+0x340/0x340 [ 163.089219] binder: undelivered TRANSACTION_ERROR: 29189 [ 163.093111] ? rcu_note_context_switch+0x730/0x730 [ 163.093124] ? do_raw_spin_lock+0xc1/0x200 [ 163.093141] __should_failslab+0x124/0x180 [ 163.093154] should_failslab+0x9/0x14 [ 163.093166] __kmalloc+0x2c8/0x760 [ 163.093179] ? alloc_skb_with_frags+0x7d0/0x7d0 [ 163.093194] ? __wake_up_common+0x740/0x740 [ 163.132623] ? fib_create_info+0x9b1/0x45e0 [ 163.136965] fib_create_info+0x9b1/0x45e0 [ 163.141140] ? netlink_broadcast_filtered+0x7e5/0x1620 [ 163.142699] binder: 9061:9062 ERROR: BC_REGISTER_LOOPER called without request [ 163.146427] ? kasan_unpoison_shadow+0x35/0x50 [ 163.146446] ? trace_hardirqs_on+0x10/0x10 [ 163.146462] ? fib_info_update_nh_saddr+0x300/0x300 [ 163.146481] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 163.146497] ? __alloc_skb+0x4c6/0x770 [ 163.159333] binder: 9061:9062 transaction failed 29189/-22, size 0-0 line 2852 [ 163.162648] ? skb_scrub_packet+0x490/0x490 [ 163.162667] ? __sanitizer_cov_trace_const_cmp8+0x10/0x20 [ 163.162685] ? atomic_notifier_call_chain+0xf1/0x190 [ 163.162705] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 163.168734] binder: undelivered TRANSACTION_ERROR: 29189 [ 163.173240] ? nlmsg_notify+0xc4/0x1a0 [ 163.173257] ? rtnl_notify+0xce/0xf0 [ 163.173274] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 163.173287] ? fib_get_table+0x274/0x350 [ 163.173298] ? __fib_validate_source+0x1f10/0x1f10 [ 163.173316] fib_table_insert+0x1c1/0x17a0 [ 163.236282] ? fib_new_table+0xc0/0x490 [ 163.240279] ? fib_table_lookup+0x24a0/0x24a0 [ 163.244794] ? trace_hardirqs_on+0xd/0x10 [ 163.248954] ? kasan_unpoison_shadow+0x35/0x50 [ 163.253562] ? kasan_kmalloc+0xc4/0xe0 [ 163.257467] fib_magic.isra.22+0x66b/0x890 [ 163.261753] ? fib_new_table+0x490/0x490 [ 163.265931] ? lock_acquire+0x1e4/0x540 [ 163.269969] ? blocking_notifier_call_chain+0x129/0x190 [ 163.275383] fib_add_ifaddr+0x40d/0x500 [ 163.279379] fib_inetaddr_event+0x172/0x222 [ 163.283725] notifier_call_chain+0x180/0x390 [ 163.288152] ? unregister_die_notifier+0x20/0x20 [ 163.292929] ? __x64_sys_ioctl+0x73/0xb0 [ 163.297012] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 163.302402] blocking_notifier_call_chain+0x147/0x190 [ 163.307609] ? srcu_init_notifier_head+0xa0/0xa0 [ 163.312379] ? rtmsg_ifa+0x14e/0x1e0 [ 163.316100] __inet_insert_ifa+0x858/0xba0 [ 163.320346] ? refcount_add_not_zero_checked+0x330/0x330 [ 163.325804] ? __inet_del_ifa+0xbd0/0xbd0 [ 163.329955] ? rtnl_is_locked+0xb5/0xf0 [ 163.333921] ? rtnl_trylock+0x20/0x20 [ 163.337730] devinet_ioctl+0x1460/0x1d90 [ 163.341792] ? inet_ifa_byprefix+0x240/0x240 [ 163.346200] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 163.351734] inet_ioctl+0x18b/0x360 [ 163.355351] ? inet_stream_connect+0xa0/0xa0 [ 163.359753] ? _parse_integer+0x190/0x190 [ 163.363893] ? lock_release+0xa30/0xa30 [ 163.367863] ? check_same_owner+0x340/0x340 [ 163.372198] ? __check_object_size+0xa3/0x5d7 [ 163.376717] sock_do_ioctl+0xe4/0x3e0 [ 163.380507] ? __fget+0x4ac/0x740 [ 163.383964] ? compat_ifr_data_ioctl+0x170/0x170 [ 163.388718] ? lock_release+0xa30/0xa30 [ 163.392687] ? pid_task+0x115/0x200 [ 163.396308] ? find_vpid+0xf0/0xf0 [ 163.399848] ? __f_unlock_pos+0x19/0x20 [ 163.403820] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 163.409017] sock_ioctl+0x30d/0x680 [ 163.412658] ? dlci_ioctl_set+0x40/0x40 [ 163.416639] ? ksys_dup3+0x690/0x690 [ 163.420370] ? kasan_check_write+0x14/0x20 [ 163.424612] ? __mutex_unlock_slowpath+0x197/0x8c0 [ 163.429529] ? fsnotify+0xbac/0x14e0 [ 163.433232] ? vfs_write+0x2f3/0x560 [ 163.436937] ? dlci_ioctl_set+0x40/0x40 [ 163.440926] do_vfs_ioctl+0x1de/0x1720 [ 163.444805] ? fsnotify_first_mark+0x350/0x350 [ 163.449398] ? __fsnotify_parent+0xcc/0x420 [ 163.453730] ? ioctl_preallocate+0x300/0x300 [ 163.458133] ? __fget_light+0x2f7/0x440 [ 163.462112] ? fget_raw+0x20/0x20 [ 163.465567] ? __sb_end_write+0xac/0xe0 [ 163.469529] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 163.475080] ? fput+0x130/0x1a0 [ 163.478355] ? ksys_write+0x1ae/0x260 [ 163.482150] ? security_file_ioctl+0x94/0xc0 [ 163.486568] ksys_ioctl+0xa9/0xd0 [ 163.490041] __x64_sys_ioctl+0x73/0xb0 [ 163.493946] do_syscall_64+0x1b9/0x820 [ 163.497841] ? finish_task_switch+0x1d3/0x870 [ 163.502356] ? syscall_return_slowpath+0x5e0/0x5e0 [ 163.507284] ? syscall_return_slowpath+0x31d/0x5e0 [ 163.512218] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 163.517235] ? prepare_exit_to_usermode+0x291/0x3b0 [ 163.522256] ? perf_trace_sys_enter+0xb10/0xb10 [ 163.526927] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 163.531782] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 163.536967] RIP: 0033:0x455ab9 [ 163.540144] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 163.559372] RSP: 002b:00007f2865266c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 163.567093] RAX: ffffffffffffffda RBX: 00007f28652676d4 RCX: 0000000000455ab9 [ 163.574386] RDX: 0000000020000000 RSI: 0000000000008916 RDI: 0000000000000013 [ 163.581657] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 20:42:42 executing program 5: r0 = socket$inet(0x2, 0x1, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r1, &(0x7f0000011ff0)={0x2, 0x4e20, @multicast2}, 0x10) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000000)='veth0_to_bond\x00', 0x10) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000080)='lo\x00', 0x10) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @multicast2}, 0x10) 20:42:42 executing program 6: setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x1000000000021, &(0x7f00000005c0)=0x1, 0x4) connect$inet6(0xffffffffffffffff, &(0x7f0000000240)={0xa, 0x0, 0x0, @local}, 0x1c) 20:42:42 executing program 7: r0 = syz_open_dev$binder(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000000c0)={0x4, 0x0, &(0x7f0000000100)=[@register_looper], 0x1, 0x6c000000, &(0x7f0000000280)='\b'}) r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000008fd0)={0x4c, 0x0, &(0x7f0000000140)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000100)}}}], 0x0, 0x0, &(0x7f0000fedffe)}) 20:42:42 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) r1 = fcntl$dupfd(r0, 0x0, 0xffffffffffffffff) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e23, @broadcast}, 0x10) sendto$inet(r0, &(0x7f0000a88f88), 0xfffffffffffffe6e, 0x20000000, &(0x7f0000e68000)={0x2, 0x4004e23, @local}, 0x10) shutdown(r1, 0x1) 20:42:42 executing program 1: r0 = socket$inet6(0xa, 0x2, 0x0) r1 = epoll_create(0x1000000000004) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000100)) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast1, 0x4}, 0x1c) sendto(r0, &(0x7f0000000900), 0x0, 0x0, 0x0, 0x0) [ 163.588931] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000014 [ 163.596209] R13: 00000000004bfc03 R14: 00000000004cf4d8 R15: 0000000000000009 [ 163.667134] binder: 9079:9085 ERROR: BC_REGISTER_LOOPER called without request [ 163.707208] binder: 9079:9085 transaction failed 29189/-22, size 0-0 line 2852 [ 163.714926] binder: undelivered TRANSACTION_ERROR: 29189 20:42:42 executing program 2: preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000080)=""/148, 0x289}], 0x1, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/arp\x00') preadv(r0, &(0x7f0000000480), 0x10000000000002a1, 0x10400003) ioctl$TUNGETSNDBUF(0xffffffffffffffff, 0x800454d3, &(0x7f0000000000)) ioctl$PERF_EVENT_IOC_RESET(0xffffffffffffffff, 0x2403, 0x5) fcntl$setown(r0, 0x8, 0x0) r1 = epoll_create1(0x80006) r2 = socket(0x1d, 0x0, 0x1116) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r2, &(0x7f0000000000)={0xfffffffe8000201f}) setsockopt$inet_udp_int(r2, 0x11, 0x6f, &(0x7f0000000100)=0x7, 0x4) pipe(&(0x7f0000000040)={0xffffffffffffffff}) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r1, &(0x7f0000000540)={0x20000003}) ioctl$sock_netdev_private(r3, 0x89f0, &(0x7f0000000480)="dd6c4aae95babf1ba2cec8b824c3d8fd5e5e2a57f332e1c96456a1d00ea4ce51a18b3bfae24dc491ada880e92ffe5376d59852e5ee1b2cde661cadfb31d0a597bb36b5180ca4958e224ea71a6b099d1592d459f4f498fce378ebf9ec4774f407b189a23bfebadf74943b2858f72fd422c838df1af095ff") ioctl$BLKSECDISCARD(r3, 0x127d, &(0x7f0000000300)=0x6bb) r4 = perf_event_open(&(0x7f0000000140)={0x2, 0xb1, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) fcntl$getown(r4, 0x9) r5 = mq_open(&(0x7f00005a1ffb)='eth0\x00', 0x42, 0x0, &(0x7f0000000000)={0x0, 0x6, 0x4}) mq_notify(r5, &(0x7f0000000140)={0x0, 0x2e, 0x1, @thr={&(0x7f0000000040)="7be4d6b00202ca53878499e01146863a2e7c8ca45e1910e5eba6453bb6f234b5a1b1bca731970a74bfc8e1793749ea18156c9b8a615bfa2f506fcf44060d36e38f66f111149434d5139e416358ea33f34b4507cdc299f7868d5f186e6bd604", &(0x7f00000000c0)="3c5d8da40d1477844fc4c160b6004a90edc520a6935a49cf5da4c2b525d13146ed27d429c762a4b0e9aaed82555cd1ae800d"}}) r6 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rtc0\x00', 0x101004, 0x0) preadv(r6, &(0x7f0000000440)=[{&(0x7f0000000340)=""/249, 0xf9}], 0x1, 0x0) pipe2(&(0x7f0000000580)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) ioctl$SG_GET_PACK_ID(r7, 0x227c, &(0x7f00000005c0)) mq_timedsend(r5, &(0x7f00000e6000), 0x0, 0xe7, &(0x7f0000e0b000)) 20:42:42 executing program 0 (fault-call:2 fault-nth:10): r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCSIFADDR(r0, 0x8916, &(0x7f00000000c0)={'bond_slave_0\x00'}) ioctl$sock_inet_SIOCSIFADDR(r0, 0x8916, &(0x7f0000000000)={'bond_slave_0\x00', {0x2, 0x0, @local}}) 20:42:42 executing program 6: r0 = socket$inet6(0xa, 0x0, 0x0) setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f00000005c0)=0x1, 0x4) connect$inet6(r0, &(0x7f0000000240)={0xa, 0x0, 0x0, @local}, 0x1c) 20:42:42 executing program 4: preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000080)=""/148, 0x289}], 0x1, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/arp\x00') preadv(r0, &(0x7f0000000480), 0x10000000000002a1, 0x10400003) ioctl$TUNGETSNDBUF(0xffffffffffffffff, 0x800454d3, &(0x7f0000000000)) fcntl$setown(r0, 0x8, 0x0) r1 = epoll_create1(0x80006) r2 = socket(0x1d, 0x0, 0x1116) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r2, &(0x7f0000000000)={0xfffffffe8000201f}) setsockopt$inet_udp_int(r2, 0x11, 0x6f, &(0x7f0000000100)=0x7, 0x4) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r1, &(0x7f0000000540)={0x20000003}) ioctl$sock_netdev_private(r3, 0x89f0, &(0x7f0000000480)="dd6c4aae95babf1ba2cec8b824c3d8fd5e5e2a57f332e1c96456a1d00ea4ce51a18b3bfae24dc491ada880e92ffe5376d59852e5ee1b2cde661cadfb31d0a597bb36b5180ca4958e224ea71a6b099d1592d459f4f498fce378ebf9ec4774f407b189a23bfebadf74943b2858f72fd422c838df1af095ff") ioctl$BLKSECDISCARD(r3, 0x127d, &(0x7f0000000300)=0x6bb) r5 = perf_event_open(&(0x7f0000000140)={0x2, 0xb1, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) fcntl$getown(r5, 0x9) r6 = mq_open(&(0x7f00005a1ffb)='eth0\x00', 0x42, 0x0, &(0x7f0000000000)={0x0, 0x6, 0x4}) mq_notify(r6, &(0x7f0000000140)={0x0, 0x2e, 0x1, @thr={&(0x7f0000000040)="7be4d6b00202ca53878499e01146863a2e7c8ca45e1910e5eba6453bb6f234b5a1b1bca731970a74bfc8e1793749ea18156c9b8a615bfa2f506fcf44060d36e38f66f111149434d5139e416358ea33f34b4507cdc299f7868d5f186e6bd604", &(0x7f00000000c0)="3c5d8da40d1477844fc4c160b6004a90edc520a6935a49cf5da4c2b525d13146ed27d429c762a4b0e9aaed82555cd1ae800d"}}) r7 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rtc0\x00', 0x101004, 0x0) preadv(r7, &(0x7f0000000440)=[{&(0x7f0000000340)=""/249, 0xf9}], 0x1, 0x0) pipe2(&(0x7f0000000580)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) ioctl$SG_GET_PACK_ID(r8, 0x227c, &(0x7f00000005c0)) ppoll(&(0x7f00000001c0)=[{r6, 0x8000}, {r7, 0x420}], 0x2, &(0x7f0000000200)={0x77359400}, &(0x7f0000000240)={0x9}, 0x8) mq_timedsend(r6, &(0x7f00000e6000), 0x0, 0xe7, &(0x7f0000e0b000)) getsockopt$inet_udp_int(r3, 0x11, 0x1, &(0x7f0000000280), &(0x7f0000000640)=0x4) write$eventfd(r4, &(0x7f00000002c0)=0x43, 0x8) setsockopt$inet_mreq(r2, 0x0, 0x23, &(0x7f0000000500)={@local, @rand_addr=0x800}, 0x8) syz_genetlink_get_family_id$team(&(0x7f0000000780)='team\x00') 20:42:42 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r1, &(0x7f00001fefe4)={0xa, 0x4e22}, 0x1c) listen(r1, 0x0) sendto$inet6(r0, &(0x7f0000f6f000), 0x0, 0x20000004, &(0x7f0000cc7fe4)={0xa, 0x4e22}, 0x1c) recvmsg(r0, &(0x7f0000000300)={&(0x7f0000000000)=@nfc_llcp, 0x80, &(0x7f0000000240), 0x0, &(0x7f0000000280)=""/110, 0x6e}, 0x0) close(r0) accept4(r1, &(0x7f0000c71000)=@alg, &(0x7f0000715ffc)=0x64, 0x0) sendto(r0, &(0x7f0000001780)=' ', 0x1, 0x0, &(0x7f0000001800)=@pptp={0x18, 0x2, {0x0, @local}}, 0x80) 20:42:42 executing program 5: r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000040)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1}) ioctl$UFFDIO_REGISTER(r0, 0xc028aa03, &(0x7f0000000240)={{&(0x7f00005e3000/0x800000)=nil, 0x8150000}, 0x200000}) 20:42:42 executing program 7: r0 = syz_open_dev$binder(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f00000000c0)={0x4, 0x0, &(0x7f0000000100)=[@register_looper], 0x1, 0x6c000000, &(0x7f0000000280)='\b'}) r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000008fd0)={0x4c, 0x0, &(0x7f0000000140)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000100)}}}], 0x0, 0x0, &(0x7f0000fedffe)}) 20:42:42 executing program 6: r0 = socket$inet6(0xa, 0x0, 0x0) setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f00000005c0)=0x1, 0x4) connect$inet6(r0, &(0x7f0000000240)={0xa, 0x0, 0x0, @local}, 0x1c) [ 163.913082] FAULT_INJECTION: forcing a failure. [ 163.913082] name failslab, interval 1, probability 0, space 0, times 0 [ 163.924389] CPU: 1 PID: 9098 Comm: syz-executor0 Not tainted 4.18.0-rc5-next-20180720+ #12 [ 163.932808] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 163.941436] binder: undelivered TRANSACTION_COMPLETE [ 163.942164] Call Trace: [ 163.942188] dump_stack+0x1c9/0x2b4 [ 163.942205] ? dump_stack_print_info.cold.2+0x52/0x52 [ 163.942223] ? fib_create_info+0x31b3/0x45e0 [ 163.963140] should_fail.cold.4+0xa/0x11 [ 163.965560] binder: undelivered transaction 128, process died. [ 163.967217] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 163.967242] ? fib_info_update_nh_saddr+0x300/0x300 [ 163.967266] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 163.989209] ? __alloc_skb+0x4c6/0x770 [ 163.993117] ? lock_acquire+0x1e4/0x540 [ 163.997076] ? fs_reclaim_acquire+0x20/0x20 [ 164.001407] ? lock_downgrade+0x8f0/0x8f0 [ 164.005567] ? check_same_owner+0x340/0x340 [ 164.009878] ? rcu_note_context_switch+0x730/0x730 [ 164.014799] __should_failslab+0x124/0x180 [ 164.019027] should_failslab+0x9/0x14 [ 164.022820] kmem_cache_alloc+0x2af/0x760 [ 164.028074] ? __fib_validate_source+0x1f10/0x1f10 [ 164.032996] fib_table_insert+0x411/0x17a0 [ 164.037224] ? fib_table_lookup+0x24a0/0x24a0 [ 164.041707] ? trace_hardirqs_on+0xd/0x10 [ 164.045859] ? kasan_unpoison_shadow+0x35/0x50 [ 164.050429] ? kasan_kmalloc+0xc4/0xe0 [ 164.054308] fib_magic.isra.22+0x66b/0x890 [ 164.058531] ? fib_new_table+0x490/0x490 [ 164.062586] ? lock_acquire+0x1e4/0x540 [ 164.066567] ? blocking_notifier_call_chain+0x129/0x190 [ 164.071923] fib_add_ifaddr+0x40d/0x500 [ 164.075887] fib_inetaddr_event+0x172/0x222 [ 164.080202] notifier_call_chain+0x180/0x390 [ 164.084599] ? unregister_die_notifier+0x20/0x20 [ 164.089340] ? __x64_sys_ioctl+0x73/0xb0 [ 164.093398] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 164.098755] blocking_notifier_call_chain+0x147/0x190 [ 164.103936] ? srcu_init_notifier_head+0xa0/0xa0 [ 164.108702] ? rtmsg_ifa+0x14e/0x1e0 [ 164.112407] __inet_insert_ifa+0x858/0xba0 [ 164.116635] ? refcount_add_not_zero_checked+0x330/0x330 [ 164.122079] ? __inet_del_ifa+0xbd0/0xbd0 [ 164.126222] ? rtnl_is_locked+0xb5/0xf0 [ 164.130183] ? rtnl_trylock+0x20/0x20 [ 164.133980] devinet_ioctl+0x1460/0x1d90 [ 164.138035] ? inet_ifa_byprefix+0x240/0x240 [ 164.142438] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 164.147963] inet_ioctl+0x18b/0x360 [ 164.151589] ? inet_stream_connect+0xa0/0xa0 [ 164.155994] ? _parse_integer+0x190/0x190 [ 164.160136] ? lock_release+0xa30/0xa30 [ 164.164101] ? check_same_owner+0x340/0x340 [ 164.168412] ? __check_object_size+0xa3/0x5d7 [ 164.172900] sock_do_ioctl+0xe4/0x3e0 [ 164.176685] ? __fget+0x4ac/0x740 [ 164.180123] ? compat_ifr_data_ioctl+0x170/0x170 [ 164.184870] ? lock_release+0xa30/0xa30 [ 164.188836] ? pid_task+0x115/0x200 [ 164.192454] ? find_vpid+0xf0/0xf0 [ 164.196008] ? __f_unlock_pos+0x19/0x20 [ 164.199980] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 164.205154] sock_ioctl+0x30d/0x680 [ 164.208766] ? dlci_ioctl_set+0x40/0x40 [ 164.212726] ? ksys_dup3+0x690/0x690 [ 164.216430] ? kasan_check_write+0x14/0x20 [ 164.220653] ? __mutex_unlock_slowpath+0x197/0x8c0 [ 164.225568] ? fsnotify+0xbac/0x14e0 [ 164.229270] ? vfs_write+0x2f3/0x560 [ 164.232972] ? dlci_ioctl_set+0x40/0x40 [ 164.236936] do_vfs_ioctl+0x1de/0x1720 [ 164.240814] ? fsnotify_first_mark+0x350/0x350 [ 164.245393] ? __fsnotify_parent+0xcc/0x420 [ 164.249718] ? ioctl_preallocate+0x300/0x300 [ 164.254114] ? __fget_light+0x2f7/0x440 [ 164.258075] ? fget_raw+0x20/0x20 [ 164.261518] ? __sb_end_write+0xac/0xe0 [ 164.265487] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 164.271110] ? fput+0x130/0x1a0 [ 164.274377] ? ksys_write+0x1ae/0x260 [ 164.278165] ? security_file_ioctl+0x94/0xc0 [ 164.282559] ksys_ioctl+0xa9/0xd0 [ 164.285999] __x64_sys_ioctl+0x73/0xb0 [ 164.289888] do_syscall_64+0x1b9/0x820 [ 164.293761] ? finish_task_switch+0x1d3/0x870 [ 164.298244] ? syscall_return_slowpath+0x5e0/0x5e0 [ 164.303162] ? syscall_return_slowpath+0x31d/0x5e0 [ 164.308097] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 164.313119] ? prepare_exit_to_usermode+0x291/0x3b0 [ 164.318130] ? perf_trace_sys_enter+0xb10/0xb10 [ 164.322788] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 164.327637] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 164.332875] RIP: 0033:0x455ab9 [ 164.336051] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 164.355219] RSP: 002b:00007f2865266c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 20:42:43 executing program 7: r0 = syz_open_dev$binder(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f00000000c0)={0x4, 0x0, &(0x7f0000000100)=[@register_looper], 0x1, 0x6c000000, &(0x7f0000000280)='\b'}) r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000008fd0)={0x4c, 0x0, &(0x7f0000000140)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000100)}}}], 0x0, 0x0, &(0x7f0000fedffe)}) [ 164.362921] RAX: ffffffffffffffda RBX: 00007f28652676d4 RCX: 0000000000455ab9 [ 164.370181] RDX: 0000000020000000 RSI: 0000000000008916 RDI: 0000000000000013 [ 164.377440] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 164.384698] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000014 [ 164.391952] R13: 00000000004bfc03 R14: 00000000004cf4d8 R15: 000000000000000a 20:42:43 executing program 6: r0 = socket$inet6(0xa, 0x0, 0x0) setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f00000005c0)=0x1, 0x4) connect$inet6(r0, &(0x7f0000000240)={0xa, 0x0, 0x0, @local}, 0x1c) 20:42:43 executing program 5: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000040)=0x4006, 0x4) sendto$inet6(r0, &(0x7f0000000080)="04010000008b00ddb8460900ffb25b4802938207d903378039ae5375a416407d9029ef0712f29513ff0f0000eb353c72e497f754482c03ac4db09698c0e2d20000000038246d0000fffba37191744d7e459959e78aa490bf11dbb68e1934954468d5506c791bdc507514e286dfe43ce051c8fde942402031db935659c3d7fa4db2d33bc65f7bb1dddb591d58832ca648af94de014542500d5d3ec661566ed396949c6bc86da34c227eaf9d96dab4833d4ba7db9fe347f544c185f812cb63218e4d07327f3b2beee0d3ef2f9d2090c841ecb52269b7dd22441d5ee89649428a10453472ef5edd58f0ff222370732e26f378ed9519c1a182faef18dfa35f999f120369319919d20cc086769dae4438f713a9bb35b745807f9e886f7eb776253c9ac8867c252c4e59127d16c035e8559a2f8f7c85ceaeef", 0x136, 0x0, &(0x7f00000001c0)={0xa, 0x200000800, 0x1000000006, @mcast1, 0x3}, 0x1c) [ 164.435199] binder: undelivered TRANSACTION_COMPLETE 20:42:43 executing program 7: r0 = syz_open_dev$binder(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f00000000c0)={0x4, 0x0, &(0x7f0000000100)=[@register_looper], 0x1, 0x6c000000, &(0x7f0000000280)='\b'}) r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000008fd0)={0x4c, 0x0, &(0x7f0000000140)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000100)}}}], 0x0, 0x0, &(0x7f0000fedffe)}) 20:42:43 executing program 5: r0 = add_key$keyring(&(0x7f0000000100)='keyring\x00', &(0x7f0000000140), 0x0, 0x0, 0xfffffffffffffffd) add_key(&(0x7f0000000000)='user\x00', &(0x7f0000000080), &(0x7f0000000180)="1a", 0x1, r0) keyctl$link(0x7, r0, 0x0) 20:42:43 executing program 6: r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x1000000000021, &(0x7f00000005c0)=0x1, 0x4) connect$inet6(r0, &(0x7f0000000240)={0xa, 0x0, 0x0, @local}, 0x1c) [ 164.475751] binder: undelivered transaction 130, process died. [ 164.515625] binder: undelivered TRANSACTION_COMPLETE 20:42:43 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) r1 = fcntl$dupfd(r0, 0x0, 0xffffffffffffffff) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e23, @broadcast}, 0x10) sendto$inet(r0, &(0x7f0000a88f88), 0xfffffffffffffe6e, 0x20000000, &(0x7f0000e68000)={0x2, 0x4004e23, @local}, 0x10) shutdown(r1, 0x1) 20:42:43 executing program 0 (fault-call:2 fault-nth:11): r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCSIFADDR(r0, 0x8916, &(0x7f00000000c0)={'bond_slave_0\x00'}) ioctl$sock_inet_SIOCSIFADDR(r0, 0x8916, &(0x7f0000000000)={'bond_slave_0\x00', {0x2, 0x0, @local}}) [ 164.549854] binder: undelivered transaction 132, process died. [ 164.645668] FAULT_INJECTION: forcing a failure. [ 164.645668] name failslab, interval 1, probability 0, space 0, times 0 [ 164.656991] CPU: 1 PID: 9148 Comm: syz-executor0 Not tainted 4.18.0-rc5-next-20180720+ #12 [ 164.665399] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 164.674761] Call Trace: [ 164.677371] dump_stack+0x1c9/0x2b4 [ 164.681039] ? dump_stack_print_info.cold.2+0x52/0x52 [ 164.686254] ? lock_release+0xa30/0xa30 [ 164.690246] should_fail.cold.4+0xa/0x11 [ 164.694310] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 164.699423] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 164.704454] ? trace_hardirqs_on+0x10/0x10 [ 164.708710] ? lock_acquire+0x1e4/0x540 [ 164.712704] ? is_bpf_text_address+0xae/0x170 [ 164.717256] ? lock_downgrade+0x8f0/0x8f0 [ 164.721521] ? lock_release+0xa30/0xa30 [ 164.725515] ? lock_acquire+0x1e4/0x540 [ 164.729509] ? fs_reclaim_acquire+0x20/0x20 [ 164.733859] ? lock_downgrade+0x8f0/0x8f0 [ 164.738032] ? check_same_owner+0x340/0x340 [ 164.742376] ? kernel_text_address+0x79/0xf0 [ 164.746797] ? rcu_note_context_switch+0x730/0x730 [ 164.751741] ? __kernel_text_address+0xd/0x40 [ 164.756237] __should_failslab+0x124/0x180 [ 164.760496] should_failslab+0x9/0x14 [ 164.764303] kmem_cache_alloc+0x2af/0x760 [ 164.768479] fib_insert_alias+0x76a/0x1200 [ 164.772728] ? kasan_slab_alloc+0x12/0x20 [ 164.776882] ? fib_table_insert+0x411/0x17a0 [ 164.781291] ? fib_trie_seq_start+0x4e0/0x4e0 [ 164.785784] ? lock_downgrade+0x8f0/0x8f0 [ 164.789921] ? __x64_sys_ioctl+0x73/0xb0 20:42:43 executing program 2: preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000080)=""/148, 0x289}], 0x1, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/arp\x00') preadv(r0, &(0x7f0000000480), 0x10000000000002a1, 0x10400003) ioctl$TUNGETSNDBUF(0xffffffffffffffff, 0x800454d3, &(0x7f0000000000)) ioctl$PERF_EVENT_IOC_RESET(0xffffffffffffffff, 0x2403, 0x5) fcntl$setown(r0, 0x8, 0x0) r1 = epoll_create1(0x80006) r2 = socket(0x1d, 0x0, 0x1116) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r2, &(0x7f0000000000)={0xfffffffe8000201f}) setsockopt$inet_udp_int(r2, 0x11, 0x6f, &(0x7f0000000100)=0x7, 0x4) pipe(&(0x7f0000000040)={0xffffffffffffffff}) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r1, &(0x7f0000000540)={0x20000003}) ioctl$sock_netdev_private(r3, 0x89f0, &(0x7f0000000480)="dd6c4aae95babf1ba2cec8b824c3d8fd5e5e2a57f332e1c96456a1d00ea4ce51a18b3bfae24dc491ada880e92ffe5376d59852e5ee1b2cde661cadfb31d0a597bb36b5180ca4958e224ea71a6b099d1592d459f4f498fce378ebf9ec4774f407b189a23bfebadf74943b2858f72fd422c838df1af095ff") ioctl$BLKSECDISCARD(r3, 0x127d, &(0x7f0000000300)=0x6bb) r4 = perf_event_open(&(0x7f0000000140)={0x2, 0xb1, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) fcntl$getown(r4, 0x9) r5 = mq_open(&(0x7f00005a1ffb)='eth0\x00', 0x42, 0x0, &(0x7f0000000000)={0x0, 0x6, 0x4}) mq_notify(r5, &(0x7f0000000140)={0x0, 0x2e, 0x1, @thr={&(0x7f0000000040)="7be4d6b00202ca53878499e01146863a2e7c8ca45e1910e5eba6453bb6f234b5a1b1bca731970a74bfc8e1793749ea18156c9b8a615bfa2f506fcf44060d36e38f66f111149434d5139e416358ea33f34b4507cdc299f7868d5f186e6bd604", &(0x7f00000000c0)="3c5d8da40d1477844fc4c160b6004a90edc520a6935a49cf5da4c2b525d13146ed27d429c762a4b0e9aaed82555cd1ae800d"}}) r6 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rtc0\x00', 0x101004, 0x0) preadv(r6, &(0x7f0000000440)=[{&(0x7f0000000340)=""/249, 0xf9}], 0x1, 0x0) pipe2(&(0x7f0000000580), 0x0) mq_timedsend(r5, &(0x7f00000e6000), 0x0, 0xe7, &(0x7f0000e0b000)) 20:42:43 executing program 7: r0 = syz_open_dev$binder(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100), 0x1, 0x6c000000, &(0x7f0000000280)='\b'}) r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000008fd0)={0x4c, 0x0, &(0x7f0000000140)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000100)}}}], 0x0, 0x0, &(0x7f0000fedffe)}) 20:42:43 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r1, &(0x7f00001fefe4)={0xa, 0x2}, 0x1c) listen(r1, 0x0) sendto$inet6(r0, &(0x7f0000000080), 0x0, 0x20000004, &(0x7f0000aac000)={0xa, 0x2}, 0x1c) r2 = accept4(r1, &(0x7f0000218fa8)=@alg, &(0x7f0000000000)=0x58, 0x0) shutdown(r0, 0x1) sendto$packet(r2, &(0x7f0000001300)="da", 0x1, 0x0, &(0x7f0000001400)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @local}, 0x14) [ 164.794000] ? unregister_die_notifier+0x20/0x20 [ 164.798758] ? __alloc_skb+0x4c6/0x770 [ 164.802673] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 164.808236] ? atomic_notifier_call_chain+0xf1/0x190 [ 164.813364] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 164.818922] ? call_fib_notifiers+0x6f/0x90 [ 164.823254] ? call_fib4_notifiers+0x9c/0x110 [ 164.827763] ? call_fib_entry_notifiers+0x2f1/0x500 [ 164.832794] ? kasan_kmalloc+0xc4/0xe0 [ 164.836702] ? tnode_free+0x120/0x120 [ 164.840524] ? __fib_validate_source+0x1f10/0x1f10 [ 164.845477] fib_table_insert+0x67c/0x17a0 [ 164.849744] ? fib_table_lookup+0x24a0/0x24a0 [ 164.854255] ? trace_hardirqs_on+0xd/0x10 [ 164.858427] ? kasan_unpoison_shadow+0x35/0x50 [ 164.861964] TCP: request_sock_TCPv6: Possible SYN flooding on port 2. Sending cookies. Check SNMP counters. [ 164.863014] ? kasan_kmalloc+0xc4/0xe0 [ 164.863033] fib_magic.isra.22+0x66b/0x890 [ 164.863048] ? fib_new_table+0x490/0x490 [ 164.863067] ? lock_acquire+0x1e4/0x540 [ 164.863086] ? blocking_notifier_call_chain+0x129/0x190 [ 164.894595] fib_add_ifaddr+0x40d/0x500 [ 164.898607] fib_inetaddr_event+0x172/0x222 [ 164.902944] notifier_call_chain+0x180/0x390 [ 164.907371] ? unregister_die_notifier+0x20/0x20 [ 164.912129] ? __x64_sys_ioctl+0x73/0xb0 [ 164.916194] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 164.921587] blocking_notifier_call_chain+0x147/0x190 [ 164.926783] ? srcu_init_notifier_head+0xa0/0xa0 [ 164.931544] ? rtmsg_ifa+0x14e/0x1e0 [ 164.935270] __inet_insert_ifa+0x858/0xba0 [ 164.939526] ? refcount_add_not_zero_checked+0x330/0x330 [ 164.944997] ? __inet_del_ifa+0xbd0/0xbd0 [ 164.949152] ? rtnl_is_locked+0xb5/0xf0 [ 164.953149] ? rtnl_trylock+0x20/0x20 [ 164.956954] devinet_ioctl+0x1460/0x1d90 [ 164.961026] ? inet_ifa_byprefix+0x240/0x240 [ 164.965436] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 164.970999] inet_ioctl+0x18b/0x360 [ 164.974630] ? inet_stream_connect+0xa0/0xa0 [ 164.979052] ? _parse_integer+0x190/0x190 [ 164.983210] ? lock_release+0xa30/0xa30 [ 164.987195] ? check_same_owner+0x340/0x340 [ 164.991520] ? __check_object_size+0xa3/0x5d7 [ 164.996023] sock_do_ioctl+0xe4/0x3e0 [ 164.999827] ? __fget+0x4ac/0x740 [ 165.003286] ? compat_ifr_data_ioctl+0x170/0x170 [ 165.008059] ? lock_release+0xa30/0xa30 [ 165.012138] ? pid_task+0x115/0x200 [ 165.015768] ? find_vpid+0xf0/0xf0 [ 165.019306] ? __f_unlock_pos+0x19/0x20 [ 165.023296] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 165.028502] sock_ioctl+0x30d/0x680 [ 165.032134] ? dlci_ioctl_set+0x40/0x40 [ 165.036104] ? ksys_dup3+0x690/0x690 [ 165.039817] ? kasan_check_write+0x14/0x20 [ 165.044053] ? __mutex_unlock_slowpath+0x197/0x8c0 [ 165.048978] ? fsnotify+0xbac/0x14e0 [ 165.052696] ? vfs_write+0x2f3/0x560 [ 165.056419] ? dlci_ioctl_set+0x40/0x40 [ 165.060421] do_vfs_ioctl+0x1de/0x1720 [ 165.064338] ? fsnotify_first_mark+0x350/0x350 [ 165.068928] ? __fsnotify_parent+0xcc/0x420 [ 165.073254] ? ioctl_preallocate+0x300/0x300 [ 165.077669] ? __fget_light+0x2f7/0x440 [ 165.081650] ? fget_raw+0x20/0x20 [ 165.085113] ? __sb_end_write+0xac/0xe0 [ 165.089099] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 165.094651] ? fput+0x130/0x1a0 [ 165.097938] ? ksys_write+0x1ae/0x260 [ 165.101755] ? security_file_ioctl+0x94/0xc0 [ 165.106177] ksys_ioctl+0xa9/0xd0 [ 165.109636] __x64_sys_ioctl+0x73/0xb0 [ 165.113520] do_syscall_64+0x1b9/0x820 [ 165.117423] ? finish_task_switch+0x1d3/0x870 [ 165.121911] ? syscall_return_slowpath+0x5e0/0x5e0 [ 165.126850] ? syscall_return_slowpath+0x31d/0x5e0 [ 165.131779] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 165.136793] ? prepare_exit_to_usermode+0x291/0x3b0 [ 165.141824] ? perf_trace_sys_enter+0xb10/0xb10 [ 165.146502] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 165.151353] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 165.156534] RIP: 0033:0x455ab9 [ 165.159715] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 165.178913] RSP: 002b:00007f2865266c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 165.186621] RAX: ffffffffffffffda RBX: 00007f28652676d4 RCX: 0000000000455ab9 [ 165.193895] RDX: 0000000020000000 RSI: 0000000000008916 RDI: 0000000000000013 [ 165.201166] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 165.208433] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000014 [ 165.215700] R13: 00000000004bfc03 R14: 00000000004cf4d8 R15: 000000000000000b 20:42:44 executing program 4: preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000080)=""/148, 0x289}], 0x1, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/arp\x00') preadv(r0, &(0x7f0000000480), 0x10000000000002a1, 0x10400003) ioctl$PERF_EVENT_IOC_RESET(0xffffffffffffffff, 0x2403, 0x5) fcntl$setown(r0, 0x8, 0x0) r1 = epoll_create1(0x80006) r2 = socket(0x1d, 0x0, 0x1116) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r2, &(0x7f0000000000)={0xfffffffe8000201f}) setsockopt$inet_udp_int(r2, 0x11, 0x6f, &(0x7f0000000100)=0x7, 0x4) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r1, &(0x7f0000000540)={0x20000003}) ioctl$sock_netdev_private(r3, 0x89f0, &(0x7f0000000480)="dd6c4aae95babf1ba2cec8b824c3d8fd5e5e2a57f332e1c96456a1d00ea4ce51a18b3bfae24dc491ada880e92ffe5376d59852e5ee1b2cde661cadfb31d0a597bb36b5180ca4958e224ea71a6b099d1592d459f4f498fce378ebf9ec4774f407b189a23bfebadf74943b2858f72fd422c838df1af095ff") ioctl$BLKSECDISCARD(r3, 0x127d, &(0x7f0000000300)=0x6bb) r5 = perf_event_open(&(0x7f0000000140)={0x2, 0xb1, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) fcntl$getown(r5, 0x9) r6 = mq_open(&(0x7f00005a1ffb)='eth0\x00', 0x42, 0x0, &(0x7f0000000000)={0x0, 0x6, 0x4}) mq_notify(r6, &(0x7f0000000140)={0x0, 0x2e, 0x1, @thr={&(0x7f0000000040)="7be4d6b00202ca53878499e01146863a2e7c8ca45e1910e5eba6453bb6f234b5a1b1bca731970a74bfc8e1793749ea18156c9b8a615bfa2f506fcf44060d36e38f66f111149434d5139e416358ea33f34b4507cdc299f7868d5f186e6bd604", &(0x7f00000000c0)="3c5d8da40d1477844fc4c160b6004a90edc520a6935a49cf5da4c2b525d13146ed27d429c762a4b0e9aaed82555cd1ae800d"}}) r7 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rtc0\x00', 0x101004, 0x0) preadv(r7, &(0x7f0000000440)=[{&(0x7f0000000340)=""/249, 0xf9}], 0x1, 0x0) pipe2(&(0x7f0000000580)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) ioctl$SG_GET_PACK_ID(r8, 0x227c, &(0x7f00000005c0)) ppoll(&(0x7f00000001c0)=[{r6, 0x8000}, {r7, 0x420}], 0x2, &(0x7f0000000200)={0x77359400}, &(0x7f0000000240)={0x9}, 0x8) mq_timedsend(r6, &(0x7f00000e6000), 0x0, 0xe7, &(0x7f0000e0b000)) getsockopt$inet_udp_int(r3, 0x11, 0x1, &(0x7f0000000280), &(0x7f0000000640)=0x4) write$eventfd(r4, &(0x7f00000002c0)=0x43, 0x8) setsockopt$inet_mreq(r2, 0x0, 0x23, &(0x7f0000000500)={@local, @rand_addr=0x800}, 0x8) syz_genetlink_get_family_id$team(&(0x7f0000000780)='team\x00') 20:42:44 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f00000000c0)={0x4, 0x0, &(0x7f0000000100)=[@register_looper], 0x1, 0x6c000000, &(0x7f0000000280)='\b'}) r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000008fd0)={0x4c, 0x0, &(0x7f0000000140)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000100)}}}], 0x0, 0x0, &(0x7f0000fedffe)}) 20:42:44 executing program 6: r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x1000000000021, &(0x7f00000005c0)=0x1, 0x4) connect$inet6(r0, &(0x7f0000000240)={0xa, 0x0, 0x0, @local}, 0x1c) 20:42:44 executing program 5: r0 = socket$inet(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000100)={0x2, 0x4e21, @loopback}, 0x10) r1 = socket$inet6_udp(0xa, 0x2, 0x0) bind$inet6(r1, &(0x7f0000710fe4)={0xa, 0x4e21, 0x0, @ipv4={[], [], @local}}, 0x1c) 20:42:44 executing program 0 (fault-call:2 fault-nth:12): r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCSIFADDR(r0, 0x8916, &(0x7f00000000c0)={'bond_slave_0\x00'}) ioctl$sock_inet_SIOCSIFADDR(r0, 0x8916, &(0x7f0000000000)={'bond_slave_0\x00', {0x2, 0x0, @local}}) 20:42:44 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) r1 = fcntl$dupfd(r0, 0x0, 0xffffffffffffffff) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e23, @broadcast}, 0x10) sendto$inet(r0, &(0x7f0000a88f88), 0xfffffffffffffe6e, 0x20000000, &(0x7f0000e68000)={0x2, 0x4004e23, @local}, 0x10) shutdown(r1, 0x1) 20:42:44 executing program 5: preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000080)=""/148, 0x289}], 0x1, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/arp\x00') preadv(r0, &(0x7f0000000480), 0x10000000000002a1, 0x10400003) ioctl$TUNGETSNDBUF(0xffffffffffffffff, 0x800454d3, &(0x7f0000000000)) ioctl$PERF_EVENT_IOC_RESET(0xffffffffffffffff, 0x2403, 0x5) fcntl$setown(r0, 0x8, 0x0) r1 = epoll_create1(0x80006) r2 = socket(0x1d, 0x0, 0x1116) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r2, &(0x7f0000000000)={0xfffffffe8000201f}) setsockopt$inet_udp_int(r2, 0x11, 0x6f, &(0x7f0000000100)=0x7, 0x4) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r1, &(0x7f0000000540)={0x20000003}) ioctl$sock_netdev_private(r3, 0x89f0, &(0x7f0000000480)="dd6c4aae95babf1ba2cec8b824c3d8fd5e5e2a57f332e1c96456a1d00ea4ce51a18b3bfae24dc491ada880e92ffe5376d59852e5ee1b2cde661cadfb31d0a597bb36b5180ca4958e224ea71a6b099d1592d459f4f498fce378ebf9ec4774f407b189a23bfebadf74943b2858f72fd422c838df1af095ff") ioctl$BLKSECDISCARD(r3, 0x127d, &(0x7f0000000300)=0x6bb) r5 = perf_event_open(&(0x7f0000000140)={0x2, 0xb1, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) fcntl$getown(r5, 0x9) r6 = mq_open(&(0x7f00005a1ffb)='eth0\x00', 0x42, 0x0, &(0x7f0000000000)={0x0, 0x6, 0x4}) mq_notify(r6, &(0x7f0000000140)={0x0, 0x2e, 0x1, @thr={&(0x7f0000000040)="7be4d6b00202ca53878499e01146863a2e7c8ca45e1910e5eba6453bb6f234b5a1b1bca731970a74bfc8e1793749ea18156c9b8a615bfa2f506fcf44060d36e38f66f111149434d5139e416358ea33f34b4507cdc299f7868d5f186e6bd604", &(0x7f00000000c0)="3c5d8da40d1477844fc4c160b6004a90edc520a6935a49cf5da4c2b525d13146ed27d429c762a4b0e9aaed82555cd1ae800d"}}) r7 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rtc0\x00', 0x101004, 0x0) preadv(r7, &(0x7f0000000440)=[{&(0x7f0000000340)=""/249, 0xf9}], 0x1, 0x0) pipe2(&(0x7f0000000580)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) ioctl$SG_GET_PACK_ID(r8, 0x227c, &(0x7f00000005c0)) ppoll(&(0x7f00000001c0)=[{r6, 0x8000}, {r7, 0x420}], 0x2, &(0x7f0000000200)={0x77359400}, &(0x7f0000000240)={0x9}, 0x8) mq_timedsend(r6, &(0x7f00000e6000), 0x0, 0xe7, &(0x7f0000e0b000)) getsockopt$inet_udp_int(r3, 0x11, 0x1, &(0x7f0000000280), &(0x7f0000000640)=0x4) write$eventfd(r4, &(0x7f00000002c0)=0x43, 0x8) 20:42:44 executing program 6: r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x1000000000021, &(0x7f00000005c0)=0x1, 0x4) connect$inet6(r0, &(0x7f0000000240)={0xa, 0x0, 0x0, @local}, 0x1c) [ 165.575647] binder: undelivered TRANSACTION_COMPLETE 20:42:44 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000000c0)={0x4, 0x0, &(0x7f0000000100)=[@register_looper], 0x1, 0x6c000000, &(0x7f0000000280)='\b'}) r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000008fd0)={0x4c, 0x0, &(0x7f0000000140)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000100)}}}], 0x0, 0x0, &(0x7f0000fedffe)}) 20:42:44 executing program 6: r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_int(r0, 0x29, 0x0, &(0x7f00000005c0)=0x1, 0x4) connect$inet6(r0, &(0x7f0000000240)={0xa, 0x0, 0x0, @local}, 0x1c) [ 165.620742] binder: undelivered transaction 135, process died. [ 165.654124] binder: 9196:9198 ERROR: BC_REGISTER_LOOPER called without request [ 165.674855] FAULT_INJECTION: forcing a failure. [ 165.674855] name failslab, interval 1, probability 0, space 0, times 0 [ 165.686281] CPU: 1 PID: 9177 Comm: syz-executor0 Not tainted 4.18.0-rc5-next-20180720+ #12 [ 165.694682] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 165.704029] Call Trace: [ 165.706632] dump_stack+0x1c9/0x2b4 [ 165.710254] ? dump_stack_print_info.cold.2+0x52/0x52 [ 165.715474] ? is_bpf_text_address+0xd7/0x170 [ 165.719986] should_fail.cold.4+0xa/0x11 [ 165.724095] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 165.729209] ? save_stack+0xa9/0xd0 [ 165.732846] ? save_stack+0x43/0xd0 [ 165.736482] ? kasan_kmalloc+0xc4/0xe0 [ 165.737754] binder: undelivered TRANSACTION_COMPLETE [ 165.740375] ? kasan_slab_alloc+0x12/0x20 [ 165.740395] ? kmem_cache_alloc+0x12e/0x760 [ 165.754038] ? fib_insert_alias+0x76a/0x1200 [ 165.755358] binder: undelivered transaction 136, process died. [ 165.758451] ? fib_table_insert+0x67c/0x17a0 [ 165.758466] ? fib_magic.isra.22+0x66b/0x890 [ 165.758480] ? fib_add_ifaddr+0x40d/0x500 [ 165.758497] ? fib_inetaddr_event+0x172/0x222 [ 165.781855] ? notifier_call_chain+0x180/0x390 [ 165.786443] ? blocking_notifier_call_chain+0x147/0x190 [ 165.791802] ? __inet_insert_ifa+0x858/0xba0 [ 165.796221] ? devinet_ioctl+0x1460/0x1d90 [ 165.800448] ? inet_ioctl+0x18b/0x360 [ 165.804239] ? sock_do_ioctl+0xe4/0x3e0 [ 165.808218] ? sock_ioctl+0x30d/0x680 [ 165.812010] ? do_vfs_ioctl+0x1de/0x1720 [ 165.816062] ? __x64_sys_ioctl+0x73/0xb0 [ 165.820118] ? lock_acquire+0x1e4/0x540 [ 165.824083] ? fs_reclaim_acquire+0x20/0x20 [ 165.828393] ? lock_downgrade+0x8f0/0x8f0 [ 165.832531] ? fs_reclaim_acquire+0x20/0x20 [ 165.836844] ? check_same_owner+0x340/0x340 [ 165.841155] ? rcu_note_context_switch+0x730/0x730 [ 165.846075] __should_failslab+0x124/0x180 [ 165.850302] should_failslab+0x9/0x14 [ 165.854088] __kmalloc+0x2c8/0x760 [ 165.857616] ? tnode_new+0x22b/0x2d0 [ 165.861315] tnode_new+0x22b/0x2d0 [ 165.864858] ? fib_insert_alias+0x76a/0x1200 [ 165.869264] fib_insert_alias+0xab4/0x1200 [ 165.873482] ? kasan_slab_alloc+0x12/0x20 [ 165.877619] ? fib_trie_seq_start+0x4e0/0x4e0 [ 165.882101] ? lock_downgrade+0x8f0/0x8f0 [ 165.886244] ? __x64_sys_ioctl+0x73/0xb0 [ 165.890294] ? unregister_die_notifier+0x20/0x20 [ 165.895045] ? __alloc_skb+0x4c6/0x770 [ 165.898925] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 165.904468] ? atomic_notifier_call_chain+0xf1/0x190 [ 165.909576] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 165.915100] ? call_fib_notifiers+0x6f/0x90 [ 165.919409] ? call_fib4_notifiers+0x9c/0x110 [ 165.923921] ? call_fib_entry_notifiers+0x2f1/0x500 [ 165.928938] ? kasan_kmalloc+0xc4/0xe0 [ 165.932815] ? tnode_free+0x120/0x120 [ 165.936606] ? __fib_validate_source+0x1f10/0x1f10 [ 165.941526] fib_table_insert+0x67c/0x17a0 [ 165.945782] ? fib_table_lookup+0x24a0/0x24a0 [ 165.950271] ? trace_hardirqs_on+0xd/0x10 [ 165.954410] ? kasan_unpoison_shadow+0x35/0x50 [ 165.958981] ? kasan_kmalloc+0xc4/0xe0 [ 165.962891] fib_magic.isra.22+0x66b/0x890 [ 165.967115] ? fib_new_table+0x490/0x490 [ 165.971172] ? lock_acquire+0x1e4/0x540 [ 165.975144] ? blocking_notifier_call_chain+0x129/0x190 [ 165.980500] fib_add_ifaddr+0x40d/0x500 [ 165.984466] fib_inetaddr_event+0x172/0x222 [ 165.988776] notifier_call_chain+0x180/0x390 [ 165.993174] ? unregister_die_notifier+0x20/0x20 [ 165.997924] ? __x64_sys_ioctl+0x73/0xb0 [ 166.001972] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 166.007329] blocking_notifier_call_chain+0x147/0x190 [ 166.012507] ? srcu_init_notifier_head+0xa0/0xa0 [ 166.017251] ? rtmsg_ifa+0x14e/0x1e0 [ 166.020953] __inet_insert_ifa+0x858/0xba0 [ 166.025179] ? refcount_add_not_zero_checked+0x330/0x330 [ 166.031844] ? __inet_del_ifa+0xbd0/0xbd0 [ 166.035985] ? rtnl_is_locked+0xb5/0xf0 [ 166.039943] ? rtnl_trylock+0x20/0x20 [ 166.043736] devinet_ioctl+0x1460/0x1d90 [ 166.047794] ? inet_ifa_byprefix+0x240/0x240 [ 166.052192] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 166.057804] inet_ioctl+0x18b/0x360 [ 166.061423] ? inet_stream_connect+0xa0/0xa0 [ 166.065823] ? _parse_integer+0x190/0x190 [ 166.069967] ? lock_release+0xa30/0xa30 [ 166.073928] ? check_same_owner+0x340/0x340 [ 166.078239] ? __check_object_size+0xa3/0x5d7 [ 166.082724] sock_do_ioctl+0xe4/0x3e0 [ 166.086525] ? __fget+0x4ac/0x740 [ 166.089965] ? compat_ifr_data_ioctl+0x170/0x170 [ 166.094707] ? lock_release+0xa30/0xa30 [ 166.098671] ? pid_task+0x115/0x200 [ 166.102285] ? find_vpid+0xf0/0xf0 [ 166.105815] ? __f_unlock_pos+0x19/0x20 [ 166.109779] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 166.114967] sock_ioctl+0x30d/0x680 [ 166.118594] ? dlci_ioctl_set+0x40/0x40 [ 166.122726] ? ksys_dup3+0x690/0x690 [ 166.126442] ? kasan_check_write+0x14/0x20 [ 166.130664] ? __mutex_unlock_slowpath+0x197/0x8c0 [ 166.135577] ? fsnotify+0xbac/0x14e0 [ 166.139275] ? vfs_write+0x2f3/0x560 [ 166.142976] ? dlci_ioctl_set+0x40/0x40 [ 166.146986] do_vfs_ioctl+0x1de/0x1720 [ 166.150872] ? fsnotify_first_mark+0x350/0x350 [ 166.155438] ? __fsnotify_parent+0xcc/0x420 [ 166.159746] ? ioctl_preallocate+0x300/0x300 [ 166.164140] ? __fget_light+0x2f7/0x440 [ 166.168100] ? fget_raw+0x20/0x20 [ 166.171555] ? __sb_end_write+0xac/0xe0 [ 166.175521] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 166.181054] ? fput+0x130/0x1a0 [ 166.184328] ? ksys_write+0x1ae/0x260 [ 166.188120] ? security_file_ioctl+0x94/0xc0 [ 166.192516] ksys_ioctl+0xa9/0xd0 [ 166.195989] __x64_sys_ioctl+0x73/0xb0 [ 166.199870] do_syscall_64+0x1b9/0x820 [ 166.203746] ? syscall_return_slowpath+0x5e0/0x5e0 [ 166.208660] ? syscall_return_slowpath+0x31d/0x5e0 [ 166.213585] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 166.218590] ? prepare_exit_to_usermode+0x291/0x3b0 [ 166.223595] ? perf_trace_sys_enter+0xb10/0xb10 [ 166.228264] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 166.233108] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 166.238288] RIP: 0033:0x455ab9 [ 166.241460] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 166.260639] RSP: 002b:00007f2865266c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 166.268338] RAX: ffffffffffffffda RBX: 00007f28652676d4 RCX: 0000000000455ab9 20:42:45 executing program 6: r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_int(r0, 0x29, 0x0, &(0x7f00000005c0)=0x1, 0x4) connect$inet6(r0, &(0x7f0000000240)={0xa, 0x0, 0x0, @local}, 0x1c) 20:42:45 executing program 7: r0 = syz_open_dev$binder(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100), 0x1, 0x6c000000, &(0x7f0000000280)='\b'}) r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000008fd0)={0x4c, 0x0, &(0x7f0000000140)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000100)}}}], 0x0, 0x0, &(0x7f0000fedffe)}) 20:42:45 executing program 0 (fault-call:2 fault-nth:13): r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCSIFADDR(r0, 0x8916, &(0x7f00000000c0)={'bond_slave_0\x00'}) ioctl$sock_inet_SIOCSIFADDR(r0, 0x8916, &(0x7f0000000000)={'bond_slave_0\x00', {0x2, 0x0, @local}}) 20:42:45 executing program 2: preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000080)=""/148, 0x289}], 0x1, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/arp\x00') preadv(r0, &(0x7f0000000480), 0x10000000000002a1, 0x10400003) ioctl$TUNGETSNDBUF(0xffffffffffffffff, 0x800454d3, &(0x7f0000000000)) ioctl$PERF_EVENT_IOC_RESET(0xffffffffffffffff, 0x2403, 0x5) fcntl$setown(r0, 0x8, 0x0) r1 = epoll_create1(0x80006) r2 = socket(0x1d, 0x0, 0x1116) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r2, &(0x7f0000000000)={0xfffffffe8000201f}) setsockopt$inet_udp_int(r2, 0x11, 0x6f, &(0x7f0000000100)=0x7, 0x4) pipe(&(0x7f0000000040)={0xffffffffffffffff}) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r1, &(0x7f0000000540)={0x20000003}) ioctl$sock_netdev_private(r3, 0x89f0, &(0x7f0000000480)="dd6c4aae95babf1ba2cec8b824c3d8fd5e5e2a57f332e1c96456a1d00ea4ce51a18b3bfae24dc491ada880e92ffe5376d59852e5ee1b2cde661cadfb31d0a597bb36b5180ca4958e224ea71a6b099d1592d459f4f498fce378ebf9ec4774f407b189a23bfebadf74943b2858f72fd422c838df1af095ff") ioctl$BLKSECDISCARD(r3, 0x127d, &(0x7f0000000300)=0x6bb) r4 = perf_event_open(&(0x7f0000000140)={0x2, 0xb1, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) fcntl$getown(r4, 0x9) r5 = mq_open(&(0x7f00005a1ffb)='eth0\x00', 0x42, 0x0, &(0x7f0000000000)={0x0, 0x6, 0x4}) mq_notify(r5, &(0x7f0000000140)={0x0, 0x2e, 0x1, @thr={&(0x7f0000000040)="7be4d6b00202ca53878499e01146863a2e7c8ca45e1910e5eba6453bb6f234b5a1b1bca731970a74bfc8e1793749ea18156c9b8a615bfa2f506fcf44060d36e38f66f111149434d5139e416358ea33f34b4507cdc299f7868d5f186e6bd604", &(0x7f00000000c0)="3c5d8da40d1477844fc4c160b6004a90edc520a6935a49cf5da4c2b525d13146ed27d429c762a4b0e9aaed82555cd1ae800d"}}) r6 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rtc0\x00', 0x101004, 0x0) preadv(r6, &(0x7f0000000440)=[{&(0x7f0000000340)=""/249, 0xf9}], 0x1, 0x0) mq_timedsend(r5, &(0x7f00000e6000), 0x0, 0xe7, &(0x7f0000e0b000)) [ 166.275605] RDX: 0000000020000000 RSI: 0000000000008916 RDI: 0000000000000013 [ 166.282874] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 166.290129] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000014 [ 166.297394] R13: 00000000004bfc03 R14: 00000000004cf4d8 R15: 000000000000000c 20:42:45 executing program 6: r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_int(r0, 0x29, 0x0, &(0x7f00000005c0)=0x1, 0x4) connect$inet6(r0, &(0x7f0000000240)={0xa, 0x0, 0x0, @local}, 0x1c) 20:42:45 executing program 6: r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f00000005c0), 0x4) connect$inet6(r0, &(0x7f0000000240)={0xa, 0x0, 0x0, @local}, 0x1c) [ 166.418885] FAULT_INJECTION: forcing a failure. [ 166.418885] name failslab, interval 1, probability 0, space 0, times 0 [ 166.430275] CPU: 0 PID: 9212 Comm: syz-executor0 Not tainted 4.18.0-rc5-next-20180720+ #12 [ 166.438697] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 166.448091] Call Trace: [ 166.450697] dump_stack+0x1c9/0x2b4 [ 166.454347] ? dump_stack_print_info.cold.2+0x52/0x52 [ 166.459587] should_fail.cold.4+0xa/0x11 [ 166.463673] ? bpf_prog_kallsyms_find+0xde/0x4c0 20:42:45 executing program 4: preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000080)=""/148, 0x289}], 0x1, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/arp\x00') ioctl$TUNGETSNDBUF(0xffffffffffffffff, 0x800454d3, &(0x7f0000000000)) ioctl$PERF_EVENT_IOC_RESET(0xffffffffffffffff, 0x2403, 0x5) fcntl$setown(r0, 0x8, 0x0) r1 = epoll_create1(0x80006) r2 = socket(0x1d, 0x0, 0x1116) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r2, &(0x7f0000000000)={0xfffffffe8000201f}) setsockopt$inet_udp_int(r2, 0x11, 0x6f, &(0x7f0000000100)=0x7, 0x4) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r1, &(0x7f0000000540)={0x20000003}) ioctl$sock_netdev_private(r3, 0x89f0, &(0x7f0000000480)="dd6c4aae95babf1ba2cec8b824c3d8fd5e5e2a57f332e1c96456a1d00ea4ce51a18b3bfae24dc491ada880e92ffe5376d59852e5ee1b2cde661cadfb31d0a597bb36b5180ca4958e224ea71a6b099d1592d459f4f498fce378ebf9ec4774f407b189a23bfebadf74943b2858f72fd422c838df1af095ff") ioctl$BLKSECDISCARD(r3, 0x127d, &(0x7f0000000300)=0x6bb) r5 = perf_event_open(&(0x7f0000000140)={0x2, 0xb1, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) fcntl$getown(r5, 0x9) r6 = mq_open(&(0x7f00005a1ffb)='eth0\x00', 0x42, 0x0, &(0x7f0000000000)={0x0, 0x6, 0x4}) mq_notify(r6, &(0x7f0000000140)={0x0, 0x2e, 0x1, @thr={&(0x7f0000000040)="7be4d6b00202ca53878499e01146863a2e7c8ca45e1910e5eba6453bb6f234b5a1b1bca731970a74bfc8e1793749ea18156c9b8a615bfa2f506fcf44060d36e38f66f111149434d5139e416358ea33f34b4507cdc299f7868d5f186e6bd604", &(0x7f00000000c0)="3c5d8da40d1477844fc4c160b6004a90edc520a6935a49cf5da4c2b525d13146ed27d429c762a4b0e9aaed82555cd1ae800d"}}) r7 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rtc0\x00', 0x101004, 0x0) preadv(r7, &(0x7f0000000440)=[{&(0x7f0000000340)=""/249, 0xf9}], 0x1, 0x0) pipe2(&(0x7f0000000580)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) ioctl$SG_GET_PACK_ID(r8, 0x227c, &(0x7f00000005c0)) ppoll(&(0x7f00000001c0)=[{r6, 0x8000}, {r7, 0x420}], 0x2, &(0x7f0000000200)={0x77359400}, &(0x7f0000000240)={0x9}, 0x8) mq_timedsend(r6, &(0x7f00000e6000), 0x0, 0xe7, &(0x7f0000e0b000)) getsockopt$inet_udp_int(r3, 0x11, 0x1, &(0x7f0000000280), &(0x7f0000000640)=0x4) write$eventfd(r4, &(0x7f00000002c0)=0x43, 0x8) setsockopt$inet_mreq(r2, 0x0, 0x23, &(0x7f0000000500)={@local, @rand_addr=0x800}, 0x8) syz_genetlink_get_family_id$team(&(0x7f0000000780)='team\x00') 20:42:45 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) bind$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x4e23, @broadcast}, 0x10) sendto$inet(r0, &(0x7f0000a88f88), 0xfffffffffffffe6e, 0x20000000, &(0x7f0000e68000)={0x2, 0x4004e23, @local}, 0x10) shutdown(r1, 0x1) [ 166.468465] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 166.473595] ? lock_acquire+0x1e4/0x540 [ 166.477594] ? is_bpf_text_address+0xae/0x170 [ 166.482105] ? lock_downgrade+0x8f0/0x8f0 [ 166.486259] ? kasan_check_read+0x11/0x20 [ 166.490424] ? rcu_is_watching+0x8c/0x150 [ 166.494602] ? rcu_cleanup_dead_rnp+0x200/0x200 [ 166.499304] ? lock_acquire+0x1e4/0x540 [ 166.503306] ? fs_reclaim_acquire+0x20/0x20 [ 166.507688] ? lock_downgrade+0x8f0/0x8f0 [ 166.511864] ? check_same_owner+0x340/0x340 20:42:45 executing program 5: preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000080)=""/148, 0x289}], 0x1, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/arp\x00') preadv(r0, &(0x7f0000000480), 0x10000000000002a1, 0x10400003) ioctl$TUNGETSNDBUF(0xffffffffffffffff, 0x800454d3, &(0x7f0000000000)) ioctl$PERF_EVENT_IOC_RESET(0xffffffffffffffff, 0x2403, 0x5) fcntl$setown(r0, 0x8, 0x0) r1 = epoll_create1(0x80006) r2 = socket(0x1d, 0x0, 0x1116) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r2, &(0x7f0000000000)={0xfffffffe8000201f}) setsockopt$inet_udp_int(r2, 0x11, 0x6f, &(0x7f0000000100)=0x7, 0x4) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r1, &(0x7f0000000540)={0x20000003}) ioctl$sock_netdev_private(r3, 0x89f0, &(0x7f0000000480)="dd6c4aae95babf1ba2cec8b824c3d8fd5e5e2a57f332e1c96456a1d00ea4ce51a18b3bfae24dc491ada880e92ffe5376d59852e5ee1b2cde661cadfb31d0a597bb36b5180ca4958e224ea71a6b099d1592d459f4f498fce378ebf9ec4774f407b189a23bfebadf74943b2858f72fd422c838df1af095ff") ioctl$BLKSECDISCARD(r3, 0x127d, &(0x7f0000000300)=0x6bb) r5 = perf_event_open(&(0x7f0000000140)={0x2, 0xb1, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) fcntl$getown(r5, 0x9) r6 = mq_open(&(0x7f00005a1ffb)='eth0\x00', 0x42, 0x0, &(0x7f0000000000)={0x0, 0x6, 0x4}) mq_notify(r6, &(0x7f0000000140)={0x0, 0x2e, 0x1, @thr={&(0x7f0000000040)="7be4d6b00202ca53878499e01146863a2e7c8ca45e1910e5eba6453bb6f234b5a1b1bca731970a74bfc8e1793749ea18156c9b8a615bfa2f506fcf44060d36e38f66f111149434d5139e416358ea33f34b4507cdc299f7868d5f186e6bd604", &(0x7f00000000c0)="3c5d8da40d1477844fc4c160b6004a90edc520a6935a49cf5da4c2b525d13146ed27d429c762a4b0e9aaed82555cd1ae800d"}}) r7 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rtc0\x00', 0x101004, 0x0) preadv(r7, &(0x7f0000000440)=[{&(0x7f0000000340)=""/249, 0xf9}], 0x1, 0x0) pipe2(&(0x7f0000000580)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) ioctl$SG_GET_PACK_ID(r8, 0x227c, &(0x7f00000005c0)) ppoll(&(0x7f00000001c0)=[{r6, 0x8000}, {r7, 0x420}], 0x2, &(0x7f0000000200)={0x77359400}, &(0x7f0000000240)={0x9}, 0x8) mq_timedsend(r6, &(0x7f00000e6000), 0x0, 0xe7, &(0x7f0000e0b000)) getsockopt$inet_udp_int(r3, 0x11, 0x1, &(0x7f0000000280), &(0x7f0000000640)=0x4) write$eventfd(r4, &(0x7f00000002c0)=0x43, 0x8) 20:42:45 executing program 6: r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f00000005c0), 0x4) connect$inet6(r0, &(0x7f0000000240)={0xa, 0x0, 0x0, @local}, 0x1c) [ 166.516213] ? rcu_note_context_switch+0x730/0x730 [ 166.521163] __should_failslab+0x124/0x180 [ 166.525415] should_failslab+0x9/0x14 [ 166.529234] __kmalloc+0x2c8/0x760 [ 166.532800] ? fib_magic.isra.22+0x66b/0x890 [ 166.537229] ? fib_add_ifaddr+0x40d/0x500 [ 166.541403] ? fib_inetaddr_event+0x172/0x222 [ 166.545918] ? notifier_call_chain+0x180/0x390 [ 166.550550] ? blocking_notifier_call_chain+0x147/0x190 [ 166.556030] ? __inet_insert_ifa+0x858/0xba0 [ 166.560469] ? devinet_ioctl+0x1460/0x1d90 [ 166.564728] ? inet_ioctl+0x18b/0x360 20:42:45 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000000c0)={0x4, 0x0, &(0x7f0000000100)=[@register_looper], 0x1, 0x6c000000, &(0x7f0000000280)='\b'}) r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000008fd0)={0x4c, 0x0, &(0x7f0000000140)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000100)}}}], 0x0, 0x0, &(0x7f0000fedffe)}) [ 166.568550] ? tnode_new+0x22b/0x2d0 [ 166.572313] ? sock_ioctl+0x30d/0x680 [ 166.576138] tnode_new+0x22b/0x2d0 [ 166.579716] ? do_vfs_ioctl+0x1de/0x1720 [ 166.583806] resize+0x632/0x22c0 [ 166.587198] ? lock_acquire+0x1e4/0x540 [ 166.591198] ? lock_downgrade+0x8f0/0x8f0 [ 166.595370] ? lock_release+0xa30/0xa30 [ 166.599823] ? replace+0x5d0/0x5d0 [ 166.603379] ? kasan_unpoison_shadow+0x35/0x50 [ 166.607976] ? kasan_kmalloc+0xc4/0xe0 [ 166.611887] ? __kmalloc+0x315/0x760 20:42:45 executing program 6: r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f00000005c0), 0x4) connect$inet6(r0, &(0x7f0000000240)={0xa, 0x0, 0x0, @local}, 0x1c) [ 166.615628] ? __sanitizer_cov_trace_cmp1+0x17/0x20 [ 166.620662] ? put_child+0x363/0x800 [ 166.624404] ? fib_trie_seq_next+0x5e0/0x5e0 [ 166.628841] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 166.634409] ? __sanitizer_cov_trace_cmp1+0x17/0x20 [ 166.636329] binder: 9236:9237 ERROR: BC_REGISTER_LOOPER called without request [ 166.639439] fib_insert_alias+0xe72/0x1200 [ 166.639454] ? kasan_slab_alloc+0x12/0x20 [ 166.639471] ? fib_trie_seq_start+0x4e0/0x4e0 [ 166.639485] ? lock_downgrade+0x8f0/0x8f0 [ 166.639503] ? __x64_sys_ioctl+0x73/0xb0 20:42:45 executing program 6: r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f00000005c0)=0x1, 0x4) connect$inet6(0xffffffffffffffff, &(0x7f0000000240)={0xa, 0x0, 0x0, @local}, 0x1c) 20:42:45 executing program 6: r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f00000005c0)=0x1, 0x4) connect$inet6(0xffffffffffffffff, &(0x7f0000000240)={0xa, 0x0, 0x0, @local}, 0x1c) [ 166.667950] ? unregister_die_notifier+0x20/0x20 [ 166.672729] ? __alloc_skb+0x4c6/0x770 [ 166.676658] ? atomic_notifier_call_chain+0xf1/0x190 [ 166.681796] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 166.687372] ? call_fib_notifiers+0x6f/0x90 [ 166.691721] ? call_fib4_notifiers+0x9c/0x110 [ 166.696247] ? call_fib_entry_notifiers+0x2f1/0x500 [ 166.701279] ? kasan_kmalloc+0xc4/0xe0 [ 166.705192] ? tnode_free+0x120/0x120 [ 166.709103] ? __fib_validate_source+0x1f10/0x1f10 [ 166.714063] fib_table_insert+0x67c/0x17a0 [ 166.718335] ? fib_table_lookup+0x24a0/0x24a0 [ 166.722858] ? trace_hardirqs_on+0xd/0x10 [ 166.727026] ? kasan_unpoison_shadow+0x35/0x50 [ 166.731635] ? kasan_kmalloc+0xc4/0xe0 [ 166.735547] fib_magic.isra.22+0x66b/0x890 [ 166.739813] ? fib_new_table+0x490/0x490 [ 166.743913] ? lock_acquire+0x1e4/0x540 [ 166.747999] ? blocking_notifier_call_chain+0x129/0x190 [ 166.753399] fib_add_ifaddr+0x40d/0x500 [ 166.757408] fib_inetaddr_event+0x172/0x222 [ 166.761751] notifier_call_chain+0x180/0x390 [ 166.766184] ? unregister_die_notifier+0x20/0x20 [ 166.770956] ? __x64_sys_ioctl+0x73/0xb0 [ 166.775045] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 166.780443] blocking_notifier_call_chain+0x147/0x190 [ 166.785645] ? srcu_init_notifier_head+0xa0/0xa0 [ 166.790420] ? rtmsg_ifa+0x14e/0x1e0 [ 166.794166] __inet_insert_ifa+0x858/0xba0 [ 166.798426] ? refcount_add_not_zero_checked+0x330/0x330 [ 166.803902] ? __inet_del_ifa+0xbd0/0xbd0 [ 166.808083] ? rtnl_is_locked+0xb5/0xf0 [ 166.812076] ? rtnl_trylock+0x20/0x20 [ 166.815895] devinet_ioctl+0x1460/0x1d90 [ 166.819988] ? inet_ifa_byprefix+0x240/0x240 [ 166.824403] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 166.829956] inet_ioctl+0x18b/0x360 [ 166.833584] ? inet_stream_connect+0xa0/0xa0 [ 166.838005] ? _parse_integer+0x190/0x190 [ 166.842164] ? lock_release+0xa30/0xa30 [ 166.846139] ? check_same_owner+0x340/0x340 [ 166.850453] ? __check_object_size+0xa3/0x5d7 [ 166.854944] sock_do_ioctl+0xe4/0x3e0 [ 166.858743] ? __fget+0x4ac/0x740 [ 166.862218] ? compat_ifr_data_ioctl+0x170/0x170 [ 166.867011] ? lock_release+0xa30/0xa30 [ 166.871005] ? pid_task+0x115/0x200 [ 166.874630] ? find_vpid+0xf0/0xf0 [ 166.878180] ? __f_unlock_pos+0x19/0x20 [ 166.882186] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 166.887380] sock_ioctl+0x30d/0x680 [ 166.891005] ? dlci_ioctl_set+0x40/0x40 [ 166.895008] ? ksys_dup3+0x690/0x690 [ 166.899708] ? kasan_check_write+0x14/0x20 [ 166.903942] ? __mutex_unlock_slowpath+0x197/0x8c0 [ 166.908867] ? fsnotify+0xbac/0x14e0 [ 166.912582] ? vfs_write+0x2f3/0x560 [ 166.916287] ? dlci_ioctl_set+0x40/0x40 [ 166.920252] do_vfs_ioctl+0x1de/0x1720 [ 166.924141] ? fsnotify_first_mark+0x350/0x350 [ 166.928718] ? __fsnotify_parent+0xcc/0x420 [ 166.933041] ? ioctl_preallocate+0x300/0x300 [ 166.937463] ? __fget_light+0x2f7/0x440 [ 166.941436] ? fget_raw+0x20/0x20 [ 166.944889] ? __sb_end_write+0xac/0xe0 [ 166.948862] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 166.954399] ? fput+0x130/0x1a0 [ 166.957676] ? ksys_write+0x1ae/0x260 [ 166.961488] ? security_file_ioctl+0x94/0xc0 [ 166.965912] ksys_ioctl+0xa9/0xd0 [ 166.969362] __x64_sys_ioctl+0x73/0xb0 [ 166.973262] do_syscall_64+0x1b9/0x820 [ 166.977161] ? finish_task_switch+0x1d3/0x870 [ 166.981671] ? syscall_return_slowpath+0x5e0/0x5e0 [ 166.986618] ? syscall_return_slowpath+0x31d/0x5e0 [ 166.991551] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 166.996575] ? prepare_exit_to_usermode+0x291/0x3b0 [ 167.001605] ? perf_trace_sys_enter+0xb10/0xb10 [ 167.006301] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 167.011158] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 167.016344] RIP: 0033:0x455ab9 [ 167.019514] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 167.038657] RSP: 002b:00007f2865266c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 167.046370] RAX: ffffffffffffffda RBX: 00007f28652676d4 RCX: 0000000000455ab9 [ 167.053642] RDX: 0000000020000000 RSI: 0000000000008916 RDI: 0000000000000013 [ 167.060911] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 20:42:45 executing program 6: r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f00000005c0)=0x1, 0x4) connect$inet6(0xffffffffffffffff, &(0x7f0000000240)={0xa, 0x0, 0x0, @local}, 0x1c) 20:42:45 executing program 6 (fault-call:2 fault-nth:0): r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f00000005c0)=0x1, 0x4) connect$inet6(r0, &(0x7f0000000240)={0xa, 0x0, 0x0, @local}, 0x1c) 20:42:45 executing program 0 (fault-call:2 fault-nth:14): r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCSIFADDR(r0, 0x8916, &(0x7f00000000c0)={'bond_slave_0\x00'}) ioctl$sock_inet_SIOCSIFADDR(r0, 0x8916, &(0x7f0000000000)={'bond_slave_0\x00', {0x2, 0x0, @local}}) [ 167.068193] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000014 [ 167.075463] R13: 00000000004bfc03 R14: 00000000004cf4d8 R15: 000000000000000d [ 167.155497] FAULT_INJECTION: forcing a failure. [ 167.155497] name failslab, interval 1, probability 0, space 0, times 0 [ 167.166805] CPU: 0 PID: 9257 Comm: syz-executor0 Not tainted 4.18.0-rc5-next-20180720+ #12 [ 167.175203] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 167.184554] Call Trace: [ 167.187145] dump_stack+0x1c9/0x2b4 [ 167.190782] ? dump_stack_print_info.cold.2+0x52/0x52 [ 167.195991] should_fail.cold.4+0xa/0x11 [ 167.200069] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 167.205193] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 167.210768] ? resize+0x1227/0x22c0 [ 167.214398] ? lock_downgrade+0x8f0/0x8f0 [ 167.218558] ? replace+0x5d0/0x5d0 [ 167.222104] ? kasan_unpoison_shadow+0x35/0x50 [ 167.226678] ? lock_acquire+0x1e4/0x540 [ 167.230667] ? fs_reclaim_acquire+0x20/0x20 [ 167.234993] ? lock_downgrade+0x8f0/0x8f0 [ 167.235237] binder: undelivered TRANSACTION_COMPLETE [ 167.239150] ? check_same_owner+0x340/0x340 [ 167.239170] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 167.239184] ? rcu_note_context_switch+0x730/0x730 [ 167.239199] __should_failslab+0x124/0x180 [ 167.239215] should_failslab+0x9/0x14 [ 167.257123] binder: undelivered transaction 140, process died. [ 167.259108] kmem_cache_alloc_node+0x272/0x780 [ 167.259125] ? fib_trie_seq_start+0x4e0/0x4e0 [ 167.259143] ? lock_downgrade+0x8f0/0x8f0 [ 167.259156] ? __x64_sys_ioctl+0x73/0xb0 [ 167.259174] __alloc_skb+0x119/0x770 [ 167.294131] ? skb_scrub_packet+0x490/0x490 [ 167.298448] ? atomic_notifier_call_chain+0xf1/0x190 [ 167.303571] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 167.309100] ? call_fib_notifiers+0x6f/0x90 [ 167.313430] ? call_fib4_notifiers+0x9c/0x110 [ 167.317916] ? call_fib_entry_notifiers+0x2f1/0x500 [ 167.322918] ? kasan_kmalloc+0xc4/0xe0 [ 167.326799] rtmsg_fib+0x1f8/0x4d0 [ 167.330330] fib_table_insert+0x7a8/0x17a0 [ 167.334564] ? fib_table_lookup+0x24a0/0x24a0 [ 167.339053] ? trace_hardirqs_on+0xd/0x10 [ 167.343188] ? kasan_unpoison_shadow+0x35/0x50 [ 167.347762] ? kasan_kmalloc+0xc4/0xe0 [ 167.351642] fib_magic.isra.22+0x66b/0x890 [ 167.355869] ? fib_new_table+0x490/0x490 [ 167.359938] ? lock_acquire+0x1e4/0x540 [ 167.363904] ? blocking_notifier_call_chain+0x129/0x190 [ 167.369287] fib_add_ifaddr+0x40d/0x500 [ 167.373343] fib_inetaddr_event+0x172/0x222 [ 167.377672] notifier_call_chain+0x180/0x390 [ 167.382072] ? unregister_die_notifier+0x20/0x20 [ 167.386817] ? __x64_sys_ioctl+0x73/0xb0 [ 167.390870] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 167.396228] blocking_notifier_call_chain+0x147/0x190 [ 167.401425] ? srcu_init_notifier_head+0xa0/0xa0 [ 167.406187] ? rtmsg_ifa+0x14e/0x1e0 [ 167.409891] __inet_insert_ifa+0x858/0xba0 [ 167.414135] ? refcount_add_not_zero_checked+0x330/0x330 [ 167.419587] ? __inet_del_ifa+0xbd0/0xbd0 [ 167.423731] ? rtnl_is_locked+0xb5/0xf0 [ 167.427697] ? rtnl_trylock+0x20/0x20 [ 167.431494] devinet_ioctl+0x1460/0x1d90 [ 167.435552] ? inet_ifa_byprefix+0x240/0x240 [ 167.439969] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 167.445503] inet_ioctl+0x18b/0x360 [ 167.449130] ? inet_stream_connect+0xa0/0xa0 [ 167.453529] ? _parse_integer+0x190/0x190 [ 167.457673] ? lock_release+0xa30/0xa30 [ 167.461641] ? check_same_owner+0x340/0x340 [ 167.466044] ? __check_object_size+0xa3/0x5d7 [ 167.470533] sock_do_ioctl+0xe4/0x3e0 [ 167.474338] ? __fget+0x4ac/0x740 [ 167.477783] ? compat_ifr_data_ioctl+0x170/0x170 [ 167.482530] ? lock_release+0xa30/0xa30 [ 167.486518] ? pid_task+0x115/0x200 [ 167.490155] ? find_vpid+0xf0/0xf0 [ 167.493685] ? __f_unlock_pos+0x19/0x20 [ 167.497657] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 167.502850] sock_ioctl+0x30d/0x680 [ 167.506472] ? dlci_ioctl_set+0x40/0x40 [ 167.510435] ? ksys_dup3+0x690/0x690 [ 167.514140] ? kasan_check_write+0x14/0x20 [ 167.518363] ? __mutex_unlock_slowpath+0x197/0x8c0 [ 167.523281] ? fsnotify+0xbac/0x14e0 [ 167.526980] ? vfs_write+0x2f3/0x560 [ 167.530680] ? dlci_ioctl_set+0x40/0x40 [ 167.534669] do_vfs_ioctl+0x1de/0x1720 [ 167.538553] ? fsnotify_first_mark+0x350/0x350 [ 167.543122] ? __fsnotify_parent+0xcc/0x420 [ 167.547444] ? ioctl_preallocate+0x300/0x300 [ 167.551838] ? __fget_light+0x2f7/0x440 [ 167.555798] ? fget_raw+0x20/0x20 [ 167.559248] ? __sb_end_write+0xac/0xe0 [ 167.563217] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 167.568743] ? fput+0x130/0x1a0 [ 167.572008] ? ksys_write+0x1ae/0x260 [ 167.575818] ? security_file_ioctl+0x94/0xc0 [ 167.580219] ksys_ioctl+0xa9/0xd0 [ 167.583667] __x64_sys_ioctl+0x73/0xb0 [ 167.587549] do_syscall_64+0x1b9/0x820 [ 167.591428] ? finish_task_switch+0x1d3/0x870 [ 167.595938] ? syscall_return_slowpath+0x5e0/0x5e0 [ 167.600860] ? syscall_return_slowpath+0x31d/0x5e0 [ 167.605777] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 167.610786] ? prepare_exit_to_usermode+0x291/0x3b0 [ 167.615788] ? perf_trace_sys_enter+0xb10/0xb10 [ 167.620463] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 167.625305] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 167.630486] RIP: 0033:0x455ab9 [ 167.633661] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 20:42:46 executing program 7: r0 = syz_open_dev$binder(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100), 0x1, 0x6c000000, &(0x7f0000000280)='\b'}) r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000008fd0)={0x4c, 0x0, &(0x7f0000000140)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000100)}}}], 0x0, 0x0, &(0x7f0000fedffe)}) 20:42:46 executing program 6: r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f00000005c0)=0x1, 0x4) connect$inet6(r0, &(0x7f0000000240)={0xa, 0x0, 0x0, @local}, 0x1c) [ 167.652853] RSP: 002b:00007f2865266c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 167.660553] RAX: ffffffffffffffda RBX: 00007f28652676d4 RCX: 0000000000455ab9 [ 167.667807] RDX: 0000000020000000 RSI: 0000000000008916 RDI: 0000000000000013 [ 167.675064] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 167.682339] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000014 [ 167.689611] R13: 00000000004bfc03 R14: 00000000004cf4d8 R15: 000000000000000e 20:42:46 executing program 2: preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000080)=""/148, 0x289}], 0x1, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/arp\x00') preadv(r0, &(0x7f0000000480), 0x10000000000002a1, 0x10400003) ioctl$TUNGETSNDBUF(0xffffffffffffffff, 0x800454d3, &(0x7f0000000000)) ioctl$PERF_EVENT_IOC_RESET(0xffffffffffffffff, 0x2403, 0x5) fcntl$setown(r0, 0x8, 0x0) r1 = epoll_create1(0x80006) r2 = socket(0x1d, 0x0, 0x1116) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r2, &(0x7f0000000000)={0xfffffffe8000201f}) setsockopt$inet_udp_int(r2, 0x11, 0x6f, &(0x7f0000000100)=0x7, 0x4) pipe(&(0x7f0000000040)={0xffffffffffffffff}) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r1, &(0x7f0000000540)={0x20000003}) ioctl$sock_netdev_private(r3, 0x89f0, &(0x7f0000000480)="dd6c4aae95babf1ba2cec8b824c3d8fd5e5e2a57f332e1c96456a1d00ea4ce51a18b3bfae24dc491ada880e92ffe5376d59852e5ee1b2cde661cadfb31d0a597bb36b5180ca4958e224ea71a6b099d1592d459f4f498fce378ebf9ec4774f407b189a23bfebadf74943b2858f72fd422c838df1af095ff") ioctl$BLKSECDISCARD(r3, 0x127d, &(0x7f0000000300)=0x6bb) r4 = perf_event_open(&(0x7f0000000140)={0x2, 0xb1, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) fcntl$getown(r4, 0x9) r5 = mq_open(&(0x7f00005a1ffb)='eth0\x00', 0x42, 0x0, &(0x7f0000000000)={0x0, 0x6, 0x4}) mq_notify(r5, &(0x7f0000000140)={0x0, 0x2e, 0x1, @thr={&(0x7f0000000040)="7be4d6b00202ca53878499e01146863a2e7c8ca45e1910e5eba6453bb6f234b5a1b1bca731970a74bfc8e1793749ea18156c9b8a615bfa2f506fcf44060d36e38f66f111149434d5139e416358ea33f34b4507cdc299f7868d5f186e6bd604", &(0x7f00000000c0)="3c5d8da40d1477844fc4c160b6004a90edc520a6935a49cf5da4c2b525d13146ed27d429c762a4b0e9aaed82555cd1ae800d"}}) openat$rtc(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rtc0\x00', 0x101004, 0x0) mq_timedsend(r5, &(0x7f00000e6000), 0x0, 0xe7, &(0x7f0000e0b000)) 20:42:46 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) bind$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x4e23, @broadcast}, 0x10) sendto$inet(r0, &(0x7f0000a88f88), 0xfffffffffffffe6e, 0x20000000, &(0x7f0000e68000)={0x2, 0x4004e23, @local}, 0x10) shutdown(r1, 0x1) 20:42:46 executing program 6: r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f00000005c0)=0x1, 0x4) connect$inet6(r0, &(0x7f0000000240)={0xa, 0x0, 0x0, @local}, 0x1b) [ 167.710164] binder_alloc: 9236: binder_alloc_buf, no vma [ 167.715811] binder: 9236:9261 transaction failed 29189/-3, size 0-0 line 2967 20:42:46 executing program 4: preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000080)=""/148, 0x289}], 0x1, 0x0) preadv(0xffffffffffffffff, &(0x7f0000000480), 0x10000000000002a1, 0x10400003) ioctl$TUNGETSNDBUF(0xffffffffffffffff, 0x800454d3, &(0x7f0000000000)) ioctl$PERF_EVENT_IOC_RESET(0xffffffffffffffff, 0x2403, 0x5) fcntl$setown(0xffffffffffffffff, 0x8, 0x0) r0 = epoll_create1(0x80006) r1 = socket(0x1d, 0x0, 0x1116) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f0000000000)={0xfffffffe8000201f}) setsockopt$inet_udp_int(r1, 0x11, 0x6f, &(0x7f0000000100)=0x7, 0x4) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r0, &(0x7f0000000540)={0x20000003}) ioctl$sock_netdev_private(r2, 0x89f0, &(0x7f0000000480)="dd6c4aae95babf1ba2cec8b824c3d8fd5e5e2a57f332e1c96456a1d00ea4ce51a18b3bfae24dc491ada880e92ffe5376d59852e5ee1b2cde661cadfb31d0a597bb36b5180ca4958e224ea71a6b099d1592d459f4f498fce378ebf9ec4774f407b189a23bfebadf74943b2858f72fd422c838df1af095ff") ioctl$BLKSECDISCARD(r2, 0x127d, &(0x7f0000000300)=0x6bb) r4 = perf_event_open(&(0x7f0000000140)={0x2, 0xb1, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) fcntl$getown(r4, 0x9) r5 = mq_open(&(0x7f00005a1ffb)='eth0\x00', 0x42, 0x0, &(0x7f0000000000)={0x0, 0x6, 0x4}) mq_notify(r5, &(0x7f0000000140)={0x0, 0x2e, 0x1, @thr={&(0x7f0000000040)="7be4d6b00202ca53878499e01146863a2e7c8ca45e1910e5eba6453bb6f234b5a1b1bca731970a74bfc8e1793749ea18156c9b8a615bfa2f506fcf44060d36e38f66f111149434d5139e416358ea33f34b4507cdc299f7868d5f186e6bd604", &(0x7f00000000c0)="3c5d8da40d1477844fc4c160b6004a90edc520a6935a49cf5da4c2b525d13146ed27d429c762a4b0e9aaed82555cd1ae800d"}}) r6 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rtc0\x00', 0x101004, 0x0) preadv(r6, &(0x7f0000000440)=[{&(0x7f0000000340)=""/249, 0xf9}], 0x1, 0x0) pipe2(&(0x7f0000000580)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) ioctl$SG_GET_PACK_ID(r7, 0x227c, &(0x7f00000005c0)) ppoll(&(0x7f00000001c0)=[{r5, 0x8000}, {r6, 0x420}], 0x2, &(0x7f0000000200)={0x77359400}, &(0x7f0000000240)={0x9}, 0x8) mq_timedsend(r5, &(0x7f00000e6000), 0x0, 0xe7, &(0x7f0000e0b000)) getsockopt$inet_udp_int(r2, 0x11, 0x1, &(0x7f0000000280), &(0x7f0000000640)=0x4) write$eventfd(r3, &(0x7f00000002c0)=0x43, 0x8) setsockopt$inet_mreq(r1, 0x0, 0x23, &(0x7f0000000500)={@local, @rand_addr=0x800}, 0x8) syz_genetlink_get_family_id$team(&(0x7f0000000780)='team\x00') 20:42:46 executing program 0 (fault-call:2 fault-nth:15): r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCSIFADDR(r0, 0x8916, &(0x7f00000000c0)={'bond_slave_0\x00'}) ioctl$sock_inet_SIOCSIFADDR(r0, 0x8916, &(0x7f0000000000)={'bond_slave_0\x00', {0x2, 0x0, @local}}) 20:42:46 executing program 6: r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f00000005c0)=0x1, 0x4) connect$inet6(r0, &(0x7f0000000240)={0xa, 0x0, 0x0, @local}, 0x2000025c) 20:42:46 executing program 2: preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000080)=""/148, 0x289}], 0x1, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/arp\x00') preadv(r0, &(0x7f0000000480), 0x10000000000002a1, 0x10400003) ioctl$TUNGETSNDBUF(0xffffffffffffffff, 0x800454d3, &(0x7f0000000000)) ioctl$PERF_EVENT_IOC_RESET(0xffffffffffffffff, 0x2403, 0x5) fcntl$setown(r0, 0x8, 0x0) r1 = epoll_create1(0x80006) r2 = socket(0x1d, 0x0, 0x1116) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r2, &(0x7f0000000000)={0xfffffffe8000201f}) setsockopt$inet_udp_int(r2, 0x11, 0x6f, &(0x7f0000000100)=0x7, 0x4) pipe(&(0x7f0000000040)={0xffffffffffffffff}) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r1, &(0x7f0000000540)={0x20000003}) ioctl$sock_netdev_private(r3, 0x89f0, &(0x7f0000000480)="dd6c4aae95babf1ba2cec8b824c3d8fd5e5e2a57f332e1c96456a1d00ea4ce51a18b3bfae24dc491ada880e92ffe5376d59852e5ee1b2cde661cadfb31d0a597bb36b5180ca4958e224ea71a6b099d1592d459f4f498fce378ebf9ec4774f407b189a23bfebadf74943b2858f72fd422c838df1af095ff") ioctl$BLKSECDISCARD(r3, 0x127d, &(0x7f0000000300)=0x6bb) r4 = perf_event_open(&(0x7f0000000140)={0x2, 0xb1, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) fcntl$getown(r4, 0x9) r5 = mq_open(&(0x7f00005a1ffb)='eth0\x00', 0x42, 0x0, &(0x7f0000000000)={0x0, 0x6, 0x4}) mq_notify(r5, &(0x7f0000000140)={0x0, 0x2e, 0x1, @thr={&(0x7f0000000040)="7be4d6b00202ca53878499e01146863a2e7c8ca45e1910e5eba6453bb6f234b5a1b1bca731970a74bfc8e1793749ea18156c9b8a615bfa2f506fcf44060d36e38f66f111149434d5139e416358ea33f34b4507cdc299f7868d5f186e6bd604", &(0x7f00000000c0)="3c5d8da40d1477844fc4c160b6004a90edc520a6935a49cf5da4c2b525d13146ed27d429c762a4b0e9aaed82555cd1ae800d"}}) mq_timedsend(r5, &(0x7f00000e6000), 0x0, 0xe7, &(0x7f0000e0b000)) 20:42:46 executing program 5: socket$key(0xf, 0x3, 0x2) r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000b6dfc8)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000000080)={0x2, 0x400000000000003, 0x0, 0x3, 0x13, 0x0, 0x0, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @ipv4={[], [], @rand_addr}}}, @sadb_address={0x5, 0x9, 0x0, 0x0, 0x0, @in6}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0xb}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @mcast2}}]}, 0x98}}, 0x0) 20:42:46 executing program 1: [ 167.837251] binder: undelivered TRANSACTION_ERROR: 29189 20:42:46 executing program 6: r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f00000005c0)=0x1, 0x4) connect$inet6(r0, &(0x7f0000000240)={0xa, 0x0, 0x0, @local}, 0x17) 20:42:46 executing program 2: preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000080)=""/148, 0x289}], 0x1, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/arp\x00') preadv(r0, &(0x7f0000000480), 0x10000000000002a1, 0x10400003) ioctl$TUNGETSNDBUF(0xffffffffffffffff, 0x800454d3, &(0x7f0000000000)) ioctl$PERF_EVENT_IOC_RESET(0xffffffffffffffff, 0x2403, 0x5) fcntl$setown(r0, 0x8, 0x0) r1 = epoll_create1(0x80006) r2 = socket(0x1d, 0x0, 0x1116) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r2, &(0x7f0000000000)={0xfffffffe8000201f}) setsockopt$inet_udp_int(r2, 0x11, 0x6f, &(0x7f0000000100)=0x7, 0x4) pipe(&(0x7f0000000040)={0xffffffffffffffff}) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r1, &(0x7f0000000540)={0x20000003}) ioctl$sock_netdev_private(r3, 0x89f0, &(0x7f0000000480)="dd6c4aae95babf1ba2cec8b824c3d8fd5e5e2a57f332e1c96456a1d00ea4ce51a18b3bfae24dc491ada880e92ffe5376d59852e5ee1b2cde661cadfb31d0a597bb36b5180ca4958e224ea71a6b099d1592d459f4f498fce378ebf9ec4774f407b189a23bfebadf74943b2858f72fd422c838df1af095ff") ioctl$BLKSECDISCARD(r3, 0x127d, &(0x7f0000000300)=0x6bb) r4 = perf_event_open(&(0x7f0000000140)={0x2, 0xb1, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) fcntl$getown(r4, 0x9) r5 = mq_open(&(0x7f00005a1ffb)='eth0\x00', 0x42, 0x0, &(0x7f0000000000)={0x0, 0x6, 0x4}) mq_timedsend(r5, &(0x7f00000e6000), 0x0, 0xe7, &(0x7f0000e0b000)) 20:42:46 executing program 1: [ 167.981059] FAULT_INJECTION: forcing a failure. [ 167.981059] name failslab, interval 1, probability 0, space 0, times 0 [ 167.992412] CPU: 1 PID: 9293 Comm: syz-executor0 Not tainted 4.18.0-rc5-next-20180720+ #12 [ 168.000840] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 168.010282] Call Trace: [ 168.012892] dump_stack+0x1c9/0x2b4 [ 168.016548] ? dump_stack_print_info.cold.2+0x52/0x52 [ 168.021751] should_fail.cold.4+0xa/0x11 [ 168.026832] ? __kernel_text_address+0xd/0x40 20:42:46 executing program 6: r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_int(r0, 0x29, 0x1000000000022, &(0x7f0000000080)=0xfffffffffffffffe, 0x4) connect$inet6(r0, &(0x7f0000000240)={0xa, 0x0, 0x0, @local}, 0x1c) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='cgroup.controllers\x00', 0x0, 0x0) ioctl$EVIOCGMTSLOTS(r1, 0x8040450a, &(0x7f00000000c0)=""/138) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000040)={0x14}) 20:42:46 executing program 1: [ 168.031340] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 168.036442] ? __save_stack_trace+0x8d/0xf0 [ 168.040781] ? save_stack+0xa9/0xd0 [ 168.044429] ? save_stack+0x43/0xd0 [ 168.048079] ? kasan_kmalloc+0xc4/0xe0 [ 168.052074] ? kasan_slab_alloc+0x12/0x20 [ 168.056248] ? kmem_cache_alloc_node+0x144/0x780 [ 168.061023] ? __alloc_skb+0x119/0x770 [ 168.064943] ? rtmsg_fib+0x1f8/0x4d0 [ 168.068674] ? fib_table_insert+0x7a8/0x17a0 [ 168.073191] ? fib_magic.isra.22+0x66b/0x890 [ 168.077630] ? fib_add_ifaddr+0x40d/0x500 [ 168.081805] ? fib_inetaddr_event+0x172/0x222 [ 168.086325] ? notifier_call_chain+0x180/0x390 [ 168.090929] ? blocking_notifier_call_chain+0x147/0x190 [ 168.096352] ? __inet_insert_ifa+0x858/0xba0 [ 168.100783] ? inet_ioctl+0x18b/0x360 [ 168.104612] ? lock_acquire+0x1e4/0x540 [ 168.108612] ? fs_reclaim_acquire+0x20/0x20 [ 168.112956] ? lock_downgrade+0x8f0/0x8f0 [ 168.117132] ? kasan_unpoison_shadow+0x35/0x50 [ 168.121747] ? check_same_owner+0x340/0x340 [ 168.126092] ? lock_downgrade+0x8f0/0x8f0 [ 168.130264] ? rcu_note_context_switch+0x730/0x730 [ 168.135222] __should_failslab+0x124/0x180 [ 168.139477] should_failslab+0x9/0x14 [ 168.143300] kmem_cache_alloc_node_trace+0x26f/0x770 [ 168.148420] ? kasan_kmalloc+0xc4/0xe0 [ 168.152322] __kmalloc_node_track_caller+0x33/0x70 [ 168.157264] __kmalloc_reserve.isra.41+0x3a/0xe0 [ 168.162033] __alloc_skb+0x155/0x770 [ 168.165744] ? skb_scrub_packet+0x490/0x490 [ 168.170062] ? atomic_notifier_call_chain+0xf1/0x190 [ 168.175168] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 168.180699] ? call_fib_notifiers+0x6f/0x90 [ 168.185043] ? call_fib4_notifiers+0x9c/0x110 [ 168.189549] ? call_fib_entry_notifiers+0x2f1/0x500 [ 168.194566] ? kasan_kmalloc+0xc4/0xe0 [ 168.198459] rtmsg_fib+0x1f8/0x4d0 [ 168.202029] fib_table_insert+0x7a8/0x17a0 [ 168.206299] ? fib_table_lookup+0x24a0/0x24a0 [ 168.210810] ? trace_hardirqs_on+0xd/0x10 [ 168.214970] ? kasan_unpoison_shadow+0x35/0x50 [ 168.219564] ? kasan_kmalloc+0xc4/0xe0 [ 168.223448] fib_magic.isra.22+0x66b/0x890 [ 168.227674] ? fib_new_table+0x490/0x490 [ 168.231736] ? lock_acquire+0x1e4/0x540 [ 168.235714] ? blocking_notifier_call_chain+0x129/0x190 [ 168.241078] fib_add_ifaddr+0x40d/0x500 [ 168.245069] fib_inetaddr_event+0x172/0x222 [ 168.249406] notifier_call_chain+0x180/0x390 [ 168.253822] ? unregister_die_notifier+0x20/0x20 [ 168.258581] ? __x64_sys_ioctl+0x73/0xb0 [ 168.262646] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 168.268037] blocking_notifier_call_chain+0x147/0x190 [ 168.273251] ? srcu_init_notifier_head+0xa0/0xa0 [ 168.278025] ? rtmsg_ifa+0x14e/0x1e0 [ 168.281747] __inet_insert_ifa+0x858/0xba0 [ 168.286004] ? refcount_add_not_zero_checked+0x330/0x330 [ 168.291455] ? __inet_del_ifa+0xbd0/0xbd0 [ 168.295596] ? rtnl_is_locked+0xb5/0xf0 [ 168.299569] ? rtnl_trylock+0x20/0x20 [ 168.303373] devinet_ioctl+0x1460/0x1d90 [ 168.307434] ? inet_ifa_byprefix+0x240/0x240 [ 168.311851] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 168.317399] inet_ioctl+0x18b/0x360 [ 168.321037] ? inet_stream_connect+0xa0/0xa0 [ 168.325460] ? _parse_integer+0x190/0x190 [ 168.329608] ? lock_release+0xa30/0xa30 [ 168.333579] ? check_same_owner+0x340/0x340 [ 168.337905] ? __check_object_size+0xa3/0x5d7 [ 168.342417] sock_do_ioctl+0xe4/0x3e0 [ 168.346218] ? __fget+0x4ac/0x740 [ 168.349689] ? compat_ifr_data_ioctl+0x170/0x170 [ 168.354461] ? lock_release+0xa30/0xa30 [ 168.358453] ? pid_task+0x115/0x200 [ 168.362091] ? find_vpid+0xf0/0xf0 [ 168.365639] ? __f_unlock_pos+0x19/0x20 [ 168.369621] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 168.374825] sock_ioctl+0x30d/0x680 [ 168.378443] ? dlci_ioctl_set+0x40/0x40 [ 168.382406] ? ksys_dup3+0x690/0x690 [ 168.386115] ? kasan_check_write+0x14/0x20 [ 168.390371] ? __mutex_unlock_slowpath+0x197/0x8c0 [ 168.395307] ? fsnotify+0xbac/0x14e0 [ 168.399021] ? vfs_write+0x2f3/0x560 [ 168.402741] ? dlci_ioctl_set+0x40/0x40 [ 168.406727] do_vfs_ioctl+0x1de/0x1720 [ 168.410615] ? fsnotify_first_mark+0x350/0x350 [ 168.415198] ? __fsnotify_parent+0xcc/0x420 [ 168.419525] ? ioctl_preallocate+0x300/0x300 [ 168.423937] ? __fget_light+0x2f7/0x440 [ 168.427912] ? fget_raw+0x20/0x20 [ 168.431367] ? __sb_end_write+0xac/0xe0 [ 168.435358] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 168.440918] ? fput+0x130/0x1a0 [ 168.444198] ? ksys_write+0x1ae/0x260 [ 168.447991] ? security_file_ioctl+0x94/0xc0 [ 168.452403] ksys_ioctl+0xa9/0xd0 [ 168.455855] __x64_sys_ioctl+0x73/0xb0 [ 168.459742] do_syscall_64+0x1b9/0x820 [ 168.463622] ? finish_task_switch+0x1d3/0x870 [ 168.468122] ? syscall_return_slowpath+0x5e0/0x5e0 [ 168.473053] ? syscall_return_slowpath+0x31d/0x5e0 [ 168.477984] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 168.483005] ? prepare_exit_to_usermode+0x291/0x3b0 [ 168.488033] ? perf_trace_sys_enter+0xb10/0xb10 [ 168.492702] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 168.497538] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 168.502722] RIP: 0033:0x455ab9 [ 168.505916] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 168.525148] RSP: 002b:00007f2865266c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 168.532849] RAX: ffffffffffffffda RBX: 00007f28652676d4 RCX: 0000000000455ab9 [ 168.540138] RDX: 0000000020000000 RSI: 0000000000008916 RDI: 0000000000000013 [ 168.547421] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 168.554689] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000014 [ 168.561967] R13: 00000000004bfc03 R14: 00000000004cf4d8 R15: 000000000000000f 20:42:47 executing program 7: r0 = syz_open_dev$binder(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000000c0)={0x4, 0x0, &(0x7f0000000100)=[@register_looper], 0x0, 0x6c000000, &(0x7f0000000280)}) r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000008fd0)={0x4c, 0x0, &(0x7f0000000140)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000100)}}}], 0x0, 0x0, &(0x7f0000fedffe)}) 20:42:47 executing program 5: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0x0, 0x200007fe, &(0x7f0000000100)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000015c0)="766574683100000000ffffffffffef00", 0xb) writev(r0, &(0x7f0000000440)=[{&(0x7f0000001640)="c3", 0x1}], 0x1) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0), 0x6) 20:42:47 executing program 2: preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000080)=""/148, 0x289}], 0x1, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/arp\x00') preadv(r0, &(0x7f0000000480), 0x10000000000002a1, 0x10400003) ioctl$TUNGETSNDBUF(0xffffffffffffffff, 0x800454d3, &(0x7f0000000000)) ioctl$PERF_EVENT_IOC_RESET(0xffffffffffffffff, 0x2403, 0x5) fcntl$setown(r0, 0x8, 0x0) r1 = epoll_create1(0x80006) r2 = socket(0x1d, 0x0, 0x1116) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r2, &(0x7f0000000000)={0xfffffffe8000201f}) setsockopt$inet_udp_int(r2, 0x11, 0x6f, &(0x7f0000000100)=0x7, 0x4) pipe(&(0x7f0000000040)={0xffffffffffffffff}) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r1, &(0x7f0000000540)={0x20000003}) ioctl$sock_netdev_private(r3, 0x89f0, &(0x7f0000000480)="dd6c4aae95babf1ba2cec8b824c3d8fd5e5e2a57f332e1c96456a1d00ea4ce51a18b3bfae24dc491ada880e92ffe5376d59852e5ee1b2cde661cadfb31d0a597bb36b5180ca4958e224ea71a6b099d1592d459f4f498fce378ebf9ec4774f407b189a23bfebadf74943b2858f72fd422c838df1af095ff") ioctl$BLKSECDISCARD(r3, 0x127d, &(0x7f0000000300)=0x6bb) r4 = perf_event_open(&(0x7f0000000140)={0x2, 0xb1, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) fcntl$getown(r4, 0x9) mq_timedsend(0xffffffffffffffff, &(0x7f00000e6000), 0x0, 0xe7, &(0x7f0000e0b000)) 20:42:47 executing program 1: r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000100)={0x2, 0x7, 0x0, 0x6, 0x2}, 0x10}}, 0x0) sendmsg$key(r0, &(0x7f0000f56000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000000000)={0x2, 0x7, 0x0, 0x0, 0x2}, 0x10}}, 0x0) 20:42:47 executing program 6: r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f00000005c0)=0x1, 0x4) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x7, @ipv4={[], [], @broadcast}, 0x3}, 0x1c) r1 = fcntl$dupfd(r0, 0x406, r0) r2 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00') sendmsg$IPVS_CMD_SET_DEST(r1, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x10002028}, 0xc, &(0x7f0000000140)={&(0x7f00000000c0)={0x64, r2, 0x104, 0x70bd27, 0x25dfdbff, {}, [@IPVS_CMD_ATTR_SERVICE={0x40, 0x1, [@IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}, @IPVS_SVC_ATTR_AF={0x8, 0x1, 0x2}, @IPVS_SVC_ATTR_PORT={0x8, 0x4, 0x4e21}, @IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv4=@multicast2}, @IPVS_SVC_ATTR_PORT={0x8, 0x4, 0x4e20}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x20}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x6}]}, 0x64}, 0x1, 0x0, 0x0, 0x95}, 0x48000) [ 168.648148] binder: undelivered TRANSACTION_COMPLETE [ 168.660146] binder: undelivered transaction 143, process died. [ 168.697999] binder: 9335:9337 ERROR: BC_REGISTER_LOOPER called without request [ 168.709389] binder: undelivered TRANSACTION_COMPLETE [ 168.726885] binder: undelivered transaction 145, process died. 20:42:47 executing program 2: preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000080)=""/148, 0x289}], 0x1, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/arp\x00') preadv(r0, &(0x7f0000000480), 0x10000000000002a1, 0x10400003) ioctl$TUNGETSNDBUF(0xffffffffffffffff, 0x800454d3, &(0x7f0000000000)) ioctl$PERF_EVENT_IOC_RESET(0xffffffffffffffff, 0x2403, 0x5) fcntl$setown(r0, 0x8, 0x0) r1 = epoll_create1(0x80006) r2 = socket(0x1d, 0x0, 0x1116) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r2, &(0x7f0000000000)={0xfffffffe8000201f}) setsockopt$inet_udp_int(r2, 0x11, 0x6f, &(0x7f0000000100)=0x7, 0x4) pipe(&(0x7f0000000040)={0xffffffffffffffff}) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r1, &(0x7f0000000540)={0x20000003}) ioctl$sock_netdev_private(r3, 0x89f0, &(0x7f0000000480)="dd6c4aae95babf1ba2cec8b824c3d8fd5e5e2a57f332e1c96456a1d00ea4ce51a18b3bfae24dc491ada880e92ffe5376d59852e5ee1b2cde661cadfb31d0a597bb36b5180ca4958e224ea71a6b099d1592d459f4f498fce378ebf9ec4774f407b189a23bfebadf74943b2858f72fd422c838df1af095ff") ioctl$BLKSECDISCARD(r3, 0x127d, &(0x7f0000000300)=0x6bb) r4 = perf_event_open(&(0x7f0000000140)={0x2, 0xb1, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) fcntl$getown(r4, 0x9) mq_timedsend(0xffffffffffffffff, &(0x7f00000e6000), 0x0, 0xe7, &(0x7f0000e0b000)) 20:42:47 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) bind$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x4e23, @broadcast}, 0x10) sendto$inet(r0, &(0x7f0000a88f88), 0xfffffffffffffe6e, 0x20000000, &(0x7f0000e68000)={0x2, 0x4004e23, @local}, 0x10) shutdown(r1, 0x1) 20:42:47 executing program 0 (fault-call:2 fault-nth:16): r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCSIFADDR(r0, 0x8916, &(0x7f00000000c0)={'bond_slave_0\x00'}) ioctl$sock_inet_SIOCSIFADDR(r0, 0x8916, &(0x7f0000000000)={'bond_slave_0\x00', {0x2, 0x0, @local}}) 20:42:47 executing program 5: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x4170000}, 0xc, &(0x7f00000000c0)={&(0x7f0000001040)=@updpolicy={0xb8, 0x19, 0x101, 0x0, 0x0, {{@in=@multicast1, @in6=@mcast2}}}, 0xb8}}, 0x0) 20:42:47 executing program 6: r0 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/sys/net/ipv4/vs/expire_nodest_conn\x00', 0x2, 0x0) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffff9c, 0x84, 0x1d, &(0x7f0000000140)={0x8, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, &(0x7f0000000180)=0x24) getsockopt$inet_sctp_SCTP_PEER_AUTH_CHUNKS(r0, 0x84, 0x1a, &(0x7f00000001c0)={r1}, &(0x7f0000000200)=0x8) r2 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_int(r2, 0x29, 0x1000000000021, &(0x7f00000005c0)=0x1, 0x4) r3 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x121800) ioctl$KDSKBLED(r3, 0x4b65, 0x748) connect$inet6(r2, &(0x7f0000000240)={0xa, 0x0, 0x0, @local}, 0x1c) 20:42:47 executing program 7: r0 = syz_open_dev$binder(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000000c0)={0x4, 0x0, &(0x7f0000000100)=[@register_looper], 0x0, 0x6c000000, &(0x7f0000000280)}) r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000008fd0)={0x4c, 0x0, &(0x7f0000000140)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000100)}}}], 0x0, 0x0, &(0x7f0000fedffe)}) 20:42:47 executing program 4: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/arp\x00') preadv(r0, &(0x7f0000000480), 0x10000000000002a1, 0x10400003) ioctl$TUNGETSNDBUF(0xffffffffffffffff, 0x800454d3, &(0x7f0000000000)) ioctl$PERF_EVENT_IOC_RESET(0xffffffffffffffff, 0x2403, 0x5) fcntl$setown(r0, 0x8, 0x0) r1 = epoll_create1(0x80006) r2 = socket(0x1d, 0x0, 0x1116) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r2, &(0x7f0000000000)={0xfffffffe8000201f}) setsockopt$inet_udp_int(r2, 0x11, 0x6f, &(0x7f0000000100)=0x7, 0x4) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r1, &(0x7f0000000540)={0x20000003}) ioctl$sock_netdev_private(r3, 0x89f0, &(0x7f0000000480)="dd6c4aae95babf1ba2cec8b824c3d8fd5e5e2a57f332e1c96456a1d00ea4ce51a18b3bfae24dc491ada880e92ffe5376d59852e5ee1b2cde661cadfb31d0a597bb36b5180ca4958e224ea71a6b099d1592d459f4f498fce378ebf9ec4774f407b189a23bfebadf74943b2858f72fd422c838df1af095ff") ioctl$BLKSECDISCARD(r3, 0x127d, &(0x7f0000000300)=0x6bb) r5 = perf_event_open(&(0x7f0000000140)={0x2, 0xb1, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) fcntl$getown(r5, 0x9) r6 = mq_open(&(0x7f00005a1ffb)='eth0\x00', 0x42, 0x0, &(0x7f0000000000)={0x0, 0x6, 0x4}) mq_notify(r6, &(0x7f0000000140)={0x0, 0x2e, 0x1, @thr={&(0x7f0000000040)="7be4d6b00202ca53878499e01146863a2e7c8ca45e1910e5eba6453bb6f234b5a1b1bca731970a74bfc8e1793749ea18156c9b8a615bfa2f506fcf44060d36e38f66f111149434d5139e416358ea33f34b4507cdc299f7868d5f186e6bd604", &(0x7f00000000c0)="3c5d8da40d1477844fc4c160b6004a90edc520a6935a49cf5da4c2b525d13146ed27d429c762a4b0e9aaed82555cd1ae800d"}}) r7 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rtc0\x00', 0x101004, 0x0) preadv(r7, &(0x7f0000000440)=[{&(0x7f0000000340)=""/249, 0xf9}], 0x1, 0x0) pipe2(&(0x7f0000000580)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) ioctl$SG_GET_PACK_ID(r8, 0x227c, &(0x7f00000005c0)) ppoll(&(0x7f00000001c0)=[{r6, 0x8000}, {r7, 0x420}], 0x2, &(0x7f0000000200)={0x77359400}, &(0x7f0000000240)={0x9}, 0x8) mq_timedsend(r6, &(0x7f00000e6000), 0x0, 0xe7, &(0x7f0000e0b000)) getsockopt$inet_udp_int(r3, 0x11, 0x1, &(0x7f0000000280), &(0x7f0000000640)=0x4) write$eventfd(r4, &(0x7f00000002c0)=0x43, 0x8) setsockopt$inet_mreq(r2, 0x0, 0x23, &(0x7f0000000500)={@local, @rand_addr=0x800}, 0x8) syz_genetlink_get_family_id$team(&(0x7f0000000780)='team\x00') 20:42:47 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f00000004c0)={&(0x7f0000000100), 0xc, &(0x7f0000000200)={&(0x7f0000000340)=@newlink={0x40, 0x10, 0x7, 0x0, 0x0, {}, [@IFLA_IFNAME={0x14, 0x3, 'lo\x00'}, @IFLA_ADDRESS={0xc, 0x1, @dev}]}, 0x40}}, 0x0) [ 168.875548] binder: 9385:9386 ERROR: BC_REGISTER_LOOPER called without request 20:42:47 executing program 6: r0 = socket$inet6_dccp(0xa, 0x6, 0x0) ioctl$sock_inet_SIOCGIFADDR(r0, 0x8915, &(0x7f0000000000)={'bridge0\x00', {0x2, 0x4e22, @loopback}}) r1 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_int(r1, 0x29, 0x1000000000024, &(0x7f0000000080)=0x1, 0x4) getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r1, 0x84, 0x7b, &(0x7f0000000300)={0x0, 0x3}, &(0x7f0000000340)=0x8) getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r1, 0x84, 0xa, &(0x7f0000000380)={0x5, 0xffffffffffff7fff, 0xa, 0x0, 0x3, 0x100, 0x9, 0x0, 0x0}, &(0x7f0000000540)=0x20) getsockopt$inet_sctp_SCTP_AUTH_ACTIVE_KEY(0xffffffffffffff9c, 0x84, 0x18, &(0x7f0000000580)={r2, 0xc41e}, &(0x7f00000002c0)=0x7) getsockopt$inet_sctp6_SCTP_PR_SUPPORTED(r1, 0x84, 0x71, &(0x7f0000000100)={r3, 0xc3}, &(0x7f0000000140)=0x8) connect$inet6(r1, &(0x7f0000000200)={0xa, 0x1, 0x3, @local, 0x1fffc}, 0x1c) setsockopt$inet6_MRT6_DEL_MFC_PROXY(r0, 0x29, 0xd3, &(0x7f0000000240)={{0xa, 0x4e23, 0x2, @empty, 0x5}, {0xa, 0x4e24, 0xfffffffffffffff8, @local, 0xec6}, 0x0, [0x5, 0xc00000, 0x0, 0xfffffffffffffffe, 0x5, 0x5a, 0x1, 0x49]}, 0x5c) r4 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000180)='/dev/rfkill\x00', 0x20880, 0x0) getsockopt$inet_sctp_SCTP_GET_LOCAL_ADDRS(r4, 0x84, 0x6d, &(0x7f00000003c0)=ANY=[@ANYRES32=r3, @ANYBLOB="8d00000080045686856a00000020018ab3c34fb376ccceddd2b59770be0d1274df4a93ad63590e3b6e90624fa60f7f94eeab7ddca3f71637212208f3a9fc1db5e7a5f43534e6a48af3dfde935b2cce95bce393eb254a646a11c254a00bdeee506e900c9f4012ea19adf64ab009f9b66de9a20900000000000000dfdea714d1b2c08d19a16d60af2dc8b48959e34fafee773248ad2efdd4b77d52774a01fc9616f4a13f25b7cfc5427083cc8ea8f8b5310dae910793838f899d4d2c67295b94fdf114e78f736d0379ebec2db0b56c2ecbeb2bbe6d01618fc644631459d1cbf70e3f8d8d8b657ad60723eb8d4406769d9f9e860d2abca02358ce5fff86ac4e1fa944a9a8b179134adf4cbca5c9ca4a8373b74177827f341432bf113e979729f8b7a7a6cdbaa46dc70dcfdcf0f7b355074a0e8878318989e2fe5e6fc17f41410ac053ef2489d5a5fe7693be6a4ba32edd9ccc9bfab4c58ff5f3fd96fd6f1bd269"], &(0x7f00000001c0)=0x95) getsockopt$inet_sctp_SCTP_ASSOCINFO(r4, 0x84, 0x1, &(0x7f0000000040)={r3, 0x2, 0x1, 0x80000001, 0x8, 0x6c}, &(0x7f00000000c0)=0x14) 20:42:47 executing program 5: r0 = add_key$keyring(&(0x7f0000000240)='keyring\x00', &(0x7f0000000000), 0x0, 0x0, 0xfffffffffffffffe) r1 = add_key$keyring(&(0x7f0000000200)='keyring\x00', &(0x7f00000001c0), 0x0, 0x0, r0) r2 = add_key$user(&(0x7f0000000040)='user\x00', &(0x7f00000000c0), &(0x7f0000000100)="8d", 0x1, r1) keyctl$revoke(0x3, r1) keyctl$get_security(0x11, r2, &(0x7f00000006c0)=""/4096, 0x1000) 20:42:47 executing program 2: preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000080)=""/148, 0x289}], 0x1, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/arp\x00') preadv(r0, &(0x7f0000000480), 0x10000000000002a1, 0x10400003) ioctl$TUNGETSNDBUF(0xffffffffffffffff, 0x800454d3, &(0x7f0000000000)) ioctl$PERF_EVENT_IOC_RESET(0xffffffffffffffff, 0x2403, 0x5) fcntl$setown(r0, 0x8, 0x0) r1 = epoll_create1(0x80006) r2 = socket(0x1d, 0x0, 0x1116) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r2, &(0x7f0000000000)={0xfffffffe8000201f}) setsockopt$inet_udp_int(r2, 0x11, 0x6f, &(0x7f0000000100)=0x7, 0x4) pipe(&(0x7f0000000040)={0xffffffffffffffff}) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r1, &(0x7f0000000540)={0x20000003}) ioctl$sock_netdev_private(r3, 0x89f0, &(0x7f0000000480)="dd6c4aae95babf1ba2cec8b824c3d8fd5e5e2a57f332e1c96456a1d00ea4ce51a18b3bfae24dc491ada880e92ffe5376d59852e5ee1b2cde661cadfb31d0a597bb36b5180ca4958e224ea71a6b099d1592d459f4f498fce378ebf9ec4774f407b189a23bfebadf74943b2858f72fd422c838df1af095ff") ioctl$BLKSECDISCARD(r3, 0x127d, &(0x7f0000000300)=0x6bb) r4 = perf_event_open(&(0x7f0000000140)={0x2, 0xb1, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) fcntl$getown(r4, 0x9) mq_timedsend(0xffffffffffffffff, &(0x7f00000e6000), 0x0, 0xe7, &(0x7f0000e0b000)) [ 168.923776] binder: undelivered TRANSACTION_COMPLETE 20:42:47 executing program 7: r0 = syz_open_dev$binder(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000000c0)={0x4, 0x0, &(0x7f0000000100)=[@register_looper], 0x0, 0x6c000000, &(0x7f0000000280)}) r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000008fd0)={0x4c, 0x0, &(0x7f0000000140)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000100)}}}], 0x0, 0x0, &(0x7f0000fedffe)}) [ 168.960919] binder: undelivered transaction 147, process died. [ 168.993326] FAULT_INJECTION: forcing a failure. [ 168.993326] name failslab, interval 1, probability 0, space 0, times 0 [ 169.004434] binder: 9411:9413 ERROR: BC_REGISTER_LOOPER called without request [ 169.004638] CPU: 0 PID: 9387 Comm: syz-executor0 Not tainted 4.18.0-rc5-next-20180720+ #12 [ 169.020361] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 169.029126] binder: undelivered TRANSACTION_COMPLETE [ 169.029726] Call Trace: [ 169.029756] dump_stack+0x1c9/0x2b4 [ 169.029774] ? dump_stack_print_info.cold.2+0x52/0x52 [ 169.029798] ? lock_acquire+0x1e4/0x540 [ 169.050473] should_fail.cold.4+0xa/0x11 [ 169.054560] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 169.055179] binder: undelivered transaction 149, process died. [ 169.059679] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 169.059699] ? kasan_check_write+0x14/0x20 [ 169.059717] ? trace_hardirqs_on+0xd/0x10 [ 169.059732] ? debug_object_active_state+0x2f5/0x4d0 [ 169.059744] ? kasan_check_read+0x11/0x20 [ 169.059763] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 169.092948] ? bpf_prog_kallsyms_find+0xde/0x4c0 [ 169.097781] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 169.102799] ? lock_acquire+0x1e4/0x540 [ 169.106763] ? is_bpf_text_address+0xae/0x170 [ 169.111246] __should_failslab+0x124/0x180 [ 169.115593] should_failslab+0x9/0x14 [ 169.119389] kmem_cache_alloc_node_trace+0x5a/0x770 [ 169.124432] ? kasan_check_read+0x11/0x20 [ 169.128600] ? rcu_is_watching+0x8c/0x150 [ 169.132753] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 169.137758] __kmalloc_node_track_caller+0x33/0x70 [ 169.142678] __kmalloc_reserve.isra.41+0x3a/0xe0 [ 169.147421] pskb_expand_head+0x230/0x10e0 [ 169.151644] ? rtnetlink_put_metrics+0x3a8/0x690 [ 169.156391] ? __pskb_copy_fclone+0xeb0/0xeb0 [ 169.160879] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 169.165880] ? skb_put+0x17b/0x1e0 [ 169.169404] ? memset+0x31/0x40 [ 169.172774] ? memcpy+0x45/0x50 [ 169.176045] ? __nla_put+0x37/0x40 [ 169.179586] ? nla_put+0x11a/0x150 [ 169.183116] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 169.188646] ? fib_dump_info+0x950/0x1bc0 [ 169.192795] netlink_trim+0x2ea/0x380 [ 169.196600] ? netlink_skb_destructor+0x210/0x210 [ 169.201432] ? kasan_unpoison_shadow+0x35/0x50 [ 169.205996] ? kasan_kmalloc+0xc4/0xe0 [ 169.209888] netlink_broadcast_filtered+0x105/0x1620 [ 169.215000] ? kasan_unpoison_shadow+0x35/0x50 [ 169.219575] ? kasan_kmalloc+0xc4/0xe0 [ 169.223450] ? __netlink_sendskb+0xd0/0xd0 [ 169.227679] ? __kmalloc_node_track_caller+0x47/0x70 [ 169.232777] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 169.238305] ? __alloc_skb+0x4c6/0x770 [ 169.242179] ? skb_scrub_packet+0x490/0x490 [ 169.246490] ? atomic_notifier_call_chain+0xf1/0x190 [ 169.251585] nlmsg_notify+0xa0/0x1a0 [ 169.255294] rtnl_notify+0xce/0xf0 [ 169.258824] rtmsg_fib+0x369/0x4d0 [ 169.262354] fib_table_insert+0x7a8/0x17a0 [ 169.266595] ? fib_table_lookup+0x24a0/0x24a0 [ 169.271102] ? trace_hardirqs_on+0xd/0x10 [ 169.275242] ? kasan_unpoison_shadow+0x35/0x50 [ 169.279818] ? kasan_kmalloc+0xc4/0xe0 [ 169.283697] fib_magic.isra.22+0x66b/0x890 [ 169.287934] ? fib_new_table+0x490/0x490 [ 169.291989] ? lock_acquire+0x1e4/0x540 [ 169.295955] ? blocking_notifier_call_chain+0x129/0x190 [ 169.301310] fib_add_ifaddr+0x40d/0x500 [ 169.305275] fib_inetaddr_event+0x172/0x222 [ 169.309589] notifier_call_chain+0x180/0x390 [ 169.313990] ? unregister_die_notifier+0x20/0x20 [ 169.318739] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 169.323501] blocking_notifier_call_chain+0x147/0x190 [ 169.328681] ? srcu_init_notifier_head+0xa0/0xa0 [ 169.333445] ? rtmsg_ifa+0x14e/0x1e0 [ 169.337164] __inet_insert_ifa+0x858/0xba0 [ 169.341397] ? refcount_add_not_zero_checked+0x330/0x330 [ 169.346839] ? __inet_del_ifa+0xbd0/0xbd0 [ 169.350978] ? rtnl_is_locked+0xb5/0xf0 [ 169.354943] ? rtnl_trylock+0x20/0x20 [ 169.358734] devinet_ioctl+0x1460/0x1d90 [ 169.362787] ? inet_ifa_byprefix+0x240/0x240 [ 169.367201] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 169.372731] inet_ioctl+0x18b/0x360 [ 169.376365] ? inet_stream_connect+0xa0/0xa0 [ 169.380882] ? _parse_integer+0x190/0x190 [ 169.385030] ? lock_release+0xa30/0xa30 [ 169.388992] ? check_same_owner+0x340/0x340 [ 169.393304] ? __check_object_size+0xa3/0x5d7 [ 169.397794] sock_do_ioctl+0xe4/0x3e0 [ 169.401582] ? __fget+0x4ac/0x740 [ 169.405026] ? compat_ifr_data_ioctl+0x170/0x170 [ 169.409776] ? lock_release+0xa30/0xa30 [ 169.413744] ? pid_task+0x115/0x200 [ 169.417366] ? find_vpid+0xf0/0xf0 [ 169.420896] ? __f_unlock_pos+0x19/0x20 [ 169.424864] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 169.430051] sock_ioctl+0x30d/0x680 [ 169.433665] ? dlci_ioctl_set+0x40/0x40 [ 169.437627] ? ksys_dup3+0x690/0x690 [ 169.441331] ? kasan_check_write+0x14/0x20 [ 169.445558] ? __mutex_unlock_slowpath+0x197/0x8c0 [ 169.450473] ? fsnotify+0xbac/0x14e0 [ 169.454173] ? vfs_write+0x2f3/0x560 [ 169.457879] ? dlci_ioctl_set+0x40/0x40 [ 169.461848] do_vfs_ioctl+0x1de/0x1720 [ 169.465740] ? fsnotify_first_mark+0x350/0x350 [ 169.470310] ? __fsnotify_parent+0xcc/0x420 [ 169.474628] ? ioctl_preallocate+0x300/0x300 [ 169.479285] ? __fget_light+0x2f7/0x440 [ 169.483344] ? fget_raw+0x20/0x20 [ 169.486817] ? __sb_end_write+0xac/0xe0 [ 169.490783] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 169.496309] ? fput+0x130/0x1a0 [ 169.499577] ? ksys_write+0x1ae/0x260 [ 169.503368] ? security_file_ioctl+0x94/0xc0 [ 169.507761] ksys_ioctl+0xa9/0xd0 [ 169.511214] __x64_sys_ioctl+0x73/0xb0 [ 169.515090] do_syscall_64+0x1b9/0x820 [ 169.519055] ? finish_task_switch+0x1d3/0x870 [ 169.523544] ? syscall_return_slowpath+0x5e0/0x5e0 [ 169.528473] ? syscall_return_slowpath+0x31d/0x5e0 [ 169.533393] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 169.538408] ? prepare_exit_to_usermode+0x291/0x3b0 [ 169.543418] ? perf_trace_sys_enter+0xb10/0xb10 [ 169.548098] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 169.552934] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 169.558121] RIP: 0033:0x455ab9 [ 169.561305] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 169.580501] RSP: 002b:00007f2865266c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 169.588205] RAX: ffffffffffffffda RBX: 00007f28652676d4 RCX: 0000000000455ab9 [ 169.595463] RDX: 0000000020000000 RSI: 0000000000008916 RDI: 0000000000000013 [ 169.603431] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 20:42:48 executing program 7: r0 = syz_open_dev$binder(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000000c0)={0x4, 0x0, &(0x7f0000000100)=[@register_looper], 0x1, 0x6c000000, &(0x7f0000000280)='\b'}) r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000008fd0)={0x4c, 0x0, &(0x7f0000000140)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000100)}}}], 0x0, 0x0, &(0x7f0000fedffe)}) 20:42:48 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000180)={&(0x7f0000000080), 0xc, &(0x7f0000000140)={&(0x7f00000001c0)=@ipv6_newaddr={0x40, 0x14, 0x401, 0x0, 0x0, {}, [@IFA_LOCAL={0x14, 0x2, @ipv4={[], [], @local}}, @IFA_ADDRESS={0x14}]}, 0x40}}, 0x0) 20:42:48 executing program 1: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup.net\x00', 0x200002, 0x0) fchdir(r0) r1 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) write$P9_RCLUNK(r1, &(0x7f0000000300)={0x7}, 0x7) fallocate(r1, 0x0, 0xb4cd, 0x8200003) fallocate(r1, 0x3, 0x0, 0xffff) 20:42:48 executing program 6: r0 = socket$inet6(0xa, 0x1, 0x7fffffff) setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f00000005c0)=0x1, 0x4) connect$inet6(r0, &(0x7f0000000240)={0xa, 0x0, 0x0, @local}, 0x1c) fcntl$F_GET_RW_HINT(r0, 0x40b, &(0x7f00000001c0)) r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer2\x00', 0x4000, 0x0) r2 = fcntl$getown(r1, 0x9) r3 = fcntl$getown(r1, 0x9) kcmp(r2, r3, 0x2, r1, r1) setsockopt$RDS_GET_MR_FOR_DEST(r1, 0x114, 0x7, &(0x7f0000000100)={@alg={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-serpent-avx2\x00'}, {&(0x7f0000000040)=""/85, 0x55}, &(0x7f0000000200), 0x64}, 0xa0) [ 169.610706] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000014 [ 169.617964] R13: 00000000004bfc03 R14: 00000000004cf4d8 R15: 0000000000000010 20:42:48 executing program 5: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) read(r0, &(0x7f0000000080)=""/251, 0xfb) write$binfmt_elf64(r0, &(0x7f0000000300)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff4d}, [{}]}, 0x78) 20:42:48 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x0, @broadcast}, 0x10) sendto$inet(r0, &(0x7f0000a88f88), 0xfffffffffffffe6e, 0x20000000, &(0x7f0000e68000)={0x2, 0x4004e23, @local}, 0x10) shutdown(r1, 0x1) 20:42:48 executing program 0 (fault-call:2 fault-nth:17): r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCSIFADDR(r0, 0x8916, &(0x7f00000000c0)={'bond_slave_0\x00'}) ioctl$sock_inet_SIOCSIFADDR(r0, 0x8916, &(0x7f0000000000)={'bond_slave_0\x00', {0x2, 0x0, @local}}) 20:42:48 executing program 2: preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000080)=""/148, 0x289}], 0x1, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/arp\x00') preadv(r0, &(0x7f0000000480), 0x10000000000002a1, 0x10400003) ioctl$TUNGETSNDBUF(0xffffffffffffffff, 0x800454d3, &(0x7f0000000000)) ioctl$PERF_EVENT_IOC_RESET(0xffffffffffffffff, 0x2403, 0x5) fcntl$setown(r0, 0x8, 0x0) r1 = epoll_create1(0x80006) r2 = socket(0x1d, 0x0, 0x1116) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r2, &(0x7f0000000000)={0xfffffffe8000201f}) setsockopt$inet_udp_int(r2, 0x11, 0x6f, &(0x7f0000000100)=0x7, 0x4) pipe(&(0x7f0000000040)={0xffffffffffffffff}) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r1, &(0x7f0000000540)={0x20000003}) ioctl$sock_netdev_private(r3, 0x89f0, &(0x7f0000000480)="dd6c4aae95babf1ba2cec8b824c3d8fd5e5e2a57f332e1c96456a1d00ea4ce51a18b3bfae24dc491ada880e92ffe5376d59852e5ee1b2cde661cadfb31d0a597bb36b5180ca4958e224ea71a6b099d1592d459f4f498fce378ebf9ec4774f407b189a23bfebadf74943b2858f72fd422c838df1af095ff") ioctl$BLKSECDISCARD(r3, 0x127d, &(0x7f0000000300)=0x6bb) perf_event_open(&(0x7f0000000140)={0x2, 0xb1, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r4 = mq_open(&(0x7f00005a1ffb)='eth0\x00', 0x42, 0x0, &(0x7f0000000000)={0x0, 0x6, 0x4}) mq_timedsend(r4, &(0x7f00000e6000), 0x0, 0xe7, &(0x7f0000e0b000)) [ 169.666091] binder: 9419:9421 ERROR: BC_REGISTER_LOOPER called without request 20:42:48 executing program 1: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.cpu\x00', 0x200002, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0) ftruncate(r1, 0x2081fc) r2 = open(&(0x7f000000fffa)='./bus\x00', 0x140042, 0x0) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x800002, 0x11, r2, 0x0) sendmmsg(0xffffffffffffffff, &(0x7f0000005fc0)=[{{&(0x7f0000003e40)=@llc={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @local}, 0x80, &(0x7f0000003f00), 0x0, &(0x7f0000003f40)=ANY=[]}}], 0x1, 0x0) dup2(r2, r1) madvise(&(0x7f0000003000/0x4000)=nil, 0x4000, 0x9) [ 169.830349] FAULT_INJECTION: forcing a failure. [ 169.830349] name failslab, interval 1, probability 0, space 0, times 0 [ 169.841679] CPU: 0 PID: 9442 Comm: syz-executor0 Not tainted 4.18.0-rc5-next-20180720+ #12 [ 169.850103] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 169.859460] Call Trace: [ 169.862039] dump_stack+0x1c9/0x2b4 [ 169.865674] ? dump_stack_print_info.cold.2+0x52/0x52 [ 169.870941] ? save_stack+0xa9/0xd0 [ 169.874558] ? save_stack+0x43/0xd0 [ 169.878195] should_fail.cold.4+0xa/0x11 [ 169.882244] ? fib_table_insert+0x7a8/0x17a0 [ 169.886658] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 169.891753] ? devinet_ioctl+0x1460/0x1d90 [ 169.895975] ? inet_ioctl+0x18b/0x360 [ 169.899795] ? sock_do_ioctl+0xe4/0x3e0 [ 169.903755] ? sock_ioctl+0x30d/0x680 [ 169.907545] ? do_vfs_ioctl+0x1de/0x1720 [ 169.911594] ? ksys_ioctl+0xa9/0xd0 [ 169.915207] ? __x64_sys_ioctl+0x73/0xb0 [ 169.919276] ? do_syscall_64+0x1b9/0x820 [ 169.923327] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 169.928682] ? kasan_check_write+0x14/0x20 [ 169.932907] ? do_raw_spin_lock+0xc1/0x200 [ 169.937133] ? trace_hardirqs_off+0xd/0x10 [ 169.941358] ? _raw_spin_unlock_irqrestore+0x63/0xc0 [ 169.946462] ? debug_check_no_obj_freed+0x30b/0x595 [ 169.951481] ? lock_acquire+0x1e4/0x540 [ 169.955449] ? fs_reclaim_acquire+0x20/0x20 [ 169.959768] ? lock_downgrade+0x8f0/0x8f0 [ 169.963912] ? check_same_owner+0x340/0x340 [ 169.968223] ? rcu_note_context_switch+0x730/0x730 [ 169.973139] ? do_raw_spin_lock+0xc1/0x200 [ 169.977363] __should_failslab+0x124/0x180 [ 169.981589] should_failslab+0x9/0x14 [ 169.985379] __kmalloc+0x2c8/0x760 [ 169.988918] ? alloc_skb_with_frags+0x7d0/0x7d0 [ 169.993574] ? __wake_up_common+0x740/0x740 [ 169.997886] ? fib_create_info+0x9b1/0x45e0 [ 170.002194] fib_create_info+0x9b1/0x45e0 [ 170.006336] ? netlink_broadcast_filtered+0x7e5/0x1620 [ 170.011599] ? kasan_unpoison_shadow+0x35/0x50 [ 170.016170] ? trace_hardirqs_on+0x10/0x10 [ 170.020391] ? fib_info_update_nh_saddr+0x300/0x300 [ 170.025409] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 170.030962] ? __alloc_skb+0x4c6/0x770 [ 170.034838] ? skb_scrub_packet+0x490/0x490 [ 170.039148] ? atomic_notifier_call_chain+0xf1/0x190 [ 170.044240] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 170.049765] ? nlmsg_notify+0xc4/0x1a0 [ 170.053654] ? rtnl_notify+0xce/0xf0 [ 170.057364] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 170.062367] ? fib_get_table+0x274/0x350 [ 170.066413] ? __fib_validate_source+0x1f10/0x1f10 [ 170.071600] fib_table_insert+0x1c1/0x17a0 [ 170.075825] ? fib_new_table+0xc0/0x490 [ 170.079790] ? fib_table_lookup+0x24a0/0x24a0 [ 170.084273] ? trace_hardirqs_on+0xd/0x10 [ 170.088406] ? kasan_unpoison_shadow+0x35/0x50 [ 170.092978] ? kasan_kmalloc+0xc4/0xe0 [ 170.096863] fib_magic.isra.22+0x66b/0x890 [ 170.101106] ? fib_new_table+0x490/0x490 [ 170.105163] ? lock_acquire+0x1e4/0x540 [ 170.109126] ? blocking_notifier_call_chain+0x129/0x190 [ 170.114482] fib_add_ifaddr+0x382/0x500 [ 170.118449] fib_inetaddr_event+0x172/0x222 [ 170.122777] notifier_call_chain+0x180/0x390 [ 170.127174] ? unregister_die_notifier+0x20/0x20 [ 170.131919] ? __x64_sys_ioctl+0x73/0xb0 [ 170.135980] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 170.141357] blocking_notifier_call_chain+0x147/0x190 [ 170.146541] ? srcu_init_notifier_head+0xa0/0xa0 [ 170.151290] ? rtmsg_ifa+0x14e/0x1e0 [ 170.155013] __inet_insert_ifa+0x858/0xba0 [ 170.159245] ? refcount_add_not_zero_checked+0x330/0x330 [ 170.164714] ? __inet_del_ifa+0xbd0/0xbd0 [ 170.168856] ? rtnl_is_locked+0xb5/0xf0 [ 170.172818] ? rtnl_trylock+0x20/0x20 [ 170.176629] devinet_ioctl+0x1460/0x1d90 [ 170.180686] ? inet_ifa_byprefix+0x240/0x240 [ 170.185094] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 170.190640] inet_ioctl+0x18b/0x360 [ 170.195530] ? inet_stream_connect+0xa0/0xa0 [ 170.199927] ? _parse_integer+0x190/0x190 [ 170.204062] ? lock_release+0xa30/0xa30 [ 170.208025] ? check_same_owner+0x340/0x340 [ 170.212336] ? __check_object_size+0xa3/0x5d7 [ 170.216820] sock_do_ioctl+0xe4/0x3e0 [ 170.220626] ? __fget+0x4ac/0x740 [ 170.224068] ? compat_ifr_data_ioctl+0x170/0x170 [ 170.228814] ? lock_release+0xa30/0xa30 [ 170.232773] ? pid_task+0x115/0x200 [ 170.236388] ? find_vpid+0xf0/0xf0 [ 170.239915] ? __f_unlock_pos+0x19/0x20 [ 170.243881] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 170.249058] sock_ioctl+0x30d/0x680 [ 170.252679] ? dlci_ioctl_set+0x40/0x40 [ 170.256638] ? ksys_dup3+0x690/0x690 [ 170.260345] ? kasan_check_write+0x14/0x20 [ 170.264568] ? __mutex_unlock_slowpath+0x197/0x8c0 [ 170.269485] ? fsnotify+0xbac/0x14e0 [ 170.273188] ? vfs_write+0x2f3/0x560 [ 170.276897] ? dlci_ioctl_set+0x40/0x40 [ 170.280859] do_vfs_ioctl+0x1de/0x1720 [ 170.284734] ? fsnotify_first_mark+0x350/0x350 [ 170.289310] ? __fsnotify_parent+0xcc/0x420 [ 170.293629] ? ioctl_preallocate+0x300/0x300 [ 170.298027] ? __fget_light+0x2f7/0x440 [ 170.301987] ? fget_raw+0x20/0x20 [ 170.305429] ? __sb_end_write+0xac/0xe0 [ 170.309408] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 170.314947] ? fput+0x130/0x1a0 [ 170.318212] ? ksys_write+0x1ae/0x260 [ 170.322028] ? security_file_ioctl+0x94/0xc0 [ 170.326427] ksys_ioctl+0xa9/0xd0 [ 170.329866] __x64_sys_ioctl+0x73/0xb0 [ 170.333742] do_syscall_64+0x1b9/0x820 [ 170.337616] ? finish_task_switch+0x1d3/0x870 [ 170.342098] ? syscall_return_slowpath+0x5e0/0x5e0 [ 170.347020] ? syscall_return_slowpath+0x31d/0x5e0 [ 170.351939] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 170.356944] ? prepare_exit_to_usermode+0x291/0x3b0 [ 170.361954] ? perf_trace_sys_enter+0xb10/0xb10 [ 170.366611] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 170.371449] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 170.376636] RIP: 0033:0x455ab9 [ 170.379811] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 170.399044] RSP: 002b:00007f2865266c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 170.406739] RAX: ffffffffffffffda RBX: 00007f28652676d4 RCX: 0000000000455ab9 [ 170.413996] RDX: 0000000020000000 RSI: 0000000000008916 RDI: 0000000000000013 [ 170.421254] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 20:42:49 executing program 4: preadv(0xffffffffffffffff, &(0x7f0000001380), 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/arp\x00') preadv(r0, &(0x7f0000000480), 0x10000000000002a1, 0x10400003) ioctl$TUNGETSNDBUF(0xffffffffffffffff, 0x800454d3, &(0x7f0000000000)) ioctl$PERF_EVENT_IOC_RESET(0xffffffffffffffff, 0x2403, 0x5) fcntl$setown(r0, 0x8, 0x0) r1 = epoll_create1(0x80006) r2 = socket(0x1d, 0x0, 0x1116) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r2, &(0x7f0000000000)={0xfffffffe8000201f}) setsockopt$inet_udp_int(r2, 0x11, 0x6f, &(0x7f0000000100)=0x7, 0x4) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r1, &(0x7f0000000540)={0x20000003}) ioctl$sock_netdev_private(r3, 0x89f0, &(0x7f0000000480)="dd6c4aae95babf1ba2cec8b824c3d8fd5e5e2a57f332e1c96456a1d00ea4ce51a18b3bfae24dc491ada880e92ffe5376d59852e5ee1b2cde661cadfb31d0a597bb36b5180ca4958e224ea71a6b099d1592d459f4f498fce378ebf9ec4774f407b189a23bfebadf74943b2858f72fd422c838df1af095ff") ioctl$BLKSECDISCARD(r3, 0x127d, &(0x7f0000000300)=0x6bb) r5 = perf_event_open(&(0x7f0000000140)={0x2, 0xb1, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) fcntl$getown(r5, 0x9) r6 = mq_open(&(0x7f00005a1ffb)='eth0\x00', 0x42, 0x0, &(0x7f0000000000)={0x0, 0x6, 0x4}) mq_notify(r6, &(0x7f0000000140)={0x0, 0x2e, 0x1, @thr={&(0x7f0000000040)="7be4d6b00202ca53878499e01146863a2e7c8ca45e1910e5eba6453bb6f234b5a1b1bca731970a74bfc8e1793749ea18156c9b8a615bfa2f506fcf44060d36e38f66f111149434d5139e416358ea33f34b4507cdc299f7868d5f186e6bd604", &(0x7f00000000c0)="3c5d8da40d1477844fc4c160b6004a90edc520a6935a49cf5da4c2b525d13146ed27d429c762a4b0e9aaed82555cd1ae800d"}}) r7 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rtc0\x00', 0x101004, 0x0) preadv(r7, &(0x7f0000000440)=[{&(0x7f0000000340)=""/249, 0xf9}], 0x1, 0x0) pipe2(&(0x7f0000000580)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) ioctl$SG_GET_PACK_ID(r8, 0x227c, &(0x7f00000005c0)) ppoll(&(0x7f00000001c0)=[{r6, 0x8000}, {r7, 0x420}], 0x2, &(0x7f0000000200)={0x77359400}, &(0x7f0000000240)={0x9}, 0x8) mq_timedsend(r6, &(0x7f00000e6000), 0x0, 0xe7, &(0x7f0000e0b000)) getsockopt$inet_udp_int(r3, 0x11, 0x1, &(0x7f0000000280), &(0x7f0000000640)=0x4) write$eventfd(r4, &(0x7f00000002c0)=0x43, 0x8) setsockopt$inet_mreq(r2, 0x0, 0x23, &(0x7f0000000500)={@local, @rand_addr=0x800}, 0x8) syz_genetlink_get_family_id$team(&(0x7f0000000780)='team\x00') 20:42:49 executing program 6: r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f00000005c0)=0x1, 0x4) getsockopt$inet_sctp6_SCTP_DISABLE_FRAGMENTS(r0, 0x84, 0x8, &(0x7f0000000000), &(0x7f0000000040)=0x4) connect$inet6(r0, &(0x7f0000000240)={0xa, 0x0, 0x0, @local}, 0x1c) 20:42:49 executing program 2: preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000080)=""/148, 0x289}], 0x1, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/arp\x00') preadv(r0, &(0x7f0000000480), 0x10000000000002a1, 0x10400003) ioctl$TUNGETSNDBUF(0xffffffffffffffff, 0x800454d3, &(0x7f0000000000)) ioctl$PERF_EVENT_IOC_RESET(0xffffffffffffffff, 0x2403, 0x5) fcntl$setown(r0, 0x8, 0x0) r1 = epoll_create1(0x80006) r2 = socket(0x1d, 0x0, 0x1116) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r2, &(0x7f0000000000)={0xfffffffe8000201f}) setsockopt$inet_udp_int(r2, 0x11, 0x6f, &(0x7f0000000100)=0x7, 0x4) pipe(&(0x7f0000000040)={0xffffffffffffffff}) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r1, &(0x7f0000000540)={0x20000003}) ioctl$sock_netdev_private(r3, 0x89f0, &(0x7f0000000480)="dd6c4aae95babf1ba2cec8b824c3d8fd5e5e2a57f332e1c96456a1d00ea4ce51a18b3bfae24dc491ada880e92ffe5376d59852e5ee1b2cde661cadfb31d0a597bb36b5180ca4958e224ea71a6b099d1592d459f4f498fce378ebf9ec4774f407b189a23bfebadf74943b2858f72fd422c838df1af095ff") ioctl$BLKSECDISCARD(r3, 0x127d, &(0x7f0000000300)=0x6bb) r4 = mq_open(&(0x7f00005a1ffb)='eth0\x00', 0x42, 0x0, &(0x7f0000000000)={0x0, 0x6, 0x4}) mq_timedsend(r4, &(0x7f00000e6000), 0x0, 0xe7, &(0x7f0000e0b000)) 20:42:49 executing program 1: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup.net\x00', 0x200002, 0x0) fchdir(r0) r1 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) fallocate(r1, 0x0, 0x0, 0x800000f) 20:42:49 executing program 0 (fault-call:2 fault-nth:18): r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCSIFADDR(r0, 0x8916, &(0x7f00000000c0)={'bond_slave_0\x00'}) ioctl$sock_inet_SIOCSIFADDR(r0, 0x8916, &(0x7f0000000000)={'bond_slave_0\x00', {0x2, 0x0, @local}}) 20:42:49 executing program 2: preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000080)=""/148, 0x289}], 0x1, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/arp\x00') preadv(r0, &(0x7f0000000480), 0x10000000000002a1, 0x10400003) ioctl$TUNGETSNDBUF(0xffffffffffffffff, 0x800454d3, &(0x7f0000000000)) ioctl$PERF_EVENT_IOC_RESET(0xffffffffffffffff, 0x2403, 0x5) fcntl$setown(r0, 0x8, 0x0) r1 = epoll_create1(0x80006) r2 = socket(0x1d, 0x0, 0x1116) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r2, &(0x7f0000000000)={0xfffffffe8000201f}) setsockopt$inet_udp_int(r2, 0x11, 0x6f, &(0x7f0000000100)=0x7, 0x4) pipe(&(0x7f0000000040)={0xffffffffffffffff}) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r1, &(0x7f0000000540)={0x20000003}) ioctl$sock_netdev_private(r3, 0x89f0, &(0x7f0000000480)="dd6c4aae95babf1ba2cec8b824c3d8fd5e5e2a57f332e1c96456a1d00ea4ce51a18b3bfae24dc491ada880e92ffe5376d59852e5ee1b2cde661cadfb31d0a597bb36b5180ca4958e224ea71a6b099d1592d459f4f498fce378ebf9ec4774f407b189a23bfebadf74943b2858f72fd422c838df1af095ff") r4 = mq_open(&(0x7f00005a1ffb)='eth0\x00', 0x42, 0x0, &(0x7f0000000000)={0x0, 0x6, 0x4}) mq_timedsend(r4, &(0x7f00000e6000), 0x0, 0xe7, &(0x7f0000e0b000)) [ 170.428519] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000014 [ 170.435783] R13: 00000000004bfc03 R14: 00000000004cf4d8 R15: 0000000000000011 [ 170.464906] binder: 9419:9452 transaction failed 29189/-22, size 0-0 line 2852 20:42:49 executing program 6: r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f00000005c0)=0x1, 0x4) connect$inet6(r0, &(0x7f0000000240)={0xa, 0x0, 0x0, @local}, 0x1c) r1 = open(&(0x7f0000000000)='./file0\x00', 0x402, 0x119) setsockopt$packet_rx_ring(r1, 0x107, 0x5, &(0x7f00000000c0)=@req3={0x10001, 0x4, 0x1, 0x0, 0x47300000000000, 0x2, 0x10000}, 0x280c5d06e34b6df3) [ 170.576665] binder: undelivered TRANSACTION_ERROR: 29189 [ 170.602753] FAULT_INJECTION: forcing a failure. [ 170.602753] name failslab, interval 1, probability 0, space 0, times 0 [ 170.614086] CPU: 0 PID: 9464 Comm: syz-executor0 Not tainted 4.18.0-rc5-next-20180720+ #12 20:42:49 executing program 7: r0 = syz_open_dev$binder(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000000c0)={0x4, 0x0, &(0x7f0000000100)=[@register_looper], 0x1, 0x6c000000, &(0x7f0000000280)='\b'}) r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000008fd0)={0x4c, 0x0, &(0x7f0000000140)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000100)}}}], 0x0, 0x0, &(0x7f0000fedffe)}) 20:42:49 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f0000000180)=0x1, 0x3c7) setsockopt$inet_tcp_int(r0, 0x6, 0x4000000000014, &(0x7f0000000040)=0x80000000001, 0x4) connect$inet(r0, &(0x7f00000000c0)={0x2, 0x0, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000140), 0xeffdffff00011000, 0x0, 0x0, 0x0) sendto$inet(r0, &(0x7f00000002c0)="ed", 0x1, 0x0, &(0x7f0000000200), 0x10) 20:42:49 executing program 5: mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x4, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000001c0)) r1 = getpid() sched_setaffinity(r1, 0x8, &(0x7f0000d4b000)=0x2) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1}) r2 = syz_open_dev$evdev(&(0x7f0000000100)='/dev/input/event#\x00', 0x0, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$EVIOCGMTSLOTS(r2, 0x8040450a, &(0x7f0000013000)) dup3(r2, r3, 0x0) syz_open_dev$evdev(&(0x7f0000000040)='/dev/input/event#\x00', 0x0, 0x0) close(r0) 20:42:49 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x0, @broadcast}, 0x10) sendto$inet(r0, &(0x7f0000a88f88), 0xfffffffffffffe6e, 0x20000000, &(0x7f0000e68000)={0x2, 0x4004e23, @local}, 0x10) shutdown(r1, 0x1) 20:42:49 executing program 6: r0 = socket$inet6(0xa, 0x1, 0x7fffffff) r1 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000000)='/dev/rtc0\x00', 0x100, 0x0) setsockopt$inet_sctp_SCTP_AUTH_CHUNK(r1, 0x84, 0x15, &(0x7f0000000040)={0xfe6}, 0x1) setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f00000005c0)=0x3ff, 0x4) connect$inet6(r0, &(0x7f0000000240)={0xa, 0x0, 0x0, @local}, 0x1c) getsockname$packet(r1, &(0x7f0000000080)={0x11, 0x0, 0x0}, &(0x7f00000000c0)=0x14) ioctl$sock_inet6_SIOCDELRT(r1, 0x890c, &(0x7f0000000100)={@remote, @dev={0xfe, 0x80, [], 0x1b}, @empty, 0x6, 0x4, 0x6, 0x100, 0x2, 0x40000, r2}) 20:42:49 executing program 2: preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000080)=""/148, 0x289}], 0x1, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/arp\x00') preadv(r0, &(0x7f0000000480), 0x10000000000002a1, 0x10400003) ioctl$TUNGETSNDBUF(0xffffffffffffffff, 0x800454d3, &(0x7f0000000000)) ioctl$PERF_EVENT_IOC_RESET(0xffffffffffffffff, 0x2403, 0x5) fcntl$setown(r0, 0x8, 0x0) r1 = epoll_create1(0x80006) r2 = socket(0x1d, 0x0, 0x1116) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r2, &(0x7f0000000000)={0xfffffffe8000201f}) setsockopt$inet_udp_int(r2, 0x11, 0x6f, &(0x7f0000000100)=0x7, 0x4) pipe(&(0x7f0000000040)) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r1, &(0x7f0000000540)={0x20000003}) r3 = mq_open(&(0x7f00005a1ffb)='eth0\x00', 0x42, 0x0, &(0x7f0000000000)={0x0, 0x6, 0x4}) mq_timedsend(r3, &(0x7f00000e6000), 0x0, 0xe7, &(0x7f0000e0b000)) [ 170.622491] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 170.631845] Call Trace: [ 170.634468] dump_stack+0x1c9/0x2b4 [ 170.638114] ? dump_stack_print_info.cold.2+0x52/0x52 [ 170.643328] ? fib_create_info+0x31b3/0x45e0 [ 170.647758] should_fail.cold.4+0xa/0x11 [ 170.651841] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 170.657014] ? fib_info_update_nh_saddr+0x300/0x300 [ 170.662057] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 170.667613] ? __alloc_skb+0x4c6/0x770 [ 170.671523] ? lock_acquire+0x1e4/0x540 20:42:49 executing program 1: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(0xffffffffffffffff, &(0x7f0000000080)={0x2, 0x0, @loopback}, 0x10) setsockopt$SO_TIMESTAMPING(r1, 0x1, 0x25, &(0x7f0000000000)=0xbff, 0x4) 20:42:49 executing program 6: r0 = socket$inet6(0xa, 0x1, 0x0) accept4(r0, &(0x7f0000000000)=@un=@abs, &(0x7f0000000080)=0x80, 0x80800) setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f00000005c0)=0x1, 0x4) delete_module(&(0x7f00000000c0)='ppp1#)\x00', 0x0) connect$inet6(r0, &(0x7f0000000240)={0xa, 0x0, 0x0, @local}, 0x1c) [ 170.675511] ? fs_reclaim_acquire+0x20/0x20 [ 170.679884] ? lock_downgrade+0x8f0/0x8f0 [ 170.684059] ? check_same_owner+0x340/0x340 [ 170.687875] binder: 9487:9491 ERROR: BC_REGISTER_LOOPER called without request [ 170.688394] ? rcu_note_context_switch+0x730/0x730 [ 170.688414] __should_failslab+0x124/0x180 [ 170.688435] should_failslab+0x9/0x14 [ 170.688454] kmem_cache_alloc+0x2af/0x760 [ 170.712927] ? __fib_validate_source+0x1f10/0x1f10 [ 170.717868] fib_table_insert+0x411/0x17a0 [ 170.722116] ? fib_table_lookup+0x24a0/0x24a0 [ 170.726623] ? trace_hardirqs_on+0xd/0x10 [ 170.730789] ? kasan_unpoison_shadow+0x35/0x50 [ 170.735387] ? kasan_kmalloc+0xc4/0xe0 [ 170.739293] fib_magic.isra.22+0x66b/0x890 [ 170.743548] ? fib_new_table+0x490/0x490 [ 170.747631] ? lock_acquire+0x1e4/0x540 [ 170.751628] ? blocking_notifier_call_chain+0x129/0x190 [ 170.757019] fib_add_ifaddr+0x382/0x500 [ 170.761012] fib_inetaddr_event+0x172/0x222 [ 170.765351] notifier_call_chain+0x180/0x390 [ 170.769781] ? unregister_die_notifier+0x20/0x20 20:42:49 executing program 2: preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000080)=""/148, 0x289}], 0x1, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/arp\x00') preadv(r0, &(0x7f0000000480), 0x10000000000002a1, 0x10400003) ioctl$TUNGETSNDBUF(0xffffffffffffffff, 0x800454d3, &(0x7f0000000000)) ioctl$PERF_EVENT_IOC_RESET(0xffffffffffffffff, 0x2403, 0x5) fcntl$setown(r0, 0x8, 0x0) r1 = epoll_create1(0x80006) r2 = socket(0x1d, 0x0, 0x1116) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r2, &(0x7f0000000000)={0xfffffffe8000201f}) setsockopt$inet_udp_int(r2, 0x11, 0x6f, &(0x7f0000000100)=0x7, 0x4) pipe(&(0x7f0000000040)) r3 = mq_open(&(0x7f00005a1ffb)='eth0\x00', 0x42, 0x0, &(0x7f0000000000)={0x0, 0x6, 0x4}) mq_timedsend(r3, &(0x7f00000e6000), 0x0, 0xe7, &(0x7f0000e0b000)) [ 170.774550] ? __x64_sys_ioctl+0x73/0xb0 [ 170.778627] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 170.784016] blocking_notifier_call_chain+0x147/0x190 [ 170.789223] ? srcu_init_notifier_head+0xa0/0xa0 [ 170.794005] ? rtmsg_ifa+0x14e/0x1e0 [ 170.797742] __inet_insert_ifa+0x858/0xba0 [ 170.802001] ? refcount_add_not_zero_checked+0x330/0x330 [ 170.807468] ? __inet_del_ifa+0xbd0/0xbd0 [ 170.811633] ? rtnl_is_locked+0xb5/0xf0 [ 170.815621] ? rtnl_trylock+0x20/0x20 [ 170.819448] devinet_ioctl+0x1460/0x1d90 [ 170.823543] ? inet_ifa_byprefix+0x240/0x240 [ 170.827969] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 170.833523] inet_ioctl+0x18b/0x360 [ 170.837168] ? inet_stream_connect+0xa0/0xa0 [ 170.841595] ? _parse_integer+0x190/0x190 [ 170.845760] ? lock_release+0xa30/0xa30 [ 170.849925] ? check_same_owner+0x340/0x340 [ 170.854267] ? __check_object_size+0xa3/0x5d7 [ 170.858777] sock_do_ioctl+0xe4/0x3e0 [ 170.862590] ? __fget+0x4ac/0x740 [ 170.866054] ? compat_ifr_data_ioctl+0x170/0x170 [ 170.870831] ? lock_release+0xa30/0xa30 [ 170.874820] ? pid_task+0x115/0x200 [ 170.878455] ? find_vpid+0xf0/0xf0 [ 170.881990] ? __f_unlock_pos+0x19/0x20 [ 170.885963] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 170.891168] sock_ioctl+0x30d/0x680 [ 170.894818] ? dlci_ioctl_set+0x40/0x40 [ 170.898799] ? ksys_dup3+0x690/0x690 [ 170.902526] ? kasan_check_write+0x14/0x20 [ 170.906771] ? __mutex_unlock_slowpath+0x197/0x8c0 [ 170.911699] ? fsnotify+0xbac/0x14e0 [ 170.915424] ? vfs_write+0x2f3/0x560 [ 170.919135] ? dlci_ioctl_set+0x40/0x40 [ 170.923186] do_vfs_ioctl+0x1de/0x1720 [ 170.927072] ? fsnotify_first_mark+0x350/0x350 [ 170.931658] ? __fsnotify_parent+0xcc/0x420 [ 170.935980] ? ioctl_preallocate+0x300/0x300 [ 170.940392] ? __fget_light+0x2f7/0x440 [ 170.944376] ? fget_raw+0x20/0x20 [ 170.947818] ? __sb_end_write+0xac/0xe0 [ 170.951790] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 170.957332] ? fput+0x130/0x1a0 [ 170.960606] ? ksys_write+0x1ae/0x260 [ 170.964426] ? security_file_ioctl+0x94/0xc0 [ 170.968841] ksys_ioctl+0xa9/0xd0 [ 170.972295] __x64_sys_ioctl+0x73/0xb0 [ 170.976193] do_syscall_64+0x1b9/0x820 [ 170.980095] ? finish_task_switch+0x1d3/0x870 [ 170.984591] ? syscall_return_slowpath+0x5e0/0x5e0 [ 170.989530] ? syscall_return_slowpath+0x31d/0x5e0 [ 170.994492] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 170.999517] ? prepare_exit_to_usermode+0x291/0x3b0 [ 171.004531] ? perf_trace_sys_enter+0xb10/0xb10 [ 171.009198] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 171.014070] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 171.019254] RIP: 0033:0x455ab9 [ 171.022441] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 171.041711] RSP: 002b:00007f2865266c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 171.049414] RAX: ffffffffffffffda RBX: 00007f28652676d4 RCX: 0000000000455ab9 [ 171.056678] RDX: 0000000020000000 RSI: 0000000000008916 RDI: 0000000000000013 [ 171.063935] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 171.071204] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000014 [ 171.078481] R13: 00000000004bfc03 R14: 00000000004cf4d8 R15: 0000000000000012 20:42:50 executing program 4: preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000080)=""/148, 0x289}], 0x1, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/arp\x00') preadv(0xffffffffffffffff, &(0x7f0000000480), 0x10000000000002a1, 0x10400003) ioctl$TUNGETSNDBUF(0xffffffffffffffff, 0x800454d3, &(0x7f0000000000)) ioctl$PERF_EVENT_IOC_RESET(0xffffffffffffffff, 0x2403, 0x5) fcntl$setown(r0, 0x8, 0x0) r1 = epoll_create1(0x80006) r2 = socket(0x1d, 0x0, 0x1116) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r2, &(0x7f0000000000)={0xfffffffe8000201f}) setsockopt$inet_udp_int(r2, 0x11, 0x6f, &(0x7f0000000100)=0x7, 0x4) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r1, &(0x7f0000000540)={0x20000003}) ioctl$sock_netdev_private(r3, 0x89f0, &(0x7f0000000480)="dd6c4aae95babf1ba2cec8b824c3d8fd5e5e2a57f332e1c96456a1d00ea4ce51a18b3bfae24dc491ada880e92ffe5376d59852e5ee1b2cde661cadfb31d0a597bb36b5180ca4958e224ea71a6b099d1592d459f4f498fce378ebf9ec4774f407b189a23bfebadf74943b2858f72fd422c838df1af095ff") ioctl$BLKSECDISCARD(r3, 0x127d, &(0x7f0000000300)=0x6bb) r5 = perf_event_open(&(0x7f0000000140)={0x2, 0xb1, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) fcntl$getown(r5, 0x9) r6 = mq_open(&(0x7f00005a1ffb)='eth0\x00', 0x42, 0x0, &(0x7f0000000000)={0x0, 0x6, 0x4}) mq_notify(r6, &(0x7f0000000140)={0x0, 0x2e, 0x1, @thr={&(0x7f0000000040)="7be4d6b00202ca53878499e01146863a2e7c8ca45e1910e5eba6453bb6f234b5a1b1bca731970a74bfc8e1793749ea18156c9b8a615bfa2f506fcf44060d36e38f66f111149434d5139e416358ea33f34b4507cdc299f7868d5f186e6bd604", &(0x7f00000000c0)="3c5d8da40d1477844fc4c160b6004a90edc520a6935a49cf5da4c2b525d13146ed27d429c762a4b0e9aaed82555cd1ae800d"}}) r7 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rtc0\x00', 0x101004, 0x0) preadv(r7, &(0x7f0000000440)=[{&(0x7f0000000340)=""/249, 0xf9}], 0x1, 0x0) pipe2(&(0x7f0000000580)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) ioctl$SG_GET_PACK_ID(r8, 0x227c, &(0x7f00000005c0)) ppoll(&(0x7f00000001c0)=[{r6, 0x8000}, {r7, 0x420}], 0x2, &(0x7f0000000200)={0x77359400}, &(0x7f0000000240)={0x9}, 0x8) mq_timedsend(r6, &(0x7f00000e6000), 0x0, 0xe7, &(0x7f0000e0b000)) getsockopt$inet_udp_int(r3, 0x11, 0x1, &(0x7f0000000280), &(0x7f0000000640)=0x4) write$eventfd(r4, &(0x7f00000002c0)=0x43, 0x8) setsockopt$inet_mreq(r2, 0x0, 0x23, &(0x7f0000000500)={@local, @rand_addr=0x800}, 0x8) syz_genetlink_get_family_id$team(&(0x7f0000000780)='team\x00') 20:42:50 executing program 6: r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f00000005c0)=0x1, 0x4) connect$inet6(r0, &(0x7f0000000240)={0xa, 0x0, 0x0, @local}, 0x1c) r1 = dup(r0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000000)={0x0, 0x0}, &(0x7f0000000040)=0xc) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000080)={0x0, 0x0, 0x0}, &(0x7f00000000c0)=0xc) write$FUSE_ENTRY(r1, &(0x7f0000000100)={0x90, 0x0, 0x3, {0x4, 0x0, 0x4, 0x86, 0x5, 0x2, {0x1, 0xf57, 0x2, 0x2e, 0x10001, 0x8, 0x7, 0xfffffffffffff34b, 0x8, 0x7, 0x7fff, r2, r3, 0x2, 0x800}}}, 0x90) 20:42:50 executing program 2: preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000080)=""/148, 0x289}], 0x1, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/arp\x00') preadv(r0, &(0x7f0000000480), 0x10000000000002a1, 0x10400003) ioctl$TUNGETSNDBUF(0xffffffffffffffff, 0x800454d3, &(0x7f0000000000)) ioctl$PERF_EVENT_IOC_RESET(0xffffffffffffffff, 0x2403, 0x5) fcntl$setown(r0, 0x8, 0x0) r1 = epoll_create1(0x80006) r2 = socket(0x1d, 0x0, 0x1116) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r2, &(0x7f0000000000)={0xfffffffe8000201f}) setsockopt$inet_udp_int(r2, 0x11, 0x6f, &(0x7f0000000100)=0x7, 0x4) r3 = mq_open(&(0x7f00005a1ffb)='eth0\x00', 0x42, 0x0, &(0x7f0000000000)={0x0, 0x6, 0x4}) mq_timedsend(r3, &(0x7f00000e6000), 0x0, 0xe7, &(0x7f0000e0b000)) 20:42:50 executing program 0 (fault-call:2 fault-nth:19): r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCSIFADDR(r0, 0x8916, &(0x7f00000000c0)={'bond_slave_0\x00'}) ioctl$sock_inet_SIOCSIFADDR(r0, 0x8916, &(0x7f0000000000)={'bond_slave_0\x00', {0x2, 0x0, @local}}) 20:42:50 executing program 1: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(0xffffffffffffffff, &(0x7f0000000080)={0x2, 0x0, @loopback}, 0x10) setsockopt$SO_TIMESTAMPING(r1, 0x1, 0x25, &(0x7f0000000000)=0xbff, 0x4) 20:42:50 executing program 6: r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f00000005c0)=0x1, 0x4) connect$inet6(r0, &(0x7f0000000240)={0xa, 0x0, 0x0, @local}, 0x1c) socket$inet6(0xa, 0x1, 0x8000) 20:42:50 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x0, @broadcast}, 0x10) sendto$inet(r0, &(0x7f0000a88f88), 0xfffffffffffffe6e, 0x20000000, &(0x7f0000e68000)={0x2, 0x4004e23, @local}, 0x10) shutdown(r1, 0x1) [ 171.482311] binder: 9487:9514 transaction failed 29189/-22, size 0-0 line 2852 [ 171.594198] FAULT_INJECTION: forcing a failure. [ 171.594198] name failslab, interval 1, probability 0, space 0, times 0 [ 171.605596] CPU: 0 PID: 9521 Comm: syz-executor0 Not tainted 4.18.0-rc5-next-20180720+ #12 [ 171.612319] binder: undelivered TRANSACTION_ERROR: 29189 [ 171.613997] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 171.614003] Call Trace: [ 171.614028] dump_stack+0x1c9/0x2b4 [ 171.614044] ? dump_stack_print_info.cold.2+0x52/0x52 [ 171.614065] ? lock_release+0xa30/0xa30 [ 171.644179] should_fail.cold.4+0xa/0x11 [ 171.648253] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 171.653374] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 171.658427] ? trace_hardirqs_on+0x10/0x10 [ 171.662680] ? lock_acquire+0x1e4/0x540 [ 171.666672] ? is_bpf_text_address+0xae/0x170 [ 171.671184] ? lock_downgrade+0x8f0/0x8f0 [ 171.675364] ? lock_release+0xa30/0xa30 [ 171.679377] ? lock_acquire+0x1e4/0x540 [ 171.683375] ? fs_reclaim_acquire+0x20/0x20 [ 171.687716] ? lock_downgrade+0x8f0/0x8f0 20:42:50 executing program 7: r0 = syz_open_dev$binder(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000000c0)={0x4, 0x0, &(0x7f0000000100)=[@register_looper], 0x1, 0x6c000000, &(0x7f0000000280)='\b'}) r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000008fd0)={0x4c, 0x0, &(0x7f0000000140)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000100)}}}], 0x0, 0x0, &(0x7f0000fedffe)}) 20:42:50 executing program 2: preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000080)=""/148, 0x289}], 0x1, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/arp\x00') preadv(r0, &(0x7f0000000480), 0x10000000000002a1, 0x10400003) ioctl$TUNGETSNDBUF(0xffffffffffffffff, 0x800454d3, &(0x7f0000000000)) ioctl$PERF_EVENT_IOC_RESET(0xffffffffffffffff, 0x2403, 0x5) fcntl$setown(r0, 0x8, 0x0) r1 = epoll_create1(0x80006) r2 = socket(0x1d, 0x0, 0x1116) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r2, &(0x7f0000000000)={0xfffffffe8000201f}) r3 = mq_open(&(0x7f00005a1ffb)='eth0\x00', 0x42, 0x0, &(0x7f0000000000)={0x0, 0x6, 0x4}) mq_timedsend(r3, &(0x7f00000e6000), 0x0, 0xe7, &(0x7f0000e0b000)) [ 171.688478] binder: 9539:9540 ERROR: BC_REGISTER_LOOPER called without request [ 171.691879] ? check_same_owner+0x340/0x340 [ 171.691897] ? kernel_text_address+0x79/0xf0 [ 171.691913] ? rcu_note_context_switch+0x730/0x730 [ 171.691926] ? __kernel_text_address+0xd/0x40 [ 171.691940] __should_failslab+0x124/0x180 [ 171.691957] should_failslab+0x9/0x14 [ 171.725453] kmem_cache_alloc+0x2af/0x760 [ 171.729621] fib_insert_alias+0x76a/0x1200 [ 171.733864] ? kasan_slab_alloc+0x12/0x20 [ 171.738070] ? fib_table_insert+0x411/0x17a0 [ 171.742480] ? fib_trie_seq_start+0x4e0/0x4e0 [ 171.746968] ? lock_downgrade+0x8f0/0x8f0 [ 171.751112] ? __x64_sys_ioctl+0x73/0xb0 [ 171.755169] ? unregister_die_notifier+0x20/0x20 [ 171.759934] ? __alloc_skb+0x4c6/0x770 [ 171.763824] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 171.769467] ? atomic_notifier_call_chain+0xf1/0x190 [ 171.774581] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 171.780117] ? call_fib_notifiers+0x6f/0x90 [ 171.784459] ? call_fib4_notifiers+0x9c/0x110 [ 171.788968] ? call_fib_entry_notifiers+0x2f1/0x500 [ 171.793978] ? kasan_kmalloc+0xc4/0xe0 [ 171.797867] ? tnode_free+0x120/0x120 [ 171.801671] ? __fib_validate_source+0x1f10/0x1f10 [ 171.806621] fib_table_insert+0x67c/0x17a0 [ 171.810875] ? fib_table_lookup+0x24a0/0x24a0 [ 171.815380] ? lock_repin_lock+0x430/0x430 [ 171.819636] ? kasan_unpoison_shadow+0x35/0x50 [ 171.824235] ? kasan_kmalloc+0xc4/0xe0 [ 171.828124] fib_magic.isra.22+0x66b/0x890 [ 171.832373] ? fib_new_table+0x490/0x490 [ 171.836435] ? lock_acquire+0x1e4/0x540 [ 171.840430] ? blocking_notifier_call_chain+0x129/0x190 [ 171.845798] fib_add_ifaddr+0x382/0x500 [ 171.849787] fib_inetaddr_event+0x172/0x222 [ 171.854121] notifier_call_chain+0x180/0x390 [ 171.858550] ? unregister_die_notifier+0x20/0x20 [ 171.863312] ? retint_kernel+0x10/0x10 [ 171.867211] blocking_notifier_call_chain+0x147/0x190 [ 171.872417] ? srcu_init_notifier_head+0xa0/0xa0 [ 171.877207] ? rtmsg_ifa+0x14e/0x1e0 [ 171.880922] __inet_insert_ifa+0x858/0xba0 [ 171.885167] ? refcount_add_not_zero_checked+0x330/0x330 [ 171.890613] ? __inet_del_ifa+0xbd0/0xbd0 [ 171.894769] ? rtnl_is_locked+0xb5/0xf0 [ 171.898745] ? rtnl_trylock+0x20/0x20 [ 171.902542] devinet_ioctl+0x1460/0x1d90 [ 171.906597] ? inet_ifa_byprefix+0x240/0x240 [ 171.911024] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 171.916593] inet_ioctl+0x18b/0x360 [ 171.920231] ? inet_stream_connect+0xa0/0xa0 [ 171.924641] ? _parse_integer+0x190/0x190 [ 171.928781] ? lock_release+0xa30/0xa30 [ 171.932757] ? check_same_owner+0x340/0x340 [ 171.937089] ? __check_object_size+0xa3/0x5d7 [ 171.941598] sock_do_ioctl+0xe4/0x3e0 [ 171.945391] ? __fget+0x4ac/0x740 [ 171.948837] ? compat_ifr_data_ioctl+0x170/0x170 [ 171.953610] ? lock_release+0xa30/0xa30 [ 171.957599] ? pid_task+0x115/0x200 [ 171.961344] ? find_vpid+0xf0/0xf0 [ 171.964898] ? __f_unlock_pos+0x19/0x20 [ 171.968863] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 171.974056] sock_ioctl+0x30d/0x680 [ 171.977699] ? dlci_ioctl_set+0x40/0x40 [ 171.981682] ? ksys_dup3+0x690/0x690 [ 171.985413] ? kasan_check_write+0x14/0x20 [ 171.989655] ? __mutex_unlock_slowpath+0x197/0x8c0 [ 171.994593] ? fsnotify+0xbac/0x14e0 [ 171.998308] ? vfs_write+0x2f3/0x560 [ 172.002069] ? dlci_ioctl_set+0x40/0x40 [ 172.006045] do_vfs_ioctl+0x1de/0x1720 [ 172.009960] ? fsnotify_first_mark+0x350/0x350 [ 172.014545] ? __fsnotify_parent+0xcc/0x420 [ 172.018881] ? ioctl_preallocate+0x300/0x300 [ 172.023286] ? __fget_light+0x2f7/0x440 [ 172.027268] ? fget_raw+0x20/0x20 [ 172.030737] ? __sb_end_write+0xac/0xe0 [ 172.034718] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 172.040261] ? fput+0x130/0x1a0 [ 172.043548] ? ksys_write+0x1ae/0x260 [ 172.047355] ? security_file_ioctl+0x94/0xc0 [ 172.051756] ksys_ioctl+0xa9/0xd0 [ 172.055200] __x64_sys_ioctl+0x73/0xb0 [ 172.059092] do_syscall_64+0x1b9/0x820 [ 172.062998] ? syscall_return_slowpath+0x5e0/0x5e0 [ 172.067921] ? syscall_return_slowpath+0x31d/0x5e0 [ 172.072855] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 172.077868] ? prepare_exit_to_usermode+0x291/0x3b0 [ 172.082897] ? perf_trace_sys_enter+0xb10/0xb10 [ 172.087573] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 172.092410] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 172.097588] RIP: 0033:0x455ab9 [ 172.100775] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 172.123248] RSP: 002b:00007f2865266c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 172.130963] RAX: ffffffffffffffda RBX: 00007f28652676d4 RCX: 0000000000455ab9 [ 172.138237] RDX: 0000000020000000 RSI: 0000000000008916 RDI: 0000000000000013 20:42:50 executing program 5: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_mreq(r0, 0x0, 0x20, &(0x7f0000000440)={@remote, @loopback}, 0x8) sendto$inet(r0, &(0x7f0000000000), 0x15, 0x0, &(0x7f0000000300)={0x2, 0x4e20, @multicast1}, 0x10) 20:42:50 executing program 6: r0 = syz_open_dev$sndpcmc(&(0x7f0000000200)='/dev/snd/pcmC#D#c\x00', 0xf43a, 0x400) r1 = socket$inet6(0xa, 0x2, 0xffffffffffffffff) getsockopt$inet_sctp_SCTP_PEER_AUTH_CHUNKS(0xffffffffffffffff, 0x84, 0x1a, &(0x7f0000000700)=ANY=[@ANYRES32=0x0, @ANYBLOB="70000000752ad508a0580487c2ac95c79dbe3a60fdf520b57bc4d957df204e0e9bb4b2e903ecf28b1edadd3020838e05557b4d9bb1a4dbb6ab91d73a956d285254386a76679d9f98099bb26b7c95a88ae68b4f2805735d31257201a1afd30022855c1dad458fb94418146b72d8fce83bcb071048d7092269fe5579b16ea3157e6cc888636d1b5883f8a07524143f4048ecb6c55ad0fbadd2cd529c0d5c85b224562a5e33a57017fabc0668915fc91017fb549475a8e919a0da475aea0f4abb7ef78a1631fbc2b9405aa7f87061303cbeb5adc3cae137d37cb846b6e31845a2631086608d94f89c9b9c04912054870c992c28a6fb6da2ec728e0bb11fb23268700511dfab544bde973bf25ce6a4bf71b13a0d87fd81f279be7fbd777d00001dfa136692ea76ad2054b88a7d2543b7b93cbb1c64e7c437dbba03d55362aee902ecd30bd3"], &(0x7f0000000080)=0x296) getpeername$packet(0xffffffffffffff9c, &(0x7f0000000140)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000180)=0x14) getsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f0000000400)={{{@in6=@mcast1, @in, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@local}, 0x0, @in6=@remote}}, &(0x7f0000000500)=0xe8) setsockopt$inet6_IPV6_IPSEC_POLICY(r1, 0x29, 0x22, &(0x7f0000000600)={{{@in6=@local, @in6=@loopback, 0x4e23, 0x6, 0x4e23, 0x0, 0xa, 0xa0, 0x0, 0xff, 0x0, r4}, {0x100000001, 0x800, 0x9, 0x9, 0x5, 0x0, 0x1f, 0x101}, {0x8, 0x9, 0x15b, 0x6}, 0x9, 0x6e6bb5, 0x0, 0x1, 0x3, 0x1}, {{@in, 0x4d6, 0x33}, 0xa, @in, 0x0, 0x4, 0x2, 0x78, 0x401, 0x1}}, 0xe8) stat(&(0x7f00000001c0)='./file0\x00', &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0}) setsockopt$inet6_IPV6_IPSEC_POLICY(r1, 0x29, 0x22, &(0x7f0000000300)={{{@in6=@mcast2, @in6, 0x4e20, 0x0, 0x4e21, 0x0, 0x2, 0xa0, 0x20, 0xc, r3, r5}, {0x80800000, 0x7f, 0x1, 0xc71, 0xec3, 0x1, 0x5, 0x1ff}, {0x10000000000, 0x9, 0x8}, 0x14, 0x6e6bbe, 0x1, 0x0, 0x2}, {{@in=@local, 0x4d4, 0xff}, 0xa, @in=@remote, 0x3503, 0x1, 0x1, 0x0, 0x2, 0x7ce0003b, 0x9a}}, 0xe8) getsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r1, 0x84, 0x76, &(0x7f00000000c0)={r2, 0x4}, &(0x7f0000000100)=0x8) setsockopt$inet6_int(r1, 0x29, 0x1000000000021, &(0x7f00000005c0)=0x1, 0x4) connect$inet6(r1, &(0x7f0000000240)={0xa, 0x0, 0x0, @local}, 0x1c) 20:42:50 executing program 1: shmget(0x3, 0x2000, 0x0, &(0x7f0000ffe000/0x2000)=nil) 20:42:50 executing program 2: preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000080)=""/148, 0x289}], 0x1, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/arp\x00') preadv(r0, &(0x7f0000000480), 0x10000000000002a1, 0x10400003) ioctl$TUNGETSNDBUF(0xffffffffffffffff, 0x800454d3, &(0x7f0000000000)) ioctl$PERF_EVENT_IOC_RESET(0xffffffffffffffff, 0x2403, 0x5) fcntl$setown(r0, 0x8, 0x0) epoll_create1(0x80006) socket(0x1d, 0x0, 0x1116) r1 = mq_open(&(0x7f00005a1ffb)='eth0\x00', 0x42, 0x0, &(0x7f0000000000)={0x0, 0x6, 0x4}) mq_timedsend(r1, &(0x7f00000e6000), 0x0, 0xe7, &(0x7f0000e0b000)) 20:42:50 executing program 0 (fault-call:2 fault-nth:20): r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCSIFADDR(r0, 0x8916, &(0x7f00000000c0)={'bond_slave_0\x00'}) ioctl$sock_inet_SIOCSIFADDR(r0, 0x8916, &(0x7f0000000000)={'bond_slave_0\x00', {0x2, 0x0, @local}}) [ 172.145512] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 172.152781] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000014 [ 172.160072] R13: 00000000004bfc03 R14: 00000000004cf4d8 R15: 0000000000000013 20:42:50 executing program 1: r0 = socket$inet6(0xa, 0x3, 0x31) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in=@remote, @in6=@loopback, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@multicast1, 0x0, 0x33}, 0x0, @in6=@loopback}}, 0xe8) connect$inet6(r0, &(0x7f00000000c0), 0x1c) 20:42:50 executing program 6: r0 = syz_open_dev$amidi(&(0x7f0000000540)='/dev/amidi#\x00', 0x80000000, 0x8000) connect$llc(r0, &(0x7f0000000580)={0x1a, 0x305, 0x40, 0xd0b, 0x9, 0x400, @broadcast}, 0x10) r1 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_int(r1, 0x29, 0x1000000000021, &(0x7f00000005c0)=0x1, 0x4) fcntl$setpipe(r0, 0x407, 0x871) ioctl$TIOCEXCL(r0, 0x540c) connect$inet6(r1, &(0x7f0000000240)={0xa, 0x0, 0x0, @local}, 0x1c) r2 = openat$vcs(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vcs\x00', 0x100, 0x0) ioctl$KDSKBSENT(r2, 0x4b49, &(0x7f0000000040)="6508a8be0d0f11d6be5f831f9ca44dd8f410852edb32b4696352c31a") setsockopt$bt_BT_CHANNEL_POLICY(r2, 0x112, 0xa, &(0x7f0000000080)=0x3ff, 0x4) [ 172.324755] FAULT_INJECTION: forcing a failure. [ 172.324755] name failslab, interval 1, probability 0, space 0, times 0 [ 172.336047] CPU: 0 PID: 9555 Comm: syz-executor0 Not tainted 4.18.0-rc5-next-20180720+ #12 [ 172.344453] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 172.353821] Call Trace: [ 172.356420] dump_stack+0x1c9/0x2b4 [ 172.360075] ? dump_stack_print_info.cold.2+0x52/0x52 [ 172.365330] ? is_bpf_text_address+0xd7/0x170 [ 172.369855] should_fail.cold.4+0xa/0x11 [ 172.373942] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 172.379068] ? save_stack+0xa9/0xd0 [ 172.382717] ? save_stack+0x43/0xd0 [ 172.386359] ? kasan_kmalloc+0xc4/0xe0 [ 172.390243] ? kasan_slab_alloc+0x12/0x20 [ 172.394385] ? kmem_cache_alloc+0x12e/0x760 [ 172.398719] ? fib_insert_alias+0x76a/0x1200 [ 172.403140] ? fib_table_insert+0x67c/0x17a0 [ 172.407557] ? fib_magic.isra.22+0x66b/0x890 [ 172.411958] ? fib_add_ifaddr+0x382/0x500 [ 172.416111] ? fib_inetaddr_event+0x172/0x222 [ 172.420624] ? notifier_call_chain+0x180/0x390 [ 172.425217] ? blocking_notifier_call_chain+0x147/0x190 [ 172.430579] ? __inet_insert_ifa+0x858/0xba0 [ 172.434985] ? devinet_ioctl+0x1460/0x1d90 [ 172.439225] ? inet_ioctl+0x18b/0x360 [ 172.443027] ? sock_do_ioctl+0xe4/0x3e0 [ 172.447004] ? sock_ioctl+0x30d/0x680 [ 172.450816] ? do_vfs_ioctl+0x1de/0x1720 [ 172.454896] ? __x64_sys_ioctl+0x73/0xb0 [ 172.458971] ? lock_acquire+0x1e4/0x540 [ 172.462950] ? fs_reclaim_acquire+0x20/0x20 [ 172.467288] ? lock_downgrade+0x8f0/0x8f0 [ 172.471438] ? fs_reclaim_acquire+0x20/0x20 [ 172.475751] ? check_same_owner+0x340/0x340 [ 172.480075] ? rcu_note_context_switch+0x730/0x730 [ 172.485001] __should_failslab+0x124/0x180 [ 172.489239] should_failslab+0x9/0x14 [ 172.493030] __kmalloc+0x2c8/0x760 [ 172.496560] ? tnode_new+0x22b/0x2d0 [ 172.500271] tnode_new+0x22b/0x2d0 [ 172.503809] ? fib_insert_alias+0x76a/0x1200 [ 172.508204] fib_insert_alias+0xab4/0x1200 [ 172.512423] ? kasan_slab_alloc+0x12/0x20 [ 172.516568] ? fib_trie_seq_start+0x4e0/0x4e0 [ 172.521056] ? lock_downgrade+0x8f0/0x8f0 [ 172.525212] ? __x64_sys_ioctl+0x73/0xb0 [ 172.529269] ? unregister_die_notifier+0x20/0x20 [ 172.534043] ? __alloc_skb+0x4c6/0x770 [ 172.537940] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 172.543479] ? atomic_notifier_call_chain+0xf1/0x190 [ 172.548585] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 172.554110] ? call_fib_notifiers+0x6f/0x90 [ 172.558508] ? call_fib4_notifiers+0x9c/0x110 [ 172.562991] ? call_fib_entry_notifiers+0x2f1/0x500 [ 172.568004] ? kasan_kmalloc+0xc4/0xe0 [ 172.571884] ? tnode_free+0x120/0x120 [ 172.575670] ? __fib_validate_source+0x1f10/0x1f10 [ 172.580591] fib_table_insert+0x67c/0x17a0 [ 172.584823] ? fib_table_lookup+0x24a0/0x24a0 [ 172.589484] ? trace_hardirqs_on+0xd/0x10 [ 172.593619] ? kasan_unpoison_shadow+0x35/0x50 [ 172.598190] ? kasan_kmalloc+0xc4/0xe0 [ 172.602069] fib_magic.isra.22+0x66b/0x890 [ 172.606290] ? fib_new_table+0x490/0x490 [ 172.610343] ? lock_acquire+0x1e4/0x540 [ 172.614302] ? blocking_notifier_call_chain+0x129/0x190 [ 172.619667] fib_add_ifaddr+0x382/0x500 [ 172.623645] fib_inetaddr_event+0x172/0x222 [ 172.627953] notifier_call_chain+0x180/0x390 [ 172.632358] ? unregister_die_notifier+0x20/0x20 [ 172.637101] ? __x64_sys_ioctl+0x73/0xb0 [ 172.641171] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 172.646528] blocking_notifier_call_chain+0x147/0x190 [ 172.651720] ? srcu_init_notifier_head+0xa0/0xa0 [ 172.656484] ? rtmsg_ifa+0x14e/0x1e0 [ 172.660184] __inet_insert_ifa+0x858/0xba0 [ 172.664422] ? refcount_add_not_zero_checked+0x330/0x330 [ 172.669861] ? __inet_del_ifa+0xbd0/0xbd0 [ 172.673995] ? rtnl_is_locked+0xb5/0xf0 [ 172.677959] ? rtnl_trylock+0x20/0x20 [ 172.681751] devinet_ioctl+0x1460/0x1d90 [ 172.685810] ? inet_ifa_byprefix+0x240/0x240 [ 172.690228] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 172.695761] inet_ioctl+0x18b/0x360 [ 172.699376] ? inet_stream_connect+0xa0/0xa0 [ 172.703775] ? _parse_integer+0x190/0x190 [ 172.707912] ? lock_release+0xa30/0xa30 [ 172.711895] ? check_same_owner+0x340/0x340 [ 172.716208] ? __check_object_size+0xa3/0x5d7 [ 172.720780] sock_do_ioctl+0xe4/0x3e0 [ 172.724580] ? __fget+0x4ac/0x740 [ 172.728034] ? compat_ifr_data_ioctl+0x170/0x170 [ 172.732782] ? lock_release+0xa30/0xa30 [ 172.736746] ? pid_task+0x115/0x200 [ 172.740366] ? find_vpid+0xf0/0xf0 [ 172.743899] ? __f_unlock_pos+0x19/0x20 [ 172.747878] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 172.753054] sock_ioctl+0x30d/0x680 [ 172.756665] ? dlci_ioctl_set+0x40/0x40 [ 172.760621] ? ksys_dup3+0x690/0x690 [ 172.764326] ? kasan_check_write+0x14/0x20 [ 172.768548] ? __mutex_unlock_slowpath+0x197/0x8c0 [ 172.773464] ? fsnotify+0xbac/0x14e0 [ 172.777164] ? vfs_write+0x2f3/0x560 [ 172.780867] ? dlci_ioctl_set+0x40/0x40 [ 172.784827] do_vfs_ioctl+0x1de/0x1720 [ 172.788707] ? fsnotify_first_mark+0x350/0x350 [ 172.793278] ? __fsnotify_parent+0xcc/0x420 [ 172.797586] ? ioctl_preallocate+0x300/0x300 [ 172.801982] ? __fget_light+0x2f7/0x440 [ 172.805946] ? fget_raw+0x20/0x20 [ 172.809400] ? __sb_end_write+0xac/0xe0 [ 172.813374] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 172.818907] ? fput+0x130/0x1a0 [ 172.822171] ? ksys_write+0x1ae/0x260 [ 172.825970] ? security_file_ioctl+0x94/0xc0 [ 172.830365] ksys_ioctl+0xa9/0xd0 [ 172.833814] __x64_sys_ioctl+0x73/0xb0 [ 172.837690] do_syscall_64+0x1b9/0x820 [ 172.841652] ? syscall_return_slowpath+0x5e0/0x5e0 [ 172.846571] ? syscall_return_slowpath+0x31d/0x5e0 [ 172.851499] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 172.856515] ? prepare_exit_to_usermode+0x291/0x3b0 [ 172.861521] ? perf_trace_sys_enter+0xb10/0xb10 [ 172.866178] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 172.871027] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 172.876202] RIP: 0033:0x455ab9 [ 172.879370] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 172.898544] RSP: 002b:00007f2865266c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 172.906252] RAX: ffffffffffffffda RBX: 00007f28652676d4 RCX: 0000000000455ab9 [ 172.913509] RDX: 0000000020000000 RSI: 0000000000008916 RDI: 0000000000000013 20:42:51 executing program 4: preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000080)=""/148, 0x289}], 0x1, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/arp\x00') preadv(r0, &(0x7f0000000480), 0x10000000000002a1, 0x0) ioctl$TUNGETSNDBUF(0xffffffffffffffff, 0x800454d3, &(0x7f0000000000)) ioctl$PERF_EVENT_IOC_RESET(0xffffffffffffffff, 0x2403, 0x5) fcntl$setown(r0, 0x8, 0x0) r1 = epoll_create1(0x80006) r2 = socket(0x1d, 0x0, 0x1116) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r2, &(0x7f0000000000)={0xfffffffe8000201f}) setsockopt$inet_udp_int(r2, 0x11, 0x6f, &(0x7f0000000100)=0x7, 0x4) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r1, &(0x7f0000000540)={0x20000003}) ioctl$sock_netdev_private(r3, 0x89f0, &(0x7f0000000480)="dd6c4aae95babf1ba2cec8b824c3d8fd5e5e2a57f332e1c96456a1d00ea4ce51a18b3bfae24dc491ada880e92ffe5376d59852e5ee1b2cde661cadfb31d0a597bb36b5180ca4958e224ea71a6b099d1592d459f4f498fce378ebf9ec4774f407b189a23bfebadf74943b2858f72fd422c838df1af095ff") ioctl$BLKSECDISCARD(r3, 0x127d, &(0x7f0000000300)=0x6bb) r5 = perf_event_open(&(0x7f0000000140)={0x2, 0xb1, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) fcntl$getown(r5, 0x9) r6 = mq_open(&(0x7f00005a1ffb)='eth0\x00', 0x42, 0x0, &(0x7f0000000000)={0x0, 0x6, 0x4}) mq_notify(r6, &(0x7f0000000140)={0x0, 0x2e, 0x1, @thr={&(0x7f0000000040)="7be4d6b00202ca53878499e01146863a2e7c8ca45e1910e5eba6453bb6f234b5a1b1bca731970a74bfc8e1793749ea18156c9b8a615bfa2f506fcf44060d36e38f66f111149434d5139e416358ea33f34b4507cdc299f7868d5f186e6bd604", &(0x7f00000000c0)="3c5d8da40d1477844fc4c160b6004a90edc520a6935a49cf5da4c2b525d13146ed27d429c762a4b0e9aaed82555cd1ae800d"}}) r7 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rtc0\x00', 0x101004, 0x0) preadv(r7, &(0x7f0000000440)=[{&(0x7f0000000340)=""/249, 0xf9}], 0x1, 0x0) pipe2(&(0x7f0000000580)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) ioctl$SG_GET_PACK_ID(r8, 0x227c, &(0x7f00000005c0)) ppoll(&(0x7f00000001c0)=[{r6, 0x8000}, {r7, 0x420}], 0x2, &(0x7f0000000200)={0x77359400}, &(0x7f0000000240)={0x9}, 0x8) mq_timedsend(r6, &(0x7f00000e6000), 0x0, 0xe7, &(0x7f0000e0b000)) getsockopt$inet_udp_int(r3, 0x11, 0x1, &(0x7f0000000280), &(0x7f0000000640)=0x4) write$eventfd(r4, &(0x7f00000002c0)=0x43, 0x8) setsockopt$inet_mreq(r2, 0x0, 0x23, &(0x7f0000000500)={@local, @rand_addr=0x800}, 0x8) syz_genetlink_get_family_id$team(&(0x7f0000000780)='team\x00') 20:42:51 executing program 2: preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000080)=""/148, 0x289}], 0x1, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/arp\x00') preadv(r0, &(0x7f0000000480), 0x10000000000002a1, 0x10400003) ioctl$TUNGETSNDBUF(0xffffffffffffffff, 0x800454d3, &(0x7f0000000000)) ioctl$PERF_EVENT_IOC_RESET(0xffffffffffffffff, 0x2403, 0x5) fcntl$setown(r0, 0x8, 0x0) epoll_create1(0x80006) r1 = mq_open(&(0x7f00005a1ffb)='eth0\x00', 0x42, 0x0, &(0x7f0000000000)={0x0, 0x6, 0x4}) mq_timedsend(r1, &(0x7f00000e6000), 0x0, 0xe7, &(0x7f0000e0b000)) 20:42:51 executing program 5: r0 = memfd_create(&(0x7f0000000ffe)='$\x00', 0x0) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x10, r0, 0x0) 20:42:51 executing program 1: r0 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) syz_emit_ethernet(0x437, &(0x7f0000000700)={@local, @broadcast, [], {@ipv6={0x86dd, {0x0, 0x6, "c22df7", 0x401, 0x11, 0x0, @dev, @local, {[], @dccp={{0x0, 0x4e20, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, "0087ae", 0x0, "ca8345"}, "2b00b32def4f1142b6793bb530f9b20e90aa25d5c2b9431efd840a07c1922833b2c789aefbbaee9f63cbab38a8acfb8dba0595ecb683e74ea2bc44a7aee9c52e18ca01c06a5c354712b8b1ff75f45ba55a3487c83849023d37e037d2d3e3e842e9ba099e9ed8775d1173d8e78335aa65d58f54c1d78d4fce897cfefa24b7f268f90be76c7f4e1bfe4d84a869353e931c3732afea55697618a1318ecb657b34172b93fd59d7988d43630cf81e976a0ea01fd8b2547ab593bc605c985f56664b84ed3c9f90ffb666e030c794e2d2d5070af38d83dc275da88cfe6910b2ded59f6c418af5d247237eceb14857c1d7c3ee32e729d9793040f8f4e432eb875a89fe31cbed117f0e76643797169fba3dac3f377d145ce97980ba626da7a279e698a9e040a22d63c535f0ee06adb59e9e06ad7295e6601f3a5fe9b581975993c6c775734212bccb26288d42a672c965d40e80d0e1908f04425a60a08241378ec7ff88315de073b64c5f9647e51732be34988e0948f12e6c560bedbece811bca501d4389dbfe20e4df5160cd7324c0670c7b3e8980b061e31b1c8461d6f7a63f9e9fd24326924c076e01631a0b9703a6106accfaa064075fa1f16e16c5171b6a324e8642b2ab76618b824110c312ab12d9f65d6a980634a6a7cba8bf89e01a91259f446232476a1c490982636b78d1300befab1a2f6e8261e07336c5692db37bb7d3cebf4a942b62f2fa6cceb7e488aa02b2e52c6f82bd3792845fff41cce52e0469d14821ce11491864860c11421a92dae3152eb23106a0c679d2b1f0a9809b56abdcf893f9531508f24e64ec911fd8e8b3c8fd2291f1a7b910222c38533d4caadac9acd194be7e53549c1719bdf668887a0e19db83b5356f8f7d93cbef1ef3505dcc40d0d2a02a2745ab518979b9c3774babfe8e70ead767c7a00289b8cc6e51d1a957548270cb3f5064961a88f61b34f9442d78ae5a8551713f9afb4269d689f9adb6b4a902a637184f7f899efe9fa0ddb45cd1076c4eeeda51ca8dc20dcfc9cc5f56768073b3f4c2c9f543324a4fd0b8bc7b95e232bf85bf222394fa4336ab4007d7ad2dc85afa6eb79ad2624c4be6c674ee98fce9a51786b7cc2b5044de114d36d2690e13bcedf96590c7d5aeb8040b74c4d6a5aa38a7c1f0857522f4f968795056b9a7034dc3444784f9486b575e44dec3216d72845500e63297d7197961e7e593ea3411001d1d47ba42d70e7af8e91246c02d7e37ff0eb60abebc37dd00315b4fbb09e77a6b5f7e8441818ebcfafecf622731f1db8a11fa2de8e30d808bedbfee104b3b1100f5094675521da07dd2a28be7e486b325a0f0e6d75116be1bbc2aa20deb64a6e4e7b824b12d009e6f1802f5a8e31559b125d71d00a5684fbde4668f5af1eb4ca04fa7c4ef4d2a194b0856e007"}}}}}}, &(0x7f0000001780)) 20:42:51 executing program 6: r0 = socket$inet6(0xa, 0x1, 0x0) r1 = dup(r0) write$RDMA_USER_CM_CMD_GET_EVENT(r1, &(0x7f0000000280)={0xc, 0x8, 0xfa00, {&(0x7f00000000c0)}}, 0x10) r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='net/rt_acct\x00') ioctl$BLKREPORTZONE(r2, 0xc0101282, &(0x7f0000000040)={0x3, 0x1, 0x0, [{0x8001, 0x3f, 0x100000001, 0xa9, 0x5, 0x2, 0x6}]}) setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f00000005c0)=0x1, 0x4) connect$inet6(r0, &(0x7f0000000240)={0xa, 0x0, 0x0, @local}, 0x1c) ioctl$sock_bt_bnep_BNEPGETCONNLIST(r2, 0x800442d2, &(0x7f0000000300)={0x1, &(0x7f00000002c0)=[{0x0, 0x0, 0x0, @remote}]}) 20:42:51 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e23, @broadcast}, 0x10) sendto$inet(0xffffffffffffffff, &(0x7f0000a88f88), 0xfffffffffffffe6e, 0x20000000, &(0x7f0000e68000)={0x2, 0x4004e23, @local}, 0x10) shutdown(r1, 0x1) 20:42:51 executing program 0 (fault-call:2 fault-nth:21): r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCSIFADDR(r0, 0x8916, &(0x7f00000000c0)={'bond_slave_0\x00'}) ioctl$sock_inet_SIOCSIFADDR(r0, 0x8916, &(0x7f0000000000)={'bond_slave_0\x00', {0x2, 0x0, @local}}) [ 172.920764] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 172.928021] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000014 [ 172.935275] R13: 00000000004bfc03 R14: 00000000004cf4d8 R15: 0000000000000014 [ 172.946237] binder: 9539:9573 transaction failed 29189/-22, size 0-0 line 2852 [ 173.057839] binder: undelivered TRANSACTION_ERROR: 29189 [ 173.065947] FAULT_INJECTION: forcing a failure. [ 173.065947] name failslab, interval 1, probability 0, space 0, times 0 [ 173.077278] CPU: 0 PID: 9584 Comm: syz-executor0 Not tainted 4.18.0-rc5-next-20180720+ #12 [ 173.085686] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 173.095053] Call Trace: [ 173.097664] dump_stack+0x1c9/0x2b4 [ 173.101317] ? dump_stack_print_info.cold.2+0x52/0x52 20:42:51 executing program 7: r0 = syz_open_dev$binder(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000000c0)={0x4, 0x0, &(0x7f0000000100)=[@register_looper], 0x1, 0x6c000000, &(0x7f0000000280)='\b'}) r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000008fd0)={0x4c, 0x0, &(0x7f0000000140)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000100)}}}], 0x0, 0x0, &(0x7f0000fedffe)}) 20:42:51 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e23, @broadcast}, 0x10) sendto$inet(0xffffffffffffffff, &(0x7f0000a88f88), 0xfffffffffffffe6e, 0x20000000, &(0x7f0000e68000)={0x2, 0x4004e23, @local}, 0x10) shutdown(r1, 0x1) 20:42:51 executing program 6: r0 = accept4(0xffffffffffffff9c, 0x0, &(0x7f0000000000), 0x59a86f060d63a748) setsockopt$inet_sctp6_SCTP_INITMSG(r0, 0x84, 0x2, &(0x7f0000000040)={0x4, 0x3, 0x5, 0x5}, 0x8) r1 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_int(r1, 0x29, 0x1000000000021, &(0x7f00000005c0)=0x1, 0x4) connect$inet6(r1, &(0x7f0000000240)={0xa, 0x0, 0x0, @local}, 0x1c) syz_open_dev$mouse(&(0x7f0000000080)='/dev/input/mouse#\x00', 0x5, 0x1) 20:42:51 executing program 5: r0 = socket(0xa, 0x2, 0x0) setsockopt$inet6_mreq(r0, 0x29, 0x1c, &(0x7f0000a1aff7)={@loopback}, 0x14) 20:42:51 executing program 1: r0 = socket$packet(0x11, 0x3, 0x300) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000000)) recvfrom$packet(r0, &(0x7f00000000c0)=""/4096, 0x1000, 0x0, &(0x7f00000010c0), 0x14) setsockopt$sock_int(r0, 0x1, 0x23, &(0x7f0000001180)=0x2, 0x4) ioctl$sock_SIOCGIFINDEX(r0, 0x8906, &(0x7f0000001900)={'bond_slave_0\x00'}) 20:42:51 executing program 2: preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000080)=""/148, 0x289}], 0x1, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/arp\x00') preadv(r0, &(0x7f0000000480), 0x10000000000002a1, 0x10400003) ioctl$TUNGETSNDBUF(0xffffffffffffffff, 0x800454d3, &(0x7f0000000000)) ioctl$PERF_EVENT_IOC_RESET(0xffffffffffffffff, 0x2403, 0x5) fcntl$setown(r0, 0x8, 0x0) r1 = mq_open(&(0x7f00005a1ffb)='eth0\x00', 0x42, 0x0, &(0x7f0000000000)={0x0, 0x6, 0x4}) mq_timedsend(r1, &(0x7f00000e6000), 0x0, 0xe7, &(0x7f0000e0b000)) [ 173.106530] should_fail.cold.4+0xa/0x11 [ 173.110615] ? bpf_prog_kallsyms_find+0xde/0x4c0 [ 173.115401] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 173.120530] ? lock_acquire+0x1e4/0x540 [ 173.124521] ? is_bpf_text_address+0xae/0x170 [ 173.129047] ? lock_downgrade+0x8f0/0x8f0 [ 173.133228] ? kasan_check_read+0x11/0x20 [ 173.137400] ? rcu_is_watching+0x8c/0x150 [ 173.141656] ? rcu_cleanup_dead_rnp+0x200/0x200 [ 173.146355] ? lock_acquire+0x1e4/0x540 [ 173.150351] ? fs_reclaim_acquire+0x20/0x20 20:42:51 executing program 2: preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000080)=""/148, 0x289}], 0x1, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/arp\x00') preadv(r0, &(0x7f0000000480), 0x10000000000002a1, 0x10400003) ioctl$TUNGETSNDBUF(0xffffffffffffffff, 0x800454d3, &(0x7f0000000000)) ioctl$PERF_EVENT_IOC_RESET(0xffffffffffffffff, 0x2403, 0x5) r1 = mq_open(&(0x7f00005a1ffb)='eth0\x00', 0x42, 0x0, &(0x7f0000000000)={0x0, 0x6, 0x4}) mq_timedsend(r1, &(0x7f00000e6000), 0x0, 0xe7, &(0x7f0000e0b000)) [ 173.154697] ? lock_downgrade+0x8f0/0x8f0 [ 173.158877] ? check_same_owner+0x340/0x340 [ 173.162877] binder: 9607:9609 ERROR: BC_REGISTER_LOOPER called without request [ 173.163211] ? rcu_note_context_switch+0x730/0x730 [ 173.163239] __should_failslab+0x124/0x180 [ 173.179753] should_failslab+0x9/0x14 [ 173.183567] __kmalloc+0x2c8/0x760 [ 173.187120] ? fib_magic.isra.22+0x66b/0x890 [ 173.191548] ? fib_add_ifaddr+0x382/0x500 [ 173.195715] ? fib_inetaddr_event+0x172/0x222 [ 173.200241] ? notifier_call_chain+0x180/0x390 20:42:51 executing program 2: preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000080)=""/148, 0x289}], 0x1, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/arp\x00') preadv(r0, &(0x7f0000000480), 0x10000000000002a1, 0x10400003) ioctl$TUNGETSNDBUF(0xffffffffffffffff, 0x800454d3, &(0x7f0000000000)) r1 = mq_open(&(0x7f00005a1ffb)='eth0\x00', 0x42, 0x0, &(0x7f0000000000)={0x0, 0x6, 0x4}) mq_timedsend(r1, &(0x7f00000e6000), 0x0, 0xe7, &(0x7f0000e0b000)) 20:42:51 executing program 6: r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f00000005c0)=0x1, 0x4) connect$inet6(r0, &(0x7f0000000240)={0xa, 0x0, 0x0, @local}, 0x1c) getsockopt$inet_sctp6_SCTP_RESET_STREAMS(r0, 0x84, 0x77, &(0x7f0000000000)={0x0, 0x40, 0x7, [0x2, 0x0, 0x8a, 0x8001, 0x3ff, 0x0, 0x3]}, &(0x7f0000000040)=0x16) getsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(r0, 0x84, 0x18, &(0x7f0000000080)={r1, 0x1d}, &(0x7f00000000c0)=0x8) [ 173.204848] ? blocking_notifier_call_chain+0x147/0x190 [ 173.210265] ? __inet_insert_ifa+0x858/0xba0 [ 173.214695] ? devinet_ioctl+0x1460/0x1d90 [ 173.218948] ? inet_ioctl+0x18b/0x360 [ 173.222765] ? tnode_new+0x22b/0x2d0 [ 173.226499] ? sock_ioctl+0x30d/0x680 [ 173.230320] tnode_new+0x22b/0x2d0 [ 173.233881] ? do_vfs_ioctl+0x1de/0x1720 [ 173.237978] resize+0x632/0x22c0 [ 173.241361] ? lock_acquire+0x1e4/0x540 [ 173.245350] ? lock_downgrade+0x8f0/0x8f0 [ 173.249515] ? lock_release+0xa30/0xa30 [ 173.253504] ? replace+0x5d0/0x5d0 [ 173.257062] ? kasan_unpoison_shadow+0x35/0x50 [ 173.261655] ? kasan_kmalloc+0xc4/0xe0 [ 173.265561] ? __kmalloc+0x315/0x760 [ 173.269300] ? __sanitizer_cov_trace_cmp1+0x17/0x20 [ 173.274338] ? put_child+0x363/0x800 [ 173.278086] ? fib_trie_seq_next+0x5e0/0x5e0 [ 173.282522] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 173.288084] ? __sanitizer_cov_trace_cmp1+0x17/0x20 [ 173.293124] fib_insert_alias+0xe72/0x1200 [ 173.297373] ? kasan_slab_alloc+0x12/0x20 [ 173.301544] ? fib_trie_seq_start+0x4e0/0x4e0 [ 173.306063] ? lock_downgrade+0x8f0/0x8f0 [ 173.310235] ? __x64_sys_ioctl+0x73/0xb0 [ 173.314337] ? unregister_die_notifier+0x20/0x20 [ 173.319222] ? __alloc_skb+0x4c6/0x770 [ 173.323130] ? atomic_notifier_call_chain+0xf1/0x190 [ 173.328258] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 173.333805] ? call_fib_notifiers+0x6f/0x90 [ 173.338148] ? call_fib4_notifiers+0x9c/0x110 [ 173.342665] ? call_fib_entry_notifiers+0x2f1/0x500 [ 173.347688] ? kasan_kmalloc+0xc4/0xe0 [ 173.351598] ? tnode_free+0x120/0x120 [ 173.355421] ? __fib_validate_source+0x1f10/0x1f10 [ 173.360379] fib_table_insert+0x67c/0x17a0 [ 173.364645] ? fib_table_lookup+0x24a0/0x24a0 [ 173.369169] ? lock_repin_lock+0x430/0x430 [ 173.373425] ? kasan_unpoison_shadow+0x35/0x50 [ 173.378022] ? kasan_kmalloc+0xc4/0xe0 [ 173.381916] fib_magic.isra.22+0x66b/0x890 [ 173.386155] ? fib_new_table+0x490/0x490 [ 173.390237] ? lock_acquire+0x1e4/0x540 [ 173.394270] ? blocking_notifier_call_chain+0x129/0x190 [ 173.399638] fib_add_ifaddr+0x382/0x500 [ 173.403611] fib_inetaddr_event+0x172/0x222 [ 173.407941] notifier_call_chain+0x180/0x390 [ 173.412367] ? unregister_die_notifier+0x20/0x20 [ 173.417133] ? __x64_sys_ioctl+0x73/0xb0 [ 173.421222] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 173.426625] blocking_notifier_call_chain+0x147/0x190 [ 173.431821] ? srcu_init_notifier_head+0xa0/0xa0 [ 173.436588] ? rtmsg_ifa+0x14e/0x1e0 [ 173.440300] __inet_insert_ifa+0x858/0xba0 [ 173.444550] ? refcount_add_not_zero_checked+0x330/0x330 [ 173.450002] ? __inet_del_ifa+0xbd0/0xbd0 [ 173.454158] ? rtnl_is_locked+0xb5/0xf0 [ 173.458131] ? rtnl_trylock+0x20/0x20 [ 173.461932] devinet_ioctl+0x1460/0x1d90 [ 173.466022] ? inet_ifa_byprefix+0x240/0x240 [ 173.470467] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 173.476018] inet_ioctl+0x18b/0x360 [ 173.479661] ? inet_stream_connect+0xa0/0xa0 [ 173.484064] ? _parse_integer+0x190/0x190 [ 173.488260] ? lock_release+0xa30/0xa30 [ 173.492248] ? check_same_owner+0x340/0x340 [ 173.496591] ? __check_object_size+0xa3/0x5d7 [ 173.501109] sock_do_ioctl+0xe4/0x3e0 [ 173.504912] ? __fget+0x4ac/0x740 [ 173.508384] ? compat_ifr_data_ioctl+0x170/0x170 [ 173.513143] ? lock_release+0xa30/0xa30 [ 173.517124] ? pid_task+0x115/0x200 [ 173.520755] ? find_vpid+0xf0/0xf0 [ 173.524307] ? __f_unlock_pos+0x19/0x20 [ 173.528290] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 173.533487] sock_ioctl+0x30d/0x680 [ 173.537130] ? dlci_ioctl_set+0x40/0x40 [ 173.541115] ? ksys_dup3+0x690/0x690 [ 173.544851] ? kasan_check_write+0x14/0x20 [ 173.549103] ? __mutex_unlock_slowpath+0x197/0x8c0 [ 173.554058] ? fsnotify+0xbac/0x14e0 [ 173.557796] ? vfs_write+0x2f3/0x560 [ 173.561516] ? dlci_ioctl_set+0x40/0x40 [ 173.565500] do_vfs_ioctl+0x1de/0x1720 [ 173.569420] ? fsnotify_first_mark+0x350/0x350 [ 173.574007] ? __fsnotify_parent+0xcc/0x420 [ 173.578337] ? ioctl_preallocate+0x300/0x300 [ 173.582740] ? __fget_light+0x2f7/0x440 [ 173.586720] ? fget_raw+0x20/0x20 [ 173.590173] ? __sb_end_write+0xac/0xe0 [ 173.594195] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 173.599761] ? fput+0x130/0x1a0 [ 173.603228] ? ksys_write+0x1ae/0x260 [ 173.607050] ? security_file_ioctl+0x94/0xc0 [ 173.611469] ksys_ioctl+0xa9/0xd0 [ 173.614937] __x64_sys_ioctl+0x73/0xb0 [ 173.618835] do_syscall_64+0x1b9/0x820 [ 173.622750] ? syscall_slow_exit_work+0x500/0x500 [ 173.627618] ? syscall_return_slowpath+0x5e0/0x5e0 [ 173.632563] ? syscall_return_slowpath+0x31d/0x5e0 [ 173.637515] ? prepare_exit_to_usermode+0x291/0x3b0 [ 173.642545] ? perf_trace_sys_enter+0xb10/0xb10 [ 173.647234] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 173.652104] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 173.657295] RIP: 0033:0x455ab9 [ 173.660485] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 173.679734] RSP: 002b:00007f2865266c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 173.687469] RAX: ffffffffffffffda RBX: 00007f28652676d4 RCX: 0000000000455ab9 [ 173.694740] RDX: 0000000020000000 RSI: 0000000000008916 RDI: 0000000000000013 [ 173.702015] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 173.709306] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000014 [ 173.716580] R13: 00000000004bfc03 R14: 00000000004cf4d8 R15: 0000000000000015 20:42:52 executing program 4: preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000080)=""/148, 0x289}], 0x1, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/arp\x00') preadv(r0, &(0x7f0000000480), 0x10000000000002a1, 0x10400003) ioctl$TUNGETSNDBUF(0xffffffffffffffff, 0x800454d3, &(0x7f0000000000)) ioctl$PERF_EVENT_IOC_RESET(0xffffffffffffffff, 0x2403, 0x0) fcntl$setown(r0, 0x8, 0x0) r1 = epoll_create1(0x80006) r2 = socket(0x1d, 0x0, 0x1116) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r2, &(0x7f0000000000)={0xfffffffe8000201f}) setsockopt$inet_udp_int(r2, 0x11, 0x6f, &(0x7f0000000100)=0x7, 0x4) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r1, &(0x7f0000000540)={0x20000003}) ioctl$sock_netdev_private(r3, 0x89f0, &(0x7f0000000480)="dd6c4aae95babf1ba2cec8b824c3d8fd5e5e2a57f332e1c96456a1d00ea4ce51a18b3bfae24dc491ada880e92ffe5376d59852e5ee1b2cde661cadfb31d0a597bb36b5180ca4958e224ea71a6b099d1592d459f4f498fce378ebf9ec4774f407b189a23bfebadf74943b2858f72fd422c838df1af095ff") ioctl$BLKSECDISCARD(r3, 0x127d, &(0x7f0000000300)=0x6bb) r5 = perf_event_open(&(0x7f0000000140)={0x2, 0xb1, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) fcntl$getown(r5, 0x9) r6 = mq_open(&(0x7f00005a1ffb)='eth0\x00', 0x42, 0x0, &(0x7f0000000000)={0x0, 0x6, 0x4}) mq_notify(r6, &(0x7f0000000140)={0x0, 0x2e, 0x1, @thr={&(0x7f0000000040)="7be4d6b00202ca53878499e01146863a2e7c8ca45e1910e5eba6453bb6f234b5a1b1bca731970a74bfc8e1793749ea18156c9b8a615bfa2f506fcf44060d36e38f66f111149434d5139e416358ea33f34b4507cdc299f7868d5f186e6bd604", &(0x7f00000000c0)="3c5d8da40d1477844fc4c160b6004a90edc520a6935a49cf5da4c2b525d13146ed27d429c762a4b0e9aaed82555cd1ae800d"}}) r7 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rtc0\x00', 0x101004, 0x0) preadv(r7, &(0x7f0000000440)=[{&(0x7f0000000340)=""/249, 0xf9}], 0x1, 0x0) pipe2(&(0x7f0000000580)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) ioctl$SG_GET_PACK_ID(r8, 0x227c, &(0x7f00000005c0)) ppoll(&(0x7f00000001c0)=[{r6, 0x8000}, {r7, 0x420}], 0x2, &(0x7f0000000200)={0x77359400}, &(0x7f0000000240)={0x9}, 0x8) mq_timedsend(r6, &(0x7f00000e6000), 0x0, 0xe7, &(0x7f0000e0b000)) getsockopt$inet_udp_int(r3, 0x11, 0x1, &(0x7f0000000280), &(0x7f0000000640)=0x4) write$eventfd(r4, &(0x7f00000002c0)=0x43, 0x8) setsockopt$inet_mreq(r2, 0x0, 0x23, &(0x7f0000000500)={@local, @rand_addr=0x800}, 0x8) syz_genetlink_get_family_id$team(&(0x7f0000000780)='team\x00') 20:42:52 executing program 6: r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f00000005c0)=0x1, 0x4) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e21, 0x0, @local, 0x6}, 0x1c) r1 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vsock\x00', 0x1, 0x0) getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000080)={0x0, @empty, @multicast2}, &(0x7f00000000c0)=0xc) connect$can_bcm(r1, &(0x7f0000000100)={0x1d, r2}, 0x10) 20:42:52 executing program 2: preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000080)=""/148, 0x289}], 0x1, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/arp\x00') preadv(r0, &(0x7f0000000480), 0x10000000000002a1, 0x10400003) r1 = mq_open(&(0x7f00005a1ffb)='eth0\x00', 0x42, 0x0, &(0x7f0000000000)={0x0, 0x6, 0x4}) mq_timedsend(r1, &(0x7f00000e6000), 0x0, 0xe7, &(0x7f0000e0b000)) 20:42:52 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e23, @broadcast}, 0x10) sendto$inet(0xffffffffffffffff, &(0x7f0000a88f88), 0xfffffffffffffe6e, 0x20000000, &(0x7f0000e68000)={0x2, 0x4004e23, @local}, 0x10) shutdown(r1, 0x1) 20:42:52 executing program 0 (fault-call:2 fault-nth:22): r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCSIFADDR(r0, 0x8916, &(0x7f00000000c0)={'bond_slave_0\x00'}) ioctl$sock_inet_SIOCSIFADDR(r0, 0x8916, &(0x7f0000000000)={'bond_slave_0\x00', {0x2, 0x0, @local}}) 20:42:52 executing program 5: r0 = socket$can_bcm(0x1d, 0x2, 0x2) connect$can_bcm(r0, &(0x7f0000000200), 0x10) sendmsg$can_bcm(r0, &(0x7f00000003c0)={&(0x7f0000000280), 0x10, &(0x7f0000000380)={&(0x7f0000000300)={0x5, 0x0, 0x0, {}, {0x0, 0x7530}, {}, 0x1, @can={{}, 0x0, 0x0, 0x0, 0x0, "388dbba2b150d176"}}, 0x48}}, 0x0) sendmsg$can_bcm(r0, &(0x7f0000000140)={&(0x7f0000000000), 0x10, &(0x7f0000000040)={&(0x7f00000000c0)={0x7, 0x0, 0x0, {0x0, 0x2710}, {0x77359400}, {}, 0x1, @can={{}, 0x0, 0x0, 0x0, 0x0, "c4d981aeb150d176"}}, 0x48}}, 0x0) recvmmsg(r0, &(0x7f0000000640)=[{{&(0x7f0000000480)=@xdp, 0x80, &(0x7f00000005c0), 0x0, &(0x7f0000000880)=""/4096, 0x1000}}], 0x1, 0x0, &(0x7f0000000680)={0x0, 0x989680}) ioctl$sock_bt(r0, 0x8906, &(0x7f0000000080)) 20:42:52 executing program 5: [ 174.064822] FAULT_INJECTION: forcing a failure. [ 174.064822] name failslab, interval 1, probability 0, space 0, times 0 [ 174.076264] CPU: 1 PID: 9639 Comm: syz-executor0 Not tainted 4.18.0-rc5-next-20180720+ #12 [ 174.084672] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 174.094152] Call Trace: [ 174.096771] dump_stack+0x1c9/0x2b4 [ 174.100428] ? dump_stack_print_info.cold.2+0x52/0x52 [ 174.105667] should_fail.cold.4+0xa/0x11 [ 174.109754] ? fault_create_debugfs_attr+0x1f0/0x1f0 20:42:52 executing program 7: r0 = syz_open_dev$binder(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000000c0)={0x4, 0x0, &(0x7f0000000100)=[@register_looper], 0x1, 0x6c000000, &(0x7f0000000280)='\b'}) r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000008fd0)={0x4c, 0x0, &(0x7f0000000140)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000100)}}}], 0x0, 0x0, &(0x7f0000fedffe)}) 20:42:52 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e23, @broadcast}, 0x10) sendto$inet(r0, &(0x7f0000a88f88), 0xfffffffffffffe6e, 0x0, &(0x7f0000e68000)={0x2, 0x4004e23, @local}, 0x10) shutdown(r1, 0x1) 20:42:52 executing program 2: preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000080)=""/148, 0x289}], 0x1, 0x0) syz_open_procfs(0x0, &(0x7f0000000040)='net/arp\x00') r0 = mq_open(&(0x7f00005a1ffb)='eth0\x00', 0x42, 0x0, &(0x7f0000000000)={0x0, 0x6, 0x4}) mq_timedsend(r0, &(0x7f00000e6000), 0x0, 0xe7, &(0x7f0000e0b000)) 20:42:52 executing program 5: [ 174.114901] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 174.120487] ? resize+0x1227/0x22c0 [ 174.124133] ? lock_downgrade+0x8f0/0x8f0 [ 174.128303] ? replace+0x5d0/0x5d0 [ 174.131866] ? kasan_unpoison_shadow+0x35/0x50 [ 174.136489] ? lock_acquire+0x1e4/0x540 [ 174.140488] ? fs_reclaim_acquire+0x20/0x20 [ 174.144836] ? lock_downgrade+0x8f0/0x8f0 [ 174.149021] ? check_same_owner+0x340/0x340 [ 174.153373] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 174.158931] ? rcu_note_context_switch+0x730/0x730 [ 174.163881] __should_failslab+0x124/0x180 [ 174.168147] should_failslab+0x9/0x14 [ 174.171997] kmem_cache_alloc_node+0x272/0x780 [ 174.176606] ? fib_trie_seq_start+0x4e0/0x4e0 [ 174.181142] ? lock_downgrade+0x8f0/0x8f0 [ 174.185316] ? __x64_sys_ioctl+0x73/0xb0 [ 174.189400] __alloc_skb+0x119/0x770 [ 174.193141] ? skb_scrub_packet+0x490/0x490 [ 174.197536] ? atomic_notifier_call_chain+0xf1/0x190 [ 174.202690] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 174.208264] ? call_fib_notifiers+0x6f/0x90 [ 174.212615] ? call_fib4_notifiers+0x9c/0x110 [ 174.217150] ? call_fib_entry_notifiers+0x2f1/0x500 [ 174.222189] ? kasan_kmalloc+0xc4/0xe0 [ 174.226125] rtmsg_fib+0x1f8/0x4d0 [ 174.229698] fib_table_insert+0x7a8/0x17a0 [ 174.233964] ? fib_table_lookup+0x24a0/0x24a0 [ 174.238497] ? trace_hardirqs_on+0xd/0x10 [ 174.242670] ? kasan_unpoison_shadow+0x35/0x50 [ 174.247272] ? kasan_kmalloc+0xc4/0xe0 [ 174.247908] binder: 9652:9655 ERROR: BC_REGISTER_LOOPER called without request [ 174.251185] fib_magic.isra.22+0x66b/0x890 [ 174.251199] ? fib_new_table+0x490/0x490 [ 174.251221] ? lock_acquire+0x1e4/0x540 [ 174.270861] ? blocking_notifier_call_chain+0x129/0x190 [ 174.276242] fib_add_ifaddr+0x382/0x500 [ 174.280258] fib_inetaddr_event+0x172/0x222 [ 174.284593] notifier_call_chain+0x180/0x390 [ 174.289011] ? unregister_die_notifier+0x20/0x20 [ 174.293784] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 174.298553] blocking_notifier_call_chain+0x147/0x190 [ 174.303755] ? srcu_init_notifier_head+0xa0/0xa0 [ 174.308519] ? rtmsg_ifa+0x14e/0x1e0 [ 174.312238] __inet_insert_ifa+0x858/0xba0 [ 174.316466] ? refcount_add_not_zero_checked+0x330/0x330 [ 174.321929] ? __inet_del_ifa+0xbd0/0xbd0 [ 174.326086] ? rtnl_is_locked+0xb5/0xf0 [ 174.330072] ? rtnl_trylock+0x20/0x20 [ 174.333904] devinet_ioctl+0x1460/0x1d90 [ 174.338003] ? inet_ifa_byprefix+0x240/0x240 [ 174.342468] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 174.348031] inet_ioctl+0x18b/0x360 [ 174.351673] ? inet_stream_connect+0xa0/0xa0 [ 174.356109] ? _parse_integer+0x190/0x190 [ 174.360304] ? lock_release+0xa30/0xa30 [ 174.364308] ? check_same_owner+0x340/0x340 [ 174.368695] ? __check_object_size+0xa3/0x5d7 [ 174.373221] sock_do_ioctl+0xe4/0x3e0 [ 174.377044] ? __fget+0x4ac/0x740 [ 174.380521] ? compat_ifr_data_ioctl+0x170/0x170 [ 174.385321] ? lock_release+0xa30/0xa30 [ 174.389309] ? pid_task+0x115/0x200 [ 174.392935] ? find_vpid+0xf0/0xf0 [ 174.396496] ? __f_unlock_pos+0x19/0x20 [ 174.400497] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 174.405697] sock_ioctl+0x30d/0x680 [ 174.409332] ? dlci_ioctl_set+0x40/0x40 [ 174.413302] ? ksys_dup3+0x690/0x690 [ 174.417034] ? kasan_check_write+0x14/0x20 [ 174.421285] ? __mutex_unlock_slowpath+0x197/0x8c0 [ 174.426245] ? fsnotify+0xbac/0x14e0 [ 174.429979] ? vfs_write+0x2f3/0x560 [ 174.433719] ? dlci_ioctl_set+0x40/0x40 [ 174.437715] do_vfs_ioctl+0x1de/0x1720 [ 174.441644] ? fsnotify_first_mark+0x350/0x350 [ 174.446247] ? __fsnotify_parent+0xcc/0x420 [ 174.450574] ? ioctl_preallocate+0x300/0x300 [ 174.455003] ? __fget_light+0x2f7/0x440 [ 174.459080] ? fget_raw+0x20/0x20 [ 174.462620] ? __sb_end_write+0xac/0xe0 [ 174.466592] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 174.472145] ? fput+0x130/0x1a0 [ 174.475452] ? ksys_write+0x1ae/0x260 [ 174.479264] ? security_file_ioctl+0x94/0xc0 [ 174.483686] ksys_ioctl+0xa9/0xd0 [ 174.487138] __x64_sys_ioctl+0x73/0xb0 [ 174.491039] do_syscall_64+0x1b9/0x820 [ 174.494948] ? finish_task_switch+0x1d3/0x870 [ 174.499452] ? syscall_return_slowpath+0x5e0/0x5e0 [ 174.504390] ? syscall_return_slowpath+0x31d/0x5e0 [ 174.509331] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 174.514366] ? prepare_exit_to_usermode+0x291/0x3b0 [ 174.519390] ? perf_trace_sys_enter+0xb10/0xb10 [ 174.524060] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 174.528922] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 174.534125] RIP: 0033:0x455ab9 [ 174.537311] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 174.556514] RSP: 002b:00007f2865266c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 20:42:53 executing program 1: 20:42:53 executing program 5: 20:42:53 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e23, @broadcast}, 0x10) sendto$inet(r0, &(0x7f0000a88f88), 0xfffffffffffffe6e, 0x0, &(0x7f0000e68000)={0x2, 0x4004e23, @local}, 0x10) shutdown(r1, 0x1) 20:42:53 executing program 2: preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000080)=""/148, 0x289}], 0x1, 0x0) r0 = mq_open(&(0x7f00005a1ffb)='eth0\x00', 0x42, 0x0, &(0x7f0000000000)={0x0, 0x6, 0x4}) mq_timedsend(r0, &(0x7f00000e6000), 0x0, 0xe7, &(0x7f0000e0b000)) 20:42:53 executing program 5: [ 174.564220] RAX: ffffffffffffffda RBX: 00007f28652676d4 RCX: 0000000000455ab9 [ 174.571486] RDX: 0000000020000000 RSI: 0000000000008916 RDI: 0000000000000013 [ 174.578755] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 174.586027] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000014 [ 174.593305] R13: 00000000004bfc03 R14: 00000000004cf4d8 R15: 0000000000000016 20:42:53 executing program 4: preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000080)=""/148, 0x289}], 0x1, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/arp\x00') preadv(r0, &(0x7f0000000480), 0x10000000000002a1, 0x10400003) ioctl$TUNGETSNDBUF(0xffffffffffffffff, 0x800454d3, &(0x7f0000000000)) ioctl$PERF_EVENT_IOC_RESET(0xffffffffffffffff, 0x2403, 0x5) fcntl$setown(0xffffffffffffffff, 0x8, 0x0) r1 = epoll_create1(0x80006) r2 = socket(0x1d, 0x0, 0x1116) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r2, &(0x7f0000000000)={0xfffffffe8000201f}) setsockopt$inet_udp_int(r2, 0x11, 0x6f, &(0x7f0000000100)=0x7, 0x4) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r1, &(0x7f0000000540)={0x20000003}) ioctl$sock_netdev_private(r3, 0x89f0, &(0x7f0000000480)="dd6c4aae95babf1ba2cec8b824c3d8fd5e5e2a57f332e1c96456a1d00ea4ce51a18b3bfae24dc491ada880e92ffe5376d59852e5ee1b2cde661cadfb31d0a597bb36b5180ca4958e224ea71a6b099d1592d459f4f498fce378ebf9ec4774f407b189a23bfebadf74943b2858f72fd422c838df1af095ff") ioctl$BLKSECDISCARD(r3, 0x127d, &(0x7f0000000300)=0x6bb) r5 = perf_event_open(&(0x7f0000000140)={0x2, 0xb1, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) fcntl$getown(r5, 0x9) r6 = mq_open(&(0x7f00005a1ffb)='eth0\x00', 0x42, 0x0, &(0x7f0000000000)={0x0, 0x6, 0x4}) mq_notify(r6, &(0x7f0000000140)={0x0, 0x2e, 0x1, @thr={&(0x7f0000000040)="7be4d6b00202ca53878499e01146863a2e7c8ca45e1910e5eba6453bb6f234b5a1b1bca731970a74bfc8e1793749ea18156c9b8a615bfa2f506fcf44060d36e38f66f111149434d5139e416358ea33f34b4507cdc299f7868d5f186e6bd604", &(0x7f00000000c0)="3c5d8da40d1477844fc4c160b6004a90edc520a6935a49cf5da4c2b525d13146ed27d429c762a4b0e9aaed82555cd1ae800d"}}) r7 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rtc0\x00', 0x101004, 0x0) preadv(r7, &(0x7f0000000440)=[{&(0x7f0000000340)=""/249, 0xf9}], 0x1, 0x0) pipe2(&(0x7f0000000580)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) ioctl$SG_GET_PACK_ID(r8, 0x227c, &(0x7f00000005c0)) ppoll(&(0x7f00000001c0)=[{r6, 0x8000}, {r7, 0x420}], 0x2, &(0x7f0000000200)={0x77359400}, &(0x7f0000000240)={0x9}, 0x8) mq_timedsend(r6, &(0x7f00000e6000), 0x0, 0xe7, &(0x7f0000e0b000)) getsockopt$inet_udp_int(r3, 0x11, 0x1, &(0x7f0000000280), &(0x7f0000000640)=0x4) write$eventfd(r4, &(0x7f00000002c0)=0x43, 0x8) setsockopt$inet_mreq(r2, 0x0, 0x23, &(0x7f0000000500)={@local, @rand_addr=0x800}, 0x8) syz_genetlink_get_family_id$team(&(0x7f0000000780)='team\x00') 20:42:53 executing program 2: r0 = mq_open(&(0x7f00005a1ffb)='eth0\x00', 0x42, 0x0, &(0x7f0000000000)={0x0, 0x6, 0x4}) mq_timedsend(r0, &(0x7f00000e6000), 0x0, 0xe7, &(0x7f0000e0b000)) 20:42:53 executing program 1: 20:42:53 executing program 0 (fault-call:2 fault-nth:23): r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCSIFADDR(r0, 0x8916, &(0x7f00000000c0)={'bond_slave_0\x00'}) ioctl$sock_inet_SIOCSIFADDR(r0, 0x8916, &(0x7f0000000000)={'bond_slave_0\x00', {0x2, 0x0, @local}}) 20:42:53 executing program 5: 20:42:53 executing program 6: r0 = socket$inet6(0xa, 0x5, 0x9) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000000)='cgroup.controllers\x00', 0x0, 0x0) ioctl$RTC_RD_TIME(r1, 0x80247009, &(0x7f0000000040)) setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f00000005c0)=0x1, 0x4) 20:42:53 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e23, @broadcast}, 0x10) sendto$inet(r0, &(0x7f0000a88f88), 0xfffffffffffffe6e, 0x0, &(0x7f0000e68000)={0x2, 0x4004e23, @local}, 0x10) shutdown(r1, 0x1) [ 174.918152] syz-executor6 (9636) used greatest stack depth: 14016 bytes left [ 175.067279] FAULT_INJECTION: forcing a failure. [ 175.067279] name failslab, interval 1, probability 0, space 0, times 0 [ 175.078878] CPU: 1 PID: 9687 Comm: syz-executor0 Not tainted 4.18.0-rc5-next-20180720+ #12 [ 175.087295] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 175.096637] Call Trace: [ 175.099222] dump_stack+0x1c9/0x2b4 [ 175.102850] ? dump_stack_print_info.cold.2+0x52/0x52 [ 175.108055] should_fail.cold.4+0xa/0x11 [ 175.112115] ? __kernel_text_address+0xd/0x40 20:42:53 executing program 7: r0 = syz_open_dev$binder(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000000c0)={0x4, 0x0, &(0x7f0000000100)=[@register_looper], 0x1, 0x6c000000, &(0x7f0000000280)='\b'}) r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000008fd0)={0x4c, 0x0, &(0x7f0000000140)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000100)}}}], 0x0, 0x0, &(0x7f0000fedffe)}) 20:42:53 executing program 5: 20:42:53 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000480)='/dev/ptmx\x00', 0x1, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00003b9fdc)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}) r1 = socket(0x11, 0x80a, 0x0) sendmsg$FOU_CMD_DEL(r1, &(0x7f0000000300)={&(0x7f0000000240), 0xc, &(0x7f00000002c0)={&(0x7f0000000280)={0x14}, 0x14}}, 0x0) ioctl$TCSETS(r0, 0x5402, &(0x7f0000000000)={0x1, 0x27, 0x1ff, 0x2, 0x0, 0x0, 0x6, 0x1, 0x0, 0x0, 0x3}) syz_open_pts(r0, 0x0) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f00000003c0)=0x6000000000000) write(r0, &(0x7f0000c34fff), 0xffffff0b) clock_gettime(0x2000003, &(0x7f0000000580)) getsockname(0xffffffffffffffff, &(0x7f0000000180)=@ll, &(0x7f0000000200)=0x80) 20:42:53 executing program 2: r0 = mq_open(&(0x7f00005a1ffb)='eth0\x00', 0x0, 0x0, &(0x7f0000000000)={0x0, 0x6, 0x4}) mq_timedsend(r0, &(0x7f00000e6000), 0x0, 0xe7, &(0x7f0000e0b000)) 20:42:53 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e23, @broadcast}, 0x10) sendto$inet(r0, &(0x7f0000a88f88), 0xfffffffffffffe6e, 0x20000000, &(0x7f0000e68000)={0x2, 0x0, @local}, 0x10) shutdown(r1, 0x1) 20:42:53 executing program 6: r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f00000005c0)=0x1, 0x4) connect$inet6(r0, &(0x7f0000000240)={0xa, 0x0, 0x0, @local}, 0x1c) getsockopt$inet6_buf(r0, 0x29, 0x23, &(0x7f0000000000)=""/255, &(0x7f0000000100)=0xff) [ 175.116619] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 175.121723] ? __save_stack_trace+0x8d/0xf0 [ 175.126051] ? save_stack+0xa9/0xd0 [ 175.129675] ? save_stack+0x43/0xd0 [ 175.133304] ? kasan_kmalloc+0xc4/0xe0 [ 175.137224] ? kasan_slab_alloc+0x12/0x20 [ 175.141392] ? kmem_cache_alloc_node+0x144/0x780 [ 175.146174] ? __alloc_skb+0x119/0x770 [ 175.150075] ? rtmsg_fib+0x1f8/0x4d0 [ 175.153806] ? fib_table_insert+0x7a8/0x17a0 [ 175.158238] ? fib_magic.isra.22+0x66b/0x890 [ 175.162677] ? fib_add_ifaddr+0x382/0x500 20:42:53 executing program 5: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000006ffc)=0x1, 0x1f5) sendto$inet6(r0, &(0x7f0000000080)="040300000309c14609005375c52cf7c219f87ae819983612b578db840975", 0x1e, 0x0, &(0x7f0000000000)={0xa, 0x800, 0x6, @mcast1}, 0x1c) 20:42:53 executing program 2: r0 = mq_open(&(0x7f00005a1ffb)='eth0\x00', 0x0, 0x0, &(0x7f0000000000)={0x0, 0x6, 0x4}) mq_timedsend(r0, &(0x7f00000e6000), 0x0, 0xe7, &(0x7f0000e0b000)) [ 175.166844] ? fib_inetaddr_event+0x172/0x222 [ 175.171362] ? notifier_call_chain+0x180/0x390 [ 175.175977] ? blocking_notifier_call_chain+0x147/0x190 [ 175.181363] ? __inet_insert_ifa+0x858/0xba0 [ 175.185792] ? inet_ioctl+0x18b/0x360 [ 175.189620] ? lock_acquire+0x1e4/0x540 [ 175.193618] ? fs_reclaim_acquire+0x20/0x20 [ 175.197958] ? lock_downgrade+0x8f0/0x8f0 [ 175.202125] ? kasan_unpoison_shadow+0x35/0x50 [ 175.204375] binder: 9709:9711 ERROR: BC_REGISTER_LOOPER called without request 20:42:53 executing program 2: r0 = mq_open(&(0x7f00005a1ffb)='eth0\x00', 0x0, 0x0, &(0x7f0000000000)={0x0, 0x6, 0x4}) mq_timedsend(r0, &(0x7f00000e6000), 0x0, 0xe7, &(0x7f0000e0b000)) [ 175.206727] ? check_same_owner+0x340/0x340 [ 175.206744] ? lock_downgrade+0x8f0/0x8f0 [ 175.206758] ? rcu_note_context_switch+0x730/0x730 [ 175.206777] __should_failslab+0x124/0x180 [ 175.231798] should_failslab+0x9/0x14 [ 175.235628] kmem_cache_alloc_node_trace+0x26f/0x770 [ 175.240836] ? kasan_kmalloc+0xc4/0xe0 [ 175.244750] __kmalloc_node_track_caller+0x33/0x70 [ 175.249708] __kmalloc_reserve.isra.41+0x3a/0xe0 [ 175.254481] __alloc_skb+0x155/0x770 [ 175.258210] ? skb_scrub_packet+0x490/0x490 [ 175.262568] ? atomic_notifier_call_chain+0xf1/0x190 [ 175.267695] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 175.273256] ? call_fib_notifiers+0x6f/0x90 [ 175.277607] ? call_fib4_notifiers+0x9c/0x110 [ 175.282142] ? call_fib_entry_notifiers+0x2f1/0x500 [ 175.287177] ? kasan_kmalloc+0xc4/0xe0 [ 175.291086] rtmsg_fib+0x1f8/0x4d0 [ 175.294646] fib_table_insert+0x7a8/0x17a0 [ 175.298909] ? fib_table_lookup+0x24a0/0x24a0 [ 175.303422] ? trace_hardirqs_on+0xd/0x10 [ 175.307592] ? kasan_unpoison_shadow+0x35/0x50 [ 175.312194] ? kasan_kmalloc+0xc4/0xe0 [ 175.316102] fib_magic.isra.22+0x66b/0x890 [ 175.320359] ? fib_new_table+0x490/0x490 [ 175.324478] ? lock_acquire+0x1e4/0x540 [ 175.328467] ? blocking_notifier_call_chain+0x129/0x190 [ 175.333845] fib_add_ifaddr+0x382/0x500 [ 175.337841] fib_inetaddr_event+0x172/0x222 [ 175.342183] notifier_call_chain+0x180/0x390 [ 175.346614] ? unregister_die_notifier+0x20/0x20 [ 175.351404] ? __x64_sys_ioctl+0x73/0xb0 [ 175.355480] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 175.360887] blocking_notifier_call_chain+0x147/0x190 [ 175.366091] ? srcu_init_notifier_head+0xa0/0xa0 [ 175.370883] ? rtmsg_ifa+0x14e/0x1e0 [ 175.374604] __inet_insert_ifa+0x858/0xba0 [ 175.378851] ? refcount_add_not_zero_checked+0x330/0x330 [ 175.384306] ? __inet_del_ifa+0xbd0/0xbd0 [ 175.388460] ? rtnl_is_locked+0xb5/0xf0 [ 175.392439] ? rtnl_trylock+0x20/0x20 [ 175.396246] devinet_ioctl+0x1460/0x1d90 [ 175.400315] ? inet_ifa_byprefix+0x240/0x240 [ 175.404732] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 175.410376] inet_ioctl+0x18b/0x360 [ 175.414011] ? inet_stream_connect+0xa0/0xa0 [ 175.418433] ? _parse_integer+0x190/0x190 [ 175.422584] ? lock_release+0xa30/0xa30 [ 175.426567] ? check_same_owner+0x340/0x340 [ 175.430892] ? __check_object_size+0xa3/0x5d7 [ 175.435397] sock_do_ioctl+0xe4/0x3e0 [ 175.439208] ? __fget+0x4ac/0x740 [ 175.442664] ? compat_ifr_data_ioctl+0x170/0x170 [ 175.447429] ? lock_release+0xa30/0xa30 [ 175.451407] ? pid_task+0x115/0x200 [ 175.455037] ? find_vpid+0xf0/0xf0 [ 175.458611] ? __f_unlock_pos+0x19/0x20 [ 175.462593] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 175.467786] sock_ioctl+0x30d/0x680 [ 175.471425] ? dlci_ioctl_set+0x40/0x40 [ 175.475399] ? ksys_dup3+0x690/0x690 [ 175.479130] ? kasan_check_write+0x14/0x20 [ 175.483377] ? __mutex_unlock_slowpath+0x197/0x8c0 [ 175.488308] ? fsnotify+0xbac/0x14e0 [ 175.492025] ? vfs_write+0x2f3/0x560 [ 175.495743] ? dlci_ioctl_set+0x40/0x40 [ 175.499724] do_vfs_ioctl+0x1de/0x1720 [ 175.503624] ? fsnotify_first_mark+0x350/0x350 [ 175.508238] ? __fsnotify_parent+0xcc/0x420 [ 175.512575] ? ioctl_preallocate+0x300/0x300 [ 175.517075] ? __fget_light+0x2f7/0x440 [ 175.521052] ? fget_raw+0x20/0x20 [ 175.524510] ? __sb_end_write+0xac/0xe0 [ 175.528494] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 175.534134] ? fput+0x130/0x1a0 [ 175.537420] ? ksys_write+0x1ae/0x260 [ 175.541229] ? security_file_ioctl+0x94/0xc0 [ 175.545666] ksys_ioctl+0xa9/0xd0 [ 175.549130] __x64_sys_ioctl+0x73/0xb0 [ 175.553031] do_syscall_64+0x1b9/0x820 [ 175.556943] ? finish_task_switch+0x1d3/0x870 [ 175.561445] ? syscall_return_slowpath+0x5e0/0x5e0 [ 175.566379] ? syscall_return_slowpath+0x31d/0x5e0 [ 175.571321] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 175.576348] ? prepare_exit_to_usermode+0x291/0x3b0 [ 175.581642] ? perf_trace_sys_enter+0xb10/0xb10 [ 175.586318] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 175.591174] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 175.596361] RIP: 0033:0x455ab9 [ 175.599542] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 175.618837] RSP: 002b:00007f2865266c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 175.626552] RAX: ffffffffffffffda RBX: 00007f28652676d4 RCX: 0000000000455ab9 [ 175.633826] RDX: 0000000020000000 RSI: 0000000000008916 RDI: 0000000000000013 [ 175.641098] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 175.648366] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000014 [ 175.655637] R13: 00000000004bfc03 R14: 00000000004cf4d8 R15: 0000000000000017 20:42:54 executing program 4: preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000080)=""/148, 0x289}], 0x1, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/arp\x00') preadv(r0, &(0x7f0000000480), 0x10000000000002a1, 0x10400003) ioctl$TUNGETSNDBUF(0xffffffffffffffff, 0x800454d3, &(0x7f0000000000)) ioctl$PERF_EVENT_IOC_RESET(0xffffffffffffffff, 0x2403, 0x5) fcntl$setown(r0, 0x8, 0x0) r1 = epoll_create1(0x0) r2 = socket(0x1d, 0x0, 0x1116) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r2, &(0x7f0000000000)={0xfffffffe8000201f}) setsockopt$inet_udp_int(r2, 0x11, 0x6f, &(0x7f0000000100)=0x7, 0x4) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r1, &(0x7f0000000540)={0x20000003}) ioctl$sock_netdev_private(r3, 0x89f0, &(0x7f0000000480)="dd6c4aae95babf1ba2cec8b824c3d8fd5e5e2a57f332e1c96456a1d00ea4ce51a18b3bfae24dc491ada880e92ffe5376d59852e5ee1b2cde661cadfb31d0a597bb36b5180ca4958e224ea71a6b099d1592d459f4f498fce378ebf9ec4774f407b189a23bfebadf74943b2858f72fd422c838df1af095ff") ioctl$BLKSECDISCARD(r3, 0x127d, &(0x7f0000000300)=0x6bb) r5 = perf_event_open(&(0x7f0000000140)={0x2, 0xb1, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) fcntl$getown(r5, 0x9) r6 = mq_open(&(0x7f00005a1ffb)='eth0\x00', 0x42, 0x0, &(0x7f0000000000)={0x0, 0x6, 0x4}) mq_notify(r6, &(0x7f0000000140)={0x0, 0x2e, 0x1, @thr={&(0x7f0000000040)="7be4d6b00202ca53878499e01146863a2e7c8ca45e1910e5eba6453bb6f234b5a1b1bca731970a74bfc8e1793749ea18156c9b8a615bfa2f506fcf44060d36e38f66f111149434d5139e416358ea33f34b4507cdc299f7868d5f186e6bd604", &(0x7f00000000c0)="3c5d8da40d1477844fc4c160b6004a90edc520a6935a49cf5da4c2b525d13146ed27d429c762a4b0e9aaed82555cd1ae800d"}}) r7 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rtc0\x00', 0x101004, 0x0) preadv(r7, &(0x7f0000000440)=[{&(0x7f0000000340)=""/249, 0xf9}], 0x1, 0x0) pipe2(&(0x7f0000000580)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) ioctl$SG_GET_PACK_ID(r8, 0x227c, &(0x7f00000005c0)) ppoll(&(0x7f00000001c0)=[{r6, 0x8000}, {r7, 0x420}], 0x2, &(0x7f0000000200)={0x77359400}, &(0x7f0000000240)={0x9}, 0x8) mq_timedsend(r6, &(0x7f00000e6000), 0x0, 0xe7, &(0x7f0000e0b000)) getsockopt$inet_udp_int(r3, 0x11, 0x1, &(0x7f0000000280), &(0x7f0000000640)=0x4) write$eventfd(r4, &(0x7f00000002c0)=0x43, 0x8) setsockopt$inet_mreq(r2, 0x0, 0x23, &(0x7f0000000500)={@local, @rand_addr=0x800}, 0x8) syz_genetlink_get_family_id$team(&(0x7f0000000780)='team\x00') 20:42:54 executing program 2: r0 = mq_open(&(0x7f00005a1ffb)='eth0\x00', 0x42, 0x0, &(0x7f0000000000)={0x0, 0x0, 0x4}) mq_timedsend(r0, &(0x7f00000e6000), 0x0, 0xe7, &(0x7f0000e0b000)) 20:42:54 executing program 6: r0 = socket$inet6(0xa, 0x1, 0x1) setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f00000005c0)=0xfffffffffffffffd, 0x4) r1 = syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x3, 0x200) ioctl$KVM_PPC_GET_SMMU_INFO(r1, 0x8250aea6, &(0x7f0000000040)=""/179) ioctl$IOC_PR_PREEMPT_ABORT(r1, 0x401870cc, &(0x7f0000000100)={0x1, 0x8, 0x48f, 0x9}) sendmmsg$alg(r1, &(0x7f0000002a40)=[{0x0, 0x0, &(0x7f0000000300)=[{&(0x7f0000000140)="9ade9ab14d8c5c4fe9ca72178785ae69f8904f210ad1c02df6080c52e3b2c2fa39ee765d28b321599ca81a6c49fe81549a74c009513e615a54ac33539d3d22a68211400d248f6ea1fce42c591a66d0727cbc68de0374fb8f65e20b15c453b671e26735b4d0cb8288ed1cd491432200e282b15ceb1b306ea9a0e014bb843cf5f11c56fae41dc1d04ec9fde5b283f5f4ff6140a6609bda8bbe1d580cff39f2d5197c5521ebf3094c9439b24112d63bdf00126ea93731", 0xb5}, {&(0x7f0000000200)="b32e971412ca76cb111e8e02f2277b62124e81551b4dfb5450a058", 0x1b}, {&(0x7f0000000280)="bb00a493809993bbdf07d35f18878ad0c92b8b5aa7bca8239e62d10bb23471b410072a9e5783d079b4d61157e58365888f65ac038941a9119c9a4b6f641b5e11dda5f280ceb471b754bc646cbb", 0x4d}], 0x3, 0x0, 0x0, 0x4}, {0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000340)="bba76036f72240e5fac045e2cd81ed5bc8ebd36bba6df2f21334d0354a2447e6c3f29576ca3859f5de8e5cbcc63d0c249a6fdebc60cb0095de7b754e23853cfa18fdbedf7826432d0502b5a864c32e6f3b1b18a42d5a6ccf09688df555704f7c495e9515252659e6592b104e2bac5cc9e5f36fd32789c77032696668dc0f7018593ed8c7c20f5665009672cbc9b37f32f4fedac715602950d1f0bb6cbb9299a4fb25e94a11108bd0491be73ae1d96f817e34e99233f59ac91f95cbcac9", 0xbd}, {&(0x7f0000000400)="9316b8c0da416c12044787e958f4b44dd8e09741c80e86dcaad47d4a94a98dc6d009fe00cfdc2afcd7413c7ff96662f56d16f989f162ab52e159e8ee4036f2ff437759534bf00758e50f0b320c048c36d4447450c1eebac7d7b0b955ab611498861756d7a409e086f7e802a85f5ef55aa42e48b752e753eef3d4793faa49238df6ee0d8665410f", 0x87}], 0x2, &(0x7f0000000500)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18, 0x844}, {0x0, 0x0, &(0x7f0000000840)=[{&(0x7f0000000540)="5fde5c851dca18558761a2aeae0744ca72df33b6cba3297db1335347ccdcf89a3834dd994d59ad124d8a39f7fc432c9a486addd79ed5fa64549d1b798139cd364a42974b3c6d4fc98f1ee91543ac012edbd79d2a3c3a850fe06d870601a72644ff05fcb228387e64e76c8828f5fb0ac5f567a45494a5ec23b8facd", 0x7b}, {&(0x7f0000000600)="8f5a6872dd614049868a21a91703ee87ee187db57c22c541f5681d10cb45a73c1b66432ea674c87543ef6c14d7ecb6fbf33a2435aa40da8680dd0a153253c467706c99dbfc378fe6dd90ec97ee24c0c5790c216d66b28bb2f009e8cf8c7a1a376b7a4e8a38c40bf8e4e5d85954ec32c2530e328a1d4f3ba35cab5fc4db22a67bef8db7421b", 0x85}, {&(0x7f00000006c0)="a26eda635b47c4d2201a3e605e2d5f49e0e5b6ebc042ce95a1c23b1500bc037b9d8f96bef37c6bac3dab6a5457ff72eabde8c88bce", 0x35}, {&(0x7f0000000700)="398cdabfa2e96cef19d2b7d3b943cdc35fa7873c83dfae06c5bb7788676dbc7856e54c158f243147eda785981b250693e0ed5bd337922ab1587b0d2cee380ef64f982865712ed176146dede3c5eb7a09247d8625cc", 0x55}, {&(0x7f0000000780)="90e1733d8565e8be782d3e59ded4ea710fbc6a3c1b516822dbd07886364d7e0f80e44af478d8fe48cd87801a8805eefe81c86e9c399de5579e65c9ae", 0x3c}, {&(0x7f00000007c0)="f2d0b08468c674d1b4a575006a9af757b617f3795cbbef0ab7abb676f279a8fa47f19bba780fdd6fc9bcff3f141c3bfd72c0104f7f1bb5feabb5e37a8b8bfac0c446a82709e6e22b254a018ba9d1d3930cbf41f8cff8", 0x56}], 0x6, &(0x7f00000008c0)=[@op={0x18}, @iv={0x88, 0x117, 0x2, 0x74, "5eb25d20cbd74e11dbcf5aa01124aaffa122ffe0acf54ff110bd8932b2085c210a50a34cd5db235bd508e3dcc2029c613b34238fd3cd10c8106b275d2917876e58e71291d0024a4e784d60bde5f60c6b70c3feb128207a787106f293c5c3aedc0ba915e96752386206f48b5e4abc700fcb87cc4f"}], 0xa0, 0x40}, {0x0, 0x0, &(0x7f0000000b00)=[{&(0x7f0000000980)="bbd93f87baab889b4bf6ef4cfbbeef29dd789fca35527ac1a91cc95860458770c3838be07e6c9252166d5abff197b36e24f423176b335410f90bf3e81ee9b894fdef8318acd3d9dc346ec4d9ffd6fd53f39159bdd6a0bcba11fe687bf247b673fb324e4070a8b29b96d05d26cb30fe7a4aebf824d6bcfbd68f0499d2791a490ac704b5f341f9bf4bf4e8d9e00b1a0ae55ac007d84f1d386aab4106a330a2fe0d92adae43afc84fddc65c8b0cba2b13b63979c06a4a78133ff2112738366b20a729fe1a2361c9c185150845bf8e5297a50ce999", 0xd3}, {&(0x7f0000000a80)="4471d485a1278ff6c6ba248b0c283a4d0bde5b81e67ab4", 0x17}, {&(0x7f0000000ac0)="cdab92cd5267ad1acc257bccbd21960525659b129ace9c1f16904344d72a74d1fc28b908eeceabeb", 0x28}], 0x3, &(0x7f0000000b40), 0x0, 0x40000}, {0x0, 0x0, &(0x7f0000000c00)=[{&(0x7f0000000b80)='R', 0x1}, {&(0x7f0000000bc0)="384cd65d6003d33db749b7906f3bd609ebe8fd0e4fe3", 0x16}], 0x2, &(0x7f0000000c40)=[@iv={0x38, 0x117, 0x2, 0x20, "aa6ca0d7ecaa1af04ba7c43584379058d1dc61e5d256ce58031ee29546718915"}, @assoc={0x18, 0x117, 0x4, 0x80}, @assoc={0x18, 0x117, 0x4, 0x7}, @iv={0x90, 0x117, 0x2, 0x76, "407a3a153df316bb542f6e297b093309fa0c22cf6443f9e34e16a66c803e56796a871f8f497562fc0caa58ed38a7b0d7e498b6d180d8d368011f41b8f3e3ba1f756deda23d22aee8acb66fd89e5ce21289b7700e8d41c474802e91213a48d8f4525d806cab51fad2ae30210bb9550e43d34f5875ec32"}], 0xf8, 0x804}, {0x0, 0x0, &(0x7f0000000e40)=[{&(0x7f0000000d40)="507975a0d29614c49c30d239ee2ddd3b2edccaa5fee657de45d6ae89b76a6f7151a7e07c6c0e09425e14362fd85439201712e7f2843d2386e21f753c03d3060613d4d858ea4fb38dfc2e5842ce24018466d7c33002752e69cfaf96d91af9f89027568982b1612b3537678a00162f9184473ea5dca3b01cbe12de88038bba2e8c35bd85d4304a8e466b44fdf8b6a8cabdcd5ed78501abd8c07ff739c1c1c13fe864f2fb91bf91f45967114e826ab7668b323e975440b38d38f97aa9e0833522a76b89d7bb950ac41231913fa2dbfbc9f14b3611bd23609d7071ef5954690b6e6fb908ddbab6ea597839e94a3c2a67b03fe1ab6e6d", 0xf4}], 0x1, &(0x7f0000000e80)=[@op={0x18}], 0x18, 0x44}, {0x0, 0x0, &(0x7f0000000ec0), 0x0, &(0x7f0000000f00)=ANY=[@ANYBLOB="50000000000000001701000002000000390000006efe9bece0a111faf4a9189edf28c173e0e09a88cbf43ac73a97f5b8b420d19faf20279cf65d819989de4b9d1438085d8276fff05d694266d60000001800000000000000170100000400000005000000000000001800000000000000170100000400000006000000000000007000000000000000170100000200000058000000a82da2cb9f120edbbfb5367c632029a6e8fe1ac6ecfeae08fbbc365cb1a53f75c44d49ec8fa816fc3dd00503aa16a772d65c71b377d8cc6925ade08a74f700fd001a402f87270061c79341a25efb89e5810685ef46c0d8b500000000900000000000000017010000020000007c0000000589a56881433a849d6832977d9e73575cf646a03b9d1c8a1074b5caf96c63d63edad7cc25c47bffcf688bb04cd26053b42bc61ec77de414a179b414ff8a1b2d535c8800f1a9aaa606b84c338efdf00196ac14976c952713af79148705bfda16a3163b8e3f53dfc45c30706196badc"], 0x180, 0x40}, {0x0, 0x0, &(0x7f0000001280)=[{&(0x7f0000001080)="732728d64c50f2070446f6e5461fdeb248d73e3575ece65fb8486532db0bb2970baab377863a26f9af765ce0bc9dd4aeb07dcca921a3429d3527d377f088706a91fe65d4c5c9c0c4d2568d4dd26bc013", 0x50}, {&(0x7f0000001100)="b0c66c2ec6599db2595b520635dbfe50c78ae84463", 0x15}, {&(0x7f0000001140)="fb524c45221d8e48fd0710d5f39819d7da8e5df6eb837182fd0e4b59cab6f2bcef42847340551f829df8a99ac4074ec95eccb405fe577325d72582dcc166b425d2e498c28f550981f0a5b150b656fa44fbaa4182d8d083ce8f39cd2e3f10b2f8aa21d3ab6587e089bccd78947445d3907e749464aa0a6ba81036d84550a173418a28fa1155f41ba1b7ce7f3851cf1c1083ed483455dd693a1dd00f92422d85f7584c73c60373ff5be196e2de290ba9f15dbf30ce", 0xb4}, {&(0x7f0000001200)="0819f91620e1e4598deaecf86c20efb3a1030a4ce366d52880377f24964fba38c08f518fc69ecbbbe17d5ee94758d023f93685382c0f5cbe7879f2272cfdf3925c0978964a4f4b79636dd5bab6ddc806263967922e61887eed61fe08", 0x5c}], 0x4, 0x0, 0x0, 0x20000000}, {0x0, 0x0, &(0x7f0000001640)=[{&(0x7f00000012c0)="a535b2a193ab27b29a4494734ea49a28e60d661fb6b4a1c4ebfebbcff1fb5ef76246f28753af65c69c9cba09a86e1b98ad82f38f383e808ff791784c044d0a7ff1c0f17f3e7dfba5c33d832536cb0db31040531e86d18aae6fca4fb1ee2c490b0007fd32dd786a0e1de8ecc1a1500be3ad536355c55698c86e2f4c8e1db6341d4a0001034a3c7fe6c2c71f017ba2e53aed389b428fffe64a0c783ae5cbf1e36f83", 0xa1}, {&(0x7f0000001380)="f32995c41fb01bb9ce8106b3c0ffcf6d1472567dec83a580b85b48c917bac6f7eddbe75b4e223ad2defa8c9f53adbf37006276bd80359366ee2096205f5b857d0163c2bf70d86d4cdca5db3448ae0c3636aa32abd20895c2906011d0eddf186887812e64bedfc40f422a8c49324ac6d8f53ec9d2fb2a8acc05dee0a200fdabd626e4890a2f12bd697be30c100fbecf74b8e0f161be21", 0x96}, {&(0x7f0000001440)="efe5a7bee22295c657c7ed3ad3dc3cb396db4c4a118fc6b38a9815588a03ba280796b9c91bff6a0a091142c0cc32e20aa4d171ca42b59acb0481a7d637c223e74435c62831668a15c909eb297c6030bfa2989fa7d9ce9bb758fe8f37292845a0f08449311f081c77acf487aa071eb8dec1c655aeb0e81884dcc6ba1439b415c6c33a2a16ea98451f0e87b4e0a6e694fb75d4fdff9897f318c70aeb6b48965690af4835", 0xa3}, {&(0x7f0000001500)="633f02648559ce0af4fc97daee7b78b7413aae88ab55207ea1a6fea8e5bed44a6990f18fc3951ea43f29857531631c1dd046ee9008b8ad88542f7f4802b9ded8f9e89194d7bc27bb42825aeffe1465db2c0c08949f5e7b315b10b0fcd8ed85a7590d1aee1c4dc71c75ffb8a9151f0f", 0x6f}, {&(0x7f0000001580)="841e454528eb42454ab9906241edf046", 0x10}, {&(0x7f00000015c0)="4736c0c7f2ce982d77ab31e2b0286689c0bdb306accbedb2fba030692c89a7221eb3e66e72d47d2c8fb3505fd6b35a1a4e08897a210dd97dc3efa21e9899c01af5d5fa35fb67ab6ad7bb91fd425f5c3afd7d7f3519d26d6accee1060aeb8e54a625431c83121a1", 0x67}], 0x6, &(0x7f00000016c0)=[@assoc={0x18, 0x117, 0x4, 0xba21}, @iv={0x68, 0x117, 0x2, 0x4e, "d53323182b081a4a9899f662038ad12d10b6570c522d7096a8fe8291636ba4da832ee262ccd2eafcc7d82dd81e7074d0995a7580af987fd419d7a464e64081a149c0e2e0befb7bd6e4c834c97863"}, @op={0x18, 0x117, 0x3, 0x1}, @iv={0xe8, 0x117, 0x2, 0xd4, "a20d8b9830e8f30a943c5d4fa9717a861f73c160a90e6c575ece539fa7ec55d80c3634b49043c420c720d0b2378f18bbe60cee69790c9f74a9e6ca07558ce41cac7338b71f38a61008bcf27c9a9d0b574e31df5bff8c6d49c8e2196935699508b13f27fbfd60021015a58f61786c12377133826c79b1e13b425d565ec16f58103ab3ae5f4d4bb30b2e8438b58fb2009185adfdac69654c403e4b68fbdc123b3db852154983eacb092b698b5508e50c2e3c77744e52c5a4d08f9cdd7f95d5bbb7d3e1e9e550f1f5f23bb3fa72b1a6dc56834c78b3"}, @assoc={0x18, 0x117, 0x4, 0x2}], 0x198, 0x20040040}, {0x0, 0x0, &(0x7f0000002980)=[{&(0x7f0000001880)="144bb5f49232a928e65f1dafabc583171939e62c18c7e668354435b6debe9313c9fc8f3eb4e3ac9d2654d655af7e1270cb9a956e4dd89f305ae68460f6fed6b5fb0f32b9c177dc6ffa9e50d114ac579fc4a52007593f6c5ff937acc17cd704dc355709145822323bf9879e8e9efa846d2149b30f6338c4fe74d78a9b20bd295dec64942ccbc5fa3d291a3142828e59993416ec7c4fd7321a8e1921823146c244068abff6092685a2a01751d299fe2bf9f0c6948174d22052d1e3075e317335d663352a23ff46eb1756aed8b26ba6e5dbbd6ca2", 0xd3}, {&(0x7f0000001980)="789d3e088198985c8d132ace69a0ce2e4bb0aab6fc59c55dd66c7ba90045c7ef27371ba5dd88626d54c5abd4ed1e28f54e27452ffd2edeb918293bb85fae09255a64cbcabdc731f5b989c013b41e4c4c9516bc9b585d61bef8082cacc05e93c88611bd547e6028831f15ba6e4d2cf8d9f1b3225e3c495032e1fa9d8e29e7502a364876c9701fff6a9381707769090648dae1b620dc186bbcf7aee8a5692182785ff2f66107017330ab861d9e0a3dbea49f9513a8e65211ba947e8a07fad0eb8b9a199ae5156f094eb8c30d2a78da0d446fa8e4511d32dd693d352cbd122933a0f0f18df72dfc6e7e0d36e219296da58a30c49cec6eef5fac635391d5f0a374ebe15f544cbf43e164abcde1d91e6eb2b35807ffb67593d00a8f107fa47f4adb118ba20e6c265469ff1184cbc8f5b350f57360ecab58dd19e81b5171153a3a5e6741b6232241396b960b2e73bfa32bb8358fe6b9d4afcaf56e6d2dd813d958eedbe972955271141434a0e2ed7c9db550cf7c80846efa5ab7accf98c8da18c445074db347844ee501cab6b40fe9431d7a83d35f2ed6e720cac4edab9aa95d9522ce2f4217fa5592f629500b77e435a8d56525fd194b385cb1f1421b51b833788a9744d0effa2c464810914a7a9939b49163680a143836e784b6a55888b34a80344cb0cfa21cfedeaeb46d1a6a83c7278255d32beb1495bb9a69037a582ccc38d0dd4e2f3974770a0f1cd6c03ff6691d6f3ae51f886e7e01c670bd4402f7c59bbe8ae5739619d8f8c516ccd4170964765402962d4326bdf9ee672b0a74925d76282315c531d0b2b60f8d1ef1b5a73f5e39a552580dd1faf4a4127be6ecdf6140dd30d3cdee3b6d4826838298fb41b3a786398b942992ab3671eba11b8beec264a47806972661f75dc80b717b6db6f841ba932e92e245b22c9e1af4f26d6e974d43d5e79f29ec9d1915834eaebe4ec8a9e2b8e4ecde6f58b750ef327db73843c8705b77e25197ac60dfd107fd8a9fe42c527b4b672f2c437c79290a2fd8a38189dec7abded484583651173716d0f2bc51c80f2d66ef7e35699ba66256bfd4a5499fe147ca8df21508ec45ef201862698bdd707262d81fc688c5a49b60c83ac655a809537f049ede87507f33ca6e7bd2d2df2e32cac4b44cb561024cf8912933971745f4232570222c77fb9e0d239e00020059e8b2b2a0bf116272e0b0c6a64bb3491a05a6a5cc15dc584fe05dc00a4d14f43637d28364cf3d52b693013c7b8b8fb811db9a0050e61436826f6de481a2135918d8f3427e3f1045e35de390a7f057a8fc4a51b4247e1ec3aa4867b110995082d2bba173d9b6928883b126c198a6b785cc2a793e50846decf1d120f955ee9497eddcfb504cf1630caf69cfd8a36429339f2e92eb7d1145472fde1a181cc1fb0cb226dab4bba423fb3fc3d2c02e87df1ff852446145102c93ebb1da3af47c7aaec4df6015c54ec7fa2f6141d94cdbf4222140625c04650e9857ee15fa01ef58b8101368b83b85623ef6d8bc7db9fb061f90fdd4e7c392fa6acf1db67c5850b6eceb70df38bb2cbc957b76f63af0d6d0e04f89222629aacf2e383320a630c3baee2f3a8d1523cedc4c1594e35486a60b9edaa9ceec5b5c94541f8aaa0ba0f2e0924f3f1fc0be49d47c618de4ff41f7ca366fdd09c3f5344e9e63d4128bd0052afcfa555723af1822313f91354613517780559faadce121dd150a1bad67753f2df01060540ce987f5588d0c5d0ebcb9930c9e84025c48a9b96e7e2bd686d0e41ebd613211d79eaab05f3b214b88b06904d0f45150c751d5baa649ed822088d86a9704e430b4b9fc611bc56869137dbdecd625a630f8c1262e98012cece1bd782d706e88708ea081de38a386c6b97b8bce1f64eee7ec1171d77a760ca8ae3a0bc4164df7ed531c2d2ea0cc25dc8a21a1f09834b5fed24ec41802859b8f59a47cb44053b16141ecb27073c999fb5a6c856bc441af3e2cf3ab1e5c7fe0035e26598539d1a56e823910be97a0171cd43f380a258672648fe3ebc0d01b6fb182ff44f8241f218fa9820697c17e139ab8d6844f4401a0fa24398b7071119c513f942746adb828220eac1f7494a80c5828f304f83eccab61a4f2febd78c7faf0deb0cf13abe491c7809b58ee9dcb61bc7e77278c1b08b3e63556bc6d5ba8a2d35c2201ebd78c96c5297de45d3d586faf1ac73f5d36c27e22813827e952ede662be011255dab320f77ce92533dd01d1048f45e7abcd9f0173eea0e6c80e16bd9fe27b779880463ea3a391346c163d48cdd7361a2bbc689159326348c11952a760d1079c50b57795cbc32015be4864c674db34989fd581b50e66a7fa4bc761df93fd49c43d7cd8a9687ab156e914343c5ebc5a2d781637a68c3115337b8eb457947425f525f59565ab20bba0803b4611aaa259d02448ad4147b9545135cff59eb9ca7c91727f7e8fb61df215d78606f4f0d7e5a0c6205686157e6b4073941f5317f91bd396477eeb6b1fedc77a1f05abfa32d67a068288ee54bcb5eaf65271deec8c84a124867060d7954e78edacecdde9e6ad998141763672a74b5bf9675905d7245af5306e96168a0c082e7f765f4af41f78941ef35fb57d3f26a394b108d858d57464a50cffb0d91198514503306246504c7f488cd29706f5784cdbb604c06956afa0b22fa09946132fc5648682bbbade8ff472765ca78d8dea4fadc07551a8325362080d5df244afe78633ef4d28990f8818e4a16bc09679eb88d15f21ddea99c71e43c50d24f9a85f43d447b490e2b516158d59ab9437f9e4d4a306d7d66b4e1e0d1177f90f83336cc4c5fe69f1f92650e755b42fbdbbaac811715766095317316bda97c5c4084e8f29d714ab3b27573125f81cbae37b4f0aae98958fb62efa76cf9e25a31897d7c34cab75650c97c311d4e625276b841021beeaff483e1d7d0ef4473a6999441ec6bfefa274b12dca285234fd19f8bb7d0ac6a646714f29a4ee8b4003842636189814416013c457cffd007fadc0e5e62fce06adeea603be68513856d52398c083d9d68a3325b3da31960cd674adc31a7e3a1818516ce579bcf0e4ce2597532477b21d2caf927ae0ed19fe2fa80ed1e0e595b09549adec0a148720982be00e6428ae589f0ea8efb420b3f2dbac5767565df1205d27ef1462e95166ca05ef7657580ea31c08cd4cb19fe7bde3932d08752a2eb78b26ddfcef42eb8d642e5e97376d00b226a693c4c5ad44a982113e51f61e810ab78b6c40b04c4d561a8e82650336f08beadea7395987ca9b174c67ead2eb29f81ca1131fd71354835365b4dd887726f945f0f33916031dd4149dc07f18b05f3a530ff58caa499ebf9ab2e98517a84484e5acf26b82001ff50ec8f1d9e3eb028f67b23eff51db702287f00d977b34a8bbb39acb8fea6c02d279cd0b95400bdfd23ee338fdd83426c67a6d8b37cf22adb98f779b6105f1510fd72ddb14934a1b46ce3587ea505452be0b2e58e7e37936dbb3c5acf33d5694d0ad6bc2e603dc74890ea3ce114564c065227c459d7a862355a6e0e2aaf3f1ddc4dc26ac7c0341a8bc649259757e0401f0cb408571b75cb161a6d94e770c775bcf2ecfeff41123f6d11248837d5d8dcc886f8f3538fa556156526c1c4ef5c662dbb0c622ba5ee70b9391c1b412887795dc12115bea1e3eb0eef785930c4627fbaa388222708851899850abf94750476ef76cd962c9cda7d9364fff4a1de3db6e96dc559564d42257dc1a75632065f8cfbe1bb1e189b0a638ae05ccbfd5c362af5647af5b92a79df392bafcd8e90cf860490ce36750b406cbcf75b29466c800875ac4946547b5d9e9530000c7c505f37d91125c53112c2c5f5ca6e1fadeb94d55d16ccb143f17b17fe3c95ac96a5c8e8eeba5d004836adcb2febd3457a942db7197dacf40601cb49e3ba613c55c67e3d5abea747ad1f4b65fd56bf60c3a6298033198da1265564c0c46ab53c6598b9398f3fb0fdd531dbf7b95e0ba37389d1180a834c6f78c95eb75be7d41817e38472c2ce09f3c7a136d8b289b5e0d66b26f35786f4019d0154df53b14d582824f31b55fd9961a5add8803af3ee470bff495f1f009aa2b59e74fb291c2bb3ffa6a303289255fba989bc4ad41bbc1afbca83093e60a829cb374d99f544f19ec97e817e603bbfc8de40ace963883ae35efec2acd75e7cd627f0013411ede6b3e3faf66c0220dae197deff95ecffff36b49c525e98b5a033537fd2fbcc60ee4e14cba2a70ddc27a639073bf6d327d95eab3d75e6108b8b066448e49aff0e1f6312fde69a2ec0566070f83c96d2db34274ca4eb8f2add9c5880e1c0ffc2d0af2e05c8fb4570e60f1c2f5de8d28c00c574703b01f63465fbef5e13091498a39afcb7d9d5e77a2247a637113b8401c9e60ec746f150c09538d1c40bcbb29efbaf5d38c6ab46000b9f4b1d12dc7ae9c15634c8ef9aa01e42ec88b2b7ed35a15f8c261ce4dc11e60803ee225ae49a504fdde0935c0cc0ce24f47191980a6583f0270d437333d0ca6f8666dbbf125c896dae22632bee3c21f85de6c15359366e6e47df586375b21394f4a973026da4a901e2988211b1efd9c77a312eda047d678446213d14294e3043d3b8ce6dd35ddc193cebaa4af6980b78c1d0c0b2d6751282f567ef7ac38a86eeb1f001b4b591924a3765cf93065c467806badbce96c1d6e2d7a077abecc4a04092cd7b53a7b6ba20f05d19aaae486c3da7430d9a75e71f11bd5c2a4913f0a081763415fbee28f07be90580e580ef6517264da8025b1f4e63064bd535745c1f77dcd5f10f61b9094e5c72f36256ee5f8dbcb5a081e3a0d59f0dbbcd721929efcf30c1ba8ebfa693bcf30fbffdfcd69532677cb7811240723467f5c417dedf8ec828cc22d870ccff49d10d786a769b67ce611378308e760dd6b5c64766374429bb59f39499d3943a4ca543cea1c284c2be37aa37e7fd86b0c4b5e24f2524da822fb313baeb24e889239f31fbc01d57bee86d9ef01bf7d8a2ddb8065a3bc966c3cb3190117d9c39fd5d664466b2179ad8f3b4e9e012e8c78f78fe1b50c60f087d11599e99db6473b1d6199c4cd9fa857a4083f63d5e4f7427a87f0528bc41ac1483e3d05a4981491ee8605899903f247c3b87ea8d0a96dd371fdefc03777fbfafbb77a745d4a93dfa729a52f0b0b4af39abc05db7b1ff3499b87c624beeb7c7c46e99dc1389546fb19b138de6df784d9febae8ee4b393584a2ea9bad985e566f8ecd8ae8de315141a68432f3cc578af64b7a9ecc7fe9b0fb89e9719d413b076a6f7198e3644ab6837640b8ea5e216458716341cbb81df84f3c672c2289ac3b88cc6ac6a052c725dd69ea5594e5be5f30f76a154bbc550a8d8b030e2a53fa0e7c7354f495e0268813641001b224867eb5f21a202e37aa3faa8352cceb7dc643b2fcdad37ec5db791c97211803d02b5e8cfe74288789e48dbf7f80756a066283ac94e09525410bc2b9d648429501f545d24e664a48320bea3cc04505fc35d1ab6033e3b999f329c29276e75ae9f09c3b627a6664365dc967010d223020eed7564ffdc794bb16f78b9658a15961cfa2724056ba1a766897063816ef73dc6fac018df062fc48ac2ec93d423343a906a654a8e2f3a80b0e902638720b41864a1218817319d9afc39a7a45e15118a8c2b02100453bcba0019f58107451fd8f0bf0bf614b7d7fe9b6b286331f6c622c0157158eaf44353fb177cf4924e8479711d2b74bb2832d42d2c824fe2b9bda94d2bcb08a63858c77", 0x1000}], 0x2, &(0x7f00000029c0)=[@assoc={0x18, 0x117, 0x4, 0x1}, @op={0x18}, @op={0x18, 0x117, 0x3, 0xb6c8f77091d89b53}, @assoc={0x18, 0x117, 0x4, 0x20}], 0x60, 0x8000}], 0xa, 0x1) connect$inet6(r0, &(0x7f0000000240)={0xa, 0x0, 0x0, @local}, 0x1c) 20:42:54 executing program 5: mmap(&(0x7f0000000000/0x7000)=nil, 0x7000, 0x3, 0x10, 0xffffffffffffffff, 0x0) sendmsg(0xffffffffffffffff, &(0x7f0000000000)={&(0x7f0000004fe4)=@in6={0xa, 0x0, 0x0, @ipv4={[], [], @loopback}}, 0x80, &(0x7f0000005000), 0x0, &(0x7f0000006ff6)=ANY=[]}, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000fe8)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1}) 20:42:54 executing program 0 (fault-call:2 fault-nth:24): r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCSIFADDR(r0, 0x8916, &(0x7f00000000c0)={'bond_slave_0\x00'}) ioctl$sock_inet_SIOCSIFADDR(r0, 0x8916, &(0x7f0000000000)={'bond_slave_0\x00', {0x2, 0x0, @local}}) 20:42:54 executing program 5: r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000001000)={0x1, {{0xa, 0x0, 0x0, @mcast2}}, {{0xa, 0x0, 0x0, @local={0xfe, 0x80, [], 0xffffffffffffffff}}}}, 0x108) r1 = syz_open_procfs(0x0, &(0x7f000012bff2)='net/mcfilter6\x00') read$eventfd(r1, &(0x7f00000000c0), 0x2c3) 20:42:54 executing program 2: r0 = mq_open(&(0x7f00005a1ffb)='eth0\x00', 0x42, 0x0, &(0x7f0000000000)) mq_timedsend(r0, &(0x7f00000e6000), 0x0, 0xe7, &(0x7f0000e0b000)) 20:42:54 executing program 7: r0 = syz_open_dev$binder(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000000c0)={0x4, 0x0, &(0x7f0000000100)=[@register_looper], 0x1, 0x6c000000, &(0x7f0000000280)='\b'}) r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000008fd0)={0x0, 0x0, &(0x7f0000000140), 0x0, 0x0, &(0x7f0000fedffe)}) 20:42:54 executing program 6: r0 = socket$inet6(0xa, 0x1, 0x0) socketpair$inet_sctp(0x2, 0x5, 0x84, &(0x7f0000000000)) setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f00000005c0)=0x1, 0x4) connect$inet6(r0, &(0x7f0000000240)={0xa, 0x0, 0x0, @local}, 0x1c) [ 176.185403] binder: 9763:9765 ERROR: BC_REGISTER_LOOPER called without request [ 176.205867] FAULT_INJECTION: forcing a failure. [ 176.205867] name failslab, interval 1, probability 0, space 0, times 0 [ 176.217375] CPU: 0 PID: 9747 Comm: syz-executor0 Not tainted 4.18.0-rc5-next-20180720+ #12 [ 176.225790] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 176.235149] Call Trace: [ 176.237748] dump_stack+0x1c9/0x2b4 [ 176.241382] ? dump_stack_print_info.cold.2+0x52/0x52 [ 176.246581] ? lock_acquire+0x1e4/0x540 [ 176.250576] should_fail.cold.4+0xa/0x11 [ 176.254636] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 176.259744] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 176.264337] ? kasan_check_write+0x14/0x20 [ 176.268597] ? trace_hardirqs_on+0xd/0x10 [ 176.272762] ? debug_object_active_state+0x2f5/0x4d0 [ 176.277859] ? kasan_check_read+0x11/0x20 [ 176.282014] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 176.287038] ? bpf_prog_kallsyms_find+0xde/0x4c0 [ 176.291836] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 176.296854] ? lock_acquire+0x1e4/0x540 [ 176.300820] ? is_bpf_text_address+0xae/0x170 [ 176.305321] __should_failslab+0x124/0x180 [ 176.309548] should_failslab+0x9/0x14 [ 176.313340] kmem_cache_alloc_node_trace+0x5a/0x770 [ 176.318348] ? kasan_check_read+0x11/0x20 [ 176.322487] ? rcu_is_watching+0x8c/0x150 [ 176.326632] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 176.331661] __kmalloc_node_track_caller+0x33/0x70 [ 176.336605] __kmalloc_reserve.isra.41+0x3a/0xe0 [ 176.341380] pskb_expand_head+0x230/0x10e0 [ 176.345626] ? rtnetlink_put_metrics+0x3a8/0x690 [ 176.350402] ? __pskb_copy_fclone+0xeb0/0xeb0 [ 176.354918] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 176.359959] ? skb_put+0x17b/0x1e0 [ 176.363505] ? memset+0x31/0x40 [ 176.366815] ? memcpy+0x45/0x50 [ 176.370103] ? __nla_put+0x37/0x40 [ 176.373649] ? nla_put+0x11a/0x150 [ 176.377194] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 176.382730] ? fib_dump_info+0x950/0x1bc0 [ 176.386891] netlink_trim+0x2ea/0x380 [ 176.390696] ? netlink_skb_destructor+0x210/0x210 [ 176.395552] ? kasan_unpoison_shadow+0x35/0x50 [ 176.400143] ? kasan_kmalloc+0xc4/0xe0 [ 176.404040] netlink_broadcast_filtered+0x105/0x1620 [ 176.409148] ? kasan_unpoison_shadow+0x35/0x50 [ 176.413735] ? kasan_kmalloc+0xc4/0xe0 [ 176.417629] ? __netlink_sendskb+0xd0/0xd0 [ 176.421957] ? __kmalloc_node_track_caller+0x47/0x70 [ 176.427068] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 176.432608] ? __alloc_skb+0x4c6/0x770 [ 176.436499] ? skb_scrub_packet+0x490/0x490 [ 176.440827] ? atomic_notifier_call_chain+0xf1/0x190 [ 176.445932] nlmsg_notify+0xa0/0x1a0 [ 176.449657] rtnl_notify+0xce/0xf0 [ 176.453205] rtmsg_fib+0x369/0x4d0 [ 176.456771] fib_table_insert+0x7a8/0x17a0 [ 176.461016] ? fib_table_lookup+0x24a0/0x24a0 [ 176.465536] ? trace_hardirqs_on+0xd/0x10 [ 176.469687] ? kasan_unpoison_shadow+0x35/0x50 [ 176.474268] ? kasan_kmalloc+0xc4/0xe0 [ 176.478159] fib_magic.isra.22+0x66b/0x890 [ 176.482415] ? fib_new_table+0x490/0x490 [ 176.486487] ? lock_acquire+0x1e4/0x540 [ 176.490485] ? blocking_notifier_call_chain+0x129/0x190 [ 176.495860] fib_add_ifaddr+0x382/0x500 [ 176.499840] fib_inetaddr_event+0x172/0x222 [ 176.504167] notifier_call_chain+0x180/0x390 [ 176.508581] ? unregister_die_notifier+0x20/0x20 [ 176.513337] ? __x64_sys_ioctl+0x73/0xb0 [ 176.517405] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 176.522795] blocking_notifier_call_chain+0x147/0x190 [ 176.528004] ? srcu_init_notifier_head+0xa0/0xa0 [ 176.532767] ? rtmsg_ifa+0x14e/0x1e0 [ 176.536486] __inet_insert_ifa+0x858/0xba0 [ 176.540728] ? refcount_add_not_zero_checked+0x330/0x330 [ 176.546178] ? __inet_del_ifa+0xbd0/0xbd0 [ 176.550332] ? rtnl_is_locked+0xb5/0xf0 [ 176.554308] ? rtnl_trylock+0x20/0x20 [ 176.558113] devinet_ioctl+0x1460/0x1d90 [ 176.562179] ? inet_ifa_byprefix+0x240/0x240 [ 176.566591] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 176.572135] inet_ioctl+0x18b/0x360 [ 176.575763] ? inet_stream_connect+0xa0/0xa0 [ 176.580178] ? _parse_integer+0x190/0x190 [ 176.584328] ? lock_release+0xa30/0xa30 [ 176.588301] ? check_same_owner+0x340/0x340 [ 176.592644] ? __check_object_size+0xa3/0x5d7 [ 176.597153] sock_do_ioctl+0xe4/0x3e0 [ 176.600960] ? __fget+0x4ac/0x740 [ 176.604424] ? compat_ifr_data_ioctl+0x170/0x170 [ 176.609187] ? lock_release+0xa30/0xa30 [ 176.613162] ? pid_task+0x115/0x200 [ 176.616792] ? find_vpid+0xf0/0xf0 [ 176.620338] ? __f_unlock_pos+0x19/0x20 [ 176.624327] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 176.629545] sock_ioctl+0x30d/0x680 [ 176.633201] ? dlci_ioctl_set+0x40/0x40 [ 176.637204] ? ksys_dup3+0x690/0x690 [ 176.640936] ? kasan_check_write+0x14/0x20 [ 176.645177] ? __mutex_unlock_slowpath+0x197/0x8c0 [ 176.650129] ? fsnotify+0xbac/0x14e0 [ 176.653849] ? vfs_write+0x2f3/0x560 [ 176.657668] ? dlci_ioctl_set+0x40/0x40 [ 176.661739] do_vfs_ioctl+0x1de/0x1720 [ 176.665638] ? fsnotify_first_mark+0x350/0x350 [ 176.670312] ? __fsnotify_parent+0xcc/0x420 [ 176.674646] ? ioctl_preallocate+0x300/0x300 [ 176.679076] ? __fget_light+0x2f7/0x440 [ 176.683070] ? fget_raw+0x20/0x20 [ 176.686531] ? __sb_end_write+0xac/0xe0 [ 176.690512] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 176.696052] ? fput+0x130/0x1a0 [ 176.699333] ? ksys_write+0x1ae/0x260 [ 176.703140] ? security_file_ioctl+0x94/0xc0 [ 176.707550] ksys_ioctl+0xa9/0xd0 [ 176.711017] __x64_sys_ioctl+0x73/0xb0 [ 176.714905] do_syscall_64+0x1b9/0x820 [ 176.718796] ? finish_task_switch+0x1d3/0x870 [ 176.723295] ? syscall_return_slowpath+0x5e0/0x5e0 [ 176.728229] ? syscall_return_slowpath+0x31d/0x5e0 [ 176.733165] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 176.738185] ? prepare_exit_to_usermode+0x291/0x3b0 [ 176.743208] ? perf_trace_sys_enter+0xb10/0xb10 [ 176.747883] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 176.752745] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 176.757949] RIP: 0033:0x455ab9 [ 176.761134] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 176.780434] RSP: 002b:00007f2865266c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 20:42:55 executing program 1: r0 = socket$inet6_udp(0xa, 0x2, 0x0) r1 = socket$l2tp(0x18, 0x1, 0x1) connect$l2tp(r1, &(0x7f00005fafd2)=@pppol2tpv3={0x18, 0x1, {0x0, r0, {0x2, 0x0, @multicast2}, 0x4}}, 0x2e) recvmmsg(r1, &(0x7f0000004600)=[{{&(0x7f0000000000)=@pppol2tpv3={0x0, 0x0, {0x0, 0xffffffffffffffff, {0x0, 0x0, @dev}}}, 0x80, &(0x7f0000000340)=[{&(0x7f0000000080)=""/156, 0x9c}, {&(0x7f0000000140)=""/66, 0x42}, {&(0x7f00000001c0)=""/207, 0xcf}, {&(0x7f00000002c0)=""/89, 0x59}], 0x4, &(0x7f0000000380)=""/74, 0x4a, 0x9}, 0x1}, {{&(0x7f0000000400)=@llc={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @dev}, 0x80, &(0x7f00000005c0)=[{&(0x7f0000000480)=""/73, 0x49}, {&(0x7f0000000500)=""/134, 0x86}, {&(0x7f0000001580)=""/169, 0xa9}, {&(0x7f0000001640)=""/159, 0x9f}, {&(0x7f0000001700)=""/158, 0x9e}, {&(0x7f00000017c0)=""/158, 0x9e}, {&(0x7f0000001880)=""/145, 0x91}], 0x7, &(0x7f0000001940)=""/206, 0xce, 0xd68d}, 0x7fffffff}, {{&(0x7f0000001a40)=@ll={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @dev}, 0x80, &(0x7f0000002ec0)=[{&(0x7f0000000bc0)=""/33, 0x21}, {&(0x7f0000001ac0)=""/4096, 0x1000}, {&(0x7f0000002ac0)=""/115, 0x73}, {&(0x7f0000002b40)=""/176, 0xb0}, {&(0x7f0000002c00)=""/54, 0x36}, {&(0x7f0000002c40)=""/176, 0xb0}, {&(0x7f0000002d00)=""/6, 0x6}, {&(0x7f0000002d40)=""/30, 0x1e}, {&(0x7f0000002d80)=""/140, 0x8c}, {&(0x7f0000002e40)=""/91, 0x5b}], 0xa, &(0x7f0000002f40)=""/91, 0x5b, 0x1a4}, 0x100000000000000}, {{&(0x7f0000002fc0)=@pppol2tp={0x0, 0x0, {0x0, 0xffffffffffffffff, {0x0, 0x0, @broadcast}}}, 0x80, &(0x7f0000003100)=[{&(0x7f0000003040)=""/159, 0x9f}], 0x1, &(0x7f0000003140)=""/132, 0x84, 0x4}, 0xffff}, {{&(0x7f0000003200)=@in={0x0, 0x0, @multicast1}, 0x80, &(0x7f0000004580)=[{&(0x7f0000003280)=""/181, 0xb5}, {&(0x7f0000003340)=""/183, 0xb7}, {&(0x7f0000003400)=""/2, 0x2}, {&(0x7f0000003440)=""/143, 0x8f}, {&(0x7f0000003500)=""/4096, 0x1000}, {&(0x7f0000004500)=""/112, 0x70}], 0x6, &(0x7f00000045c0)=""/8, 0x8, 0x7}, 0x642}], 0x5, 0x0, &(0x7f00000046c0)={0x77359400}) ioctl$PPPIOCGCHAN(r1, 0x80047437, &(0x7f0000000600)) dup3(r1, r0, 0x80000) 20:42:55 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e23, @broadcast}, 0x10) sendto$inet(r0, &(0x7f0000a88f88), 0xfffffffffffffe6e, 0x20000000, &(0x7f0000e68000)={0x2, 0x0, @local}, 0x10) shutdown(r1, 0x1) 20:42:55 executing program 2: r0 = mq_open(&(0x7f00005a1ffb)='eth0\x00', 0x42, 0x0, &(0x7f0000000000)) mq_timedsend(0xffffffffffffffff, &(0x7f00000e6000), 0x0, 0xe7, &(0x7f0000e0b000)) 20:42:55 executing program 6: r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f0000000000)=0x5, 0x4) connect$inet6(r0, &(0x7f0000000240)={0xa, 0x0, 0x0, @local}, 0x1c) 20:42:55 executing program 5: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f000099e000)={0x2, 0x4e20, @multicast1}, 0x10) sendto$inet(r0, &(0x7f0000000200), 0xfffffffffffffeb4, 0x20008005, &(0x7f0000db4ff0)={0x2, 0x4e20, @loopback}, 0x10) shutdown(r0, 0x1) recvfrom(r0, &(0x7f0000f9cf9b)=""/101, 0x6478c8501c739c9d, 0x120, 0x0, 0x35) ioctl$sock_inet_tcp_SIOCINQ(r0, 0x541b, &(0x7f00000001c0)) [ 176.788150] RAX: ffffffffffffffda RBX: 00007f28652676d4 RCX: 0000000000455ab9 [ 176.795417] RDX: 0000000020000000 RSI: 0000000000008916 RDI: 0000000000000013 [ 176.802690] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 176.809966] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000014 [ 176.817233] R13: 00000000004bfc03 R14: 00000000004cf4d8 R15: 0000000000000018 20:42:55 executing program 0 (fault-call:2 fault-nth:25): r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCSIFADDR(r0, 0x8916, &(0x7f00000000c0)={'bond_slave_0\x00'}) ioctl$sock_inet_SIOCSIFADDR(r0, 0x8916, &(0x7f0000000000)={'bond_slave_0\x00', {0x2, 0x0, @local}}) 20:42:55 executing program 6: r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f00000005c0)=0x1, 0x4) r1 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000000)='/dev/qat_adf_ctl\x00', 0x442001, 0x0) openat$zero(0xffffffffffffff9c, &(0x7f0000000040)='/dev/zero\x00', 0x0, 0x0) ioctl$EVIOCSABS20(r1, 0x401845e0, &(0x7f0000000080)={0x400, 0x81, 0x5, 0x8, 0x31, 0x9}) ioctl$LOOP_SET_CAPACITY(r1, 0x4c07) ioctl$KDDISABIO(r1, 0x4b37) connect$inet6(r0, &(0x7f0000000240)={0xa, 0x0, 0x0, @local}, 0x1c) [ 176.972779] FAULT_INJECTION: forcing a failure. [ 176.972779] name failslab, interval 1, probability 0, space 0, times 0 [ 176.984178] CPU: 1 PID: 9792 Comm: syz-executor0 Not tainted 4.18.0-rc5-next-20180720+ #12 [ 176.992581] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 177.001928] Call Trace: [ 177.004540] dump_stack+0x1c9/0x2b4 [ 177.008164] ? dump_stack_print_info.cold.2+0x52/0x52 [ 177.013344] ? save_stack+0xa9/0xd0 [ 177.016979] ? save_stack+0x43/0xd0 [ 177.020603] should_fail.cold.4+0xa/0x11 [ 177.024654] ? fib_table_insert+0x7a8/0x17a0 [ 177.029064] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 177.034158] ? devinet_ioctl+0x1460/0x1d90 [ 177.038390] ? inet_ioctl+0x18b/0x360 [ 177.042208] ? sock_do_ioctl+0xe4/0x3e0 [ 177.046186] ? sock_ioctl+0x30d/0x680 [ 177.049977] ? do_vfs_ioctl+0x1de/0x1720 [ 177.054037] ? ksys_ioctl+0xa9/0xd0 [ 177.057652] ? __x64_sys_ioctl+0x73/0xb0 [ 177.061705] ? do_syscall_64+0x1b9/0x820 [ 177.065931] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 177.071288] ? kasan_check_write+0x14/0x20 [ 177.075512] ? do_raw_spin_lock+0xc1/0x200 [ 177.079737] ? trace_hardirqs_off+0xd/0x10 [ 177.083990] ? _raw_spin_unlock_irqrestore+0x63/0xc0 [ 177.089105] ? debug_check_no_obj_freed+0x30b/0x595 [ 177.094119] ? lock_acquire+0x1e4/0x540 [ 177.098093] ? fs_reclaim_acquire+0x20/0x20 [ 177.102408] ? lock_downgrade+0x8f0/0x8f0 [ 177.106561] ? check_same_owner+0x340/0x340 [ 177.110871] ? rcu_note_context_switch+0x730/0x730 [ 177.115901] ? do_raw_spin_lock+0xc1/0x200 [ 177.120130] __should_failslab+0x124/0x180 [ 177.124354] should_failslab+0x9/0x14 [ 177.128147] __kmalloc+0x2c8/0x760 [ 177.131711] ? alloc_skb_with_frags+0x7d0/0x7d0 [ 177.136397] ? __wake_up_common+0x740/0x740 [ 177.140735] ? fib_create_info+0x9b1/0x45e0 [ 177.145074] fib_create_info+0x9b1/0x45e0 [ 177.149240] ? netlink_broadcast_filtered+0x7e5/0x1620 [ 177.154509] ? kasan_unpoison_shadow+0x35/0x50 [ 177.159084] ? trace_hardirqs_on+0x10/0x10 [ 177.163332] ? fib_info_update_nh_saddr+0x300/0x300 [ 177.168346] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 177.173874] ? __alloc_skb+0x4c6/0x770 [ 177.177752] ? skb_scrub_packet+0x490/0x490 [ 177.182069] ? atomic_notifier_call_chain+0xf1/0x190 [ 177.187168] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 177.192700] ? nlmsg_notify+0xc4/0x1a0 [ 177.196596] ? rtnl_notify+0xce/0xf0 [ 177.200318] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 177.205324] ? fib_get_table+0x274/0x350 [ 177.209374] ? __fib_validate_source+0x1f10/0x1f10 [ 177.214336] fib_table_insert+0x1c1/0x17a0 [ 177.218580] ? fib_new_table+0xc0/0x490 [ 177.222551] ? fib_table_lookup+0x24a0/0x24a0 [ 177.227041] ? trace_hardirqs_on+0xd/0x10 [ 177.231174] ? kasan_unpoison_shadow+0x35/0x50 [ 177.235829] ? kasan_kmalloc+0xc4/0xe0 [ 177.239708] fib_magic.isra.22+0x66b/0x890 [ 177.243933] ? fib_new_table+0x490/0x490 [ 177.247998] ? lock_acquire+0x1e4/0x540 [ 177.251967] ? blocking_notifier_call_chain+0x129/0x190 [ 177.257321] fib_add_ifaddr+0x45c/0x500 [ 177.261297] fib_inetaddr_event+0x172/0x222 [ 177.265611] notifier_call_chain+0x180/0x390 [ 177.270017] ? unregister_die_notifier+0x20/0x20 [ 177.274767] ? __x64_sys_ioctl+0x73/0xb0 [ 177.278823] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 177.284193] blocking_notifier_call_chain+0x147/0x190 [ 177.289383] ? srcu_init_notifier_head+0xa0/0xa0 [ 177.294136] ? rtmsg_ifa+0x14e/0x1e0 [ 177.297844] __inet_insert_ifa+0x858/0xba0 [ 177.302073] ? refcount_add_not_zero_checked+0x330/0x330 [ 177.307528] ? __inet_del_ifa+0xbd0/0xbd0 [ 177.311673] ? rtnl_is_locked+0xb5/0xf0 [ 177.315654] ? rtnl_trylock+0x20/0x20 [ 177.319458] devinet_ioctl+0x1460/0x1d90 [ 177.323520] ? inet_ifa_byprefix+0x240/0x240 [ 177.327925] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 177.333479] inet_ioctl+0x18b/0x360 [ 177.337118] ? inet_stream_connect+0xa0/0xa0 [ 177.341537] ? _parse_integer+0x190/0x190 [ 177.345694] ? lock_release+0xa30/0xa30 [ 177.349661] ? check_same_owner+0x340/0x340 [ 177.353980] ? __check_object_size+0xa3/0x5d7 [ 177.358473] sock_do_ioctl+0xe4/0x3e0 [ 177.362260] ? __fget+0x4ac/0x740 [ 177.365701] ? compat_ifr_data_ioctl+0x170/0x170 [ 177.370491] ? lock_release+0xa30/0xa30 [ 177.374486] ? pid_task+0x115/0x200 [ 177.378104] ? find_vpid+0xf0/0xf0 [ 177.381641] ? __f_unlock_pos+0x19/0x20 [ 177.385617] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 177.390805] sock_ioctl+0x30d/0x680 [ 177.394513] ? dlci_ioctl_set+0x40/0x40 [ 177.398481] ? ksys_dup3+0x690/0x690 [ 177.402196] ? kasan_check_write+0x14/0x20 [ 177.406424] ? __mutex_unlock_slowpath+0x197/0x8c0 [ 177.411343] ? fsnotify+0xbac/0x14e0 [ 177.415053] ? vfs_write+0x2f3/0x560 [ 177.418755] ? dlci_ioctl_set+0x40/0x40 [ 177.422717] do_vfs_ioctl+0x1de/0x1720 [ 177.426599] ? fsnotify_first_mark+0x350/0x350 [ 177.431175] ? __fsnotify_parent+0xcc/0x420 [ 177.435502] ? ioctl_preallocate+0x300/0x300 [ 177.439932] ? __fget_light+0x2f7/0x440 [ 177.444043] ? fget_raw+0x20/0x20 [ 177.447507] ? __sb_end_write+0xac/0xe0 [ 177.451484] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 177.457120] ? fput+0x130/0x1a0 [ 177.460440] ? ksys_write+0x1ae/0x260 [ 177.464262] ? security_file_ioctl+0x94/0xc0 [ 177.468666] ksys_ioctl+0xa9/0xd0 [ 177.472126] __x64_sys_ioctl+0x73/0xb0 [ 177.476016] do_syscall_64+0x1b9/0x820 [ 177.479901] ? finish_task_switch+0x1d3/0x870 [ 177.484405] ? syscall_return_slowpath+0x5e0/0x5e0 [ 177.489330] ? syscall_return_slowpath+0x31d/0x5e0 [ 177.494258] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 177.499263] ? prepare_exit_to_usermode+0x291/0x3b0 [ 177.504271] ? perf_trace_sys_enter+0xb10/0xb10 [ 177.508937] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 177.513779] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 177.518968] RIP: 0033:0x455ab9 [ 177.522159] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 177.541369] RSP: 002b:00007f2865266c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 177.549076] RAX: ffffffffffffffda RBX: 00007f28652676d4 RCX: 0000000000455ab9 [ 177.556335] RDX: 0000000020000000 RSI: 0000000000008916 RDI: 0000000000000013 [ 177.563601] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 20:42:56 executing program 4: preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000080)=""/148, 0x289}], 0x1, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/arp\x00') preadv(r0, &(0x7f0000000480), 0x10000000000002a1, 0x10400003) ioctl$TUNGETSNDBUF(0xffffffffffffffff, 0x800454d3, &(0x7f0000000000)) ioctl$PERF_EVENT_IOC_RESET(0xffffffffffffffff, 0x2403, 0x5) fcntl$setown(r0, 0x8, 0x0) r1 = epoll_create1(0x80006) r2 = socket(0x0, 0x0, 0x1116) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r2, &(0x7f0000000000)={0xfffffffe8000201f}) setsockopt$inet_udp_int(r2, 0x11, 0x6f, &(0x7f0000000100)=0x7, 0x4) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r1, &(0x7f0000000540)={0x20000003}) ioctl$sock_netdev_private(r3, 0x89f0, &(0x7f0000000480)="dd6c4aae95babf1ba2cec8b824c3d8fd5e5e2a57f332e1c96456a1d00ea4ce51a18b3bfae24dc491ada880e92ffe5376d59852e5ee1b2cde661cadfb31d0a597bb36b5180ca4958e224ea71a6b099d1592d459f4f498fce378ebf9ec4774f407b189a23bfebadf74943b2858f72fd422c838df1af095ff") ioctl$BLKSECDISCARD(r3, 0x127d, &(0x7f0000000300)=0x6bb) r5 = perf_event_open(&(0x7f0000000140)={0x2, 0xb1, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) fcntl$getown(r5, 0x9) r6 = mq_open(&(0x7f00005a1ffb)='eth0\x00', 0x42, 0x0, &(0x7f0000000000)={0x0, 0x6, 0x4}) mq_notify(r6, &(0x7f0000000140)={0x0, 0x2e, 0x1, @thr={&(0x7f0000000040)="7be4d6b00202ca53878499e01146863a2e7c8ca45e1910e5eba6453bb6f234b5a1b1bca731970a74bfc8e1793749ea18156c9b8a615bfa2f506fcf44060d36e38f66f111149434d5139e416358ea33f34b4507cdc299f7868d5f186e6bd604", &(0x7f00000000c0)="3c5d8da40d1477844fc4c160b6004a90edc520a6935a49cf5da4c2b525d13146ed27d429c762a4b0e9aaed82555cd1ae800d"}}) r7 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rtc0\x00', 0x101004, 0x0) preadv(r7, &(0x7f0000000440)=[{&(0x7f0000000340)=""/249, 0xf9}], 0x1, 0x0) pipe2(&(0x7f0000000580)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) ioctl$SG_GET_PACK_ID(r8, 0x227c, &(0x7f00000005c0)) ppoll(&(0x7f00000001c0)=[{r6, 0x8000}, {r7, 0x420}], 0x2, &(0x7f0000000200)={0x77359400}, &(0x7f0000000240)={0x9}, 0x8) mq_timedsend(r6, &(0x7f00000e6000), 0x0, 0xe7, &(0x7f0000e0b000)) getsockopt$inet_udp_int(r3, 0x11, 0x1, &(0x7f0000000280), &(0x7f0000000640)=0x4) write$eventfd(r4, &(0x7f00000002c0)=0x43, 0x8) setsockopt$inet_mreq(r2, 0x0, 0x23, &(0x7f0000000500)={@local, @rand_addr=0x800}, 0x8) syz_genetlink_get_family_id$team(&(0x7f0000000780)='team\x00') 20:42:56 executing program 2: r0 = mq_open(&(0x7f00005a1ffb)='eth0\x00', 0x42, 0x0, &(0x7f0000000000)) mq_timedsend(0xffffffffffffffff, &(0x7f00000e6000), 0x0, 0xe7, &(0x7f0000e0b000)) 20:42:56 executing program 6: r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f0000000040)=0x1, 0x4) connect$inet6(r0, &(0x7f0000000240)={0xa, 0x0, 0x0, @local}, 0x1c) ioctl$sock_inet_SIOCSIFDSTADDR(r0, 0x8918, &(0x7f0000000000)={'ip6gre0\x00', {0x2, 0x4e22, @broadcast}}) getsockopt$inet6_IPV6_IPSEC_POLICY(r0, 0x29, 0x22, &(0x7f0000001680)={{{@in=@multicast2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@loopback}}}, &(0x7f0000000200)=0xe8) ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000001780)={@loopback, @remote, @mcast1, 0x80, 0x6, 0x3, 0x100, 0x9, 0x80000, r1}) 20:42:56 executing program 0 (fault-call:2 fault-nth:26): r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCSIFADDR(r0, 0x8916, &(0x7f00000000c0)={'bond_slave_0\x00'}) ioctl$sock_inet_SIOCSIFADDR(r0, 0x8916, &(0x7f0000000000)={'bond_slave_0\x00', {0x2, 0x0, @local}}) [ 177.570867] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000014 [ 177.578131] R13: 00000000004bfc03 R14: 00000000004cf4d8 R15: 0000000000000019 20:42:56 executing program 2: r0 = mq_open(&(0x7f00005a1ffb)='eth0\x00', 0x42, 0x0, &(0x7f0000000000)) mq_timedsend(0xffffffffffffffff, &(0x7f00000e6000), 0x0, 0xe7, &(0x7f0000e0b000)) 20:42:56 executing program 6: r0 = socket$inet6(0xa, 0x3, 0x0) setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f0000000000)=0x3, 0x4) connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x1, 0x0, @local}, 0x2e) r1 = syz_open_dev$amidi(&(0x7f0000000040)='/dev/amidi#\x00', 0x4, 0x400000) r2 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000100)='IPVS\x00') sendmsg$IPVS_CMD_SET_CONFIG(r1, &(0x7f0000000280)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x20800000}, 0xc, &(0x7f0000000240)={&(0x7f0000000140)={0xe4, r2, 0xa00, 0x70bd26, 0x25dfdbfd, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x5}, @IPVS_CMD_ATTR_DEST={0x14, 0x2, [@IPVS_DEST_ATTR_WEIGHT={0x8, 0x4, 0x200}, @IPVS_DEST_ATTR_WEIGHT={0x8, 0x4, 0xff}]}, @IPVS_CMD_ATTR_DAEMON={0x38, 0x3, [@IPVS_DAEMON_ATTR_MCAST_TTL={0x8, 0x8, 0x1}, @IPVS_DAEMON_ATTR_MCAST_PORT={0x8, 0x7, 0x4e21}, @IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'veth0_to_team\x00'}, @IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x8, 0x4, 0xfffffffffffff12a}, @IPVS_DAEMON_ATTR_MCAST_PORT={0x8, 0x7, 0x4e22}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x101}, @IPVS_CMD_ATTR_SERVICE={0x48, 0x1, [@IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x2c}, @IPVS_SVC_ATTR_AF={0x8, 0x1, 0xa}, @IPVS_SVC_ATTR_FWMARK={0x8, 0x5, 0x4}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv4=@loopback}, @IPVS_SVC_ATTR_AF={0x8, 0x1, 0xa}, @IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}, @IPVS_SVC_ATTR_FWMARK={0x8}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x3ff}, @IPVS_CMD_ATTR_SERVICE={0x24, 0x1, [@IPVS_SVC_ATTR_SCHED_NAME={0x8, 0x6, 'wrr\x00'}, @IPVS_SVC_ATTR_SCHED_NAME={0x8, 0x6, 'rr\x00'}, @IPVS_SVC_ATTR_FWMARK={0x8}, @IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}]}]}, 0xe4}, 0x1, 0x0, 0x0, 0x20008081}, 0x4000000) socket$inet6(0xa, 0x800, 0xfffffffffffff58a) 20:42:56 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e23, @broadcast}, 0x10) sendto$inet(r0, &(0x7f0000a88f88), 0xfffffffffffffe6e, 0x20000000, &(0x7f0000e68000)={0x2, 0x0, @local}, 0x10) shutdown(r1, 0x1) 20:42:56 executing program 7: r0 = syz_open_dev$binder(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000000c0)={0x4, 0x0, &(0x7f0000000100)=[@register_looper], 0x1, 0x6c000000, &(0x7f0000000280)='\b'}) r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000008fd0)={0x0, 0x0, &(0x7f0000000140), 0x0, 0x0, &(0x7f0000fedffe)}) 20:42:56 executing program 5: r0 = socket$inet(0x2, 0x2, 0x0) setsockopt$inet_opts(r0, 0x0, 0x4, &(0x7f00000000c0)="8907040400", 0x5) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000080)='syz_tun\x00', 0x10) connect$inet(r0, &(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10) setsockopt$inet_group_source_req(r0, 0x0, 0x2e, &(0x7f0000000100)={0x1, {{0x2, 0x0, @multicast1}}, {{0x2, 0x0, @dev}}}, 0x108) 20:42:56 executing program 1: r0 = socket$inet6(0xa, 0x1, 0x7fffffff) setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f00000005c0)=0x1, 0x4) connect$inet6(r0, &(0x7f0000000240)={0xa, 0x0, 0x0, @local}, 0x1c) fcntl$F_GET_RW_HINT(r0, 0x40b, &(0x7f00000001c0)) r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer2\x00', 0x4000, 0x0) r2 = fcntl$getown(r1, 0x9) r3 = fcntl$getown(r1, 0x9) kcmp(r2, r3, 0x2, r1, r1) setsockopt$RDS_GET_MR_FOR_DEST(r1, 0x114, 0x7, &(0x7f0000000100)={@alg={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-serpent-avx2\x00'}, {&(0x7f0000000040)=""/85, 0x55}, &(0x7f0000000200), 0x64}, 0xa0) 20:42:56 executing program 2: r0 = mq_open(&(0x7f00005a1ffb)='eth0\x00', 0x42, 0x0, &(0x7f0000000000)) mq_timedsend(r0, &(0x7f00000e6000), 0x0, 0x0, &(0x7f0000e0b000)) [ 177.778576] binder: 9824:9826 ERROR: BC_REGISTER_LOOPER called without request [ 177.781224] FAULT_INJECTION: forcing a failure. [ 177.781224] name failslab, interval 1, probability 0, space 0, times 0 [ 177.797359] CPU: 1 PID: 9803 Comm: syz-executor0 Not tainted 4.18.0-rc5-next-20180720+ #12 [ 177.805772] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 177.815135] Call Trace: [ 177.817749] dump_stack+0x1c9/0x2b4 [ 177.821564] ? dump_stack_print_info.cold.2+0x52/0x52 [ 177.826782] ? call_rcu_sched+0x12/0x20 [ 177.830797] ? free_fib_info+0x17f/0x1d0 [ 177.834866] should_fail.cold.4+0xa/0x11 [ 177.838923] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 177.844051] ? fib_info_update_nh_saddr+0x300/0x300 [ 177.849082] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 177.854634] ? __alloc_skb+0x4c6/0x770 [ 177.858537] ? lock_acquire+0x1e4/0x540 [ 177.862510] ? fs_reclaim_acquire+0x20/0x20 [ 177.866837] ? lock_downgrade+0x8f0/0x8f0 [ 177.871008] ? check_same_owner+0x340/0x340 20:42:56 executing program 6: r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f00000005c0)=0x1, 0x4) r1 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000340)='/dev/rtc0\x00', 0x101000, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f00000003c0)={r1, r1, 0x0, 0x3}, 0x10) setsockopt$inet_sctp_SCTP_ADAPTATION_LAYER(r1, 0x84, 0x7, &(0x7f0000000380)={0x700}, 0x4) connect$inet6(r0, &(0x7f0000000240)={0xa, 0x0, 0x0, @local}, 0x1c) writev(r0, &(0x7f0000000200)=[{&(0x7f0000000000)="b1529a5ff7a4097cc93db57532a983472b0a515c67fc45308c3ceb431a892bfde975b8cd0dc635355c5ec760a82bbbd07d986ecfd1bffc66c63c6ada3007c7806bd4410624d690f7c053e23c40a63cd419865f6a86aa0a2e2fddc1fe18e2c368e2c4313fccd94169010a4e64292be56f33fb2864ab51dc862042306106ff099ade15649d42bc5a6fbb2dbb5bb611f4cfca2abc954d76d6d93bf958c44e58cbd1b22b8c266d7e0d4e478e16f97125c7b900f5371699b0a85a54381c2e1851230dcd006039f775cc4337c583c6529fc40cd1faff2b", 0xd4}, {&(0x7f0000000100)="196c49d5fdffb73f445ff4c342788a6448a59b5b71686244fc9726cf2590b902baf95cdd28a8550b63dc20628e38c1b84a0e66d9301494cf9fa218164abd67959636f6228f7c9d355940b5fe0451f170ceb101d89187e9af29375e8ba5caad1ece6c97bddaddd0a87351121ad249092c2d8f0e345feb7acbe0adfbd05846de35c3f13a0317bd28a213b136e196aeca659fe498ec90e3c7f4d58d619dac6c03e48720f4c532f7643129db23e0744bfac735f4e3845ee72699c4d957819354307ae67f58a030352deb1c402a1667", 0xcd}, {&(0x7f0000000280)="56bb4fdfbb7d7ac9a7bd670e32dbed5bf61d24d765493712ee3dc1a62a6e9478fdcf493a55e1b4335d8ec8a4092be147d49bf44a5402a06653b30bb39aa0002b73c8e55e244158c653aad5795984901b521b0dfd79972a65f858bba61eaebc3d89fe2b722fbb4db7f2d5abc58c0227f01654478f67da7f2c741ed5f35ca7deba04054512fade66cf3bd6d1848751bec6ff9139e7eb8f7778f9113932a4a2ac6c44377db567b5cd7092a65a2fda1e01694edeb8f4372ab31df09f91", 0xbb}], 0x3) [ 177.875360] ? rcu_note_context_switch+0x730/0x730 [ 177.880285] __should_failslab+0x124/0x180 [ 177.884520] should_failslab+0x9/0x14 [ 177.888334] kmem_cache_alloc+0x2af/0x760 [ 177.892500] ? __fib_validate_source+0x1f10/0x1f10 [ 177.897466] fib_table_insert+0x411/0x17a0 [ 177.901726] ? fib_table_lookup+0x24a0/0x24a0 [ 177.906267] ? trace_hardirqs_on+0xd/0x10 [ 177.910435] ? kasan_unpoison_shadow+0x35/0x50 [ 177.915054] ? kasan_kmalloc+0xc4/0xe0 [ 177.918970] fib_magic.isra.22+0x66b/0x890 [ 177.923223] ? fib_new_table+0x490/0x490 20:42:56 executing program 6: r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f00000005c0)=0x1, 0x4) r1 = openat$audio(0xffffffffffffff9c, &(0x7f0000001640)='/dev/audio\x00', 0x20000, 0x0) r2 = getpgid(0x0) getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f0000001840)={{{@in6=@loopback, @in=@rand_addr, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@loopback}, 0x0, @in=@broadcast}}, &(0x7f0000001940)=0xe8) fstat(r0, &(0x7f0000001980)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r5 = gettid() lstat(&(0x7f0000001a00)='./file0\x00', &(0x7f0000001a40)={0x0, 0x0, 0x0, 0x0, 0x0}) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000001ac0)={0x0, 0x0, 0x0}, &(0x7f0000001b00)=0xc) ioctl$sock_FIOGETOWN(r0, 0x8903, &(0x7f0000001b40)=0x0) getsockopt$inet6_IPV6_IPSEC_POLICY(r0, 0x29, 0x22, &(0x7f0000002100)={{{@in6=@mcast2, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@ipv4={[], [], @broadcast}}, 0x0, @in6=@mcast1}}, &(0x7f0000001c80)=0xffffffffffffff33) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000001cc0)={0x0, 0x0, 0x0}, &(0x7f0000001d00)=0xc) ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f0000001d40)=0x0) getsockopt$inet6_IPV6_IPSEC_POLICY(r0, 0x29, 0x22, &(0x7f0000001d80)={{{@in=@local, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@remote}, 0x0, @in6=@loopback}}, &(0x7f0000001e80)=0xe8) r13 = getgid() sendmsg$unix(r1, &(0x7f0000001fc0)={&(0x7f0000001680)=@abs={0x1, 0x0, 0x4e23}, 0x6e, &(0x7f0000001800)=[{&(0x7f0000001700)="e88fb092245c000680f10f28a1629b1472084f2db158b1de35476ce6e353638f5dd39edaffa2ab25c5fa9cbd598b0c132e2d1ef081efcff387d6abd3714f1b10f995a6139bcb95c600dc230fa42d945854f2bb7591380958345cae263d945ade0f0ad9d46ec6bcbd12e0bab45c4592254cbe83bc93b8a84a5397e5821ea7aebe6c167ec1ec9f3dbfd92f6f79c09804b20c185a962a514aa7e519d801a5b1a15898f583967114c246dab87238863c309039d959cf9a15", 0xb6}, {&(0x7f00000017c0)="df66eceeb2", 0x5}], 0x2, &(0x7f0000001ec0)=[@rights={0x20, 0x1, 0x1, [r0, r0, r0, r0]}, @cred={0x20, 0x1, 0x2, r2, r3, r4}, @rights={0x28, 0x1, 0x1, [r0, r0, r0, r0, r0, r0]}, @cred={0x20, 0x1, 0x2, r5, r6, r7}, @cred={0x20, 0x1, 0x2, r8, r9, r10}, @cred={0x20, 0x1, 0x2, r11, r12, r13}, @rights={0x28, 0x1, 0x1, [r0, r0, r0, r0, r0, r0]}], 0xf0, 0x10}, 0x4000880) connect$inet6(r0, &(0x7f0000000240)={0xa, 0x0, 0x0, @local}, 0x1c) r14 = fcntl$dupfd(r0, 0x0, r0) ioctl$TIOCOUTQ(r14, 0x5411, &(0x7f0000000000)) recvmsg(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000040)=""/149, 0x95}, {&(0x7f0000000100)=""/140, 0x8c}, {&(0x7f0000000280)=""/160, 0xa0}, {&(0x7f0000000600)=""/4096, 0x1000}, {&(0x7f0000000340)=""/168, 0xa8}, {&(0x7f0000000400)=""/156, 0x9c}], 0x6, &(0x7f00000004c0)=""/46, 0x2e, 0x705}, 0x0) [ 177.927317] ? lock_acquire+0x1e4/0x540 [ 177.931337] ? blocking_notifier_call_chain+0x129/0x190 [ 177.936747] fib_add_ifaddr+0x45c/0x500 [ 177.940748] fib_inetaddr_event+0x172/0x222 [ 177.945097] notifier_call_chain+0x180/0x390 [ 177.949553] ? unregister_die_notifier+0x20/0x20 [ 177.954338] ? __x64_sys_ioctl+0x73/0xb0 [ 177.958430] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 177.963829] blocking_notifier_call_chain+0x147/0x190 [ 177.969047] ? srcu_init_notifier_head+0xa0/0xa0 [ 177.973881] ? rtmsg_ifa+0x14e/0x1e0 [ 177.977660] __inet_insert_ifa+0x858/0xba0 [ 177.981925] ? refcount_add_not_zero_checked+0x330/0x330 [ 177.987396] ? __inet_del_ifa+0xbd0/0xbd0 [ 177.991570] ? rtnl_is_locked+0xb5/0xf0 [ 177.995593] ? rtnl_trylock+0x20/0x20 [ 177.999445] devinet_ioctl+0x1460/0x1d90 [ 178.003538] ? inet_ifa_byprefix+0x240/0x240 [ 178.007989] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 178.013549] inet_ioctl+0x18b/0x360 [ 178.017286] ? inet_stream_connect+0xa0/0xa0 [ 178.021719] ? _parse_integer+0x190/0x190 20:42:56 executing program 1 (fault-call:2 fault-nth:0): r0 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x800) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008fd0)={0x0, 0x0, &(0x7f0000003fe8), 0x0, 0x0, &(0x7f0000009000)}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f000000dfd0)={0x0, 0x0, &(0x7f000000dfac), 0x1, 0x0, &(0x7f000000df36)="12"}) 20:42:56 executing program 6: r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$sock_void(r0, 0x1, 0x1b, 0x0, 0x0) setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f0000000180)=0x1, 0x4) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast2}, 0x1c) getsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000080)={0x0, @in={{0x2, 0x4e21, @multicast2}}, 0x2, 0x1, 0x4, 0x0, 0xc}, &(0x7f0000000000)=0x46) setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r0, 0x84, 0x76, &(0x7f0000000140)={r1}, 0x8) [ 178.027301] ? lock_release+0xa30/0xa30 [ 178.031298] ? check_same_owner+0x340/0x340 [ 178.035657] ? __check_object_size+0xa3/0x5d7 [ 178.040186] sock_do_ioctl+0xe4/0x3e0 [ 178.044087] ? __fget+0x4ac/0x740 [ 178.047568] ? compat_ifr_data_ioctl+0x170/0x170 [ 178.052394] ? lock_release+0xa30/0xa30 [ 178.056433] ? pid_task+0x115/0x200 [ 178.060081] ? find_vpid+0xf0/0xf0 [ 178.063642] ? __f_unlock_pos+0x19/0x20 [ 178.067650] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 178.069718] binder: 9847:9848 ioctl c0306201 2000dfd0 returned -11 20:42:56 executing program 6: r0 = socket$inet6(0xa, 0x6, 0x20000000000800) setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f00000005c0)=0x1, 0x4) connect$inet6(r0, &(0x7f0000000240)={0xa, 0x0, 0x0, @local}, 0x1c) [ 178.072861] sock_ioctl+0x30d/0x680 [ 178.072875] ? dlci_ioctl_set+0x40/0x40 [ 178.072889] ? ksys_dup3+0x690/0x690 [ 178.072908] ? kasan_check_write+0x14/0x20 [ 178.072923] ? __mutex_unlock_slowpath+0x197/0x8c0 [ 178.072934] ? fsnotify+0xbac/0x14e0 [ 178.072954] ? vfs_write+0x2f3/0x560 [ 178.107317] ? dlci_ioctl_set+0x40/0x40 [ 178.111314] do_vfs_ioctl+0x1de/0x1720 [ 178.115229] ? fsnotify_first_mark+0x350/0x350 [ 178.119826] ? __fsnotify_parent+0xcc/0x420 [ 178.124185] ? ioctl_preallocate+0x300/0x300 [ 178.128667] ? __fget_light+0x2f7/0x440 [ 178.132750] ? fget_raw+0x20/0x20 [ 178.136363] ? __sb_end_write+0xac/0xe0 [ 178.140388] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 178.145976] ? fput+0x130/0x1a0 [ 178.149270] ? ksys_write+0x1ae/0x260 [ 178.153107] ? security_file_ioctl+0x94/0xc0 [ 178.157532] ksys_ioctl+0xa9/0xd0 [ 178.161003] __x64_sys_ioctl+0x73/0xb0 [ 178.164908] do_syscall_64+0x1b9/0x820 [ 178.168797] ? finish_task_switch+0x1d3/0x870 [ 178.173296] ? syscall_return_slowpath+0x5e0/0x5e0 [ 178.178228] ? syscall_return_slowpath+0x31d/0x5e0 [ 178.183147] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 178.188258] ? prepare_exit_to_usermode+0x291/0x3b0 [ 178.193363] ? perf_trace_sys_enter+0xb10/0xb10 [ 178.198146] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 178.203273] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 178.208501] RIP: 0033:0x455ab9 [ 178.211699] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 178.230891] RSP: 002b:00007f2865266c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 178.238742] RAX: ffffffffffffffda RBX: 00007f28652676d4 RCX: 0000000000455ab9 [ 178.246105] RDX: 0000000020000000 RSI: 0000000000008916 RDI: 0000000000000013 [ 178.253596] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 178.260858] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000014 [ 178.268140] R13: 00000000004bfc03 R14: 00000000004cf4d8 R15: 000000000000001a 20:42:57 executing program 4: preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000080)=""/148, 0x289}], 0x1, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/arp\x00') preadv(r0, &(0x7f0000000480), 0x10000000000002a1, 0x10400003) ioctl$TUNGETSNDBUF(0xffffffffffffffff, 0x800454d3, &(0x7f0000000000)) ioctl$PERF_EVENT_IOC_RESET(0xffffffffffffffff, 0x2403, 0x5) fcntl$setown(r0, 0x8, 0x0) r1 = epoll_create1(0x80006) r2 = socket(0x1d, 0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r2, &(0x7f0000000000)={0xfffffffe8000201f}) setsockopt$inet_udp_int(r2, 0x11, 0x6f, &(0x7f0000000100)=0x7, 0x4) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r1, &(0x7f0000000540)={0x20000003}) ioctl$sock_netdev_private(r3, 0x89f0, &(0x7f0000000480)="dd6c4aae95babf1ba2cec8b824c3d8fd5e5e2a57f332e1c96456a1d00ea4ce51a18b3bfae24dc491ada880e92ffe5376d59852e5ee1b2cde661cadfb31d0a597bb36b5180ca4958e224ea71a6b099d1592d459f4f498fce378ebf9ec4774f407b189a23bfebadf74943b2858f72fd422c838df1af095ff") ioctl$BLKSECDISCARD(r3, 0x127d, &(0x7f0000000300)=0x6bb) r5 = perf_event_open(&(0x7f0000000140)={0x2, 0xb1, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) fcntl$getown(r5, 0x9) r6 = mq_open(&(0x7f00005a1ffb)='eth0\x00', 0x42, 0x0, &(0x7f0000000000)={0x0, 0x6, 0x4}) mq_notify(r6, &(0x7f0000000140)={0x0, 0x2e, 0x1, @thr={&(0x7f0000000040)="7be4d6b00202ca53878499e01146863a2e7c8ca45e1910e5eba6453bb6f234b5a1b1bca731970a74bfc8e1793749ea18156c9b8a615bfa2f506fcf44060d36e38f66f111149434d5139e416358ea33f34b4507cdc299f7868d5f186e6bd604", &(0x7f00000000c0)="3c5d8da40d1477844fc4c160b6004a90edc520a6935a49cf5da4c2b525d13146ed27d429c762a4b0e9aaed82555cd1ae800d"}}) r7 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rtc0\x00', 0x101004, 0x0) preadv(r7, &(0x7f0000000440)=[{&(0x7f0000000340)=""/249, 0xf9}], 0x1, 0x0) pipe2(&(0x7f0000000580)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) ioctl$SG_GET_PACK_ID(r8, 0x227c, &(0x7f00000005c0)) ppoll(&(0x7f00000001c0)=[{r6, 0x8000}, {r7, 0x420}], 0x2, &(0x7f0000000200)={0x77359400}, &(0x7f0000000240)={0x9}, 0x8) mq_timedsend(r6, &(0x7f00000e6000), 0x0, 0xe7, &(0x7f0000e0b000)) getsockopt$inet_udp_int(r3, 0x11, 0x1, &(0x7f0000000280), &(0x7f0000000640)=0x4) write$eventfd(r4, &(0x7f00000002c0)=0x43, 0x8) setsockopt$inet_mreq(r2, 0x0, 0x23, &(0x7f0000000500)={@local, @rand_addr=0x800}, 0x8) syz_genetlink_get_family_id$team(&(0x7f0000000780)='team\x00') 20:42:57 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x800) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008fd0)={0x0, 0x0, &(0x7f0000003fe8), 0x0, 0x0, &(0x7f0000009000)}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f000000dfd0)={0x0, 0x0, &(0x7f000000dfac), 0x1, 0x0, &(0x7f000000df36)="12"}) 20:42:57 executing program 6: r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f00000005c0)=0x1, 0x4) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r1 = memfd_create(&(0x7f0000000000)='posix_acl_accesscgroup$(-\x00', 0x1) write$tun(r1, &(0x7f0000000040)={@void, @val={0x3, 0x80, 0x2, 0x1, 0x7, 0x1}, @llc={@snap={0x1, 0xab, "ec19", "e91ba5", 0x1e4b8ccfea3ba2e1, "1934d2e79c6ce2168cff8058c800b43f21e9caa1fc502b5918b981c0509909ffdb99c369b491617b9c26d5e00c39e3419b22ca4fed1f2837276ba1b0d32d4600d886e6faa4a4d9b52a4803779ba4d93a2861ffdef5f0ac5e01c102f9649683a0c019c8135eb109e5ffc73a4d6c45299f093ab2219d9d6c975884cb5c1b83ef7fae1fc2889ece3bc470c26ae15458d394a900bfd6bebbf68decb9e95f064b470beeadd20f66b1a8c8c6dc14774c06d7ded0dad6076359"}}}, 0xc9) connect$inet6(r0, &(0x7f0000000240)={0xa, 0x0, 0x0, @local}, 0x1c) 20:42:57 executing program 5 (fault-call:7 fault-nth:0): mkdir(&(0x7f000082f000)='./control\x00', 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x1032, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000e4c000)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0) write$sndseq(r1, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) mount(&(0x7f0000000100)='./control\x00', &(0x7f0000000640)='./control/file0\x00', &(0x7f0000000140)='proc\x00', 0x0, &(0x7f00000001c0)) lchown(&(0x7f0000000040)='./control/file0\x00', 0x0, 0x0) close(r0) 20:42:57 executing program 0 (fault-call:2 fault-nth:27): r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCSIFADDR(r0, 0x8916, &(0x7f00000000c0)={'bond_slave_0\x00'}) ioctl$sock_inet_SIOCSIFADDR(r0, 0x8916, &(0x7f0000000000)={'bond_slave_0\x00', {0x2, 0x0, @local}}) 20:42:57 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e23, @broadcast}, 0x10) sendto$inet(r0, &(0x7f0000a88f88), 0xfffffffffffffe6e, 0x20000000, &(0x7f0000e68000)={0x2, 0x4004e23, @local}, 0x10) shutdown(0xffffffffffffffff, 0x1) 20:42:57 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x800) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008fd0)={0x0, 0x0, &(0x7f0000003fe8), 0x0, 0x0, &(0x7f0000009000)}) ioctl$BINDER_WRITE_READ(r0, 0xc0046209, &(0x7f000000dfd0)={0x0, 0x0, &(0x7f000000dfac), 0x1, 0x0, &(0x7f000000df36)="12"}) [ 178.628356] binder: 9865:9868 ioctl c0306201 2000dfd0 returned -11 20:42:57 executing program 7: r0 = syz_open_dev$binder(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000000c0)={0x4, 0x0, &(0x7f0000000100)=[@register_looper], 0x1, 0x6c000000, &(0x7f0000000280)='\b'}) r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000008fd0)={0x0, 0x0, &(0x7f0000000140), 0x0, 0x0, &(0x7f0000fedffe)}) 20:42:57 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x800) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008fd0)={0x0, 0x0, &(0x7f0000003fe8), 0x0, 0x0, &(0x7f0000009000)}) ioctl$BINDER_WRITE_READ(r0, 0xc0306246, &(0x7f000000dfd0)={0x0, 0x0, &(0x7f000000dfac), 0x1, 0x0, &(0x7f000000df36)="12"}) [ 178.692588] can: request_module (can-proto-0) failed. [ 178.714271] binder: 9883:9884 ERROR: BC_REGISTER_LOOPER called without request [ 178.730288] binder: 9886:9887 ioctl c0306246 2000dfd0 returned -22 [ 178.737677] binder: 9886:9888 ioctl c0306246 2000dfd0 returned -22 [ 178.748016] FAULT_INJECTION: forcing a failure. [ 178.748016] name failslab, interval 1, probability 0, space 0, times 0 [ 178.759457] CPU: 0 PID: 9872 Comm: syz-executor0 Not tainted 4.18.0-rc5-next-20180720+ #12 [ 178.767866] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 178.777233] Call Trace: [ 178.779936] dump_stack+0x1c9/0x2b4 [ 178.783589] ? dump_stack_print_info.cold.2+0x52/0x52 20:42:57 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x800) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008fd0)={0x0, 0x0, &(0x7f0000003fe8), 0x0, 0x0, &(0x7f0000009000)}) ioctl$BINDER_WRITE_READ(r0, 0xc0306209, &(0x7f000000dfd0)={0x0, 0x0, &(0x7f000000dfac), 0x1, 0x0, &(0x7f000000df36)="12"}) 20:42:57 executing program 6: r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f00000005c0)=0x1, 0x4) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @local}, 0x1c) 20:42:57 executing program 6: r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f00000005c0)=0x1, 0x4) connect$inet6(r0, &(0x7f0000000240)={0xa, 0x0, 0x0, @remote}, 0x1c) [ 178.786495] binder: 9891:9894 ioctl c0306209 2000dfd0 returned -22 [ 178.788798] should_fail.cold.4+0xa/0x11 [ 178.788818] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 178.788837] ? kasan_check_read+0x11/0x20 [ 178.788853] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 178.788872] ? trace_hardirqs_on+0x10/0x10 [ 178.806377] binder: 9891:9895 ioctl c0306209 2000dfd0 returned -22 [ 178.808495] ? lock_acquire+0x1e4/0x540 [ 178.808509] ? is_bpf_text_address+0xae/0x170 [ 178.808524] ? lock_downgrade+0x8f0/0x8f0 [ 178.808540] ? lock_release+0xa30/0xa30 20:42:57 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x800) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008fd0)={0x0, 0x0, &(0x7f0000003fe8), 0x0, 0x0, &(0x7f0000009000)}) ioctl$BINDER_WRITE_READ(r0, 0xc0306263, &(0x7f000000dfd0)={0x0, 0x0, &(0x7f000000dfac), 0x1, 0x0, &(0x7f000000df36)="12"}) 20:42:57 executing program 6: r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f00000005c0)=0x1, 0x4) connect$inet6(r0, &(0x7f0000000240)={0xa, 0x0, 0x0, @local}, 0x1c) getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r0, 0x84, 0x6, &(0x7f0000000000)={0x0, @in={{0x2, 0x4e21, @rand_addr=0x80000001}}}, &(0x7f00000000c0)=0x84) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r0, 0x84, 0x7c, &(0x7f0000000100)={r1, 0x20, 0x5}, 0x8) [ 178.808561] ? lock_acquire+0x1e4/0x540 [ 178.844751] ? fs_reclaim_acquire+0x20/0x20 [ 178.849094] ? lock_downgrade+0x8f0/0x8f0 [ 178.853353] ? check_same_owner+0x340/0x340 [ 178.857694] ? kernel_text_address+0x79/0xf0 [ 178.862118] ? rcu_note_context_switch+0x730/0x730 [ 178.867072] ? __kernel_text_address+0xd/0x40 [ 178.871588] __should_failslab+0x124/0x180 [ 178.875841] should_failslab+0x9/0x14 [ 178.879670] kmem_cache_alloc+0x2af/0x760 [ 178.883847] fib_insert_alias+0x76a/0x1200 [ 178.888097] ? kasan_slab_alloc+0x12/0x20 [ 178.892261] ? fib_table_insert+0x411/0x17a0 [ 178.893661] binder: 9901:9904 ioctl c0306263 2000dfd0 returned -22 [ 178.896683] ? fib_trie_seq_start+0x4e0/0x4e0 [ 178.896700] ? lock_downgrade+0x8f0/0x8f0 [ 178.896714] ? __x64_sys_ioctl+0x73/0xb0 [ 178.896732] ? unregister_die_notifier+0x20/0x20 [ 178.896750] ? __alloc_skb+0x4c6/0x770 [ 178.896767] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 178.896781] ? atomic_notifier_call_chain+0xf1/0x190 [ 178.896793] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 178.896822] ? call_fib_notifiers+0x6f/0x90 [ 178.919348] binder: 9901:9906 ioctl c0306263 2000dfd0 returned -22 [ 178.920624] ? call_fib4_notifiers+0x9c/0x110 [ 178.920640] ? call_fib_entry_notifiers+0x2f1/0x500 [ 178.920652] ? kasan_kmalloc+0xc4/0xe0 [ 178.920665] ? tnode_free+0x120/0x120 [ 178.920680] ? __fib_validate_source+0x1f10/0x1f10 [ 178.920694] fib_table_insert+0x67c/0x17a0 [ 178.920712] ? fib_table_lookup+0x24a0/0x24a0 [ 178.920728] ? trace_hardirqs_on+0xd/0x10 [ 178.920743] ? kasan_unpoison_shadow+0x35/0x50 [ 178.920754] ? kasan_kmalloc+0xc4/0xe0 [ 178.920767] fib_magic.isra.22+0x66b/0x890 [ 178.920778] ? fib_new_table+0x490/0x490 [ 178.920795] ? lock_acquire+0x1e4/0x540 [ 178.920810] ? blocking_notifier_call_chain+0x129/0x190 [ 178.920822] fib_add_ifaddr+0x45c/0x500 [ 178.920837] fib_inetaddr_event+0x172/0x222 [ 178.920858] notifier_call_chain+0x180/0x390 [ 178.999737] Unknown ioctl 1074310738 [ 179.003550] ? unregister_die_notifier+0x20/0x20 [ 179.003565] ? __x64_sys_ioctl+0x73/0xb0 [ 179.003583] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 179.003602] blocking_notifier_call_chain+0x147/0x190 [ 179.003616] ? srcu_init_notifier_head+0xa0/0xa0 [ 179.003638] ? rtmsg_ifa+0x14e/0x1e0 [ 179.020752] Unknown ioctl 1074310738 [ 179.021335] __inet_insert_ifa+0x858/0xba0 [ 179.021357] ? refcount_add_not_zero_checked+0x330/0x330 [ 179.070631] ? __inet_del_ifa+0xbd0/0xbd0 [ 179.074779] ? rtnl_is_locked+0xb5/0xf0 [ 179.078760] ? rtnl_trylock+0x20/0x20 [ 179.082586] devinet_ioctl+0x1460/0x1d90 [ 179.086664] ? inet_ifa_byprefix+0x240/0x240 [ 179.091081] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 179.096626] inet_ioctl+0x18b/0x360 [ 179.100259] ? inet_stream_connect+0xa0/0xa0 [ 179.104668] ? _parse_integer+0x190/0x190 [ 179.108843] ? lock_release+0xa30/0xa30 [ 179.112832] ? check_same_owner+0x340/0x340 [ 179.117241] ? __check_object_size+0xa3/0x5d7 [ 179.121773] sock_do_ioctl+0xe4/0x3e0 [ 179.125590] ? __fget+0x4ac/0x740 [ 179.129074] ? compat_ifr_data_ioctl+0x170/0x170 [ 179.133842] ? lock_release+0xa30/0xa30 [ 179.137820] ? pid_task+0x115/0x200 [ 179.141465] ? find_vpid+0xf0/0xf0 [ 179.145164] ? __f_unlock_pos+0x19/0x20 [ 179.149149] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 179.154356] sock_ioctl+0x30d/0x680 [ 179.158002] ? dlci_ioctl_set+0x40/0x40 [ 179.161991] ? ksys_dup3+0x690/0x690 [ 179.165721] ? kasan_check_write+0x14/0x20 [ 179.169987] ? __mutex_unlock_slowpath+0x197/0x8c0 [ 179.174930] ? fsnotify+0xbac/0x14e0 [ 179.178646] ? vfs_write+0x2f3/0x560 [ 179.182364] ? dlci_ioctl_set+0x40/0x40 [ 179.186342] do_vfs_ioctl+0x1de/0x1720 [ 179.190234] ? fsnotify_first_mark+0x350/0x350 [ 179.194814] ? __fsnotify_parent+0xcc/0x420 [ 179.199141] ? ioctl_preallocate+0x300/0x300 [ 179.203543] ? __fget_light+0x2f7/0x440 [ 179.207525] ? fget_raw+0x20/0x20 [ 179.210990] ? __sb_end_write+0xac/0xe0 [ 179.214974] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 179.220522] ? fput+0x130/0x1a0 [ 179.223814] ? ksys_write+0x1ae/0x260 [ 179.227617] ? security_file_ioctl+0x94/0xc0 [ 179.232032] ksys_ioctl+0xa9/0xd0 [ 179.235492] __x64_sys_ioctl+0x73/0xb0 [ 179.239377] do_syscall_64+0x1b9/0x820 [ 179.243264] ? finish_task_switch+0x1d3/0x870 [ 179.247762] ? syscall_return_slowpath+0x5e0/0x5e0 [ 179.252691] ? syscall_return_slowpath+0x31d/0x5e0 [ 179.257631] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 179.262662] ? prepare_exit_to_usermode+0x291/0x3b0 [ 179.267733] ? perf_trace_sys_enter+0xb10/0xb10 [ 179.272515] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 179.277369] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 179.282560] RIP: 0033:0x455ab9 [ 179.285740] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 179.305018] RSP: 002b:00007f2865266c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 179.312735] RAX: ffffffffffffffda RBX: 00007f28652676d4 RCX: 0000000000455ab9 [ 179.319997] RDX: 0000000020000000 RSI: 0000000000008916 RDI: 0000000000000013 [ 179.327469] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 179.334755] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000014 20:42:57 executing program 6: r0 = openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x321100, 0x0) ioctl$PIO_UNIMAP(r0, 0x4b67, &(0x7f0000000080)={0x5, &(0x7f0000000040)=[{0x8, 0x3}, {0x7ff}, {0xa8c}, {0xd796, 0x7fffffff}, {0x20, 0x1}]}) r1 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_int(r1, 0x29, 0x1000000000021, &(0x7f00000005c0)=0x1, 0x4) connect$inet6(r1, &(0x7f0000000240)={0xa, 0x0, 0x0, @local}, 0x1c) 20:42:57 executing program 6: r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f00000005c0)=0x1, 0x4) connect$inet6(r0, &(0x7f0000000240)={0xa, 0x0, 0x0, @local}, 0x87) r1 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vsock\x00', 0x80, 0x0) ioctl$KVM_S390_VCPU_FAULT(r1, 0x4008ae52, &(0x7f0000000040)=0x800) [ 179.342048] R13: 00000000004bfc03 R14: 00000000004cf4d8 R15: 000000000000001b [ 179.433612] FAULT_INJECTION: forcing a failure. [ 179.433612] name failslab, interval 1, probability 0, space 0, times 0 [ 179.444989] CPU: 1 PID: 9918 Comm: syz-executor5 Not tainted 4.18.0-rc5-next-20180720+ #12 [ 179.453414] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 179.462782] Call Trace: [ 179.465382] dump_stack+0x1c9/0x2b4 [ 179.469022] ? dump_stack_print_info.cold.2+0x52/0x52 [ 179.474211] ? lock_acquire+0x1e4/0x540 [ 179.478182] ? get_pid_task+0xd8/0x1a0 [ 179.482073] should_fail.cold.4+0xa/0x11 [ 179.486125] ? lock_release+0xa30/0xa30 [ 179.490102] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 179.495216] ? find_vpid+0xf0/0xf0 [ 179.498755] ? __f_unlock_pos+0x19/0x20 [ 179.502728] ? lock_downgrade+0x8f0/0x8f0 [ 179.506869] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 179.512499] ? proc_fail_nth_write+0x9e/0x210 [ 179.516989] ? proc_cwd_link+0x1d0/0x1d0 [ 179.521068] ? lock_acquire+0x1e4/0x540 [ 179.525039] ? lock_acquire+0x1e4/0x540 [ 179.529023] ? fs_reclaim_acquire+0x20/0x20 [ 179.533347] ? lock_downgrade+0x8f0/0x8f0 [ 179.537493] ? check_same_owner+0x340/0x340 [ 179.541807] ? fsnotify_first_mark+0x350/0x350 [ 179.546383] ? __fsnotify_parent+0xcc/0x420 [ 179.550703] ? rcu_note_context_switch+0x730/0x730 [ 179.555633] ? fsnotify+0x14e0/0x14e0 [ 179.559435] __should_failslab+0x124/0x180 [ 179.563684] should_failslab+0x9/0x14 [ 179.567530] __kmalloc_track_caller+0x2c4/0x760 [ 179.572232] ? strncpy_from_user+0x510/0x510 [ 179.576642] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 179.582190] ? strndup_user+0x77/0xd0 [ 179.585986] memdup_user+0x2c/0xa0 [ 179.589528] strndup_user+0x77/0xd0 [ 179.593159] ksys_mount+0x3c/0x140 [ 179.596699] __x64_sys_mount+0xbe/0x150 [ 179.600677] do_syscall_64+0x1b9/0x820 [ 179.604564] ? syscall_return_slowpath+0x5e0/0x5e0 [ 179.609490] ? syscall_return_slowpath+0x31d/0x5e0 [ 179.614415] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 179.619424] ? prepare_exit_to_usermode+0x291/0x3b0 [ 179.624547] ? perf_trace_sys_enter+0xb10/0xb10 [ 179.629384] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 179.634228] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 179.639411] RIP: 0033:0x455ab9 [ 179.642592] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 179.661862] RSP: 002b:00007f9b4e0a1c68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 179.669566] RAX: ffffffffffffffda RBX: 00007f9b4e0a26d4 RCX: 0000000000455ab9 [ 179.676827] RDX: 0000000020000140 RSI: 0000000020000640 RDI: 0000000020000100 [ 179.684100] RBP: 000000000072bf50 R08: 00000000200001c0 R09: 0000000000000000 [ 179.691372] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000015 [ 179.698634] R13: 00000000004c01fb R14: 00000000004cfe38 R15: 0000000000000000 20:42:58 executing program 4: preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000080)=""/148, 0x289}], 0x1, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/arp\x00') preadv(r0, &(0x7f0000000480), 0x10000000000002a1, 0x10400003) ioctl$TUNGETSNDBUF(0xffffffffffffffff, 0x800454d3, &(0x7f0000000000)) ioctl$PERF_EVENT_IOC_RESET(0xffffffffffffffff, 0x2403, 0x5) fcntl$setown(r0, 0x8, 0x0) r1 = epoll_create1(0x80006) r2 = socket(0x1d, 0x0, 0x1116) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r2, &(0x7f0000000000)={0xfffffffe8000201f}) setsockopt$inet_udp_int(r2, 0x11, 0x6f, &(0x7f0000000100)=0x7, 0x4) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r1, &(0x7f0000000540)={0x20000003}) ioctl$sock_netdev_private(r3, 0x89f0, &(0x7f0000000480)="dd6c4aae95babf1ba2cec8b824c3d8fd5e5e2a57f332e1c96456a1d00ea4ce51a18b3bfae24dc491ada880e92ffe5376d59852e5ee1b2cde661cadfb31d0a597bb36b5180ca4958e224ea71a6b099d1592d459f4f498fce378ebf9ec4774f407b189a23bfebadf74943b2858f72fd422c838df1af095ff") ioctl$BLKSECDISCARD(r3, 0x127d, &(0x7f0000000300)=0x6bb) r5 = perf_event_open(&(0x7f0000000140)={0x2, 0xb1, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) fcntl$getown(r5, 0x9) r6 = mq_open(&(0x7f00005a1ffb)='eth0\x00', 0x42, 0x0, &(0x7f0000000000)={0x0, 0x6, 0x4}) mq_notify(r6, &(0x7f0000000140)={0x0, 0x2e, 0x1, @thr={&(0x7f0000000040)="7be4d6b00202ca53878499e01146863a2e7c8ca45e1910e5eba6453bb6f234b5a1b1bca731970a74bfc8e1793749ea18156c9b8a615bfa2f506fcf44060d36e38f66f111149434d5139e416358ea33f34b4507cdc299f7868d5f186e6bd604", &(0x7f00000000c0)="3c5d8da40d1477844fc4c160b6004a90edc520a6935a49cf5da4c2b525d13146ed27d429c762a4b0e9aaed82555cd1ae800d"}}) r7 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rtc0\x00', 0x101004, 0x0) preadv(r7, &(0x7f0000000440)=[{&(0x7f0000000340)=""/249, 0xf9}], 0x1, 0x0) pipe2(&(0x7f0000000580)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) ioctl$SG_GET_PACK_ID(r8, 0x227c, &(0x7f00000005c0)) ppoll(&(0x7f00000001c0)=[{r6, 0x8000}, {r7, 0x420}], 0x2, &(0x7f0000000200)={0x77359400}, &(0x7f0000000240)={0x9}, 0x8) mq_timedsend(r6, &(0x7f00000e6000), 0x0, 0xe7, &(0x7f0000e0b000)) getsockopt$inet_udp_int(r3, 0x11, 0x1, &(0x7f0000000280), &(0x7f0000000640)=0x4) write$eventfd(r4, &(0x7f00000002c0)=0x43, 0x8) setsockopt$inet_mreq(r2, 0x0, 0x23, &(0x7f0000000500)={@local, @rand_addr=0x800}, 0x8) syz_genetlink_get_family_id$team(&(0x7f0000000780)='team\x00') 20:42:58 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x800) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008fd0)={0x0, 0x0, &(0x7f0000003fe8), 0x0, 0x0, &(0x7f0000009000)}) ioctl$BINDER_WRITE_READ(r0, 0xc020660b, &(0x7f000000dfd0)={0x0, 0x0, &(0x7f000000dfac), 0x1, 0x0, &(0x7f000000df36)="12"}) 20:42:58 executing program 6: r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer\x00', 0x4440, 0x0) ioctl$TIOCGPTPEER(r0, 0x5441, 0x3) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='memory.current\x00', 0x0, 0x0) ioctl$EVIOCGID(r1, 0x80084502, &(0x7f0000000600)=""/4096) r2 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_int(r2, 0x29, 0x1000000000021, &(0x7f00000005c0)=0x1, 0x4) connect$inet6(r2, &(0x7f0000000240)={0xa, 0x0, 0x0, @local, 0x3}, 0x1c) 20:42:58 executing program 2: 20:42:58 executing program 0 (fault-call:2 fault-nth:28): r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCSIFADDR(r0, 0x8916, &(0x7f00000000c0)={'bond_slave_0\x00'}) ioctl$sock_inet_SIOCSIFADDR(r0, 0x8916, &(0x7f0000000000)={'bond_slave_0\x00', {0x2, 0x0, @local}}) 20:42:58 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e23, @broadcast}, 0x10) sendto$inet(r0, &(0x7f0000a88f88), 0xfffffffffffffe6e, 0x20000000, &(0x7f0000e68000)={0x2, 0x4004e23, @local}, 0x10) shutdown(0xffffffffffffffff, 0x1) 20:42:58 executing program 5 (fault-call:7 fault-nth:1): mkdir(&(0x7f000082f000)='./control\x00', 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x1032, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000e4c000)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0) write$sndseq(r1, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) mount(&(0x7f0000000100)='./control\x00', &(0x7f0000000640)='./control/file0\x00', &(0x7f0000000140)='proc\x00', 0x0, &(0x7f00000001c0)) lchown(&(0x7f0000000040)='./control/file0\x00', 0x0, 0x0) close(r0) 20:42:58 executing program 7: r0 = syz_open_dev$binder(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000000c0)={0x4, 0x0, &(0x7f0000000100)=[@register_looper], 0x1, 0x6c000000, &(0x7f0000000280)='\b'}) r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000008fd0)={0x4c, 0x0, &(0x7f0000000140)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000100)}}}], 0x0, 0x0, &(0x7f0000fedffe)}) 20:42:58 executing program 2: 20:42:58 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x800) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008fd0)={0x0, 0x0, &(0x7f0000003fe8), 0x0, 0x0, &(0x7f0000009000)}) ioctl$BINDER_WRITE_READ(r0, 0x5451, &(0x7f000000dfd0)={0x0, 0x0, &(0x7f000000dfac), 0x1, 0x0, &(0x7f000000df36)="12"}) 20:42:58 executing program 2: [ 179.869581] binder: 9934:9936 ERROR: BC_REGISTER_LOOPER called without request 20:42:58 executing program 6: r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f00000005c0)=0x2, 0x4) connect$inet6(r0, &(0x7f0000000240)={0xa, 0x0, 0x0, @local}, 0x1c) r1 = syz_open_dev$sndpcmp(&(0x7f0000000040)='/dev/snd/pcmC#D#p\x00', 0x2, 0x20001) ioctl$SNDRV_TIMER_IOCTL_SELECT(r1, 0x40345410, &(0x7f0000000080)={{0xffffffffffffffff, 0x0, 0x20ac, 0x3, 0xab}}) r2 = dup(r0) setsockopt$netlink_NETLINK_CAP_ACK(r2, 0x10e, 0xa, &(0x7f0000000000)=0xd286, 0x4) 20:42:58 executing program 2: 20:42:58 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x800) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008fd0)={0x0, 0x0, &(0x7f0000003fe8), 0x0, 0x0, &(0x7f0000009000)}) ioctl$BINDER_WRITE_READ(r0, 0xc0189436, &(0x7f000000dfd0)={0x0, 0x0, &(0x7f000000dfac), 0x1, 0x0, &(0x7f000000df36)="12"}) 20:42:58 executing program 6: r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f0000000000)=0x1, 0xfd1a) connect$inet6(r0, &(0x7f0000000240)={0xa, 0x0, 0x0, @local}, 0x1c) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040)='/dev/uinput\x00', 0x2, 0x0) setsockopt$packet_rx_ring(r1, 0x107, 0x5, &(0x7f0000000080)=@req={0x2de, 0x7, 0x4}, 0x10) 20:42:58 executing program 2: [ 180.055558] FAULT_INJECTION: forcing a failure. [ 180.055558] name failslab, interval 1, probability 0, space 0, times 0 [ 180.067142] CPU: 0 PID: 9930 Comm: syz-executor0 Not tainted 4.18.0-rc5-next-20180720+ #12 [ 180.075565] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 180.084921] Call Trace: [ 180.087708] dump_stack+0x1c9/0x2b4 [ 180.091354] ? dump_stack_print_info.cold.2+0x52/0x52 [ 180.096558] ? is_bpf_text_address+0xd7/0x170 [ 180.101080] should_fail.cold.4+0xa/0x11 [ 180.105163] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 180.110290] ? save_stack+0xa9/0xd0 [ 180.113936] ? save_stack+0x43/0xd0 [ 180.117594] ? kasan_kmalloc+0xc4/0xe0 [ 180.121502] ? kasan_slab_alloc+0x12/0x20 [ 180.125688] ? kmem_cache_alloc+0x12e/0x760 [ 180.130039] ? fib_insert_alias+0x76a/0x1200 [ 180.134475] ? fib_table_insert+0x67c/0x17a0 [ 180.138913] ? fib_magic.isra.22+0x66b/0x890 [ 180.143338] ? fib_add_ifaddr+0x45c/0x500 [ 180.147501] ? fib_inetaddr_event+0x172/0x222 [ 180.152015] ? notifier_call_chain+0x180/0x390 [ 180.156610] ? blocking_notifier_call_chain+0x147/0x190 [ 180.161999] ? __inet_insert_ifa+0x858/0xba0 [ 180.166427] ? devinet_ioctl+0x1460/0x1d90 [ 180.170679] ? inet_ioctl+0x18b/0x360 [ 180.174484] ? sock_do_ioctl+0xe4/0x3e0 [ 180.178484] ? sock_ioctl+0x30d/0x680 [ 180.182290] ? do_vfs_ioctl+0x1de/0x1720 [ 180.186357] ? __x64_sys_ioctl+0x73/0xb0 [ 180.190435] ? lock_acquire+0x1e4/0x540 [ 180.195549] ? fs_reclaim_acquire+0x20/0x20 [ 180.199890] ? lock_downgrade+0x8f0/0x8f0 [ 180.204081] ? fs_reclaim_acquire+0x20/0x20 [ 180.208422] ? check_same_owner+0x340/0x340 [ 180.212837] ? rcu_note_context_switch+0x730/0x730 [ 180.217777] __should_failslab+0x124/0x180 [ 180.222019] should_failslab+0x9/0x14 [ 180.225824] __kmalloc+0x2c8/0x760 [ 180.229365] ? tnode_new+0x22b/0x2d0 [ 180.233093] tnode_new+0x22b/0x2d0 [ 180.236656] ? fib_insert_alias+0x76a/0x1200 [ 180.241081] fib_insert_alias+0xab4/0x1200 [ 180.245334] ? kasan_slab_alloc+0x12/0x20 [ 180.249489] ? fib_trie_seq_start+0x4e0/0x4e0 [ 180.253988] ? lock_downgrade+0x8f0/0x8f0 [ 180.258145] ? __x64_sys_ioctl+0x73/0xb0 [ 180.262203] ? unregister_die_notifier+0x20/0x20 [ 180.266958] ? __alloc_skb+0x4c6/0x770 [ 180.270866] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 180.276414] ? atomic_notifier_call_chain+0xf1/0x190 [ 180.281527] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 180.287070] ? call_fib_notifiers+0x6f/0x90 [ 180.292175] ? call_fib4_notifiers+0x9c/0x110 [ 180.296669] ? call_fib_entry_notifiers+0x2f1/0x500 [ 180.301698] ? kasan_kmalloc+0xc4/0xe0 [ 180.305587] ? tnode_free+0x120/0x120 [ 180.309397] ? __fib_validate_source+0x1f10/0x1f10 [ 180.314345] fib_table_insert+0x67c/0x17a0 [ 180.318614] ? fib_table_lookup+0x24a0/0x24a0 [ 180.323125] ? trace_hardirqs_on+0xd/0x10 [ 180.327271] ? kasan_unpoison_shadow+0x35/0x50 [ 180.331944] ? kasan_kmalloc+0xc4/0xe0 [ 180.335838] fib_magic.isra.22+0x66b/0x890 [ 180.340083] ? fib_new_table+0x490/0x490 [ 180.344168] ? lock_acquire+0x1e4/0x540 [ 180.348153] ? blocking_notifier_call_chain+0x129/0x190 [ 180.353517] fib_add_ifaddr+0x45c/0x500 [ 180.357504] fib_inetaddr_event+0x172/0x222 [ 180.361855] notifier_call_chain+0x180/0x390 [ 180.366300] ? unregister_die_notifier+0x20/0x20 [ 180.371158] ? __x64_sys_ioctl+0x73/0xb0 [ 180.375219] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 180.380596] blocking_notifier_call_chain+0x147/0x190 [ 180.385820] ? srcu_init_notifier_head+0xa0/0xa0 [ 180.390595] ? rtmsg_ifa+0x14e/0x1e0 [ 180.394324] __inet_insert_ifa+0x858/0xba0 [ 180.398566] ? refcount_add_not_zero_checked+0x330/0x330 [ 180.404037] ? __inet_del_ifa+0xbd0/0xbd0 [ 180.408196] ? rtnl_is_locked+0xb5/0xf0 [ 180.412159] ? rtnl_trylock+0x20/0x20 [ 180.415958] devinet_ioctl+0x1460/0x1d90 [ 180.420025] ? inet_ifa_byprefix+0x240/0x240 [ 180.424453] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 180.429989] inet_ioctl+0x18b/0x360 [ 180.433640] ? inet_stream_connect+0xa0/0xa0 [ 180.438067] ? _parse_integer+0x190/0x190 [ 180.442229] ? lock_release+0xa30/0xa30 [ 180.446217] ? check_same_owner+0x340/0x340 [ 180.450538] ? __check_object_size+0xa3/0x5d7 [ 180.455042] sock_do_ioctl+0xe4/0x3e0 [ 180.458833] ? __fget+0x4ac/0x740 [ 180.462287] ? compat_ifr_data_ioctl+0x170/0x170 [ 180.467149] ? lock_release+0xa30/0xa30 [ 180.471120] ? pid_task+0x115/0x200 [ 180.474751] ? find_vpid+0xf0/0xf0 [ 180.478307] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 180.483509] sock_ioctl+0x30d/0x680 [ 180.487153] ? dlci_ioctl_set+0x40/0x40 [ 180.491140] ? ksys_dup3+0x690/0x690 [ 180.494871] ? __mutex_unlock_slowpath+0x197/0x8c0 [ 180.499820] ? __mutex_unlock_slowpath+0x439/0x8c0 [ 180.504769] ? __mutex_unlock_slowpath+0x197/0x8c0 [ 180.509710] ? fsnotify+0xbac/0x14e0 [ 180.513431] ? vfs_write+0x2f3/0x560 [ 180.517156] ? dlci_ioctl_set+0x40/0x40 [ 180.521139] do_vfs_ioctl+0x1de/0x1720 [ 180.525042] ? fsnotify_first_mark+0x350/0x350 [ 180.529648] ? __fsnotify_parent+0xcc/0x420 [ 180.533994] ? ioctl_preallocate+0x300/0x300 [ 180.538503] ? __fget_light+0x2f7/0x440 [ 180.542488] ? fget_raw+0x20/0x20 [ 180.546053] ? __sb_end_write+0xac/0xe0 [ 180.550057] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 180.555725] ? fput+0x130/0x1a0 [ 180.559026] ? ksys_write+0x1ae/0x260 [ 180.562840] ? security_file_ioctl+0x94/0xc0 [ 180.567258] ksys_ioctl+0xa9/0xd0 [ 180.570708] __x64_sys_ioctl+0x73/0xb0 [ 180.574621] do_syscall_64+0x1b9/0x820 [ 180.578520] ? finish_task_switch+0x1d3/0x870 [ 180.583047] ? syscall_return_slowpath+0x5e0/0x5e0 [ 180.588013] ? syscall_return_slowpath+0x31d/0x5e0 [ 180.592965] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 180.597989] ? prepare_exit_to_usermode+0x291/0x3b0 [ 180.603011] ? perf_trace_sys_enter+0xb10/0xb10 [ 180.607694] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 180.612557] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 180.617742] RIP: 0033:0x455ab9 [ 180.620915] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 180.640086] RSP: 002b:00007f2865266c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 180.647824] RAX: ffffffffffffffda RBX: 00007f28652676d4 RCX: 0000000000455ab9 [ 180.655091] RDX: 0000000020000000 RSI: 0000000000008916 RDI: 0000000000000013 [ 180.659610] FAULT_INJECTION: forcing a failure. [ 180.659610] name failslab, interval 1, probability 0, space 0, times 0 [ 180.662362] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 180.662369] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000014 [ 180.662376] R13: 00000000004bfc03 R14: 00000000004cf4d8 R15: 000000000000001c [ 180.689762] binder: send failed reply for transaction 163 to 9934:9972 [ 180.696163] CPU: 1 PID: 9971 Comm: syz-executor5 Not tainted 4.18.0-rc5-next-20180720+ #12 [ 180.696173] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 180.696178] Call Trace: [ 180.696203] dump_stack+0x1c9/0x2b4 [ 180.696223] ? dump_stack_print_info.cold.2+0x52/0x52 [ 180.704992] binder: 9934:9936 ioctl c0306201 200000c0 returned -14 [ 180.711379] ? __kernel_text_address+0xd/0x40 [ 180.711394] ? unwind_get_return_address+0x61/0xa0 [ 180.711413] should_fail.cold.4+0xa/0x11 [ 180.711431] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 180.711445] ? save_stack+0xa9/0xd0 [ 180.711462] ? save_stack+0x43/0xd0 [ 180.764323] ? kasan_kmalloc+0xc4/0xe0 [ 180.768201] ? __kmalloc_track_caller+0x14a/0x760 [ 180.773387] ? memdup_user+0x2c/0xa0 [ 180.777096] ? strndup_user+0x77/0xd0 [ 180.780891] ? ksys_mount+0x3c/0x140 [ 180.784618] ? do_syscall_64+0x1b9/0x820 [ 180.788671] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 180.794036] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 180.799580] ? proc_fail_nth_write+0x9e/0x210 [ 180.804171] ? proc_cwd_link+0x1d0/0x1d0 [ 180.808232] ? lock_acquire+0x1e4/0x540 [ 180.812202] ? lock_acquire+0x1e4/0x540 [ 180.816179] ? fs_reclaim_acquire+0x20/0x20 [ 180.820499] ? lock_downgrade+0x8f0/0x8f0 [ 180.824732] ? check_same_owner+0x340/0x340 [ 180.829045] ? lock_release+0xa30/0xa30 [ 180.833024] ? rcu_note_context_switch+0x730/0x730 [ 180.837962] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 180.842985] __should_failslab+0x124/0x180 [ 180.847212] should_failslab+0x9/0x14 [ 180.851019] __kmalloc_track_caller+0x2c4/0x760 [ 180.855684] ? strncpy_from_user+0x510/0x510 [ 180.860101] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 180.865655] ? strndup_user+0x77/0xd0 [ 180.869455] memdup_user+0x2c/0xa0 [ 180.872981] strndup_user+0x77/0xd0 [ 180.876608] ksys_mount+0x73/0x140 [ 180.880144] __x64_sys_mount+0xbe/0x150 [ 180.884106] do_syscall_64+0x1b9/0x820 [ 180.887979] ? finish_task_switch+0x1d3/0x870 [ 180.892476] ? syscall_return_slowpath+0x5e0/0x5e0 [ 180.897414] ? syscall_return_slowpath+0x31d/0x5e0 [ 180.902351] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 180.907355] ? prepare_exit_to_usermode+0x291/0x3b0 [ 180.912360] ? perf_trace_sys_enter+0xb10/0xb10 [ 180.917041] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 180.921980] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 180.927269] RIP: 0033:0x455ab9 [ 180.930467] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 180.950462] RSP: 002b:00007f9b4e0a1c68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 180.958176] RAX: ffffffffffffffda RBX: 00007f9b4e0a26d4 RCX: 0000000000455ab9 [ 180.965450] RDX: 0000000020000140 RSI: 0000000020000640 RDI: 0000000020000100 [ 180.972809] RBP: 000000000072bf50 R08: 00000000200001c0 R09: 0000000000000000 [ 180.981286] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000015 [ 180.988557] R13: 00000000004c01fb R14: 00000000004cfe38 R15: 0000000000000001 [ 181.003992] binder: undelivered TRANSACTION_COMPLETE [ 181.009289] binder: undelivered TRANSACTION_ERROR: 29201 20:42:59 executing program 4: preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000080)=""/148, 0x289}], 0x1, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/arp\x00') preadv(r0, &(0x7f0000000480), 0x10000000000002a1, 0x10400003) ioctl$TUNGETSNDBUF(0xffffffffffffffff, 0x800454d3, &(0x7f0000000000)) ioctl$PERF_EVENT_IOC_RESET(0xffffffffffffffff, 0x2403, 0x5) fcntl$setown(r0, 0x8, 0x0) r1 = epoll_create1(0x80006) r2 = socket(0x1d, 0x0, 0x1116) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, 0xffffffffffffffff, &(0x7f0000000000)={0xfffffffe8000201f}) setsockopt$inet_udp_int(r2, 0x11, 0x6f, &(0x7f0000000100)=0x7, 0x4) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r1, &(0x7f0000000540)={0x20000003}) ioctl$sock_netdev_private(r3, 0x89f0, &(0x7f0000000480)="dd6c4aae95babf1ba2cec8b824c3d8fd5e5e2a57f332e1c96456a1d00ea4ce51a18b3bfae24dc491ada880e92ffe5376d59852e5ee1b2cde661cadfb31d0a597bb36b5180ca4958e224ea71a6b099d1592d459f4f498fce378ebf9ec4774f407b189a23bfebadf74943b2858f72fd422c838df1af095ff") ioctl$BLKSECDISCARD(r3, 0x127d, &(0x7f0000000300)=0x6bb) r5 = perf_event_open(&(0x7f0000000140)={0x2, 0xb1, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) fcntl$getown(r5, 0x9) r6 = mq_open(&(0x7f00005a1ffb)='eth0\x00', 0x42, 0x0, &(0x7f0000000000)={0x0, 0x6, 0x4}) mq_notify(r6, &(0x7f0000000140)={0x0, 0x2e, 0x1, @thr={&(0x7f0000000040)="7be4d6b00202ca53878499e01146863a2e7c8ca45e1910e5eba6453bb6f234b5a1b1bca731970a74bfc8e1793749ea18156c9b8a615bfa2f506fcf44060d36e38f66f111149434d5139e416358ea33f34b4507cdc299f7868d5f186e6bd604", &(0x7f00000000c0)="3c5d8da40d1477844fc4c160b6004a90edc520a6935a49cf5da4c2b525d13146ed27d429c762a4b0e9aaed82555cd1ae800d"}}) r7 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rtc0\x00', 0x101004, 0x0) preadv(r7, &(0x7f0000000440)=[{&(0x7f0000000340)=""/249, 0xf9}], 0x1, 0x0) pipe2(&(0x7f0000000580)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) ioctl$SG_GET_PACK_ID(r8, 0x227c, &(0x7f00000005c0)) ppoll(&(0x7f00000001c0)=[{r6, 0x8000}, {r7, 0x420}], 0x2, &(0x7f0000000200)={0x77359400}, &(0x7f0000000240)={0x9}, 0x8) mq_timedsend(r6, &(0x7f00000e6000), 0x0, 0xe7, &(0x7f0000e0b000)) getsockopt$inet_udp_int(r3, 0x11, 0x1, &(0x7f0000000280), &(0x7f0000000640)=0x4) write$eventfd(r4, &(0x7f00000002c0)=0x43, 0x8) setsockopt$inet_mreq(r2, 0x0, 0x23, &(0x7f0000000500)={@local, @rand_addr=0x800}, 0x8) syz_genetlink_get_family_id$team(&(0x7f0000000780)='team\x00') 20:42:59 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x800) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008fd0)={0x0, 0x0, &(0x7f0000003fe8), 0x0, 0x0, &(0x7f0000009000)}) ioctl$BINDER_WRITE_READ(r0, 0x5421, &(0x7f000000dfd0)={0x0, 0x0, &(0x7f000000dfac), 0x1, 0x0, &(0x7f000000df36)="12"}) 20:42:59 executing program 6: r0 = socket$inet6(0xa, 0x100001, 0x3) setsockopt$inet6_int(r0, 0x29, 0x1001000000021, &(0x7f0000000400)=0x1, 0x4) connect$inet6(r0, &(0x7f0000000240)={0xa, 0x0, 0x0, @local}, 0x1c) syz_mount_image$minix(&(0x7f0000000000)='minix\x00', &(0x7f0000000040)='./file0\x00', 0x3, 0x4, &(0x7f0000000380)=[{&(0x7f0000000080)="8e937926dd46ec67b7a985f955c3df0a902ed6d331b2ed711c39bb1f3be99a8cba907dd973bdab98d82b24d1d42280bc1858d67d7be65c9e59de97f81bcdac36c4522871a1d330f4e74fd54f9ba9371968cb0cc6eb38b4b8f9e17a0f1004553cd7d0cb5d6523d3093cc82074d4d2d423f12b70fbbf7023d8300c0f8d31a35837bd05182751acd9583d4cb651abc3e2a96101a324e26dd4b65ad52dd612e8a1b8f1eb6954ae5c5f9c5557883f8ae94b48d4e964b717b85c787534a64cd36886734b49eab0c766157cd1740bcbf9251616504af95904e72d6a3f", 0xd9, 0x3ff}, {&(0x7f0000000280)="b44e03570f7bc1d4067ddd5a780d3bf228d5fdf98de582ad7f35fe2316028da49c07ea18d8cfb1f12d874a0b3889dfe4a9cc7c6b1ed52f029775fbcec746717c8a5ab2cec27c8a9ecc0206872a4f8aea67efa71cdf01af4fea207414c467b90983febb43d5f669017ef335e0d191f1c2ca0737359de929a7b35d98561e536b4b9623098a135176d8754229813bbe07c4c0972a073cf905ca7719a2347722199bbc9c7158978fb503e3fe3d312cb589c3923a53ffc2c8cb1209f8e1d9a468251759b11768d7fcd4dd12129e824f009bc493", 0xd1, 0x1ff}, {&(0x7f0000000180)="e44e24ff0767521e000c1414d3f13cfc8e6bd431508528197fd779c0c3a0d53c2c925ca90b5962bce06a0d4331f8637a6b2599e418dfa55112cf20584b5dfde3efc04d649e87bc33b99b4c47d5ed5749ca799e2bf61aed62819d77ef08a8b6f9efb9aa13644d8dfd71ee9a556bccb76c19fb28bb6d9beb8bf168a45652c6", 0x7e, 0x8}, {&(0x7f0000000200)="037f1b4665792a7805c67358951fc5324e", 0x11, 0xfffffffffffffffa}], 0x80000, 0x0) socketpair(0x2, 0x803, 0x3, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SNDRV_TIMER_IOCTL_GINFO(r1, 0xc0f85403, &(0x7f0000000480)={{0x1, 0x0, 0x0, 0x3, 0x4e7}, 0x2ebb, 0x0, 'id0\x00', 'timer1\x00', 0x0, 0xffff, 0x6, 0x8, 0x40}) 20:42:59 executing program 2: 20:42:59 executing program 0 (fault-call:2 fault-nth:29): r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCSIFADDR(r0, 0x8916, &(0x7f00000000c0)={'bond_slave_0\x00'}) ioctl$sock_inet_SIOCSIFADDR(r0, 0x8916, &(0x7f0000000000)={'bond_slave_0\x00', {0x2, 0x0, @local}}) 20:42:59 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e23, @broadcast}, 0x10) sendto$inet(r0, &(0x7f0000a88f88), 0xfffffffffffffe6e, 0x20000000, &(0x7f0000e68000)={0x2, 0x4004e23, @local}, 0x10) shutdown(0xffffffffffffffff, 0x1) 20:42:59 executing program 7: r0 = syz_open_dev$binder(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000000c0)={0x4, 0x0, &(0x7f0000000100)=[@register_looper], 0x1, 0x6c000000, &(0x7f0000000280)='\b'}) r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000008fd0)={0x4c, 0x0, &(0x7f0000000140)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000100)}}}], 0x0, 0x0, &(0x7f0000fedffe)}) 20:42:59 executing program 5 (fault-call:7 fault-nth:2): mkdir(&(0x7f000082f000)='./control\x00', 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x1032, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000e4c000)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0) write$sndseq(r1, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) mount(&(0x7f0000000100)='./control\x00', &(0x7f0000000640)='./control/file0\x00', &(0x7f0000000140)='proc\x00', 0x0, &(0x7f00000001c0)) lchown(&(0x7f0000000040)='./control/file0\x00', 0x0, 0x0) close(r0) 20:42:59 executing program 2: 20:42:59 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x800) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008fd0)={0x0, 0x0, &(0x7f0000003fe8), 0x0, 0x0, &(0x7f0000009000)}) ioctl$BINDER_WRITE_READ(r0, 0xc0045878, &(0x7f000000dfd0)={0x0, 0x0, &(0x7f000000dfac), 0x1, 0x0, &(0x7f000000df36)="12"}) [ 181.161215] binder: 9990:9992 ERROR: BC_REGISTER_LOOPER called without request 20:42:59 executing program 6: r0 = socket$inet6(0xa, 0x1, 0x0) getsockopt$inet_sctp_SCTP_PRIMARY_ADDR(0xffffffffffffffff, 0x84, 0x6, &(0x7f0000000080)={0x0, @in6={{0xa, 0x4e20, 0x45, @local, 0x9}}}, &(0x7f0000000140)=0x84) getsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r0, 0x84, 0x72, &(0x7f0000000180)={r1, 0x5}, &(0x7f00000001c0)=0xc) setsockopt$inet6_int(r0, 0x29, 0x1000000000025, &(0x7f0000000340), 0x4) connect$inet6(r0, &(0x7f0000000240)={0xa, 0x0, 0x0, @local}, 0x1c) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) ioctl$sock_inet_SIOCSARP(r2, 0x8955, &(0x7f0000000000)={{0x2, 0x4e21, @loopback}, {0x306, @random="7e0e3a9c0acb"}, 0x20, {0x2, 0x4e21, @remote}, 'syz_tun\x00'}) r3 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000200)='/dev/rfkill\x00', 0x400003, 0x0) ioctl$TIOCMSET(r3, 0x5418, &(0x7f0000000280)=0x1) 20:42:59 executing program 2: 20:43:00 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x800) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008fd0)={0x0, 0x0, &(0x7f0000003fe8), 0x0, 0x0, &(0x7f0000009000)}) ioctl$BINDER_WRITE_READ(r0, 0x40046208, &(0x7f000000dfd0)={0x0, 0x0, &(0x7f000000dfac), 0x1, 0x0, &(0x7f000000df36)="12"}) 20:43:00 executing program 2: 20:43:00 executing program 6: r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f00000005c0)=0x1, 0x4) connect$inet6(r0, &(0x7f0000000240)={0xa, 0x0, 0x0, @local}, 0x1c) ioctl$sock_inet_SIOCSIFNETMASK(r0, 0x891c, &(0x7f0000000080)={'veth1\x00', {0x2, 0x4e22}}) getsockopt$inet_sctp6_SCTP_INITMSG(r0, 0x84, 0x2, &(0x7f0000000000), &(0x7f0000000040)=0x8) [ 181.295124] FAULT_INJECTION: forcing a failure. [ 181.295124] name failslab, interval 1, probability 0, space 0, times 0 [ 181.306451] CPU: 1 PID: 9985 Comm: syz-executor0 Not tainted 4.18.0-rc5-next-20180720+ #12 [ 181.314985] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 181.324348] Call Trace: [ 181.326959] dump_stack+0x1c9/0x2b4 [ 181.330610] ? dump_stack_print_info.cold.2+0x52/0x52 [ 181.335822] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 181.340431] should_fail.cold.4+0xa/0x11 20:43:00 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x800) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008fd0)={0x0, 0x0, &(0x7f0000003fe8), 0x0, 0x0, &(0x7f0000009000)}) ioctl$BINDER_WRITE_READ(r0, 0xc0306202, &(0x7f000000dfd0)={0x0, 0x0, &(0x7f000000dfac), 0x1, 0x0, &(0x7f000000df36)="12"}) [ 181.344521] ? bpf_prog_kallsyms_find+0xde/0x4c0 [ 181.349307] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 181.354443] ? lock_acquire+0x1e4/0x540 [ 181.358447] ? is_bpf_text_address+0xae/0x170 [ 181.363068] ? lock_downgrade+0x8f0/0x8f0 [ 181.367249] ? kasan_check_read+0x11/0x20 [ 181.371440] ? rcu_is_watching+0x8c/0x150 [ 181.374925] binder: 10023:10024 ioctl c0306202 2000dfd0 returned -22 [ 181.375804] ? rcu_cleanup_dead_rnp+0x200/0x200 [ 181.375829] ? lock_acquire+0x1e4/0x540 [ 181.375844] ? fs_reclaim_acquire+0x20/0x20 [ 181.375865] ? lock_downgrade+0x8f0/0x8f0 [ 181.387168] binder: 10023:10025 ioctl c0306202 2000dfd0 returned -22 [ 181.391096] ? check_same_owner+0x340/0x340 [ 181.391114] ? rcu_note_context_switch+0x730/0x730 [ 181.391132] __should_failslab+0x124/0x180 [ 181.391145] should_failslab+0x9/0x14 [ 181.391159] __kmalloc+0x2c8/0x760 [ 181.391178] ? fib_magic.isra.22+0x66b/0x890 [ 181.431488] ? fib_add_ifaddr+0x45c/0x500 [ 181.435658] ? fib_inetaddr_event+0x172/0x222 [ 181.440180] ? notifier_call_chain+0x180/0x390 [ 181.444781] ? blocking_notifier_call_chain+0x147/0x190 [ 181.450518] ? __inet_insert_ifa+0x858/0xba0 [ 181.455047] ? devinet_ioctl+0x1460/0x1d90 [ 181.459392] ? inet_ioctl+0x18b/0x360 [ 181.463223] ? tnode_new+0x22b/0x2d0 [ 181.467127] ? sock_ioctl+0x30d/0x680 [ 181.470950] tnode_new+0x22b/0x2d0 [ 181.474624] ? do_vfs_ioctl+0x1de/0x1720 [ 181.478706] resize+0x632/0x22c0 [ 181.482087] ? lock_acquire+0x1e4/0x540 [ 181.486157] ? lock_downgrade+0x8f0/0x8f0 [ 181.490320] ? lock_release+0xa30/0xa30 [ 181.494316] ? replace+0x5d0/0x5d0 [ 181.497869] ? kasan_unpoison_shadow+0x35/0x50 [ 181.502481] ? kasan_kmalloc+0xc4/0xe0 [ 181.506397] ? __kmalloc+0x315/0x760 [ 181.510129] ? __sanitizer_cov_trace_cmp1+0x17/0x20 [ 181.515184] ? put_child+0x363/0x800 [ 181.518900] ? fib_trie_seq_next+0x5e0/0x5e0 [ 181.523321] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 181.528885] ? __sanitizer_cov_trace_cmp1+0x17/0x20 [ 181.533920] fib_insert_alias+0xe72/0x1200 [ 181.538153] ? kasan_slab_alloc+0x12/0x20 [ 181.542314] ? fib_trie_seq_start+0x4e0/0x4e0 [ 181.546824] ? lock_downgrade+0x8f0/0x8f0 [ 181.550974] ? __x64_sys_ioctl+0x73/0xb0 [ 181.555116] ? unregister_die_notifier+0x20/0x20 [ 181.559874] ? __alloc_skb+0x4c6/0x770 [ 181.563768] ? atomic_notifier_call_chain+0xf1/0x190 [ 181.568991] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 181.574573] ? call_fib_notifiers+0x6f/0x90 [ 181.579008] ? call_fib4_notifiers+0x9c/0x110 [ 181.583617] ? call_fib_entry_notifiers+0x2f1/0x500 [ 181.588622] ? kasan_kmalloc+0xc4/0xe0 [ 181.592504] ? tnode_free+0x120/0x120 [ 181.596308] ? __fib_validate_source+0x1f10/0x1f10 [ 181.601339] fib_table_insert+0x67c/0x17a0 [ 181.605574] ? fib_table_lookup+0x24a0/0x24a0 [ 181.610154] ? trace_hardirqs_on+0xd/0x10 [ 181.614385] ? kasan_unpoison_shadow+0x35/0x50 [ 181.618965] ? kasan_kmalloc+0xc4/0xe0 [ 181.622876] fib_magic.isra.22+0x66b/0x890 [ 181.627131] ? fib_new_table+0x490/0x490 [ 181.631205] ? lock_acquire+0x1e4/0x540 [ 181.635219] ? blocking_notifier_call_chain+0x129/0x190 [ 181.640583] fib_add_ifaddr+0x45c/0x500 [ 181.644562] fib_inetaddr_event+0x172/0x222 [ 181.648899] notifier_call_chain+0x180/0x390 [ 181.653323] ? unregister_die_notifier+0x20/0x20 [ 181.658083] ? __x64_sys_ioctl+0x73/0xb0 [ 181.662158] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 181.667545] blocking_notifier_call_chain+0x147/0x190 [ 181.672774] ? srcu_init_notifier_head+0xa0/0xa0 [ 181.677547] ? rtmsg_ifa+0x14e/0x1e0 [ 181.681267] __inet_insert_ifa+0x858/0xba0 [ 181.685522] ? refcount_add_not_zero_checked+0x330/0x330 [ 181.690971] ? __inet_del_ifa+0xbd0/0xbd0 [ 181.695152] ? rtnl_is_locked+0xb5/0xf0 [ 181.699127] ? rtnl_trylock+0x20/0x20 [ 181.702926] devinet_ioctl+0x1460/0x1d90 [ 181.706987] ? inet_ifa_byprefix+0x240/0x240 [ 181.711416] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 181.716975] inet_ioctl+0x18b/0x360 [ 181.720613] ? inet_stream_connect+0xa0/0xa0 [ 181.725027] ? _parse_integer+0x190/0x190 [ 181.729174] ? lock_release+0xa30/0xa30 [ 181.733158] ? check_same_owner+0x340/0x340 [ 181.737494] ? __check_object_size+0xa3/0x5d7 [ 181.742012] sock_do_ioctl+0xe4/0x3e0 [ 181.745813] ? __fget+0x4ac/0x740 [ 181.749272] ? compat_ifr_data_ioctl+0x170/0x170 [ 181.754035] ? lock_release+0xa30/0xa30 [ 181.758029] ? pid_task+0x115/0x200 [ 181.761675] ? find_vpid+0xf0/0xf0 [ 181.765229] ? __f_unlock_pos+0x19/0x20 [ 181.769202] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 181.774746] sock_ioctl+0x30d/0x680 [ 181.778392] ? dlci_ioctl_set+0x40/0x40 [ 181.782362] ? ksys_dup3+0x690/0x690 [ 181.786082] ? kasan_check_write+0x14/0x20 [ 181.790337] ? __mutex_unlock_slowpath+0x197/0x8c0 [ 181.795279] ? fsnotify+0xbac/0x14e0 [ 181.799026] ? vfs_write+0x2f3/0x560 [ 181.802747] ? dlci_ioctl_set+0x40/0x40 [ 181.806729] do_vfs_ioctl+0x1de/0x1720 [ 181.810641] ? fsnotify_first_mark+0x350/0x350 [ 181.815227] ? __fsnotify_parent+0xcc/0x420 [ 181.819546] ? ioctl_preallocate+0x300/0x300 [ 181.823967] ? __fget_light+0x2f7/0x440 [ 181.827978] ? fget_raw+0x20/0x20 [ 181.831458] ? __sb_end_write+0xac/0xe0 [ 181.835465] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 181.841022] ? fput+0x130/0x1a0 [ 181.844323] ? ksys_write+0x1ae/0x260 [ 181.848131] ? security_file_ioctl+0x94/0xc0 [ 181.852531] ksys_ioctl+0xa9/0xd0 [ 181.855976] __x64_sys_ioctl+0x73/0xb0 [ 181.859899] do_syscall_64+0x1b9/0x820 [ 181.863878] ? finish_task_switch+0x1d3/0x870 [ 181.868381] ? syscall_return_slowpath+0x5e0/0x5e0 [ 181.873306] ? syscall_return_slowpath+0x31d/0x5e0 [ 181.878326] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 181.883371] ? prepare_exit_to_usermode+0x291/0x3b0 [ 181.888412] ? perf_trace_sys_enter+0xb10/0xb10 [ 181.893084] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 181.897928] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 181.903112] RIP: 0033:0x455ab9 [ 181.906290] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 181.925545] RSP: 002b:00007f2865266c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 181.933258] RAX: ffffffffffffffda RBX: 00007f28652676d4 RCX: 0000000000455ab9 [ 181.940612] RDX: 0000000020000000 RSI: 0000000000008916 RDI: 0000000000000013 [ 181.947891] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 181.954857] FAULT_INJECTION: forcing a failure. [ 181.954857] name failslab, interval 1, probability 0, space 0, times 0 [ 181.955243] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000014 [ 181.955252] R13: 00000000004bfc03 R14: 00000000004cf4d8 R15: 000000000000001d [ 181.978795] binder: send failed reply for transaction 165 to 9990:10034 [ 181.981311] CPU: 0 PID: 10035 Comm: syz-executor5 Not tainted 4.18.0-rc5-next-20180720+ #12 [ 181.981328] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 181.996968] binder: 9990:9992 ioctl c0306201 200000c0 returned -14 [ 182.006119] Call Trace: [ 182.006146] dump_stack+0x1c9/0x2b4 [ 182.006161] ? dump_stack_print_info.cold.2+0x52/0x52 [ 182.006179] ? __kernel_text_address+0xd/0x40 [ 182.006193] ? unwind_get_return_address+0x61/0xa0 [ 182.006209] should_fail.cold.4+0xa/0x11 [ 182.006224] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 182.006243] ? save_stack+0xa9/0xd0 [ 182.015896] binder: undelivered TRANSACTION_COMPLETE [ 182.018962] ? kasan_kmalloc+0xc4/0xe0 [ 182.018978] ? __kmalloc_track_caller+0x14a/0x760 [ 182.018990] ? memdup_user+0x2c/0xa0 [ 182.019000] ? strndup_user+0x77/0xd0 [ 182.019014] ? ksys_mount+0x73/0x140 [ 182.019026] ? __x64_sys_mount+0xbe/0x150 [ 182.019038] ? do_syscall_64+0x1b9/0x820 [ 182.019051] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 182.019071] ? proc_fail_nth_write+0x9e/0x210 [ 182.025687] binder: undelivered TRANSACTION_ERROR: 29201 [ 182.030139] ? proc_cwd_link+0x1d0/0x1d0 [ 182.030156] ? lock_acquire+0x1e4/0x540 [ 182.030173] ? lock_acquire+0x1e4/0x540 [ 182.108644] ? fs_reclaim_acquire+0x20/0x20 [ 182.112956] ? lock_downgrade+0x8f0/0x8f0 [ 182.117090] ? check_same_owner+0x340/0x340 [ 182.121486] ? lock_release+0xa30/0xa30 [ 182.125445] ? check_same_owner+0x340/0x340 [ 182.129757] ? rcu_note_context_switch+0x730/0x730 [ 182.134689] ? __check_object_size+0xa3/0x5d7 [ 182.139185] __should_failslab+0x124/0x180 [ 182.143499] should_failslab+0x9/0x14 [ 182.147314] kmem_cache_alloc_trace+0x2cb/0x780 [ 182.151977] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 182.157528] ? _copy_from_user+0xdf/0x150 [ 182.161666] copy_mount_options+0x5f/0x380 [ 182.165900] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 182.171427] ksys_mount+0xd0/0x140 [ 182.174960] __x64_sys_mount+0xbe/0x150 [ 182.178928] do_syscall_64+0x1b9/0x820 [ 182.182809] ? finish_task_switch+0x1d3/0x870 [ 182.187311] ? syscall_return_slowpath+0x5e0/0x5e0 [ 182.193615] ? syscall_return_slowpath+0x31d/0x5e0 [ 182.198537] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 182.203577] ? prepare_exit_to_usermode+0x291/0x3b0 [ 182.208583] ? perf_trace_sys_enter+0xb10/0xb10 [ 182.213240] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 182.218106] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 182.223299] RIP: 0033:0x455ab9 [ 182.226481] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 182.246010] RSP: 002b:00007f9b4e0a1c68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 182.253729] RAX: ffffffffffffffda RBX: 00007f9b4e0a26d4 RCX: 0000000000455ab9 [ 182.260991] RDX: 0000000020000140 RSI: 0000000020000640 RDI: 0000000020000100 [ 182.268358] RBP: 000000000072bf50 R08: 00000000200001c0 R09: 0000000000000000 [ 182.275615] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000015 [ 182.282872] R13: 00000000004c01fb R14: 00000000004cfe38 R15: 0000000000000002 20:43:01 executing program 4: preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000080)=""/148, 0x289}], 0x1, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/arp\x00') preadv(r0, &(0x7f0000000480), 0x10000000000002a1, 0x10400003) ioctl$TUNGETSNDBUF(0xffffffffffffffff, 0x800454d3, &(0x7f0000000000)) ioctl$PERF_EVENT_IOC_RESET(0xffffffffffffffff, 0x2403, 0x5) fcntl$setown(r0, 0x8, 0x0) r1 = epoll_create1(0x80006) r2 = socket(0x1d, 0x0, 0x1116) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r2, &(0x7f0000000000)) setsockopt$inet_udp_int(r2, 0x11, 0x6f, &(0x7f0000000100)=0x7, 0x4) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r1, &(0x7f0000000540)={0x20000003}) ioctl$sock_netdev_private(r3, 0x89f0, &(0x7f0000000480)="dd6c4aae95babf1ba2cec8b824c3d8fd5e5e2a57f332e1c96456a1d00ea4ce51a18b3bfae24dc491ada880e92ffe5376d59852e5ee1b2cde661cadfb31d0a597bb36b5180ca4958e224ea71a6b099d1592d459f4f498fce378ebf9ec4774f407b189a23bfebadf74943b2858f72fd422c838df1af095ff") ioctl$BLKSECDISCARD(r3, 0x127d, &(0x7f0000000300)=0x6bb) r5 = perf_event_open(&(0x7f0000000140)={0x2, 0xb1, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) fcntl$getown(r5, 0x9) r6 = mq_open(&(0x7f00005a1ffb)='eth0\x00', 0x42, 0x0, &(0x7f0000000000)={0x0, 0x6, 0x4}) mq_notify(r6, &(0x7f0000000140)={0x0, 0x2e, 0x1, @thr={&(0x7f0000000040)="7be4d6b00202ca53878499e01146863a2e7c8ca45e1910e5eba6453bb6f234b5a1b1bca731970a74bfc8e1793749ea18156c9b8a615bfa2f506fcf44060d36e38f66f111149434d5139e416358ea33f34b4507cdc299f7868d5f186e6bd604", &(0x7f00000000c0)="3c5d8da40d1477844fc4c160b6004a90edc520a6935a49cf5da4c2b525d13146ed27d429c762a4b0e9aaed82555cd1ae800d"}}) r7 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rtc0\x00', 0x101004, 0x0) preadv(r7, &(0x7f0000000440)=[{&(0x7f0000000340)=""/249, 0xf9}], 0x1, 0x0) pipe2(&(0x7f0000000580)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) ioctl$SG_GET_PACK_ID(r8, 0x227c, &(0x7f00000005c0)) ppoll(&(0x7f00000001c0)=[{r6, 0x8000}, {r7, 0x420}], 0x2, &(0x7f0000000200)={0x77359400}, &(0x7f0000000240)={0x9}, 0x8) mq_timedsend(r6, &(0x7f00000e6000), 0x0, 0xe7, &(0x7f0000e0b000)) getsockopt$inet_udp_int(r3, 0x11, 0x1, &(0x7f0000000280), &(0x7f0000000640)=0x4) write$eventfd(r4, &(0x7f00000002c0)=0x43, 0x8) setsockopt$inet_mreq(r2, 0x0, 0x23, &(0x7f0000000500)={@local, @rand_addr=0x800}, 0x8) syz_genetlink_get_family_id$team(&(0x7f0000000780)='team\x00') 20:43:01 executing program 2: r0 = socket$packet(0x11, 0x400000003, 0x300) setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000040)=0x100, 0xff1f) sendto$inet6(r0, &(0x7f0000000180)="0401000000c000ddb8460900fff55b4202938207d9fb3780398d5375000000007929301ee62ed5c01843ed7590080053c0e385472da7222a2bb42f2dbd945d462600001b00ffff0000f2ffffffffff3ae65eaeb462644a4bae13566400000000000000000000000000000000", 0x6c, 0x0, &(0x7f0000000080)={0xa, 0x200810800, 0x9, @remote}, 0x1c) 20:43:01 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x800) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008fd0)={0x0, 0x0, &(0x7f0000003fe8), 0x0, 0x0, &(0x7f0000009000)}) ioctl$BINDER_WRITE_READ(r0, 0x5460, &(0x7f000000dfd0)={0x0, 0x0, &(0x7f000000dfac), 0x1, 0x0, &(0x7f000000df36)="12"}) 20:43:01 executing program 6: r0 = dup(0xffffffffffffffff) ioctl$KDSIGACCEPT(r0, 0x4b4e, 0x41) r1 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_int(r1, 0x29, 0x1000000000021, &(0x7f00000005c0)=0x1, 0x4) ioctl$sock_inet_SIOCSIFPFLAGS(r0, 0x8934, &(0x7f0000000140)={'bond0\x00', 0x100000000}) r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='attr/keycreate\x00') bind$nfc_llcp(r2, &(0x7f0000000080)={0x27, 0x0, 0x2, 0x7, 0x76c7, 0x1, "ebc5b62ca0c59341934d1e2c09e66c677cbd646ac50c1d4a9ad3b5d79ee12fd3cd0fd6619d260de1bfdc48ab1f99d44779b100fe91702cfee5269bfc47b069", 0x1e}, 0x60) connect$inet6(r1, &(0x7f0000000240)={0xa, 0x0, 0x0, @local}, 0x1c) getsockopt$inet_sctp6_SCTP_ASSOCINFO(r1, 0x84, 0x1, &(0x7f00000002c0)={0x0, 0xba, 0x0, 0x80000001, 0x9, 0x3}, &(0x7f0000000300)=0x14) getsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(r2, 0x84, 0x72, &(0x7f0000000340)={0x0, 0x9, 0x20}, &(0x7f0000000380)=0xc) getsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(r1, 0x84, 0x13, &(0x7f00000003c0)={r3, 0x3}, &(0x7f00000001c0)=0x8) setsockopt$inet_sctp_SCTP_CONTEXT(r0, 0x84, 0x11, &(0x7f0000000200)={r4, 0x3}, 0x8) r5 = creat(&(0x7f0000000480)='./file0\x00', 0x30) getsockopt$inet_sctp6_SCTP_ASSOCINFO(r1, 0x84, 0x1, &(0x7f00000004c0)={0x0, 0x3, 0x80, 0x7f, 0x3, 0x87c1}, &(0x7f0000000500)=0x14) getsockopt$inet_sctp_SCTP_PEER_AUTH_CHUNKS(r5, 0x84, 0x1a, &(0x7f0000000600)={r6, 0x1000, "93305f5d798f69fe81b8b7332c2eace2c1f84600142fefafd57d51712890019ac8463d754a22442876a74373e61e96bc556236c7a05b7fb02b8b0f2bdee5dbc1172cd169e821340e43fc007694be26da7792330ea3abd3ed45c1ae993edd637e8430ef488c288cf3808bc216949a4f3f9218a3a1ba704afd3914617af7783a8e558ee5a96e672ac96b2fc004d2aa59e842f18fe72ff1c7c9da831352f5409baa93c1aa2fa936d22a9948d26f7996394134079cb433df22c71bcda421a960e5557692533bc844b4948fb3774004f3844201fa372236309664339a2c36675ae80a962a1332df3966271f5092af0519846e468568d604faf3c0b1d006e07626263e8456e2b1161b711b76d9945662a87d278dcdbfa8d69aa791cb7e2c8f2ccb7ba18ab23ba507242aa3f57ed40aa7f050f3a72b3bd553367a8c3055612c9785612586a61b93caf4ad86e973b58aa5808d802f0c000a8020245749f5971d1ff764d8bbff7ce9f88c0df7a996250c4c694a9f3df45e6b35da47c35a085c7d02316a7584753bdc1bcac9a860b296102dd5f544f66abb8f590ffb933464b063633489a98146ac87e54a059a2e85fc3b8239525960c2f51c85b423c21197d18e5b3e4d66e2fa9bdd4781fd4ed1013a0b9d67c54f1b83b09dd59cf98c3270e34a0d14c9e6e0270719e113794283cd6e74af195ae79b0656121706d4626ecfbafd7f38c44cca2935f4e0cc2834d7fb2528735f42b3b1fc48456b1edc944138cf4d3e9ade69b8efd76f4a9a18bd9b883bedcbc4f085caec3fcb4ce3227da005a0c9efd4d3fd49342ba85d39ca88ce28edc628217231b1c1e76f453a13b6fb3bb606c08dbe20b18f697a9aea1ea5100029c34bcbd926d002009118e83ce275fb074e9c4d0413e67a69a98e7a03bd6a9e7b429c98eec0d8ba3ddc389b7bf43470de74f508970c70c7d3a3b18d1e3e8f35db4521890f013cb4544f33b8384b5bdc1e3a18e6b8d68a4f0a814411a8a44dd4ae6629aa7ddf7f859c554e927e3763327c3284d8f61bde012d1e05006665bcf275b6f566fc0cd76f0f370aa9dc53c5961f64b44bc4eda946360048e9316eaa413e3393b97af85367de69d4039444027c1cce8858b5b9450537108920b26c48b979d440c3dce063f0110d9fe1fe4b57c8bfa347b4cf87afde1e1f04b20a41ce33b4a6e374431983b10b2fa350fa7b59d50863ed4f60f6879372fd8ab7558a908f9119ae3db54bee70384014427bea243c90568ec76d64d80ca707b6438b31614906af3eec40ab3e2250bcdf09073413ccca13c8febe7467f44e07d0e5216467e9fa84f58289c71871d254c4d5e467342752fa3c8662cb01b99d4ddc41b0e1e180e96aa46386f5cbe8bb405c8cd503ada951b09794200255ba62b720173adeeaf943a908791dec859990862e01949bc96d56d8ea7f107d5384f7f48110430bd8c2d2a29d07a424b09f63bbb46cac43057ccf9971e11f5cf2ef4426ead15165463c87ba364ea8d13df5a30dad83ade5dc2b0386e90aa9bd086b09f32118248219c63c6ebca29c6b8d06f03625d9157911883034dfa7c00d42b8a6ebfccc85d2777efd7bc3300211f3d0d9dd1b674b96c360dcd0b48da76e3ac5e083da2cff17725f295c1b7f4c385018d7f3ead8c02b370112f68311ea8ae069cbaef6aa92d65c0093f3353a2f6f354e639342e49b1ca01eefbb11b3a33a5681ec6d3fe37bf4685dea9dc615ac33cd014bb635192425dde9cf85b7a9776c6f34924abb604a40a129ecee498554f8bc92979b529b0c6e4ec86e38b19f858eb4583d42144d3f24d0a4b27862fa804c31a8d32aacba5b9fe8f7fdeb8855de2f73bb20a8cd5d11f917b3e2f943efc09fe28e4593b86809b598c26f0c932d6986d26a14a80e13e869d851e1f9ede517812c17a2149dfd6cea19392af1b9809046b2c30639205748bfba4fbbc4ed59a0147420217aee9010884e934d86d479e947162be063fdcdd393503c341d93906d0a5e4cd38064d97857df31027111ea06fb176f37dca6f51a8e5feca8f66ac72a6d3beb996efef126ebab656480429531b703a84bee4b976f2cac31389ef9c7ff91ab8ec200afbacd9f30f8b379643379853f740901fac14a856fe3990d71f855b58fc0f17153c2945d0c6c3db4ed07fabbed0b9a688074007457494c63bb3a679dff87ad0117f8b4734b229feffec5c58206cff5b06b5d9c3d20d161a24e0e4aa9182ffc7d34a360bea269647a8d64f1155a454665abf247f3afdb6b7785b019ee2062f142a9a2aeb2d62e2acc78fd636a05230b2424e00944acebdbc7f95ea441e5157fbba6cc9a4d3c89e82da50db69304b9460c4c40f657c5d64e84d47c4a263dba388ee7aab2b0be54c31e283d4d75766840f499895b921e1ca0bf14ae56940207a55cb6bb6e2b178f20879d2bd56d26e2d7963a84c39d6aa9e027b045a62487dd856656962e328c8902ec2ba0353a578c119c2dafd240ff5a55cef8b06cca9d1768f4dabbec828782d91d1f5c82351f5a6ee71be599f05e9f6072ef1c763009519fdc4c1c91a09347045e175e75bd1febf4ece592ed1dd136c06505abf8928351862bc98f837927ef56194bc57bbaddaa79b7dd7ee302e88f57ad00e15caea8f1e09901b76196bb1d141d170a3fce475da5058fe9c77f5789a68cc6f9499512d94eb8de7f7ff13baad6641cd78d18fd06bd4d19b7c6b1011f822c1d66ac9821494dfe7555f68e1934e2e1b13e031c90516247a2cf148b01a04db0033fbf7a8d197cddf2057374cb480e5a3fa5f408580841c6b4fe7b287ad3530ee03d404a8e485cc6274b0d1131b830b4a19a8dbd4f684083342a297e6ec1a6967d99ab93872a0c7675a607b27202cb66b9ffac8339d5f40ee9f5494b6f2f7844e44ac9be21b9c96dd842d14556c220a30720d37ad85440ea73bb483dd2cbe5fe2516f0214ce1eca4a7b2321d1684af24997f3038078c5280ec1415f25dc0fdc812a17b0b7acf1ccc7a72dbf06f254344b4fb9c4ab94259600e012cb8df0881cf587ea83f55f45fbcfd445d12a1f678a5518c7b4f650789ba167bbda0c29d4c25736681a647f983f1f07a76691a659910900f7c06dd68aff8f1bc48a56a84ab6792cb2c237f82940cea5182eab92b6dc6ad67a9c49e993ea0befb4a2060a71008b8e4e6d91dd7c4e7924e4cb8b26301f91c96d04404d454a8061da2d2e77f3d0431ebc0cb7788f6272ee7dae8d231dfcfd3cb0f21fbc71fa600d13825ce12c1e0140f93af8bdf31aaca572061db8fb61570bab8f0a0f84f04f29cdf3cee36ead1e8ae445b575ebb9680a1eed4c6d4b8119e5a5147ad5e7e195379f231786b53a8d50649ce506f812d3bd9969c7537dd1c2494d69b66e9b638b21363398fcf9732612b2ba69b581ea67d9fa1bf00e466982ecd3bc72b49e1444fea612e48615c7d504a1effa1eb33524a99f4e48f18b798ebef215f50c0b1616fd37d5ff872139af1edbd24f8bd02b0b0525304c27fa1c372d29a7481258723f6b1d0d9735fb833bff6fcbb9dec521d203eec86ca370b2cdf46fce4dfda24dd9f59004dd735901e5fc82ff28e51d3c9fefcacbb06ca61ee423508511cdacf98f74372db881fe2e30e92459c3a77a511ab7345036ddd6d00850917ebb7cca5e6a845809b342e9e9753b0044639fcbe764fffad10f41feb8b6b766b93c398e2f0c0a91f5c956d6a35aa49edd872bad4f4c05a2b653343d20da7828982a3447e6a22852505cbed7bc267ee53f8552f578f7a8358b9fcb0729e5335a604fbdb429161c5dd738be6e28baf1fee88a917ed88f7820878b3f886f6fc8183268cf46c1f665f8c51a58ce1c93967fb9b2e6c8d2cd44bc3ec843cb7c8958e387766511e11b2dc0b320c434ef9411a11ef68e1e1856853c472d0eb050ac03b4661c327a66898dddeaf23165c7f9360ec44dd63cc145716c21ab37145212ddbcf0d5b3d4ac58647a21740b231f4ba6f5888d3b1e7b9e97a2d2b07f6e68f4ab857e4357918640cf593a5aa7de526e56be235c37cb33834f4fe32ff3528ba2e23f5081b8da5c594f2d1959031231d762c41e31bbabf11d79b92f28e753c3e00b96ae9a09160d4c5f87ffa78f524e71c3a311461d5ee49c242e700958203ec7c1fdef3f0a533492c59bf47f0e6825b4c9790fd63b672c3334f9aa34843f781e500669ce627314102eab381e407a05cfc454fd3950d21a8f9fcfb018882a9055e10036185e5a53f40378553bb1b6e18f3c135d3cf84f89bb0539c0b1772dc7dc77de23c394a253170ca820dd42c695555de3ae74df679f1018cc26ec8dbaf486fb4bf3d058fc53be7d475ba8dc60b370feaffc7ca5eeefa17d94c6596e275a4c654e3daad5bd5dd6bba53a18bc02aa5864774f5d0879638a3f97b5edcb6aac56ce14fc210e75953913442d568905487835e16835aef57a4c240aed85ff22066527f7e5ebeeb53b7544a771b1270584ad14656a56145a20b480bfbedd8e5f5a9f03426e9e107bb968f43de1b2f341a569d806617f0af1c8348da6ab466db71eed1b82a549546a6336d53ac3010b278a2cad3d8d856ba1cf19c2d4fe7c4b61447de85c8f3171478442e1e02c7ef044410f3b1085890dc751fc398f181032ebac24d9ac630af121659618dc727f1fafe8b9cb6058b5427d21db3784236055a2265d6d804c7dcba16df508ede67faa9a4e8b06a50eeaa93bb9a87abc1faf6448ea1c647616519e96fa0d7220c58a8e4dcb7bed8444cbb8fe03d312f2c238d90caeae1cda9371c77ef2e1681a89f7539363e2659262d26dcfcb16a544ff546adb18162526b71c0a4b4deec6458ef8b91e7dad6ab08520fa5a53d3182767e11f800a202292a8b1e79aaaf01dcb0a66bbd0bda15d36ae965953ff08a8d75dd5157ee497a928981a59675b0761a6ffae68af9e81b129b460f55587ecfff453ba54cf1795c35bc786ab68fe1ea1c28c8dce89e31820f9a2ac9055d3a87151f984af2f0c030d2a5f9fdc425a17983e0e16786890759de972ae722d54aa9fb310f6ae97be48b0352ebb38569d50767f9273da5b61eab26ab9ad4fd620fdc4c8f66eaa3ae03f8b3cbd6d34fd2fbd20cfe7d15655d8263fb1b31ea11851ff4732e24cb8562a334a1147d96e1c05007b43d0050f6e61fc91cb5f62e9668f1bad9ef717a2482a5f3e6962cbdec18e486df0eddbc52e5c16c621a36cfae9ecbb838c9eed10035ad2fba85b6ade48310f78423013e3b9e86e9761efb12b4b24da97c3a8d5d158378bc65957ad1bfe8d025cd62de6da5df72a79015e370fd3a37f125f3cfed06f14b6799705931630cacc8461a57acfd97c2c0b2db1dbe0dc2d8ece50900add2928e65a9f97b31849bec7e65314fcc64498e4196ea95a819486e7be43747bdd9745abf84332d708e56439d562c42c2e38c46b763dba9a6d0770502564ebede52ed95a47419c2af4c41902edf137e6b2fb4a2b5010c5cb2486f9694c38e02abd027ab1c2a2cca44016be6adbb9a201ec910fe5a392c68a569fe74c94aea425b735bbcf7cde391b04576b87f9841ea1a1f0c320f44d441bf79869f8f48d905214bf4ac08cec8341f3e4f76eec59172d3aeb7f486730640458d21b54024a8b09208257f5392ae3b7202e3c8cf521cb0c79354a9d1e392bc56ce71522475c2a88c1f2742c41301d68824dc269c49147e61d4e1c8f670eb7fffd6a03e2f3ec42b4faca09aebeb3efa9768bcc3b49d8c75bdb9ada761cf935e1070752679f44383a7bbaec420cb1790"}, &(0x7f0000000540)=0x1008) epoll_ctl$EPOLL_CTL_MOD(r1, 0x3, r1, &(0x7f0000000000)={0x70000000}) openat$random(0xffffffffffffff9c, &(0x7f0000000100)='/dev/urandom\x00', 0x0, 0x0) 20:43:01 executing program 0 (fault-call:2 fault-nth:30): r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCSIFADDR(r0, 0x8916, &(0x7f00000000c0)={'bond_slave_0\x00'}) ioctl$sock_inet_SIOCSIFADDR(r0, 0x8916, &(0x7f0000000000)={'bond_slave_0\x00', {0x2, 0x0, @local}}) 20:43:01 executing program 7: r0 = syz_open_dev$binder(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000000c0)={0x4, 0x0, &(0x7f0000000100)=[@register_looper], 0x1, 0x6c000000, &(0x7f0000000280)='\b'}) r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000008fd0)={0x4c, 0x0, &(0x7f0000000140)=[@transaction_sg={0x40486311, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000100)}}}], 0x0, 0x0, &(0x7f0000fedffe)}) 20:43:01 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e23, @broadcast}, 0x10) sendto$inet(r0, &(0x7f0000a88f88), 0xfffffffffffffe6e, 0x20000000, &(0x7f0000e68000)={0x2, 0x4004e23, @local}, 0x10) shutdown(r1, 0x0) 20:43:01 executing program 5 (fault-call:7 fault-nth:3): mkdir(&(0x7f000082f000)='./control\x00', 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x1032, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000e4c000)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0) write$sndseq(r1, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) mount(&(0x7f0000000100)='./control\x00', &(0x7f0000000640)='./control/file0\x00', &(0x7f0000000140)='proc\x00', 0x0, &(0x7f00000001c0)) lchown(&(0x7f0000000040)='./control/file0\x00', 0x0, 0x0) close(r0) 20:43:01 executing program 2: r0 = socket$inet6(0xa, 0x2, 0x0) sendmsg(r0, &(0x7f0000013000)={&(0x7f0000013fe4)=@in6={0xa, 0x4e23, 0x0, @loopback}, 0x80, &(0x7f0000000440), 0x0, &(0x7f0000000080)=[{0x24, 0x29, 0x39, "27020201594a87ccfe80000000000000596fe52b56"}], 0x24}, 0x0) 20:43:01 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x800) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008fd0)={0x0, 0x0, &(0x7f0000003fe8), 0x0, 0x0, &(0x7f0000009000)}) ioctl$BINDER_WRITE_READ(r0, 0xc0045878, &(0x7f000000dfd0)={0x0, 0x0, &(0x7f000000dfac), 0x1, 0x0, &(0x7f000000df36)="12"}) 20:43:01 executing program 6: r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f00000005c0)=0x1, 0x4) connect$inet6(r0, &(0x7f0000000240)={0xa, 0x0, 0x0, @local}, 0x1c) r1 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv4/vs/am_droprate\x00', 0x2, 0x0) write$FUSE_OPEN(r1, &(0x7f0000000040)={0x20, 0x0, 0x1, {0x0, 0x1}}, 0x20) [ 182.446199] binder: 10044:10049 ERROR: BC_REGISTER_LOOPER called without request 20:43:01 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x800) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008fd0)={0x0, 0x0, &(0x7f0000003fe8), 0x0, 0x0, &(0x7f0000009000)}) ioctl$BINDER_WRITE_READ(r0, 0x2, &(0x7f000000dfd0)={0x0, 0x0, &(0x7f000000dfac), 0x1, 0x0, &(0x7f000000df36)="12"}) 20:43:01 executing program 2: r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_int(r0, 0x29, 0x3, &(0x7f0000000080)=0x22, 0x4) bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) sendto$inet6(r0, &(0x7f0000000340), 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @local}, 0x1c) write$binfmt_misc(0xffffffffffffffff, &(0x7f00000000c0)={'syz0'}, 0x4) recvmsg(r0, &(0x7f00000002c0)={&(0x7f0000000100)=@ll={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @remote}, 0x80, &(0x7f0000000280), 0x0, &(0x7f00000003c0)=""/219, 0xdb}, 0x0) 20:43:01 executing program 6: r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f00000005c0)=0x1, 0x4) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e23, 0x0, @mcast1}, 0x2b4) getsockname$packet(r0, &(0x7f0000000040)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000080)=0x14) r2 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000140)='\x00', 0xffffffffffffff9c}, 0x10) ioctl$SNDRV_SEQ_IOCTL_GET_PORT_INFO(r2, 0xc0a85322, &(0x7f0000000240)) ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f00000000c0)={@mcast2, @dev={0xfe, 0x80, [], 0x12}, @mcast2, 0x0, 0x3, 0x401, 0x100, 0x2000, 0x200000, r1}) setsockopt$inet6_mtu(r0, 0x29, 0x17, &(0x7f0000000180)=0x5, 0x4) openat$dir(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x20000, 0x8) [ 182.558516] FAULT_INJECTION: forcing a failure. [ 182.558516] name failslab, interval 1, probability 0, space 0, times 0 [ 182.569813] CPU: 1 PID: 10048 Comm: syz-executor0 Not tainted 4.18.0-rc5-next-20180720+ #12 [ 182.579033] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 182.589099] Call Trace: [ 182.591730] dump_stack+0x1c9/0x2b4 [ 182.595395] ? dump_stack_print_info.cold.2+0x52/0x52 [ 182.600750] should_fail.cold.4+0xa/0x11 20:43:01 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x800) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008fd0)={0x0, 0x0, &(0x7f0000003fe8), 0x0, 0x0, &(0x7f0000009000)}) ioctl$BINDER_WRITE_READ(r0, 0x40046207, &(0x7f000000dfd0)={0x0, 0x0, &(0x7f000000dfac), 0x1, 0x0, &(0x7f000000df36)="12"}) 20:43:01 executing program 2: r0 = add_key$user(&(0x7f0000000000)='user\x00', &(0x7f0000000140), &(0x7f0000000180)='!', 0x1, 0xfffffffffffffffc) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x2) keyctl$read(0xb, r0, &(0x7f0000000080)=""/51, 0x33) [ 182.604839] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 182.609972] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 182.615536] ? resize+0x1227/0x22c0 [ 182.619191] ? lock_downgrade+0x8f0/0x8f0 [ 182.623369] ? replace+0x5d0/0x5d0 [ 182.626950] ? kasan_unpoison_shadow+0x35/0x50 [ 182.631561] ? lock_acquire+0x1e4/0x540 [ 182.635568] ? fs_reclaim_acquire+0x20/0x20 [ 182.639914] ? lock_downgrade+0x8f0/0x8f0 [ 182.644183] ? check_same_owner+0x340/0x340 [ 182.648613] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 182.654179] ? rcu_note_context_switch+0x730/0x730 [ 182.655537] binder: BINDER_SET_CONTEXT_MGR already set [ 182.659129] __should_failslab+0x124/0x180 [ 182.659145] should_failslab+0x9/0x14 [ 182.659161] kmem_cache_alloc_node+0x272/0x780 [ 182.659178] ? fib_trie_seq_start+0x4e0/0x4e0 [ 182.659194] ? lock_downgrade+0x8f0/0x8f0 [ 182.659205] ? __x64_sys_ioctl+0x73/0xb0 [ 182.659219] __alloc_skb+0x119/0x770 [ 182.659241] ? skb_scrub_packet+0x490/0x490 [ 182.687549] binder: 10086:10088 ioctl 40046207 2000dfd0 returned -16 [ 182.689849] ? atomic_notifier_call_chain+0xf1/0x190 [ 182.689871] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 182.689886] ? call_fib_notifiers+0x6f/0x90 [ 182.689904] ? call_fib4_notifiers+0x9c/0x110 [ 182.689940] ? call_fib_entry_notifiers+0x2f1/0x500 [ 182.689959] ? kasan_kmalloc+0xc4/0xe0 [ 182.732802] rtmsg_fib+0x1f8/0x4d0 [ 182.736373] fib_table_insert+0x7a8/0x17a0 [ 182.740636] ? fib_table_lookup+0x24a0/0x24a0 [ 182.745154] ? trace_hardirqs_on+0xd/0x10 [ 182.749322] ? kasan_unpoison_shadow+0x35/0x50 [ 182.753928] ? kasan_kmalloc+0xc4/0xe0 [ 182.757843] fib_magic.isra.22+0x66b/0x890 [ 182.762141] ? fib_new_table+0x490/0x490 [ 182.766228] ? lock_acquire+0x1e4/0x540 [ 182.770222] ? blocking_notifier_call_chain+0x129/0x190 [ 182.775590] fib_add_ifaddr+0x45c/0x500 [ 182.779577] fib_inetaddr_event+0x172/0x222 [ 182.783942] notifier_call_chain+0x180/0x390 [ 182.788379] ? unregister_die_notifier+0x20/0x20 [ 182.793148] ? __x64_sys_ioctl+0x73/0xb0 [ 182.797221] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 182.802598] blocking_notifier_call_chain+0x147/0x190 [ 182.807823] ? srcu_init_notifier_head+0xa0/0xa0 [ 182.812586] ? rtmsg_ifa+0x14e/0x1e0 [ 182.816296] __inet_insert_ifa+0x858/0xba0 [ 182.820531] ? refcount_add_not_zero_checked+0x330/0x330 [ 182.825979] ? __inet_del_ifa+0xbd0/0xbd0 [ 182.830132] ? rtnl_is_locked+0xb5/0xf0 [ 182.834105] ? rtnl_trylock+0x20/0x20 [ 182.837910] devinet_ioctl+0x1460/0x1d90 [ 182.841975] ? inet_ifa_byprefix+0x240/0x240 [ 182.846392] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 182.851988] inet_ioctl+0x18b/0x360 [ 182.855646] ? inet_stream_connect+0xa0/0xa0 [ 182.860065] ? _parse_integer+0x190/0x190 [ 182.864229] ? lock_release+0xa30/0xa30 [ 182.868210] ? check_same_owner+0x340/0x340 [ 182.872546] ? __check_object_size+0xa3/0x5d7 [ 182.877049] sock_do_ioctl+0xe4/0x3e0 [ 182.880859] ? __fget+0x4ac/0x740 [ 182.884348] ? compat_ifr_data_ioctl+0x170/0x170 [ 182.889119] ? lock_release+0xa30/0xa30 [ 182.893102] ? pid_task+0x115/0x200 [ 182.896745] ? find_vpid+0xf0/0xf0 [ 182.900296] ? __f_unlock_pos+0x19/0x20 [ 182.904281] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 182.909478] sock_ioctl+0x30d/0x680 [ 182.913109] ? dlci_ioctl_set+0x40/0x40 [ 182.917084] ? ksys_dup3+0x690/0x690 [ 182.920818] ? kasan_check_write+0x14/0x20 [ 182.925057] ? __mutex_unlock_slowpath+0x197/0x8c0 [ 182.929982] ? fsnotify+0xbac/0x14e0 [ 182.933709] ? vfs_write+0x2f3/0x560 [ 182.937415] ? dlci_ioctl_set+0x40/0x40 [ 182.941390] do_vfs_ioctl+0x1de/0x1720 [ 182.945287] ? fsnotify_first_mark+0x350/0x350 [ 182.949875] ? __fsnotify_parent+0xcc/0x420 [ 182.954203] ? ioctl_preallocate+0x300/0x300 [ 182.958632] ? __fget_light+0x2f7/0x440 [ 182.963394] ? fget_raw+0x20/0x20 [ 182.966850] ? __sb_end_write+0xac/0xe0 [ 182.970836] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 182.976366] ? fput+0x130/0x1a0 [ 182.979642] ? ksys_write+0x1ae/0x260 [ 182.983442] ? security_file_ioctl+0x94/0xc0 [ 182.987847] ksys_ioctl+0xa9/0xd0 [ 182.991293] __x64_sys_ioctl+0x73/0xb0 [ 182.995181] do_syscall_64+0x1b9/0x820 [ 182.999075] ? syscall_slow_exit_work+0x500/0x500 [ 183.003961] ? syscall_return_slowpath+0x5e0/0x5e0 [ 183.008908] ? syscall_return_slowpath+0x31d/0x5e0 [ 183.013852] ? prepare_exit_to_usermode+0x291/0x3b0 [ 183.018961] ? perf_trace_sys_enter+0xb10/0xb10 [ 183.023655] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 183.028514] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 183.033711] RIP: 0033:0x455ab9 [ 183.036898] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 183.056114] RSP: 002b:00007f2865266c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 183.063817] RAX: ffffffffffffffda RBX: 00007f28652676d4 RCX: 0000000000455ab9 [ 183.071085] RDX: 0000000020000000 RSI: 0000000000008916 RDI: 0000000000000013 [ 183.078356] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 183.085639] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000014 [ 183.092911] R13: 00000000004bfc03 R14: 00000000004cf4d8 R15: 000000000000001e [ 183.244778] FAULT_INJECTION: forcing a failure. [ 183.244778] name failslab, interval 1, probability 0, space 0, times 0 [ 183.256097] CPU: 1 PID: 10098 Comm: syz-executor5 Not tainted 4.18.0-rc5-next-20180720+ #12 [ 183.263691] binder: send failed reply for transaction 168 to 10044:10097 [ 183.264676] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 183.264682] Call Trace: [ 183.264704] dump_stack+0x1c9/0x2b4 [ 183.264719] ? dump_stack_print_info.cold.2+0x52/0x52 [ 183.264741] ? vmf_insert_mixed_mkwrite+0xa0/0xa0 [ 183.275704] binder: 10044:10049 ioctl c0306201 200000c0 returned -14 [ 183.281043] should_fail.cold.4+0xa/0x11 [ 183.281061] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 183.281079] ? lock_acquire+0x1e4/0x540 [ 183.281096] ? handle_mm_fault+0x417/0xc80 [ 183.281111] ? lock_release+0xa30/0xa30 [ 183.281131] ? lock_release+0xa30/0xa30 [ 183.293444] binder: undelivered TRANSACTION_COMPLETE [ 183.297369] ? mem_cgroup_from_task+0xcb/0x1f0 [ 183.297387] ? __do_page_fault+0x664/0xe50 [ 183.297403] ? lock_downgrade+0x8f0/0x8f0 [ 183.297420] ? lock_acquire+0x1e4/0x540 [ 183.297437] ? fs_reclaim_acquire+0x20/0x20 [ 183.303970] binder: undelivered TRANSACTION_ERROR: 29201 [ 183.307975] ? lock_downgrade+0x8f0/0x8f0 [ 183.307991] ? check_same_owner+0x340/0x340 [ 183.308008] ? __do_page_fault+0x449/0xe50 [ 183.373570] ? rcu_note_context_switch+0x730/0x730 [ 183.378495] __should_failslab+0x124/0x180 [ 183.382722] should_failslab+0x9/0x14 [ 183.386513] kmem_cache_alloc+0x2af/0x760 [ 183.390656] ? do_page_fault+0xf6/0x8c0 [ 183.394629] getname_flags+0xd0/0x5a0 [ 183.398443] ? fs_reclaim_acquire+0x20/0x20 [ 183.402760] user_path_at_empty+0x2d/0x50 [ 183.406901] do_mount+0x17f/0x1e20 [ 183.410448] ? check_same_owner+0x340/0x340 [ 183.414763] ? lock_release+0xa30/0xa30 [ 183.418735] ? copy_mount_string+0x40/0x40 [ 183.422971] ? __do_page_fault+0x449/0xe50 [ 183.427201] ? retint_kernel+0x10/0x10 [ 183.431106] ? copy_mount_options+0x1f0/0x380 [ 183.435619] ? copy_mount_options+0x200/0x380 [ 183.440125] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 183.445656] ? copy_mount_options+0x285/0x380 [ 183.450148] ksys_mount+0x12d/0x140 [ 183.453765] __x64_sys_mount+0xbe/0x150 [ 183.457731] do_syscall_64+0x1b9/0x820 [ 183.461619] ? finish_task_switch+0x1d3/0x870 [ 183.466104] ? syscall_return_slowpath+0x5e0/0x5e0 [ 183.471035] ? syscall_return_slowpath+0x31d/0x5e0 [ 183.475952] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 183.480977] ? prepare_exit_to_usermode+0x291/0x3b0 [ 183.485999] ? perf_trace_sys_enter+0xb10/0xb10 [ 183.490683] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 183.495524] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 183.500713] RIP: 0033:0x455ab9 [ 183.503891] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 183.523105] RSP: 002b:00007f9b4e0a1c68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 183.530805] RAX: ffffffffffffffda RBX: 00007f9b4e0a26d4 RCX: 0000000000455ab9 [ 183.538088] RDX: 0000000020000140 RSI: 0000000020000640 RDI: 0000000020000100 [ 183.545364] RBP: 000000000072bf50 R08: 00000000200001c0 R09: 0000000000000000 [ 183.552646] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000015 [ 183.559902] R13: 00000000004c01fb R14: 00000000004cfe38 R15: 0000000000000003 20:43:02 executing program 4: preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000080)=""/148, 0x289}], 0x1, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/arp\x00') preadv(r0, &(0x7f0000000480), 0x10000000000002a1, 0x10400003) ioctl$TUNGETSNDBUF(0xffffffffffffffff, 0x800454d3, &(0x7f0000000000)) ioctl$PERF_EVENT_IOC_RESET(0xffffffffffffffff, 0x2403, 0x5) fcntl$setown(r0, 0x8, 0x0) r1 = epoll_create1(0x80006) r2 = socket(0x1d, 0x0, 0x1116) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r2, &(0x7f0000000000)={0xfffffffe8000201f}) setsockopt$inet_udp_int(0xffffffffffffffff, 0x11, 0x6f, &(0x7f0000000100)=0x7, 0x4) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r1, &(0x7f0000000540)={0x20000003}) ioctl$sock_netdev_private(r3, 0x89f0, &(0x7f0000000480)="dd6c4aae95babf1ba2cec8b824c3d8fd5e5e2a57f332e1c96456a1d00ea4ce51a18b3bfae24dc491ada880e92ffe5376d59852e5ee1b2cde661cadfb31d0a597bb36b5180ca4958e224ea71a6b099d1592d459f4f498fce378ebf9ec4774f407b189a23bfebadf74943b2858f72fd422c838df1af095ff") ioctl$BLKSECDISCARD(r3, 0x127d, &(0x7f0000000300)=0x6bb) r5 = perf_event_open(&(0x7f0000000140)={0x2, 0xb1, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) fcntl$getown(r5, 0x9) r6 = mq_open(&(0x7f00005a1ffb)='eth0\x00', 0x42, 0x0, &(0x7f0000000000)={0x0, 0x6, 0x4}) mq_notify(r6, &(0x7f0000000140)={0x0, 0x2e, 0x1, @thr={&(0x7f0000000040)="7be4d6b00202ca53878499e01146863a2e7c8ca45e1910e5eba6453bb6f234b5a1b1bca731970a74bfc8e1793749ea18156c9b8a615bfa2f506fcf44060d36e38f66f111149434d5139e416358ea33f34b4507cdc299f7868d5f186e6bd604", &(0x7f00000000c0)="3c5d8da40d1477844fc4c160b6004a90edc520a6935a49cf5da4c2b525d13146ed27d429c762a4b0e9aaed82555cd1ae800d"}}) r7 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rtc0\x00', 0x101004, 0x0) preadv(r7, &(0x7f0000000440)=[{&(0x7f0000000340)=""/249, 0xf9}], 0x1, 0x0) pipe2(&(0x7f0000000580)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) ioctl$SG_GET_PACK_ID(r8, 0x227c, &(0x7f00000005c0)) ppoll(&(0x7f00000001c0)=[{r6, 0x8000}, {r7, 0x420}], 0x2, &(0x7f0000000200)={0x77359400}, &(0x7f0000000240)={0x9}, 0x8) mq_timedsend(r6, &(0x7f00000e6000), 0x0, 0xe7, &(0x7f0000e0b000)) getsockopt$inet_udp_int(r3, 0x11, 0x1, &(0x7f0000000280), &(0x7f0000000640)=0x4) write$eventfd(r4, &(0x7f00000002c0)=0x43, 0x8) setsockopt$inet_mreq(r2, 0x0, 0x23, &(0x7f0000000500)={@local, @rand_addr=0x800}, 0x8) syz_genetlink_get_family_id$team(&(0x7f0000000780)='team\x00') 20:43:02 executing program 2: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000140)=0x78, 0x4) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e23, @broadcast}, 0x10) sendto$inet(r0, &(0x7f0000a88f88), 0x29f, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @loopback}, 0x10) sendto(r0, &(0x7f0000000480)="ad56d340d8f36b651302cfc98fefddf0081428b45a990668ae2c2aaf9628ce365817f56e18bb40ba4d01d4b6d4e4672079c0745cb08d0109e5022d45c835ef02afe65cdea583a0dab14b9f0cb876a35d92616bbdb204cc219d867ae2f3ef111c39c2f50a107b96f0bc5b089b81fbe5656f3845cc419033800cd2b41f8418c7299bbd3963bf42", 0x86, 0x0, &(0x7f0000000580)=@pptp={0x18, 0x2, {0x0, @broadcast}}, 0x80) sendto$inet(r0, &(0x7f0000000280)="b2d4269ac76a9c78207a8f1d16f5680cdfa286c1cd789faeb2723ba81e138fa243735490a95e99990d6efb0e74be96cf55f1c735e71b2b183b5c8c356fff9a015bb815b64d757b0972", 0x49, 0x0, &(0x7f0000000180), 0x10) recvmsg(r0, &(0x7f0000000240)={&(0x7f0000000040)=@nfc, 0x80, &(0x7f00000001c0)=[{&(0x7f0000003ac0)=""/4096, 0x1000}], 0x1, &(0x7f0000000200)=""/20, 0x14}, 0x100) write$binfmt_elf64(r0, &(0x7f0000000440)=ANY=[@ANYRES16], 0x100c6) 20:43:02 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x800) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008fd0)={0x0, 0x0, &(0x7f0000003fe8), 0x0, 0x0, &(0x7f0000009000)}) ioctl$BINDER_WRITE_READ(r0, 0x5452, &(0x7f000000dfd0)={0x0, 0x0, &(0x7f000000dfac), 0x1, 0x0, &(0x7f000000df36)="12"}) 20:43:02 executing program 6: r0 = fcntl$dupfd(0xffffffffffffff9c, 0x0, 0xffffffffffffffff) ioctl$VHOST_SET_VRING_BASE(r0, 0x4008af12, &(0x7f0000000040)={0x1, 0x1}) ioctl$KVM_DIRTY_TLB(r0, 0x4010aeaa, &(0x7f0000000000)={0x1, 0x4}) r1 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_int(r1, 0x29, 0x1000000000021, &(0x7f00000005c0)=0x1, 0x4) connect$inet6(r1, &(0x7f0000000240)={0xa, 0x0, 0x0, @local}, 0x1c) 20:43:02 executing program 3: r0 = socket$inet6(0xa, 0x2, 0x0) ioctl$sock_inet_SIOCSIFBRDADDR(0xffffffffffffffff, 0x891a, &(0x7f0000000140)={'bpq0\x00', {0x2, 0x4e20, @dev}}) connect$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @dev, 0x4}, 0x1c) sendmmsg(r0, &(0x7f00000000c0)=[{{0x0, 0x0, &(0x7f0000000140), 0x0, &(0x7f0000000080)=[{0x18}], 0x18}}], 0x3db, 0x0) 20:43:02 executing program 0 (fault-call:2 fault-nth:31): r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCSIFADDR(r0, 0x8916, &(0x7f00000000c0)={'bond_slave_0\x00'}) ioctl$sock_inet_SIOCSIFADDR(r0, 0x8916, &(0x7f0000000000)={'bond_slave_0\x00', {0x2, 0x0, @local}}) 20:43:02 executing program 7: r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000000)) ioctl$UFFDIO_REGISTER(r0, 0xc028aa03, &(0x7f00000001c0)={{&(0x7f0000fff000/0x1000)=nil, 0x1000}, 0x200000}) 20:43:02 executing program 5 (fault-call:7 fault-nth:4): mkdir(&(0x7f000082f000)='./control\x00', 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x1032, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000e4c000)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0) write$sndseq(r1, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) mount(&(0x7f0000000100)='./control\x00', &(0x7f0000000640)='./control/file0\x00', &(0x7f0000000140)='proc\x00', 0x0, &(0x7f00000001c0)) lchown(&(0x7f0000000040)='./control/file0\x00', 0x0, 0x0) close(r0) 20:43:02 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x800) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008fd0)={0x0, 0x0, &(0x7f0000003fe8), 0x0, 0x0, &(0x7f0000009000)}) ioctl$BINDER_WRITE_READ(r0, 0xc0306225, &(0x7f000000dfd0)={0x0, 0x0, &(0x7f000000dfac), 0x1, 0x0, &(0x7f000000df36)="12"}) 20:43:02 executing program 3: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=ANY=[@ANYBLOB="020a000007000000000013002d54036205001a00000ce600001000e0c90002000000000000000000000000000000f0ffffff000b02000000"], 0x38}}, 0x0) sendmmsg(r0, &(0x7f0000000180), 0x20, 0x0) 20:43:02 executing program 6: r0 = socket$inet6(0xa, 0x6, 0x801c) setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f00000005c0)=0x1, 0x4) socket$bt_bnep(0x1f, 0x3, 0x4) connect$inet6(r0, &(0x7f0000000240)={0xa, 0x0, 0x0, @local}, 0xfffffffffffffde9) getsockopt$inet6_tcp_int(r0, 0x6, 0x37, &(0x7f0000000000), &(0x7f0000000040)=0x4) socket$bt_bnep(0x1f, 0x3, 0x4) 20:43:02 executing program 7: keyctl$join(0x1, &(0x7f0000000040)) keyctl$session_to_parent(0x12) 20:43:02 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x800) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008fd0)={0x0, 0x0, &(0x7f0000003fe8), 0x0, 0x0, &(0x7f0000009000)}) ioctl$BINDER_WRITE_READ(r0, 0x4020940d, &(0x7f000000dfd0)={0x0, 0x0, &(0x7f000000dfac), 0x1, 0x0, &(0x7f000000df36)="12"}) [ 183.800874] binder: 10128:10129 ioctl c0306225 2000dfd0 returned -22 [ 183.809264] binder: 10128:10133 ioctl c0306225 2000dfd0 returned -22 [ 183.810684] FAULT_INJECTION: forcing a failure. [ 183.810684] name failslab, interval 1, probability 0, space 0, times 0 [ 183.827145] CPU: 0 PID: 10106 Comm: syz-executor0 Not tainted 4.18.0-rc5-next-20180720+ #12 [ 183.835644] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 183.845133] Call Trace: 20:43:02 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x800) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008fd0)={0x0, 0x0, &(0x7f0000003fe8), 0x0, 0x0, &(0x7f0000009000)}) ioctl$BINDER_WRITE_READ(r0, 0x40049409, &(0x7f000000dfd0)={0x0, 0x0, &(0x7f000000dfac), 0x1, 0x0, &(0x7f000000df36)="12"}) [ 183.847898] dump_stack+0x1c9/0x2b4 [ 183.851551] ? dump_stack_print_info.cold.2+0x52/0x52 [ 183.856772] should_fail.cold.4+0xa/0x11 [ 183.860861] ? __kernel_text_address+0xd/0x40 [ 183.865383] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 183.870507] ? __save_stack_trace+0x8d/0xf0 [ 183.874864] ? save_stack+0xa9/0xd0 [ 183.878513] ? save_stack+0x43/0xd0 [ 183.882159] ? kasan_kmalloc+0xc4/0xe0 [ 183.886059] ? kasan_slab_alloc+0x12/0x20 [ 183.890233] ? kmem_cache_alloc_node+0x144/0x780 [ 183.895005] ? __alloc_skb+0x119/0x770 20:43:02 executing program 7: keyctl$join(0x1, &(0x7f0000000040)) keyctl$session_to_parent(0x12) [ 183.898911] ? rtmsg_fib+0x1f8/0x4d0 [ 183.902642] ? fib_table_insert+0x7a8/0x17a0 [ 183.907066] ? fib_magic.isra.22+0x66b/0x890 [ 183.911496] ? fib_add_ifaddr+0x45c/0x500 [ 183.915668] ? fib_inetaddr_event+0x172/0x222 [ 183.920187] ? notifier_call_chain+0x180/0x390 [ 183.924789] ? blocking_notifier_call_chain+0x147/0x190 [ 183.930173] ? __inet_insert_ifa+0x858/0xba0 [ 183.934605] ? inet_ioctl+0x18b/0x360 [ 183.938431] ? lock_acquire+0x1e4/0x540 [ 183.942443] ? fs_reclaim_acquire+0x20/0x20 [ 183.946786] ? lock_downgrade+0x8f0/0x8f0 20:43:02 executing program 7: r0 = socket$inet6(0xa, 0x400000000001, 0x0) sendto$inet6(r0, &(0x7f0000e77fff), 0xfffffffffffffdc2, 0x0, &(0x7f00008d4fe4)={0xa, 0x0, 0x0, @loopback}, 0xfffffffffffffe04) [ 183.950952] ? kasan_unpoison_shadow+0x35/0x50 [ 183.955661] ? check_same_owner+0x340/0x340 [ 183.960004] ? lock_downgrade+0x8f0/0x8f0 [ 183.964171] ? rcu_note_context_switch+0x730/0x730 [ 183.969123] __should_failslab+0x124/0x180 [ 183.973405] should_failslab+0x9/0x14 [ 183.977230] kmem_cache_alloc_node_trace+0x26f/0x770 [ 183.982350] ? kasan_kmalloc+0xc4/0xe0 [ 183.986258] __kmalloc_node_track_caller+0x33/0x70 [ 183.991212] __kmalloc_reserve.isra.41+0x3a/0xe0 [ 183.995988] __alloc_skb+0x155/0x770 [ 183.999729] ? skb_scrub_packet+0x490/0x490 [ 184.004336] ? atomic_notifier_call_chain+0xf1/0x190 [ 184.009464] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 184.015018] ? call_fib_notifiers+0x6f/0x90 [ 184.019374] ? call_fib4_notifiers+0x9c/0x110 [ 184.023886] ? call_fib_entry_notifiers+0x2f1/0x500 [ 184.028914] ? kasan_kmalloc+0xc4/0xe0 [ 184.032823] rtmsg_fib+0x1f8/0x4d0 [ 184.036388] fib_table_insert+0x7a8/0x17a0 [ 184.040647] ? fib_table_lookup+0x24a0/0x24a0 [ 184.045164] ? trace_hardirqs_on+0xd/0x10 [ 184.049341] ? kasan_unpoison_shadow+0x35/0x50 [ 184.053947] ? kasan_kmalloc+0xc4/0xe0 [ 184.057848] fib_magic.isra.22+0x66b/0x890 [ 184.062083] ? fib_new_table+0x490/0x490 [ 184.066140] ? lock_acquire+0x1e4/0x540 [ 184.070173] ? blocking_notifier_call_chain+0x129/0x190 [ 184.075554] fib_add_ifaddr+0x45c/0x500 [ 184.079537] fib_inetaddr_event+0x172/0x222 [ 184.083864] notifier_call_chain+0x180/0x390 [ 184.088284] ? unregister_die_notifier+0x20/0x20 [ 184.093055] ? __x64_sys_ioctl+0x73/0xb0 [ 184.097131] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 184.102591] blocking_notifier_call_chain+0x147/0x190 [ 184.107808] ? srcu_init_notifier_head+0xa0/0xa0 [ 184.112582] ? rtmsg_ifa+0x14e/0x1e0 [ 184.116314] __inet_insert_ifa+0x858/0xba0 [ 184.120574] ? refcount_add_not_zero_checked+0x330/0x330 [ 184.126058] ? __inet_del_ifa+0xbd0/0xbd0 [ 184.130251] ? rtnl_is_locked+0xb5/0xf0 [ 184.134250] ? rtnl_trylock+0x20/0x20 [ 184.138072] devinet_ioctl+0x1460/0x1d90 [ 184.142153] ? inet_ifa_byprefix+0x240/0x240 [ 184.146580] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 184.152132] inet_ioctl+0x18b/0x360 [ 184.155754] ? inet_stream_connect+0xa0/0xa0 [ 184.160250] ? _parse_integer+0x190/0x190 [ 184.164400] ? lock_release+0xa30/0xa30 [ 184.168372] ? check_same_owner+0x340/0x340 [ 184.172693] ? __check_object_size+0xa3/0x5d7 [ 184.177190] sock_do_ioctl+0xe4/0x3e0 [ 184.180998] ? __fget+0x4ac/0x740 [ 184.184450] ? compat_ifr_data_ioctl+0x170/0x170 [ 184.189209] ? lock_release+0xa30/0xa30 [ 184.194188] ? pid_task+0x115/0x200 [ 184.197822] ? find_vpid+0xf0/0xf0 [ 184.201362] ? __f_unlock_pos+0x19/0x20 [ 184.205331] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 184.210537] sock_ioctl+0x30d/0x680 [ 184.214166] ? dlci_ioctl_set+0x40/0x40 [ 184.218135] ? ksys_dup3+0x690/0x690 [ 184.221863] ? kasan_check_write+0x14/0x20 [ 184.226095] ? __mutex_unlock_slowpath+0x197/0x8c0 [ 184.231043] ? fsnotify+0xbac/0x14e0 [ 184.234756] ? vfs_write+0x2f3/0x560 [ 184.238476] ? dlci_ioctl_set+0x40/0x40 [ 184.242454] do_vfs_ioctl+0x1de/0x1720 [ 184.246339] ? fsnotify_first_mark+0x350/0x350 [ 184.250935] ? __fsnotify_parent+0xcc/0x420 [ 184.255272] ? ioctl_preallocate+0x300/0x300 [ 184.259703] ? __fget_light+0x2f7/0x440 [ 184.263689] ? fget_raw+0x20/0x20 [ 184.267143] ? __sb_end_write+0xac/0xe0 [ 184.271134] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 184.276682] ? fput+0x130/0x1a0 [ 184.279966] ? ksys_write+0x1ae/0x260 [ 184.283761] ? security_file_ioctl+0x94/0xc0 [ 184.288161] ksys_ioctl+0xa9/0xd0 [ 184.291615] __x64_sys_ioctl+0x73/0xb0 [ 184.295648] do_syscall_64+0x1b9/0x820 [ 184.299541] ? syscall_return_slowpath+0x5e0/0x5e0 [ 184.304478] ? syscall_return_slowpath+0x31d/0x5e0 [ 184.309406] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 184.314424] ? prepare_exit_to_usermode+0x291/0x3b0 [ 184.319451] ? perf_trace_sys_enter+0xb10/0xb10 [ 184.324141] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 184.328993] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 184.334182] RIP: 0033:0x455ab9 [ 184.337357] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 184.356504] RSP: 002b:00007f2865266c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 184.364236] RAX: ffffffffffffffda RBX: 00007f28652676d4 RCX: 0000000000455ab9 [ 184.371528] RDX: 0000000020000000 RSI: 0000000000008916 RDI: 0000000000000013 [ 184.378889] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 184.386158] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000014 [ 184.393512] R13: 00000000004bfc03 R14: 00000000004cf4d8 R15: 000000000000001f [ 184.520046] FAULT_INJECTION: forcing a failure. [ 184.520046] name fail_page_alloc, interval 1, probability 0, space 0, times 1 [ 184.531926] CPU: 1 PID: 10159 Comm: syz-executor5 Not tainted 4.18.0-rc5-next-20180720+ #12 [ 184.540403] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 184.549808] Call Trace: [ 184.552410] dump_stack+0x1c9/0x2b4 [ 184.556031] ? dump_stack_print_info.cold.2+0x52/0x52 [ 184.561217] ? trace_hardirqs_on+0x10/0x10 [ 184.565447] should_fail.cold.4+0xa/0x11 [ 184.569588] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 184.574688] ? __handle_mm_fault+0x2a96/0x44a0 [ 184.579269] ? lock_downgrade+0x8f0/0x8f0 [ 184.583427] ? trace_hardirqs_on+0x10/0x10 [ 184.587653] ? pte_val+0x100/0x100 [ 184.591180] ? kasan_check_write+0x14/0x20 [ 184.595661] ? do_raw_spin_lock+0xc1/0x200 [ 184.599893] ? _raw_spin_unlock+0x22/0x30 [ 184.604035] ? __handle_mm_fault+0x976/0x44a0 [ 184.608540] ? vmf_insert_mixed_mkwrite+0xa0/0xa0 [ 184.613381] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 184.618923] ? should_fail+0x246/0xd86 [ 184.622821] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 184.627920] __alloc_pages_nodemask+0x36e/0xdb0 [ 184.632583] ? __alloc_pages_slowpath+0x2d00/0x2d00 [ 184.637597] ? __do_page_fault+0x664/0xe50 [ 184.641827] ? lock_downgrade+0x8f0/0x8f0 [ 184.645991] ? lock_acquire+0x1e4/0x540 [ 184.649966] ? fs_reclaim_acquire+0x20/0x20 [ 184.654282] ? lock_downgrade+0x8f0/0x8f0 [ 184.658423] ? lock_release+0xa30/0xa30 [ 184.662395] ? check_same_owner+0x340/0x340 [ 184.666706] ? __do_page_fault+0x449/0xe50 [ 184.670950] cache_grow_begin+0x91/0x710 [ 184.675012] kmem_cache_alloc+0x689/0x760 [ 184.679164] ? do_page_fault+0xf6/0x8c0 [ 184.683129] getname_flags+0xd0/0x5a0 [ 184.686924] ? fs_reclaim_acquire+0x20/0x20 [ 184.691253] user_path_at_empty+0x2d/0x50 [ 184.695394] do_mount+0x17f/0x1e20 [ 184.698920] ? check_same_owner+0x340/0x340 [ 184.703233] ? copy_mount_string+0x40/0x40 [ 184.707461] ? retint_kernel+0x10/0x10 [ 184.711345] ? copy_mount_options+0x1f0/0x380 [ 184.715845] ? copy_mount_options+0x1fa/0x380 [ 184.720332] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 184.725859] ? copy_mount_options+0x285/0x380 [ 184.730345] ksys_mount+0x12d/0x140 [ 184.733971] __x64_sys_mount+0xbe/0x150 [ 184.737946] do_syscall_64+0x1b9/0x820 [ 184.741827] ? syscall_return_slowpath+0x5e0/0x5e0 [ 184.746768] ? syscall_return_slowpath+0x31d/0x5e0 [ 184.751689] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 184.756733] ? prepare_exit_to_usermode+0x291/0x3b0 [ 184.761756] ? perf_trace_sys_enter+0xb10/0xb10 [ 184.766420] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 184.771277] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 184.776456] RIP: 0033:0x455ab9 [ 184.779629] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 184.798810] RSP: 002b:00007f9b4e0a1c68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 184.806524] RAX: ffffffffffffffda RBX: 00007f9b4e0a26d4 RCX: 0000000000455ab9 [ 184.813784] RDX: 0000000020000140 RSI: 0000000020000640 RDI: 0000000020000100 [ 184.821042] RBP: 000000000072bf50 R08: 00000000200001c0 R09: 0000000000000000 [ 184.828313] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000015 [ 184.835584] R13: 00000000004c01fb R14: 00000000004cfe38 R15: 0000000000000004 20:43:03 executing program 4: preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000080)=""/148, 0x289}], 0x1, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/arp\x00') preadv(r0, &(0x7f0000000480), 0x10000000000002a1, 0x10400003) ioctl$TUNGETSNDBUF(0xffffffffffffffff, 0x800454d3, &(0x7f0000000000)) ioctl$PERF_EVENT_IOC_RESET(0xffffffffffffffff, 0x2403, 0x5) fcntl$setown(r0, 0x8, 0x0) r1 = epoll_create1(0x80006) r2 = socket(0x1d, 0x0, 0x1116) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r2, &(0x7f0000000000)={0xfffffffe8000201f}) setsockopt$inet_udp_int(r2, 0x11, 0x0, &(0x7f0000000100)=0x7, 0x4) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r1, &(0x7f0000000540)={0x20000003}) ioctl$sock_netdev_private(r3, 0x89f0, &(0x7f0000000480)="dd6c4aae95babf1ba2cec8b824c3d8fd5e5e2a57f332e1c96456a1d00ea4ce51a18b3bfae24dc491ada880e92ffe5376d59852e5ee1b2cde661cadfb31d0a597bb36b5180ca4958e224ea71a6b099d1592d459f4f498fce378ebf9ec4774f407b189a23bfebadf74943b2858f72fd422c838df1af095ff") ioctl$BLKSECDISCARD(r3, 0x127d, &(0x7f0000000300)=0x6bb) r5 = perf_event_open(&(0x7f0000000140)={0x2, 0xb1, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) fcntl$getown(r5, 0x9) r6 = mq_open(&(0x7f00005a1ffb)='eth0\x00', 0x42, 0x0, &(0x7f0000000000)={0x0, 0x6, 0x4}) mq_notify(r6, &(0x7f0000000140)={0x0, 0x2e, 0x1, @thr={&(0x7f0000000040)="7be4d6b00202ca53878499e01146863a2e7c8ca45e1910e5eba6453bb6f234b5a1b1bca731970a74bfc8e1793749ea18156c9b8a615bfa2f506fcf44060d36e38f66f111149434d5139e416358ea33f34b4507cdc299f7868d5f186e6bd604", &(0x7f00000000c0)="3c5d8da40d1477844fc4c160b6004a90edc520a6935a49cf5da4c2b525d13146ed27d429c762a4b0e9aaed82555cd1ae800d"}}) r7 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rtc0\x00', 0x101004, 0x0) preadv(r7, &(0x7f0000000440)=[{&(0x7f0000000340)=""/249, 0xf9}], 0x1, 0x0) pipe2(&(0x7f0000000580)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) ioctl$SG_GET_PACK_ID(r8, 0x227c, &(0x7f00000005c0)) ppoll(&(0x7f00000001c0)=[{r6, 0x8000}, {r7, 0x420}], 0x2, &(0x7f0000000200)={0x77359400}, &(0x7f0000000240)={0x9}, 0x8) mq_timedsend(r6, &(0x7f00000e6000), 0x0, 0xe7, &(0x7f0000e0b000)) getsockopt$inet_udp_int(r3, 0x11, 0x1, &(0x7f0000000280), &(0x7f0000000640)=0x4) write$eventfd(r4, &(0x7f00000002c0)=0x43, 0x8) setsockopt$inet_mreq(r2, 0x0, 0x23, &(0x7f0000000500)={@local, @rand_addr=0x800}, 0x8) syz_genetlink_get_family_id$team(&(0x7f0000000780)='team\x00') 20:43:03 executing program 7: sendto$inet(0xffffffffffffffff, &(0x7f0000000140), 0xfffffe6e, 0x0, &(0x7f0000deaff0), 0x10) madvise(&(0x7f0000fef000/0xe000)=nil, 0xe000, 0xa) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f00000001c0), 0xfffffef3) read(r0, &(0x7f0000000200)=""/250, 0x50c7e3e3) r2 = openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0) pread64(r2, &(0x7f0000002640)=""/207, 0xfffffede, 0x0) 20:43:03 executing program 6: r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f00000005c0)=0x1, 0x4) r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000003200)='/dev/sequencer2\x00', 0x100, 0x0) setsockopt$IP_VS_SO_SET_TIMEOUT(r1, 0x0, 0x48a, &(0x7f0000003240)={0x0, 0x2d3, 0x80000000}, 0xc) connect$inet6(r0, &(0x7f0000000240)={0xa, 0x0, 0x0, @local}, 0x1c) 20:43:03 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x800) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008fd0)={0x0, 0x0, &(0x7f0000003fe8), 0x0, 0x0, &(0x7f0000009000)}) ioctl$BINDER_WRITE_READ(r0, 0xc018620b, &(0x7f000000dfd0)={0x0, 0x0, &(0x7f000000dfac), 0x1, 0x0, &(0x7f000000df36)="12"}) 20:43:03 executing program 0 (fault-call:2 fault-nth:32): r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCSIFADDR(r0, 0x8916, &(0x7f00000000c0)={'bond_slave_0\x00'}) ioctl$sock_inet_SIOCSIFADDR(r0, 0x8916, &(0x7f0000000000)={'bond_slave_0\x00', {0x2, 0x0, @local}}) 20:43:03 executing program 2: r0 = socket$inet(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000000140)={0x2, 0x4e20, @multicast1}, 0x10) connect$inet(r0, &(0x7f0000000080)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0xb}}, 0x10) write$binfmt_script(r0, &(0x7f00000002c0)=ANY=[@ANYBLOB="021c07529fed18237b70837be640ba"], 0xf) sendto$inet(r0, &(0x7f0000000040)='Y', 0x1, 0x0, &(0x7f0000000180)={0x2, 0x0, @multicast2}, 0x10) r1 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000000)={'lo\x00'}) syncfs(0xffffffffffffffff) fadvise64(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f00000000c0)={'lo\x00', 0x101}) read(r0, &(0x7f00000001c0)=""/244, 0xf4) close(r0) 20:43:03 executing program 3: r0 = socket$inet(0x2, 0x2, 0x0) connect$inet(r0, &(0x7f0000000000)={0x2, 0x0, @remote}, 0x10) bind$inet(r0, &(0x7f0000eed000)={0x2, 0x0, @loopback}, 0x10) 20:43:03 executing program 5 (fault-call:7 fault-nth:5): mkdir(&(0x7f000082f000)='./control\x00', 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x1032, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000e4c000)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0) write$sndseq(r1, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) mount(&(0x7f0000000100)='./control\x00', &(0x7f0000000640)='./control/file0\x00', &(0x7f0000000140)='proc\x00', 0x0, &(0x7f00000001c0)) lchown(&(0x7f0000000040)='./control/file0\x00', 0x0, 0x0) close(r0) 20:43:03 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x800) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008fd0)={0x0, 0x0, &(0x7f0000003fe8), 0x0, 0x0, &(0x7f0000009000)}) ioctl$BINDER_WRITE_READ(r0, 0x5450, &(0x7f000000dfd0)={0x0, 0x0, &(0x7f000000dfac), 0x1, 0x0, &(0x7f000000df36)="12"}) 20:43:03 executing program 3: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000140)='./cgroup.cpu\x00', 0x200002, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ioctl$FS_IOC_RESVSP(r1, 0x402c5828, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x6}) write$P9_RXATTRWALK(r1, &(0x7f0000000040)={0xf}, 0xffffffffffffff8f) lseek(r1, 0x0, 0x4) fcntl$F_GET_FILE_RW_HINT(r0, 0x40d, &(0x7f00000000c0)) ioctl$sock_FIOGETOWN(r1, 0x8903, &(0x7f0000000000)) 20:43:03 executing program 6: syz_open_dev$midi(&(0x7f0000000040)='/dev/midi#\x00', 0x9, 0x101000) r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_int(r0, 0x29, 0x1000000000020, &(0x7f0000000000)=0xcf, 0x4) connect$inet6(r0, &(0x7f0000000240)={0xa, 0x0, 0x0, @local}, 0x1c) 20:43:03 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x800) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008fd0)={0x0, 0x0, &(0x7f0000003fe8), 0x0, 0x0, &(0x7f0000009000)}) ioctl$BINDER_WRITE_READ(r0, 0x10, &(0x7f000000dfd0)={0x0, 0x0, &(0x7f000000dfac), 0x1, 0x0, &(0x7f000000df36)="12"}) 20:43:03 executing program 3: r0 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r0, &(0x7f0000f61fe4)={0xa, 0x4e20, 0x0, @ipv4={[], [], @broadcast}}, 0x1c) r1 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r1, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @ipv4}, 0x1c) 20:43:03 executing program 6: r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f00000005c0)=0x1, 0x4) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dsp\x00', 0x100, 0x0) accept$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @local}, &(0x7f0000000140)=0x14) sendto$packet(r1, &(0x7f0000000080)="7577d80f000f6098475363d6e65dea2fea47921e93c72170ef3abbb17ea23f25a61fc2ec3eb7923b25fe17372d1a71829a8820bcea347b0c5973dd833aa314af155358b7888181eb34f67d39358616293d3df8f1fcceb210a06b7813b2ee535c72fc3b8947a5f56176bb371d", 0x6c, 0x4048080, &(0x7f0000000180)={0x11, 0xd, r2, 0x1, 0x4, 0x6, @broadcast}, 0x14) connect$inet6(r0, &(0x7f0000000240)={0xa, 0x0, 0x0, @local}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e22, 0xeaad, @remote, 0x1a7b}, 0x1c) 20:43:03 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x800) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008fd0)={0x0, 0x0, &(0x7f0000003fe8), 0x0, 0x0, &(0x7f0000009000)}) ioctl$BINDER_WRITE_READ(r0, 0x40046205, &(0x7f000000dfd0)={0x0, 0x0, &(0x7f000000dfac), 0x1, 0x0, &(0x7f000000df36)="12"}) [ 185.167722] binder: 10200:10201 ioctl 10 2000dfd0 returned -22 [ 185.176339] binder: 10200:10202 ioctl 10 2000dfd0 returned -22 20:43:03 executing program 3: r0 = socket$key(0xf, 0x3, 0x2) bind$packet(r0, &(0x7f0000000340)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, 0x14) [ 185.338807] FAULT_INJECTION: forcing a failure. [ 185.338807] name failslab, interval 1, probability 0, space 0, times 0 [ 185.350146] CPU: 0 PID: 10169 Comm: syz-executor0 Not tainted 4.18.0-rc5-next-20180720+ #12 [ 185.358656] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 185.368006] Call Trace: [ 185.370615] dump_stack+0x1c9/0x2b4 [ 185.374265] ? dump_stack_print_info.cold.2+0x52/0x52 [ 185.379467] ? lock_acquire+0x1e4/0x540 [ 185.383452] should_fail.cold.4+0xa/0x11 [ 185.387546] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 185.392682] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 185.397297] ? kasan_check_write+0x14/0x20 [ 185.401545] ? trace_hardirqs_on+0xd/0x10 [ 185.405719] ? debug_object_active_state+0x2f5/0x4d0 [ 185.410856] ? kasan_check_read+0x11/0x20 [ 185.415032] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 185.420075] ? bpf_prog_kallsyms_find+0xde/0x4c0 [ 185.424841] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 185.429872] ? lock_acquire+0x1e4/0x540 [ 185.433867] ? is_bpf_text_address+0xae/0x170 [ 185.438400] __should_failslab+0x124/0x180 [ 185.442648] should_failslab+0x9/0x14 [ 185.446482] kmem_cache_alloc_node_trace+0x5a/0x770 [ 185.451506] ? kasan_check_read+0x11/0x20 [ 185.455671] ? rcu_is_watching+0x8c/0x150 [ 185.459841] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 185.464860] __kmalloc_node_track_caller+0x33/0x70 [ 185.469808] __kmalloc_reserve.isra.41+0x3a/0xe0 [ 185.474579] pskb_expand_head+0x230/0x10e0 [ 185.478857] ? rtnetlink_put_metrics+0x3a8/0x690 [ 185.483636] ? __pskb_copy_fclone+0xeb0/0xeb0 [ 185.488156] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 185.493177] ? skb_put+0x17b/0x1e0 [ 185.496729] ? memset+0x31/0x40 [ 185.500009] ? memcpy+0x45/0x50 [ 185.503305] ? __nla_put+0x37/0x40 [ 185.506863] ? nla_put+0x11a/0x150 [ 185.510402] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 185.515937] ? fib_dump_info+0x950/0x1bc0 [ 185.520092] netlink_trim+0x2ea/0x380 [ 185.523892] ? netlink_skb_destructor+0x210/0x210 [ 185.528741] ? kasan_unpoison_shadow+0x35/0x50 [ 185.533317] ? kasan_kmalloc+0xc4/0xe0 [ 185.537205] netlink_broadcast_filtered+0x105/0x1620 [ 185.542307] ? kasan_unpoison_shadow+0x35/0x50 [ 185.546888] ? kasan_kmalloc+0xc4/0xe0 [ 185.550776] ? __netlink_sendskb+0xd0/0xd0 [ 185.555020] ? __kmalloc_node_track_caller+0x47/0x70 [ 185.560148] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 185.565705] ? __alloc_skb+0x4c6/0x770 [ 185.569599] ? skb_scrub_packet+0x490/0x490 [ 185.573943] ? atomic_notifier_call_chain+0xf1/0x190 [ 185.579064] nlmsg_notify+0xa0/0x1a0 [ 185.582813] rtnl_notify+0xce/0xf0 [ 185.586368] rtmsg_fib+0x369/0x4d0 [ 185.589937] fib_table_insert+0x7a8/0x17a0 [ 185.594199] ? fib_table_lookup+0x24a0/0x24a0 [ 185.598708] ? trace_hardirqs_on+0xd/0x10 [ 185.602854] ? kasan_unpoison_shadow+0x35/0x50 [ 185.607435] ? kasan_kmalloc+0xc4/0xe0 [ 185.611513] fib_magic.isra.22+0x66b/0x890 [ 185.615765] ? fib_new_table+0x490/0x490 [ 185.619838] ? lock_acquire+0x1e4/0x540 [ 185.623820] ? blocking_notifier_call_chain+0x129/0x190 [ 185.629186] fib_add_ifaddr+0x45c/0x500 [ 185.633191] fib_inetaddr_event+0x172/0x222 [ 185.637520] notifier_call_chain+0x180/0x390 [ 185.641932] ? unregister_die_notifier+0x20/0x20 [ 185.646695] ? __x64_sys_ioctl+0x73/0xb0 [ 185.650764] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 185.656142] blocking_notifier_call_chain+0x147/0x190 [ 185.661345] ? srcu_init_notifier_head+0xa0/0xa0 [ 185.666126] ? rtmsg_ifa+0x14e/0x1e0 [ 185.669850] __inet_insert_ifa+0x858/0xba0 [ 185.674100] ? refcount_add_not_zero_checked+0x330/0x330 [ 185.679562] ? __inet_del_ifa+0xbd0/0xbd0 [ 185.683721] ? rtnl_is_locked+0xb5/0xf0 [ 185.687699] ? rtnl_trylock+0x20/0x20 [ 185.691510] devinet_ioctl+0x1460/0x1d90 [ 185.695586] ? inet_ifa_byprefix+0x240/0x240 [ 185.700004] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 185.705560] inet_ioctl+0x18b/0x360 [ 185.709192] ? inet_stream_connect+0xa0/0xa0 [ 185.713594] ? _parse_integer+0x190/0x190 [ 185.717748] ? lock_release+0xa30/0xa30 [ 185.721725] ? check_same_owner+0x340/0x340 [ 185.726057] ? __check_object_size+0xa3/0x5d7 [ 185.730570] sock_do_ioctl+0xe4/0x3e0 [ 185.734375] ? __fget+0x4ac/0x740 [ 185.737851] ? compat_ifr_data_ioctl+0x170/0x170 [ 185.742602] ? lock_release+0xa30/0xa30 [ 185.746571] ? pid_task+0x115/0x200 [ 185.750204] ? find_vpid+0xf0/0xf0 [ 185.753739] ? __f_unlock_pos+0x19/0x20 [ 185.757720] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 185.762944] sock_ioctl+0x30d/0x680 [ 185.766575] ? dlci_ioctl_set+0x40/0x40 [ 185.770542] ? ksys_dup3+0x690/0x690 [ 185.774259] ? kasan_check_write+0x14/0x20 [ 185.778518] ? __mutex_unlock_slowpath+0x197/0x8c0 [ 185.783461] ? fsnotify+0xbac/0x14e0 [ 185.787192] ? vfs_write+0x2f3/0x560 [ 185.790907] ? dlci_ioctl_set+0x40/0x40 [ 185.794882] do_vfs_ioctl+0x1de/0x1720 [ 185.798793] ? fsnotify_first_mark+0x350/0x350 [ 185.803386] ? __fsnotify_parent+0xcc/0x420 [ 185.807731] ? ioctl_preallocate+0x300/0x300 [ 185.812165] ? __fget_light+0x2f7/0x440 [ 185.816174] ? fget_raw+0x20/0x20 [ 185.819639] ? __sb_end_write+0xac/0xe0 [ 185.823616] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 185.829171] ? fput+0x130/0x1a0 [ 185.832451] ? ksys_write+0x1ae/0x260 [ 185.836256] ? security_file_ioctl+0x94/0xc0 [ 185.840664] ksys_ioctl+0xa9/0xd0 [ 185.844125] __x64_sys_ioctl+0x73/0xb0 [ 185.848024] do_syscall_64+0x1b9/0x820 [ 185.850837] FAULT_INJECTION: forcing a failure. [ 185.850837] name failslab, interval 1, probability 0, space 0, times 0 [ 185.851921] ? finish_task_switch+0x1d3/0x870 [ 185.851938] ? syscall_return_slowpath+0x5e0/0x5e0 [ 185.851952] ? syscall_return_slowpath+0x31d/0x5e0 [ 185.851964] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 185.851988] ? prepare_exit_to_usermode+0x291/0x3b0 [ 185.887510] ? perf_trace_sys_enter+0xb10/0xb10 [ 185.892180] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 185.897038] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 185.902223] RIP: 0033:0x455ab9 [ 185.905401] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 185.924620] RSP: 002b:00007f2865266c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 185.932332] RAX: ffffffffffffffda RBX: 00007f28652676d4 RCX: 0000000000455ab9 [ 185.939610] RDX: 0000000020000000 RSI: 0000000000008916 RDI: 0000000000000013 [ 185.946895] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 185.954161] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000014 [ 185.961420] R13: 00000000004bfc03 R14: 00000000004cf4d8 R15: 0000000000000020 [ 185.968694] CPU: 1 PID: 10223 Comm: syz-executor5 Not tainted 4.18.0-rc5-next-20180720+ #12 [ 185.977194] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 185.986547] Call Trace: [ 185.989130] dump_stack+0x1c9/0x2b4 [ 185.992763] ? dump_stack_print_info.cold.2+0x52/0x52 [ 185.997943] ? filename_lookup+0x397/0x510 [ 186.002165] ? user_path_at_empty+0x40/0x50 [ 186.006559] ? do_mount+0x17f/0x1e20 [ 186.010259] ? ksys_mount+0x12d/0x140 [ 186.014224] ? do_syscall_64+0x1b9/0x820 [ 186.018286] should_fail.cold.4+0xa/0x11 [ 186.022337] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 186.028734] ? kasan_check_write+0x14/0x20 [ 186.032959] ? do_raw_spin_lock+0xc1/0x200 [ 186.037192] ? _raw_spin_unlock_irqrestore+0x63/0xc0 [ 186.042287] ? debug_check_no_obj_freed+0x30b/0x595 [ 186.047296] ? trace_hardirqs_off+0xd/0x10 [ 186.051535] ? quarantine_put+0x10d/0x1b0 [ 186.055675] ? lock_acquire+0x1e4/0x540 [ 186.059647] ? fs_reclaim_acquire+0x20/0x20 [ 186.063975] ? lock_downgrade+0x8f0/0x8f0 [ 186.068133] ? check_same_owner+0x340/0x340 [ 186.072446] ? lock_downgrade+0x8f0/0x8f0 [ 186.076582] ? rcu_note_context_switch+0x730/0x730 [ 186.081606] __should_failslab+0x124/0x180 [ 186.085836] should_failslab+0x9/0x14 [ 186.089625] kmem_cache_alloc_trace+0x2cb/0x780 [ 186.094303] ? kasan_check_write+0x14/0x20 [ 186.098525] ? do_raw_read_unlock+0x3f/0x60 [ 186.102834] vfs_new_fs_context+0x5a/0x6d0 [ 186.107072] do_mount+0x605/0x1e20 [ 186.110600] ? do_raw_spin_unlock+0xa7/0x2f0 [ 186.115000] ? copy_mount_string+0x40/0x40 [ 186.119228] ? __do_page_fault+0x449/0xe50 [ 186.124068] ? retint_kernel+0x10/0x10 [ 186.127947] ? copy_mount_options+0x1f0/0x380 [ 186.132436] ? copy_mount_options+0x200/0x380 [ 186.136939] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 186.142473] ? copy_mount_options+0x285/0x380 [ 186.146975] ksys_mount+0x12d/0x140 [ 186.150593] __x64_sys_mount+0xbe/0x150 [ 186.154559] do_syscall_64+0x1b9/0x820 [ 186.158434] ? syscall_slow_exit_work+0x500/0x500 [ 186.163359] ? syscall_return_slowpath+0x5e0/0x5e0 [ 186.168279] ? syscall_return_slowpath+0x31d/0x5e0 [ 186.173198] ? prepare_exit_to_usermode+0x291/0x3b0 [ 186.178201] ? perf_trace_sys_enter+0xb10/0xb10 [ 186.182861] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 186.187698] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 186.192882] RIP: 0033:0x455ab9 [ 186.196055] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 186.215241] RSP: 002b:00007f9b4e0a1c68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 186.222955] RAX: ffffffffffffffda RBX: 00007f9b4e0a26d4 RCX: 0000000000455ab9 [ 186.230226] RDX: 0000000020000140 RSI: 0000000020000640 RDI: 0000000020000100 [ 186.237486] RBP: 000000000072bf50 R08: 00000000200001c0 R09: 0000000000000000 [ 186.244743] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000015 [ 186.252017] R13: 00000000004c01fb R14: 00000000004cfe38 R15: 0000000000000005 [ 186.262989] device lo entered promiscuous mode 20:43:05 executing program 4: preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000080)=""/148, 0x289}], 0x1, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/arp\x00') preadv(r0, &(0x7f0000000480), 0x10000000000002a1, 0x10400003) ioctl$TUNGETSNDBUF(0xffffffffffffffff, 0x800454d3, &(0x7f0000000000)) ioctl$PERF_EVENT_IOC_RESET(0xffffffffffffffff, 0x2403, 0x5) fcntl$setown(r0, 0x8, 0x0) r1 = epoll_create1(0x80006) r2 = socket(0x1d, 0x0, 0x1116) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r2, &(0x7f0000000000)={0xfffffffe8000201f}) setsockopt$inet_udp_int(r2, 0x11, 0x6f, &(0x7f0000000100), 0x4) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r1, &(0x7f0000000540)={0x20000003}) ioctl$sock_netdev_private(r3, 0x89f0, &(0x7f0000000480)="dd6c4aae95babf1ba2cec8b824c3d8fd5e5e2a57f332e1c96456a1d00ea4ce51a18b3bfae24dc491ada880e92ffe5376d59852e5ee1b2cde661cadfb31d0a597bb36b5180ca4958e224ea71a6b099d1592d459f4f498fce378ebf9ec4774f407b189a23bfebadf74943b2858f72fd422c838df1af095ff") ioctl$BLKSECDISCARD(r3, 0x127d, &(0x7f0000000300)=0x6bb) r5 = perf_event_open(&(0x7f0000000140)={0x2, 0xb1, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) fcntl$getown(r5, 0x9) r6 = mq_open(&(0x7f00005a1ffb)='eth0\x00', 0x42, 0x0, &(0x7f0000000000)={0x0, 0x6, 0x4}) mq_notify(r6, &(0x7f0000000140)={0x0, 0x2e, 0x1, @thr={&(0x7f0000000040)="7be4d6b00202ca53878499e01146863a2e7c8ca45e1910e5eba6453bb6f234b5a1b1bca731970a74bfc8e1793749ea18156c9b8a615bfa2f506fcf44060d36e38f66f111149434d5139e416358ea33f34b4507cdc299f7868d5f186e6bd604", &(0x7f00000000c0)="3c5d8da40d1477844fc4c160b6004a90edc520a6935a49cf5da4c2b525d13146ed27d429c762a4b0e9aaed82555cd1ae800d"}}) r7 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rtc0\x00', 0x101004, 0x0) preadv(r7, &(0x7f0000000440)=[{&(0x7f0000000340)=""/249, 0xf9}], 0x1, 0x0) pipe2(&(0x7f0000000580)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) ioctl$SG_GET_PACK_ID(r8, 0x227c, &(0x7f00000005c0)) ppoll(&(0x7f00000001c0)=[{r6, 0x8000}, {r7, 0x420}], 0x2, &(0x7f0000000200)={0x77359400}, &(0x7f0000000240)={0x9}, 0x8) mq_timedsend(r6, &(0x7f00000e6000), 0x0, 0xe7, &(0x7f0000e0b000)) getsockopt$inet_udp_int(r3, 0x11, 0x1, &(0x7f0000000280), &(0x7f0000000640)=0x4) write$eventfd(r4, &(0x7f00000002c0)=0x43, 0x8) setsockopt$inet_mreq(r2, 0x0, 0x23, &(0x7f0000000500)={@local, @rand_addr=0x800}, 0x8) syz_genetlink_get_family_id$team(&(0x7f0000000780)='team\x00') 20:43:05 executing program 6: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)) r0 = socket$inet6(0xa, 0x1, 0x0) ioctl$SNDRV_TIMER_IOCTL_START(r0, 0x54a0) setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f00000005c0)=0x1, 0x4) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @remote}, 0x334) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'syzkaller1\x00', 0x0}) ioctl$sock_inet6_SIOCADDRT(r0, 0x890b, &(0x7f00000001c0)={@empty, @mcast1, @loopback, 0x3d8241da, 0x4, 0x100000000000000, 0x0, 0x1, 0x200, r1}) r2 = syz_open_procfs(0x0, &(0x7f0000000080)='net/ip_mr_cache\x00') accept4$llc(r2, &(0x7f0000000100), &(0x7f0000000140)=0x10, 0x800) mq_unlink(&(0x7f0000000280)='$selinux-.bdevuserwlan0\x00') 20:43:05 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x800) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008fd0)={0x0, 0x0, &(0x7f0000003fe8), 0x0, 0x0, &(0x7f0000009000)}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f000000dfd0)={0x4, 0x0, &(0x7f000000dfac), 0x1, 0x0, &(0x7f000000df36)="12"}) 20:43:05 executing program 3: r0 = socket(0xa, 0x1, 0x0) ioctl$sock_inet_SIOCGIFNETMASK(0xffffffffffffffff, 0x891b, &(0x7f0000000000)={'team_slave_0\x00', {0x2, 0x4e20, @broadcast}}) ioctl(r0, 0x8946, &(0x7f0000000000)) 20:43:05 executing program 2: r0 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_inet6_SIOCADDRT(r0, 0x890b, &(0x7f00000002c0)={@local, @empty, @mcast2, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe}) 20:43:05 executing program 0: r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCSIFADDR(r0, 0x8916, &(0x7f00000000c0)={'bond_slave_0\x00'}) ioctl$sock_inet_SIOCSIFADDR(r0, 0x8916, &(0x7f0000000000)={'bond_slave_0\x00', {0x2, 0x0, @local}}) 20:43:05 executing program 5 (fault-call:7 fault-nth:6): mkdir(&(0x7f000082f000)='./control\x00', 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x1032, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000e4c000)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0) write$sndseq(r1, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) mount(&(0x7f0000000100)='./control\x00', &(0x7f0000000640)='./control/file0\x00', &(0x7f0000000140)='proc\x00', 0x0, &(0x7f00000001c0)) lchown(&(0x7f0000000040)='./control/file0\x00', 0x0, 0x0) close(r0) 20:43:05 executing program 7: r0 = socket$key(0xf, 0x3, 0x2) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f00000001c0), 0xfa) sendmsg$key(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="020b0001760300000000000000000000"], 0x10}}, 0x0) sendmsg$key(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000040)=ANY=[@ANYBLOB="0000000000edffffffffffffff000000"], 0x10}}, 0x0) clock_gettime(0x40000004, &(0x7f0000000440)) r1 = add_key$user(&(0x7f0000000080)='user\x00', &(0x7f00000000c0)={0x73, 0x79, 0x7a, 0x3}, &(0x7f0000000140)="98d69dbfa816571d1e1c18aba8bd29e66c9aa0d48e", 0x15, 0xffffffffffffffff) request_key(&(0x7f0000000500)='encrypted\x00', &(0x7f0000000540), &(0x7f0000000580)='encrypted\x00', r1) 20:43:05 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000000)={'tunl0\x00', &(0x7f0000000080)=@ethtool_gstrings}) 20:43:05 executing program 7: r0 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r0, &(0x7f0000000080)={0xa, 0x0, 0x0, @loopback}, 0x1c) sendmmsg(r0, &(0x7f0000001d80)=[{{&(0x7f0000000000)=@in6={0xa, 0x1, 0x0, @loopback}, 0x80, &(0x7f0000000040), 0x0, &(0x7f0000000b00)}}, {{&(0x7f0000000a80)=@in={0x2, 0x0, @rand_addr}, 0x80, &(0x7f0000001bc0), 0x0, &(0x7f0000000040)}}], 0x2, 0x0) [ 186.460848] binder: 10246:10248 unknown command 0 [ 186.479167] binder: 10246:10248 ioctl c0306201 2000dfd0 returned -22 20:43:05 executing program 3: write(0xffffffffffffffff, &(0x7f00000000c0)="d5067a26e495f04b78", 0x9) r0 = syz_open_dev$binder(&(0x7f0000872936)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x10, 0x0, &(0x7f0000005fd4)=[@acquire, @acquire={0x400c630e}], 0x0, 0x0, &(0x7f00000001c0)}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008fd0)={0x8, 0x0, &(0x7f00000000c0)=[@release={0x400c630f}], 0x0, 0x0, &(0x7f0000000f4d)}) 20:43:05 executing program 2: r0 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_inet6_SIOCADDRT(r0, 0x890b, &(0x7f00000002c0)={@local, @empty, @mcast2, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe}) 20:43:05 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x800) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008fd0)={0x0, 0x0, &(0x7f0000003fe8), 0x0, 0x0, &(0x7f0000009000)}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f000000dfd0)={0x74, 0x0, &(0x7f000000dfac), 0x1, 0x0, &(0x7f000000df36)="12"}) [ 186.510399] binder: 10246:10259 unknown command 0 [ 186.515725] binder: 10246:10259 ioctl c0306201 2000dfd0 returned -22 20:43:05 executing program 6: r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f00000005c0)=0x1, 0x4) connect$inet6(r0, &(0x7f0000000240)={0xa, 0x0, 0x0, @local}, 0x1c) getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(r0, 0x84, 0x6c, &(0x7f0000000000)={0x0, 0x24, "02843c1a2558ea518bf614d9f9cc8678c99bb7b3a8a9fb4228a67e83779c2a018859d35e"}, &(0x7f0000000040)=0x2c) getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r0, 0x84, 0x66, &(0x7f0000000080)={r1, 0x10000}, &(0x7f00000000c0)=0x8) 20:43:05 executing program 7: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=ANY=[@ANYBLOB="020a000007000000000013002d54036205001a00000ce600001000e0c90002000000000000000000000004000000f0fff2ffae2d8485000b00000000"], 0x3c}}, 0x0) sendmmsg(r0, &(0x7f0000000180), 0x20, 0x0) 20:43:05 executing program 2: r0 = socket$inet(0x2, 0x200000002, 0x10000000000) r1 = socket$l2tp(0x18, 0x1, 0x1) connect$l2tp(r1, &(0x7f0000000080)=@pppol2tpv3in6={0x18, 0x1, {0x0, r0, 0x3, 0x0, 0x1, 0x0, {0xa, 0x4e20, 0x5, @mcast2, 0x5}}}, 0x3a) write$binfmt_elf64(r1, &(0x7f0000000240)={{0x7f, 0x45, 0x4c, 0x46, 0x6, 0x2, 0x81, 0xffff, 0x0, 0x2, 0x0, 0xfffffffffffffc01, 0x35a, 0x40, 0x179, 0x0, 0x80000000, 0x38, 0x2, 0x2, 0x8, 0x8}, [{0x6474e555, 0x1, 0x2be6, 0xc00000000000000, 0xfffffffffffffffb, 0x1, 0x2, 0x4}], "49375b07c79c4abf9822ddf6e246059ad4a69b88fb3f63a1afc15127bd5a9cf72125e3eb6985febd869240d44593b1332d23aa1128cbacf87f7fcc68d6fbe2329d"}, 0xb9) sendmmsg(r1, &(0x7f0000004540)=[{{&(0x7f00000000c0)=@ll={0x11, 0x18, 0x0, 0x1, 0xce7, 0x6, @random="f441a726ac43"}, 0x80, &(0x7f0000000200), 0x0, &(0x7f0000000380), 0x0, 0x40000}, 0xd5f}], 0x1, 0x0) [ 186.598292] binder: 10271:10272 BC_CLEAR_DEATH_NOTIFICATION death notification cookie mismatch 0000000000000000 != 0000000000000078 [ 186.607638] binder: 10274:10275 unknown command 0 [ 186.659839] binder: 10274:10275 ioctl c0306201 2000dfd0 returned -22 [ 186.666145] binder: BINDER_SET_CONTEXT_MGR already set [ 186.689675] binder: 10271:10279 ioctl 40046207 0 returned -16 [ 186.698529] binder: 10274:10291 unknown command 0 [ 186.717108] binder: 10274:10291 ioctl c0306201 2000dfd0 returned -22 [ 186.721703] binder: 10271:10287 BC_CLEAR_DEATH_NOTIFICATION death notification cookie mismatch 0000000000000000 != 0000000000000078 [ 187.308356] FAULT_INJECTION: forcing a failure. [ 187.308356] name failslab, interval 1, probability 0, space 0, times 0 [ 187.319692] CPU: 0 PID: 10300 Comm: syz-executor5 Not tainted 4.18.0-rc5-next-20180720+ #12 [ 187.328409] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 187.337772] Call Trace: [ 187.340363] dump_stack+0x1c9/0x2b4 [ 187.343980] ? dump_stack_print_info.cold.2+0x52/0x52 [ 187.349159] ? filename_lookup+0x397/0x510 [ 187.353379] ? user_path_at_empty+0x40/0x50 [ 187.357712] ? do_mount+0x17f/0x1e20 [ 187.361411] ? ksys_mount+0x12d/0x140 [ 187.365207] ? do_syscall_64+0x1b9/0x820 [ 187.369259] should_fail.cold.4+0xa/0x11 [ 187.373312] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 187.378406] ? kasan_check_write+0x14/0x20 [ 187.382629] ? do_raw_spin_lock+0xc1/0x200 [ 187.386863] ? _raw_spin_unlock_irqrestore+0x63/0xc0 [ 187.391960] ? debug_check_no_obj_freed+0x30b/0x595 [ 187.396972] ? trace_hardirqs_off+0xd/0x10 [ 187.401212] ? quarantine_put+0x10d/0x1b0 [ 187.405353] ? lock_acquire+0x1e4/0x540 [ 187.409323] ? fs_reclaim_acquire+0x20/0x20 [ 187.413654] ? lock_downgrade+0x8f0/0x8f0 [ 187.417794] ? check_same_owner+0x340/0x340 [ 187.422102] ? lock_downgrade+0x8f0/0x8f0 [ 187.426241] ? rcu_note_context_switch+0x730/0x730 [ 187.431160] __should_failslab+0x124/0x180 [ 187.435397] should_failslab+0x9/0x14 [ 187.439187] kmem_cache_alloc_trace+0x2cb/0x780 [ 187.443855] ? kasan_check_write+0x14/0x20 [ 187.448076] ? do_raw_read_unlock+0x3f/0x60 [ 187.452388] vfs_new_fs_context+0x5a/0x6d0 [ 187.456612] do_mount+0x605/0x1e20 [ 187.460146] ? copy_mount_string+0x40/0x40 [ 187.464373] ? __do_page_fault+0x449/0xe50 [ 187.468594] ? retint_kernel+0x10/0x10 [ 187.472472] ? copy_mount_options+0x1f0/0x380 [ 187.476973] ? copy_mount_options+0x200/0x380 [ 187.481455] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 187.486981] ? copy_mount_options+0x285/0x380 [ 187.491464] ksys_mount+0x12d/0x140 [ 187.495090] __x64_sys_mount+0xbe/0x150 [ 187.499067] do_syscall_64+0x1b9/0x820 [ 187.502957] ? syscall_return_slowpath+0x5e0/0x5e0 [ 187.507873] ? syscall_return_slowpath+0x31d/0x5e0 [ 187.512804] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 187.517807] ? prepare_exit_to_usermode+0x291/0x3b0 [ 187.522814] ? perf_trace_sys_enter+0xb10/0xb10 [ 187.527474] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 187.532326] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 187.537506] RIP: 0033:0x455ab9 20:43:06 executing program 4: preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000080)=""/148, 0x289}], 0x1, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/arp\x00') preadv(r0, &(0x7f0000000480), 0x10000000000002a1, 0x10400003) ioctl$TUNGETSNDBUF(0xffffffffffffffff, 0x800454d3, &(0x7f0000000000)) ioctl$PERF_EVENT_IOC_RESET(0xffffffffffffffff, 0x2403, 0x5) fcntl$setown(r0, 0x8, 0x0) r1 = epoll_create1(0x80006) r2 = socket(0x1d, 0x0, 0x1116) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r2, &(0x7f0000000000)={0xfffffffe8000201f}) setsockopt$inet_udp_int(r2, 0x11, 0x6f, &(0x7f0000000100)=0x7, 0x4) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r1, &(0x7f0000000540)={0x20000003}) ioctl$sock_netdev_private(r3, 0x89f0, &(0x7f0000000480)="dd6c4aae95babf1ba2cec8b824c3d8fd5e5e2a57f332e1c96456a1d00ea4ce51a18b3bfae24dc491ada880e92ffe5376d59852e5ee1b2cde661cadfb31d0a597bb36b5180ca4958e224ea71a6b099d1592d459f4f498fce378ebf9ec4774f407b189a23bfebadf74943b2858f72fd422c838df1af095ff") ioctl$BLKSECDISCARD(r3, 0x127d, &(0x7f0000000300)=0x6bb) r5 = perf_event_open(&(0x7f0000000140)={0x2, 0xb1, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) fcntl$getown(r5, 0x9) r6 = mq_open(&(0x7f00005a1ffb)='eth0\x00', 0x42, 0x0, &(0x7f0000000000)={0x0, 0x6, 0x4}) mq_notify(r6, &(0x7f0000000140)={0x0, 0x2e, 0x1, @thr={&(0x7f0000000040)="7be4d6b00202ca53878499e01146863a2e7c8ca45e1910e5eba6453bb6f234b5a1b1bca731970a74bfc8e1793749ea18156c9b8a615bfa2f506fcf44060d36e38f66f111149434d5139e416358ea33f34b4507cdc299f7868d5f186e6bd604", &(0x7f00000000c0)="3c5d8da40d1477844fc4c160b6004a90edc520a6935a49cf5da4c2b525d13146ed27d429c762a4b0e9aaed82555cd1ae800d"}}) r7 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rtc0\x00', 0x101004, 0x0) preadv(r7, &(0x7f0000000440)=[{&(0x7f0000000340)=""/249, 0xf9}], 0x1, 0x0) pipe2(&(0x7f0000000580)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) ioctl$SG_GET_PACK_ID(r8, 0x227c, &(0x7f00000005c0)) ppoll(&(0x7f00000001c0)=[{r6, 0x8000}, {r7, 0x420}], 0x2, &(0x7f0000000200)={0x77359400}, &(0x7f0000000240)={0x9}, 0x8) mq_timedsend(r6, &(0x7f00000e6000), 0x0, 0xe7, &(0x7f0000e0b000)) getsockopt$inet_udp_int(r3, 0x11, 0x1, &(0x7f0000000280), &(0x7f0000000640)=0x4) write$eventfd(r4, &(0x7f00000002c0)=0x43, 0x8) setsockopt$inet_mreq(r2, 0x0, 0x23, &(0x7f0000000500)={@local, @rand_addr=0x800}, 0x8) syz_genetlink_get_family_id$team(&(0x7f0000000780)='team\x00') 20:43:06 executing program 7: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xffffffffffffff5c, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f0000000000), 0x0) 20:43:06 executing program 6: r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f00000005c0)=0x1, 0x4) connect$inet6(r0, &(0x7f0000000240)={0xa, 0x0, 0x0, @local}, 0x1c) 20:43:06 executing program 2: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @broadcast}, 0x10) sendto$inet(r0, &(0x7f0000000140), 0x0, 0x200007ff, &(0x7f0000deaff0)={0x2, 0x4e23, @local}, 0x10) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r1, 0x0) accept4(r1, &(0x7f0000000080)=@hci, &(0x7f0000000040)=0xffffffffffffffba, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x13, &(0x7f00000003c0), 0x4) 20:43:06 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x800) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008fd0)={0x0, 0x0, &(0x7f0000003fe8), 0x0, 0x0, &(0x7f0000009000)}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f000000dfd0)={0x300000000000000, 0x0, &(0x7f000000dfac), 0x1, 0x0, &(0x7f000000df36)="12"}) 20:43:06 executing program 3: write(0xffffffffffffffff, &(0x7f00000000c0)="d5067a26e495f04b78", 0x9) r0 = syz_open_dev$binder(&(0x7f0000872936)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x10, 0x0, &(0x7f0000005fd4)=[@acquire, @acquire={0x400c630e}], 0x0, 0x0, &(0x7f00000001c0)}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008fd0)={0x8, 0x0, &(0x7f00000000c0)=[@release={0x400c630f}], 0x0, 0x0, &(0x7f0000000f4d)}) [ 187.540676] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 187.559856] RSP: 002b:00007f9b4e0a1c68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 187.567642] RAX: ffffffffffffffda RBX: 00007f9b4e0a26d4 RCX: 0000000000455ab9 [ 187.574912] RDX: 0000000020000140 RSI: 0000000020000640 RDI: 0000000020000100 [ 187.582168] RBP: 000000000072bf50 R08: 00000000200001c0 R09: 0000000000000000 [ 187.589442] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000015 [ 187.596697] R13: 00000000004c01fb R14: 00000000004cfe38 R15: 0000000000000006 [ 187.634813] binder: 10303:10305 unknown command 0 [ 187.648902] binder: 10308:10312 BC_CLEAR_DEATH_NOTIFICATION death notification cookie mismatch 0000000000000000 != 0000000000000078 [ 187.667123] binder: 10303:10305 ioctl c0306201 2000dfd0 returned -22 20:43:06 executing program 5 (fault-call:7 fault-nth:7): mkdir(&(0x7f000082f000)='./control\x00', 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x1032, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000e4c000)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0) write$sndseq(r1, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) mount(&(0x7f0000000100)='./control\x00', &(0x7f0000000640)='./control/file0\x00', &(0x7f0000000140)='proc\x00', 0x0, &(0x7f00000001c0)) lchown(&(0x7f0000000040)='./control/file0\x00', 0x0, 0x0) close(r0) 20:43:06 executing program 0: r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCSIFADDR(r0, 0x8916, &(0x7f00000000c0)={'bond_slave_0\x00'}) ioctl$sock_inet_SIOCSIFADDR(r0, 0x8914, &(0x7f0000000000)={'bond_slave_0\x00', {0x2, 0x0, @local}}) 20:43:06 executing program 6: r0 = socket$inet6(0xa, 0x1, 0x7d) setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f00000005c0)=0x1, 0x4) connect$inet6(r0, &(0x7f0000000240)={0xa, 0x0, 0x0, @local}, 0x1c) r1 = openat$null(0xffffffffffffff9c, &(0x7f0000000780)='/dev/null\x00', 0x40000, 0x0) setsockopt$bt_BT_RCVMTU(r1, 0x112, 0xd, &(0x7f0000000800)=0x7fff, 0xffffffffffffff48) writev(r0, &(0x7f0000000400)=[{&(0x7f0000000000)="318e25bf7c73b329328d83eb6c54fba3b801f1e353e04265e8ff61ece5c1d83aaeeb8c137afb9459cb569fea38730c48186b845b1f040931fde586a4a12bab841333a5a11a03bcad9c9ce0595b00811c730ffe2751adc67fb8fa0a99db931b5d495c11c7b716de29b85e58be700a94521b769280f4b03d25b72f4c8d442a79d7da2070da8b3de9815d5a5d3f6863cb1a3642330b966f780314dc5e018d249354806643a73908f9c3bf0a80733b095e718320c09aa7d9f267fda5c5003c688a2e073eb1409bfe491f34c9154e3c159d15362a6e81cae68d153eb9ce5a4341b0e720814da550d04fc021958fb1e89edafdeb1b40", 0xf3}, {&(0x7f0000000100)="ec0f8c841907ece13555f5c82f795d9ef029488228d26f07211d50f3", 0x1c}, {&(0x7f0000000140)="3bea35ffd152f91757c16ec4e93dfedcd8fe8b463de141dc9133587216644982bf404f42043a68539c1177eff2ee2ffe36a49e968e6f2d69d9fedd35c03e76c0bc455eaecc9725d1b4834dd4153ba43a4c0b1a95d888670052bff32bf9739d284a245602a3d14f63dc519a282c", 0x6d}, {&(0x7f0000000280)="6a97166d37fcf8f4134c0e1129be19792958d3b6610613ea93daf5570f06d7b178634efe7d64bfa33f5fcbccb3388aa050b490613e821f763ddb30d5c2bb5097a0f900bd901353f3a19d163d5c4db4b2dfa797fec9dc5b03423f5ea5cc3d091d1bbd36e1bdb2e00420f3d66094fcb94520cd7e57a626c587772532d6e657a9d7adc60ecb6232d0", 0x87}, {&(0x7f00000001c0)="78f9d6060e90e08d3aaecc2824abc0c37b9309a65a6b193b588c762c13aa4bc69d", 0x21}, {&(0x7f0000000340)="0a7c9de6a8d71a2631c5c058dd0692bbb24574325a40d1df283916c1e7b64385ece6e223ed2eff226558c8f2d9e0a196d0674f63353d2ff888e0591a103e097ef18c172c878e2d4d7f7ed7ea53e614982dd9e400b1a346b9afcef971399b4f5ee34197f0e28a9b1f9f34e27f98b478b9953df1be1b445c9064fea3f443efda76748215d5d9c910147d355e", 0x8b}], 0x6) sendmsg(r0, &(0x7f0000000a40)={&(0x7f0000000480)=@llc={0x1a, 0x324, 0xf9f, 0x8, 0x100, 0x1}, 0x80, &(0x7f0000000580)=[{&(0x7f0000000500)="258c6be481802636b943aaa329bf037f3c29b12cafe4d18f3e06ae1769b41462fded5ad6771a663045fab32f91476a78697255a0013360d7969a5ee084040e4d42212938f8ec5dedc00f0090301edc85d99a053f198b6acc79a509df80732bfdea8bf8a86ae6535b500ac6a46c", 0x6d}, {&(0x7f0000000600)="60b5a7762de06bac521dadc9eb997bb4165b818b1e286be7809b61e002bfe6c44abc9f1f722ec9dbda7171d1accd682e8bf3048519748b60bfb37b873f86ae922367c0f1f288bdea374c0d4b133e50d2719526862832ae0f624b599791ae79d3b3b27b60a30a5dfb2375a9c73dae8baf275022e5e4a6ed069d5f1cfb0e1de09d99bde68c5ece125c46445587490ef093659d7a2f02e03adc3b56ed8ef8f1", 0x9e}, {&(0x7f0000000200)="b1977d602245889411ca933802b23096b4f7a077b0aa13a475cf9dd27bcba13fb4b3b27dbb14fa3add6e212a89f1", 0x2e}, {&(0x7f00000006c0)="0118637213301487537933b09b3dd2b9c02ce9b92801d448602f006ea65d6d27faa097d1e7fccc6c6fed6c7c69737c2d701db809504e90abdad3763c9c8bc361750e7cb5428f133c467396a79ff1a70c95a3952f58474c16a84417f5e9a81a52dd86142c959e417426a00e415db749051433cb1fab4b394cb99dba0e43f1cb23c47da791d01bc1d4ac1e0251d1ff2533f65ec426a98d8b76", 0x98}], 0x4, &(0x7f0000000a80)=[{0x50, 0x6, 0x401, "a2dcaedf4f326324c4f1f14530943bf7c59e4a612c450e9d0ccd80dfa5e52c4f88844727164fa2151c5cd30b65488d2e3fedccdbdaf186442b8855"}, {0xa0, 0x101, 0x100000001, "2de0716db1ea90b9a5c736da1cbb7dec460bdbb3131c06eeb1cf7f7c1aad0cb0f7775727d360fb3fb0743fde4d97cd3aa8280b01a3daa3986561ed642352c480cbcd5caa769b84e51e87df2a5e778e806bb5c0f1d586a5cde4f53ccbe7641cb675efebd3e0d1772ca400f44eb6ccce2745a43ad7b845a82508859f2b788c534621090eeecca9eec1d1e246ef"}, {0x110, 0x197, 0x3, "8f2cd86cf3d5723bc814f15ae7eeea4cb43b8e77eae24f14750b11631c2eba14265f85d70762d92207c5278805607fae5dc696e133f9c3bec4e4786c7984b642ce1a2c5f3c53b403f9d459dacbf3e436fec01eabce4f48fdb17768b56a9c13c261e2f1682d7fe44f8267a0311df61c3a265c978e73a55779347dd18aadf9ae9a4261f4c0a8194cffa2521f089a6514df45341cf749afedebd4b3ae146258ed8dde25d65caeb913c23c3ad594dcdd55c8fc15e4049b026e946f432b4848164f875d3c92dddb33a27aa6922f12000f971a7cf7542f5a774dcbfc436506906db4fe5dc121376ff5d0fc8d056ad726eb0693307f40c349734f128d79fc"}, {0x138, 0x10e, 0x68, "3d79671200ffea3e5d043b5521356485780e87a70187e0925868c97c430d985103083086b979abe61ccdcbf2b236a04057eec5908f028a538b0e68a3a6b527304e06ddf416d902bb17be38584d5bc879ae5559a54c19efc06699f911013b0a6ec5232416c5023e3b0fb905a99df9078ea9457abe51678094a39287ca3e1d6f38ef97de2e31ea1d29b1dc352ae877da2f4feeb8cee3e07b29ec9f71d8ab54714bee59fe2e2ce086a6ffacf3ce88ced602d696d07e0e5b74927c73ee4abf0a2a85f90f248c34f90fa31226d48971e392a742e492f6b805af3eff8ba96348378bc9ffdb4a16e9a744f86c09c5218c52df8515cfc16aac25881070d243edb46312821e73e33f6fa264cd5fb692e89b708403c08b41e8a9a2f121be654a9ef291000000000000"}, {0x68, 0x107, 0xc30, "06d6d46603e69a039d011b972d6536ca6317c9b471fa6100df44fd0b7e81337bbc7582669398d4f10c6f76d7a5f35c2b9cf20969f51fe2d178ddd374b2b393b098fe288b99cae11386abcf05999a53e3632557dd020b76de"}], 0x3a0, 0x44}, 0x4000840) 20:43:06 executing program 7: syz_emit_ethernet(0x1e, &(0x7f00000000c0)={@empty, @link_local, [], {@generic={0x88ca, "229828eff88d66e6231725066e7d7544"}}}, &(0x7f00000001c0)) 20:43:06 executing program 3: write(0xffffffffffffffff, &(0x7f00000000c0)="d5067a26e495f04b78", 0x9) r0 = syz_open_dev$binder(&(0x7f0000872936)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x10, 0x0, &(0x7f0000005fd4)=[@acquire, @acquire={0x400c630e}], 0x0, 0x0, &(0x7f00000001c0)}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008fd0)={0x8, 0x0, &(0x7f00000000c0)=[@release={0x400c630f}], 0x0, 0x0, &(0x7f0000000f4d)}) [ 187.684591] binder: 10303:10317 unknown command 0 [ 187.717296] binder: 10303:10317 ioctl c0306201 2000dfd0 returned -22 20:43:06 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x800) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008fd0)={0x0, 0x0, &(0x7f0000003fe8), 0x0, 0x0, &(0x7f0000009000)}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f000000dfd0)={0x74000000, 0x0, &(0x7f000000dfac), 0x1, 0x0, &(0x7f000000df36)="12"}) 20:43:06 executing program 7: r0 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @local, 0x3}, 0x1c) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000100)=0x120, 0x36b) connect$inet6(r0, &(0x7f0000000000), 0x1c) write$binfmt_elf32(r0, &(0x7f0000000140)=ANY=[], 0x0) setsockopt$inet6_int(r0, 0x29, 0x4a, &(0x7f0000000080)=0x8000, 0x4) recvmmsg(r0, &(0x7f0000000d80)=[{{0x0, 0x0, &(0x7f0000000c40), 0x0, &(0x7f0000000d00)=""/91, 0x5b}}], 0x1, 0x2000, &(0x7f0000000e40)) [ 187.767567] binder: 10332:10334 BC_CLEAR_DEATH_NOTIFICATION death notification cookie mismatch 0000000000000000 != 0000000000000078 20:43:06 executing program 6: r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f00000005c0)=0x1, 0x4) connect$inet6(r0, &(0x7f0000000240)={0xa, 0x0, 0x0, @local}, 0x1c) 20:43:06 executing program 3: write(0xffffffffffffffff, &(0x7f00000000c0)="d5067a26e495f04b78", 0x9) r0 = syz_open_dev$binder(&(0x7f0000872936)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x10, 0x0, &(0x7f0000005fd4)=[@acquire, @acquire={0x400c630e}], 0x0, 0x0, &(0x7f00000001c0)}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008fd0)={0x8, 0x0, &(0x7f00000000c0)=[@release={0x400c630f}], 0x0, 0x0, &(0x7f0000000f4d)}) [ 187.813710] binder: 10339:10341 unknown command 0 [ 187.832700] binder: 10339:10341 ioctl c0306201 2000dfd0 returned -22 20:43:06 executing program 6: r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f00000005c0)=0x1, 0x4) r1 = syz_open_dev$usbmon(&(0x7f0000000000)='/dev/usbmon#\x00', 0x4010, 0x8000) getsockopt$bt_BT_POWER(r1, 0x112, 0x9, &(0x7f0000000040)=0x2379, &(0x7f0000000080)=0x1) connect$inet6(r0, &(0x7f0000000240)={0xa, 0x0, 0x0, @local}, 0x1c) [ 187.861641] binder: 10339:10350 unknown command 0 [ 187.870621] binder: 10339:10350 ioctl c0306201 2000dfd0 returned -22 [ 187.880730] binder: 10351:10352 BC_CLEAR_DEATH_NOTIFICATION death notification cookie mismatch 0000000000000000 != 0000000000000078 [ 188.525823] FAULT_INJECTION: forcing a failure. [ 188.525823] name failslab, interval 1, probability 0, space 0, times 0 [ 188.537130] CPU: 0 PID: 10366 Comm: syz-executor5 Not tainted 4.18.0-rc5-next-20180720+ #12 [ 188.545628] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 188.554978] Call Trace: [ 188.557565] dump_stack+0x1c9/0x2b4 [ 188.561185] ? dump_stack_print_info.cold.2+0x52/0x52 [ 188.566368] ? kernel_text_address+0x79/0xf0 [ 188.570774] should_fail.cold.4+0xa/0x11 [ 188.574838] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 188.579940] ? save_stack+0xa9/0xd0 [ 188.583561] ? save_stack+0x43/0xd0 [ 188.587192] ? kmem_cache_alloc_trace+0x152/0x780 [ 188.592052] ? vfs_new_fs_context+0x5a/0x6d0 [ 188.596488] ? do_mount+0x605/0x1e20 [ 188.600201] ? ksys_mount+0x12d/0x140 [ 188.604001] ? __x64_sys_mount+0xbe/0x150 [ 188.608172] ? do_syscall_64+0x1b9/0x820 [ 188.612228] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 188.617589] ? trace_hardirqs_off+0xd/0x10 [ 188.621814] ? quarantine_put+0x10d/0x1b0 [ 188.625951] ? lock_acquire+0x1e4/0x540 [ 188.629912] ? fs_reclaim_acquire+0x20/0x20 [ 188.634229] ? lock_downgrade+0x8f0/0x8f0 [ 188.638370] ? check_same_owner+0x340/0x340 [ 188.642699] ? debug_mutex_init+0x2d/0x60 [ 188.646839] ? rcu_note_context_switch+0x730/0x730 [ 188.651764] __should_failslab+0x124/0x180 [ 188.655993] should_failslab+0x9/0x14 [ 188.659811] kmem_cache_alloc_trace+0x2cb/0x780 [ 188.664477] proc_init_fs_context+0x49/0x130 [ 188.668893] ? proc_fill_super+0x630/0x630 [ 188.673126] vfs_new_fs_context+0x2c3/0x6d0 [ 188.677440] do_mount+0x605/0x1e20 [ 188.680972] ? copy_mount_string+0x40/0x40 [ 188.685197] ? __do_page_fault+0x449/0xe50 [ 188.689420] ? retint_kernel+0x10/0x10 [ 188.693309] ? copy_mount_options+0x1f0/0x380 [ 188.697791] ? copy_mount_options+0x200/0x380 [ 188.702274] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 188.707799] ? copy_mount_options+0x285/0x380 [ 188.712289] ksys_mount+0x12d/0x140 [ 188.715907] __x64_sys_mount+0xbe/0x150 [ 188.719974] do_syscall_64+0x1b9/0x820 [ 188.723850] ? finish_task_switch+0x1d3/0x870 [ 188.728331] ? syscall_return_slowpath+0x5e0/0x5e0 [ 188.733249] ? syscall_return_slowpath+0x31d/0x5e0 [ 188.738165] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 188.743176] ? prepare_exit_to_usermode+0x291/0x3b0 [ 188.748189] ? perf_trace_sys_enter+0xb10/0xb10 [ 188.752882] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 188.757729] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 188.762917] RIP: 0033:0x455ab9 [ 188.766102] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 188.785275] RSP: 002b:00007f9b4e0a1c68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 188.792978] RAX: ffffffffffffffda RBX: 00007f9b4e0a26d4 RCX: 0000000000455ab9 [ 188.800247] RDX: 0000000020000140 RSI: 0000000020000640 RDI: 0000000020000100 [ 188.807503] RBP: 000000000072bf50 R08: 00000000200001c0 R09: 0000000000000000 [ 188.814759] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000015 20:43:07 executing program 4: preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000080)=""/148, 0x289}], 0x1, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/arp\x00') preadv(r0, &(0x7f0000000480), 0x10000000000002a1, 0x10400003) ioctl$TUNGETSNDBUF(0xffffffffffffffff, 0x800454d3, &(0x7f0000000000)) ioctl$PERF_EVENT_IOC_RESET(0xffffffffffffffff, 0x2403, 0x5) fcntl$setown(r0, 0x8, 0x0) r1 = epoll_create1(0x80006) r2 = socket(0x1d, 0x0, 0x1116) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r2, &(0x7f0000000000)={0xfffffffe8000201f}) setsockopt$inet_udp_int(r2, 0x11, 0x6f, &(0x7f0000000100)=0x7, 0x4) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, 0xffffffffffffffff, &(0x7f0000000540)={0x20000003}) ioctl$sock_netdev_private(r3, 0x89f0, &(0x7f0000000480)="dd6c4aae95babf1ba2cec8b824c3d8fd5e5e2a57f332e1c96456a1d00ea4ce51a18b3bfae24dc491ada880e92ffe5376d59852e5ee1b2cde661cadfb31d0a597bb36b5180ca4958e224ea71a6b099d1592d459f4f498fce378ebf9ec4774f407b189a23bfebadf74943b2858f72fd422c838df1af095ff") ioctl$BLKSECDISCARD(r3, 0x127d, &(0x7f0000000300)=0x6bb) r5 = perf_event_open(&(0x7f0000000140)={0x2, 0xb1, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) fcntl$getown(r5, 0x9) r6 = mq_open(&(0x7f00005a1ffb)='eth0\x00', 0x42, 0x0, &(0x7f0000000000)={0x0, 0x6, 0x4}) mq_notify(r6, &(0x7f0000000140)={0x0, 0x2e, 0x1, @thr={&(0x7f0000000040)="7be4d6b00202ca53878499e01146863a2e7c8ca45e1910e5eba6453bb6f234b5a1b1bca731970a74bfc8e1793749ea18156c9b8a615bfa2f506fcf44060d36e38f66f111149434d5139e416358ea33f34b4507cdc299f7868d5f186e6bd604", &(0x7f00000000c0)="3c5d8da40d1477844fc4c160b6004a90edc520a6935a49cf5da4c2b525d13146ed27d429c762a4b0e9aaed82555cd1ae800d"}}) r7 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rtc0\x00', 0x101004, 0x0) preadv(r7, &(0x7f0000000440)=[{&(0x7f0000000340)=""/249, 0xf9}], 0x1, 0x0) pipe2(&(0x7f0000000580)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) ioctl$SG_GET_PACK_ID(r8, 0x227c, &(0x7f00000005c0)) ppoll(&(0x7f00000001c0)=[{r6, 0x8000}, {r7, 0x420}], 0x2, &(0x7f0000000200)={0x77359400}, &(0x7f0000000240)={0x9}, 0x8) mq_timedsend(r6, &(0x7f00000e6000), 0x0, 0xe7, &(0x7f0000e0b000)) getsockopt$inet_udp_int(r3, 0x11, 0x1, &(0x7f0000000280), &(0x7f0000000640)=0x4) write$eventfd(r4, &(0x7f00000002c0)=0x43, 0x8) setsockopt$inet_mreq(r2, 0x0, 0x23, &(0x7f0000000500)={@local, @rand_addr=0x800}, 0x8) syz_genetlink_get_family_id$team(&(0x7f0000000780)='team\x00') 20:43:07 executing program 7: r0 = socket$packet(0x11, 0x100000000000003, 0x300) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000100)={'bond_slave_1\x00', 0x0}) bind$packet(r0, &(0x7f00000000c0)={0x11, 0x0, r1}, 0x14) sendmmsg(r0, &(0x7f0000000d40)=[{{0x0, 0x0, &(0x7f0000000500)=[{&(0x7f0000000400)="0c2e450af8fef39135931a0095ce", 0xe}], 0x1, &(0x7f0000000540)}}, {{0x0, 0x0, &(0x7f00000007c0), 0x0, &(0x7f0000000800)}}], 0x2, 0x0) 20:43:07 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x800) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008fd0)={0x0, 0x0, &(0x7f0000003fe8), 0x0, 0x0, &(0x7f0000009000)}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f000000dfd0)={0x2, 0x0, &(0x7f000000dfac), 0x1, 0x0, &(0x7f000000df36)="12"}) 20:43:07 executing program 3: write(0xffffffffffffffff, &(0x7f00000000c0)="d5067a26e495f04b78", 0x9) r0 = syz_open_dev$binder(&(0x7f0000872936)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008fd0)={0x8, 0x0, &(0x7f00000000c0)=[@release={0x400c630f}], 0x0, 0x0, &(0x7f0000000f4d)}) 20:43:07 executing program 6: r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f00000005c0)=0x1, 0x4) r1 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vsock\x00', 0x800, 0x0) ioctl$LOOP_CHANGE_FD(r1, 0x4c06, r0) connect$inet6(r0, &(0x7f0000000240)={0xa, 0x0, 0x0, @local}, 0x1c) 20:43:07 executing program 0: r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCSIFADDR(r0, 0x8916, &(0x7f00000000c0)={'bond_slave_0\x00'}) ioctl$sock_inet_SIOCSIFADDR(r0, 0x8918, &(0x7f0000000000)={'bond_slave_0\x00', {0x2, 0x0, @local}}) [ 188.822033] R13: 00000000004c01fb R14: 00000000004cfe38 R15: 0000000000000007 20:43:07 executing program 5 (fault-call:7 fault-nth:8): mkdir(&(0x7f000082f000)='./control\x00', 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x1032, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000e4c000)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0) write$sndseq(r1, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) mount(&(0x7f0000000100)='./control\x00', &(0x7f0000000640)='./control/file0\x00', &(0x7f0000000140)='proc\x00', 0x0, &(0x7f00000001c0)) lchown(&(0x7f0000000040)='./control/file0\x00', 0x0, 0x0) close(r0) 20:43:07 executing program 2: pipe2(&(0x7f0000f61000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1000009, 0x32, 0xffffffffffffffff, 0x0) r2 = userfaultfd(0x0) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000000080)) fcntl$setstatus(r0, 0x4, 0x400000000002001) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000d62fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) write$sndseq(r1, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x1c) dup2(r1, r0) dup2(r0, r2) [ 188.870346] binder: 10369:10370 unknown command 0 [ 188.884270] Unknown ioctl 19462 [ 188.888039] binder: 10375:10381 BC_CLEAR_DEATH_NOTIFICATION invalid ref 0 [ 188.895128] binder: 10369:10370 ioctl c0306201 2000dfd0 returned -22 [ 188.903881] Unknown ioctl 19462 [ 188.908939] binder: 10369:10386 unknown command 0 20:43:07 executing program 6: r0 = accept$inet6(0xffffffffffffff9c, 0x0, &(0x7f0000000100)) setsockopt$IP6T_SO_SET_ADD_COUNTERS(r0, 0x29, 0x41, &(0x7f0000000140)={'raw\x00', 0x5, [{}, {}, {}, {}, {}]}, 0x78) r1 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_int(r1, 0x29, 0x1000000000021, &(0x7f00000005c0)=0x1, 0x4) connect$inet6(r1, &(0x7f0000000240)={0xa, 0x0, 0x0, @local}, 0x1c) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000000)={0x0}, &(0x7f0000000040)=0xc) capget(&(0x7f0000000080)={0x399f1336, r2}, &(0x7f00000000c0)={0x200, 0xb, 0x1, 0xeb, 0x5e, 0x3f000000000}) 20:43:07 executing program 7: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00009e3ff6)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00005befdc)) ioctl$TCSETSW(r0, 0x5403, &(0x7f0000000800)={0x0, 0x9d3}) r1 = syz_open_pts(r0, 0x20201) write$binfmt_script(r1, &(0x7f0000000000)={'#! ', './file0'}, 0xb) 20:43:07 executing program 0: r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCSIFADDR(r0, 0x8916, &(0x7f00000000c0)={'bond_slave_0\x00'}) ioctl$sock_inet_SIOCSIFADDR(r0, 0x4020940d, &(0x7f0000000000)={'bond_slave_0\x00', {0x2, 0x0, @local}}) 20:43:07 executing program 3: write(0xffffffffffffffff, &(0x7f00000000c0)="d5067a26e495f04b78", 0x9) r0 = syz_open_dev$binder(&(0x7f0000872936)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008fd0)={0x8, 0x0, &(0x7f00000000c0)=[@release={0x400c630f}], 0x0, 0x0, &(0x7f0000000f4d)}) 20:43:07 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x800) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008fd0)={0x0, 0x0, &(0x7f0000003fe8), 0x0, 0x0, &(0x7f0000009000)}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f000000dfd0)={0x7400000000000000, 0x0, &(0x7f000000dfac), 0x1, 0x0, &(0x7f000000df36)="12"}) [ 188.925400] binder: 10369:10386 ioctl c0306201 2000dfd0 returned -22 20:43:07 executing program 6: openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x90100, 0x0) r0 = socket$inet6(0xa, 0x1, 0x0) r1 = semget(0x0, 0x3, 0x244) semctl$SEM_INFO(r1, 0x3, 0x13, &(0x7f0000000080)=""/99) setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f00000005c0)=0x1, 0x4) connect$inet6(r0, &(0x7f0000000240)={0xa, 0x0, 0x0, @local}, 0x1c) 20:43:07 executing program 7: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00009e3ff6)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00005befdc)) ioctl$TCSETSW(r0, 0x5403, &(0x7f0000000800)={0x0, 0x9d3}) r1 = syz_open_pts(r0, 0x20201) write$binfmt_script(r1, &(0x7f0000000000)={'#! ', './file0'}, 0xb) 20:43:07 executing program 0: r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCSIFADDR(r0, 0x8916, &(0x7f00000000c0)={'bond_slave_0\x00'}) ioctl$sock_inet_SIOCSIFADDR(r0, 0x89a0, &(0x7f0000000000)={'bond_slave_0\x00', {0x2, 0x0, @local}}) [ 189.020725] binder: 10408:10409 BC_CLEAR_DEATH_NOTIFICATION invalid ref 0 [ 189.029531] binder: 10405:10407 unknown command 0 [ 189.040225] binder: 10405:10407 ioctl c0306201 2000dfd0 returned -22 [ 189.063611] binder: 10405:10413 unknown command 0 [ 189.077658] binder: 10405:10413 ioctl c0306201 2000dfd0 returned -22 [ 189.745291] FAULT_INJECTION: forcing a failure. [ 189.745291] name failslab, interval 1, probability 0, space 0, times 0 [ 189.756600] CPU: 1 PID: 10431 Comm: syz-executor5 Not tainted 4.18.0-rc5-next-20180720+ #12 [ 189.765105] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 189.774459] Call Trace: [ 189.777052] dump_stack+0x1c9/0x2b4 [ 189.780671] ? dump_stack_print_info.cold.2+0x52/0x52 [ 189.785855] ? __kernel_text_address+0xd/0x40 [ 189.790369] should_fail.cold.4+0xa/0x11 [ 189.794422] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 189.799516] ? save_stack+0xa9/0xd0 [ 189.803129] ? save_stack+0x43/0xd0 [ 189.806745] ? kasan_kmalloc+0xc4/0xe0 [ 189.810622] ? kmem_cache_alloc_trace+0x152/0x780 [ 189.815465] ? proc_init_fs_context+0x49/0x130 [ 189.820046] ? vfs_new_fs_context+0x2c3/0x6d0 [ 189.824541] ? do_mount+0x605/0x1e20 [ 189.828244] ? ksys_mount+0x12d/0x140 [ 189.832049] ? do_syscall_64+0x1b9/0x820 [ 189.836121] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 189.841473] ? __x64_sys_mount+0xbe/0x150 [ 189.845609] ? do_syscall_64+0x1b9/0x820 [ 189.849659] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 189.855016] ? trace_hardirqs_off+0xd/0x10 [ 189.859236] ? quarantine_put+0x10d/0x1b0 [ 189.863371] ? lock_acquire+0x1e4/0x540 [ 189.867337] ? fs_reclaim_acquire+0x20/0x20 [ 189.871644] ? lock_downgrade+0x8f0/0x8f0 [ 189.875795] ? check_same_owner+0x340/0x340 [ 189.880126] ? rcu_note_context_switch+0x730/0x730 [ 189.885054] __should_failslab+0x124/0x180 [ 189.889277] should_failslab+0x9/0x14 [ 189.893078] __kmalloc_track_caller+0x2c4/0x760 [ 189.897744] ? vfs_set_fs_source+0x67/0x180 [ 189.902059] kmemdup_nul+0x31/0xa0 [ 189.905587] vfs_set_fs_source+0x67/0x180 [ 189.909720] do_mount+0x651/0x1e20 [ 189.913247] ? copy_mount_string+0x40/0x40 [ 189.917467] ? __do_page_fault+0x449/0xe50 [ 189.921711] ? retint_kernel+0x10/0x10 [ 189.925590] ? copy_mount_options+0x1f0/0x380 [ 189.930074] ? copy_mount_options+0x200/0x380 [ 189.934566] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 189.940091] ? copy_mount_options+0x285/0x380 [ 189.944573] ksys_mount+0x12d/0x140 [ 189.948189] __x64_sys_mount+0xbe/0x150 [ 189.952157] do_syscall_64+0x1b9/0x820 [ 189.956029] ? finish_task_switch+0x1d3/0x870 [ 189.960524] ? syscall_return_slowpath+0x5e0/0x5e0 [ 189.965443] ? syscall_return_slowpath+0x31d/0x5e0 [ 189.970362] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 189.975377] ? prepare_exit_to_usermode+0x291/0x3b0 [ 189.980382] ? perf_trace_sys_enter+0xb10/0xb10 [ 189.985056] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 189.989892] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 189.995065] RIP: 0033:0x455ab9 [ 189.998233] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 190.017408] RSP: 002b:00007f9b4e0a1c68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 190.026453] RAX: ffffffffffffffda RBX: 00007f9b4e0a26d4 RCX: 0000000000455ab9 [ 190.033716] RDX: 0000000020000140 RSI: 0000000020000640 RDI: 0000000020000100 20:43:08 executing program 4: preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000080)=""/148, 0x289}], 0x1, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/arp\x00') preadv(r0, &(0x7f0000000480), 0x10000000000002a1, 0x10400003) ioctl$TUNGETSNDBUF(0xffffffffffffffff, 0x800454d3, &(0x7f0000000000)) ioctl$PERF_EVENT_IOC_RESET(0xffffffffffffffff, 0x2403, 0x5) fcntl$setown(r0, 0x8, 0x0) r1 = epoll_create1(0x80006) r2 = socket(0x1d, 0x0, 0x1116) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r2, &(0x7f0000000000)={0xfffffffe8000201f}) setsockopt$inet_udp_int(r2, 0x11, 0x6f, &(0x7f0000000100)=0x7, 0x4) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r1, &(0x7f0000000540)) ioctl$sock_netdev_private(r3, 0x89f0, &(0x7f0000000480)="dd6c4aae95babf1ba2cec8b824c3d8fd5e5e2a57f332e1c96456a1d00ea4ce51a18b3bfae24dc491ada880e92ffe5376d59852e5ee1b2cde661cadfb31d0a597bb36b5180ca4958e224ea71a6b099d1592d459f4f498fce378ebf9ec4774f407b189a23bfebadf74943b2858f72fd422c838df1af095ff") ioctl$BLKSECDISCARD(r3, 0x127d, &(0x7f0000000300)=0x6bb) r5 = perf_event_open(&(0x7f0000000140)={0x2, 0xb1, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) fcntl$getown(r5, 0x9) r6 = mq_open(&(0x7f00005a1ffb)='eth0\x00', 0x42, 0x0, &(0x7f0000000000)={0x0, 0x6, 0x4}) mq_notify(r6, &(0x7f0000000140)={0x0, 0x2e, 0x1, @thr={&(0x7f0000000040)="7be4d6b00202ca53878499e01146863a2e7c8ca45e1910e5eba6453bb6f234b5a1b1bca731970a74bfc8e1793749ea18156c9b8a615bfa2f506fcf44060d36e38f66f111149434d5139e416358ea33f34b4507cdc299f7868d5f186e6bd604", &(0x7f00000000c0)="3c5d8da40d1477844fc4c160b6004a90edc520a6935a49cf5da4c2b525d13146ed27d429c762a4b0e9aaed82555cd1ae800d"}}) r7 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rtc0\x00', 0x101004, 0x0) preadv(r7, &(0x7f0000000440)=[{&(0x7f0000000340)=""/249, 0xf9}], 0x1, 0x0) pipe2(&(0x7f0000000580)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) ioctl$SG_GET_PACK_ID(r8, 0x227c, &(0x7f00000005c0)) ppoll(&(0x7f00000001c0)=[{r6, 0x8000}, {r7, 0x420}], 0x2, &(0x7f0000000200)={0x77359400}, &(0x7f0000000240)={0x9}, 0x8) mq_timedsend(r6, &(0x7f00000e6000), 0x0, 0xe7, &(0x7f0000e0b000)) getsockopt$inet_udp_int(r3, 0x11, 0x1, &(0x7f0000000280), &(0x7f0000000640)=0x4) write$eventfd(r4, &(0x7f00000002c0)=0x43, 0x8) setsockopt$inet_mreq(r2, 0x0, 0x23, &(0x7f0000000500)={@local, @rand_addr=0x800}, 0x8) syz_genetlink_get_family_id$team(&(0x7f0000000780)='team\x00') 20:43:08 executing program 3: write(0xffffffffffffffff, &(0x7f00000000c0)="d5067a26e495f04b78", 0x9) r0 = syz_open_dev$binder(&(0x7f0000872936)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008fd0)={0x8, 0x0, &(0x7f00000000c0)=[@release={0x400c630f}], 0x0, 0x0, &(0x7f0000000f4d)}) 20:43:08 executing program 0: r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCSIFADDR(r0, 0x8916, &(0x7f00000000c0)={'bond_slave_0\x00'}) ioctl$sock_inet_SIOCSIFADDR(r0, 0x8917, &(0x7f0000000000)={'bond_slave_0\x00', {0x2, 0x0, @local}}) 20:43:08 executing program 6: r0 = socket$inet6(0xa, 0x2, 0x0) recvfrom$inet6(r0, &(0x7f0000000000)=""/243, 0xf3, 0x20, &(0x7f0000000100)={0xa, 0x4e24, 0x7, @empty, 0x100}, 0x1c) setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f00000005c0)=0x1ff, 0x4) r1 = gettid() ptrace$getsig(0x4202, r1, 0x9, &(0x7f0000000140)) connect$inet6(r0, &(0x7f0000000240)={0xa, 0x0, 0x0, @local}, 0x1c) 20:43:08 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x800) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008fd0)={0x0, 0x0, &(0x7f0000003fe8), 0x0, 0x0, &(0x7f0000009000)}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f000000dfd0)={0x7a, 0x0, &(0x7f000000dfac), 0x1, 0x0, &(0x7f000000df36)="12"}) 20:43:08 executing program 7: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00009e3ff6)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00005befdc)) ioctl$TCSETSW(r0, 0x5403, &(0x7f0000000800)={0x0, 0x9d3}) r1 = syz_open_pts(r0, 0x20201) write$binfmt_script(r1, &(0x7f0000000000)={'#! ', './file0'}, 0xb) [ 190.040985] RBP: 000000000072bf50 R08: 00000000200001c0 R09: 0000000000000000 [ 190.048242] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000015 [ 190.055504] R13: 00000000004c01fb R14: 00000000004cfe38 R15: 0000000000000008 20:43:08 executing program 5 (fault-call:7 fault-nth:9): mkdir(&(0x7f000082f000)='./control\x00', 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x1032, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000e4c000)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0) write$sndseq(r1, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) mount(&(0x7f0000000100)='./control\x00', &(0x7f0000000640)='./control/file0\x00', &(0x7f0000000140)='proc\x00', 0x0, &(0x7f00000001c0)) lchown(&(0x7f0000000040)='./control/file0\x00', 0x0, 0x0) close(r0) 20:43:08 executing program 2: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000001000)={0x0, 0x0, &(0x7f0000182000)={&(0x7f0000000200)={0x2, 0x4000000000000d, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, [@sadb_x_policy={0x8, 0x12, 0x0, 0x3, 0x0, 0x0, 0x0, {0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @in=@multicast1}}, @sadb_address={0x3, 0x6, 0x0, 0x0, 0x0, @in={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}}, @sadb_address={0x3, 0x5, 0x0, 0x0, 0x0, @in={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}}, @sadb_lifetime={0x4, 0x3, 0x2000}]}, 0xa0}}, 0x0) 20:43:08 executing program 7: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00009e3ff6)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00005befdc)) ioctl$TCSETSW(r0, 0x5403, &(0x7f0000000800)={0x0, 0x9d3}) r1 = syz_open_pts(r0, 0x20201) write$binfmt_script(r1, &(0x7f0000000000)={'#! ', './file0'}, 0xb) 20:43:08 executing program 0: r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCSIFADDR(r0, 0x8916, &(0x7f00000000c0)={'bond_slave_0\x00'}) ioctl$sock_inet_SIOCSIFADDR(r0, 0x8980, &(0x7f0000000000)={'bond_slave_0\x00', {0x2, 0x0, @local}}) [ 190.101774] binder: 10433:10435 unknown command 0 [ 190.114213] binder: 10437:10439 BC_CLEAR_DEATH_NOTIFICATION invalid ref 0 [ 190.136284] binder: 10433:10435 ioctl c0306201 2000dfd0 returned -22 20:43:08 executing program 3: write(0xffffffffffffffff, &(0x7f00000000c0)="d5067a26e495f04b78", 0x9) r0 = syz_open_dev$binder(&(0x7f0000872936)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x10, 0x0, &(0x7f0000005fd4)=[@acquire, @acquire={0x400c630e}], 0x0, 0x0, &(0x7f00000001c0)}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008fd0)={0x8, 0x0, &(0x7f00000000c0)=[@release={0x400c630f}], 0x0, 0x0, &(0x7f0000000f4d)}) [ 190.171118] binder: 10433:10456 unknown command 0 20:43:08 executing program 2: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000001000)={0x0, 0x0, &(0x7f0000182000)={&(0x7f0000000200)={0x2, 0x4000000000000d, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, [@sadb_x_policy={0x8, 0x12, 0x0, 0x3, 0x0, 0x0, 0x0, {0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @in=@multicast1}}, @sadb_address={0x3, 0x6, 0x0, 0x0, 0x0, @in={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}}, @sadb_address={0x3, 0x5, 0x0, 0x0, 0x0, @in={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}}, @sadb_lifetime={0x4, 0x3, 0x2000}]}, 0xa0}}, 0x0) 20:43:08 executing program 7: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00009e3ff6)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00005befdc)) ioctl$TCSETSW(r0, 0x5403, &(0x7f0000000800)={0x0, 0x9d3}) write$binfmt_script(0xffffffffffffffff, &(0x7f0000000000)={'#! ', './file0'}, 0xb) 20:43:08 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x800) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008fd0)={0x0, 0x0, &(0x7f0000003fe8), 0x0, 0x0, &(0x7f0000009000)}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f000000dfd0)={0x6800000000000000, 0x0, &(0x7f000000dfac), 0x1, 0x0, &(0x7f000000df36)="12"}) 20:43:08 executing program 0: r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCSIFADDR(r0, 0x8916, &(0x7f00000000c0)={'bond_slave_0\x00'}) ioctl$sock_inet_SIOCSIFADDR(r0, 0x5421, &(0x7f0000000000)={'bond_slave_0\x00', {0x2, 0x0, @local}}) [ 190.192249] binder: 10433:10456 ioctl c0306201 2000dfd0 returned -22 [ 190.228991] binder: 10464:10466 Acquire 1 refcount change on invalid ref 0 ret -22 20:43:09 executing program 2: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000001000)={0x0, 0x0, &(0x7f0000182000)={&(0x7f0000000200)={0x2, 0x4000000000000d, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, [@sadb_x_policy={0x8, 0x12, 0x0, 0x3, 0x0, 0x0, 0x0, {0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @in=@multicast1}}, @sadb_address={0x3, 0x6, 0x0, 0x0, 0x0, @in={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}}, @sadb_address={0x3, 0x5, 0x0, 0x0, 0x0, @in={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}}, @sadb_lifetime={0x4, 0x3, 0x2000}]}, 0xa0}}, 0x0) [ 190.280244] binder: 10464:10466 BC_REQUEST_DEATH_NOTIFICATION invalid ref 0 [ 190.289880] binder: 10473:10475 unknown command 0 [ 190.298434] binder: 10473:10475 ioctl c0306201 2000dfd0 returned -22 [ 190.303829] binder: 10464:10466 BC_CLEAR_DEATH_NOTIFICATION invalid ref 0 [ 190.338641] binder: 10473:10482 unknown command 0 [ 190.357923] binder: 10473:10482 ioctl c0306201 2000dfd0 returned -22 [ 191.012620] FAULT_INJECTION: forcing a failure. [ 191.012620] name failslab, interval 1, probability 0, space 0, times 0 [ 191.023894] CPU: 1 PID: 10491 Comm: syz-executor5 Not tainted 4.18.0-rc5-next-20180720+ #12 [ 191.032394] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 191.041753] Call Trace: [ 191.044363] dump_stack+0x1c9/0x2b4 [ 191.048009] ? dump_stack_print_info.cold.2+0x52/0x52 [ 191.053233] should_fail.cold.4+0xa/0x11 [ 191.057303] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 191.062398] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 191.067937] ? do_raw_spin_unlock+0xa7/0x2f0 [ 191.072340] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 191.076916] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 191.081933] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 191.086961] ? find_next_bit+0x104/0x130 [ 191.091012] ? cpumask_next+0x24/0x30 [ 191.094802] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 191.100326] ? pcpu_alloc+0x190/0x13a0 [ 191.104291] ? kmem_cache_alloc_trace+0x152/0x780 [ 191.109130] ? lock_acquire+0x1e4/0x540 [ 191.113093] ? fs_reclaim_acquire+0x20/0x20 [ 191.117404] ? lock_downgrade+0x8f0/0x8f0 [ 191.121541] ? pcpu_balance_workfn+0x1700/0x1700 [ 191.126301] ? check_same_owner+0x340/0x340 [ 191.130623] ? rcu_note_context_switch+0x730/0x730 [ 191.135544] ? lock_acquire+0x1e4/0x540 [ 191.139508] __should_failslab+0x124/0x180 [ 191.143733] should_failslab+0x9/0x14 [ 191.147519] __kmalloc+0x2c8/0x760 [ 191.151046] ? kasan_check_write+0x14/0x20 [ 191.155267] ? __init_rwsem+0x1cc/0x2a0 [ 191.159232] ? do_raw_write_unlock.cold.8+0x49/0x49 [ 191.164233] ? prealloc_shrinker+0x124/0x480 [ 191.168634] ? __lockdep_init_map+0x105/0x590 [ 191.173116] prealloc_shrinker+0x124/0x480 [ 191.177338] ? __init_waitqueue_head+0x9e/0x150 [ 191.181992] ? inactive_list_is_low+0x850/0x850 [ 191.186650] ? __lockdep_init_map+0x105/0x590 [ 191.191132] alloc_super+0x8dd/0xb10 [ 191.194848] ? destroy_unused_super.part.11+0x110/0x110 [ 191.200198] ? lock_downgrade+0x8f0/0x8f0 [ 191.204339] ? kasan_check_read+0x11/0x20 [ 191.208472] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 191.213054] ? kasan_check_write+0x14/0x20 [ 191.217274] ? do_raw_spin_lock+0xc1/0x200 [ 191.221495] ? ns_test_super+0x50/0x50 [ 191.225385] sget_fc+0x269/0x950 [ 191.228737] ? compare_single+0x10/0x10 [ 191.232696] ? alloc_super+0xb10/0xb10 [ 191.236565] ? kasan_kmalloc+0xc4/0xe0 [ 191.240438] ? __kmalloc_track_caller+0x311/0x760 [ 191.245277] ? proc_root_lookup+0x60/0x60 [ 191.249410] vfs_get_super+0x6e/0x270 [ 191.253193] proc_get_tree+0x88/0xb0 [ 191.256894] vfs_get_tree+0x1cb/0x5c0 [ 191.260682] do_mount+0x6f2/0x1e20 [ 191.264209] ? check_same_owner+0x340/0x340 [ 191.268516] ? lock_release+0xa30/0xa30 [ 191.272477] ? copy_mount_string+0x40/0x40 [ 191.276697] ? __do_page_fault+0x449/0xe50 [ 191.280929] ? retint_kernel+0x10/0x10 [ 191.284802] ? copy_mount_options+0x1f0/0x380 [ 191.289282] ? copy_mount_options+0x200/0x380 [ 191.293762] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 191.299283] ? copy_mount_options+0x285/0x380 [ 191.303765] ksys_mount+0x12d/0x140 [ 191.307380] __x64_sys_mount+0xbe/0x150 [ 191.311340] do_syscall_64+0x1b9/0x820 [ 191.315214] ? finish_task_switch+0x1d3/0x870 [ 191.319696] ? syscall_return_slowpath+0x5e0/0x5e0 [ 191.324615] ? syscall_return_slowpath+0x31d/0x5e0 [ 191.329533] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 191.334539] ? prepare_exit_to_usermode+0x291/0x3b0 [ 191.339544] ? perf_trace_sys_enter+0xb10/0xb10 [ 191.344204] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 191.349040] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 191.354215] RIP: 0033:0x455ab9 [ 191.357386] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 191.376567] RSP: 002b:00007f9b4e0a1c68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 191.384270] RAX: ffffffffffffffda RBX: 00007f9b4e0a26d4 RCX: 0000000000455ab9 [ 191.391525] RDX: 0000000020000140 RSI: 0000000020000640 RDI: 0000000020000100 [ 191.398779] RBP: 000000000072bf50 R08: 00000000200001c0 R09: 0000000000000000 [ 191.406034] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000015 20:43:10 executing program 4: preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000080)=""/148, 0x289}], 0x1, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/arp\x00') preadv(r0, &(0x7f0000000480), 0x10000000000002a1, 0x10400003) ioctl$TUNGETSNDBUF(0xffffffffffffffff, 0x800454d3, &(0x7f0000000000)) ioctl$PERF_EVENT_IOC_RESET(0xffffffffffffffff, 0x2403, 0x5) fcntl$setown(r0, 0x8, 0x0) r1 = epoll_create1(0x80006) r2 = socket(0x1d, 0x0, 0x1116) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r2, &(0x7f0000000000)={0xfffffffe8000201f}) setsockopt$inet_udp_int(r2, 0x11, 0x6f, &(0x7f0000000100)=0x7, 0x4) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r1, &(0x7f0000000540)={0x20000003}) ioctl$sock_netdev_private(0xffffffffffffffff, 0x89f0, &(0x7f0000000480)="dd6c4aae95babf1ba2cec8b824c3d8fd5e5e2a57f332e1c96456a1d00ea4ce51a18b3bfae24dc491ada880e92ffe5376d59852e5ee1b2cde661cadfb31d0a597bb36b5180ca4958e224ea71a6b099d1592d459f4f498fce378ebf9ec4774f407b189a23bfebadf74943b2858f72fd422c838df1af095ff") ioctl$BLKSECDISCARD(r3, 0x127d, &(0x7f0000000300)=0x6bb) r5 = perf_event_open(&(0x7f0000000140)={0x2, 0xb1, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) fcntl$getown(r5, 0x9) r6 = mq_open(&(0x7f00005a1ffb)='eth0\x00', 0x42, 0x0, &(0x7f0000000000)={0x0, 0x6, 0x4}) mq_notify(r6, &(0x7f0000000140)={0x0, 0x2e, 0x1, @thr={&(0x7f0000000040)="7be4d6b00202ca53878499e01146863a2e7c8ca45e1910e5eba6453bb6f234b5a1b1bca731970a74bfc8e1793749ea18156c9b8a615bfa2f506fcf44060d36e38f66f111149434d5139e416358ea33f34b4507cdc299f7868d5f186e6bd604", &(0x7f00000000c0)="3c5d8da40d1477844fc4c160b6004a90edc520a6935a49cf5da4c2b525d13146ed27d429c762a4b0e9aaed82555cd1ae800d"}}) r7 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rtc0\x00', 0x101004, 0x0) preadv(r7, &(0x7f0000000440)=[{&(0x7f0000000340)=""/249, 0xf9}], 0x1, 0x0) pipe2(&(0x7f0000000580)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) ioctl$SG_GET_PACK_ID(r8, 0x227c, &(0x7f00000005c0)) ppoll(&(0x7f00000001c0)=[{r6, 0x8000}, {r7, 0x420}], 0x2, &(0x7f0000000200)={0x77359400}, &(0x7f0000000240)={0x9}, 0x8) mq_timedsend(r6, &(0x7f00000e6000), 0x0, 0xe7, &(0x7f0000e0b000)) getsockopt$inet_udp_int(r3, 0x11, 0x1, &(0x7f0000000280), &(0x7f0000000640)=0x4) write$eventfd(r4, &(0x7f00000002c0)=0x43, 0x8) setsockopt$inet_mreq(r2, 0x0, 0x23, &(0x7f0000000500)={@local, @rand_addr=0x800}, 0x8) syz_genetlink_get_family_id$team(&(0x7f0000000780)='team\x00') 20:43:10 executing program 7: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00009e3ff6)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00005befdc)) r1 = syz_open_pts(r0, 0x20201) write$binfmt_script(r1, &(0x7f0000000000)={'#! ', './file0'}, 0xb) 20:43:10 executing program 0: r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCSIFADDR(r0, 0x8916, &(0x7f00000000c0)={'bond_slave_0\x00'}) ioctl$sock_inet_SIOCSIFADDR(r0, 0x8915, &(0x7f0000000000)={'bond_slave_0\x00', {0x2, 0x0, @local}}) 20:43:10 executing program 3: write(0xffffffffffffffff, &(0x7f00000000c0)="d5067a26e495f04b78", 0x9) r0 = syz_open_dev$binder(&(0x7f0000872936)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x10, 0x0, &(0x7f0000005fd4)=[@acquire, @acquire={0x400c630e}], 0x0, 0x0, &(0x7f00000001c0)}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008fd0)={0x8, 0x0, &(0x7f00000000c0)=[@release={0x400c630f}], 0x0, 0x0, &(0x7f0000000f4d)}) 20:43:10 executing program 2: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000001000)={0x0, 0x0, &(0x7f0000182000)={&(0x7f0000000200)={0x2, 0x4000000000000d, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, [@sadb_x_policy={0x8, 0x12, 0x0, 0x3, 0x0, 0x0, 0x0, {0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @in=@multicast1}}, @sadb_address={0x3, 0x6, 0x0, 0x0, 0x0, @in={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}}, @sadb_address={0x3, 0x5, 0x0, 0x0, 0x0, @in={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}}, @sadb_lifetime={0x4, 0x3, 0x2000}]}, 0xa0}}, 0x0) 20:43:10 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x800) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008fd0)={0x0, 0x0, &(0x7f0000003fe8), 0x0, 0x0, &(0x7f0000009000)}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f000000dfd0)={0xffffff7f, 0x0, &(0x7f000000dfac), 0x1, 0x0, &(0x7f000000df36)="12"}) [ 191.413286] R13: 00000000004c01fb R14: 00000000004cfe38 R15: 0000000000000009 [ 191.444730] binder: 10495:10496 unknown command 0 [ 191.447652] binder: 10498:10504 Acquire 1 refcount change on invalid ref 0 ret -22 20:43:10 executing program 5 (fault-call:7 fault-nth:10): mkdir(&(0x7f000082f000)='./control\x00', 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x1032, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000e4c000)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0) write$sndseq(r1, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) mount(&(0x7f0000000100)='./control\x00', &(0x7f0000000640)='./control/file0\x00', &(0x7f0000000140)='proc\x00', 0x0, &(0x7f00000001c0)) lchown(&(0x7f0000000040)='./control/file0\x00', 0x0, 0x0) close(r0) 20:43:10 executing program 6: r0 = socket$inet6(0xa, 0x80005, 0x800) setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f00000005c0)=0x1, 0x4) connect$inet6(r0, &(0x7f0000000240)={0xa, 0x0, 0xfffffffffffffffd, @local}, 0x1c) 20:43:10 executing program 0: r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCSIFADDR(r0, 0x8916, &(0x7f00000000c0)={'bond_slave_0\x00'}) ioctl$sock_inet_SIOCSIFADDR(r0, 0x5460, &(0x7f0000000000)={'bond_slave_0\x00', {0x2, 0x0, @local}}) 20:43:10 executing program 2: sendmsg$key(0xffffffffffffffff, &(0x7f0000001000)={0x0, 0x0, &(0x7f0000182000)={&(0x7f0000000200)={0x2, 0x4000000000000d, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, [@sadb_x_policy={0x8, 0x12, 0x0, 0x3, 0x0, 0x0, 0x0, {0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @in=@multicast1}}, @sadb_address={0x3, 0x6, 0x0, 0x0, 0x0, @in={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}}, @sadb_address={0x3, 0x5, 0x0, 0x0, 0x0, @in={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}}, @sadb_lifetime={0x4, 0x3, 0x2000}]}, 0xa0}}, 0x0) [ 191.468848] binder: 10495:10496 ioctl c0306201 2000dfd0 returned -22 [ 191.490910] binder: 10498:10504 BC_REQUEST_DEATH_NOTIFICATION invalid ref 0 [ 191.497643] binder: 10495:10511 unknown command 0 [ 191.503446] binder: 10495:10511 ioctl c0306201 2000dfd0 returned -22 20:43:10 executing program 7: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00009e3ff6)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00005befdc)) r1 = syz_open_pts(r0, 0x20201) write$binfmt_script(r1, &(0x7f0000000000)={'#! ', './file0'}, 0xb) 20:43:10 executing program 6: r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f00000005c0)=0x1, 0x4) connect$inet6(r0, &(0x7f0000000240)={0xa, 0x0, 0x0, @local}, 0x1c) r1 = syz_open_dev$mouse(&(0x7f0000000000)='/dev/input/mouse#\x00', 0x7, 0x102) epoll_wait(r1, &(0x7f0000000040)=[{}, {}, {}, {}, {}, {}], 0x6, 0x3) 20:43:10 executing program 0: r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCSIFADDR(r0, 0x8916, &(0x7f00000000c0)={'bond_slave_0\x00'}) ioctl$sock_inet_SIOCSIFADDR(r0, 0x890b, &(0x7f0000000000)={'bond_slave_0\x00', {0x2, 0x0, @local}}) [ 191.517604] binder: 10498:10504 BC_CLEAR_DEATH_NOTIFICATION invalid ref 0 20:43:10 executing program 3: write(0xffffffffffffffff, &(0x7f00000000c0)="d5067a26e495f04b78", 0x9) r0 = syz_open_dev$binder(&(0x7f0000872936)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x10, 0x0, &(0x7f0000005fd4)=[@acquire, @acquire={0x400c630e}], 0x0, 0x0, &(0x7f00000001c0)}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008fd0)={0x8, 0x0, &(0x7f00000000c0)=[@release={0x400c630f}], 0x0, 0x0, &(0x7f0000000f4d)}) 20:43:10 executing program 2: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(0xffffffffffffffff, &(0x7f0000001000)={0x0, 0x0, &(0x7f0000182000)={&(0x7f0000000200)={0x2, 0x4000000000000d, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, [@sadb_x_policy={0x8, 0x12, 0x0, 0x3, 0x0, 0x0, 0x0, {0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @in=@multicast1}}, @sadb_address={0x3, 0x6, 0x0, 0x0, 0x0, @in={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}}, @sadb_address={0x3, 0x5, 0x0, 0x0, 0x0, @in={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}}, @sadb_lifetime={0x4, 0x3, 0x2000}]}, 0xa0}}, 0x0) 20:43:10 executing program 6: r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f00000005c0)=0x1, 0x4) connect$inet6(r0, &(0x7f0000000240)={0xa, 0x0, 0x0, @local}, 0x1c) recvmmsg(r0, &(0x7f0000007e40)=[{{&(0x7f0000000000)=@pppoe={0x18, 0x0, {0x0, @dev}}, 0x80, &(0x7f0000000280)=[{&(0x7f0000000080)=""/24, 0x18}, {&(0x7f00000000c0)=""/214, 0xd6}, {&(0x7f00000001c0)=""/95, 0x5f}], 0x3, 0x0, 0x0, 0x8}}, {{&(0x7f00000002c0)=@nfc_llcp, 0x80, &(0x7f0000001a80)=[{&(0x7f0000000700)=""/200, 0xc8}, {&(0x7f0000000800)=""/28, 0x1c}, {&(0x7f0000000840)=""/211, 0xd3}, {&(0x7f0000000940)=""/167, 0xa7}, {&(0x7f0000000a00)=""/4096, 0x1000}, {&(0x7f0000001a00)=""/66, 0x42}], 0x6, &(0x7f0000001b00)=""/176, 0xb0, 0x1}, 0x4}, {{&(0x7f0000001bc0)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @dev}}}, 0x80, &(0x7f0000003f80)=[{&(0x7f0000001c40)=""/31, 0x1f}, {&(0x7f0000001c80)=""/4096, 0x1000}, {&(0x7f0000002c80)=""/165, 0xa5}, {&(0x7f0000002d40)=""/128, 0x80}, {&(0x7f0000002dc0)=""/149, 0x95}, {&(0x7f0000002e80)=""/226, 0xe2}, {&(0x7f0000002f80)=""/4096, 0x1000}], 0x7, &(0x7f0000004000)=""/101, 0x65, 0x8635}, 0x8}, {{0x0, 0x0, &(0x7f00000041c0)=[{&(0x7f0000004080)=""/74, 0x4a}, {&(0x7f0000004100)=""/172, 0xac}], 0x2, &(0x7f0000004200)=""/11, 0xb, 0x5}, 0x3f}, {{&(0x7f0000004240)=@in={0x2, 0x0, @loopback}, 0x80, &(0x7f00000055c0)=[{&(0x7f00000042c0)=""/63, 0x3f}, {&(0x7f0000004300)=""/144, 0x90}, {&(0x7f00000043c0)=""/201, 0xc9}, {&(0x7f00000044c0)=""/43, 0x2b}, {&(0x7f0000004500)=""/153, 0x99}, {&(0x7f00000045c0)=""/4096, 0x1000}], 0x6, &(0x7f0000005640)=""/4096, 0x1000, 0x9}, 0xe388}, {{&(0x7f0000006640)=@in6={0xa, 0x0, 0x0, @dev}, 0x80, &(0x7f0000006880)=[{&(0x7f00000066c0)=""/254, 0xfe}, {&(0x7f00000067c0)=""/149, 0x95}], 0x2, &(0x7f00000068c0)=""/114, 0x72, 0x8001}, 0x5}, {{&(0x7f0000006940)=@alg, 0x80, &(0x7f0000007d80)=[{&(0x7f00000069c0)=""/112, 0x70}, {&(0x7f0000006a40)=""/157, 0x9d}, {&(0x7f0000006b00)=""/120, 0x78}, {&(0x7f0000006b80)=""/55, 0x37}, {&(0x7f0000006bc0)=""/4096, 0x1000}, {&(0x7f0000007bc0)=""/172, 0xac}, {&(0x7f0000007c80)=""/230, 0xe6}], 0x7, &(0x7f0000007e00), 0x0, 0x9}, 0x2a}], 0x7, 0x2000, &(0x7f0000008000)) getsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f0000000340)={{{@in6=@mcast1, @in=@loopback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@mcast2}, 0x0, @in6=@mcast1}}, &(0x7f0000008040)=0xe8) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000000480)={{{@in=@local, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{}, 0x0, @in=@remote}}, &(0x7f0000000580)=0xe8) setsockopt$inet6_IPV6_IPSEC_POLICY(r0, 0x29, 0x22, &(0x7f0000000600)={{{@in6, @in6, 0x4e21, 0x80000001, 0x4e22, 0x5, 0x2, 0x20, 0x80, 0x3f, r2, r3}, {0xfff, 0x1, 0x8, 0x3, 0x7e5, 0x0, 0x3, 0x9}, {0x1, 0x1f, 0x0, 0x3}, 0x0, 0x6e6bb4, 0x0, 0x0, 0x3, 0x3}, {{@in6=@dev={0xfe, 0x80, [], 0x12}, 0x4d5, 0x7f}, 0x2, @in=@rand_addr=0x2, 0x3504, 0x1, 0x3, 0xa985, 0xedd, 0xc1, 0xff}}, 0xe8) [ 191.674839] binder: 10534:10535 Acquire 1 refcount change on invalid ref 0 ret -22 [ 191.702347] binder: 10534:10535 BC_REQUEST_DEATH_NOTIFICATION invalid ref 0 [ 191.710904] binder: 10534:10535 BC_CLEAR_DEATH_NOTIFICATION invalid ref 0 [ 192.340853] FAULT_INJECTION: forcing a failure. [ 192.340853] name failslab, interval 1, probability 0, space 0, times 0 [ 192.352139] CPU: 1 PID: 10552 Comm: syz-executor5 Not tainted 4.18.0-rc5-next-20180720+ #12 [ 192.360644] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 192.370002] Call Trace: [ 192.372592] dump_stack+0x1c9/0x2b4 [ 192.376217] ? dump_stack_print_info.cold.2+0x52/0x52 [ 192.381414] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 192.386974] should_fail.cold.4+0xa/0x11 [ 192.391051] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 192.396174] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 192.401733] ? replace_slot+0xc9/0x4c0 [ 192.405637] ? __save_stack_trace+0x8d/0xf0 [ 192.409967] ? plist_requeue+0x650/0x650 [ 192.414025] ? save_stack+0xa9/0xd0 [ 192.417671] ? save_stack+0x43/0xd0 [ 192.421312] ? lock_acquire+0x1e4/0x540 [ 192.425300] ? fs_reclaim_acquire+0x20/0x20 [ 192.429614] ? lock_downgrade+0x8f0/0x8f0 [ 192.433752] ? check_same_owner+0x340/0x340 [ 192.438063] ? check_same_owner+0x340/0x340 [ 192.442369] ? rcu_note_context_switch+0x730/0x730 [ 192.447303] __should_failslab+0x124/0x180 [ 192.451534] should_failslab+0x9/0x14 [ 192.455333] __kmalloc+0x2c8/0x760 [ 192.458867] ? rcu_note_context_switch+0x730/0x730 [ 192.463783] ? __list_lru_init+0x151/0x840 [ 192.468022] __list_lru_init+0x151/0x840 [ 192.472073] ? list_lru_destroy+0x500/0x500 [ 192.476389] ? prealloc_shrinker+0x124/0x480 [ 192.480874] ? prealloc_shrinker+0x213/0x480 [ 192.485284] ? __init_waitqueue_head+0x9e/0x150 [ 192.489942] ? inactive_list_is_low+0x850/0x850 [ 192.494607] ? __lockdep_init_map+0x105/0x590 [ 192.499099] alloc_super+0x976/0xb10 [ 192.502813] ? destroy_unused_super.part.11+0x110/0x110 [ 192.508178] ? lock_downgrade+0x8f0/0x8f0 [ 192.512332] ? kasan_check_read+0x11/0x20 [ 192.516661] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 192.521255] ? kasan_check_write+0x14/0x20 [ 192.525491] ? do_raw_spin_lock+0xc1/0x200 [ 192.529722] ? ns_test_super+0x50/0x50 [ 192.533611] sget_fc+0x269/0x950 [ 192.536971] ? compare_single+0x10/0x10 [ 192.540933] ? alloc_super+0xb10/0xb10 [ 192.544810] ? kasan_kmalloc+0xc4/0xe0 [ 192.548688] ? __kmalloc_track_caller+0x311/0x760 [ 192.553537] ? proc_root_lookup+0x60/0x60 [ 192.557677] vfs_get_super+0x6e/0x270 [ 192.561474] proc_get_tree+0x88/0xb0 [ 192.565195] vfs_get_tree+0x1cb/0x5c0 [ 192.568997] do_mount+0x6f2/0x1e20 [ 192.572535] ? check_same_owner+0x340/0x340 [ 192.576931] ? lock_release+0xa30/0xa30 [ 192.580912] ? copy_mount_string+0x40/0x40 [ 192.585138] ? __do_page_fault+0x449/0xe50 [ 192.589384] ? retint_kernel+0x10/0x10 [ 192.593260] ? copy_mount_options+0x1f0/0x380 [ 192.597743] ? copy_mount_options+0x200/0x380 [ 192.602226] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 192.607754] ? copy_mount_options+0x285/0x380 [ 192.612257] ksys_mount+0x12d/0x140 [ 192.615876] __x64_sys_mount+0xbe/0x150 [ 192.619843] do_syscall_64+0x1b9/0x820 [ 192.623715] ? finish_task_switch+0x1d3/0x870 [ 192.628201] ? syscall_return_slowpath+0x5e0/0x5e0 [ 192.633137] ? syscall_return_slowpath+0x31d/0x5e0 [ 192.638058] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 192.643072] ? prepare_exit_to_usermode+0x291/0x3b0 [ 192.648097] ? perf_trace_sys_enter+0xb10/0xb10 [ 192.652770] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 192.657611] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 192.663225] RIP: 0033:0x455ab9 [ 192.666397] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 20:43:11 executing program 4: preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000080)=""/148, 0x289}], 0x1, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/arp\x00') preadv(r0, &(0x7f0000000480), 0x10000000000002a1, 0x10400003) ioctl$TUNGETSNDBUF(0xffffffffffffffff, 0x800454d3, &(0x7f0000000000)) ioctl$PERF_EVENT_IOC_RESET(0xffffffffffffffff, 0x2403, 0x5) fcntl$setown(r0, 0x8, 0x0) r1 = epoll_create1(0x80006) r2 = socket(0x1d, 0x0, 0x1116) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r2, &(0x7f0000000000)={0xfffffffe8000201f}) setsockopt$inet_udp_int(r2, 0x11, 0x6f, &(0x7f0000000100)=0x7, 0x4) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r1, &(0x7f0000000540)={0x20000003}) ioctl$sock_netdev_private(r3, 0x0, &(0x7f0000000480)="dd6c4aae95babf1ba2cec8b824c3d8fd5e5e2a57f332e1c96456a1d00ea4ce51a18b3bfae24dc491ada880e92ffe5376d59852e5ee1b2cde661cadfb31d0a597bb36b5180ca4958e224ea71a6b099d1592d459f4f498fce378ebf9ec4774f407b189a23bfebadf74943b2858f72fd422c838df1af095ff") ioctl$BLKSECDISCARD(r3, 0x127d, &(0x7f0000000300)=0x6bb) r5 = perf_event_open(&(0x7f0000000140)={0x2, 0xb1, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) fcntl$getown(r5, 0x9) r6 = mq_open(&(0x7f00005a1ffb)='eth0\x00', 0x42, 0x0, &(0x7f0000000000)={0x0, 0x6, 0x4}) mq_notify(r6, &(0x7f0000000140)={0x0, 0x2e, 0x1, @thr={&(0x7f0000000040)="7be4d6b00202ca53878499e01146863a2e7c8ca45e1910e5eba6453bb6f234b5a1b1bca731970a74bfc8e1793749ea18156c9b8a615bfa2f506fcf44060d36e38f66f111149434d5139e416358ea33f34b4507cdc299f7868d5f186e6bd604", &(0x7f00000000c0)="3c5d8da40d1477844fc4c160b6004a90edc520a6935a49cf5da4c2b525d13146ed27d429c762a4b0e9aaed82555cd1ae800d"}}) r7 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rtc0\x00', 0x101004, 0x0) preadv(r7, &(0x7f0000000440)=[{&(0x7f0000000340)=""/249, 0xf9}], 0x1, 0x0) pipe2(&(0x7f0000000580)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) ioctl$SG_GET_PACK_ID(r8, 0x227c, &(0x7f00000005c0)) ppoll(&(0x7f00000001c0)=[{r6, 0x8000}, {r7, 0x420}], 0x2, &(0x7f0000000200)={0x77359400}, &(0x7f0000000240)={0x9}, 0x8) mq_timedsend(r6, &(0x7f00000e6000), 0x0, 0xe7, &(0x7f0000e0b000)) getsockopt$inet_udp_int(r3, 0x11, 0x1, &(0x7f0000000280), &(0x7f0000000640)=0x4) write$eventfd(r4, &(0x7f00000002c0)=0x43, 0x8) setsockopt$inet_mreq(r2, 0x0, 0x23, &(0x7f0000000500)={@local, @rand_addr=0x800}, 0x8) syz_genetlink_get_family_id$team(&(0x7f0000000780)='team\x00') 20:43:11 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x800) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008fd0)={0x0, 0x0, &(0x7f0000003fe8), 0x0, 0x0, &(0x7f0000009000)}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f000000dfd0)={0x6800, 0x0, &(0x7f000000dfac), 0x1, 0x0, &(0x7f000000df36)="12"}) 20:43:11 executing program 7: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00009e3ff6)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00005befdc)) r1 = syz_open_pts(r0, 0x20201) write$binfmt_script(r1, &(0x7f0000000000)={'#! ', './file0'}, 0xb) 20:43:11 executing program 6: r0 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffff9c) setsockopt$inet6_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='cdg\x00', 0x4) r1 = socket$inet6(0xa, 0x1, 0xc2) setsockopt$inet6_int(r1, 0x29, 0x1000000000021, &(0x7f00000005c0)=0x1, 0xfffffffffffffd93) connect$inet6(r0, &(0x7f0000000240)={0xa, 0x0, 0x0, @local}, 0x1c) getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000000)={0x0, @rand_addr, @multicast1}, &(0x7f0000000040)=0xc) connect(r1, &(0x7f0000000080)=@can={0x1d, r2}, 0x80) getsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f0000000140)={{{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@local}, 0x0, @in6=@mcast1}}, &(0x7f0000000280)=0xe8) setuid(r3) 20:43:11 executing program 2: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000001000)={0x0, 0x0, &(0x7f0000182000)={&(0x7f0000000200)={0x2, 0x0, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, [@sadb_x_policy={0x8, 0x12, 0x0, 0x3, 0x0, 0x0, 0x0, {0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @in=@multicast1}}, @sadb_address={0x3, 0x6, 0x0, 0x0, 0x0, @in={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}}, @sadb_address={0x3, 0x5, 0x0, 0x0, 0x0, @in={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}}, @sadb_lifetime={0x4, 0x3, 0x2000}]}, 0xa0}}, 0x0) 20:43:11 executing program 0: r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCSIFADDR(r0, 0x8916, &(0x7f00000000c0)={'bond_slave_0\x00'}) ioctl$sock_inet_SIOCSIFADDR(r0, 0x8934, &(0x7f0000000000)={'bond_slave_0\x00', {0x2, 0x0, @local}}) [ 192.685738] RSP: 002b:00007f9b4e0a1c68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 192.693442] RAX: ffffffffffffffda RBX: 00007f9b4e0a26d4 RCX: 0000000000455ab9 [ 192.700703] RDX: 0000000020000140 RSI: 0000000020000640 RDI: 0000000020000100 [ 192.707960] RBP: 000000000072bf50 R08: 00000000200001c0 R09: 0000000000000000 [ 192.715230] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000015 [ 192.722486] R13: 00000000004c01fb R14: 00000000004cfe38 R15: 000000000000000a [ 192.757304] binder: 10553:10556 unknown command 0 20:43:11 executing program 5 (fault-call:7 fault-nth:11): mkdir(&(0x7f000082f000)='./control\x00', 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x1032, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000e4c000)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0) write$sndseq(r1, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) mount(&(0x7f0000000100)='./control\x00', &(0x7f0000000640)='./control/file0\x00', &(0x7f0000000140)='proc\x00', 0x0, &(0x7f00000001c0)) lchown(&(0x7f0000000040)='./control/file0\x00', 0x0, 0x0) close(r0) 20:43:11 executing program 3: write(0xffffffffffffffff, &(0x7f00000000c0)="d5067a26e495f04b78", 0x9) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000000)={0x10, 0x0, &(0x7f0000005fd4)=[@acquire, @acquire={0x400c630e}], 0x0, 0x0, &(0x7f00000001c0)}) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000008fd0)={0x8, 0x0, &(0x7f00000000c0)=[@release={0x400c630f}], 0x0, 0x0, &(0x7f0000000f4d)}) 20:43:11 executing program 0: r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCSIFADDR(r0, 0x8916, &(0x7f00000000c0)={'bond_slave_0\x00'}) ioctl$sock_inet_SIOCSIFADDR(r0, 0x8955, &(0x7f0000000000)={'bond_slave_0\x00', {0x2, 0x0, @local}}) 20:43:11 executing program 2: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000001000)={0x0, 0x0, &(0x7f0000182000)={&(0x7f0000000200)={0x2, 0x4000000000000d, 0x0, 0x0, 0xc, 0x0, 0x0, 0x0, [@sadb_address={0x3, 0x6, 0x0, 0x0, 0x0, @in={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}}, @sadb_address={0x3, 0x5, 0x0, 0x0, 0x0, @in={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}}, @sadb_lifetime={0x4, 0x3, 0x2000}]}, 0x60}}, 0x0) 20:43:11 executing program 7: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00009e3ff6)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETSW(r0, 0x5403, &(0x7f0000000800)={0x0, 0x9d3}) r1 = syz_open_pts(r0, 0x20201) write$binfmt_script(r1, &(0x7f0000000000)={'#! ', './file0'}, 0xb) 20:43:11 executing program 3: write(0xffffffffffffffff, &(0x7f00000000c0)="d5067a26e495f04b78", 0x9) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000000)={0x10, 0x0, &(0x7f0000005fd4)=[@acquire, @acquire={0x400c630e}], 0x0, 0x0, &(0x7f00000001c0)}) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000008fd0)={0x8, 0x0, &(0x7f00000000c0)=[@release={0x400c630f}], 0x0, 0x0, &(0x7f0000000f4d)}) [ 192.793496] binder: 10553:10556 ioctl c0306201 2000dfd0 returned -22 [ 192.813181] binder: 10553:10572 unknown command 0 20:43:11 executing program 2: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000001000)={0x0, 0x0, &(0x7f0000182000)={&(0x7f0000000200)={0x2, 0x4000000000000d, 0x0, 0x0, 0xc, 0x0, 0x0, 0x0, [@sadb_address={0x3, 0x6, 0x0, 0x0, 0x0, @in={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}}, @sadb_address={0x3, 0x5, 0x0, 0x0, 0x0, @in={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}}, @sadb_lifetime={0x4, 0x3, 0x2000}]}, 0x60}}, 0x0) 20:43:11 executing program 6: r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000000)='/dev/audio\x00', 0x0, 0x0) setsockopt$bt_hci_HCI_DATA_DIR(r0, 0x0, 0x1, &(0x7f0000000080)=0x200, 0x4) ioctl$VT_GETSTATE(r0, 0x5603, &(0x7f0000000040)={0x2, 0x6, 0x1000}) socket$inet6(0xa, 0x6, 0xffff) r1 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_int(r1, 0x29, 0x1000000000021, &(0x7f00000005c0)=0x1, 0x4) connect$inet6(r1, &(0x7f0000000240)={0xa, 0x0, 0x0, @local}, 0x1c) [ 192.853893] binder: 10553:10572 ioctl c0306201 2000dfd0 returned -22 20:43:11 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x800) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008fd0)={0x0, 0x0, &(0x7f0000003fe8), 0x0, 0x0, &(0x7f0000009000)}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f000000dfd0)={0x7a00, 0x0, &(0x7f000000dfac), 0x1, 0x0, &(0x7f000000df36)="12"}) 20:43:11 executing program 7: ioctl$TCSETS(0xffffffffffffffff, 0x40045431, &(0x7f00005befdc)) ioctl$TCSETSW(0xffffffffffffffff, 0x5403, &(0x7f0000000800)={0x0, 0x9d3}) r0 = syz_open_pts(0xffffffffffffffff, 0x20201) write$binfmt_script(r0, &(0x7f0000000000)={'#! ', './file0'}, 0xb) [ 192.951651] binder: 10603:10604 unknown command 0 [ 192.978747] binder: 10603:10604 ioctl c0306201 2000dfd0 returned -22 [ 192.995582] binder: 10603:10608 unknown command 0 [ 193.000927] binder: 10603:10608 ioctl c0306201 2000dfd0 returned -22 [ 193.637221] FAULT_INJECTION: forcing a failure. [ 193.637221] name failslab, interval 1, probability 0, space 0, times 0 [ 193.648496] CPU: 1 PID: 10615 Comm: syz-executor5 Not tainted 4.18.0-rc5-next-20180720+ #12 [ 193.657032] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 193.666402] Call Trace: [ 193.669019] dump_stack+0x1c9/0x2b4 [ 193.672662] ? dump_stack_print_info.cold.2+0x52/0x52 [ 193.677868] should_fail.cold.4+0xa/0x11 [ 193.681953] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 193.687073] ? save_stack+0xa9/0xd0 [ 193.690729] ? save_stack+0x43/0xd0 [ 193.694366] ? kasan_kmalloc+0xc4/0xe0 [ 193.698248] ? __kmalloc+0x14e/0x760 [ 193.701952] ? __list_lru_init+0x151/0x840 [ 193.706190] ? alloc_super+0x976/0xb10 [ 193.710103] ? sget_fc+0x269/0x950 [ 193.713649] ? vfs_get_super+0x6e/0x270 [ 193.717636] ? proc_get_tree+0x88/0xb0 [ 193.721524] ? vfs_get_tree+0x1cb/0x5c0 [ 193.725498] ? do_mount+0x6f2/0x1e20 [ 193.729246] ? ksys_mount+0x12d/0x140 [ 193.733046] ? __x64_sys_mount+0xbe/0x150 [ 193.737206] ? do_syscall_64+0x1b9/0x820 [ 193.741266] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 193.746622] ? save_stack+0xa9/0xd0 [ 193.750243] ? lock_acquire+0x1e4/0x540 [ 193.754204] ? fs_reclaim_acquire+0x20/0x20 [ 193.758513] ? lock_downgrade+0x8f0/0x8f0 [ 193.762654] ? check_same_owner+0x340/0x340 [ 193.766981] ? rcu_note_context_switch+0x730/0x730 [ 193.771925] __should_failslab+0x124/0x180 [ 193.776169] should_failslab+0x9/0x14 [ 193.779960] kmem_cache_alloc_node_trace+0x26f/0x770 [ 193.785053] ? kasan_kmalloc+0xc4/0xe0 [ 193.788930] __kmalloc_node+0x33/0x70 [ 193.792720] kvmalloc_node+0x65/0xf0 [ 193.796425] __list_lru_init+0x5d9/0x840 [ 193.800477] ? list_lru_destroy+0x500/0x500 [ 193.804789] ? prealloc_shrinker+0x213/0x480 [ 193.809184] ? __init_waitqueue_head+0x9e/0x150 [ 193.813841] ? inactive_list_is_low+0x850/0x850 [ 193.818499] ? __lockdep_init_map+0x105/0x590 [ 193.823005] alloc_super+0x976/0xb10 [ 193.826712] ? destroy_unused_super.part.11+0x110/0x110 [ 193.832065] ? lock_downgrade+0x8f0/0x8f0 [ 193.836207] ? kasan_check_read+0x11/0x20 [ 193.840347] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 193.844917] ? kasan_check_write+0x14/0x20 [ 193.849148] ? do_raw_spin_lock+0xc1/0x200 [ 193.853372] ? ns_test_super+0x50/0x50 [ 193.857264] sget_fc+0x269/0x950 [ 193.860640] ? compare_single+0x10/0x10 [ 193.864604] ? alloc_super+0xb10/0xb10 [ 193.868477] ? kasan_kmalloc+0xc4/0xe0 [ 193.872356] ? __kmalloc_track_caller+0x311/0x760 [ 193.877187] ? proc_root_lookup+0x60/0x60 [ 193.881322] vfs_get_super+0x6e/0x270 [ 193.885113] proc_get_tree+0x88/0xb0 [ 193.888830] vfs_get_tree+0x1cb/0x5c0 [ 193.892619] do_mount+0x6f2/0x1e20 [ 193.896165] ? check_same_owner+0x340/0x340 [ 193.900474] ? lock_release+0xa30/0xa30 [ 193.904449] ? copy_mount_string+0x40/0x40 [ 193.908668] ? __do_page_fault+0x449/0xe50 [ 193.912918] ? retint_kernel+0x10/0x10 [ 193.916805] ? copy_mount_options+0x1f0/0x380 [ 193.921295] ? copy_mount_options+0x200/0x380 [ 193.925784] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 193.931316] ? copy_mount_options+0x285/0x380 [ 193.935828] ksys_mount+0x12d/0x140 [ 193.939447] __x64_sys_mount+0xbe/0x150 [ 193.943433] do_syscall_64+0x1b9/0x820 [ 193.947305] ? finish_task_switch+0x1d3/0x870 [ 193.951788] ? syscall_return_slowpath+0x5e0/0x5e0 [ 193.956704] ? syscall_return_slowpath+0x31d/0x5e0 [ 193.961621] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 193.966627] ? prepare_exit_to_usermode+0x291/0x3b0 [ 193.971636] ? perf_trace_sys_enter+0xb10/0xb10 [ 193.976294] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 193.981147] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 193.986331] RIP: 0033:0x455ab9 [ 193.989526] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 194.008710] RSP: 002b:00007f9b4e0a1c68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 194.016458] RAX: ffffffffffffffda RBX: 00007f9b4e0a26d4 RCX: 0000000000455ab9 [ 194.025114] RDX: 0000000020000140 RSI: 0000000020000640 RDI: 0000000020000100 20:43:12 executing program 4: preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000080)=""/148, 0x289}], 0x1, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/arp\x00') preadv(r0, &(0x7f0000000480), 0x10000000000002a1, 0x10400003) ioctl$TUNGETSNDBUF(0xffffffffffffffff, 0x800454d3, &(0x7f0000000000)) ioctl$PERF_EVENT_IOC_RESET(0xffffffffffffffff, 0x2403, 0x5) fcntl$setown(r0, 0x8, 0x0) r1 = epoll_create1(0x80006) r2 = socket(0x1d, 0x0, 0x1116) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r2, &(0x7f0000000000)={0xfffffffe8000201f}) setsockopt$inet_udp_int(r2, 0x11, 0x6f, &(0x7f0000000100)=0x7, 0x4) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r1, &(0x7f0000000540)={0x20000003}) ioctl$sock_netdev_private(r3, 0x89f0, &(0x7f0000000480)) ioctl$BLKSECDISCARD(r3, 0x127d, &(0x7f0000000300)=0x6bb) r5 = perf_event_open(&(0x7f0000000140)={0x2, 0xb1, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) fcntl$getown(r5, 0x9) r6 = mq_open(&(0x7f00005a1ffb)='eth0\x00', 0x42, 0x0, &(0x7f0000000000)={0x0, 0x6, 0x4}) mq_notify(r6, &(0x7f0000000140)={0x0, 0x2e, 0x1, @thr={&(0x7f0000000040)="7be4d6b00202ca53878499e01146863a2e7c8ca45e1910e5eba6453bb6f234b5a1b1bca731970a74bfc8e1793749ea18156c9b8a615bfa2f506fcf44060d36e38f66f111149434d5139e416358ea33f34b4507cdc299f7868d5f186e6bd604", &(0x7f00000000c0)="3c5d8da40d1477844fc4c160b6004a90edc520a6935a49cf5da4c2b525d13146ed27d429c762a4b0e9aaed82555cd1ae800d"}}) r7 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rtc0\x00', 0x101004, 0x0) preadv(r7, &(0x7f0000000440)=[{&(0x7f0000000340)=""/249, 0xf9}], 0x1, 0x0) pipe2(&(0x7f0000000580)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) ioctl$SG_GET_PACK_ID(r8, 0x227c, &(0x7f00000005c0)) ppoll(&(0x7f00000001c0)=[{r6, 0x8000}, {r7, 0x420}], 0x2, &(0x7f0000000200)={0x77359400}, &(0x7f0000000240)={0x9}, 0x8) mq_timedsend(r6, &(0x7f00000e6000), 0x0, 0xe7, &(0x7f0000e0b000)) getsockopt$inet_udp_int(r3, 0x11, 0x1, &(0x7f0000000280), &(0x7f0000000640)=0x4) write$eventfd(r4, &(0x7f00000002c0)=0x43, 0x8) setsockopt$inet_mreq(r2, 0x0, 0x23, &(0x7f0000000500)={@local, @rand_addr=0x800}, 0x8) syz_genetlink_get_family_id$team(&(0x7f0000000780)='team\x00') 20:43:12 executing program 0: r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCSIFADDR(r0, 0x8916, &(0x7f00000000c0)={'bond_slave_0\x00'}) ioctl$sock_inet_SIOCSIFADDR(r0, 0x8983, &(0x7f0000000000)={'bond_slave_0\x00', {0x2, 0x0, @local}}) 20:43:12 executing program 3: write(0xffffffffffffffff, &(0x7f00000000c0)="d5067a26e495f04b78", 0x9) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000000)={0x10, 0x0, &(0x7f0000005fd4)=[@acquire, @acquire={0x400c630e}], 0x0, 0x0, &(0x7f00000001c0)}) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000008fd0)={0x8, 0x0, &(0x7f00000000c0)=[@release={0x400c630f}], 0x0, 0x0, &(0x7f0000000f4d)}) 20:43:12 executing program 6: r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f00000005c0)=0x1, 0x4) syz_open_dev$adsp(&(0x7f0000000040)='/dev/adsp#\x00', 0x4, 0x208000) r1 = semget(0x0, 0x4, 0x102) semctl$SEM_INFO(r1, 0x0, 0x13, &(0x7f0000000000)=""/50) connect$inet6(r0, &(0x7f0000000240)={0xa, 0x0, 0x0, @local}, 0x1c) 20:43:12 executing program 2: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000001000)={0x0, 0x0, &(0x7f0000182000)={&(0x7f0000000200)={0x2, 0x4000000000000d, 0x0, 0x0, 0xc, 0x0, 0x0, 0x0, [@sadb_address={0x3, 0x6, 0x0, 0x0, 0x0, @in={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}}, @sadb_address={0x3, 0x5, 0x0, 0x0, 0x0, @in={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}}, @sadb_lifetime={0x4, 0x3, 0x2000}]}, 0x60}}, 0x0) 20:43:12 executing program 7: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00009e3ff6)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(0xffffffffffffffff, 0x40045431, &(0x7f00005befdc)) ioctl$TCSETSW(r0, 0x5403, &(0x7f0000000800)={0x0, 0x9d3}) r1 = syz_open_pts(r0, 0x20201) write$binfmt_script(r1, &(0x7f0000000000)={'#! ', './file0'}, 0xb) [ 194.032373] RBP: 000000000072bf50 R08: 00000000200001c0 R09: 0000000000000000 [ 194.039627] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000015 [ 194.046884] R13: 00000000004c01fb R14: 00000000004cfe38 R15: 000000000000000b 20:43:12 executing program 5 (fault-call:7 fault-nth:12): mkdir(&(0x7f000082f000)='./control\x00', 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x1032, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000e4c000)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0) write$sndseq(r1, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) mount(&(0x7f0000000100)='./control\x00', &(0x7f0000000640)='./control/file0\x00', &(0x7f0000000140)='proc\x00', 0x0, &(0x7f00000001c0)) lchown(&(0x7f0000000040)='./control/file0\x00', 0x0, 0x0) close(r0) 20:43:12 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x800) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008fd0)={0x0, 0x0, &(0x7f0000003fe8), 0x0, 0x0, &(0x7f0000009000)}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f000000dfd0)={0x2000000000000000, 0x0, &(0x7f000000dfac), 0x1, 0x0, &(0x7f000000df36)="12"}) 20:43:12 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000872936)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x10, 0x0, &(0x7f0000005fd4)=[@acquire, @acquire={0x400c630e}], 0x0, 0x0, &(0x7f00000001c0)}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008fd0)={0x8, 0x0, &(0x7f00000000c0)=[@release={0x400c630f}], 0x0, 0x0, &(0x7f0000000f4d)}) 20:43:12 executing program 6: r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f00000005c0)=0x1, 0x4) ioctl$TUNSETVNETBE(r0, 0x400454de, &(0x7f0000000380)) connect$inet6(r0, &(0x7f0000000240)={0xa, 0x4e22, 0x0, @local, 0xfffffffffffffe00}, 0x1c) getsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000000)={{{@in6=@loopback, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6}, 0x0, @in=@multicast2}}, &(0x7f00000001c0)=0xe8) ioctl$sock_inet6_SIOCADDRT(r0, 0x890b, &(0x7f0000000140)={@mcast2, @mcast2, @ipv4, 0x800, 0x1, 0x3, 0x0, 0x3, 0xa00001, r1}) setsockopt$inet6_MCAST_LEAVE_GROUP(r0, 0x29, 0x2d, &(0x7f0000000280)={0x100, {{0xa, 0x4e22, 0x6, @dev={0xfe, 0x80, [], 0x11}, 0x5}}}, 0x88) r2 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000100)='\'\x00', 0xffffffffffffff9c}, 0x10) ioctl$TIOCGETD(r2, 0x5424, &(0x7f0000000340)) setsockopt$inet6_MCAST_LEAVE_GROUP(r0, 0x29, 0x2d, &(0x7f00000003c0)={0x6d0, {{0xa, 0x4e20, 0x3, @local, 0x5}}}, 0x88) 20:43:12 executing program 2: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000001000)={0x0, 0x0, &(0x7f0000182000)={&(0x7f0000000200)={0x2, 0x4000000000000d, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, [@sadb_x_policy={0x8, 0x12, 0x0, 0x0, 0x0, 0x0, 0x0, {0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @in=@multicast1}}, @sadb_address={0x3, 0x6, 0x0, 0x0, 0x0, @in={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}}, @sadb_address={0x3, 0x5, 0x0, 0x0, 0x0, @in={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}}, @sadb_lifetime={0x4, 0x3, 0x2000}]}, 0xa0}}, 0x0) 20:43:12 executing program 7: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00009e3ff6)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00005befdc)) ioctl$TCSETSW(0xffffffffffffffff, 0x5403, &(0x7f0000000800)={0x0, 0x9d3}) r1 = syz_open_pts(r0, 0x20201) write$binfmt_script(r1, &(0x7f0000000000)={'#! ', './file0'}, 0xb) 20:43:12 executing program 0: r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCSIFADDR(r0, 0x8916, &(0x7f00000000c0)={'bond_slave_0\x00'}) ioctl$sock_inet_SIOCSIFADDR(r0, 0x8904, &(0x7f0000000000)={'bond_slave_0\x00', {0x2, 0x0, @local}}) [ 194.128629] binder: 10632:10633 unknown command 0 [ 194.146890] binder: 10632:10633 ioctl c0306201 2000dfd0 returned -22 [ 194.154612] binder: 10632:10637 unknown command 0 [ 194.159626] binder: 10632:10637 ioctl c0306201 2000dfd0 returned -22 [ 194.161443] binder: undelivered death notification, 0000000000000000 20:43:12 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x800) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008fd0)={0x0, 0x0, &(0x7f0000003fe8), 0x0, 0x0, &(0x7f0000009000)}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f000000dfd0)={0x6000000, 0x0, &(0x7f000000dfac), 0x1, 0x0, &(0x7f000000df36)="12"}) 20:43:12 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000872936)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x10, 0x0, &(0x7f0000005fd4)=[@acquire, @acquire={0x400c630e}], 0x0, 0x0, &(0x7f00000001c0)}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008fd0)={0x8, 0x0, &(0x7f00000000c0)=[@release={0x400c630f}], 0x0, 0x0, &(0x7f0000000f4d)}) 20:43:12 executing program 2: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000001000)={0x0, 0x0, &(0x7f0000182000)={&(0x7f0000000200)={0x2, 0x4000000000000d, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, [@sadb_x_policy={0x8, 0x12, 0x0, 0x0, 0x0, 0x0, 0x0, {0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @in=@multicast1}}, @sadb_address={0x3, 0x6, 0x0, 0x0, 0x0, @in={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}}, @sadb_address={0x3, 0x5, 0x0, 0x0, 0x0, @in={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}}, @sadb_lifetime={0x4, 0x3, 0x2000}]}, 0xa0}}, 0x0) [ 194.262884] binder: undelivered death notification, 0000000000000000 [ 194.273316] binder: 10659:10660 unknown command 0 [ 194.309511] binder: 10659:10660 ioctl c0306201 2000dfd0 returned -22 [ 194.328155] binder: 10659:10667 unknown command 0 [ 194.335078] binder: 10659:10667 ioctl c0306201 2000dfd0 returned -22 [ 195.009240] FAULT_INJECTION: forcing a failure. [ 195.009240] name failslab, interval 1, probability 0, space 0, times 0 [ 195.020566] CPU: 1 PID: 10673 Comm: syz-executor5 Not tainted 4.18.0-rc5-next-20180720+ #12 [ 195.029065] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 195.038429] Call Trace: [ 195.041021] dump_stack+0x1c9/0x2b4 [ 195.044730] ? dump_stack_print_info.cold.2+0x52/0x52 [ 195.049918] should_fail.cold.4+0xa/0x11 [ 195.053985] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 195.059078] ? is_bpf_text_address+0xd7/0x170 [ 195.063562] ? kernel_text_address+0x79/0xf0 [ 195.067961] ? __kernel_text_address+0xd/0x40 [ 195.072449] ? unwind_get_return_address+0x61/0xa0 [ 195.077370] ? __save_stack_trace+0x8d/0xf0 [ 195.081689] ? save_stack+0xa9/0xd0 [ 195.085311] ? lock_acquire+0x1e4/0x540 [ 195.089274] ? fs_reclaim_acquire+0x20/0x20 [ 195.093621] ? lock_downgrade+0x8f0/0x8f0 [ 195.097764] ? __x64_sys_mount+0xbe/0x150 [ 195.101932] ? check_same_owner+0x340/0x340 [ 195.106250] ? rcu_note_context_switch+0x730/0x730 [ 195.111171] __should_failslab+0x124/0x180 [ 195.115401] should_failslab+0x9/0x14 [ 195.119198] kmem_cache_alloc_trace+0x2cb/0x780 [ 195.123858] ? kasan_kmalloc+0xc4/0xe0 [ 195.127837] __memcg_init_list_lru_node+0x185/0x2d0 [ 195.132843] ? kvfree_rcu+0x20/0x20 [ 195.136456] ? __kmalloc_node+0x47/0x70 [ 195.140423] __list_lru_init+0x4d6/0x840 [ 195.144493] ? list_lru_destroy+0x500/0x500 [ 195.148805] ? prealloc_shrinker+0x213/0x480 [ 195.153288] ? __init_waitqueue_head+0x9e/0x150 [ 195.157947] ? inactive_list_is_low+0x850/0x850 [ 195.162613] ? __lockdep_init_map+0x105/0x590 [ 195.167106] alloc_super+0x976/0xb10 [ 195.170816] ? destroy_unused_super.part.11+0x110/0x110 [ 195.176172] ? lock_downgrade+0x8f0/0x8f0 [ 195.180319] ? kasan_check_read+0x11/0x20 [ 195.184457] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 195.189040] ? kasan_check_write+0x14/0x20 [ 195.193261] ? do_raw_spin_lock+0xc1/0x200 [ 195.197481] ? ns_test_super+0x50/0x50 [ 195.201379] sget_fc+0x269/0x950 [ 195.204845] ? compare_single+0x10/0x10 [ 195.208821] ? alloc_super+0xb10/0xb10 [ 195.212698] ? kasan_kmalloc+0xc4/0xe0 [ 195.216580] ? __kmalloc_track_caller+0x311/0x760 [ 195.221416] ? proc_root_lookup+0x60/0x60 [ 195.225551] vfs_get_super+0x6e/0x270 [ 195.229341] proc_get_tree+0x88/0xb0 [ 195.233071] vfs_get_tree+0x1cb/0x5c0 [ 195.236867] do_mount+0x6f2/0x1e20 [ 195.240402] ? check_same_owner+0x340/0x340 [ 195.244711] ? lock_release+0xa30/0xa30 [ 195.248675] ? copy_mount_string+0x40/0x40 [ 195.252899] ? __do_page_fault+0x449/0xe50 [ 195.257125] ? retint_kernel+0x10/0x10 [ 195.261031] ? copy_mount_options+0x1f0/0x380 [ 195.265526] ? copy_mount_options+0x200/0x380 [ 195.270017] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 195.275567] ? copy_mount_options+0x285/0x380 [ 195.280066] ksys_mount+0x12d/0x140 [ 195.283774] __x64_sys_mount+0xbe/0x150 [ 195.287757] do_syscall_64+0x1b9/0x820 [ 195.291643] ? finish_task_switch+0x1d3/0x870 [ 195.296132] ? syscall_return_slowpath+0x5e0/0x5e0 [ 195.301054] ? syscall_return_slowpath+0x31d/0x5e0 [ 195.305976] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 195.311009] ? prepare_exit_to_usermode+0x291/0x3b0 [ 195.316043] ? perf_trace_sys_enter+0xb10/0xb10 [ 195.320703] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 195.325540] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 195.330718] RIP: 0033:0x455ab9 [ 195.333905] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 195.353114] RSP: 002b:00007f9b4e0a1c68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 20:43:14 executing program 4: preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000080)=""/148, 0x289}], 0x1, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/arp\x00') preadv(r0, &(0x7f0000000480), 0x10000000000002a1, 0x10400003) ioctl$TUNGETSNDBUF(0xffffffffffffffff, 0x800454d3, &(0x7f0000000000)) ioctl$PERF_EVENT_IOC_RESET(0xffffffffffffffff, 0x2403, 0x5) fcntl$setown(r0, 0x8, 0x0) r1 = epoll_create1(0x80006) r2 = socket(0x1d, 0x0, 0x1116) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r2, &(0x7f0000000000)={0xfffffffe8000201f}) setsockopt$inet_udp_int(r2, 0x11, 0x6f, &(0x7f0000000100)=0x7, 0x4) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r1, &(0x7f0000000540)={0x20000003}) ioctl$sock_netdev_private(r3, 0x89f0, &(0x7f0000000480)="dd6c4aae95babf1ba2cec8b824c3d8fd5e5e2a57f332e1c96456a1d00ea4ce51a18b3bfae24dc491ada880e92ffe5376d59852e5ee1b2cde661cadfb") ioctl$BLKSECDISCARD(r3, 0x127d, &(0x7f0000000300)=0x6bb) r5 = perf_event_open(&(0x7f0000000140)={0x2, 0xb1, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) fcntl$getown(r5, 0x9) r6 = mq_open(&(0x7f00005a1ffb)='eth0\x00', 0x42, 0x0, &(0x7f0000000000)={0x0, 0x6, 0x4}) mq_notify(r6, &(0x7f0000000140)={0x0, 0x2e, 0x1, @thr={&(0x7f0000000040)="7be4d6b00202ca53878499e01146863a2e7c8ca45e1910e5eba6453bb6f234b5a1b1bca731970a74bfc8e1793749ea18156c9b8a615bfa2f506fcf44060d36e38f66f111149434d5139e416358ea33f34b4507cdc299f7868d5f186e6bd604", &(0x7f00000000c0)="3c5d8da40d1477844fc4c160b6004a90edc520a6935a49cf5da4c2b525d13146ed27d429c762a4b0e9aaed82555cd1ae800d"}}) r7 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rtc0\x00', 0x101004, 0x0) preadv(r7, &(0x7f0000000440)=[{&(0x7f0000000340)=""/249, 0xf9}], 0x1, 0x0) pipe2(&(0x7f0000000580)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) ioctl$SG_GET_PACK_ID(r8, 0x227c, &(0x7f00000005c0)) ppoll(&(0x7f00000001c0)=[{r6, 0x8000}, {r7, 0x420}], 0x2, &(0x7f0000000200)={0x77359400}, &(0x7f0000000240)={0x9}, 0x8) mq_timedsend(r6, &(0x7f00000e6000), 0x0, 0xe7, &(0x7f0000e0b000)) getsockopt$inet_udp_int(r3, 0x11, 0x1, &(0x7f0000000280), &(0x7f0000000640)=0x4) write$eventfd(r4, &(0x7f00000002c0)=0x43, 0x8) setsockopt$inet_mreq(r2, 0x0, 0x23, &(0x7f0000000500)={@local, @rand_addr=0x800}, 0x8) syz_genetlink_get_family_id$team(&(0x7f0000000780)='team\x00') 20:43:14 executing program 6: r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f00000005c0)=0x1, 0xfffffffffffffe33) connect$inet6(r0, &(0x7f0000000240)={0xa, 0x0, 0x0, @local}, 0x1c) getsockopt$inet6_int(r0, 0x29, 0x4b, &(0x7f0000000000), &(0x7f0000000040)=0x4) 20:43:14 executing program 2: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000001000)={0x0, 0x0, &(0x7f0000182000)={&(0x7f0000000200)={0x2, 0x4000000000000d, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, [@sadb_x_policy={0x8, 0x12, 0x0, 0x0, 0x0, 0x0, 0x0, {0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @in=@multicast1}}, @sadb_address={0x3, 0x6, 0x0, 0x0, 0x0, @in={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}}, @sadb_address={0x3, 0x5, 0x0, 0x0, 0x0, @in={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}}, @sadb_lifetime={0x4, 0x3, 0x2000}]}, 0xa0}}, 0x0) 20:43:14 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000872936)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x10, 0x0, &(0x7f0000005fd4)=[@acquire, @acquire={0x400c630e}], 0x0, 0x0, &(0x7f00000001c0)}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008fd0)={0x8, 0x0, &(0x7f00000000c0)=[@release={0x400c630f}], 0x0, 0x0, &(0x7f0000000f4d)}) 20:43:14 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x800) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008fd0)={0x0, 0x0, &(0x7f0000003fe8), 0x0, 0x0, &(0x7f0000009000)}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f000000dfd0)={0x60, 0x0, &(0x7f000000dfac), 0x1, 0x0, &(0x7f000000df36)="12"}) 20:43:14 executing program 7: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00009e3ff6)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00005befdc)) ioctl$TCSETSW(0xffffffffffffffff, 0x5403, &(0x7f0000000800)={0x0, 0x9d3}) r1 = syz_open_pts(r0, 0x20201) write$binfmt_script(r1, &(0x7f0000000000)={'#! ', './file0'}, 0xb) [ 195.360899] RAX: ffffffffffffffda RBX: 00007f9b4e0a26d4 RCX: 0000000000455ab9 [ 195.368154] RDX: 0000000020000140 RSI: 0000000020000640 RDI: 0000000020000100 [ 195.375421] RBP: 000000000072bf50 R08: 00000000200001c0 R09: 0000000000000000 [ 195.382695] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000015 [ 195.389952] R13: 00000000004c01fb R14: 00000000004cfe38 R15: 000000000000000c [ 195.428442] binder: 10674:10684 unknown command 0 [ 195.435170] binder: undelivered death notification, 0000000000000000 [ 195.441255] binder: 10674:10684 ioctl c0306201 2000dfd0 returned -22 [ 195.458981] binder: 10674:10689 unknown command 0 20:43:14 executing program 5 (fault-call:7 fault-nth:13): mkdir(&(0x7f000082f000)='./control\x00', 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x1032, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000e4c000)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0) write$sndseq(r1, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) mount(&(0x7f0000000100)='./control\x00', &(0x7f0000000640)='./control/file0\x00', &(0x7f0000000140)='proc\x00', 0x0, &(0x7f00000001c0)) lchown(&(0x7f0000000040)='./control/file0\x00', 0x0, 0x0) close(r0) 20:43:14 executing program 0: r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCSIFADDR(r0, 0x8916, &(0x7f00000000c0)={'bond_slave_0\x00'}) ioctl$sock_inet_SIOCSIFADDR(r0, 0x8940, &(0x7f0000000000)={'bond_slave_0\x00', {0x2, 0x0, @local}}) 20:43:14 executing program 3: write(0xffffffffffffffff, &(0x7f00000000c0), 0x0) r0 = syz_open_dev$binder(&(0x7f0000872936)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x10, 0x0, &(0x7f0000005fd4)=[@acquire, @acquire={0x400c630e}], 0x0, 0x0, &(0x7f00000001c0)}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008fd0)={0x8, 0x0, &(0x7f00000000c0)=[@release={0x400c630f}], 0x0, 0x0, &(0x7f0000000f4d)}) 20:43:14 executing program 2: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000001000)={0x0, 0x0, &(0x7f0000182000)={&(0x7f0000000200)={0x2, 0x4000000000000d, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, [@sadb_x_policy={0x8, 0x12, 0x0, 0x3, 0x0, 0x0, 0x0, {0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @in=@multicast1}}, @sadb_address={0x3, 0x5, 0x0, 0x0, 0x0, @in={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}}, @sadb_lifetime={0x4, 0x3, 0x2000}]}, 0x88}}, 0x0) 20:43:14 executing program 6: r0 = socket$inet6(0xa, 0x1, 0x0) getsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r0, 0x84, 0x76, &(0x7f00000000c0)={0x0, 0x3ff}, &(0x7f0000000100)=0x8) getsockopt$inet_sctp6_SCTP_CONTEXT(r0, 0x84, 0x11, &(0x7f0000000140)={r1, 0x8}, &(0x7f0000000180)=0x8) setsockopt$inet6_int(r0, 0x29, 0x18, &(0x7f00000005c0)=0x1, 0x4) socket$inet6(0xa, 0x5, 0x7ff) connect$inet6(r0, &(0x7f0000000240)={0xa, 0x0, 0x0, @local}, 0x1c) r2 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000000)='/dev/qat_adf_ctl\x00', 0x200, 0x0) ioctl$KVM_SET_PIT2(r2, 0x4070aea0, &(0x7f0000000040)={[{0x1, 0x4, 0x3, 0x7, 0x0, 0x4, 0x5, 0x0, 0x2, 0x10001, 0x3a, 0x3, 0x2}, {0x0, 0x4ae8, 0xffffffffffffff9b, 0x3, 0xffffffffffffff81, 0x5, 0x3, 0xfffffffffffffff9, 0x0, 0x8, 0x8, 0x200, 0x830f}, {0xf24, 0x1, 0xa08, 0xffffffffffffff00, 0x0, 0xfff, 0xffffffffffffff7f, 0x180, 0x9, 0x100000000, 0x100000000, 0x7, 0xcb2}], 0x800}) 20:43:14 executing program 7: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00009e3ff6)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00005befdc)) ioctl$TCSETSW(0xffffffffffffffff, 0x5403, &(0x7f0000000800)={0x0, 0x9d3}) r1 = syz_open_pts(r0, 0x20201) write$binfmt_script(r1, &(0x7f0000000000)={'#! ', './file0'}, 0xb) [ 195.476129] binder: 10674:10689 ioctl c0306201 2000dfd0 returned -22 20:43:14 executing program 0: r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCSIFADDR(r0, 0x8916, &(0x7f00000000c0)={'bond_slave_0\x00'}) ioctl$sock_inet_SIOCSIFADDR(r0, 0x2, &(0x7f0000000000)={'bond_slave_0\x00', {0x2, 0x0, @local}}) 20:43:14 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x800) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008fd0)={0x0, 0x0, &(0x7f0000003fe8), 0x0, 0x0, &(0x7f0000009000)}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f000000dfd0)={0x60000000, 0x0, &(0x7f000000dfac), 0x1, 0x0, &(0x7f000000df36)="12"}) 20:43:14 executing program 7: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00009e3ff6)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00005befdc)) ioctl$TCSETSW(r0, 0x5403, &(0x7f0000000800)) r1 = syz_open_pts(r0, 0x20201) write$binfmt_script(r1, &(0x7f0000000000)={'#! ', './file0'}, 0xb) 20:43:14 executing program 2: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000001000)={0x0, 0x0, &(0x7f0000182000)={&(0x7f0000000200)={0x2, 0x4000000000000d, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, [@sadb_x_policy={0x8, 0x12, 0x0, 0x3, 0x0, 0x0, 0x0, {0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @in=@multicast1}}, @sadb_address={0x3, 0x5, 0x0, 0x0, 0x0, @in={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}}, @sadb_lifetime={0x4, 0x3, 0x2000}]}, 0x88}}, 0x0) [ 195.542289] binder: undelivered death notification, 0000000000000000 [ 195.559114] QAT: Invalid ioctl [ 195.611248] binder: 10714:10715 unknown command 0 [ 195.619900] binder: 10714:10715 ioctl c0306201 2000dfd0 returned -22 [ 195.646432] binder: 10714:10716 unknown command 0 [ 195.662108] binder: 10714:10716 ioctl c0306201 2000dfd0 returned -22 [ 196.345875] FAULT_INJECTION: forcing a failure. [ 196.345875] name failslab, interval 1, probability 0, space 0, times 0 [ 196.357294] CPU: 1 PID: 10731 Comm: syz-executor5 Not tainted 4.18.0-rc5-next-20180720+ #12 [ 196.365799] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 196.375305] Call Trace: [ 196.377904] dump_stack+0x1c9/0x2b4 [ 196.381526] ? dump_stack_print_info.cold.2+0x52/0x52 [ 196.386886] ? __kernel_text_address+0xd/0x40 [ 196.391376] ? unwind_get_return_address+0x61/0xa0 [ 196.396309] should_fail.cold.4+0xa/0x11 [ 196.400456] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 196.405570] ? save_stack+0xa9/0xd0 [ 196.409192] ? save_stack+0x43/0xd0 [ 196.412826] ? kasan_kmalloc+0xc4/0xe0 [ 196.416710] ? kmem_cache_alloc_trace+0x152/0x780 [ 196.421550] ? __memcg_init_list_lru_node+0x185/0x2d0 [ 196.426759] ? __list_lru_init+0x4d6/0x840 [ 196.431119] ? alloc_super+0x976/0xb10 [ 196.435012] ? vfs_get_super+0x6e/0x270 [ 196.438983] ? proc_get_tree+0x88/0xb0 [ 196.442882] ? vfs_get_tree+0x1cb/0x5c0 [ 196.446856] ? do_mount+0x6f2/0x1e20 [ 196.450562] ? ksys_mount+0x12d/0x140 [ 196.454352] ? __x64_sys_mount+0xbe/0x150 [ 196.458508] ? do_syscall_64+0x1b9/0x820 [ 196.462563] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 196.467924] ? save_stack+0xa9/0xd0 [ 196.471550] ? lock_acquire+0x1e4/0x540 [ 196.475533] ? fs_reclaim_acquire+0x20/0x20 [ 196.479871] ? lock_downgrade+0x8f0/0x8f0 [ 196.484017] ? __x64_sys_mount+0xbe/0x150 [ 196.488174] ? check_same_owner+0x340/0x340 [ 196.492522] ? rcu_note_context_switch+0x730/0x730 [ 196.497451] __should_failslab+0x124/0x180 [ 196.501687] should_failslab+0x9/0x14 [ 196.505481] kmem_cache_alloc_trace+0x2cb/0x780 [ 196.510138] ? kasan_kmalloc+0xc4/0xe0 [ 196.514023] __memcg_init_list_lru_node+0x185/0x2d0 [ 196.519048] ? kvfree_rcu+0x20/0x20 [ 196.522683] ? __kmalloc_node+0x47/0x70 [ 196.526763] __list_lru_init+0x4d6/0x840 [ 196.530821] ? list_lru_destroy+0x500/0x500 [ 196.535153] ? prealloc_shrinker+0x213/0x480 [ 196.539559] ? __init_waitqueue_head+0x9e/0x150 [ 196.544233] ? inactive_list_is_low+0x850/0x850 [ 196.548988] ? __lockdep_init_map+0x105/0x590 [ 196.553602] alloc_super+0x976/0xb10 [ 196.557327] ? destroy_unused_super.part.11+0x110/0x110 [ 196.562695] ? lock_downgrade+0x8f0/0x8f0 [ 196.566927] ? kasan_check_read+0x11/0x20 [ 196.571068] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 196.575651] ? kasan_check_write+0x14/0x20 [ 196.579882] ? do_raw_spin_lock+0xc1/0x200 [ 196.584123] ? ns_test_super+0x50/0x50 [ 196.588018] sget_fc+0x269/0x950 [ 196.591401] ? compare_single+0x10/0x10 [ 196.595367] ? alloc_super+0xb10/0xb10 [ 196.599250] ? kasan_kmalloc+0xc4/0xe0 [ 196.603130] ? __kmalloc_track_caller+0x311/0x760 [ 196.607971] ? proc_root_lookup+0x60/0x60 [ 196.612131] vfs_get_super+0x6e/0x270 [ 196.615929] proc_get_tree+0x88/0xb0 [ 196.619644] vfs_get_tree+0x1cb/0x5c0 [ 196.623437] do_mount+0x6f2/0x1e20 [ 196.626969] ? check_same_owner+0x340/0x340 [ 196.631283] ? lock_release+0xa30/0xa30 [ 196.635252] ? copy_mount_string+0x40/0x40 [ 196.639478] ? __do_page_fault+0x449/0xe50 [ 196.643705] ? retint_kernel+0x10/0x10 [ 196.647593] ? copy_mount_options+0x1f0/0x380 [ 196.652085] ? copy_mount_options+0x200/0x380 [ 196.656577] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 196.662111] ? copy_mount_options+0x285/0x380 [ 196.666605] ksys_mount+0x12d/0x140 [ 196.670229] __x64_sys_mount+0xbe/0x150 [ 196.674214] do_syscall_64+0x1b9/0x820 [ 196.678112] ? syscall_return_slowpath+0x5e0/0x5e0 [ 196.683039] ? syscall_return_slowpath+0x31d/0x5e0 [ 196.687966] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 196.692989] ? prepare_exit_to_usermode+0x291/0x3b0 [ 196.698018] ? perf_trace_sys_enter+0xb10/0xb10 [ 196.702680] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 196.707533] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 196.712728] RIP: 0033:0x455ab9 [ 196.715909] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 196.735109] RSP: 002b:00007f9b4e0a1c68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 20:43:15 executing program 4: preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000080)=""/148, 0x289}], 0x1, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/arp\x00') preadv(r0, &(0x7f0000000480), 0x10000000000002a1, 0x10400003) ioctl$TUNGETSNDBUF(0xffffffffffffffff, 0x800454d3, &(0x7f0000000000)) ioctl$PERF_EVENT_IOC_RESET(0xffffffffffffffff, 0x2403, 0x5) fcntl$setown(r0, 0x8, 0x0) r1 = epoll_create1(0x80006) r2 = socket(0x1d, 0x0, 0x1116) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r2, &(0x7f0000000000)={0xfffffffe8000201f}) setsockopt$inet_udp_int(r2, 0x11, 0x6f, &(0x7f0000000100)=0x7, 0x4) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r1, &(0x7f0000000540)={0x20000003}) ioctl$sock_netdev_private(r3, 0x89f0, &(0x7f0000000480)="dd6c4aae95babf1ba2cec8b824c3d8fd5e5e2a57f332e1c96456a1d00ea4ce51a18b3bfae24dc491ada880e92ffe5376d59852e5ee1b2cde661cadfb31d0a597bb36b5180ca4958e224ea71a6b099d1592d459f4f498fce378eb") ioctl$BLKSECDISCARD(r3, 0x127d, &(0x7f0000000300)=0x6bb) r5 = perf_event_open(&(0x7f0000000140)={0x2, 0xb1, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) fcntl$getown(r5, 0x9) r6 = mq_open(&(0x7f00005a1ffb)='eth0\x00', 0x42, 0x0, &(0x7f0000000000)={0x0, 0x6, 0x4}) mq_notify(r6, &(0x7f0000000140)={0x0, 0x2e, 0x1, @thr={&(0x7f0000000040)="7be4d6b00202ca53878499e01146863a2e7c8ca45e1910e5eba6453bb6f234b5a1b1bca731970a74bfc8e1793749ea18156c9b8a615bfa2f506fcf44060d36e38f66f111149434d5139e416358ea33f34b4507cdc299f7868d5f186e6bd604", &(0x7f00000000c0)="3c5d8da40d1477844fc4c160b6004a90edc520a6935a49cf5da4c2b525d13146ed27d429c762a4b0e9aaed82555cd1ae800d"}}) r7 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rtc0\x00', 0x101004, 0x0) preadv(r7, &(0x7f0000000440)=[{&(0x7f0000000340)=""/249, 0xf9}], 0x1, 0x0) pipe2(&(0x7f0000000580)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) ioctl$SG_GET_PACK_ID(r8, 0x227c, &(0x7f00000005c0)) ppoll(&(0x7f00000001c0)=[{r6, 0x8000}, {r7, 0x420}], 0x2, &(0x7f0000000200)={0x77359400}, &(0x7f0000000240)={0x9}, 0x8) mq_timedsend(r6, &(0x7f00000e6000), 0x0, 0xe7, &(0x7f0000e0b000)) getsockopt$inet_udp_int(r3, 0x11, 0x1, &(0x7f0000000280), &(0x7f0000000640)=0x4) write$eventfd(r4, &(0x7f00000002c0)=0x43, 0x8) setsockopt$inet_mreq(r2, 0x0, 0x23, &(0x7f0000000500)={@local, @rand_addr=0x800}, 0x8) syz_genetlink_get_family_id$team(&(0x7f0000000780)='team\x00') 20:43:15 executing program 3: write(0xffffffffffffffff, &(0x7f00000000c0), 0x0) r0 = syz_open_dev$binder(&(0x7f0000872936)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x10, 0x0, &(0x7f0000005fd4)=[@acquire, @acquire={0x400c630e}], 0x0, 0x0, &(0x7f00000001c0)}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008fd0)={0x8, 0x0, &(0x7f00000000c0)=[@release={0x400c630f}], 0x0, 0x0, &(0x7f0000000f4d)}) 20:43:15 executing program 6: r0 = dup2(0xffffffffffffffff, 0xffffffffffffff9c) ioctl$KVM_SET_IDENTITY_MAP_ADDR(r0, 0x4008ae48, &(0x7f0000000000)=0x100002) r1 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_int(r1, 0x29, 0x1000000000021, &(0x7f00000005c0)=0x1, 0x4) connect$inet6(r1, &(0x7f0000000240)={0xa, 0x0, 0x0, @local}, 0x1c) 20:43:15 executing program 0: r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCSIFADDR(r0, 0x8916, &(0x7f00000000c0)={'bond_slave_0\x00'}) ioctl$sock_inet_SIOCSIFADDR(r0, 0x8919, &(0x7f0000000000)={'bond_slave_0\x00', {0x2, 0x0, @local}}) 20:43:15 executing program 7: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00009e3ff6)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00005befdc)) ioctl$TCSETSW(r0, 0x5403, &(0x7f0000000800)) r1 = syz_open_pts(r0, 0x20201) write$binfmt_script(r1, &(0x7f0000000000)={'#! ', './file0'}, 0xb) 20:43:15 executing program 2: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000001000)={0x0, 0x0, &(0x7f0000182000)={&(0x7f0000000200)={0x2, 0x4000000000000d, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, [@sadb_x_policy={0x8, 0x12, 0x0, 0x3, 0x0, 0x0, 0x0, {0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @in=@multicast1}}, @sadb_address={0x3, 0x5, 0x0, 0x0, 0x0, @in={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}}, @sadb_lifetime={0x4, 0x3, 0x2000}]}, 0x88}}, 0x0) [ 196.742807] RAX: ffffffffffffffda RBX: 00007f9b4e0a26d4 RCX: 0000000000455ab9 [ 196.750065] RDX: 0000000020000140 RSI: 0000000020000640 RDI: 0000000020000100 [ 196.757325] RBP: 000000000072bf50 R08: 00000000200001c0 R09: 0000000000000000 [ 196.764584] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000015 [ 196.771841] R13: 00000000004c01fb R14: 00000000004cfe38 R15: 000000000000000d [ 196.807964] binder: undelivered death notification, 0000000000000000 20:43:15 executing program 5 (fault-call:7 fault-nth:14): mkdir(&(0x7f000082f000)='./control\x00', 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x1032, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000e4c000)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0) write$sndseq(r1, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) mount(&(0x7f0000000100)='./control\x00', &(0x7f0000000640)='./control/file0\x00', &(0x7f0000000140)='proc\x00', 0x0, &(0x7f00000001c0)) lchown(&(0x7f0000000040)='./control/file0\x00', 0x0, 0x0) close(r0) 20:43:15 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x800) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008fd0)={0x0, 0x0, &(0x7f0000003fe8), 0x0, 0x0, &(0x7f0000009000)}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f000000dfd0)={0x3, 0x0, &(0x7f000000dfac), 0x1, 0x0, &(0x7f000000df36)="12"}) 20:43:15 executing program 3: write(0xffffffffffffffff, &(0x7f00000000c0), 0x0) r0 = syz_open_dev$binder(&(0x7f0000872936)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x10, 0x0, &(0x7f0000005fd4)=[@acquire, @acquire={0x400c630e}], 0x0, 0x0, &(0x7f00000001c0)}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008fd0)={0x8, 0x0, &(0x7f00000000c0)=[@release={0x400c630f}], 0x0, 0x0, &(0x7f0000000f4d)}) 20:43:15 executing program 0: r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCSIFADDR(r0, 0x8916, &(0x7f00000000c0)={'bond_slave_0\x00'}) ioctl$sock_inet_SIOCSIFADDR(r0, 0x5452, &(0x7f0000000000)={'bond_slave_0\x00', {0x2, 0x0, @local}}) 20:43:15 executing program 2: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000001000)={0x0, 0x0, &(0x7f0000182000)={&(0x7f0000000200)={0x2, 0x4000000000000d, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, [@sadb_x_policy={0x8, 0x12, 0x0, 0x3, 0x0, 0x0, 0x0, {0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @in=@multicast1}}, @sadb_address={0x3, 0x0, 0x0, 0x0, 0x0, @in={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}}, @sadb_address={0x3, 0x5, 0x0, 0x0, 0x0, @in={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}}, @sadb_lifetime={0x4, 0x3, 0x2000}]}, 0xa0}}, 0x0) 20:43:15 executing program 7: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00009e3ff6)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00005befdc)) ioctl$TCSETSW(r0, 0x5403, &(0x7f0000000800)) r1 = syz_open_pts(r0, 0x20201) write$binfmt_script(r1, &(0x7f0000000000)={'#! ', './file0'}, 0xb) 20:43:15 executing program 6: r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f00000005c0)=0x1, 0x4) connect$inet6(r0, &(0x7f0000000240)={0xa, 0x0, 0x0, @local}, 0x1c) r1 = accept4(r0, &(0x7f00000001c0)=@generic, &(0x7f0000000280)=0x80, 0x80000) setsockopt$bt_BT_SNDMTU(r1, 0x112, 0xc, &(0x7f00000002c0)=0x4, 0x2) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000300), &(0x7f0000000340)=0xc) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000140), &(0x7f0000000180)=0xc) getsockopt$inet6_IPV6_IPSEC_POLICY(r0, 0x29, 0x22, &(0x7f0000000000)={{{@in6=@ipv4, @in=@multicast2}}, {{@in=@remote}, 0x0, @in6=@mcast1}}, &(0x7f0000000100)=0xe8) [ 196.884118] binder: 10750:10751 unknown command 0 20:43:15 executing program 0: r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCSIFADDR(r0, 0x8916, &(0x7f00000000c0)={'bond_slave_0\x00'}) ioctl$sock_inet_SIOCSIFADDR(r0, 0x89a1, &(0x7f0000000000)={'bond_slave_0\x00', {0x2, 0x0, @local}}) 20:43:15 executing program 3: write(0xffffffffffffffff, &(0x7f00000000c0)="d5067a26e4", 0x5) r0 = syz_open_dev$binder(&(0x7f0000872936)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x10, 0x0, &(0x7f0000005fd4)=[@acquire, @acquire={0x400c630e}], 0x0, 0x0, &(0x7f00000001c0)}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008fd0)={0x8, 0x0, &(0x7f00000000c0)=[@release={0x400c630f}], 0x0, 0x0, &(0x7f0000000f4d)}) [ 196.904664] binder: undelivered death notification, 0000000000000000 [ 196.914366] binder: 10750:10751 ioctl c0306201 2000dfd0 returned -22 20:43:15 executing program 2: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000001000)={0x0, 0x0, &(0x7f0000182000)={&(0x7f0000000200)={0x2, 0x4000000000000d, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, [@sadb_x_policy={0x8, 0x12, 0x0, 0x3, 0x0, 0x0, 0x0, {0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @in=@multicast1}}, @sadb_address={0x3, 0x0, 0x0, 0x0, 0x0, @in={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}}, @sadb_address={0x3, 0x5, 0x0, 0x0, 0x0, @in={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}}, @sadb_lifetime={0x4, 0x3, 0x2000}]}, 0xa0}}, 0x0) [ 196.983860] binder: 10750:10771 unknown command 0 [ 197.011893] binder: 10750:10771 ioctl c0306201 2000dfd0 returned -22 [ 197.020337] binder: undelivered death notification, 0000000000000000 [ 197.729445] FAULT_INJECTION: forcing a failure. [ 197.729445] name failslab, interval 1, probability 0, space 0, times 0 [ 197.740739] CPU: 1 PID: 10789 Comm: syz-executor5 Not tainted 4.18.0-rc5-next-20180720+ #12 [ 197.749235] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 197.758586] Call Trace: [ 197.761189] dump_stack+0x1c9/0x2b4 [ 197.764829] ? dump_stack_print_info.cold.2+0x52/0x52 [ 197.770023] should_fail.cold.4+0xa/0x11 [ 197.774084] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 197.779189] ? is_bpf_text_address+0xd7/0x170 [ 197.783697] ? kernel_text_address+0x79/0xf0 [ 197.788108] ? __kernel_text_address+0xd/0x40 [ 197.792603] ? unwind_get_return_address+0x61/0xa0 [ 197.797570] ? __save_stack_trace+0x8d/0xf0 [ 197.801896] ? save_stack+0xa9/0xd0 [ 197.805521] ? lock_acquire+0x1e4/0x540 [ 197.809495] ? fs_reclaim_acquire+0x20/0x20 [ 197.813805] ? lock_downgrade+0x8f0/0x8f0 [ 197.817942] ? __x64_sys_mount+0xbe/0x150 [ 197.822111] ? check_same_owner+0x340/0x340 [ 197.826448] ? rcu_note_context_switch+0x730/0x730 [ 197.831369] __should_failslab+0x124/0x180 [ 197.835592] should_failslab+0x9/0x14 [ 197.839384] kmem_cache_alloc_trace+0x2cb/0x780 [ 197.844064] ? kasan_kmalloc+0xc4/0xe0 [ 197.847959] __memcg_init_list_lru_node+0x185/0x2d0 [ 197.852969] ? kvfree_rcu+0x20/0x20 [ 197.856592] ? __kmalloc_node+0x47/0x70 [ 197.860568] __list_lru_init+0x4d6/0x840 [ 197.864626] ? list_lru_destroy+0x500/0x500 [ 197.868967] ? prealloc_shrinker+0x213/0x480 [ 197.873364] ? __init_waitqueue_head+0x9e/0x150 [ 197.878027] ? inactive_list_is_low+0x850/0x850 [ 197.882688] ? __lockdep_init_map+0x105/0x590 [ 197.887175] alloc_super+0x976/0xb10 [ 197.890893] ? destroy_unused_super.part.11+0x110/0x110 [ 197.896250] ? lock_downgrade+0x8f0/0x8f0 [ 197.900411] ? kasan_check_read+0x11/0x20 [ 197.904556] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 197.909131] ? kasan_check_write+0x14/0x20 [ 197.913359] ? do_raw_spin_lock+0xc1/0x200 [ 197.917584] ? ns_test_super+0x50/0x50 [ 197.921462] sget_fc+0x269/0x950 [ 197.924820] ? compare_single+0x10/0x10 [ 197.928784] ? alloc_super+0xb10/0xb10 [ 197.932661] ? kasan_kmalloc+0xc4/0xe0 [ 197.936537] ? __kmalloc_track_caller+0x311/0x760 [ 197.941371] ? proc_root_lookup+0x60/0x60 [ 197.945519] vfs_get_super+0x6e/0x270 [ 197.949321] proc_get_tree+0x88/0xb0 [ 197.953025] vfs_get_tree+0x1cb/0x5c0 [ 197.956815] do_mount+0x6f2/0x1e20 [ 197.960343] ? copy_mount_string+0x40/0x40 [ 197.964587] ? __do_page_fault+0x449/0xe50 [ 197.968813] ? retint_kernel+0x10/0x10 [ 197.972693] ? copy_mount_options+0x1f0/0x380 [ 197.977189] ? copy_mount_options+0x200/0x380 [ 197.981676] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 197.987235] ? copy_mount_options+0x285/0x380 [ 197.991728] ksys_mount+0x12d/0x140 [ 197.995363] __x64_sys_mount+0xbe/0x150 [ 197.999341] do_syscall_64+0x1b9/0x820 [ 198.003216] ? finish_task_switch+0x1d3/0x870 [ 198.007709] ? syscall_return_slowpath+0x5e0/0x5e0 [ 198.012634] ? syscall_return_slowpath+0x31d/0x5e0 [ 198.017575] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 198.022590] ? prepare_exit_to_usermode+0x291/0x3b0 [ 198.028969] ? perf_trace_sys_enter+0xb10/0xb10 [ 198.033640] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 198.038506] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 198.043683] RIP: 0033:0x455ab9 [ 198.046858] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 198.066054] RSP: 002b:00007f9b4e0a1c68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 198.073757] RAX: ffffffffffffffda RBX: 00007f9b4e0a26d4 RCX: 0000000000455ab9 20:43:16 executing program 4: preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000080)=""/148, 0x289}], 0x1, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/arp\x00') preadv(r0, &(0x7f0000000480), 0x10000000000002a1, 0x10400003) ioctl$TUNGETSNDBUF(0xffffffffffffffff, 0x800454d3, &(0x7f0000000000)) ioctl$PERF_EVENT_IOC_RESET(0xffffffffffffffff, 0x2403, 0x5) fcntl$setown(r0, 0x8, 0x0) r1 = epoll_create1(0x80006) r2 = socket(0x1d, 0x0, 0x1116) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r2, &(0x7f0000000000)={0xfffffffe8000201f}) setsockopt$inet_udp_int(r2, 0x11, 0x6f, &(0x7f0000000100)=0x7, 0x4) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r1, &(0x7f0000000540)={0x20000003}) ioctl$sock_netdev_private(r3, 0x89f0, &(0x7f0000000480)="dd6c4aae95babf1ba2cec8b824c3d8fd5e5e2a57f332e1c96456a1d00ea4ce51a18b3bfae24dc491ada880e92ffe5376d59852e5ee1b2cde661cadfb31d0a597bb36b5180ca4958e224ea71a6b099d1592d459f4f498fce378ebf9ec4774f407b189a23bfebadf7494") ioctl$BLKSECDISCARD(r3, 0x127d, &(0x7f0000000300)=0x6bb) r5 = perf_event_open(&(0x7f0000000140)={0x2, 0xb1, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) fcntl$getown(r5, 0x9) r6 = mq_open(&(0x7f00005a1ffb)='eth0\x00', 0x42, 0x0, &(0x7f0000000000)={0x0, 0x6, 0x4}) mq_notify(r6, &(0x7f0000000140)={0x0, 0x2e, 0x1, @thr={&(0x7f0000000040)="7be4d6b00202ca53878499e01146863a2e7c8ca45e1910e5eba6453bb6f234b5a1b1bca731970a74bfc8e1793749ea18156c9b8a615bfa2f506fcf44060d36e38f66f111149434d5139e416358ea33f34b4507cdc299f7868d5f186e6bd604", &(0x7f00000000c0)="3c5d8da40d1477844fc4c160b6004a90edc520a6935a49cf5da4c2b525d13146ed27d429c762a4b0e9aaed82555cd1ae800d"}}) r7 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rtc0\x00', 0x101004, 0x0) preadv(r7, &(0x7f0000000440)=[{&(0x7f0000000340)=""/249, 0xf9}], 0x1, 0x0) pipe2(&(0x7f0000000580)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) ioctl$SG_GET_PACK_ID(r8, 0x227c, &(0x7f00000005c0)) ppoll(&(0x7f00000001c0)=[{r6, 0x8000}, {r7, 0x420}], 0x2, &(0x7f0000000200)={0x77359400}, &(0x7f0000000240)={0x9}, 0x8) mq_timedsend(r6, &(0x7f00000e6000), 0x0, 0xe7, &(0x7f0000e0b000)) getsockopt$inet_udp_int(r3, 0x11, 0x1, &(0x7f0000000280), &(0x7f0000000640)=0x4) write$eventfd(r4, &(0x7f00000002c0)=0x43, 0x8) setsockopt$inet_mreq(r2, 0x0, 0x23, &(0x7f0000000500)={@local, @rand_addr=0x800}, 0x8) syz_genetlink_get_family_id$team(&(0x7f0000000780)='team\x00') 20:43:16 executing program 7: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00009e3ff6)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00005befdc)) ioctl$TCSETSW(r0, 0x5403, &(0x7f0000000800)={0x0, 0x9d3}) r1 = syz_open_pts(0xffffffffffffffff, 0x20201) write$binfmt_script(r1, &(0x7f0000000000)={'#! ', './file0'}, 0xb) 20:43:16 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x800) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008fd0)={0x0, 0x0, &(0x7f0000003fe8), 0x0, 0x0, &(0x7f0000009000)}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f000000dfd0)={0x6c, 0x0, &(0x7f000000dfac), 0x1, 0x0, &(0x7f000000df36)="12"}) 20:43:16 executing program 2: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000001000)={0x0, 0x0, &(0x7f0000182000)={&(0x7f0000000200)={0x2, 0x4000000000000d, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, [@sadb_x_policy={0x8, 0x12, 0x0, 0x3, 0x0, 0x0, 0x0, {0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @in=@multicast1}}, @sadb_address={0x3, 0x0, 0x0, 0x0, 0x0, @in={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}}, @sadb_address={0x3, 0x5, 0x0, 0x0, 0x0, @in={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}}, @sadb_lifetime={0x4, 0x3, 0x2000}]}, 0xa0}}, 0x0) 20:43:16 executing program 6: r0 = socket$inet6(0xa, 0x1, 0x0) fcntl$F_GET_FILE_RW_HINT(r0, 0x40d, &(0x7f0000000700)) setsockopt$inet6_int(r0, 0x29, 0x36, &(0x7f0000000300)=0x2a, 0x100000148) connect$inet6(r0, &(0x7f0000000240)={0xa, 0x0, 0x0, @local}, 0x1c) r1 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/autofs\x00', 0x40000, 0x0) writev(r1, &(0x7f0000000680)=[{&(0x7f0000000340)="58bd1896ec1aad147b2041708a93b113cf17b725c355acc131de274e442261c442f49de46a775700467859b8512de82546e56a7977101e6855e5130f30c976e9986b05b41f58d52effe9a33b45cced78e0be1179859d080618f821f5d7a57829b511b4676f3090ff05d0f8385688bd0f38eb42b1da44ac25b663bff1329f66ebe7a8038866966353443519e62f037b4ee1c405e869e0c5c97048566d58ac80d6a649c7", 0xa3}, {&(0x7f00000001c0)="751dbc6962164e84878475b493ccfc015963f54c2a801caf6f3d592d27d4a0d439884fe0722e0215", 0x28}, {&(0x7f0000000400)="b65fa462326d65a74a58a4db8e7835026075a85bfdaae29468bdfb00d138f6ea1952420f1a16dacf1fe26f84523bab1ee958c43ede7c92b3f8d0a5aec18d0d2806eefb0e6adcb79862a92ac813d3de0fbe491b434d65a78c09ba18ae9b5b87c8f860bb0517a8bf2fced5252433a026e50a3091f0577f0674da3a6e9d04fc91daa858b6cbb7ca9fbf17ed342ceec93311ec1dd9f847f5190da60c63d3de7c3f601fb96b223f45270352cb8e326f48dc4e4b5a0ca7d9eb62c8da30", 0xba}, {&(0x7f00000004c0)="6fe7aa23b87b52559c189fe538080391aa16403a868deb40df3f2b9f3333d13c96f254c44327c861b778e657a078322fe058e4751c6b7f9f15cb43907d6cc53dd084a1d974daf39937c5d12df02c55db0f9600555dcfa7a1aa2b83c2c660a6ad8d719cf18b43d9e4c259cb519f2fd0598d2650af27d5add338d0d45ee36c9ea9c7664a68f3452a81f71469f381aa017baa08287cad6b6dcdb1aaf896ff7712fd05a6e2de792bfc61d8e6ad90bf79357038764dabbd1f850909", 0xb9}, {&(0x7f0000000280)="074e3666cba9b2f22bbbb9390fdf591ef0afb439cb7c9407343366704db7d178b43a382fa4b6817b47e104d5febc9ca2da3e8433b11701de03a313574f8cb69c274aca2547839c30029531c5851fea0aca1ebf44b9e9395d93bb24810774f4edcee522ab3ed67604b91a449e65c67c4732b82c", 0x73}, {&(0x7f0000000580)="143c6b7e7954db2fd0e808e55c70716b866916f3ae07ae307a5a776847e12cb6706fea8cc11dde7bffce29257226453c0a12114e3721d5900a8af04c330fb713053af27298d40b520d387687bb02461edd14aac563baa2aad59234caab0dedba5837a3a4951b19ca56309db9d3f3d9039008c3dfdb51ce9f3b165242efa352a1753aa843532286f90cba7a164ebb7907a92f6067feff2ea01fe37392eabebbb90755d1dc837ff7178c710d17c05563fb598abc0e232f74db296f69da5d6500437895913990fc", 0xc6}, {&(0x7f0000000200)="636328ab955733cf0d9fc9d7645e186ff84ce66bfc6fee59e7a9823b3227221c0526", 0x22}], 0x7) ioctl$KVM_SET_GSI_ROUTING(r1, 0x4008ae6a, &(0x7f0000000040)=ANY=[@ANYBLOB="07000000000000000100000000000000000000000000000001010000f9fffffffcffffff0000000000000000000000000000000000000000060000000300000000000000000000000200000000000000040000000000000003000000000000000900000007000000010000000200000000000000000000000200000009000000008000000000000000000000000000000000000000000000ffffff7f0300000000000000000000000100ffff0000000000000000000000000000000000000000000000008000000003000000000000000000000001000000faffffff000000000000000000000000000000000000000000000000090000000300000000000000000000000000000002000000030000000000000000000000000000000080000003000000000000000000000006000000080078135067f1693780c5726300000000000000000000000000000000000000"]) 20:43:16 executing program 3: write(0xffffffffffffffff, &(0x7f00000000c0)="d5067a26e4", 0x5) r0 = syz_open_dev$binder(&(0x7f0000872936)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x10, 0x0, &(0x7f0000005fd4)=[@acquire, @acquire={0x400c630e}], 0x0, 0x0, &(0x7f00000001c0)}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008fd0)={0x8, 0x0, &(0x7f00000000c0)=[@release={0x400c630f}], 0x0, 0x0, &(0x7f0000000f4d)}) [ 198.081033] RDX: 0000000020000140 RSI: 0000000020000640 RDI: 0000000020000100 [ 198.088289] RBP: 000000000072bf50 R08: 00000000200001c0 R09: 0000000000000000 [ 198.095544] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000015 [ 198.102799] R13: 00000000004c01fb R14: 00000000004cfe38 R15: 000000000000000e [ 198.128071] binder: 10790:10791 unknown command 0 [ 198.140036] binder: undelivered death notification, 0000000000000000 [ 198.149475] binder: 10790:10791 ioctl c0306201 2000dfd0 returned -22 20:43:16 executing program 5 (fault-call:7 fault-nth:15): mkdir(&(0x7f000082f000)='./control\x00', 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x1032, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000e4c000)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0) write$sndseq(r1, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) mount(&(0x7f0000000100)='./control\x00', &(0x7f0000000640)='./control/file0\x00', &(0x7f0000000140)='proc\x00', 0x0, &(0x7f00000001c0)) lchown(&(0x7f0000000040)='./control/file0\x00', 0x0, 0x0) close(r0) 20:43:16 executing program 0: r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCSIFADDR(r0, 0x8916, &(0x7f00000000c0)={'bond_slave_0\x00'}) ioctl$sock_inet_SIOCSIFADDR(r0, 0x40049409, &(0x7f0000000000)={'bond_slave_0\x00', {0x2, 0x0, @local}}) 20:43:16 executing program 7: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00009e3ff6)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00005befdc)) ioctl$TCSETSW(r0, 0x5403, &(0x7f0000000800)={0x0, 0x9d3}) r1 = syz_open_pts(r0, 0x0) write$binfmt_script(r1, &(0x7f0000000000)={'#! ', './file0'}, 0xb) 20:43:16 executing program 3: write(0xffffffffffffffff, &(0x7f00000000c0)="d5067a26e4", 0x5) r0 = syz_open_dev$binder(&(0x7f0000872936)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x10, 0x0, &(0x7f0000005fd4)=[@acquire, @acquire={0x400c630e}], 0x0, 0x0, &(0x7f00000001c0)}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008fd0)={0x8, 0x0, &(0x7f00000000c0)=[@release={0x400c630f}], 0x0, 0x0, &(0x7f0000000f4d)}) 20:43:16 executing program 2: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000001000)={0x0, 0x0, &(0x7f0000182000)={&(0x7f0000000200)={0x2, 0x4000000000000d, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, [@sadb_x_policy={0x8, 0x12, 0x0, 0x3, 0x0, 0x0, 0x0, {0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @in=@multicast1}}, @sadb_address={0x3, 0x6, 0x0, 0x0, 0x0, @in={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}}, @sadb_lifetime={0x4, 0x3, 0x2000}]}, 0x88}}, 0x0) 20:43:16 executing program 6: r0 = socket$inet6(0xa, 0x1, 0x0) r1 = dup(r0) bind$netlink(r1, &(0x7f0000000080)={0x10, 0x0, 0x25dfdbfb, 0x100040}, 0xc) ioctl$EVIOCSABS0(r1, 0x401845c0, &(0x7f0000000040)={0x8, 0x8000, 0xb5, 0x8a7, 0x5, 0x3}) setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f00000005c0)=0x1, 0x4) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @remote, 0x68ba}, 0x1c) setsockopt$inet_sctp6_SCTP_RECVNXTINFO(r0, 0x84, 0x21, &(0x7f00000000c0)=0x7fff, 0x4) [ 198.177268] binder: 10790:10805 unknown command 0 [ 198.184210] binder: 10790:10805 ioctl c0306201 2000dfd0 returned -22 20:43:16 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x800) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008fd0)={0x0, 0x0, &(0x7f0000003fe8), 0x0, 0x0, &(0x7f0000009000)}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f000000dfd0)={0x6000000000000000, 0x0, &(0x7f000000dfac), 0x1, 0x0, &(0x7f000000df36)="12"}) 20:43:16 executing program 0: r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCSIFADDR(r0, 0x8916, &(0x7f00000000c0)={'bond_slave_0\x00'}) ioctl$sock_inet_SIOCSIFADDR(r0, 0x890c, &(0x7f0000000000)={'bond_slave_0\x00', {0x2, 0x0, @local}}) 20:43:17 executing program 7: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00009e3ff6)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00005befdc)) ioctl$TCSETSW(r0, 0x5403, &(0x7f0000000800)={0x0, 0x9d3}) r1 = syz_open_pts(r0, 0x20201) write$binfmt_script(0xffffffffffffffff, &(0x7f0000000000)={'#! ', './file0'}, 0xb) [ 198.242679] binder: undelivered death notification, 0000000000000000 20:43:17 executing program 2: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000001000)={0x0, 0x0, &(0x7f0000182000)={&(0x7f0000000200)={0x2, 0x4000000000000d, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, [@sadb_x_policy={0x8, 0x12, 0x0, 0x3, 0x0, 0x0, 0x0, {0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @in=@multicast1}}, @sadb_address={0x3, 0x6, 0x0, 0x0, 0x0, @in={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}}, @sadb_lifetime={0x4, 0x3, 0x2000}]}, 0x88}}, 0x0) [ 198.296742] binder: 10826:10827 unknown command 0 [ 198.309854] binder: 10826:10827 ioctl c0306201 2000dfd0 returned -22 [ 198.353482] binder: 10826:10840 unknown command 0 [ 198.369008] binder: 10826:10840 ioctl c0306201 2000dfd0 returned -22 [ 199.059676] FAULT_INJECTION: forcing a failure. [ 199.059676] name failslab, interval 1, probability 0, space 0, times 0 [ 199.070932] CPU: 0 PID: 10847 Comm: syz-executor5 Not tainted 4.18.0-rc5-next-20180720+ #12 [ 199.079418] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 199.088938] Call Trace: [ 199.091512] dump_stack+0x1c9/0x2b4 [ 199.095130] ? dump_stack_print_info.cold.2+0x52/0x52 [ 199.100307] ? __kernel_text_address+0xd/0x40 [ 199.104804] ? unwind_get_return_address+0x61/0xa0 [ 199.109733] should_fail.cold.4+0xa/0x11 [ 199.113803] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 199.118894] ? save_stack+0xa9/0xd0 [ 199.123460] ? save_stack+0x43/0xd0 [ 199.127074] ? kasan_kmalloc+0xc4/0xe0 [ 199.130948] ? kmem_cache_alloc_trace+0x152/0x780 [ 199.135788] ? __memcg_init_list_lru_node+0x185/0x2d0 [ 199.140963] ? __list_lru_init+0x4d6/0x840 [ 199.145188] ? alloc_super+0x976/0xb10 [ 199.149068] ? vfs_get_super+0x6e/0x270 [ 199.153050] ? proc_get_tree+0x88/0xb0 [ 199.156938] ? vfs_get_tree+0x1cb/0x5c0 [ 199.160911] ? do_mount+0x6f2/0x1e20 [ 199.164625] ? ksys_mount+0x12d/0x140 [ 199.168408] ? __x64_sys_mount+0xbe/0x150 [ 199.172556] ? do_syscall_64+0x1b9/0x820 [ 199.176607] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 199.181966] ? save_stack+0xa9/0xd0 [ 199.185582] ? lock_acquire+0x1e4/0x540 [ 199.189546] ? fs_reclaim_acquire+0x20/0x20 [ 199.193852] ? lock_downgrade+0x8f0/0x8f0 [ 199.197986] ? __x64_sys_mount+0xbe/0x150 [ 199.202122] ? check_same_owner+0x340/0x340 [ 199.206436] ? rcu_note_context_switch+0x730/0x730 [ 199.211354] __should_failslab+0x124/0x180 [ 199.215587] should_failslab+0x9/0x14 [ 199.219378] kmem_cache_alloc_trace+0x2cb/0x780 [ 199.224050] ? kasan_kmalloc+0xc4/0xe0 [ 199.227931] __memcg_init_list_lru_node+0x185/0x2d0 [ 199.232950] ? kvfree_rcu+0x20/0x20 [ 199.236574] ? __kmalloc_node+0x47/0x70 [ 199.240539] __list_lru_init+0x4d6/0x840 [ 199.244587] ? list_lru_destroy+0x500/0x500 [ 199.248918] ? prealloc_shrinker+0x213/0x480 [ 199.253325] ? __init_waitqueue_head+0x9e/0x150 [ 199.258083] ? inactive_list_is_low+0x850/0x850 [ 199.262745] ? __lockdep_init_map+0x105/0x590 [ 199.267231] alloc_super+0x976/0xb10 [ 199.270934] ? destroy_unused_super.part.11+0x110/0x110 [ 199.276295] ? lock_downgrade+0x8f0/0x8f0 [ 199.280431] ? kasan_check_read+0x11/0x20 [ 199.284573] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 199.289149] ? kasan_check_write+0x14/0x20 [ 199.293370] ? do_raw_spin_lock+0xc1/0x200 [ 199.297603] ? ns_test_super+0x50/0x50 [ 199.301477] sget_fc+0x269/0x950 [ 199.304955] ? compare_single+0x10/0x10 [ 199.308926] ? alloc_super+0xb10/0xb10 [ 199.312799] ? kasan_kmalloc+0xc4/0xe0 [ 199.316674] ? __kmalloc_track_caller+0x311/0x760 [ 199.321517] ? proc_root_lookup+0x60/0x60 [ 199.325858] vfs_get_super+0x6e/0x270 [ 199.329650] proc_get_tree+0x88/0xb0 [ 199.333365] vfs_get_tree+0x1cb/0x5c0 [ 199.337167] do_mount+0x6f2/0x1e20 [ 199.340694] ? check_same_owner+0x340/0x340 [ 199.345002] ? lock_release+0xa30/0xa30 [ 199.348974] ? copy_mount_string+0x40/0x40 [ 199.353197] ? __do_page_fault+0x449/0xe50 [ 199.357436] ? retint_kernel+0x10/0x10 [ 199.361314] ? copy_mount_options+0x1f0/0x380 [ 199.366058] ? copy_mount_options+0x200/0x380 [ 199.370560] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 199.376096] ? copy_mount_options+0x285/0x380 [ 199.380592] ksys_mount+0x12d/0x140 [ 199.384207] __x64_sys_mount+0xbe/0x150 [ 199.388170] do_syscall_64+0x1b9/0x820 [ 199.392044] ? finish_task_switch+0x1d3/0x870 [ 199.396535] ? syscall_return_slowpath+0x5e0/0x5e0 [ 199.401454] ? syscall_return_slowpath+0x31d/0x5e0 [ 199.406371] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 199.411479] ? prepare_exit_to_usermode+0x291/0x3b0 [ 199.416654] ? perf_trace_sys_enter+0xb10/0xb10 [ 199.421316] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 199.426151] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 199.431328] RIP: 0033:0x455ab9 [ 199.434498] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 20:43:18 executing program 4: preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000080)=""/148, 0x289}], 0x1, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/arp\x00') preadv(r0, &(0x7f0000000480), 0x10000000000002a1, 0x10400003) ioctl$TUNGETSNDBUF(0xffffffffffffffff, 0x800454d3, &(0x7f0000000000)) ioctl$PERF_EVENT_IOC_RESET(0xffffffffffffffff, 0x2403, 0x5) fcntl$setown(r0, 0x8, 0x0) r1 = epoll_create1(0x80006) r2 = socket(0x1d, 0x0, 0x1116) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r2, &(0x7f0000000000)={0xfffffffe8000201f}) setsockopt$inet_udp_int(r2, 0x11, 0x6f, &(0x7f0000000100)=0x7, 0x4) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r1, &(0x7f0000000540)={0x20000003}) ioctl$sock_netdev_private(r3, 0x89f0, &(0x7f0000000480)="dd6c4aae95babf1ba2cec8b824c3d8fd5e5e2a57f332e1c96456a1d00ea4ce51a18b3bfae24dc491ada880e92ffe5376d59852e5ee1b2cde661cadfb31d0a597bb36b5180ca4958e224ea71a6b099d1592d459f4f498fce378ebf9ec4774f407b189a23bfebadf74943b2858f72fd422") ioctl$BLKSECDISCARD(r3, 0x127d, &(0x7f0000000300)=0x6bb) r5 = perf_event_open(&(0x7f0000000140)={0x2, 0xb1, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) fcntl$getown(r5, 0x9) r6 = mq_open(&(0x7f00005a1ffb)='eth0\x00', 0x42, 0x0, &(0x7f0000000000)={0x0, 0x6, 0x4}) mq_notify(r6, &(0x7f0000000140)={0x0, 0x2e, 0x1, @thr={&(0x7f0000000040)="7be4d6b00202ca53878499e01146863a2e7c8ca45e1910e5eba6453bb6f234b5a1b1bca731970a74bfc8e1793749ea18156c9b8a615bfa2f506fcf44060d36e38f66f111149434d5139e416358ea33f34b4507cdc299f7868d5f186e6bd604", &(0x7f00000000c0)="3c5d8da40d1477844fc4c160b6004a90edc520a6935a49cf5da4c2b525d13146ed27d429c762a4b0e9aaed82555cd1ae800d"}}) r7 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rtc0\x00', 0x101004, 0x0) preadv(r7, &(0x7f0000000440)=[{&(0x7f0000000340)=""/249, 0xf9}], 0x1, 0x0) pipe2(&(0x7f0000000580)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) ioctl$SG_GET_PACK_ID(r8, 0x227c, &(0x7f00000005c0)) ppoll(&(0x7f00000001c0)=[{r6, 0x8000}, {r7, 0x420}], 0x2, &(0x7f0000000200)={0x77359400}, &(0x7f0000000240)={0x9}, 0x8) mq_timedsend(r6, &(0x7f00000e6000), 0x0, 0xe7, &(0x7f0000e0b000)) getsockopt$inet_udp_int(r3, 0x11, 0x1, &(0x7f0000000280), &(0x7f0000000640)=0x4) write$eventfd(r4, &(0x7f00000002c0)=0x43, 0x8) setsockopt$inet_mreq(r2, 0x0, 0x23, &(0x7f0000000500)={@local, @rand_addr=0x800}, 0x8) syz_genetlink_get_family_id$team(&(0x7f0000000780)='team\x00') 20:43:18 executing program 3: write(0xffffffffffffffff, &(0x7f00000000c0)="d5067a26e495f0", 0x7) r0 = syz_open_dev$binder(&(0x7f0000872936)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x10, 0x0, &(0x7f0000005fd4)=[@acquire, @acquire={0x400c630e}], 0x0, 0x0, &(0x7f00000001c0)}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008fd0)={0x8, 0x0, &(0x7f00000000c0)=[@release={0x400c630f}], 0x0, 0x0, &(0x7f0000000f4d)}) 20:43:18 executing program 6: r0 = socket$inet6(0xa, 0x1, 0x0) ftruncate(r0, 0x101) setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f00000005c0)=0x1, 0x4) connect$inet6(r0, &(0x7f0000000240)={0xa, 0x0, 0x0, @local}, 0x1c) ioctl$sock_inet_SIOCSIFBRDADDR(r0, 0x891a, &(0x7f0000000000)={'bond_slave_0\x00', {0x2, 0x4e20}}) 20:43:18 executing program 0: r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCSIFADDR(r0, 0x8916, &(0x7f00000000c0)={'bond_slave_0\x00'}) ioctl$sock_inet_SIOCSIFADDR(r0, 0x5451, &(0x7f0000000000)={'bond_slave_0\x00', {0x2, 0x0, @local}}) 20:43:18 executing program 7: 20:43:18 executing program 2: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000001000)={0x0, 0x0, &(0x7f0000182000)={&(0x7f0000000200)={0x2, 0x4000000000000d, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, [@sadb_x_policy={0x8, 0x12, 0x0, 0x3, 0x0, 0x0, 0x0, {0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @in=@multicast1}}, @sadb_address={0x3, 0x6, 0x0, 0x0, 0x0, @in={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}}, @sadb_lifetime={0x4, 0x3, 0x2000}]}, 0x88}}, 0x0) [ 199.454930] RSP: 002b:00007f9b4e0a1c68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 199.462645] RAX: ffffffffffffffda RBX: 00007f9b4e0a26d4 RCX: 0000000000455ab9 [ 199.469913] RDX: 0000000020000140 RSI: 0000000020000640 RDI: 0000000020000100 [ 199.477351] RBP: 000000000072bf50 R08: 00000000200001c0 R09: 0000000000000000 [ 199.484614] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000015 [ 199.491871] R13: 00000000004c01fb R14: 00000000004cfe38 R15: 000000000000000f [ 199.521498] binder: undelivered death notification, 0000000000000000 20:43:18 executing program 5 (fault-call:7 fault-nth:16): mkdir(&(0x7f000082f000)='./control\x00', 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x1032, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000e4c000)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0) write$sndseq(r1, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) mount(&(0x7f0000000100)='./control\x00', &(0x7f0000000640)='./control/file0\x00', &(0x7f0000000140)='proc\x00', 0x0, &(0x7f00000001c0)) lchown(&(0x7f0000000040)='./control/file0\x00', 0x0, 0x0) close(r0) 20:43:18 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x800) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008fd0)={0x0, 0x0, &(0x7f0000003fe8), 0x0, 0x0, &(0x7f0000009000)}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f000000dfd0)={0x4000000, 0x0, &(0x7f000000dfac), 0x1, 0x0, &(0x7f000000df36)="12"}) 20:43:18 executing program 7: 20:43:18 executing program 3: write(0xffffffffffffffff, &(0x7f00000000c0)="d5067a26e495f0", 0x7) r0 = syz_open_dev$binder(&(0x7f0000872936)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x10, 0x0, &(0x7f0000005fd4)=[@acquire, @acquire={0x400c630e}], 0x0, 0x0, &(0x7f00000001c0)}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008fd0)={0x8, 0x0, &(0x7f00000000c0)=[@release={0x400c630f}], 0x0, 0x0, &(0x7f0000000f4d)}) 20:43:18 executing program 2: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000001000)={0x0, 0x0, &(0x7f0000182000)={&(0x7f0000000200)={0x2, 0x4000000000000d, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, [@sadb_x_policy={0x8, 0x12, 0x0, 0x3, 0x0, 0x0, 0x0, {0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @in=@multicast1}}, @sadb_address={0x3, 0x6, 0x0, 0x0, 0x0, @in={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}}, @sadb_address={0x3, 0x0, 0x0, 0x0, 0x0, @in={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}}, @sadb_lifetime={0x4, 0x3, 0x2000}]}, 0xa0}}, 0x0) 20:43:18 executing program 6: r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_int(r0, 0x29, 0x1000000001021, &(0x7f00000005c0)=0x9, 0x4) connect$inet6(r0, &(0x7f0000000240)={0xa, 0x0, 0x0, @local}, 0x1c) syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x800) 20:43:18 executing program 0: r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCSIFADDR(r0, 0x8916, &(0x7f00000000c0)={'bond_slave_0\x00'}) ioctl$sock_inet_SIOCSIFADDR(r0, 0x8901, &(0x7f0000000000)={'bond_slave_0\x00', {0x2, 0x0, @local}}) [ 199.602678] binder: 10867:10870 unknown command 0 20:43:18 executing program 2: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000001000)={0x0, 0x0, &(0x7f0000182000)={&(0x7f0000000200)={0x2, 0x4000000000000d, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, [@sadb_x_policy={0x8, 0x12, 0x0, 0x3, 0x0, 0x0, 0x0, {0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @in=@multicast1}}, @sadb_address={0x3, 0x6, 0x0, 0x0, 0x0, @in={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}}, @sadb_address={0x3, 0x0, 0x0, 0x0, 0x0, @in={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}}, @sadb_lifetime={0x4, 0x3, 0x2000}]}, 0xa0}}, 0x0) 20:43:18 executing program 7: 20:43:18 executing program 0: r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCSIFADDR(r0, 0x8916, &(0x7f00000000c0)={'bond_slave_0\x00'}) ioctl$sock_inet_SIOCSIFADDR(r0, 0x8982, &(0x7f0000000000)={'bond_slave_0\x00', {0x2, 0x0, @local}}) [ 199.633362] binder: undelivered death notification, 0000000000000000 [ 199.653188] binder: 10867:10870 ioctl c0306201 2000dfd0 returned -22 [ 199.691132] binder: 10867:10889 unknown command 0 [ 199.731410] binder: 10867:10889 ioctl c0306201 2000dfd0 returned -22 [ 200.427232] FAULT_INJECTION: forcing a failure. [ 200.427232] name failslab, interval 1, probability 0, space 0, times 0 [ 200.438515] CPU: 0 PID: 10902 Comm: syz-executor5 Not tainted 4.18.0-rc5-next-20180720+ #12 [ 200.447004] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 200.456371] Call Trace: [ 200.459056] dump_stack+0x1c9/0x2b4 [ 200.462703] ? dump_stack_print_info.cold.2+0x52/0x52 [ 200.467928] ? __kernel_text_address+0xd/0x40 [ 200.472444] ? unwind_get_return_address+0x61/0xa0 [ 200.477378] should_fail.cold.4+0xa/0x11 [ 200.481443] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 200.486548] ? save_stack+0xa9/0xd0 [ 200.490172] ? save_stack+0x43/0xd0 [ 200.493795] ? kasan_kmalloc+0xc4/0xe0 [ 200.497682] ? kmem_cache_alloc_trace+0x152/0x780 [ 200.502514] ? __memcg_init_list_lru_node+0x185/0x2d0 [ 200.507694] ? __list_lru_init+0x4d6/0x840 [ 200.511928] ? alloc_super+0x976/0xb10 [ 200.515811] ? vfs_get_super+0x6e/0x270 [ 200.519777] ? proc_get_tree+0x88/0xb0 [ 200.523649] ? vfs_get_tree+0x1cb/0x5c0 [ 200.527609] ? do_mount+0x6f2/0x1e20 [ 200.531317] ? ksys_mount+0x12d/0x140 [ 200.535109] ? __x64_sys_mount+0xbe/0x150 [ 200.539253] ? do_syscall_64+0x1b9/0x820 [ 200.543310] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 200.548674] ? save_stack+0xa9/0xd0 [ 200.552299] ? lock_acquire+0x1e4/0x540 [ 200.556271] ? fs_reclaim_acquire+0x20/0x20 [ 200.560579] ? lock_downgrade+0x8f0/0x8f0 [ 200.564726] ? __x64_sys_mount+0xbe/0x150 [ 200.568871] ? check_same_owner+0x340/0x340 [ 200.573188] ? rcu_note_context_switch+0x730/0x730 [ 200.578891] __should_failslab+0x124/0x180 [ 200.583120] should_failslab+0x9/0x14 [ 200.586907] kmem_cache_alloc_trace+0x2cb/0x780 [ 200.591575] ? kasan_kmalloc+0xc4/0xe0 [ 200.595463] __memcg_init_list_lru_node+0x185/0x2d0 [ 200.600487] ? kvfree_rcu+0x20/0x20 [ 200.604274] ? __kmalloc_node+0x47/0x70 [ 200.608239] __list_lru_init+0x4d6/0x840 [ 200.612288] ? list_lru_destroy+0x500/0x500 [ 200.616598] ? prealloc_shrinker+0x213/0x480 [ 200.620995] ? __init_waitqueue_head+0x9e/0x150 [ 200.625653] ? inactive_list_is_low+0x850/0x850 [ 200.630315] ? __lockdep_init_map+0x105/0x590 [ 200.634977] alloc_super+0x976/0xb10 [ 200.638691] ? destroy_unused_super.part.11+0x110/0x110 [ 200.644060] ? lock_downgrade+0x8f0/0x8f0 [ 200.648198] ? kasan_check_read+0x11/0x20 [ 200.652335] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 200.656933] ? kasan_check_write+0x14/0x20 [ 200.661162] ? do_raw_spin_lock+0xc1/0x200 [ 200.665383] ? ns_test_super+0x50/0x50 [ 200.669258] sget_fc+0x269/0x950 [ 200.672609] ? compare_single+0x10/0x10 [ 200.676571] ? alloc_super+0xb10/0xb10 [ 200.680444] ? kasan_kmalloc+0xc4/0xe0 [ 200.684317] ? __kmalloc_track_caller+0x311/0x760 [ 200.689146] ? proc_root_lookup+0x60/0x60 [ 200.693281] vfs_get_super+0x6e/0x270 [ 200.697078] proc_get_tree+0x88/0xb0 [ 200.700800] vfs_get_tree+0x1cb/0x5c0 [ 200.704612] do_mount+0x6f2/0x1e20 [ 200.708139] ? check_same_owner+0x340/0x340 [ 200.712465] ? lock_release+0xa30/0xa30 [ 200.716431] ? copy_mount_string+0x40/0x40 [ 200.720653] ? __do_page_fault+0x449/0xe50 [ 200.724879] ? retint_kernel+0x10/0x10 [ 200.728769] ? copy_mount_options+0x1f0/0x380 [ 200.733254] ? copy_mount_options+0x200/0x380 [ 200.737840] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 200.743374] ? copy_mount_options+0x285/0x380 [ 200.748300] ksys_mount+0x12d/0x140 [ 200.751936] __x64_sys_mount+0xbe/0x150 [ 200.755913] do_syscall_64+0x1b9/0x820 [ 200.759790] ? finish_task_switch+0x1d3/0x870 [ 200.764275] ? syscall_return_slowpath+0x5e0/0x5e0 [ 200.769200] ? syscall_return_slowpath+0x31d/0x5e0 [ 200.774115] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 200.779127] ? prepare_exit_to_usermode+0x291/0x3b0 [ 200.784126] ? perf_trace_sys_enter+0xb10/0xb10 [ 200.788778] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 200.793608] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 200.798788] RIP: 0033:0x455ab9 [ 200.801965] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 200.821507] RSP: 002b:00007f9b4e0a1c68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 20:43:19 executing program 4: preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000080)=""/148, 0x289}], 0x1, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/arp\x00') preadv(r0, &(0x7f0000000480), 0x10000000000002a1, 0x10400003) ioctl$TUNGETSNDBUF(0xffffffffffffffff, 0x800454d3, &(0x7f0000000000)) ioctl$PERF_EVENT_IOC_RESET(0xffffffffffffffff, 0x2403, 0x5) fcntl$setown(r0, 0x8, 0x0) r1 = epoll_create1(0x80006) r2 = socket(0x1d, 0x0, 0x1116) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r2, &(0x7f0000000000)={0xfffffffe8000201f}) setsockopt$inet_udp_int(r2, 0x11, 0x6f, &(0x7f0000000100)=0x7, 0x4) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r1, &(0x7f0000000540)={0x20000003}) ioctl$sock_netdev_private(r3, 0x89f0, &(0x7f0000000480)="dd6c4aae95babf1ba2cec8b824c3d8fd5e5e2a57f332e1c96456a1d00ea4ce51a18b3bfae24dc491ada880e92ffe5376d59852e5ee1b2cde661cadfb31d0a597bb36b5180ca4958e224ea71a6b099d1592d459f4f498fce378ebf9ec4774f407b189a23bfebadf74943b2858f72fd422c838df1a") ioctl$BLKSECDISCARD(r3, 0x127d, &(0x7f0000000300)=0x6bb) r5 = perf_event_open(&(0x7f0000000140)={0x2, 0xb1, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) fcntl$getown(r5, 0x9) r6 = mq_open(&(0x7f00005a1ffb)='eth0\x00', 0x42, 0x0, &(0x7f0000000000)={0x0, 0x6, 0x4}) mq_notify(r6, &(0x7f0000000140)={0x0, 0x2e, 0x1, @thr={&(0x7f0000000040)="7be4d6b00202ca53878499e01146863a2e7c8ca45e1910e5eba6453bb6f234b5a1b1bca731970a74bfc8e1793749ea18156c9b8a615bfa2f506fcf44060d36e38f66f111149434d5139e416358ea33f34b4507cdc299f7868d5f186e6bd604", &(0x7f00000000c0)="3c5d8da40d1477844fc4c160b6004a90edc520a6935a49cf5da4c2b525d13146ed27d429c762a4b0e9aaed82555cd1ae800d"}}) r7 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rtc0\x00', 0x101004, 0x0) preadv(r7, &(0x7f0000000440)=[{&(0x7f0000000340)=""/249, 0xf9}], 0x1, 0x0) pipe2(&(0x7f0000000580)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) ioctl$SG_GET_PACK_ID(r8, 0x227c, &(0x7f00000005c0)) ppoll(&(0x7f00000001c0)=[{r6, 0x8000}, {r7, 0x420}], 0x2, &(0x7f0000000200)={0x77359400}, &(0x7f0000000240)={0x9}, 0x8) mq_timedsend(r6, &(0x7f00000e6000), 0x0, 0xe7, &(0x7f0000e0b000)) getsockopt$inet_udp_int(r3, 0x11, 0x1, &(0x7f0000000280), &(0x7f0000000640)=0x4) write$eventfd(r4, &(0x7f00000002c0)=0x43, 0x8) setsockopt$inet_mreq(r2, 0x0, 0x23, &(0x7f0000000500)={@local, @rand_addr=0x800}, 0x8) syz_genetlink_get_family_id$team(&(0x7f0000000780)='team\x00') 20:43:19 executing program 3: write(0xffffffffffffffff, &(0x7f00000000c0)="d5067a26e495f0", 0x7) r0 = syz_open_dev$binder(&(0x7f0000872936)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x10, 0x0, &(0x7f0000005fd4)=[@acquire, @acquire={0x400c630e}], 0x0, 0x0, &(0x7f00000001c0)}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008fd0)={0x8, 0x0, &(0x7f00000000c0)=[@release={0x400c630f}], 0x0, 0x0, &(0x7f0000000f4d)}) 20:43:19 executing program 6: r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f00000005c0)=0x1, 0x4) connect$inet6(r0, &(0x7f0000000240)={0xa, 0x0, 0x0, @local}, 0x1c) r1 = syz_open_dev$audion(&(0x7f0000000000)='/dev/audio#\x00', 0x8, 0x822778697288e2fc) getsockopt$inet_udp_int(r1, 0x11, 0xb, &(0x7f0000000040), &(0x7f0000000080)=0x4) write$P9_RVERSION(r1, &(0x7f00000000c0)={0x15, 0x65, 0xffff, 0x0, 0x8, '9P2000.u'}, 0x15) 20:43:19 executing program 2: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000001000)={0x0, 0x0, &(0x7f0000182000)={&(0x7f0000000200)={0x2, 0x4000000000000d, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, [@sadb_x_policy={0x8, 0x12, 0x0, 0x3, 0x0, 0x0, 0x0, {0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @in=@multicast1}}, @sadb_address={0x3, 0x6, 0x0, 0x0, 0x0, @in={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}}, @sadb_address={0x3, 0x0, 0x0, 0x0, 0x0, @in={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}}, @sadb_lifetime={0x4, 0x3, 0x2000}]}, 0xa0}}, 0x0) 20:43:19 executing program 7: 20:43:19 executing program 0: r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCSIFADDR(r0, 0x8916, &(0x7f00000000c0)={'bond_slave_0\x00'}) ioctl$sock_inet_SIOCSIFADDR(r0, 0xc020660b, &(0x7f0000000000)={'bond_slave_0\x00', {0x2, 0x0, @local}}) [ 200.829211] RAX: ffffffffffffffda RBX: 00007f9b4e0a26d4 RCX: 0000000000455ab9 [ 200.836470] RDX: 0000000020000140 RSI: 0000000020000640 RDI: 0000000020000100 [ 200.843732] RBP: 000000000072bf50 R08: 00000000200001c0 R09: 0000000000000000 [ 200.850989] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000015 [ 200.858438] R13: 00000000004c01fb R14: 00000000004cfe38 R15: 0000000000000010 20:43:19 executing program 5 (fault-call:7 fault-nth:17): mkdir(&(0x7f000082f000)='./control\x00', 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x1032, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000e4c000)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0) write$sndseq(r1, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) mount(&(0x7f0000000100)='./control\x00', &(0x7f0000000640)='./control/file0\x00', &(0x7f0000000140)='proc\x00', 0x0, &(0x7f00000001c0)) lchown(&(0x7f0000000040)='./control/file0\x00', 0x0, 0x0) close(r0) 20:43:19 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x800) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008fd0)={0x0, 0x0, &(0x7f0000003fe8), 0x0, 0x0, &(0x7f0000009000)}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f000000dfd0)={0x7000000, 0x0, &(0x7f000000dfac), 0x1, 0x0, &(0x7f000000df36)="12"}) 20:43:19 executing program 7: 20:43:19 executing program 3: write(0xffffffffffffffff, &(0x7f00000000c0)="d5067a26e495f04b", 0x8) r0 = syz_open_dev$binder(&(0x7f0000872936)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x10, 0x0, &(0x7f0000005fd4)=[@acquire, @acquire={0x400c630e}], 0x0, 0x0, &(0x7f00000001c0)}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008fd0)={0x8, 0x0, &(0x7f00000000c0)=[@release={0x400c630f}], 0x0, 0x0, &(0x7f0000000f4d)}) 20:43:19 executing program 2: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000001000)={0x0, 0x0, &(0x7f0000182000)={&(0x7f0000000200)={0x2, 0x4000000000000d, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, [@sadb_x_policy={0x8, 0x12, 0x0, 0x3, 0x0, 0x0, 0x0, {0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @in=@multicast1}}, @sadb_address={0x3, 0x6, 0x0, 0x0, 0x0, @in={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}}, @sadb_address={0x3, 0x5, 0x0, 0x0, 0x0, @in={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}}]}, 0x80}}, 0x0) [ 200.897914] binder: undelivered death notification, 0000000000000000 20:43:19 executing program 0: r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCSIFADDR(r0, 0x8916, &(0x7f00000000c0)={'bond_slave_0\x00'}) ioctl$sock_inet_SIOCSIFADDR(r0, 0xc0045878, &(0x7f0000000000)={'bond_slave_0\x00', {0x2, 0x0, @local}}) 20:43:19 executing program 6: r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f00000005c0)=0x1, 0x4) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000140)='/dev/uinput\x00', 0x400, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_NAMED_QUEUE(r1, 0xc08c5336, &(0x7f0000000180)={0x100000000, 0xffffffffffffffff, 0x400, 'queue1\x00', 0x20}) connect$inet6(r0, &(0x7f0000000240)={0xa, 0x0, 0x0, @local}, 0x1c) r2 = openat$audio(0xffffffffffffff9c, &(0x7f0000000100)='/dev/audio\x00', 0x400000000000000, 0x0) connect$netlink(r2, &(0x7f0000000040)=@kern={0x10, 0x0, 0x0, 0x20}, 0xc) getresuid(&(0x7f0000000000), &(0x7f0000000080), &(0x7f00000000c0)) r3 = syz_genetlink_get_family_id$ipvs(&(0x7f00000002c0)='IPVS\x00') socket$nl_generic(0x10, 0x3, 0x10) sendmsg$IPVS_CMD_NEW_DAEMON(r2, &(0x7f0000000400)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000600)=ANY=[@ANYBLOB="a4000000", @ANYRES16=r3, @ANYBLOB="02002bbd7000ffdbdf2509000000080005000000010034000200080004000700000008000700366700000800030004000000080008000400000008000700001000000800050040000000540002000800030003000000080002004e20000008000b000a00000008000800060000000800080001800000080008000004000008000900f9ffffff08000b000a000000080004000400000008000700001000000587fe3ff35d1c42edddb658bdec83c373823bd764fd3ab26499cbd376e038e816732425533e2f369aacbbe2653ccf575caba9501fa541dbb8fef9bb9eb7ff2d50b87d1ca6143119d0ff1f9774b43045f5d00bac60fee8009bc1b6c2edfb23882ab2d373ba99ef47dc5c1a60e308bb05a7fe50090eb326fb115e029006fe962f8bd62a520c1a47ee05f37d672fb1353e1a5b2dfec4d6c0cc8fe7a6d79953d31b7a456d1cb9254844bbb7a338e3332de08b1074a8afb01a3a1e253d534a0710e060b54eb3b3b5a69ef0249c97cbc21b57"], 0xa4}, 0x1, 0x0, 0x0, 0x800}, 0x1) ioctl$RTC_UIE_OFF(r2, 0x7004) 20:43:19 executing program 7: 20:43:19 executing program 2: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000001000)={0x0, 0x0, &(0x7f0000182000)={&(0x7f0000000200)={0x2, 0x4000000000000d, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, [@sadb_x_policy={0x8, 0x12, 0x0, 0x3, 0x0, 0x0, 0x0, {0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @in=@multicast1}}, @sadb_address={0x3, 0x6, 0x0, 0x0, 0x0, @in={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}}, @sadb_address={0x3, 0x5, 0x0, 0x0, 0x0, @in={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}}]}, 0x80}}, 0x0) [ 200.980352] binder: 10923:10928 unknown command 0 [ 200.996370] binder: undelivered death notification, 0000000000000000 [ 201.015169] binder: 10923:10928 ioctl c0306201 2000dfd0 returned -22 20:43:19 executing program 3: write(0xffffffffffffffff, &(0x7f00000000c0)="d5067a26e495f04b", 0x8) r0 = syz_open_dev$binder(&(0x7f0000872936)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x10, 0x0, &(0x7f0000005fd4)=[@acquire, @acquire={0x400c630e}], 0x0, 0x0, &(0x7f00000001c0)}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008fd0)={0x8, 0x0, &(0x7f00000000c0)=[@release={0x400c630f}], 0x0, 0x0, &(0x7f0000000f4d)}) [ 201.057522] binder: 10923:10943 unknown command 0 [ 201.065950] binder: 10923:10943 ioctl c0306201 2000dfd0 returned -22 [ 201.125062] binder: undelivered death notification, 0000000000000000 [ 201.812804] FAULT_INJECTION: forcing a failure. [ 201.812804] name failslab, interval 1, probability 0, space 0, times 0 [ 201.824129] CPU: 1 PID: 10956 Comm: syz-executor5 Not tainted 4.18.0-rc5-next-20180720+ #12 [ 201.832639] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 201.842014] Call Trace: [ 201.844631] dump_stack+0x1c9/0x2b4 [ 201.848276] ? dump_stack_print_info.cold.2+0x52/0x52 [ 201.853488] ? __kernel_text_address+0xd/0x40 [ 201.857982] ? unwind_get_return_address+0x61/0xa0 [ 201.862927] should_fail.cold.4+0xa/0x11 [ 201.867012] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 201.872114] ? save_stack+0xa9/0xd0 [ 201.875737] ? save_stack+0x43/0xd0 [ 201.879355] ? kasan_kmalloc+0xc4/0xe0 [ 201.883240] ? kmem_cache_alloc_trace+0x152/0x780 [ 201.888616] ? __memcg_init_list_lru_node+0x185/0x2d0 [ 201.893812] ? __list_lru_init+0x4d6/0x840 [ 201.898045] ? alloc_super+0x976/0xb10 [ 201.901928] ? vfs_get_super+0x6e/0x270 [ 201.905890] ? proc_get_tree+0x88/0xb0 [ 201.909765] ? vfs_get_tree+0x1cb/0x5c0 [ 201.913725] ? do_mount+0x6f2/0x1e20 [ 201.917421] ? ksys_mount+0x12d/0x140 [ 201.921296] ? __x64_sys_mount+0xbe/0x150 [ 201.925437] ? do_syscall_64+0x1b9/0x820 [ 201.929486] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 201.934856] ? save_stack+0xa9/0xd0 [ 201.938758] ? lock_acquire+0x1e4/0x540 [ 201.942723] ? fs_reclaim_acquire+0x20/0x20 [ 201.947044] ? lock_downgrade+0x8f0/0x8f0 [ 201.951177] ? __x64_sys_mount+0xbe/0x150 [ 201.955327] ? check_same_owner+0x340/0x340 [ 201.959649] ? rcu_note_context_switch+0x730/0x730 [ 201.964582] __should_failslab+0x124/0x180 [ 201.968805] should_failslab+0x9/0x14 [ 201.972601] kmem_cache_alloc_trace+0x2cb/0x780 [ 201.977268] ? kasan_kmalloc+0xc4/0xe0 [ 201.981254] __memcg_init_list_lru_node+0x185/0x2d0 [ 201.986269] ? kvfree_rcu+0x20/0x20 [ 201.989903] ? __kmalloc_node+0x47/0x70 [ 201.993867] __list_lru_init+0x4d6/0x840 [ 201.997924] ? list_lru_destroy+0x500/0x500 [ 202.002234] ? prealloc_shrinker+0x213/0x480 [ 202.006635] ? __init_waitqueue_head+0x9e/0x150 [ 202.011287] ? inactive_list_is_low+0x850/0x850 [ 202.015946] ? __lockdep_init_map+0x105/0x590 [ 202.020429] alloc_super+0x976/0xb10 [ 202.024153] ? destroy_unused_super.part.11+0x110/0x110 [ 202.029503] ? lock_downgrade+0x8f0/0x8f0 [ 202.033646] ? kasan_check_read+0x11/0x20 [ 202.037813] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 202.042382] ? kasan_check_write+0x14/0x20 [ 202.046602] ? do_raw_spin_lock+0xc1/0x200 [ 202.050837] ? ns_test_super+0x50/0x50 [ 202.054711] sget_fc+0x269/0x950 [ 202.058079] ? compare_single+0x10/0x10 [ 202.062044] ? alloc_super+0xb10/0xb10 [ 202.065928] ? kasan_kmalloc+0xc4/0xe0 [ 202.069812] ? __kmalloc_track_caller+0x311/0x760 [ 202.074655] ? proc_root_lookup+0x60/0x60 [ 202.078791] vfs_get_super+0x6e/0x270 [ 202.082579] proc_get_tree+0x88/0xb0 [ 202.086292] vfs_get_tree+0x1cb/0x5c0 [ 202.090087] do_mount+0x6f2/0x1e20 [ 202.093619] ? do_raw_spin_unlock+0xa7/0x2f0 [ 202.098020] ? copy_mount_string+0x40/0x40 [ 202.102253] ? __do_page_fault+0x449/0xe50 [ 202.106481] ? retint_kernel+0x10/0x10 [ 202.110362] ? copy_mount_options+0x1f0/0x380 [ 202.114849] ? copy_mount_options+0x200/0x380 [ 202.119338] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 202.124863] ? copy_mount_options+0x285/0x380 [ 202.129353] ksys_mount+0x12d/0x140 [ 202.132967] __x64_sys_mount+0xbe/0x150 [ 202.136930] do_syscall_64+0x1b9/0x820 [ 202.140801] ? finish_task_switch+0x1d3/0x870 [ 202.145296] ? syscall_return_slowpath+0x5e0/0x5e0 [ 202.150214] ? syscall_return_slowpath+0x31d/0x5e0 [ 202.155148] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 202.160153] ? prepare_exit_to_usermode+0x291/0x3b0 [ 202.165159] ? perf_trace_sys_enter+0xb10/0xb10 [ 202.169823] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 202.174678] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 202.179869] RIP: 0033:0x455ab9 [ 202.183051] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 202.202325] RSP: 002b:00007f9b4e0a1c68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 20:43:20 executing program 4: preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000080)=""/148, 0x289}], 0x1, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/arp\x00') preadv(r0, &(0x7f0000000480), 0x10000000000002a1, 0x10400003) ioctl$TUNGETSNDBUF(0xffffffffffffffff, 0x800454d3, &(0x7f0000000000)) ioctl$PERF_EVENT_IOC_RESET(0xffffffffffffffff, 0x2403, 0x5) fcntl$setown(r0, 0x8, 0x0) r1 = epoll_create1(0x80006) r2 = socket(0x1d, 0x0, 0x1116) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r2, &(0x7f0000000000)={0xfffffffe8000201f}) setsockopt$inet_udp_int(r2, 0x11, 0x6f, &(0x7f0000000100)=0x7, 0x4) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r1, &(0x7f0000000540)={0x20000003}) ioctl$sock_netdev_private(r3, 0x89f0, &(0x7f0000000480)="dd6c4aae95babf1ba2cec8b824c3d8fd5e5e2a57f332e1c96456a1d00ea4ce51a18b3bfae24dc491ada880e92ffe5376d59852e5ee1b2cde661cadfb31d0a597bb36b5180ca4958e224ea71a6b099d1592d459f4f498fce378ebf9ec4774f407b189a23bfebadf74943b2858f72fd422c838df1af095") ioctl$BLKSECDISCARD(r3, 0x127d, &(0x7f0000000300)=0x6bb) r5 = perf_event_open(&(0x7f0000000140)={0x2, 0xb1, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) fcntl$getown(r5, 0x9) r6 = mq_open(&(0x7f00005a1ffb)='eth0\x00', 0x42, 0x0, &(0x7f0000000000)={0x0, 0x6, 0x4}) mq_notify(r6, &(0x7f0000000140)={0x0, 0x2e, 0x1, @thr={&(0x7f0000000040)="7be4d6b00202ca53878499e01146863a2e7c8ca45e1910e5eba6453bb6f234b5a1b1bca731970a74bfc8e1793749ea18156c9b8a615bfa2f506fcf44060d36e38f66f111149434d5139e416358ea33f34b4507cdc299f7868d5f186e6bd604", &(0x7f00000000c0)="3c5d8da40d1477844fc4c160b6004a90edc520a6935a49cf5da4c2b525d13146ed27d429c762a4b0e9aaed82555cd1ae800d"}}) r7 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rtc0\x00', 0x101004, 0x0) preadv(r7, &(0x7f0000000440)=[{&(0x7f0000000340)=""/249, 0xf9}], 0x1, 0x0) pipe2(&(0x7f0000000580)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) ioctl$SG_GET_PACK_ID(r8, 0x227c, &(0x7f00000005c0)) ppoll(&(0x7f00000001c0)=[{r6, 0x8000}, {r7, 0x420}], 0x2, &(0x7f0000000200)={0x77359400}, &(0x7f0000000240)={0x9}, 0x8) mq_timedsend(r6, &(0x7f00000e6000), 0x0, 0xe7, &(0x7f0000e0b000)) getsockopt$inet_udp_int(r3, 0x11, 0x1, &(0x7f0000000280), &(0x7f0000000640)=0x4) write$eventfd(r4, &(0x7f00000002c0)=0x43, 0x8) setsockopt$inet_mreq(r2, 0x0, 0x23, &(0x7f0000000500)={@local, @rand_addr=0x800}, 0x8) syz_genetlink_get_family_id$team(&(0x7f0000000780)='team\x00') 20:43:20 executing program 0: r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCSIFADDR(r0, 0x8916, &(0x7f00000000c0)={'bond_slave_0\x00'}) ioctl$sock_inet_SIOCSIFADDR(r0, 0x891a, &(0x7f0000000000)={'bond_slave_0\x00', {0x2, 0x0, @local}}) 20:43:20 executing program 6: r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f00000005c0)=0x1, 0x35) r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x20000, 0x40) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_REM(r1, 0x84, 0x65, &(0x7f0000000040)=[@in={0x2, 0x4e23, @remote}, @in6={0xa, 0x4e21, 0x0, @dev={0xfe, 0x80, [], 0x12}, 0x4c1f}], 0x2c) connect$inet6(r0, &(0x7f0000000240)={0xa, 0x0, 0x0, @local}, 0x1c) 20:43:20 executing program 7: 20:43:20 executing program 2: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000001000)={0x0, 0x0, &(0x7f0000182000)={&(0x7f0000000200)={0x2, 0x4000000000000d, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, [@sadb_x_policy={0x8, 0x12, 0x0, 0x3, 0x0, 0x0, 0x0, {0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @in=@multicast1}}, @sadb_address={0x3, 0x6, 0x0, 0x0, 0x0, @in={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}}, @sadb_address={0x3, 0x5, 0x0, 0x0, 0x0, @in={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}}]}, 0x80}}, 0x0) 20:43:20 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x800) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008fd0)={0x0, 0x0, &(0x7f0000003fe8), 0x0, 0x0, &(0x7f0000009000)}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f000000dfd0)={0x6c000000, 0x0, &(0x7f000000dfac), 0x1, 0x0, &(0x7f000000df36)="12"}) [ 202.210031] RAX: ffffffffffffffda RBX: 00007f9b4e0a26d4 RCX: 0000000000455ab9 [ 202.217293] RDX: 0000000020000140 RSI: 0000000020000640 RDI: 0000000020000100 [ 202.224551] RBP: 000000000072bf50 R08: 00000000200001c0 R09: 0000000000000000 [ 202.231819] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000015 [ 202.239087] R13: 00000000004c01fb R14: 00000000004cfe38 R15: 0000000000000011 [ 202.277879] binder: 10957:10968 unknown command 0 20:43:21 executing program 5 (fault-call:7 fault-nth:18): mkdir(&(0x7f000082f000)='./control\x00', 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x1032, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000e4c000)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0) write$sndseq(r1, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) mount(&(0x7f0000000100)='./control\x00', &(0x7f0000000640)='./control/file0\x00', &(0x7f0000000140)='proc\x00', 0x0, &(0x7f00000001c0)) lchown(&(0x7f0000000040)='./control/file0\x00', 0x0, 0x0) close(r0) 20:43:21 executing program 3: write(0xffffffffffffffff, &(0x7f00000000c0)="d5067a26e495f04b", 0x8) r0 = syz_open_dev$binder(&(0x7f0000872936)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x10, 0x0, &(0x7f0000005fd4)=[@acquire, @acquire={0x400c630e}], 0x0, 0x0, &(0x7f00000001c0)}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008fd0)={0x8, 0x0, &(0x7f00000000c0)=[@release={0x400c630f}], 0x0, 0x0, &(0x7f0000000f4d)}) 20:43:21 executing program 7: clock_gettime(0x3, &(0x7f0000001280)) 20:43:21 executing program 2: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000001000)={0x0, 0x0, &(0x7f0000182000)={&(0x7f0000000200)={0x2, 0x4000000000000d, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, [@sadb_x_policy={0x8, 0x12, 0x0, 0x3, 0x0, 0x0, 0x0, {0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @in=@multicast1}}, @sadb_address={0x3, 0x6, 0x0, 0x0, 0x0, @in={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}}, @sadb_address={0x3, 0x5, 0x0, 0x0, 0x0, @in={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}}, @sadb_lifetime={0x4, 0x0, 0x2000}]}, 0xa0}}, 0x0) 20:43:21 executing program 0: r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCSIFADDR(r0, 0x8916, &(0x7f00000000c0)={'bond_slave_0\x00'}) ioctl$sock_inet_SIOCSIFADDR(r0, 0x8902, &(0x7f0000000000)={'bond_slave_0\x00', {0x2, 0x0, @local}}) 20:43:21 executing program 6: r0 = socket$inet6(0xa, 0x1, 0x0) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000)='/dev/hwrng\x00', 0x84002, 0x0) getsockopt$inet_sctp_SCTP_PR_SUPPORTED(0xffffffffffffff9c, 0x84, 0x71, &(0x7f0000000040)={0x0, 0x6}, &(0x7f0000000080)=0x8) setsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0x14, &(0x7f00000000c0)=@assoc_value={r2, 0x8}, 0x8) setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f00000005c0)=0x1, 0x4) connect$inet6(r0, &(0x7f0000000240)={0xa, 0x0, 0x0, @local}, 0x1c) [ 202.303676] binder: 10957:10968 ioctl c0306201 2000dfd0 returned -22 [ 202.332464] binder: 10957:10973 unknown command 0 20:43:21 executing program 3: write(0xffffffffffffffff, &(0x7f00000000c0)="d5067a26e495f04b78", 0x9) r0 = syz_open_dev$binder(&(0x7f0000872936)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x10, 0x0, &(0x7f0000005fd4)=[@acquire, @acquire={0x400c630e}], 0x0, 0x0, &(0x7f00000001c0)}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008fd0)={0x8, 0x0, &(0x7f00000000c0)=[@release={0x400c630f}], 0x0, 0x0, &(0x7f0000000f4d)}) 20:43:21 executing program 7: 20:43:21 executing program 2: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000001000)={0x0, 0x0, &(0x7f0000182000)={&(0x7f0000000200)={0x2, 0x4000000000000d, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, [@sadb_x_policy={0x8, 0x12, 0x0, 0x3, 0x0, 0x0, 0x0, {0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @in=@multicast1}}, @sadb_address={0x3, 0x6, 0x0, 0x0, 0x0, @in={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}}, @sadb_address={0x3, 0x5, 0x0, 0x0, 0x0, @in={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}}, @sadb_lifetime={0x4, 0x0, 0x2000}]}, 0xa0}}, 0x0) 20:43:21 executing program 6: r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f00000005c0)=0x1, 0x4) r1 = syz_open_procfs(0x0, &(0x7f0000000000)='comm\x00') setsockopt$netlink_NETLINK_RX_RING(r1, 0x10e, 0x6, &(0x7f0000000040)={0x7, 0x1, 0x6, 0x6}, 0x10) connect$inet6(r0, &(0x7f0000000240)={0xa, 0x0, 0x0, @local}, 0x1c) [ 202.358283] binder: undelivered death notification, 0000000000000000 [ 202.376396] binder: 10957:10973 ioctl c0306201 2000dfd0 returned -22 [ 202.457017] binder: 10998:10999 Acquire 1 refcount change on invalid ref 0 ret -22 [ 202.486702] binder: 10998:10999 BC_REQUEST_DEATH_NOTIFICATION invalid ref 0 [ 202.497425] binder: 10998:10999 BC_CLEAR_DEATH_NOTIFICATION invalid ref 0 [ 203.189837] FAULT_INJECTION: forcing a failure. [ 203.189837] name failslab, interval 1, probability 0, space 0, times 0 [ 203.201106] CPU: 1 PID: 11012 Comm: syz-executor5 Not tainted 4.18.0-rc5-next-20180720+ #12 [ 203.209632] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 203.219102] Call Trace: [ 203.221697] dump_stack+0x1c9/0x2b4 [ 203.225335] ? dump_stack_print_info.cold.2+0x52/0x52 [ 203.230547] ? __kernel_text_address+0xd/0x40 [ 203.235055] ? unwind_get_return_address+0x61/0xa0 [ 203.240021] should_fail.cold.4+0xa/0x11 [ 203.244107] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 203.249217] ? save_stack+0xa9/0xd0 [ 203.252840] ? save_stack+0x43/0xd0 [ 203.256463] ? kasan_kmalloc+0xc4/0xe0 [ 203.260382] ? kmem_cache_alloc_trace+0x152/0x780 [ 203.265221] ? __memcg_init_list_lru_node+0x185/0x2d0 [ 203.270408] ? __list_lru_init+0x4d6/0x840 [ 203.274643] ? alloc_super+0x976/0xb10 [ 203.278531] ? vfs_get_super+0x6e/0x270 [ 203.282494] ? proc_get_tree+0x88/0xb0 [ 203.286377] ? vfs_get_tree+0x1cb/0x5c0 [ 203.290335] ? do_mount+0x6f2/0x1e20 [ 203.294034] ? ksys_mount+0x12d/0x140 [ 203.297835] ? __x64_sys_mount+0xbe/0x150 [ 203.301996] ? do_syscall_64+0x1b9/0x820 [ 203.306083] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 203.311451] ? save_stack+0xa9/0xd0 [ 203.315071] ? lock_acquire+0x1e4/0x540 [ 203.319060] ? fs_reclaim_acquire+0x20/0x20 [ 203.323372] ? lock_downgrade+0x8f0/0x8f0 [ 203.327527] ? __x64_sys_mount+0xbe/0x150 [ 203.331667] ? check_same_owner+0x340/0x340 [ 203.335982] ? rcu_note_context_switch+0x730/0x730 [ 203.340901] __should_failslab+0x124/0x180 [ 203.345125] should_failslab+0x9/0x14 [ 203.348916] kmem_cache_alloc_trace+0x2cb/0x780 [ 203.353573] ? kasan_kmalloc+0xc4/0xe0 [ 203.357453] __memcg_init_list_lru_node+0x185/0x2d0 [ 203.362460] ? kvfree_rcu+0x20/0x20 [ 203.366076] ? __kmalloc_node+0x47/0x70 [ 203.370050] __list_lru_init+0x4d6/0x840 [ 203.374098] ? list_lru_destroy+0x500/0x500 [ 203.378409] ? prealloc_shrinker+0x213/0x480 [ 203.382801] ? __init_waitqueue_head+0x9e/0x150 [ 203.387459] ? inactive_list_is_low+0x850/0x850 [ 203.392126] ? __lockdep_init_map+0x105/0x590 [ 203.396610] alloc_super+0x976/0xb10 [ 203.400315] ? destroy_unused_super.part.11+0x110/0x110 [ 203.405668] ? lock_downgrade+0x8f0/0x8f0 [ 203.409817] ? kasan_check_read+0x11/0x20 [ 203.413981] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 203.418556] ? kasan_check_write+0x14/0x20 [ 203.422775] ? do_raw_spin_lock+0xc1/0x200 [ 203.427023] ? ns_test_super+0x50/0x50 [ 203.430915] sget_fc+0x269/0x950 [ 203.434279] ? compare_single+0x10/0x10 [ 203.438245] ? alloc_super+0xb10/0xb10 [ 203.442122] ? kasan_kmalloc+0xc4/0xe0 [ 203.445998] ? __kmalloc_track_caller+0x311/0x760 [ 203.450834] ? proc_root_lookup+0x60/0x60 [ 203.454975] vfs_get_super+0x6e/0x270 [ 203.458764] proc_get_tree+0x88/0xb0 [ 203.462468] vfs_get_tree+0x1cb/0x5c0 [ 203.466256] do_mount+0x6f2/0x1e20 [ 203.469783] ? check_same_owner+0x340/0x340 [ 203.474094] ? lock_release+0xa30/0xa30 [ 203.478059] ? copy_mount_string+0x40/0x40 [ 203.482294] ? __do_page_fault+0x449/0xe50 [ 203.486518] ? retint_kernel+0x10/0x10 [ 203.490399] ? copy_mount_options+0x1f0/0x380 [ 203.494881] ? copy_mount_options+0x200/0x380 [ 203.499377] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 203.504927] ? copy_mount_options+0x285/0x380 [ 203.509424] ksys_mount+0x12d/0x140 [ 203.513049] __x64_sys_mount+0xbe/0x150 [ 203.517031] do_syscall_64+0x1b9/0x820 [ 203.520907] ? finish_task_switch+0x1d3/0x870 [ 203.525421] ? syscall_return_slowpath+0x5e0/0x5e0 [ 203.530353] ? syscall_return_slowpath+0x31d/0x5e0 [ 203.535278] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 203.540285] ? prepare_exit_to_usermode+0x291/0x3b0 [ 203.545290] ? perf_trace_sys_enter+0xb10/0xb10 [ 203.549960] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 203.554796] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 203.559997] RIP: 0033:0x455ab9 [ 203.563174] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 203.582353] RSP: 002b:00007f9b4e0a1c68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 20:43:22 executing program 4: preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000080)=""/148, 0x289}], 0x1, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/arp\x00') preadv(r0, &(0x7f0000000480), 0x10000000000002a1, 0x10400003) ioctl$TUNGETSNDBUF(0xffffffffffffffff, 0x800454d3, &(0x7f0000000000)) ioctl$PERF_EVENT_IOC_RESET(0xffffffffffffffff, 0x2403, 0x5) fcntl$setown(r0, 0x8, 0x0) r1 = epoll_create1(0x80006) r2 = socket(0x1d, 0x0, 0x1116) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r2, &(0x7f0000000000)={0xfffffffe8000201f}) setsockopt$inet_udp_int(r2, 0x11, 0x6f, &(0x7f0000000100)=0x7, 0x4) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r1, &(0x7f0000000540)={0x20000003}) ioctl$sock_netdev_private(r3, 0x89f0, &(0x7f0000000480)="dd6c4aae95babf1ba2cec8b824c3d8fd5e5e2a57f332e1c96456a1d00ea4ce51a18b3bfae24dc491ada880e92ffe5376d59852e5ee1b2cde661cadfb31d0a597bb36b5180ca4958e224ea71a6b099d1592d459f4f498fce378ebf9ec4774f407b189a23bfebadf74943b2858f72fd422c838df1af095ff") ioctl$BLKSECDISCARD(0xffffffffffffffff, 0x127d, &(0x7f0000000300)=0x6bb) r5 = perf_event_open(&(0x7f0000000140)={0x2, 0xb1, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) fcntl$getown(r5, 0x9) r6 = mq_open(&(0x7f00005a1ffb)='eth0\x00', 0x42, 0x0, &(0x7f0000000000)={0x0, 0x6, 0x4}) mq_notify(r6, &(0x7f0000000140)={0x0, 0x2e, 0x1, @thr={&(0x7f0000000040)="7be4d6b00202ca53878499e01146863a2e7c8ca45e1910e5eba6453bb6f234b5a1b1bca731970a74bfc8e1793749ea18156c9b8a615bfa2f506fcf44060d36e38f66f111149434d5139e416358ea33f34b4507cdc299f7868d5f186e6bd604", &(0x7f00000000c0)="3c5d8da40d1477844fc4c160b6004a90edc520a6935a49cf5da4c2b525d13146ed27d429c762a4b0e9aaed82555cd1ae800d"}}) r7 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rtc0\x00', 0x101004, 0x0) preadv(r7, &(0x7f0000000440)=[{&(0x7f0000000340)=""/249, 0xf9}], 0x1, 0x0) pipe2(&(0x7f0000000580)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) ioctl$SG_GET_PACK_ID(r8, 0x227c, &(0x7f00000005c0)) ppoll(&(0x7f00000001c0)=[{r6, 0x8000}, {r7, 0x420}], 0x2, &(0x7f0000000200)={0x77359400}, &(0x7f0000000240)={0x9}, 0x8) mq_timedsend(r6, &(0x7f00000e6000), 0x0, 0xe7, &(0x7f0000e0b000)) getsockopt$inet_udp_int(r3, 0x11, 0x1, &(0x7f0000000280), &(0x7f0000000640)=0x4) write$eventfd(r4, &(0x7f00000002c0)=0x43, 0x8) setsockopt$inet_mreq(r2, 0x0, 0x23, &(0x7f0000000500)={@local, @rand_addr=0x800}, 0x8) syz_genetlink_get_family_id$team(&(0x7f0000000780)='team\x00') 20:43:22 executing program 0: r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCSIFADDR(r0, 0x8916, &(0x7f00000000c0)={'bond_slave_0\x00'}) ioctl$sock_inet_SIOCSIFADDR(r0, 0x8907, &(0x7f0000000000)={'bond_slave_0\x00', {0x2, 0x0, @local}}) 20:43:22 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x800) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008fd0)={0x0, 0x0, &(0x7f0000003fe8), 0x0, 0x0, &(0x7f0000009000)}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f000000dfd0)={0x600000000000000, 0x0, &(0x7f000000dfac), 0x1, 0x0, &(0x7f000000df36)="12"}) 20:43:22 executing program 7: 20:43:22 executing program 6: r0 = socket$inet6(0xa, 0x0, 0x0) setsockopt$inet6_int(r0, 0x29, 0xfb, &(0x7f00000005c0)=0x1, 0x4) socketpair$inet6_dccp(0xa, 0x6, 0x0, &(0x7f0000000000)) connect$inet6(r0, &(0x7f0000000240)={0xa, 0x0, 0x0, @local}, 0x1c) 20:43:22 executing program 2: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000001000)={0x0, 0x0, &(0x7f0000182000)={&(0x7f0000000200)={0x2, 0x4000000000000d, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, [@sadb_x_policy={0x8, 0x12, 0x0, 0x3, 0x0, 0x0, 0x0, {0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @in=@multicast1}}, @sadb_address={0x3, 0x6, 0x0, 0x0, 0x0, @in={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}}, @sadb_address={0x3, 0x5, 0x0, 0x0, 0x0, @in={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}}, @sadb_lifetime={0x4, 0x0, 0x2000}]}, 0xa0}}, 0x0) [ 203.590155] RAX: ffffffffffffffda RBX: 00007f9b4e0a26d4 RCX: 0000000000455ab9 [ 203.597420] RDX: 0000000020000140 RSI: 0000000020000640 RDI: 0000000020000100 [ 203.604674] RBP: 000000000072bf50 R08: 00000000200001c0 R09: 0000000000000000 [ 203.611930] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000015 [ 203.619188] R13: 00000000004c01fb R14: 00000000004cfe38 R15: 0000000000000012 [ 203.656849] binder: 11013:11022 unknown command 0 [ 203.673074] binder: 11013:11022 ioctl c0306201 2000dfd0 returned -22 20:43:22 executing program 5 (fault-call:7 fault-nth:19): mkdir(&(0x7f000082f000)='./control\x00', 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x1032, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000e4c000)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0) write$sndseq(r1, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) mount(&(0x7f0000000100)='./control\x00', &(0x7f0000000640)='./control/file0\x00', &(0x7f0000000140)='proc\x00', 0x0, &(0x7f00000001c0)) lchown(&(0x7f0000000040)='./control/file0\x00', 0x0, 0x0) close(r0) 20:43:22 executing program 3: write(0xffffffffffffffff, &(0x7f00000000c0)="d5067a26e495f04b78", 0x9) r0 = syz_open_dev$binder(&(0x7f0000872936)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x10, 0x0, &(0x7f0000005fd4)=[@acquire, @acquire={0x400c630e}], 0x0, 0x0, &(0x7f00000001c0)}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008fd0)={0x8, 0x0, &(0x7f00000000c0)=[@release={0x400c630f}], 0x0, 0x0, &(0x7f0000000f4d)}) 20:43:22 executing program 7: 20:43:22 executing program 2: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000001000)={0x0, 0x0, &(0x7f0000182000)={&(0x7f0000000200)={0x2, 0x4000000000000d, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, [@sadb_x_policy={0x8, 0x12, 0x0, 0x3, 0x0, 0x0, 0x0, {0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @in=@multicast1}}, @sadb_address={0x3, 0x6, 0x0, 0x0, 0x0, @in={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}}, @sadb_address={0x3, 0x5, 0x0, 0x0, 0x0, @in={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}}, @sadb_lifetime={0x4, 0x3}]}, 0xa0}}, 0x0) 20:43:22 executing program 0: r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCSIFADDR(r0, 0x8916, &(0x7f00000000c0)={'bond_slave_0\x00'}) ioctl$sock_inet_SIOCSIFADDR(r0, 0x8941, &(0x7f0000000000)={'bond_slave_0\x00', {0x2, 0x0, @local}}) [ 203.702125] binder: 11013:11031 unknown command 0 20:43:22 executing program 7: 20:43:22 executing program 6: r0 = socket$inet6(0xa, 0x1, 0x0) pipe(&(0x7f00000000c0)={0xffffffffffffffff}) ioctl$KVM_SET_GUEST_DEBUG(r1, 0x4048ae9b, &(0x7f0000000100)={0x80000, 0x0, [0x1000, 0x5, 0x1, 0x3ff, 0x3, 0x8, 0x2, 0x3]}) setsockopt$inet6_int(r0, 0x29, 0x100000000001f, &(0x7f00000005c0)=0x8, 0xfffffffffffffcf8) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4, 0x0, @local}, 0x1c) r2 = openat$audio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/audio\x00', 0x100, 0x0) ioctl$KVM_ARM_SET_DEVICE_ADDR(r2, 0x4010aeab, &(0x7f0000000080)={0xfd03, 0x105001}) [ 203.726365] binder: 11033:11036 Acquire 1 refcount change on invalid ref 0 ret -22 [ 203.740606] binder: 11013:11031 ioctl c0306201 2000dfd0 returned -22 [ 203.765257] binder: 11033:11036 BC_REQUEST_DEATH_NOTIFICATION invalid ref 0 20:43:22 executing program 2: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000001000)={0x0, 0x0, &(0x7f0000182000)={&(0x7f0000000200)={0x2, 0x4000000000000d, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, [@sadb_x_policy={0x8, 0x12, 0x0, 0x3, 0x0, 0x0, 0x0, {0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @in=@multicast1}}, @sadb_address={0x3, 0x6, 0x0, 0x0, 0x0, @in={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}}, @sadb_address={0x3, 0x5, 0x0, 0x0, 0x0, @in={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}}, @sadb_lifetime={0x4, 0x3}]}, 0xa0}}, 0x0) 20:43:22 executing program 0: r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCSIFADDR(r0, 0x8916, &(0x7f00000000c0)={'bond_slave_0\x00'}) ioctl$sock_inet_SIOCSIFADDR(r0, 0x894c, &(0x7f0000000000)={'bond_slave_0\x00', {0x2, 0x0, @local}}) 20:43:22 executing program 7: [ 203.790341] binder: 11033:11036 BC_CLEAR_DEATH_NOTIFICATION invalid ref 0 [ 204.562107] FAULT_INJECTION: forcing a failure. [ 204.562107] name failslab, interval 1, probability 0, space 0, times 0 [ 204.573413] CPU: 1 PID: 11071 Comm: syz-executor5 Not tainted 4.18.0-rc5-next-20180720+ #12 [ 204.581897] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 204.591255] Call Trace: [ 204.593846] dump_stack+0x1c9/0x2b4 [ 204.597494] ? dump_stack_print_info.cold.2+0x52/0x52 [ 204.602675] ? __kernel_text_address+0xd/0x40 [ 204.607163] ? unwind_get_return_address+0x61/0xa0 [ 204.612087] should_fail.cold.4+0xa/0x11 [ 204.616147] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 204.621241] ? save_stack+0xa9/0xd0 [ 204.624856] ? save_stack+0x43/0xd0 [ 204.628469] ? kasan_kmalloc+0xc4/0xe0 [ 204.632346] ? kmem_cache_alloc_trace+0x152/0x780 [ 204.637179] ? __memcg_init_list_lru_node+0x185/0x2d0 [ 204.642374] ? __list_lru_init+0x4d6/0x840 [ 204.646646] ? alloc_super+0x976/0xb10 [ 204.650534] ? vfs_get_super+0x6e/0x270 [ 204.654500] ? proc_get_tree+0x88/0xb0 [ 204.658372] ? vfs_get_tree+0x1cb/0x5c0 [ 204.662332] ? do_mount+0x6f2/0x1e20 [ 204.666039] ? ksys_mount+0x12d/0x140 [ 204.669828] ? __x64_sys_mount+0xbe/0x150 [ 204.674012] ? do_syscall_64+0x1b9/0x820 [ 204.678112] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 204.683487] ? save_stack+0xa9/0xd0 [ 204.687123] ? lock_acquire+0x1e4/0x540 [ 204.691112] ? fs_reclaim_acquire+0x20/0x20 [ 204.695429] ? lock_downgrade+0x8f0/0x8f0 [ 204.699567] ? __x64_sys_mount+0xbe/0x150 [ 204.703717] ? check_same_owner+0x340/0x340 [ 204.708032] ? rcu_note_context_switch+0x730/0x730 [ 204.712956] __should_failslab+0x124/0x180 [ 204.717178] should_failslab+0x9/0x14 [ 204.720972] kmem_cache_alloc_trace+0x2cb/0x780 [ 204.725641] ? kasan_kmalloc+0xc4/0xe0 [ 204.729520] __memcg_init_list_lru_node+0x185/0x2d0 [ 204.734522] ? kvfree_rcu+0x20/0x20 [ 204.738135] ? __kmalloc_node+0x47/0x70 [ 204.742097] __list_lru_init+0x4d6/0x840 [ 204.746147] ? list_lru_destroy+0x500/0x500 [ 204.750468] ? prealloc_shrinker+0x213/0x480 [ 204.754863] ? __init_waitqueue_head+0x9e/0x150 [ 204.759537] ? inactive_list_is_low+0x850/0x850 [ 204.764197] ? __lockdep_init_map+0x105/0x590 [ 204.768697] alloc_super+0x976/0xb10 [ 204.772405] ? destroy_unused_super.part.11+0x110/0x110 [ 204.777763] ? lock_downgrade+0x8f0/0x8f0 [ 204.781979] ? kasan_check_read+0x11/0x20 [ 204.786147] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 204.790725] ? kasan_check_write+0x14/0x20 [ 204.794953] ? do_raw_spin_lock+0xc1/0x200 [ 204.799363] ? ns_test_super+0x50/0x50 [ 204.803241] sget_fc+0x269/0x950 [ 204.806595] ? compare_single+0x10/0x10 [ 204.810558] ? alloc_super+0xb10/0xb10 [ 204.814459] ? kasan_kmalloc+0xc4/0xe0 [ 204.818337] ? __kmalloc_track_caller+0x311/0x760 [ 204.823172] ? proc_root_lookup+0x60/0x60 [ 204.827316] vfs_get_super+0x6e/0x270 [ 204.831117] proc_get_tree+0x88/0xb0 [ 204.834821] vfs_get_tree+0x1cb/0x5c0 [ 204.838613] do_mount+0x6f2/0x1e20 [ 204.842487] ? check_same_owner+0x340/0x340 [ 204.846886] ? lock_release+0xa30/0xa30 [ 204.850851] ? copy_mount_string+0x40/0x40 [ 204.855081] ? __do_page_fault+0x449/0xe50 [ 204.859321] ? retint_kernel+0x10/0x10 [ 204.863197] ? copy_mount_options+0x1f0/0x380 [ 204.867678] ? copy_mount_options+0x200/0x380 [ 204.872164] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 204.877818] ? copy_mount_options+0x285/0x380 [ 204.882302] ksys_mount+0x12d/0x140 [ 204.885914] __x64_sys_mount+0xbe/0x150 [ 204.889875] do_syscall_64+0x1b9/0x820 [ 204.893753] ? syscall_return_slowpath+0x5e0/0x5e0 [ 204.898670] ? syscall_return_slowpath+0x31d/0x5e0 [ 204.903605] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 204.908628] ? prepare_exit_to_usermode+0x291/0x3b0 [ 204.913636] ? perf_trace_sys_enter+0xb10/0xb10 [ 204.918303] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 204.923315] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 204.928491] RIP: 0033:0x455ab9 [ 204.931682] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 204.950874] RSP: 002b:00007f9b4e0a1c68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 20:43:23 executing program 4: preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000080)=""/148, 0x289}], 0x1, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/arp\x00') preadv(r0, &(0x7f0000000480), 0x10000000000002a1, 0x10400003) ioctl$TUNGETSNDBUF(0xffffffffffffffff, 0x800454d3, &(0x7f0000000000)) ioctl$PERF_EVENT_IOC_RESET(0xffffffffffffffff, 0x2403, 0x5) fcntl$setown(r0, 0x8, 0x0) r1 = epoll_create1(0x80006) r2 = socket(0x1d, 0x0, 0x1116) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r2, &(0x7f0000000000)={0xfffffffe8000201f}) setsockopt$inet_udp_int(r2, 0x11, 0x6f, &(0x7f0000000100)=0x7, 0x4) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r1, &(0x7f0000000540)={0x20000003}) ioctl$sock_netdev_private(r3, 0x89f0, &(0x7f0000000480)="dd6c4aae95babf1ba2cec8b824c3d8fd5e5e2a57f332e1c96456a1d00ea4ce51a18b3bfae24dc491ada880e92ffe5376d59852e5ee1b2cde661cadfb31d0a597bb36b5180ca4958e224ea71a6b099d1592d459f4f498fce378ebf9ec4774f407b189a23bfebadf74943b2858f72fd422c838df1af095ff") ioctl$BLKSECDISCARD(r3, 0x127d, &(0x7f0000000300)) r5 = perf_event_open(&(0x7f0000000140)={0x2, 0xb1, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) fcntl$getown(r5, 0x9) r6 = mq_open(&(0x7f00005a1ffb)='eth0\x00', 0x42, 0x0, &(0x7f0000000000)={0x0, 0x6, 0x4}) mq_notify(r6, &(0x7f0000000140)={0x0, 0x2e, 0x1, @thr={&(0x7f0000000040)="7be4d6b00202ca53878499e01146863a2e7c8ca45e1910e5eba6453bb6f234b5a1b1bca731970a74bfc8e1793749ea18156c9b8a615bfa2f506fcf44060d36e38f66f111149434d5139e416358ea33f34b4507cdc299f7868d5f186e6bd604", &(0x7f00000000c0)="3c5d8da40d1477844fc4c160b6004a90edc520a6935a49cf5da4c2b525d13146ed27d429c762a4b0e9aaed82555cd1ae800d"}}) r7 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rtc0\x00', 0x101004, 0x0) preadv(r7, &(0x7f0000000440)=[{&(0x7f0000000340)=""/249, 0xf9}], 0x1, 0x0) pipe2(&(0x7f0000000580)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) ioctl$SG_GET_PACK_ID(r8, 0x227c, &(0x7f00000005c0)) ppoll(&(0x7f00000001c0)=[{r6, 0x8000}, {r7, 0x420}], 0x2, &(0x7f0000000200)={0x77359400}, &(0x7f0000000240)={0x9}, 0x8) mq_timedsend(r6, &(0x7f00000e6000), 0x0, 0xe7, &(0x7f0000e0b000)) getsockopt$inet_udp_int(r3, 0x11, 0x1, &(0x7f0000000280), &(0x7f0000000640)=0x4) write$eventfd(r4, &(0x7f00000002c0)=0x43, 0x8) setsockopt$inet_mreq(r2, 0x0, 0x23, &(0x7f0000000500)={@local, @rand_addr=0x800}, 0x8) syz_genetlink_get_family_id$team(&(0x7f0000000780)='team\x00') 20:43:23 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x800) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008fd0)={0x0, 0x0, &(0x7f0000003fe8), 0x0, 0x0, &(0x7f0000009000)}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f000000dfd0)={0x3000000, 0x0, &(0x7f000000dfac), 0x1, 0x0, &(0x7f000000df36)="12"}) 20:43:23 executing program 3: write(0xffffffffffffffff, &(0x7f00000000c0)="d5067a26e495f04b78", 0x9) r0 = syz_open_dev$binder(&(0x7f0000872936)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x10, 0x0, &(0x7f0000005fd4)=[@acquire, @acquire={0x400c630e}], 0x0, 0x0, &(0x7f00000001c0)}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008fd0)={0x8, 0x0, &(0x7f00000000c0)=[@release={0x400c630f}], 0x0, 0x0, &(0x7f0000000f4d)}) 20:43:23 executing program 6: r0 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000000)='/dev/rfkill\x00', 0x800, 0x0) ioctl$SNDRV_TIMER_IOCTL_STOP(r0, 0x54a1) r1 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_int(r1, 0x29, 0x1000000000021, &(0x7f00000005c0)=0x1, 0x4) connect$inet6(r1, &(0x7f0000000240)={0xa, 0x0, 0x0, @local}, 0x1c) 20:43:23 executing program 2: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000001000)={0x0, 0x0, &(0x7f0000182000)={&(0x7f0000000200)={0x2, 0x4000000000000d, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, [@sadb_x_policy={0x8, 0x12, 0x0, 0x3, 0x0, 0x0, 0x0, {0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @in=@multicast1}}, @sadb_address={0x3, 0x6, 0x0, 0x0, 0x0, @in={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}}, @sadb_address={0x3, 0x5, 0x0, 0x0, 0x0, @in={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}}, @sadb_lifetime={0x4, 0x3}]}, 0xa0}}, 0x0) 20:43:23 executing program 7: [ 204.958570] RAX: ffffffffffffffda RBX: 00007f9b4e0a26d4 RCX: 0000000000455ab9 [ 204.965828] RDX: 0000000020000140 RSI: 0000000020000640 RDI: 0000000020000100 [ 204.973086] RBP: 000000000072bf50 R08: 00000000200001c0 R09: 0000000000000000 [ 204.980363] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000015 [ 204.987618] R13: 00000000004c01fb R14: 00000000004cfe38 R15: 0000000000000013 20:43:23 executing program 5 (fault-call:7 fault-nth:20): mkdir(&(0x7f000082f000)='./control\x00', 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x1032, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000e4c000)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0) write$sndseq(r1, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) mount(&(0x7f0000000100)='./control\x00', &(0x7f0000000640)='./control/file0\x00', &(0x7f0000000140)='proc\x00', 0x0, &(0x7f00000001c0)) lchown(&(0x7f0000000040)='./control/file0\x00', 0x0, 0x0) close(r0) 20:43:23 executing program 0: r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCSIFADDR(r0, 0x8916, &(0x7f00000000c0)={'bond_slave_0\x00'}) ioctl$sock_inet_SIOCSIFADDR(r0, 0xc0189436, &(0x7f0000000000)={'bond_slave_0\x00', {0x2, 0x0, @local}}) 20:43:23 executing program 7: 20:43:23 executing program 6: r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f00000005c0)=0x1, 0x4) connect$inet6(r0, &(0x7f0000000240)={0xa, 0x0, 0x0, @local}, 0x1c) getsockopt$inet_sctp6_SCTP_NODELAY(r0, 0x84, 0x3, &(0x7f0000000000), &(0x7f0000000040)=0x4) 20:43:23 executing program 2: [ 205.039316] binder: 11080:11081 unknown command 0 [ 205.041609] binder: 11073:11082 Acquire 1 refcount change on invalid ref 0 ret -22 [ 205.062826] binder: 11080:11081 ioctl c0306201 2000dfd0 returned -22 [ 205.071985] binder: 11073:11082 BC_REQUEST_DEATH_NOTIFICATION invalid ref 0 [ 205.081930] binder: 11073:11082 BC_CLEAR_DEATH_NOTIFICATION invalid ref 0 20:43:23 executing program 0: r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCSIFADDR(r0, 0x8916, &(0x7f00000000c0)={'bond_slave_0\x00'}) ioctl$sock_inet_SIOCSIFADDR(r0, 0x8906, &(0x7f0000000000)={'bond_slave_0\x00', {0x2, 0x0, @local}}) 20:43:23 executing program 7: [ 205.115974] binder: 11080:11100 unknown command 0 20:43:23 executing program 6: r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f00000005c0)=0x1, 0x4) connect$inet6(r0, &(0x7f0000000240)={0xa, 0x0, 0x0, @local}, 0x1c) prctl$setendian(0x14, 0x2) 20:43:23 executing program 2: 20:43:23 executing program 3: write(0xffffffffffffffff, &(0x7f00000000c0)="d5067a26e495f04b78", 0x9) r0 = syz_open_dev$binder(&(0x7f0000872936)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000000)={0x10, 0x0, &(0x7f0000005fd4)=[@acquire, @acquire={0x400c630e}], 0x0, 0x0, &(0x7f00000001c0)}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008fd0)={0x8, 0x0, &(0x7f00000000c0)=[@release={0x400c630f}], 0x0, 0x0, &(0x7f0000000f4d)}) [ 205.153158] binder: 11080:11100 ioctl c0306201 2000dfd0 returned -22 [ 205.228066] binder: 11114:11115 BC_CLEAR_DEATH_NOTIFICATION invalid ref 0 [ 205.913678] FAULT_INJECTION: forcing a failure. [ 205.913678] name failslab, interval 1, probability 0, space 0, times 0 [ 205.924975] CPU: 0 PID: 11124 Comm: syz-executor5 Not tainted 4.18.0-rc5-next-20180720+ #12 [ 205.935208] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 205.944553] Call Trace: [ 205.947153] dump_stack+0x1c9/0x2b4 [ 205.950778] ? dump_stack_print_info.cold.2+0x52/0x52 [ 205.955957] ? __kernel_text_address+0xd/0x40 [ 205.960439] ? unwind_get_return_address+0x61/0xa0 [ 205.965363] should_fail.cold.4+0xa/0x11 [ 205.969430] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 205.974523] ? save_stack+0xa9/0xd0 [ 205.978140] ? save_stack+0x43/0xd0 [ 205.981754] ? kasan_kmalloc+0xc4/0xe0 [ 205.985628] ? kmem_cache_alloc_trace+0x152/0x780 [ 205.990470] ? __memcg_init_list_lru_node+0x185/0x2d0 [ 205.995644] ? __list_lru_init+0x4d6/0x840 [ 205.999890] ? alloc_super+0x976/0xb10 [ 206.003771] ? vfs_get_super+0x6e/0x270 [ 206.007738] ? proc_get_tree+0x88/0xb0 [ 206.011622] ? vfs_get_tree+0x1cb/0x5c0 [ 206.015601] ? do_mount+0x6f2/0x1e20 [ 206.019304] ? ksys_mount+0x12d/0x140 [ 206.023111] ? __x64_sys_mount+0xbe/0x150 [ 206.027254] ? do_syscall_64+0x1b9/0x820 [ 206.031314] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 206.036672] ? save_stack+0xa9/0xd0 [ 206.040293] ? lock_acquire+0x1e4/0x540 [ 206.044259] ? fs_reclaim_acquire+0x20/0x20 [ 206.048583] ? lock_downgrade+0x8f0/0x8f0 [ 206.052729] ? __x64_sys_mount+0xbe/0x150 [ 206.056871] ? check_same_owner+0x340/0x340 [ 206.061200] ? rcu_note_context_switch+0x730/0x730 [ 206.066138] __should_failslab+0x124/0x180 [ 206.070379] should_failslab+0x9/0x14 [ 206.074795] kmem_cache_alloc_trace+0x2cb/0x780 [ 206.079457] ? kasan_kmalloc+0xc4/0xe0 [ 206.083337] __memcg_init_list_lru_node+0x185/0x2d0 [ 206.088347] ? kvfree_rcu+0x20/0x20 [ 206.091960] ? __kmalloc_node+0x47/0x70 [ 206.095919] __list_lru_init+0x4d6/0x840 [ 206.099966] ? list_lru_destroy+0x500/0x500 [ 206.104275] ? prealloc_shrinker+0x213/0x480 [ 206.108671] ? __init_waitqueue_head+0x9e/0x150 [ 206.113327] ? inactive_list_is_low+0x850/0x850 [ 206.117988] ? __lockdep_init_map+0x105/0x590 [ 206.122487] alloc_super+0x976/0xb10 [ 206.126194] ? destroy_unused_super.part.11+0x110/0x110 [ 206.131559] ? lock_downgrade+0x8f0/0x8f0 [ 206.135787] ? kasan_check_read+0x11/0x20 [ 206.139922] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 206.144503] ? kasan_check_write+0x14/0x20 [ 206.148724] ? do_raw_spin_lock+0xc1/0x200 [ 206.152947] ? ns_test_super+0x50/0x50 [ 206.156837] sget_fc+0x269/0x950 [ 206.160201] ? compare_single+0x10/0x10 [ 206.164180] ? alloc_super+0xb10/0xb10 [ 206.168058] ? kasan_kmalloc+0xc4/0xe0 [ 206.171938] ? __kmalloc_track_caller+0x311/0x760 [ 206.176775] ? proc_root_lookup+0x60/0x60 [ 206.180919] vfs_get_super+0x6e/0x270 [ 206.184736] proc_get_tree+0x88/0xb0 [ 206.188444] vfs_get_tree+0x1cb/0x5c0 [ 206.193550] do_mount+0x6f2/0x1e20 [ 206.197082] ? check_same_owner+0x340/0x340 [ 206.201388] ? lock_release+0xa30/0xa30 [ 206.205352] ? copy_mount_string+0x40/0x40 [ 206.209578] ? __do_page_fault+0x449/0xe50 [ 206.213809] ? retint_kernel+0x10/0x10 [ 206.217685] ? copy_mount_options+0x1f0/0x380 [ 206.222169] ? copy_mount_options+0x200/0x380 [ 206.227389] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 206.232916] ? copy_mount_options+0x285/0x380 [ 206.237402] ksys_mount+0x12d/0x140 [ 206.241027] __x64_sys_mount+0xbe/0x150 [ 206.244991] do_syscall_64+0x1b9/0x820 [ 206.249043] ? syscall_return_slowpath+0x5e0/0x5e0 [ 206.253969] ? syscall_return_slowpath+0x31d/0x5e0 [ 206.259064] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 206.264066] ? prepare_exit_to_usermode+0x291/0x3b0 [ 206.269082] ? perf_trace_sys_enter+0xb10/0xb10 [ 206.273747] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 206.278588] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 206.283764] RIP: 0033:0x455ab9 [ 206.286935] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 206.306134] RSP: 002b:00007f9b4e0a1c68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 20:43:25 executing program 4: preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000080)=""/148, 0x289}], 0x1, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/arp\x00') preadv(r0, &(0x7f0000000480), 0x10000000000002a1, 0x10400003) ioctl$TUNGETSNDBUF(0xffffffffffffffff, 0x800454d3, &(0x7f0000000000)) ioctl$PERF_EVENT_IOC_RESET(0xffffffffffffffff, 0x2403, 0x5) fcntl$setown(r0, 0x8, 0x0) r1 = epoll_create1(0x80006) r2 = socket(0x1d, 0x0, 0x1116) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r2, &(0x7f0000000000)={0xfffffffe8000201f}) setsockopt$inet_udp_int(r2, 0x11, 0x6f, &(0x7f0000000100)=0x7, 0x4) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r1, &(0x7f0000000540)={0x20000003}) ioctl$sock_netdev_private(r3, 0x89f0, &(0x7f0000000480)="dd6c4aae95babf1ba2cec8b824c3d8fd5e5e2a57f332e1c96456a1d00ea4ce51a18b3bfae24dc491ada880e92ffe5376d59852e5ee1b2cde661cadfb31d0a597bb36b5180ca4958e224ea71a6b099d1592d459f4f498fce378ebf9ec4774f407b189a23bfebadf74943b2858f72fd422c838df1af095ff") ioctl$BLKSECDISCARD(r3, 0x127d, &(0x7f0000000300)=0x6bb) r5 = perf_event_open(&(0x7f0000000140)={0x0, 0xb1, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) fcntl$getown(r5, 0x9) r6 = mq_open(&(0x7f00005a1ffb)='eth0\x00', 0x42, 0x0, &(0x7f0000000000)={0x0, 0x6, 0x4}) mq_notify(r6, &(0x7f0000000140)={0x0, 0x2e, 0x1, @thr={&(0x7f0000000040)="7be4d6b00202ca53878499e01146863a2e7c8ca45e1910e5eba6453bb6f234b5a1b1bca731970a74bfc8e1793749ea18156c9b8a615bfa2f506fcf44060d36e38f66f111149434d5139e416358ea33f34b4507cdc299f7868d5f186e6bd604", &(0x7f00000000c0)="3c5d8da40d1477844fc4c160b6004a90edc520a6935a49cf5da4c2b525d13146ed27d429c762a4b0e9aaed82555cd1ae800d"}}) r7 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rtc0\x00', 0x101004, 0x0) preadv(r7, &(0x7f0000000440)=[{&(0x7f0000000340)=""/249, 0xf9}], 0x1, 0x0) pipe2(&(0x7f0000000580)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) ioctl$SG_GET_PACK_ID(r8, 0x227c, &(0x7f00000005c0)) ppoll(&(0x7f00000001c0)=[{r6, 0x8000}, {r7, 0x420}], 0x2, &(0x7f0000000200)={0x77359400}, &(0x7f0000000240)={0x9}, 0x8) mq_timedsend(r6, &(0x7f00000e6000), 0x0, 0xe7, &(0x7f0000e0b000)) getsockopt$inet_udp_int(r3, 0x11, 0x1, &(0x7f0000000280), &(0x7f0000000640)=0x4) write$eventfd(r4, &(0x7f00000002c0)=0x43, 0x8) setsockopt$inet_mreq(r2, 0x0, 0x23, &(0x7f0000000500)={@local, @rand_addr=0x800}, 0x8) syz_genetlink_get_family_id$team(&(0x7f0000000780)='team\x00') 20:43:25 executing program 7: 20:43:25 executing program 0: r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCSIFADDR(r0, 0x8916, &(0x7f00000000c0)={'bond_slave_0\x00'}) ioctl$sock_inet_SIOCSIFADDR(r0, 0x890d, &(0x7f0000000000)={'bond_slave_0\x00', {0x2, 0x0, @local}}) 20:43:25 executing program 2: 20:43:25 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x800) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008fd0)={0x0, 0x0, &(0x7f0000003fe8), 0x0, 0x0, &(0x7f0000009000)}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f000000dfd0)={0x68000000, 0x0, &(0x7f000000dfac), 0x1, 0x0, &(0x7f000000df36)="12"}) 20:43:25 executing program 6: r0 = socket$inet6(0xa, 0x400000000003, 0x2) setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f00000005c0)=0x1, 0x4) connect$inet6(r0, &(0x7f0000000240)={0xa, 0x0, 0x0, @local}, 0x1c) [ 206.313842] RAX: ffffffffffffffda RBX: 00007f9b4e0a26d4 RCX: 0000000000455ab9 [ 206.321107] RDX: 0000000020000140 RSI: 0000000020000640 RDI: 0000000020000100 [ 206.328366] RBP: 000000000072bf50 R08: 00000000200001c0 R09: 0000000000000000 [ 206.335624] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000015 [ 206.342890] R13: 00000000004c01fb R14: 00000000004cfe38 R15: 0000000000000014 [ 206.391211] binder: 11131:11133 unknown command 0 20:43:25 executing program 5 (fault-call:7 fault-nth:21): mkdir(&(0x7f000082f000)='./control\x00', 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x1032, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000e4c000)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0) write$sndseq(r1, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) mount(&(0x7f0000000100)='./control\x00', &(0x7f0000000640)='./control/file0\x00', &(0x7f0000000140)='proc\x00', 0x0, &(0x7f00000001c0)) lchown(&(0x7f0000000040)='./control/file0\x00', 0x0, 0x0) close(r0) 20:43:25 executing program 3: write(0xffffffffffffffff, &(0x7f00000000c0)="d5067a26e495f04b78", 0x9) r0 = syz_open_dev$binder(&(0x7f0000872936)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000000)={0x10, 0x0, &(0x7f0000005fd4)=[@acquire, @acquire={0x400c630e}], 0x0, 0x0, &(0x7f00000001c0)}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008fd0)={0x8, 0x0, &(0x7f00000000c0)=[@release={0x400c630f}], 0x0, 0x0, &(0x7f0000000f4d)}) 20:43:25 executing program 7: 20:43:25 executing program 6: r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f00000005c0)=0x1, 0x4) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000500)='/dev/hwrng\x00', 0x30000, 0x0) getsockopt$bt_rfcomm_RFCOMM_LM(r1, 0x12, 0x3, &(0x7f0000000540), &(0x7f0000000580)=0x4) connect$inet6(r0, &(0x7f0000000240)={0xa, 0x0, 0x0, @local}, 0x1c) close(r0) 20:43:25 executing program 2: 20:43:25 executing program 0: r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCSIFADDR(r0, 0x8916, &(0x7f00000000c0)={'bond_slave_0\x00'}) ioctl$sock_inet_SIOCSIFADDR(r0, 0x8935, &(0x7f0000000000)={'bond_slave_0\x00', {0x2, 0x0, @local}}) [ 206.422966] binder: 11131:11133 ioctl c0306201 2000dfd0 returned -22 [ 206.450739] binder: 11131:11145 unknown command 0 20:43:25 executing program 2: 20:43:25 executing program 7: 20:43:25 executing program 0: r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCSIFADDR(r0, 0x8916, &(0x7f00000000c0)={'bond_slave_0\x00'}) ioctl$sock_inet_SIOCSIFADDR(r0, 0x8981, &(0x7f0000000000)={'bond_slave_0\x00', {0x2, 0x0, @local}}) [ 206.473487] binder: 11143:11146 BC_CLEAR_DEATH_NOTIFICATION invalid ref 0 [ 206.491797] binder: 11131:11145 ioctl c0306201 2000dfd0 returned -22 20:43:25 executing program 7: [ 207.282147] FAULT_INJECTION: forcing a failure. [ 207.282147] name failslab, interval 1, probability 0, space 0, times 0 [ 207.293484] CPU: 1 PID: 11177 Comm: syz-executor5 Not tainted 4.18.0-rc5-next-20180720+ #12 [ 207.302129] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 207.311482] Call Trace: [ 207.314080] dump_stack+0x1c9/0x2b4 [ 207.317707] ? dump_stack_print_info.cold.2+0x52/0x52 [ 207.322894] ? __kernel_text_address+0xd/0x40 [ 207.327505] ? unwind_get_return_address+0x61/0xa0 [ 207.332448] should_fail.cold.4+0xa/0x11 [ 207.336636] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 207.341766] ? save_stack+0xa9/0xd0 [ 207.345594] ? save_stack+0x43/0xd0 [ 207.349212] ? kasan_kmalloc+0xc4/0xe0 [ 207.353174] ? kmem_cache_alloc_trace+0x152/0x780 [ 207.358026] ? __memcg_init_list_lru_node+0x185/0x2d0 [ 207.363301] ? __list_lru_init+0x4d6/0x840 [ 207.367525] ? alloc_super+0x976/0xb10 [ 207.371413] ? vfs_get_super+0x6e/0x270 [ 207.375375] ? proc_get_tree+0x88/0xb0 [ 207.379265] ? vfs_get_tree+0x1cb/0x5c0 [ 207.383228] ? do_mount+0x6f2/0x1e20 [ 207.386934] ? ksys_mount+0x12d/0x140 [ 207.390830] ? __x64_sys_mount+0xbe/0x150 [ 207.394988] ? do_syscall_64+0x1b9/0x820 [ 207.399049] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 207.404424] ? save_stack+0xa9/0xd0 [ 207.408063] ? lock_acquire+0x1e4/0x540 [ 207.412034] ? fs_reclaim_acquire+0x20/0x20 [ 207.416373] ? lock_downgrade+0x8f0/0x8f0 [ 207.420543] ? __x64_sys_mount+0xbe/0x150 [ 207.424689] ? check_same_owner+0x340/0x340 [ 207.429033] ? rcu_note_context_switch+0x730/0x730 [ 207.433958] __should_failslab+0x124/0x180 [ 207.438184] should_failslab+0x9/0x14 [ 207.441982] kmem_cache_alloc_trace+0x2cb/0x780 [ 207.446642] ? kasan_kmalloc+0xc4/0xe0 [ 207.450649] __memcg_init_list_lru_node+0x185/0x2d0 [ 207.455661] ? kvfree_rcu+0x20/0x20 [ 207.459295] ? __kmalloc_node+0x47/0x70 [ 207.463264] __list_lru_init+0x4d6/0x840 [ 207.467315] ? list_lru_destroy+0x500/0x500 [ 207.471634] ? prealloc_shrinker+0x213/0x480 [ 207.476124] ? __init_waitqueue_head+0x9e/0x150 [ 207.480799] ? inactive_list_is_low+0x850/0x850 [ 207.485457] ? __lockdep_init_map+0x105/0x590 [ 207.489948] alloc_super+0x976/0xb10 [ 207.493657] ? destroy_unused_super.part.11+0x110/0x110 [ 207.499015] ? lock_downgrade+0x8f0/0x8f0 [ 207.503340] ? kasan_check_read+0x11/0x20 [ 207.507510] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 207.512232] ? kasan_check_write+0x14/0x20 [ 207.516482] ? do_raw_spin_lock+0xc1/0x200 [ 207.520707] ? ns_test_super+0x50/0x50 [ 207.524673] sget_fc+0x269/0x950 [ 207.528042] ? compare_single+0x10/0x10 [ 207.532023] ? alloc_super+0xb10/0xb10 [ 207.536252] ? kasan_kmalloc+0xc4/0xe0 [ 207.540129] ? __kmalloc_track_caller+0x311/0x760 [ 207.544980] ? proc_root_lookup+0x60/0x60 [ 207.549128] vfs_get_super+0x6e/0x270 [ 207.552942] proc_get_tree+0x88/0xb0 [ 207.556662] vfs_get_tree+0x1cb/0x5c0 [ 207.560479] do_mount+0x6f2/0x1e20 [ 207.564204] ? check_same_owner+0x340/0x340 [ 207.568516] ? lock_release+0xa30/0xa30 [ 207.572482] ? copy_mount_string+0x40/0x40 [ 207.576710] ? __do_page_fault+0x449/0xe50 [ 207.581123] ? retint_kernel+0x10/0x10 [ 207.585006] ? copy_mount_options+0x1f0/0x380 [ 207.589498] ? copy_mount_options+0x200/0x380 [ 207.594097] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 207.600153] ? copy_mount_options+0x285/0x380 [ 207.604737] ksys_mount+0x12d/0x140 [ 207.608371] __x64_sys_mount+0xbe/0x150 [ 207.612337] do_syscall_64+0x1b9/0x820 [ 207.616216] ? syscall_return_slowpath+0x5e0/0x5e0 [ 207.621132] ? syscall_return_slowpath+0x31d/0x5e0 [ 207.626065] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 207.631071] ? prepare_exit_to_usermode+0x291/0x3b0 [ 207.636166] ? perf_trace_sys_enter+0xb10/0xb10 [ 207.640844] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 207.645814] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 207.651036] RIP: 0033:0x455ab9 [ 207.654213] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 207.674275] RSP: 002b:00007f9b4e0a1c68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 20:43:26 executing program 4: preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000080)=""/148, 0x289}], 0x1, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/arp\x00') preadv(r0, &(0x7f0000000480), 0x10000000000002a1, 0x10400003) ioctl$TUNGETSNDBUF(0xffffffffffffffff, 0x800454d3, &(0x7f0000000000)) ioctl$PERF_EVENT_IOC_RESET(0xffffffffffffffff, 0x2403, 0x5) fcntl$setown(r0, 0x8, 0x0) r1 = epoll_create1(0x80006) r2 = socket(0x1d, 0x0, 0x1116) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r2, &(0x7f0000000000)={0xfffffffe8000201f}) setsockopt$inet_udp_int(r2, 0x11, 0x6f, &(0x7f0000000100)=0x7, 0x4) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r1, &(0x7f0000000540)={0x20000003}) ioctl$sock_netdev_private(r3, 0x89f0, &(0x7f0000000480)="dd6c4aae95babf1ba2cec8b824c3d8fd5e5e2a57f332e1c96456a1d00ea4ce51a18b3bfae24dc491ada880e92ffe5376d59852e5ee1b2cde661cadfb31d0a597bb36b5180ca4958e224ea71a6b099d1592d459f4f498fce378ebf9ec4774f407b189a23bfebadf74943b2858f72fd422c838df1af095ff") ioctl$BLKSECDISCARD(r3, 0x127d, &(0x7f0000000300)=0x6bb) r5 = perf_event_open(&(0x7f0000000140)={0x2, 0xb1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) fcntl$getown(r5, 0x9) r6 = mq_open(&(0x7f00005a1ffb)='eth0\x00', 0x42, 0x0, &(0x7f0000000000)={0x0, 0x6, 0x4}) mq_notify(r6, &(0x7f0000000140)={0x0, 0x2e, 0x1, @thr={&(0x7f0000000040)="7be4d6b00202ca53878499e01146863a2e7c8ca45e1910e5eba6453bb6f234b5a1b1bca731970a74bfc8e1793749ea18156c9b8a615bfa2f506fcf44060d36e38f66f111149434d5139e416358ea33f34b4507cdc299f7868d5f186e6bd604", &(0x7f00000000c0)="3c5d8da40d1477844fc4c160b6004a90edc520a6935a49cf5da4c2b525d13146ed27d429c762a4b0e9aaed82555cd1ae800d"}}) r7 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rtc0\x00', 0x101004, 0x0) preadv(r7, &(0x7f0000000440)=[{&(0x7f0000000340)=""/249, 0xf9}], 0x1, 0x0) pipe2(&(0x7f0000000580)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) ioctl$SG_GET_PACK_ID(r8, 0x227c, &(0x7f00000005c0)) ppoll(&(0x7f00000001c0)=[{r6, 0x8000}, {r7, 0x420}], 0x2, &(0x7f0000000200)={0x77359400}, &(0x7f0000000240)={0x9}, 0x8) mq_timedsend(r6, &(0x7f00000e6000), 0x0, 0xe7, &(0x7f0000e0b000)) getsockopt$inet_udp_int(r3, 0x11, 0x1, &(0x7f0000000280), &(0x7f0000000640)=0x4) write$eventfd(r4, &(0x7f00000002c0)=0x43, 0x8) setsockopt$inet_mreq(r2, 0x0, 0x23, &(0x7f0000000500)={@local, @rand_addr=0x800}, 0x8) syz_genetlink_get_family_id$team(&(0x7f0000000780)='team\x00') 20:43:26 executing program 3: write(0xffffffffffffffff, &(0x7f00000000c0)="d5067a26e495f04b78", 0x9) r0 = syz_open_dev$binder(&(0x7f0000872936)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000000)={0x10, 0x0, &(0x7f0000005fd4)=[@acquire, @acquire={0x400c630e}], 0x0, 0x0, &(0x7f00000001c0)}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008fd0)={0x8, 0x0, &(0x7f00000000c0)=[@release={0x400c630f}], 0x0, 0x0, &(0x7f0000000f4d)}) 20:43:26 executing program 6: r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f00000005c0)=0x1, 0x4) setsockopt$inet6_MRT6_DEL_MFC_PROXY(r0, 0x29, 0xd3, &(0x7f0000000080)={{0xa, 0x4e22, 0x6, @empty, 0x5}, {0xa, 0x4e23, 0x21e9, @loopback, 0x2}, 0x9, [0x80, 0x0, 0x99, 0x8, 0x4, 0x9, 0x2, 0x2]}, 0x5c) setsockopt$inet6_mtu(r0, 0x29, 0x17, &(0x7f0000000040)=0x3, 0x4) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x4, @local, 0x4}, 0x1c) 20:43:26 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x800) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008fd0)={0x0, 0x0, &(0x7f0000003fe8), 0x0, 0x0, &(0x7f0000009000)}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f000000dfd0)={0x7400, 0x0, &(0x7f000000dfac), 0x1, 0x0, &(0x7f000000df36)="12"}) 20:43:26 executing program 2: 20:43:26 executing program 7: [ 207.682065] RAX: ffffffffffffffda RBX: 00007f9b4e0a26d4 RCX: 0000000000455ab9 [ 207.689336] RDX: 0000000020000140 RSI: 0000000020000640 RDI: 0000000020000100 [ 207.696984] RBP: 000000000072bf50 R08: 00000000200001c0 R09: 0000000000000000 [ 207.704857] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000015 [ 207.712118] R13: 00000000004c01fb R14: 00000000004cfe38 R15: 0000000000000015 [ 207.753855] binder: 11188:11189 BC_CLEAR_DEATH_NOTIFICATION invalid ref 0 [ 207.764988] binder: 11185:11186 unknown command 0 [ 207.774290] binder: 11185:11186 ioctl c0306201 2000dfd0 returned -22 20:43:26 executing program 5 (fault-call:7 fault-nth:22): mkdir(&(0x7f000082f000)='./control\x00', 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x1032, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000e4c000)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0) write$sndseq(r1, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) mount(&(0x7f0000000100)='./control\x00', &(0x7f0000000640)='./control/file0\x00', &(0x7f0000000140)='proc\x00', 0x0, &(0x7f00000001c0)) lchown(&(0x7f0000000040)='./control/file0\x00', 0x0, 0x0) close(r0) 20:43:26 executing program 0: r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCSIFADDR(r0, 0x8916, &(0x7f00000000c0)={'bond_slave_0\x00'}) ioctl$sock_inet_SIOCSIFADDR(r0, 0x891c, &(0x7f0000000000)={'bond_slave_0\x00', {0x2, 0x0, @local}}) 20:43:26 executing program 7: 20:43:26 executing program 2: 20:43:26 executing program 3: write(0xffffffffffffffff, &(0x7f00000000c0)="d5067a26e495f04b78", 0x9) r0 = syz_open_dev$binder(&(0x7f0000872936)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire={0x400c630e}], 0x0, 0x0, &(0x7f00000001c0)}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008fd0)={0x8, 0x0, &(0x7f00000000c0)=[@release={0x400c630f}], 0x0, 0x0, &(0x7f0000000f4d)}) 20:43:26 executing program 7: 20:43:26 executing program 2: [ 207.801611] binder: 11185:11192 unknown command 0 [ 207.814364] binder: 11185:11192 ioctl c0306201 2000dfd0 returned -22 [ 207.841628] binder: 11200:11201 BC_REQUEST_DEATH_NOTIFICATION invalid ref 0 20:43:26 executing program 0: r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCSIFADDR(r0, 0x8916, &(0x7f00000000c0)={'bond_slave_0\x00'}) ioctl$sock_inet_SIOCSIFADDR(r0, 0x8903, &(0x7f0000000000)={'bond_slave_0\x00', {0x2, 0x0, @local}}) 20:43:26 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x800) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008fd0)={0x0, 0x0, &(0x7f0000003fe8), 0x0, 0x0, &(0x7f0000009000)}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f000000dfd0)={0x68, 0x0, &(0x7f000000dfac), 0x1, 0x0, &(0x7f000000df36)="12"}) 20:43:26 executing program 2: [ 207.874833] binder: 11200:11201 BC_CLEAR_DEATH_NOTIFICATION invalid ref 0 [ 207.951632] binder: 11216:11217 unknown command 0 [ 207.964313] binder: 11216:11217 ioctl c0306201 2000dfd0 returned -22 [ 207.976275] binder: 11216:11219 unknown command 0 [ 207.983812] binder: 11216:11219 ioctl c0306201 2000dfd0 returned -22 [ 208.652187] FAULT_INJECTION: forcing a failure. [ 208.652187] name failslab, interval 1, probability 0, space 0, times 0 [ 208.663566] CPU: 0 PID: 11227 Comm: syz-executor5 Not tainted 4.18.0-rc5-next-20180720+ #12 [ 208.672061] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 208.681538] Call Trace: [ 208.685190] dump_stack+0x1c9/0x2b4 [ 208.688848] ? dump_stack_print_info.cold.2+0x52/0x52 [ 208.694052] should_fail.cold.4+0xa/0x11 [ 208.698107] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 208.703205] ? save_stack+0xa9/0xd0 [ 208.706832] ? save_stack+0x43/0xd0 [ 208.710448] ? kasan_kmalloc+0xc4/0xe0 [ 208.714368] ? __kmalloc+0x14e/0x760 [ 208.718086] ? __list_lru_init+0x151/0x840 [ 208.722323] ? alloc_super+0x9a6/0xb10 [ 208.726198] ? sget_fc+0x269/0x950 [ 208.729741] ? vfs_get_super+0x6e/0x270 [ 208.733708] ? proc_get_tree+0x88/0xb0 [ 208.737598] ? vfs_get_tree+0x1cb/0x5c0 [ 208.741561] ? do_mount+0x6f2/0x1e20 [ 208.745268] ? ksys_mount+0x12d/0x140 [ 208.749061] ? __x64_sys_mount+0xbe/0x150 [ 208.753196] ? do_syscall_64+0x1b9/0x820 [ 208.757247] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 208.762614] ? lock_acquire+0x1e4/0x540 [ 208.766582] ? fs_reclaim_acquire+0x20/0x20 [ 208.770896] ? lock_downgrade+0x8f0/0x8f0 [ 208.775038] ? check_same_owner+0x340/0x340 [ 208.779355] ? rcu_note_context_switch+0x730/0x730 [ 208.784276] __should_failslab+0x124/0x180 [ 208.788588] should_failslab+0x9/0x14 [ 208.792377] kmem_cache_alloc_node_trace+0x26f/0x770 [ 208.797465] ? kasan_kmalloc+0xc4/0xe0 [ 208.801350] __kmalloc_node+0x33/0x70 [ 208.805148] kvmalloc_node+0x65/0xf0 [ 208.808851] __list_lru_init+0x5d9/0x840 [ 208.812897] ? list_lru_destroy+0x500/0x500 [ 208.817205] ? prealloc_shrinker+0x213/0x480 [ 208.821614] ? __init_waitqueue_head+0x9e/0x150 [ 208.826282] ? inactive_list_is_low+0x850/0x850 [ 208.830939] ? __lockdep_init_map+0x105/0x590 [ 208.835434] alloc_super+0x9a6/0xb10 [ 208.839159] ? destroy_unused_super.part.11+0x110/0x110 [ 208.844518] ? lock_downgrade+0x8f0/0x8f0 [ 208.848658] ? kasan_check_read+0x11/0x20 [ 208.852810] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 208.857392] ? kasan_check_write+0x14/0x20 [ 208.861619] ? do_raw_spin_lock+0xc1/0x200 [ 208.865856] ? ns_test_super+0x50/0x50 [ 208.869731] sget_fc+0x269/0x950 [ 208.873122] ? compare_single+0x10/0x10 [ 208.877090] ? alloc_super+0xb10/0xb10 [ 208.880964] ? kasan_kmalloc+0xc4/0xe0 [ 208.884841] ? __kmalloc_track_caller+0x311/0x760 [ 208.889681] ? proc_root_lookup+0x60/0x60 [ 208.894178] vfs_get_super+0x6e/0x270 [ 208.897973] proc_get_tree+0x88/0xb0 [ 208.901683] vfs_get_tree+0x1cb/0x5c0 [ 208.905487] do_mount+0x6f2/0x1e20 [ 208.909028] ? check_same_owner+0x340/0x340 [ 208.913344] ? lock_release+0xa30/0xa30 [ 208.917322] ? copy_mount_string+0x40/0x40 [ 208.921550] ? __do_page_fault+0x449/0xe50 [ 208.925774] ? retint_kernel+0x10/0x10 [ 208.929654] ? copy_mount_options+0x1f0/0x380 [ 208.934148] ? copy_mount_options+0x200/0x380 [ 208.938633] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 208.944169] ? copy_mount_options+0x285/0x380 [ 208.948658] ksys_mount+0x12d/0x140 [ 208.952453] __x64_sys_mount+0xbe/0x150 [ 208.956435] do_syscall_64+0x1b9/0x820 [ 208.960496] ? syscall_return_slowpath+0x5e0/0x5e0 [ 208.965415] ? syscall_return_slowpath+0x31d/0x5e0 [ 208.970420] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 208.975441] ? prepare_exit_to_usermode+0x291/0x3b0 [ 208.980546] ? perf_trace_sys_enter+0xb10/0xb10 [ 208.985209] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 208.990048] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 208.995227] RIP: 0033:0x455ab9 [ 208.998398] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 209.018389] RSP: 002b:00007f9b4e0a1c68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 209.026112] RAX: ffffffffffffffda RBX: 00007f9b4e0a26d4 RCX: 0000000000455ab9 [ 209.033369] RDX: 0000000020000140 RSI: 0000000020000640 RDI: 0000000020000100 [ 209.040624] RBP: 000000000072bf50 R08: 00000000200001c0 R09: 0000000000000000 20:43:27 executing program 0: r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCSIFADDR(r0, 0x8916, &(0x7f00000000c0)={'bond_slave_0\x00'}) ioctl$sock_inet_SIOCSIFADDR(r0, 0x891b, &(0x7f0000000000)={'bond_slave_0\x00', {0x2, 0x0, @local}}) 20:43:27 executing program 7: 20:43:27 executing program 3: write(0xffffffffffffffff, &(0x7f00000000c0)="d5067a26e495f04b78", 0x9) r0 = syz_open_dev$binder(&(0x7f0000872936)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire={0x400c630e}], 0x0, 0x0, &(0x7f00000001c0)}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008fd0)={0x8, 0x0, &(0x7f00000000c0)=[@release={0x400c630f}], 0x0, 0x0, &(0x7f0000000f4d)}) 20:43:27 executing program 2: 20:43:27 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x800) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008fd0)={0x0, 0x0, &(0x7f0000003fe8), 0x0, 0x0, &(0x7f0000009000)}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f000000dfd0)={0x6c00000000000000, 0x0, &(0x7f000000dfac), 0x1, 0x0, &(0x7f000000df36)="12"}) 20:43:27 executing program 4: preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000080)=""/148, 0x289}], 0x1, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/arp\x00') preadv(r0, &(0x7f0000000480), 0x10000000000002a1, 0x10400003) ioctl$TUNGETSNDBUF(0xffffffffffffffff, 0x800454d3, &(0x7f0000000000)) ioctl$PERF_EVENT_IOC_RESET(0xffffffffffffffff, 0x2403, 0x5) fcntl$setown(r0, 0x8, 0x0) r1 = epoll_create1(0x80006) r2 = socket(0x1d, 0x0, 0x1116) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r2, &(0x7f0000000000)={0xfffffffe8000201f}) setsockopt$inet_udp_int(r2, 0x11, 0x6f, &(0x7f0000000100)=0x7, 0x4) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r1, &(0x7f0000000540)={0x20000003}) ioctl$sock_netdev_private(r3, 0x89f0, &(0x7f0000000480)="dd6c4aae95babf1ba2cec8b824c3d8fd5e5e2a57f332e1c96456a1d00ea4ce51a18b3bfae24dc491ada880e92ffe5376d59852e5ee1b2cde661cadfb31d0a597bb36b5180ca4958e224ea71a6b099d1592d459f4f498fce378ebf9ec4774f407b189a23bfebadf74943b2858f72fd422c838df1af095ff") ioctl$BLKSECDISCARD(r3, 0x127d, &(0x7f0000000300)=0x6bb) r5 = perf_event_open(&(0x7f0000000140)={0x2, 0xb1, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) fcntl$getown(r5, 0x9) r6 = mq_open(&(0x7f00005a1ffb)='eth0\x00', 0x42, 0x0, &(0x7f0000000000)={0x0, 0x6, 0x4}) mq_notify(r6, &(0x7f0000000140)={0x0, 0x2e, 0x1, @thr={&(0x7f0000000040)="7be4d6b00202ca53878499e01146863a2e7c8ca45e1910e5eba6453bb6f234b5a1b1bca731970a74bfc8e1793749ea18156c9b8a615bfa2f506fcf44060d36e38f66f111149434d5139e416358ea33f34b4507cdc299f7868d5f186e6bd604", &(0x7f00000000c0)="3c5d8da40d1477844fc4c160b6004a90edc520a6935a49cf5da4c2b525d13146ed27d429c762a4b0e9aaed82555cd1ae800d"}}) r7 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rtc0\x00', 0x101004, 0x0) preadv(r7, &(0x7f0000000440)=[{&(0x7f0000000340)=""/249, 0xf9}], 0x1, 0x0) pipe2(&(0x7f0000000580)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) ioctl$SG_GET_PACK_ID(r8, 0x227c, &(0x7f00000005c0)) ppoll(&(0x7f00000001c0)=[{r6, 0x8000}, {r7, 0x420}], 0x2, &(0x7f0000000200)={0x77359400}, &(0x7f0000000240)={0x9}, 0x8) mq_timedsend(r6, &(0x7f00000e6000), 0x0, 0xe7, &(0x7f0000e0b000)) getsockopt$inet_udp_int(r3, 0x11, 0x1, &(0x7f0000000280), &(0x7f0000000640)=0x4) write$eventfd(r4, &(0x7f00000002c0)=0x43, 0x8) setsockopt$inet_mreq(r2, 0x0, 0x23, &(0x7f0000000500)={@local, @rand_addr=0x800}, 0x8) syz_genetlink_get_family_id$team(&(0x7f0000000780)='team\x00') [ 209.047881] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000015 [ 209.055140] R13: 00000000004c01fb R14: 00000000004cfe38 R15: 0000000000000016 [ 209.090306] binder: 11230:11231 unknown command 0 20:43:27 executing program 5 (fault-call:7 fault-nth:23): mkdir(&(0x7f000082f000)='./control\x00', 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x1032, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000e4c000)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0) write$sndseq(r1, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) mount(&(0x7f0000000100)='./control\x00', &(0x7f0000000640)='./control/file0\x00', &(0x7f0000000140)='proc\x00', 0x0, &(0x7f00000001c0)) lchown(&(0x7f0000000040)='./control/file0\x00', 0x0, 0x0) close(r0) 20:43:27 executing program 6: r0 = socket$inet6(0xa, 0x1, 0x0) r1 = socket$l2tp(0x18, 0x1, 0x1) getsockopt$sock_linger(r1, 0x1, 0xd, &(0x7f0000000000), &(0x7f0000000040)=0x8) setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f00000005c0)=0x1, 0x4) connect$inet6(r0, &(0x7f0000000240)={0xa, 0x0, 0x0, @local}, 0x1c) 20:43:27 executing program 2: 20:43:27 executing program 7: 20:43:27 executing program 0: r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCSIFADDR(r0, 0x8916, &(0x7f00000000c0)={'bond_slave_0\x00'}) ioctl$sock_inet_SIOCSIFADDR(r0, 0x8953, &(0x7f0000000000)={'bond_slave_0\x00', {0x2, 0x0, @local}}) [ 209.101080] binder: 11234:11237 BC_REQUEST_DEATH_NOTIFICATION invalid ref 0 [ 209.124279] binder: 11230:11231 ioctl c0306201 2000dfd0 returned -22 [ 209.136661] binder: 11234:11237 BC_CLEAR_DEATH_NOTIFICATION invalid ref 0 [ 209.153684] binder: 11230:11243 unknown command 0 20:43:27 executing program 7: 20:43:27 executing program 2: 20:43:27 executing program 6: r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f00000005c0)=0x1, 0x4) connect$inet6(r0, &(0x7f0000000240)={0xa, 0x0, 0x0, @local}, 0x1c) openat$rfkill(0xffffffffffffff9c, &(0x7f0000000000)='/dev/rfkill\x00', 0x200, 0x0) 20:43:27 executing program 3: write(0xffffffffffffffff, &(0x7f00000000c0)="d5067a26e495f04b78", 0x9) r0 = syz_open_dev$binder(&(0x7f0000872936)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire={0x400c630e}], 0x0, 0x0, &(0x7f00000001c0)}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008fd0)={0x8, 0x0, &(0x7f00000000c0)=[@release={0x400c630f}], 0x0, 0x0, &(0x7f0000000f4d)}) 20:43:27 executing program 0: r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCSIFADDR(r0, 0x8916, &(0x7f00000000c0)={'bond_slave_0\x00'}) ioctl$sock_inet_SIOCSIFADDR(r0, 0x5450, &(0x7f0000000000)={'bond_slave_0\x00', {0x2, 0x0, @local}}) [ 209.213165] binder: 11230:11243 ioctl c0306201 2000dfd0 returned -22 20:43:28 executing program 7: 20:43:28 executing program 6: r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f00000005c0)=0x1, 0x4) connect$inet6(r0, &(0x7f0000000240)={0xa, 0x0, 0x0, @local}, 0x1c) r1 = memfd_create(&(0x7f0000000140)='\x00', 0x0) setsockopt$IPT_SO_SET_REPLACE(r1, 0x0, 0x40, &(0x7f00000007c0)=ANY=[@ANYBLOB="7261770000000000009e9a000000510000000000000000000000000000200009f1ffff02000000a002000000000001000100000802000001000000080200000802040008020000030000000ee0fed6290202ce1aeb3505107f0ec7a6557163ee98d39e", @ANYPTR=&(0x7f0000000600)=ANY=[@ANYBLOB="e0ff00000000000000000000000000000000560000765a00000000000000000000c7000000000000000000000000000012d672cc2f0524a22416188633ceaa154ab4bb6cdf907949bc1de88537e26f4935bf91e94c8a0ce604c0088eaa4d94b8810be74459c407dd4725a36a9ad70c65fd04c31ab82ae7d27e79bd1d809c05744b79e7cae47754c779cd5a3a490bf0633e0cd3ea7f83ae5c246b5957bd104a5bf6ec93208a41ef43cb919d289f9580f98d327dc1401ace237ca1ffc56908fadf639a01b0e9879b7d38fccf26ab585da0bf5c611ee961e1018bf705e130aa34deb464ff556d7d4a11f7b2bbf71632beaadeff3d3d06c0db4fa62cc8c175edaa12452c5bac442258370c654d859289b0569f9964554519cc090a63ef1156415192f11ec47bb81cf363ff222a85a3434a016fceb52fd1c4a62ec7888d268d2b34f8ab41cabeffda4c195228b147577958cd5a9ac5a8cd3931af0559b7fdbaa86c3f8402880ce11616802ae8d8d9c39c5f2fa95ec5d03292a222ac1e532e233713cbce3ed3e0d4c160c9472571"], @ANYBLOB="00000000ac1414aa000000ff000000006970366772653000000000000000000076657468315f746f5f626f6e64000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ff000000000000000000000000000000ae0003020000000000000000000000000000c00020010000000000000000000000000000000000000000000000002800727066696c746572000000000000000000000000000000000000000000000d000000000000006000434c5553544552495000000000000000000000000000000000000000000000000000aaaaaaaaaabb01020a0017003c000f00030030000f000600100025000d00250023002e00270001002000000000000000080000000500000000000000e0000002e0000001ffffff00ffffffff7465716c30000000000000000000000073797a5f74756e000000000000000000000000000000000000000000ff0000000000000000000000000000000000000000000000000000000000ff000000000000000000000000000000bb0001100000000000000000000000000000c000e800000000000000000000000000000000000000000000000000280069636d7000000000000000000000000000000000000000000000000000000f0205010000000028004e4651554555450000000000000000000000000000000000000000000002ab02001002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000000feffffff00000000"], 0x300) r2 = open(&(0x7f0000000000)='./file0\x00', 0x2, 0x2) ioctl$SNDRV_CTL_IOCTL_HWDEP_INFO(r2, 0x80dc5521, &(0x7f0000000040)=""/249) 20:43:28 executing program 2: [ 209.284700] binder: 11267:11268 BC_REQUEST_DEATH_NOTIFICATION invalid ref 0 20:43:28 executing program 7: 20:43:28 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x800) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008fd0)={0x0, 0x0, &(0x7f0000003fe8), 0x0, 0x0, &(0x7f0000009000)}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f000000dfd0)={0x4800000000000000, 0x0, &(0x7f000000dfac), 0x1, 0x0, &(0x7f000000df36)="12"}) [ 209.327468] binder: 11267:11268 BC_CLEAR_DEATH_NOTIFICATION invalid ref 0 [ 209.379154] binder: 11284:11285 unknown command 0 [ 209.402156] binder: 11284:11285 ioctl c0306201 2000dfd0 returned -22 [ 209.427510] binder: 11284:11290 unknown command 0 [ 209.432469] binder: 11284:11290 ioctl c0306201 2000dfd0 returned -22 [ 209.977101] FAULT_INJECTION: forcing a failure. [ 209.977101] name failslab, interval 1, probability 0, space 0, times 0 [ 209.988399] CPU: 1 PID: 11294 Comm: syz-executor5 Not tainted 4.18.0-rc5-next-20180720+ #12 [ 209.996897] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 210.006260] Call Trace: [ 210.008859] dump_stack+0x1c9/0x2b4 [ 210.012473] ? dump_stack_print_info.cold.2+0x52/0x52 [ 210.017659] should_fail.cold.4+0xa/0x11 [ 210.021712] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 210.026809] ? save_stack+0xa9/0xd0 [ 210.030419] ? save_stack+0x43/0xd0 [ 210.034037] ? kasan_kmalloc+0xc4/0xe0 [ 210.037914] ? __kmalloc+0x14e/0x760 [ 210.041647] ? __list_lru_init+0x151/0x840 [ 210.045872] ? alloc_super+0x9a6/0xb10 [ 210.049878] ? sget_fc+0x269/0x950 [ 210.053419] ? vfs_get_super+0x6e/0x270 [ 210.057403] ? proc_get_tree+0x88/0xb0 [ 210.061281] ? vfs_get_tree+0x1cb/0x5c0 [ 210.065250] ? do_mount+0x6f2/0x1e20 [ 210.068964] ? ksys_mount+0x12d/0x140 [ 210.072764] ? __x64_sys_mount+0xbe/0x150 [ 210.076902] ? do_syscall_64+0x1b9/0x820 [ 210.080968] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 210.086393] ? lock_acquire+0x1e4/0x540 [ 210.090357] ? fs_reclaim_acquire+0x20/0x20 [ 210.094756] ? lock_downgrade+0x8f0/0x8f0 [ 210.098923] ? check_same_owner+0x340/0x340 [ 210.103253] ? rcu_note_context_switch+0x730/0x730 [ 210.108193] __should_failslab+0x124/0x180 [ 210.112522] should_failslab+0x9/0x14 [ 210.116319] kmem_cache_alloc_node_trace+0x26f/0x770 [ 210.121418] ? kasan_kmalloc+0xc4/0xe0 [ 210.125319] __kmalloc_node+0x33/0x70 [ 210.129142] kvmalloc_node+0x65/0xf0 [ 210.132853] __list_lru_init+0x5d9/0x840 [ 210.136908] ? list_lru_destroy+0x500/0x500 [ 210.141234] ? prealloc_shrinker+0x213/0x480 [ 210.145636] ? __init_waitqueue_head+0x9e/0x150 [ 210.150523] ? inactive_list_is_low+0x850/0x850 [ 210.155204] ? __lockdep_init_map+0x105/0x590 [ 210.159692] alloc_super+0x9a6/0xb10 [ 210.163409] ? destroy_unused_super.part.11+0x110/0x110 [ 210.168767] ? lock_downgrade+0x8f0/0x8f0 [ 210.172913] ? kasan_check_read+0x11/0x20 [ 210.177053] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 210.181632] ? kasan_check_write+0x14/0x20 [ 210.185866] ? do_raw_spin_lock+0xc1/0x200 [ 210.190107] ? ns_test_super+0x50/0x50 [ 210.194346] sget_fc+0x269/0x950 [ 210.197730] ? compare_single+0x10/0x10 [ 210.201694] ? alloc_super+0xb10/0xb10 [ 210.205584] ? kasan_kmalloc+0xc4/0xe0 [ 210.209471] ? __kmalloc_track_caller+0x311/0x760 [ 210.214395] ? proc_root_lookup+0x60/0x60 [ 210.218554] vfs_get_super+0x6e/0x270 [ 210.222348] proc_get_tree+0x88/0xb0 [ 210.226649] vfs_get_tree+0x1cb/0x5c0 [ 210.230533] do_mount+0x6f2/0x1e20 [ 210.234065] ? check_same_owner+0x340/0x340 [ 210.238381] ? lock_release+0xa30/0xa30 [ 210.242353] ? copy_mount_string+0x40/0x40 [ 210.246619] ? __do_page_fault+0x449/0xe50 [ 210.250874] ? retint_kernel+0x10/0x10 [ 210.254785] ? copy_mount_options+0x1f0/0x380 [ 210.259557] ? copy_mount_options+0x200/0x380 [ 210.264051] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 210.269621] ? copy_mount_options+0x285/0x380 [ 210.274119] ksys_mount+0x12d/0x140 [ 210.277755] __x64_sys_mount+0xbe/0x150 [ 210.281728] do_syscall_64+0x1b9/0x820 [ 210.286127] ? syscall_return_slowpath+0x5e0/0x5e0 [ 210.291054] ? syscall_return_slowpath+0x31d/0x5e0 [ 210.295988] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 210.301094] ? prepare_exit_to_usermode+0x291/0x3b0 [ 210.306189] ? perf_trace_sys_enter+0xb10/0xb10 [ 210.310870] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 210.315733] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 210.320916] RIP: 0033:0x455ab9 [ 210.324089] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 210.343454] RSP: 002b:00007f9b4e0a1c68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 210.351176] RAX: ffffffffffffffda RBX: 00007f9b4e0a26d4 RCX: 0000000000455ab9 [ 210.358434] RDX: 0000000020000140 RSI: 0000000020000640 RDI: 0000000020000100 [ 210.365690] RBP: 000000000072bf50 R08: 00000000200001c0 R09: 0000000000000000 20:43:29 executing program 4: preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000080)=""/148, 0x289}], 0x1, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/arp\x00') preadv(r0, &(0x7f0000000480), 0x10000000000002a1, 0x10400003) ioctl$TUNGETSNDBUF(0xffffffffffffffff, 0x800454d3, &(0x7f0000000000)) ioctl$PERF_EVENT_IOC_RESET(0xffffffffffffffff, 0x2403, 0x5) fcntl$setown(r0, 0x8, 0x0) r1 = epoll_create1(0x80006) r2 = socket(0x1d, 0x0, 0x1116) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r2, &(0x7f0000000000)={0xfffffffe8000201f}) setsockopt$inet_udp_int(r2, 0x11, 0x6f, &(0x7f0000000100)=0x7, 0x4) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r1, &(0x7f0000000540)={0x20000003}) ioctl$sock_netdev_private(r3, 0x89f0, &(0x7f0000000480)="dd6c4aae95babf1ba2cec8b824c3d8fd5e5e2a57f332e1c96456a1d00ea4ce51a18b3bfae24dc491ada880e92ffe5376d59852e5ee1b2cde661cadfb31d0a597bb36b5180ca4958e224ea71a6b099d1592d459f4f498fce378ebf9ec4774f407b189a23bfebadf74943b2858f72fd422c838df1af095ff") ioctl$BLKSECDISCARD(r3, 0x127d, &(0x7f0000000300)=0x6bb) r5 = perf_event_open(&(0x7f0000000140)={0x2, 0xb1, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) fcntl$getown(0xffffffffffffffff, 0x9) r6 = mq_open(&(0x7f00005a1ffb)='eth0\x00', 0x42, 0x0, &(0x7f0000000000)={0x0, 0x6, 0x4}) mq_notify(r6, &(0x7f0000000140)={0x0, 0x2e, 0x1, @thr={&(0x7f0000000040)="7be4d6b00202ca53878499e01146863a2e7c8ca45e1910e5eba6453bb6f234b5a1b1bca731970a74bfc8e1793749ea18156c9b8a615bfa2f506fcf44060d36e38f66f111149434d5139e416358ea33f34b4507cdc299f7868d5f186e6bd604", &(0x7f00000000c0)="3c5d8da40d1477844fc4c160b6004a90edc520a6935a49cf5da4c2b525d13146ed27d429c762a4b0e9aaed82555cd1ae800d"}}) r7 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rtc0\x00', 0x101004, 0x0) preadv(r7, &(0x7f0000000440)=[{&(0x7f0000000340)=""/249, 0xf9}], 0x1, 0x0) pipe2(&(0x7f0000000580)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) ioctl$SG_GET_PACK_ID(r8, 0x227c, &(0x7f00000005c0)) ppoll(&(0x7f00000001c0)=[{r6, 0x8000}, {r7, 0x420}], 0x2, &(0x7f0000000200)={0x77359400}, &(0x7f0000000240)={0x9}, 0x8) mq_timedsend(r6, &(0x7f00000e6000), 0x0, 0xe7, &(0x7f0000e0b000)) getsockopt$inet_udp_int(r3, 0x11, 0x1, &(0x7f0000000280), &(0x7f0000000640)=0x4) write$eventfd(r4, &(0x7f00000002c0)=0x43, 0x8) setsockopt$inet_mreq(r2, 0x0, 0x23, &(0x7f0000000500)={@local, @rand_addr=0x800}, 0x8) syz_genetlink_get_family_id$team(&(0x7f0000000780)='team\x00') 20:43:29 executing program 5 (fault-call:7 fault-nth:24): mkdir(&(0x7f000082f000)='./control\x00', 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x1032, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000e4c000)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0) write$sndseq(r1, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) mount(&(0x7f0000000100)='./control\x00', &(0x7f0000000640)='./control/file0\x00', &(0x7f0000000140)='proc\x00', 0x0, &(0x7f00000001c0)) lchown(&(0x7f0000000040)='./control/file0\x00', 0x0, 0x0) close(r0) 20:43:29 executing program 0: r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCSIFADDR(r0, 0x8916, &(0x7f00000000c0)={'bond_slave_0\x00'}) ioctl$sock_inet_SIOCSIFADDR(r0, 0xc0045878, &(0x7f0000000000)={'bond_slave_0\x00', {0x2, 0x0, @local}}) 20:43:29 executing program 2: 20:43:29 executing program 6: r0 = socket$inet6(0xa, 0x4, 0xffffbff7) setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f00000005c0)=0x1, 0xffffffffffffff27) ioctl$fiemap(r0, 0xc020660b, &(0x7f0000000000)={0x39, 0xfff, 0x1, 0x7, 0x9, [{0xffffffffffffff78, 0x5, 0x7, 0x0, 0x0, 0x8}, {0x81, 0x7, 0x10001, 0x0, 0x0, 0x202}, {0x2, 0x9, 0x3f, 0x0, 0x0, 0x1400}, {0x5, 0x3, 0x3ff, 0x0, 0x0, 0x404}, {0xff, 0x9, 0x7fffffff, 0x0, 0x0, 0x100}, {0x7fffffff, 0x7, 0x80000000, 0x0, 0x0, 0x100}, {0x80000000, 0x20, 0x0, 0x0, 0x0, 0x786}, {0x10001, 0x3, 0x100000001, 0x0, 0x0, 0x80}, {0x9, 0xc6, 0x697e, 0x0, 0x0, 0x800}]}) connect$inet6(r0, &(0x7f0000000280)={0xa, 0x0, 0x800, @local, 0x20000000}, 0x1c) 20:43:29 executing program 3: write(0xffffffffffffffff, &(0x7f00000000c0)="d5067a26e495f04b78", 0x9) r0 = syz_open_dev$binder(&(0x7f0000872936)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire], 0x0, 0x0, &(0x7f00000001c0)}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008fd0)={0x8, 0x0, &(0x7f00000000c0)=[@release={0x400c630f}], 0x0, 0x0, &(0x7f0000000f4d)}) 20:43:29 executing program 7: 20:43:29 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x800) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008fd0)={0x0, 0x0, &(0x7f0000003fe8), 0x0, 0x0, &(0x7f0000009000)}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f000000dfd0)={0x2000000, 0x0, &(0x7f000000dfac), 0x1, 0x0, &(0x7f000000df36)="12"}) [ 210.372952] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000015 [ 210.380212] R13: 00000000004c01fb R14: 00000000004cfe38 R15: 0000000000000017 20:43:29 executing program 2: 20:43:29 executing program 6: r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f00000005c0)=0x1, 0x4) r1 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vga_arbiter\x00', 0x0, 0x0) r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000040)='/dev/hwrng\x00', 0x2000, 0x0) ioctl$FUSE_DEV_IOC_CLONE(r1, 0x8004e500, &(0x7f0000000080)=r2) connect$inet6(r0, &(0x7f0000000240)={0xa, 0x0, 0x0, @local}, 0x1c) 20:43:29 executing program 7: 20:43:29 executing program 0: r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCSIFADDR(r0, 0x8916, &(0x7f00000000c0)={'bond_slave_0\x00'}) ioctl$sock_inet_SIOCSIFADDR(r0, 0x8916, &(0x7f0000000000)={'bon<_slave_0\x00', {0x2, 0x0, @local}}) 20:43:29 executing program 2: [ 210.454409] binder: 11300:11310 unknown command 0 [ 210.462190] binder: 11305:11309 BC_CLEAR_DEATH_NOTIFICATION death notification not active [ 210.477455] binder: 11300:11310 ioctl c0306201 2000dfd0 returned -22 [ 210.495608] binder: 11300:11316 unknown command 0 20:43:29 executing program 7: 20:43:29 executing program 3: write(0xffffffffffffffff, &(0x7f00000000c0)="d5067a26e495f04b78", 0x9) r0 = syz_open_dev$binder(&(0x7f0000872936)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire], 0x0, 0x0, &(0x7f00000001c0)}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008fd0)={0x8, 0x0, &(0x7f00000000c0)=[@release={0x400c630f}], 0x0, 0x0, &(0x7f0000000f4d)}) 20:43:29 executing program 6: r0 = syz_open_dev$dmmidi(&(0x7f0000000000)='/dev/dmmidi#\x00', 0x7, 0x200) ioctl$KVM_DEASSIGN_PCI_DEVICE(r0, 0x4040ae72, &(0x7f0000000040)={0xbc, 0x4, 0x2, 0x0, 0x1c00000}) r1 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_int(r1, 0x29, 0x1000000000021, &(0x7f00000005c0)=0x1, 0x4) connect$inet6(r1, &(0x7f0000000240)={0xa, 0x0, 0x0, @local}, 0x1c) [ 210.551017] binder: 11300:11316 ioctl c0306201 2000dfd0 returned -22 [ 210.587916] binder: 11332:11333 BC_CLEAR_DEATH_NOTIFICATION death notification not active [ 211.273794] FAULT_INJECTION: forcing a failure. [ 211.273794] name failslab, interval 1, probability 0, space 0, times 0 [ 211.285103] CPU: 1 PID: 11350 Comm: syz-executor5 Not tainted 4.18.0-rc5-next-20180720+ #12 [ 211.293619] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 211.302977] Call Trace: [ 211.305579] dump_stack+0x1c9/0x2b4 [ 211.309303] ? dump_stack_print_info.cold.2+0x52/0x52 [ 211.314516] should_fail.cold.4+0xa/0x11 [ 211.318651] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 211.323757] ? is_bpf_text_address+0xd7/0x170 [ 211.328248] ? kernel_text_address+0x79/0xf0 [ 211.332654] ? __kernel_text_address+0xd/0x40 [ 211.337153] ? unwind_get_return_address+0x61/0xa0 [ 211.342112] ? __save_stack_trace+0x8d/0xf0 [ 211.346444] ? save_stack+0xa9/0xd0 [ 211.350095] ? lock_acquire+0x1e4/0x540 [ 211.354072] ? fs_reclaim_acquire+0x20/0x20 [ 211.358395] ? lock_downgrade+0x8f0/0x8f0 [ 211.362656] ? __x64_sys_mount+0xbe/0x150 [ 211.366826] ? check_same_owner+0x340/0x340 [ 211.371151] ? rcu_note_context_switch+0x730/0x730 [ 211.376077] __should_failslab+0x124/0x180 [ 211.380316] should_failslab+0x9/0x14 [ 211.384111] kmem_cache_alloc_trace+0x2cb/0x780 [ 211.388776] ? kasan_kmalloc+0xc4/0xe0 [ 211.392655] __memcg_init_list_lru_node+0x185/0x2d0 [ 211.397747] ? kvfree_rcu+0x20/0x20 [ 211.401364] ? __kmalloc_node+0x47/0x70 [ 211.405352] __list_lru_init+0x4d6/0x840 [ 211.409424] ? list_lru_destroy+0x500/0x500 [ 211.413752] ? prealloc_shrinker+0x213/0x480 [ 211.418150] ? __init_waitqueue_head+0x9e/0x150 [ 211.422812] ? inactive_list_is_low+0x850/0x850 [ 211.427484] ? __lockdep_init_map+0x105/0x590 [ 211.431994] alloc_super+0x9a6/0xb10 [ 211.435709] ? destroy_unused_super.part.11+0x110/0x110 [ 211.441075] ? lock_downgrade+0x8f0/0x8f0 [ 211.445231] ? kasan_check_read+0x11/0x20 [ 211.449380] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 211.453955] ? kasan_check_write+0x14/0x20 [ 211.458182] ? do_raw_spin_lock+0xc1/0x200 [ 211.462409] ? ns_test_super+0x50/0x50 [ 211.466287] sget_fc+0x269/0x950 [ 211.469642] ? compare_single+0x10/0x10 [ 211.473603] ? alloc_super+0xb10/0xb10 [ 211.477476] ? kasan_kmalloc+0xc4/0xe0 [ 211.481355] ? __kmalloc_track_caller+0x311/0x760 [ 211.486190] ? proc_root_lookup+0x60/0x60 [ 211.490343] vfs_get_super+0x6e/0x270 [ 211.494149] proc_get_tree+0x88/0xb0 [ 211.497867] vfs_get_tree+0x1cb/0x5c0 [ 211.501657] do_mount+0x6f2/0x1e20 [ 211.505204] ? check_same_owner+0x340/0x340 [ 211.509562] ? lock_release+0xa30/0xa30 [ 211.513540] ? copy_mount_string+0x40/0x40 [ 211.517766] ? __do_page_fault+0x449/0xe50 [ 211.522087] ? retint_kernel+0x10/0x10 [ 211.526031] ? copy_mount_options+0x1f0/0x380 [ 211.530538] ? copy_mount_options+0x200/0x380 [ 211.535176] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 211.540701] ? copy_mount_options+0x285/0x380 [ 211.545196] ksys_mount+0x12d/0x140 [ 211.548816] __x64_sys_mount+0xbe/0x150 [ 211.552804] do_syscall_64+0x1b9/0x820 [ 211.556681] ? finish_task_switch+0x1d3/0x870 [ 211.561166] ? syscall_return_slowpath+0x5e0/0x5e0 [ 211.566099] ? syscall_return_slowpath+0x31d/0x5e0 [ 211.571376] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 211.576380] ? prepare_exit_to_usermode+0x291/0x3b0 [ 211.581384] ? perf_trace_sys_enter+0xb10/0xb10 [ 211.586043] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 211.590913] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 211.596093] RIP: 0033:0x455ab9 [ 211.599264] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 20:43:30 executing program 4: preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000080)=""/148, 0x289}], 0x1, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/arp\x00') preadv(r0, &(0x7f0000000480), 0x10000000000002a1, 0x10400003) ioctl$TUNGETSNDBUF(0xffffffffffffffff, 0x800454d3, &(0x7f0000000000)) ioctl$PERF_EVENT_IOC_RESET(0xffffffffffffffff, 0x2403, 0x5) fcntl$setown(r0, 0x8, 0x0) r1 = epoll_create1(0x80006) r2 = socket(0x1d, 0x0, 0x1116) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r2, &(0x7f0000000000)={0xfffffffe8000201f}) setsockopt$inet_udp_int(r2, 0x11, 0x6f, &(0x7f0000000100)=0x7, 0x4) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r1, &(0x7f0000000540)={0x20000003}) ioctl$sock_netdev_private(r3, 0x89f0, &(0x7f0000000480)="dd6c4aae95babf1ba2cec8b824c3d8fd5e5e2a57f332e1c96456a1d00ea4ce51a18b3bfae24dc491ada880e92ffe5376d59852e5ee1b2cde661cadfb31d0a597bb36b5180ca4958e224ea71a6b099d1592d459f4f498fce378ebf9ec4774f407b189a23bfebadf74943b2858f72fd422c838df1af095ff") ioctl$BLKSECDISCARD(r3, 0x127d, &(0x7f0000000300)=0x6bb) r5 = perf_event_open(&(0x7f0000000140)={0x2, 0xb1, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) fcntl$getown(r5, 0x9) r6 = mq_open(&(0x7f00005a1ffb)='eth0\x00', 0x0, 0x0, &(0x7f0000000000)={0x0, 0x6, 0x4}) mq_notify(r6, &(0x7f0000000140)={0x0, 0x2e, 0x1, @thr={&(0x7f0000000040)="7be4d6b00202ca53878499e01146863a2e7c8ca45e1910e5eba6453bb6f234b5a1b1bca731970a74bfc8e1793749ea18156c9b8a615bfa2f506fcf44060d36e38f66f111149434d5139e416358ea33f34b4507cdc299f7868d5f186e6bd604", &(0x7f00000000c0)="3c5d8da40d1477844fc4c160b6004a90edc520a6935a49cf5da4c2b525d13146ed27d429c762a4b0e9aaed82555cd1ae800d"}}) r7 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rtc0\x00', 0x101004, 0x0) preadv(r7, &(0x7f0000000440)=[{&(0x7f0000000340)=""/249, 0xf9}], 0x1, 0x0) pipe2(&(0x7f0000000580)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) ioctl$SG_GET_PACK_ID(r8, 0x227c, &(0x7f00000005c0)) ppoll(&(0x7f00000001c0)=[{r6, 0x8000}, {r7, 0x420}], 0x2, &(0x7f0000000200)={0x77359400}, &(0x7f0000000240)={0x9}, 0x8) mq_timedsend(r6, &(0x7f00000e6000), 0x0, 0xe7, &(0x7f0000e0b000)) getsockopt$inet_udp_int(r3, 0x11, 0x1, &(0x7f0000000280), &(0x7f0000000640)=0x4) write$eventfd(r4, &(0x7f00000002c0)=0x43, 0x8) setsockopt$inet_mreq(r2, 0x0, 0x23, &(0x7f0000000500)={@local, @rand_addr=0x800}, 0x8) syz_genetlink_get_family_id$team(&(0x7f0000000780)='team\x00') [ 211.618522] RSP: 002b:00007f9b4e0a1c68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 211.626222] RAX: ffffffffffffffda RBX: 00007f9b4e0a26d4 RCX: 0000000000455ab9 [ 211.633526] RDX: 0000000020000140 RSI: 0000000020000640 RDI: 0000000020000100 [ 211.640784] RBP: 000000000072bf50 R08: 00000000200001c0 R09: 0000000000000000 [ 211.648043] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000015 [ 211.655394] R13: 00000000004c01fb R14: 00000000004cfe38 R15: 0000000000000018 20:43:30 executing program 5 (fault-call:7 fault-nth:25): mkdir(&(0x7f000082f000)='./control\x00', 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x1032, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000e4c000)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0) write$sndseq(r1, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) mount(&(0x7f0000000100)='./control\x00', &(0x7f0000000640)='./control/file0\x00', &(0x7f0000000140)='proc\x00', 0x0, &(0x7f00000001c0)) lchown(&(0x7f0000000040)='./control/file0\x00', 0x0, 0x0) close(r0) 20:43:30 executing program 7: 20:43:30 executing program 2: 20:43:30 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x800) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008fd0)={0x0, 0x0, &(0x7f0000003fe8), 0x0, 0x0, &(0x7f0000009000)}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f000000dfd0)={0x100000000000000, 0x0, &(0x7f000000dfac), 0x1, 0x0, &(0x7f000000df36)="12"}) 20:43:30 executing program 6: r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f00000005c0)=0x1, 0x4) connect$inet6(r0, &(0x7f0000000240)={0xa, 0x0, 0x0, @local}, 0x1c) r1 = syz_open_dev$admmidi(&(0x7f0000000000)='/dev/admmidi#\x00', 0x7, 0x8100) getsockopt$EBT_SO_GET_ENTRIES(r1, 0x0, 0x81, &(0x7f00000000c0)={'nat\x00', 0x0, 0x3, 0x15, [], 0x4, &(0x7f0000000040)=[{}, {}, {}, {}], &(0x7f0000000080)=""/21}, &(0x7f0000000140)=0x78) write$FUSE_NOTIFY_INVAL_INODE(r1, &(0x7f0000000180)={0x28, 0x2, 0x0, {0x3, 0x5, 0x9}}, 0x28) 20:43:30 executing program 0: r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCSIFADDR(r0, 0x8916, &(0x7f00000000c0)={'bond_slave_0\x00'}) ioctl$sock_inet_SIOCSIFADDR(r0, 0x8916, &(0x7f0000000000)={"626f6ec85f736c6176655f3000", {0x2, 0x0, @local}}) 20:43:30 executing program 3: write(0xffffffffffffffff, &(0x7f00000000c0)="d5067a26e495f04b78", 0x9) r0 = syz_open_dev$binder(&(0x7f0000872936)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire], 0x0, 0x0, &(0x7f00000001c0)}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008fd0)={0x8, 0x0, &(0x7f00000000c0)=[@release={0x400c630f}], 0x0, 0x0, &(0x7f0000000f4d)}) 20:43:30 executing program 7: 20:43:30 executing program 2: 20:43:30 executing program 6: r0 = openat$autofs(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/autofs\x00', 0x101000, 0x0) ioctl$SCSI_IOCTL_START_UNIT(r0, 0x5) r1 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_int(r1, 0x29, 0x80000c8, &(0x7f0000000040)=0x1, 0x4) r2 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x100) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000080)=0xce) connect$inet6(r1, &(0x7f0000000240)={0xa, 0x0, 0x0, @local}, 0x1c) getsockopt$inet_sctp_SCTP_RTOINFO(r2, 0x84, 0x0, &(0x7f00000000c0)={0x0, 0x5, 0x3, 0x4}, &(0x7f0000000100)=0x10) getsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r2, 0x84, 0x76, &(0x7f0000000140)={r3, 0xfff}, &(0x7f0000000180)=0x8) [ 211.733777] binder: 11363:11365 unknown command 0 [ 211.744408] binder: 11358:11366 BC_CLEAR_DEATH_NOTIFICATION death notification not active [ 211.750452] binder: 11363:11365 ioctl c0306201 2000dfd0 returned -22 20:43:30 executing program 2: 20:43:30 executing program 3: write(0xffffffffffffffff, &(0x7f00000000c0)="d5067a26e495f04b78", 0x9) r0 = syz_open_dev$binder(&(0x7f0000872936)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x10, 0x0, &(0x7f0000005fd4)=[@acquire, @acquire={0x400c630e}], 0x0, 0x0, &(0x7f00000001c0)}) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000008fd0)={0x8, 0x0, &(0x7f00000000c0)=[@release={0x400c630f}], 0x0, 0x0, &(0x7f0000000f4d)}) 20:43:30 executing program 7: [ 211.808127] binder: 11363:11378 unknown command 0 [ 211.821121] binder: 11363:11378 ioctl c0306201 2000dfd0 returned -22 20:43:30 executing program 6: r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f00000005c0)=0x1, 0x4) getsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, &(0x7f0000000180)={0x0, 0x2c, &(0x7f0000000140)=[@in6={0xa, 0x4e24, 0xfd, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x20}}, 0x9}, @in={0x2, 0x4e22, @loopback}]}, &(0x7f00000001c0)=0x10) setsockopt$inet_sctp6_SCTP_AUTH_KEY(r0, 0x84, 0x17, &(0x7f0000000280)={r1, 0x10000, 0xb4, "677079cb1742865b984eab43f37e44d6d1760acf59e7b525c849c99f1b71a4b31f02ca0151c1101e9fcf6ed69c97a8903de7cf15381c236b6a58b2e92c319f3eb905a5fd27c5f2ed3a69479dd409ce769e6e6287ee35a0ef1b56b0f693653a5947979e25d9902874a188fe18016069564162e64280136e01f9031459efa1eb1a2a6da4d81aea0ee88a0644f51534b2c9a5ba24a92297807eccd1d571d412265ed9764b683a066ab1a12266b6c1679b6f575b8d9f"}, 0xbc) connect$inet6(r0, &(0x7f0000000240)={0xa, 0x0, 0x0, @local}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e23, 0x7, @mcast1, 0x8}, 0x1c) socketpair$inet_sctp(0x2, 0x5, 0x84, &(0x7f0000000100)) 20:43:30 executing program 0: r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCSIFADDR(r0, 0x8916, &(0x7f00000000c0)={'bond_slave_0\x00'}) ioctl$sock_inet_SIOCSIFADDR(r0, 0x8916, &(0x7f0000000000)={'bonx_slave_0\x00', {0x2, 0x0, @local}}) [ 212.548609] FAULT_INJECTION: forcing a failure. [ 212.548609] name failslab, interval 1, probability 0, space 0, times 0 [ 212.559951] CPU: 0 PID: 11410 Comm: syz-executor5 Not tainted 4.18.0-rc5-next-20180720+ #12 [ 212.568449] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 212.577802] Call Trace: [ 212.580392] dump_stack+0x1c9/0x2b4 [ 212.584023] ? dump_stack_print_info.cold.2+0x52/0x52 [ 212.589204] should_fail.cold.4+0xa/0x11 [ 212.593257] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 212.598369] ? save_stack+0xa9/0xd0 [ 212.601995] ? save_stack+0x43/0xd0 [ 212.605608] ? kasan_kmalloc+0xc4/0xe0 [ 212.609483] ? __kmalloc+0x14e/0x760 [ 212.613197] ? __list_lru_init+0x151/0x840 [ 212.617417] ? alloc_super+0x9a6/0xb10 [ 212.621289] ? sget_fc+0x269/0x950 [ 212.624826] ? vfs_get_super+0x6e/0x270 [ 212.628790] ? proc_get_tree+0x88/0xb0 [ 212.632666] ? vfs_get_tree+0x1cb/0x5c0 [ 212.636628] ? do_mount+0x6f2/0x1e20 [ 212.640349] ? ksys_mount+0x12d/0x140 [ 212.644157] ? __x64_sys_mount+0xbe/0x150 [ 212.648304] ? do_syscall_64+0x1b9/0x820 [ 212.652361] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 212.657729] ? lock_acquire+0x1e4/0x540 [ 212.661727] ? fs_reclaim_acquire+0x20/0x20 [ 212.666044] ? lock_downgrade+0x8f0/0x8f0 [ 212.670193] ? check_same_owner+0x340/0x340 [ 212.674517] ? rcu_note_context_switch+0x730/0x730 [ 212.679441] __should_failslab+0x124/0x180 [ 212.683679] should_failslab+0x9/0x14 [ 212.687666] kmem_cache_alloc_node_trace+0x26f/0x770 [ 212.692759] ? kasan_kmalloc+0xc4/0xe0 [ 212.696655] __kmalloc_node+0x33/0x70 [ 212.700456] kvmalloc_node+0x65/0xf0 [ 212.704164] __list_lru_init+0x5d9/0x840 [ 212.708214] ? list_lru_destroy+0x500/0x500 [ 212.712536] ? prealloc_shrinker+0x213/0x480 [ 212.716948] ? __init_waitqueue_head+0x9e/0x150 [ 212.721706] ? inactive_list_is_low+0x850/0x850 [ 212.726383] ? __lockdep_init_map+0x105/0x590 [ 212.730979] alloc_super+0x9a6/0xb10 [ 212.734785] ? destroy_unused_super.part.11+0x110/0x110 [ 212.740160] ? lock_downgrade+0x8f0/0x8f0 [ 212.744302] ? kasan_check_read+0x11/0x20 [ 212.748439] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 212.753032] ? kasan_check_write+0x14/0x20 [ 212.757256] ? do_raw_spin_lock+0xc1/0x200 [ 212.761497] ? ns_test_super+0x50/0x50 [ 212.765378] sget_fc+0x269/0x950 [ 212.768750] ? compare_single+0x10/0x10 [ 212.772715] ? alloc_super+0xb10/0xb10 [ 212.776601] ? kasan_kmalloc+0xc4/0xe0 [ 212.780483] ? __kmalloc_track_caller+0x311/0x760 [ 212.785315] ? proc_root_lookup+0x60/0x60 [ 212.789452] vfs_get_super+0x6e/0x270 [ 212.793261] proc_get_tree+0x88/0xb0 [ 212.796973] vfs_get_tree+0x1cb/0x5c0 [ 212.801125] do_mount+0x6f2/0x1e20 [ 212.804671] ? copy_mount_string+0x40/0x40 [ 212.808913] ? __do_page_fault+0x449/0xe50 [ 212.813154] ? retint_kernel+0x10/0x10 [ 212.817050] ? copy_mount_options+0x1f0/0x380 [ 212.821536] ? copy_mount_options+0x200/0x380 [ 212.826025] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 212.831572] ? copy_mount_options+0x285/0x380 [ 212.836061] ksys_mount+0x12d/0x140 [ 212.839681] __x64_sys_mount+0xbe/0x150 [ 212.843660] do_syscall_64+0x1b9/0x820 [ 212.847539] ? syscall_return_slowpath+0x5e0/0x5e0 [ 212.852461] ? syscall_return_slowpath+0x31d/0x5e0 [ 212.857386] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 212.862397] ? prepare_exit_to_usermode+0x291/0x3b0 [ 212.867416] ? perf_trace_sys_enter+0xb10/0xb10 [ 212.872343] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 212.877183] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 212.882461] RIP: 0033:0x455ab9 20:43:31 executing program 4: preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000080)=""/148, 0x289}], 0x1, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/arp\x00') preadv(r0, &(0x7f0000000480), 0x10000000000002a1, 0x10400003) ioctl$TUNGETSNDBUF(0xffffffffffffffff, 0x800454d3, &(0x7f0000000000)) ioctl$PERF_EVENT_IOC_RESET(0xffffffffffffffff, 0x2403, 0x5) fcntl$setown(r0, 0x8, 0x0) r1 = epoll_create1(0x80006) r2 = socket(0x1d, 0x0, 0x1116) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r2, &(0x7f0000000000)={0xfffffffe8000201f}) setsockopt$inet_udp_int(r2, 0x11, 0x6f, &(0x7f0000000100)=0x7, 0x4) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r1, &(0x7f0000000540)={0x20000003}) ioctl$sock_netdev_private(r3, 0x89f0, &(0x7f0000000480)="dd6c4aae95babf1ba2cec8b824c3d8fd5e5e2a57f332e1c96456a1d00ea4ce51a18b3bfae24dc491ada880e92ffe5376d59852e5ee1b2cde661cadfb31d0a597bb36b5180ca4958e224ea71a6b099d1592d459f4f498fce378ebf9ec4774f407b189a23bfebadf74943b2858f72fd422c838df1af095ff") ioctl$BLKSECDISCARD(r3, 0x127d, &(0x7f0000000300)=0x6bb) r5 = perf_event_open(&(0x7f0000000140)={0x2, 0xb1, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) fcntl$getown(r5, 0x9) r6 = mq_open(&(0x7f00005a1ffb)='eth0\x00', 0x42, 0x0, &(0x7f0000000000)={0x0, 0x0, 0x4}) mq_notify(r6, &(0x7f0000000140)={0x0, 0x2e, 0x1, @thr={&(0x7f0000000040)="7be4d6b00202ca53878499e01146863a2e7c8ca45e1910e5eba6453bb6f234b5a1b1bca731970a74bfc8e1793749ea18156c9b8a615bfa2f506fcf44060d36e38f66f111149434d5139e416358ea33f34b4507cdc299f7868d5f186e6bd604", &(0x7f00000000c0)="3c5d8da40d1477844fc4c160b6004a90edc520a6935a49cf5da4c2b525d13146ed27d429c762a4b0e9aaed82555cd1ae800d"}}) r7 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rtc0\x00', 0x101004, 0x0) preadv(r7, &(0x7f0000000440)=[{&(0x7f0000000340)=""/249, 0xf9}], 0x1, 0x0) pipe2(&(0x7f0000000580)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) ioctl$SG_GET_PACK_ID(r8, 0x227c, &(0x7f00000005c0)) ppoll(&(0x7f00000001c0)=[{r6, 0x8000}, {r7, 0x420}], 0x2, &(0x7f0000000200)={0x77359400}, &(0x7f0000000240)={0x9}, 0x8) mq_timedsend(r6, &(0x7f00000e6000), 0x0, 0xe7, &(0x7f0000e0b000)) getsockopt$inet_udp_int(r3, 0x11, 0x1, &(0x7f0000000280), &(0x7f0000000640)=0x4) write$eventfd(r4, &(0x7f00000002c0)=0x43, 0x8) setsockopt$inet_mreq(r2, 0x0, 0x23, &(0x7f0000000500)={@local, @rand_addr=0x800}, 0x8) syz_genetlink_get_family_id$team(&(0x7f0000000780)='team\x00') [ 212.885630] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 212.904975] RSP: 002b:00007f9b4e0a1c68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 212.912674] RAX: ffffffffffffffda RBX: 00007f9b4e0a26d4 RCX: 0000000000455ab9 [ 212.919940] RDX: 0000000020000140 RSI: 0000000020000640 RDI: 0000000020000100 [ 212.927199] RBP: 000000000072bf50 R08: 00000000200001c0 R09: 0000000000000000 [ 212.934456] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000015 [ 212.941726] R13: 00000000004c01fb R14: 00000000004cfe38 R15: 0000000000000019 20:43:31 executing program 7: 20:43:31 executing program 5 (fault-call:7 fault-nth:26): mkdir(&(0x7f000082f000)='./control\x00', 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x1032, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000e4c000)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0) write$sndseq(r1, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) mount(&(0x7f0000000100)='./control\x00', &(0x7f0000000640)='./control/file0\x00', &(0x7f0000000140)='proc\x00', 0x0, &(0x7f00000001c0)) lchown(&(0x7f0000000040)='./control/file0\x00', 0x0, 0x0) close(r0) 20:43:31 executing program 2: 20:43:31 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x800) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008fd0)={0x0, 0x0, &(0x7f0000003fe8), 0x0, 0x0, &(0x7f0000009000)}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f000000dfd0)={0x5000000, 0x0, &(0x7f000000dfac), 0x1, 0x0, &(0x7f000000df36)="12"}) 20:43:31 executing program 3: write(0xffffffffffffffff, &(0x7f00000000c0)="d5067a26e495f04b78", 0x9) r0 = syz_open_dev$binder(&(0x7f0000872936)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x10, 0x0, &(0x7f0000005fd4)=[@acquire, @acquire={0x400c630e}], 0x0, 0x0, &(0x7f00000001c0)}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008fd0)={0x0, 0x0, &(0x7f00000000c0), 0x0, 0x0, &(0x7f0000000f4d)}) 20:43:31 executing program 0: r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCSIFADDR(r0, 0x8916, &(0x7f00000000c0)={'bond_slave_0\x00'}) ioctl$sock_inet_SIOCSIFADDR(r0, 0x8916, &(0x7f0000000000)={"626f6e645f736c6176655fc000", {0x2, 0x0, @local}}) 20:43:31 executing program 6: r0 = socket$inet6(0xa, 0x1, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0x3, &(0x7f0000002000), &(0x7f0000003ff6)='syzkaller\x00', 0x3, 0xc3, &(0x7f0000386000)=""/195}, 0x48) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f0000000100)=r1, 0xfffffffffffffd87) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000011fd4)={0x3, 0x4, 0x4, 0x1, 0x0, 0x1}, 0x10d) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000200)={r2, &(0x7f0000000040), &(0x7f0000000100)}, 0x20) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000140)={r2, &(0x7f0000000080), &(0x7f0000000240)=""/226}, 0x18) setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f00000005c0)=0x1, 0x4) connect$inet6(r0, &(0x7f0000000240)={0xa, 0x0, 0x0, @local}, 0x1c) 20:43:31 executing program 7: 20:43:31 executing program 2: [ 213.011180] binder: 11415:11424 unknown command 0 20:43:31 executing program 3: write(0xffffffffffffffff, &(0x7f00000000c0)="d5067a26e495f04b78", 0x9) r0 = syz_open_dev$binder(&(0x7f0000872936)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x10, 0x0, &(0x7f0000005fd4)=[@acquire, @acquire={0x400c630e}], 0x0, 0x0, &(0x7f00000001c0)}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008fd0)={0x0, 0x0, &(0x7f00000000c0), 0x0, 0x0, &(0x7f0000000f4d)}) [ 213.048072] binder: 11415:11424 ioctl c0306201 2000dfd0 returned -22 20:43:31 executing program 7: 20:43:31 executing program 2: 20:43:31 executing program 0: r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCSIFADDR(r0, 0x8916, &(0x7f00000000c0)={'bond_slave_0\x00'}) ioctl$sock_inet_SIOCSIFADDR(r0, 0x8916, &(0x7f0000000000)={"626f6e645f736c6176655fc00200", {0x2, 0x0, @local}}) [ 213.112917] binder: 11415:11440 unknown command 0 20:43:31 executing program 6: r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f00000005c0)=0x1, 0x4) connect$inet6(r0, &(0x7f0000000240)={0xa, 0x4e23, 0x0, @local, 0x100}, 0x18c) 20:43:31 executing program 3: write(0xffffffffffffffff, &(0x7f00000000c0)="d5067a26e495f04b78", 0x9) r0 = syz_open_dev$binder(&(0x7f0000872936)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x10, 0x0, &(0x7f0000005fd4)=[@acquire, @acquire={0x400c630e}], 0x0, 0x0, &(0x7f00000001c0)}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008fd0)={0x0, 0x0, &(0x7f00000000c0), 0x0, 0x0, &(0x7f0000000f4d)}) [ 213.142926] binder: 11415:11440 ioctl c0306201 2000dfd0 returned -22 [ 213.829745] FAULT_INJECTION: forcing a failure. [ 213.829745] name failslab, interval 1, probability 0, space 0, times 0 [ 213.841105] CPU: 0 PID: 11469 Comm: syz-executor5 Not tainted 4.18.0-rc5-next-20180720+ #12 [ 213.849621] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 213.859273] Call Trace: [ 213.861967] dump_stack+0x1c9/0x2b4 [ 213.865647] ? dump_stack_print_info.cold.2+0x52/0x52 [ 213.870862] ? __kernel_text_address+0xd/0x40 [ 213.875389] ? unwind_get_return_address+0x61/0xa0 [ 213.880335] should_fail.cold.4+0xa/0x11 [ 213.884418] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 213.889546] ? save_stack+0xa9/0xd0 [ 213.893212] ? save_stack+0x43/0xd0 [ 213.896961] ? kasan_kmalloc+0xc4/0xe0 [ 213.900863] ? kmem_cache_alloc_trace+0x152/0x780 [ 213.905740] ? __memcg_init_list_lru_node+0x185/0x2d0 [ 213.910983] ? __list_lru_init+0x4d6/0x840 [ 213.915240] ? alloc_super+0x9a6/0xb10 [ 213.919158] ? vfs_get_super+0x6e/0x270 [ 213.923140] ? proc_get_tree+0x88/0xb0 [ 213.927025] ? vfs_get_tree+0x1cb/0x5c0 [ 213.931008] ? do_mount+0x6f2/0x1e20 [ 213.934721] ? ksys_mount+0x12d/0x140 [ 213.938537] ? __x64_sys_mount+0xbe/0x150 [ 213.943557] ? do_syscall_64+0x1b9/0x820 [ 213.947627] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 213.953003] ? save_stack+0xa9/0xd0 [ 213.956629] ? lock_acquire+0x1e4/0x540 [ 213.960601] ? fs_reclaim_acquire+0x20/0x20 [ 213.964939] ? lock_downgrade+0x8f0/0x8f0 [ 213.969105] ? __x64_sys_mount+0xbe/0x150 [ 213.973254] ? check_same_owner+0x340/0x340 [ 213.977586] ? rcu_note_context_switch+0x730/0x730 [ 213.982523] __should_failslab+0x124/0x180 [ 213.986759] should_failslab+0x9/0x14 [ 213.990566] kmem_cache_alloc_trace+0x2cb/0x780 [ 213.995432] ? kasan_kmalloc+0xc4/0xe0 [ 213.999318] __memcg_init_list_lru_node+0x185/0x2d0 [ 214.004327] ? kvfree_rcu+0x20/0x20 [ 214.007947] ? __kmalloc_node+0x47/0x70 [ 214.011933] __list_lru_init+0x4d6/0x840 [ 214.015996] ? list_lru_destroy+0x500/0x500 [ 214.020317] ? prealloc_shrinker+0x213/0x480 [ 214.024866] ? __init_waitqueue_head+0x9e/0x150 [ 214.029537] ? inactive_list_is_low+0x850/0x850 [ 214.034212] ? __lockdep_init_map+0x105/0x590 [ 214.038712] alloc_super+0x9a6/0xb10 [ 214.042425] ? destroy_unused_super.part.11+0x110/0x110 [ 214.047809] ? lock_downgrade+0x8f0/0x8f0 [ 214.051957] ? kasan_check_read+0x11/0x20 [ 214.056095] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 214.060685] ? kasan_check_write+0x14/0x20 [ 214.064937] ? do_raw_spin_lock+0xc1/0x200 [ 214.069184] ? ns_test_super+0x50/0x50 [ 214.073066] sget_fc+0x269/0x950 [ 214.076429] ? compare_single+0x10/0x10 [ 214.080407] ? alloc_super+0xb10/0xb10 [ 214.084565] ? kasan_kmalloc+0xc4/0xe0 [ 214.088477] ? __kmalloc_track_caller+0x311/0x760 [ 214.093510] ? proc_root_lookup+0x60/0x60 [ 214.097655] vfs_get_super+0x6e/0x270 [ 214.101464] proc_get_tree+0x88/0xb0 [ 214.105211] vfs_get_tree+0x1cb/0x5c0 [ 214.109031] do_mount+0x6f2/0x1e20 [ 214.112570] ? do_raw_spin_unlock+0xa7/0x2f0 [ 214.116983] ? copy_mount_string+0x40/0x40 [ 214.121225] ? __do_page_fault+0x449/0xe50 [ 214.125462] ? retint_kernel+0x10/0x10 [ 214.129392] ? copy_mount_options+0x1f0/0x380 [ 214.133908] ? copy_mount_options+0x200/0x380 [ 214.138403] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 214.143935] ? copy_mount_options+0x285/0x380 [ 214.148425] ksys_mount+0x12d/0x140 [ 214.152200] __x64_sys_mount+0xbe/0x150 [ 214.156170] do_syscall_64+0x1b9/0x820 [ 214.160060] ? finish_task_switch+0x1d3/0x870 [ 214.164666] ? syscall_return_slowpath+0x5e0/0x5e0 [ 214.169593] ? syscall_return_slowpath+0x31d/0x5e0 [ 214.174544] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 214.179600] ? prepare_exit_to_usermode+0x291/0x3b0 [ 214.184620] ? perf_trace_sys_enter+0xb10/0xb10 [ 214.190833] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 214.195688] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 214.200964] RIP: 0033:0x455ab9 [ 214.204151] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 214.223500] RSP: 002b:00007f9b4e0a1c68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 20:43:33 executing program 4: preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000080)=""/148, 0x289}], 0x1, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/arp\x00') preadv(r0, &(0x7f0000000480), 0x10000000000002a1, 0x10400003) ioctl$TUNGETSNDBUF(0xffffffffffffffff, 0x800454d3, &(0x7f0000000000)) ioctl$PERF_EVENT_IOC_RESET(0xffffffffffffffff, 0x2403, 0x5) fcntl$setown(r0, 0x8, 0x0) r1 = epoll_create1(0x80006) r2 = socket(0x1d, 0x0, 0x1116) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r2, &(0x7f0000000000)={0xfffffffe8000201f}) setsockopt$inet_udp_int(r2, 0x11, 0x6f, &(0x7f0000000100)=0x7, 0x4) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r1, &(0x7f0000000540)={0x20000003}) ioctl$sock_netdev_private(r3, 0x89f0, &(0x7f0000000480)="dd6c4aae95babf1ba2cec8b824c3d8fd5e5e2a57f332e1c96456a1d00ea4ce51a18b3bfae24dc491ada880e92ffe5376d59852e5ee1b2cde661cadfb31d0a597bb36b5180ca4958e224ea71a6b099d1592d459f4f498fce378ebf9ec4774f407b189a23bfebadf74943b2858f72fd422c838df1af095ff") ioctl$BLKSECDISCARD(r3, 0x127d, &(0x7f0000000300)=0x6bb) r5 = perf_event_open(&(0x7f0000000140)={0x2, 0xb1, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) fcntl$getown(r5, 0x9) r6 = mq_open(&(0x7f00005a1ffb)='eth0\x00', 0x42, 0x0, &(0x7f0000000000)={0x0, 0x6}) mq_notify(r6, &(0x7f0000000140)={0x0, 0x2e, 0x1, @thr={&(0x7f0000000040)="7be4d6b00202ca53878499e01146863a2e7c8ca45e1910e5eba6453bb6f234b5a1b1bca731970a74bfc8e1793749ea18156c9b8a615bfa2f506fcf44060d36e38f66f111149434d5139e416358ea33f34b4507cdc299f7868d5f186e6bd604", &(0x7f00000000c0)="3c5d8da40d1477844fc4c160b6004a90edc520a6935a49cf5da4c2b525d13146ed27d429c762a4b0e9aaed82555cd1ae800d"}}) r7 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rtc0\x00', 0x101004, 0x0) preadv(r7, &(0x7f0000000440)=[{&(0x7f0000000340)=""/249, 0xf9}], 0x1, 0x0) pipe2(&(0x7f0000000580)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) ioctl$SG_GET_PACK_ID(r8, 0x227c, &(0x7f00000005c0)) ppoll(&(0x7f00000001c0)=[{r6, 0x8000}, {r7, 0x420}], 0x2, &(0x7f0000000200)={0x77359400}, &(0x7f0000000240)={0x9}, 0x8) mq_timedsend(r6, &(0x7f00000e6000), 0x0, 0xe7, &(0x7f0000e0b000)) getsockopt$inet_udp_int(r3, 0x11, 0x1, &(0x7f0000000280), &(0x7f0000000640)=0x4) write$eventfd(r4, &(0x7f00000002c0)=0x43, 0x8) setsockopt$inet_mreq(r2, 0x0, 0x23, &(0x7f0000000500)={@local, @rand_addr=0x800}, 0x8) syz_genetlink_get_family_id$team(&(0x7f0000000780)='team\x00') 20:43:33 executing program 5 (fault-call:7 fault-nth:27): mkdir(&(0x7f000082f000)='./control\x00', 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x1032, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000e4c000)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0) write$sndseq(r1, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) mount(&(0x7f0000000100)='./control\x00', &(0x7f0000000640)='./control/file0\x00', &(0x7f0000000140)='proc\x00', 0x0, &(0x7f00000001c0)) lchown(&(0x7f0000000040)='./control/file0\x00', 0x0, 0x0) close(r0) 20:43:33 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x800) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008fd0)={0x0, 0x0, &(0x7f0000003fe8), 0x0, 0x0, &(0x7f0000009000)}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f000000dfd0)={0x4800, 0x0, &(0x7f000000dfac), 0x1, 0x0, &(0x7f000000df36)="12"}) 20:43:33 executing program 7: 20:43:33 executing program 2: 20:43:33 executing program 6: r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f00000005c0)=0x8, 0x4) connect$inet6(r0, &(0x7f0000000240)={0xa, 0x0, 0x0, @local}, 0x1c) r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/pfkey\x00', 0x44000, 0x0) ioctl$KVM_X86_SET_MCE(r1, 0x4040ae9e, &(0x7f0000000040)={0x800000000000000, 0x117002, 0xffff, 0x4, 0xe}) 20:43:33 executing program 0: r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCSIFADDR(r0, 0x8916, &(0x7f00000000c0)={'bond_slave_0\x00'}) ioctl$sock_inet_SIOCSIFADDR(r0, 0x8916, &(0x7f0000000000)={'bond_slave_,\x00', {0x2, 0x0, @local}}) 20:43:33 executing program 3: [ 214.231219] RAX: ffffffffffffffda RBX: 00007f9b4e0a26d4 RCX: 0000000000455ab9 [ 214.238486] RDX: 0000000020000140 RSI: 0000000020000640 RDI: 0000000020000100 [ 214.245752] RBP: 000000000072bf50 R08: 00000000200001c0 R09: 0000000000000000 [ 214.253021] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000015 [ 214.260284] R13: 00000000004c01fb R14: 00000000004cfe38 R15: 000000000000001a 20:43:33 executing program 2: [ 214.334398] binder: 11479:11481 unknown command 0 20:43:33 executing program 3: 20:43:33 executing program 7: 20:43:33 executing program 6: r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f00000005c0)=0x1, 0x4) connect$inet6(r0, &(0x7f0000000240)={0xa, 0x0, 0x0, @local}, 0x1c) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000)='/dev/hwrng\x00', 0x400801, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x40082406, &(0x7f0000000040)='Bcpuset]vmnet0\x00') [ 214.363666] binder: 11479:11481 ioctl c0306201 2000dfd0 returned -22 20:43:33 executing program 7: [ 214.406160] binder: 11479:11497 unknown command 0 20:43:33 executing program 2: 20:43:33 executing program 3: 20:43:33 executing program 0: r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCSIFADDR(r0, 0x8916, &(0x7f00000000c0)={'bond_slave_0\x00'}) ioctl$sock_inet_SIOCSIFADDR(r0, 0x8916, &(0x7f0000000000)={'bond_slave_0\x00@\x00', {0x2, 0x0, @local}}) [ 214.440408] binder: 11479:11497 ioctl c0306201 2000dfd0 returned -22 [ 215.149584] FAULT_INJECTION: forcing a failure. [ 215.149584] name failslab, interval 1, probability 0, space 0, times 0 [ 215.160942] CPU: 0 PID: 11521 Comm: syz-executor5 Not tainted 4.18.0-rc5-next-20180720+ #12 [ 215.169813] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 215.179177] Call Trace: [ 215.181796] dump_stack+0x1c9/0x2b4 [ 215.185451] ? dump_stack_print_info.cold.2+0x52/0x52 [ 215.190653] ? __kernel_text_address+0xd/0x40 [ 215.195166] ? unwind_get_return_address+0x61/0xa0 [ 215.200170] should_fail.cold.4+0xa/0x11 [ 215.206915] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 215.212050] ? save_stack+0xa9/0xd0 [ 215.215725] ? save_stack+0x43/0xd0 [ 215.219393] ? kasan_kmalloc+0xc4/0xe0 [ 215.223314] ? kmem_cache_alloc_trace+0x152/0x780 [ 215.228164] ? __memcg_init_list_lru_node+0x185/0x2d0 [ 215.233384] ? __list_lru_init+0x4d6/0x840 [ 215.237744] ? alloc_super+0x9a6/0xb10 [ 215.241659] ? vfs_get_super+0x6e/0x270 [ 215.245756] ? proc_get_tree+0x88/0xb0 [ 215.249653] ? vfs_get_tree+0x1cb/0x5c0 [ 215.253643] ? do_mount+0x6f2/0x1e20 [ 215.257434] ? ksys_mount+0x12d/0x140 [ 215.261509] ? __x64_sys_mount+0xbe/0x150 [ 215.265690] ? do_syscall_64+0x1b9/0x820 [ 215.269765] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 215.275240] ? save_stack+0xa9/0xd0 [ 215.278889] ? lock_acquire+0x1e4/0x540 [ 215.282864] ? fs_reclaim_acquire+0x20/0x20 [ 215.287185] ? lock_downgrade+0x8f0/0x8f0 [ 215.291339] ? __x64_sys_mount+0xbe/0x150 [ 215.295499] ? check_same_owner+0x340/0x340 [ 215.299819] ? rcu_note_context_switch+0x730/0x730 [ 215.304767] __should_failslab+0x124/0x180 [ 215.308998] should_failslab+0x9/0x14 [ 215.312808] kmem_cache_alloc_trace+0x2cb/0x780 [ 215.317493] ? kasan_kmalloc+0xc4/0xe0 [ 215.321382] __memcg_init_list_lru_node+0x185/0x2d0 [ 215.326404] ? kvfree_rcu+0x20/0x20 [ 215.330027] ? __kmalloc_node+0x47/0x70 [ 215.333997] __list_lru_init+0x4d6/0x840 [ 215.338060] ? list_lru_destroy+0x500/0x500 [ 215.342394] ? prealloc_shrinker+0x213/0x480 [ 215.346896] ? __init_waitqueue_head+0x9e/0x150 [ 215.351693] ? inactive_list_is_low+0x850/0x850 [ 215.356460] ? __lockdep_init_map+0x105/0x590 [ 215.360970] alloc_super+0x9a6/0xb10 [ 215.364689] ? destroy_unused_super.part.11+0x110/0x110 [ 215.370046] ? lock_downgrade+0x8f0/0x8f0 [ 215.374279] ? kasan_check_read+0x11/0x20 [ 215.378418] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 215.383019] ? kasan_check_write+0x14/0x20 [ 215.387249] ? do_raw_spin_lock+0xc1/0x200 [ 215.391487] ? ns_test_super+0x50/0x50 [ 215.395378] sget_fc+0x269/0x950 [ 215.398737] ? compare_single+0x10/0x10 [ 215.402715] ? alloc_super+0xb10/0xb10 [ 215.406716] ? kasan_kmalloc+0xc4/0xe0 [ 215.410603] ? __kmalloc_track_caller+0x311/0x760 [ 215.415442] ? proc_root_lookup+0x60/0x60 [ 215.419608] vfs_get_super+0x6e/0x270 [ 215.423416] proc_get_tree+0x88/0xb0 [ 215.427134] vfs_get_tree+0x1cb/0x5c0 [ 215.430934] do_mount+0x6f2/0x1e20 [ 215.434482] ? check_same_owner+0x340/0x340 [ 215.438796] ? lock_release+0xa30/0xa30 [ 215.442765] ? copy_mount_string+0x40/0x40 [ 215.447019] ? __do_page_fault+0x449/0xe50 [ 215.451275] ? retint_kernel+0x10/0x10 [ 215.455455] ? copy_mount_options+0x1f0/0x380 [ 215.460042] ? copy_mount_options+0x200/0x380 [ 215.464555] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 215.470090] ? copy_mount_options+0x285/0x380 [ 215.474576] ksys_mount+0x12d/0x140 [ 215.478212] __x64_sys_mount+0xbe/0x150 [ 215.482181] do_syscall_64+0x1b9/0x820 [ 215.486323] ? finish_task_switch+0x1d3/0x870 [ 215.490837] ? syscall_return_slowpath+0x5e0/0x5e0 [ 215.495773] ? syscall_return_slowpath+0x31d/0x5e0 [ 215.500699] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 215.505714] ? prepare_exit_to_usermode+0x291/0x3b0 [ 215.510727] ? perf_trace_sys_enter+0xb10/0xb10 [ 215.515392] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 215.520229] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 215.525423] RIP: 0033:0x455ab9 [ 215.528601] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 20:43:34 executing program 4: preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000080)=""/148, 0x289}], 0x1, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/arp\x00') preadv(r0, &(0x7f0000000480), 0x10000000000002a1, 0x10400003) ioctl$TUNGETSNDBUF(0xffffffffffffffff, 0x800454d3, &(0x7f0000000000)) ioctl$PERF_EVENT_IOC_RESET(0xffffffffffffffff, 0x2403, 0x5) fcntl$setown(r0, 0x8, 0x0) r1 = epoll_create1(0x80006) r2 = socket(0x1d, 0x0, 0x1116) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r2, &(0x7f0000000000)={0xfffffffe8000201f}) setsockopt$inet_udp_int(r2, 0x11, 0x6f, &(0x7f0000000100)=0x7, 0x4) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r1, &(0x7f0000000540)={0x20000003}) ioctl$sock_netdev_private(r3, 0x89f0, &(0x7f0000000480)="dd6c4aae95babf1ba2cec8b824c3d8fd5e5e2a57f332e1c96456a1d00ea4ce51a18b3bfae24dc491ada880e92ffe5376d59852e5ee1b2cde661cadfb31d0a597bb36b5180ca4958e224ea71a6b099d1592d459f4f498fce378ebf9ec4774f407b189a23bfebadf74943b2858f72fd422c838df1af095ff") ioctl$BLKSECDISCARD(r3, 0x127d, &(0x7f0000000300)=0x6bb) r5 = perf_event_open(&(0x7f0000000140)={0x2, 0xb1, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) fcntl$getown(r5, 0x9) r6 = mq_open(&(0x7f00005a1ffb)='eth0\x00', 0x42, 0x0, &(0x7f0000000000)={0x0, 0x6, 0x4}) mq_notify(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x2e, 0x1, @thr={&(0x7f0000000040)="7be4d6b00202ca53878499e01146863a2e7c8ca45e1910e5eba6453bb6f234b5a1b1bca731970a74bfc8e1793749ea18156c9b8a615bfa2f506fcf44060d36e38f66f111149434d5139e416358ea33f34b4507cdc299f7868d5f186e6bd604", &(0x7f00000000c0)="3c5d8da40d1477844fc4c160b6004a90edc520a6935a49cf5da4c2b525d13146ed27d429c762a4b0e9aaed82555cd1ae800d"}}) r7 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rtc0\x00', 0x101004, 0x0) preadv(r7, &(0x7f0000000440)=[{&(0x7f0000000340)=""/249, 0xf9}], 0x1, 0x0) pipe2(&(0x7f0000000580)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) ioctl$SG_GET_PACK_ID(r8, 0x227c, &(0x7f00000005c0)) ppoll(&(0x7f00000001c0)=[{r6, 0x8000}, {r7, 0x420}], 0x2, &(0x7f0000000200)={0x77359400}, &(0x7f0000000240)={0x9}, 0x8) mq_timedsend(r6, &(0x7f00000e6000), 0x0, 0xe7, &(0x7f0000e0b000)) getsockopt$inet_udp_int(r3, 0x11, 0x1, &(0x7f0000000280), &(0x7f0000000640)=0x4) write$eventfd(r4, &(0x7f00000002c0)=0x43, 0x8) setsockopt$inet_mreq(r2, 0x0, 0x23, &(0x7f0000000500)={@local, @rand_addr=0x800}, 0x8) syz_genetlink_get_family_id$team(&(0x7f0000000780)='team\x00') [ 215.548040] RSP: 002b:00007f9b4e0a1c68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 215.555757] RAX: ffffffffffffffda RBX: 00007f9b4e0a26d4 RCX: 0000000000455ab9 [ 215.563032] RDX: 0000000020000140 RSI: 0000000020000640 RDI: 0000000020000100 [ 215.570293] RBP: 000000000072bf50 R08: 00000000200001c0 R09: 0000000000000000 [ 215.577573] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000015 [ 215.584929] R13: 00000000004c01fb R14: 00000000004cfe38 R15: 000000000000001b 20:43:34 executing program 5 (fault-call:7 fault-nth:28): mkdir(&(0x7f000082f000)='./control\x00', 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x1032, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000e4c000)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0) write$sndseq(r1, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) mount(&(0x7f0000000100)='./control\x00', &(0x7f0000000640)='./control/file0\x00', &(0x7f0000000140)='proc\x00', 0x0, &(0x7f00000001c0)) lchown(&(0x7f0000000040)='./control/file0\x00', 0x0, 0x0) close(r0) 20:43:34 executing program 6: 20:43:34 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x800) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008fd0)={0x0, 0x0, &(0x7f0000003fe8), 0x0, 0x0, &(0x7f0000009000)}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f000000dfd0)={0x5, 0x0, &(0x7f000000dfac), 0x1, 0x0, &(0x7f000000df36)="12"}) 20:43:34 executing program 7: 20:43:34 executing program 2: 20:43:34 executing program 3: 20:43:34 executing program 0: r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCSIFADDR(r0, 0x8916, &(0x7f00000000c0)={'bond_slave_0\x00'}) ioctl$sock_inet_SIOCSIFADDR(r0, 0x8916, &(0x7f0000000000)={"626f6e645f736c6176655f30fdfdffff", {0x2, 0x0, @local}}) 20:43:34 executing program 3: 20:43:34 executing program 2: 20:43:34 executing program 6: [ 215.655287] binder: 11528:11533 unknown command 0 20:43:34 executing program 7: 20:43:34 executing program 2: 20:43:34 executing program 3: [ 215.690868] binder: 11528:11533 ioctl c0306201 2000dfd0 returned -22 20:43:34 executing program 6: 20:43:34 executing program 7: [ 215.749554] binder: 11528:11545 unknown command 0 [ 215.761861] binder: 11528:11545 ioctl c0306201 2000dfd0 returned -22 [ 216.471462] FAULT_INJECTION: forcing a failure. [ 216.471462] name failslab, interval 1, probability 0, space 0, times 0 [ 216.482899] CPU: 1 PID: 11566 Comm: syz-executor5 Not tainted 4.18.0-rc5-next-20180720+ #12 [ 216.491414] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 216.500778] Call Trace: [ 216.503375] dump_stack+0x1c9/0x2b4 [ 216.507009] ? dump_stack_print_info.cold.2+0x52/0x52 [ 216.512205] ? __kernel_text_address+0xd/0x40 [ 216.516720] ? unwind_get_return_address+0x61/0xa0 [ 216.521645] should_fail.cold.4+0xa/0x11 [ 216.525716] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 216.530815] ? save_stack+0xa9/0xd0 [ 216.534447] ? save_stack+0x43/0xd0 [ 216.538117] ? kasan_kmalloc+0xc4/0xe0 [ 216.542011] ? kmem_cache_alloc_trace+0x152/0x780 [ 216.546942] ? __memcg_init_list_lru_node+0x185/0x2d0 [ 216.552132] ? __list_lru_init+0x4d6/0x840 [ 216.556374] ? alloc_super+0x9a6/0xb10 [ 216.560294] ? vfs_get_super+0x6e/0x270 [ 216.564263] ? proc_get_tree+0x88/0xb0 [ 216.568144] ? vfs_get_tree+0x1cb/0x5c0 [ 216.572310] ? do_mount+0x6f2/0x1e20 [ 216.576031] ? ksys_mount+0x12d/0x140 [ 216.579829] ? __x64_sys_mount+0xbe/0x150 [ 216.583991] ? do_syscall_64+0x1b9/0x820 [ 216.588047] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 216.593429] ? save_stack+0xa9/0xd0 [ 216.597052] ? lock_acquire+0x1e4/0x540 [ 216.601048] ? fs_reclaim_acquire+0x20/0x20 [ 216.605386] ? lock_downgrade+0x8f0/0x8f0 [ 216.609532] ? __x64_sys_mount+0xbe/0x150 [ 216.613794] ? check_same_owner+0x340/0x340 [ 216.618673] ? rcu_note_context_switch+0x730/0x730 [ 216.623627] __should_failslab+0x124/0x180 [ 216.627866] should_failslab+0x9/0x14 [ 216.631663] kmem_cache_alloc_trace+0x2cb/0x780 [ 216.636344] ? kasan_kmalloc+0xc4/0xe0 [ 216.640251] __memcg_init_list_lru_node+0x185/0x2d0 [ 216.645271] ? kvfree_rcu+0x20/0x20 [ 216.648893] ? __kmalloc_node+0x47/0x70 [ 216.652887] __list_lru_init+0x4d6/0x840 [ 216.657121] ? list_lru_destroy+0x500/0x500 [ 216.661461] ? prealloc_shrinker+0x213/0x480 [ 216.665880] ? __init_waitqueue_head+0x9e/0x150 [ 216.670552] ? inactive_list_is_low+0x850/0x850 [ 216.675215] ? __lockdep_init_map+0x105/0x590 [ 216.679701] alloc_super+0x9a6/0xb10 [ 216.683428] ? destroy_unused_super.part.11+0x110/0x110 [ 216.688786] ? lock_downgrade+0x8f0/0x8f0 [ 216.692928] ? kasan_check_read+0x11/0x20 [ 216.697081] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 216.701674] ? kasan_check_write+0x14/0x20 [ 216.705903] ? do_raw_spin_lock+0xc1/0x200 [ 216.710146] ? ns_test_super+0x50/0x50 [ 216.714028] sget_fc+0x269/0x950 [ 216.717447] ? compare_single+0x10/0x10 [ 216.721456] ? alloc_super+0xb10/0xb10 [ 216.725332] ? kasan_kmalloc+0xc4/0xe0 [ 216.729224] ? __kmalloc_track_caller+0x311/0x760 [ 216.734069] ? proc_root_lookup+0x60/0x60 [ 216.738217] vfs_get_super+0x6e/0x270 [ 216.742102] proc_get_tree+0x88/0xb0 [ 216.745808] vfs_get_tree+0x1cb/0x5c0 [ 216.749604] do_mount+0x6f2/0x1e20 [ 216.753144] ? check_same_owner+0x340/0x340 [ 216.757458] ? lock_release+0xa30/0xa30 [ 216.761443] ? copy_mount_string+0x40/0x40 [ 216.765753] ? __do_page_fault+0x449/0xe50 [ 216.769977] ? retint_kernel+0x10/0x10 [ 216.773958] ? copy_mount_options+0x1f0/0x380 [ 216.778543] ? copy_mount_options+0x200/0x380 [ 216.783217] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 216.788746] ? copy_mount_options+0x285/0x380 [ 216.793494] ksys_mount+0x12d/0x140 [ 216.797129] __x64_sys_mount+0xbe/0x150 [ 216.801095] do_syscall_64+0x1b9/0x820 [ 216.804994] ? syscall_return_slowpath+0x5e0/0x5e0 [ 216.809926] ? syscall_return_slowpath+0x31d/0x5e0 [ 216.814850] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 216.820161] ? prepare_exit_to_usermode+0x291/0x3b0 [ 216.825189] ? perf_trace_sys_enter+0xb10/0xb10 [ 216.829852] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 216.834708] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 216.839888] RIP: 0033:0x455ab9 [ 216.843073] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 216.862413] RSP: 002b:00007f9b4e0a1c68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 20:43:35 executing program 4: preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000080)=""/148, 0x289}], 0x1, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/arp\x00') preadv(r0, &(0x7f0000000480), 0x10000000000002a1, 0x10400003) ioctl$TUNGETSNDBUF(0xffffffffffffffff, 0x800454d3, &(0x7f0000000000)) ioctl$PERF_EVENT_IOC_RESET(0xffffffffffffffff, 0x2403, 0x5) fcntl$setown(r0, 0x8, 0x0) r1 = epoll_create1(0x80006) r2 = socket(0x1d, 0x0, 0x1116) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r2, &(0x7f0000000000)={0xfffffffe8000201f}) setsockopt$inet_udp_int(r2, 0x11, 0x6f, &(0x7f0000000100)=0x7, 0x4) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r1, &(0x7f0000000540)={0x20000003}) ioctl$sock_netdev_private(r3, 0x89f0, &(0x7f0000000480)="dd6c4aae95babf1ba2cec8b824c3d8fd5e5e2a57f332e1c96456a1d00ea4ce51a18b3bfae24dc491ada880e92ffe5376d59852e5ee1b2cde661cadfb31d0a597bb36b5180ca4958e224ea71a6b099d1592d459f4f498fce378ebf9ec4774f407b189a23bfebadf74943b2858f72fd422c838df1af095ff") ioctl$BLKSECDISCARD(r3, 0x127d, &(0x7f0000000300)=0x6bb) r5 = perf_event_open(&(0x7f0000000140)={0x2, 0xb1, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) fcntl$getown(r5, 0x9) r6 = mq_open(&(0x7f00005a1ffb)='eth0\x00', 0x42, 0x0, &(0x7f0000000000)={0x0, 0x6, 0x4}) mq_notify(r6, &(0x7f0000000140)={0x0, 0x0, 0x1, @thr={&(0x7f0000000040)="7be4d6b00202ca53878499e01146863a2e7c8ca45e1910e5eba6453bb6f234b5a1b1bca731970a74bfc8e1793749ea18156c9b8a615bfa2f506fcf44060d36e38f66f111149434d5139e416358ea33f34b4507cdc299f7868d5f186e6bd604", &(0x7f00000000c0)="3c5d8da40d1477844fc4c160b6004a90edc520a6935a49cf5da4c2b525d13146ed27d429c762a4b0e9aaed82555cd1ae800d"}}) r7 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rtc0\x00', 0x101004, 0x0) preadv(r7, &(0x7f0000000440)=[{&(0x7f0000000340)=""/249, 0xf9}], 0x1, 0x0) pipe2(&(0x7f0000000580)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) ioctl$SG_GET_PACK_ID(r8, 0x227c, &(0x7f00000005c0)) ppoll(&(0x7f00000001c0)=[{r6, 0x8000}, {r7, 0x420}], 0x2, &(0x7f0000000200)={0x77359400}, &(0x7f0000000240)={0x9}, 0x8) mq_timedsend(r6, &(0x7f00000e6000), 0x0, 0xe7, &(0x7f0000e0b000)) getsockopt$inet_udp_int(r3, 0x11, 0x1, &(0x7f0000000280), &(0x7f0000000640)=0x4) write$eventfd(r4, &(0x7f00000002c0)=0x43, 0x8) setsockopt$inet_mreq(r2, 0x0, 0x23, &(0x7f0000000500)={@local, @rand_addr=0x800}, 0x8) syz_genetlink_get_family_id$team(&(0x7f0000000780)='team\x00') 20:43:35 executing program 5 (fault-call:7 fault-nth:29): mkdir(&(0x7f000082f000)='./control\x00', 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x1032, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000e4c000)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0) write$sndseq(r1, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) mount(&(0x7f0000000100)='./control\x00', &(0x7f0000000640)='./control/file0\x00', &(0x7f0000000140)='proc\x00', 0x0, &(0x7f00000001c0)) lchown(&(0x7f0000000040)='./control/file0\x00', 0x0, 0x0) close(r0) 20:43:35 executing program 2: 20:43:35 executing program 3: 20:43:35 executing program 7: 20:43:35 executing program 6: 20:43:35 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x800) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008fd0)={0x0, 0x0, &(0x7f0000003fe8), 0x0, 0x0, &(0x7f0000009000)}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f000000dfd0)={0x7a00000000000000, 0x0, &(0x7f000000dfac), 0x1, 0x0, &(0x7f000000df36)="12"}) 20:43:35 executing program 0: r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCSIFADDR(r0, 0x8916, &(0x7f00000000c0)={'bond_slave_0\x00'}) ioctl$sock_inet_SIOCSIFADDR(r0, 0x8916, &(0x7f0000000000)={'bond_slave_0\x00', {0x2, 0x0, @local}}) [ 216.870299] RAX: ffffffffffffffda RBX: 00007f9b4e0a26d4 RCX: 0000000000455ab9 [ 216.877724] RDX: 0000000020000140 RSI: 0000000020000640 RDI: 0000000020000100 [ 216.888970] RBP: 000000000072bf50 R08: 00000000200001c0 R09: 0000000000000000 [ 216.896250] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000015 [ 216.903518] R13: 00000000004c01fb R14: 00000000004cfe38 R15: 000000000000001c 20:43:35 executing program 7: 20:43:35 executing program 6: 20:43:35 executing program 3: 20:43:35 executing program 2: [ 216.975277] binder: 11571:11576 unknown command 0 [ 217.005217] binder: 11571:11576 ioctl c0306201 2000dfd0 returned -22 20:43:35 executing program 2: 20:43:35 executing program 7: 20:43:35 executing program 3: [ 217.068255] binder: 11571:11591 unknown command 0 20:43:35 executing program 6: [ 217.092000] binder: 11571:11591 ioctl c0306201 2000dfd0 returned -22 [ 217.801450] FAULT_INJECTION: forcing a failure. [ 217.801450] name failslab, interval 1, probability 0, space 0, times 0 [ 217.812778] CPU: 1 PID: 11608 Comm: syz-executor5 Not tainted 4.18.0-rc5-next-20180720+ #12 [ 217.821279] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 217.830897] Call Trace: [ 217.833508] dump_stack+0x1c9/0x2b4 [ 217.838179] ? dump_stack_print_info.cold.2+0x52/0x52 [ 217.843456] ? __kernel_text_address+0xd/0x40 [ 217.848061] ? unwind_get_return_address+0x61/0xa0 [ 217.853009] should_fail.cold.4+0xa/0x11 [ 217.857876] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 217.862984] ? save_stack+0xa9/0xd0 [ 217.866611] ? save_stack+0x43/0xd0 [ 217.870244] ? kasan_kmalloc+0xc4/0xe0 [ 217.874131] ? kmem_cache_alloc_trace+0x152/0x780 [ 217.878990] ? __memcg_init_list_lru_node+0x185/0x2d0 [ 217.884197] ? __list_lru_init+0x4d6/0x840 [ 217.888446] ? alloc_super+0x9a6/0xb10 [ 217.892350] ? vfs_get_super+0x6e/0x270 [ 217.896321] ? proc_get_tree+0x88/0xb0 [ 217.900201] ? vfs_get_tree+0x1cb/0x5c0 [ 217.904160] ? do_mount+0x6f2/0x1e20 [ 217.907862] ? ksys_mount+0x12d/0x140 [ 217.911657] ? __x64_sys_mount+0xbe/0x150 [ 217.915822] ? do_syscall_64+0x1b9/0x820 [ 217.920000] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 217.925376] ? save_stack+0xa9/0xd0 [ 217.929021] ? lock_acquire+0x1e4/0x540 [ 217.933004] ? fs_reclaim_acquire+0x20/0x20 [ 217.937322] ? lock_downgrade+0x8f0/0x8f0 [ 217.941464] ? __x64_sys_mount+0xbe/0x150 [ 217.945611] ? check_same_owner+0x340/0x340 [ 217.949926] ? rcu_note_context_switch+0x730/0x730 [ 217.954854] __should_failslab+0x124/0x180 [ 217.959086] should_failslab+0x9/0x14 [ 217.962904] kmem_cache_alloc_trace+0x2cb/0x780 [ 217.967578] ? kasan_kmalloc+0xc4/0xe0 [ 217.971461] __memcg_init_list_lru_node+0x185/0x2d0 [ 217.976469] ? kvfree_rcu+0x20/0x20 [ 217.980087] ? __kmalloc_node+0x47/0x70 [ 217.984058] __list_lru_init+0x4d6/0x840 [ 217.988112] ? list_lru_destroy+0x500/0x500 [ 217.992614] ? prealloc_shrinker+0x213/0x480 [ 217.997031] ? __init_waitqueue_head+0x9e/0x150 [ 218.001694] ? inactive_list_is_low+0x850/0x850 [ 218.006376] ? __lockdep_init_map+0x105/0x590 [ 218.010869] alloc_super+0x9a6/0xb10 [ 218.014588] ? destroy_unused_super.part.11+0x110/0x110 [ 218.019986] ? lock_downgrade+0x8f0/0x8f0 [ 218.025544] ? kasan_check_read+0x11/0x20 [ 218.029693] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 218.034359] ? kasan_check_write+0x14/0x20 [ 218.038593] ? do_raw_spin_lock+0xc1/0x200 [ 218.042827] ? ns_test_super+0x50/0x50 [ 218.046713] sget_fc+0x269/0x950 [ 218.050073] ? compare_single+0x10/0x10 [ 218.054037] ? alloc_super+0xb10/0xb10 [ 218.057934] ? kasan_kmalloc+0xc4/0xe0 [ 218.061927] ? __kmalloc_track_caller+0x311/0x760 [ 218.066771] ? proc_root_lookup+0x60/0x60 [ 218.071131] vfs_get_super+0x6e/0x270 [ 218.075041] proc_get_tree+0x88/0xb0 [ 218.078744] vfs_get_tree+0x1cb/0x5c0 [ 218.082544] do_mount+0x6f2/0x1e20 [ 218.086288] ? check_same_owner+0x340/0x340 [ 218.090620] ? lock_release+0xa30/0xa30 [ 218.094844] ? copy_mount_string+0x40/0x40 [ 218.099284] ? __do_page_fault+0x449/0xe50 [ 218.103533] ? retint_kernel+0x10/0x10 [ 218.107421] ? copy_mount_options+0x1f0/0x380 [ 218.111930] ? copy_mount_options+0x200/0x380 [ 218.116445] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 218.121978] ? copy_mount_options+0x285/0x380 [ 218.126486] ksys_mount+0x12d/0x140 [ 218.130124] __x64_sys_mount+0xbe/0x150 [ 218.134092] do_syscall_64+0x1b9/0x820 [ 218.137975] ? syscall_return_slowpath+0x5e0/0x5e0 [ 218.142910] ? syscall_return_slowpath+0x31d/0x5e0 [ 218.147858] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 218.152869] ? prepare_exit_to_usermode+0x291/0x3b0 [ 218.157903] ? perf_trace_sys_enter+0xb10/0xb10 [ 218.162600] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 218.167467] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 218.172654] RIP: 0033:0x455ab9 [ 218.175831] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 218.195055] RSP: 002b:00007f9b4e0a1c68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 20:43:36 executing program 4: preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000080)=""/148, 0x289}], 0x1, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/arp\x00') preadv(r0, &(0x7f0000000480), 0x10000000000002a1, 0x10400003) ioctl$TUNGETSNDBUF(0xffffffffffffffff, 0x800454d3, &(0x7f0000000000)) ioctl$PERF_EVENT_IOC_RESET(0xffffffffffffffff, 0x2403, 0x5) fcntl$setown(r0, 0x8, 0x0) r1 = epoll_create1(0x80006) r2 = socket(0x1d, 0x0, 0x1116) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r2, &(0x7f0000000000)={0xfffffffe8000201f}) setsockopt$inet_udp_int(r2, 0x11, 0x6f, &(0x7f0000000100)=0x7, 0x4) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r1, &(0x7f0000000540)={0x20000003}) ioctl$sock_netdev_private(r3, 0x89f0, &(0x7f0000000480)="dd6c4aae95babf1ba2cec8b824c3d8fd5e5e2a57f332e1c96456a1d00ea4ce51a18b3bfae24dc491ada880e92ffe5376d59852e5ee1b2cde661cadfb31d0a597bb36b5180ca4958e224ea71a6b099d1592d459f4f498fce378ebf9ec4774f407b189a23bfebadf74943b2858f72fd422c838df1af095ff") ioctl$BLKSECDISCARD(r3, 0x127d, &(0x7f0000000300)=0x6bb) r5 = perf_event_open(&(0x7f0000000140)={0x2, 0xb1, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) fcntl$getown(r5, 0x9) r6 = mq_open(&(0x7f00005a1ffb)='eth0\x00', 0x42, 0x0, &(0x7f0000000000)={0x0, 0x6, 0x4}) mq_notify(r6, &(0x7f0000000140)={0x0, 0x2e, 0x0, @thr={&(0x7f0000000040)="7be4d6b00202ca53878499e01146863a2e7c8ca45e1910e5eba6453bb6f234b5a1b1bca731970a74bfc8e1793749ea18156c9b8a615bfa2f506fcf44060d36e38f66f111149434d5139e416358ea33f34b4507cdc299f7868d5f186e6bd604", &(0x7f00000000c0)="3c5d8da40d1477844fc4c160b6004a90edc520a6935a49cf5da4c2b525d13146ed27d429c762a4b0e9aaed82555cd1ae800d"}}) r7 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rtc0\x00', 0x101004, 0x0) preadv(r7, &(0x7f0000000440)=[{&(0x7f0000000340)=""/249, 0xf9}], 0x1, 0x0) pipe2(&(0x7f0000000580)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) ioctl$SG_GET_PACK_ID(r8, 0x227c, &(0x7f00000005c0)) ppoll(&(0x7f00000001c0)=[{r6, 0x8000}, {r7, 0x420}], 0x2, &(0x7f0000000200)={0x77359400}, &(0x7f0000000240)={0x9}, 0x8) mq_timedsend(r6, &(0x7f00000e6000), 0x0, 0xe7, &(0x7f0000e0b000)) getsockopt$inet_udp_int(r3, 0x11, 0x1, &(0x7f0000000280), &(0x7f0000000640)=0x4) write$eventfd(r4, &(0x7f00000002c0)=0x43, 0x8) setsockopt$inet_mreq(r2, 0x0, 0x23, &(0x7f0000000500)={@local, @rand_addr=0x800}, 0x8) syz_genetlink_get_family_id$team(&(0x7f0000000780)='team\x00') 20:43:37 executing program 5 (fault-call:7 fault-nth:30): mkdir(&(0x7f000082f000)='./control\x00', 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x1032, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000e4c000)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0) write$sndseq(r1, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) mount(&(0x7f0000000100)='./control\x00', &(0x7f0000000640)='./control/file0\x00', &(0x7f0000000140)='proc\x00', 0x0, &(0x7f00000001c0)) lchown(&(0x7f0000000040)='./control/file0\x00', 0x0, 0x0) close(r0) [ 218.202779] RAX: ffffffffffffffda RBX: 00007f9b4e0a26d4 RCX: 0000000000455ab9 [ 218.210052] RDX: 0000000020000140 RSI: 0000000020000640 RDI: 0000000020000100 [ 218.217314] RBP: 000000000072bf50 R08: 00000000200001c0 R09: 0000000000000000 [ 218.224577] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000015 [ 218.231933] R13: 00000000004c01fb R14: 00000000004cfe38 R15: 000000000000001d 20:43:37 executing program 7: 20:43:37 executing program 2: 20:43:37 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x800) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008fd0)={0x0, 0x0, &(0x7f0000003fe8), 0x0, 0x0, &(0x7f0000009000)}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f000000dfd0)={0x48000000, 0x0, &(0x7f000000dfac), 0x1, 0x0, &(0x7f000000df36)="12"}) 20:43:37 executing program 6: 20:43:37 executing program 3: 20:43:37 executing program 0: r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCSIFADDR(r0, 0x8916, &(0x7f00000000c0)={'bond_slave_0\x00'}) ioctl$sock_inet_SIOCSIFADDR(r0, 0x8916, &(0x7f0000000000)={'bond_slave_0\x00\f\x00', {0x2, 0x0, @local}}) 20:43:37 executing program 7: 20:43:37 executing program 3: [ 218.305192] binder: 11614:11615 unknown command 0 20:43:37 executing program 6: 20:43:37 executing program 2: [ 218.327884] binder: 11614:11615 ioctl c0306201 2000dfd0 returned -22 20:43:37 executing program 7: 20:43:37 executing program 3: 20:43:37 executing program 6: 20:43:37 executing program 2: [ 218.387955] binder: 11614:11631 unknown command 0 [ 218.400947] binder: 11614:11631 ioctl c0306201 2000dfd0 returned -22 [ 219.158217] FAULT_INJECTION: forcing a failure. [ 219.158217] name failslab, interval 1, probability 0, space 0, times 0 [ 219.169568] CPU: 0 PID: 11650 Comm: syz-executor5 Not tainted 4.18.0-rc5-next-20180720+ #12 [ 219.178084] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 219.187451] Call Trace: [ 219.190079] dump_stack+0x1c9/0x2b4 [ 219.193703] ? dump_stack_print_info.cold.2+0x52/0x52 [ 219.198912] ? __kernel_text_address+0xd/0x40 [ 219.203545] ? unwind_get_return_address+0x61/0xa0 [ 219.208506] should_fail.cold.4+0xa/0x11 [ 219.212573] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 219.217706] ? save_stack+0xa9/0xd0 [ 219.221370] ? save_stack+0x43/0xd0 [ 219.224995] ? kasan_kmalloc+0xc4/0xe0 [ 219.228909] ? kmem_cache_alloc_trace+0x152/0x780 [ 219.233755] ? __memcg_init_list_lru_node+0x185/0x2d0 [ 219.238960] ? __list_lru_init+0x4d6/0x840 [ 219.243216] ? alloc_super+0x9a6/0xb10 [ 219.247111] ? vfs_get_super+0x6e/0x270 [ 219.251113] ? proc_get_tree+0x88/0xb0 [ 219.255545] ? vfs_get_tree+0x1cb/0x5c0 [ 219.259610] ? do_mount+0x6f2/0x1e20 [ 219.263322] ? ksys_mount+0x12d/0x140 [ 219.267153] ? __x64_sys_mount+0xbe/0x150 [ 219.271318] ? do_syscall_64+0x1b9/0x820 [ 219.275403] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 219.280779] ? save_stack+0xa9/0xd0 [ 219.285495] ? lock_acquire+0x1e4/0x540 [ 219.289477] ? fs_reclaim_acquire+0x20/0x20 [ 219.294250] ? lock_downgrade+0x8f0/0x8f0 [ 219.298397] ? __x64_sys_mount+0xbe/0x150 [ 219.302548] ? check_same_owner+0x340/0x340 [ 219.306890] ? rcu_note_context_switch+0x730/0x730 [ 219.311820] __should_failslab+0x124/0x180 [ 219.316058] should_failslab+0x9/0x14 [ 219.320137] kmem_cache_alloc_trace+0x2cb/0x780 [ 219.325785] ? kasan_kmalloc+0xc4/0xe0 [ 219.329980] __memcg_init_list_lru_node+0x185/0x2d0 [ 219.335084] ? kvfree_rcu+0x20/0x20 [ 219.338715] ? __kmalloc_node+0x47/0x70 [ 219.342694] __list_lru_init+0x4d6/0x840 [ 219.346758] ? list_lru_destroy+0x500/0x500 [ 219.351100] ? prealloc_shrinker+0x213/0x480 [ 219.355550] ? __init_waitqueue_head+0x9e/0x150 [ 219.360229] ? inactive_list_is_low+0x850/0x850 [ 219.364896] ? __lockdep_init_map+0x105/0x590 [ 219.369390] alloc_super+0x9a6/0xb10 [ 219.373273] ? destroy_unused_super.part.11+0x110/0x110 [ 219.378641] ? lock_downgrade+0x8f0/0x8f0 [ 219.382798] ? kasan_check_read+0x11/0x20 [ 219.386948] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 219.391540] ? kasan_check_write+0x14/0x20 [ 219.395782] ? do_raw_spin_lock+0xc1/0x200 [ 219.400619] ? ns_test_super+0x50/0x50 [ 219.404600] sget_fc+0x269/0x950 [ 219.407959] ? compare_single+0x10/0x10 [ 219.412028] ? alloc_super+0xb10/0xb10 [ 219.415913] ? kasan_kmalloc+0xc4/0xe0 [ 219.419839] ? __kmalloc_track_caller+0x311/0x760 [ 219.424695] ? proc_root_lookup+0x60/0x60 [ 219.428840] vfs_get_super+0x6e/0x270 [ 219.432638] proc_get_tree+0x88/0xb0 [ 219.436376] vfs_get_tree+0x1cb/0x5c0 [ 219.440175] do_mount+0x6f2/0x1e20 [ 219.443729] ? check_same_owner+0x340/0x340 [ 219.448067] ? lock_release+0xa30/0xa30 [ 219.452040] ? copy_mount_string+0x40/0x40 [ 219.456268] ? __do_page_fault+0x449/0xe50 [ 219.460507] ? retint_kernel+0x10/0x10 [ 219.464396] ? copy_mount_options+0x1f0/0x380 [ 219.468889] ? copy_mount_options+0x200/0x380 [ 219.473381] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 219.479195] ? copy_mount_options+0x285/0x380 [ 219.483709] ksys_mount+0x12d/0x140 [ 219.487516] __x64_sys_mount+0xbe/0x150 [ 219.491683] do_syscall_64+0x1b9/0x820 [ 219.495586] ? syscall_return_slowpath+0x5e0/0x5e0 [ 219.500509] ? syscall_return_slowpath+0x31d/0x5e0 [ 219.505445] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 219.510555] ? prepare_exit_to_usermode+0x291/0x3b0 [ 219.515567] ? perf_trace_sys_enter+0xb10/0xb10 [ 219.520236] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 219.525368] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 219.530581] RIP: 0033:0x455ab9 [ 219.533756] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 20:43:38 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x800) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008fd0)={0x0, 0x0, &(0x7f0000003fe8), 0x0, 0x0, &(0x7f0000009000)}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f000000dfd0)={0x7a000000, 0x0, &(0x7f000000dfac), 0x1, 0x0, &(0x7f000000df36)="12"}) [ 219.553145] RSP: 002b:00007f9b4e0a1c68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 219.560849] RAX: ffffffffffffffda RBX: 00007f9b4e0a26d4 RCX: 0000000000455ab9 [ 219.568338] RDX: 0000000020000140 RSI: 0000000020000640 RDI: 0000000020000100 [ 219.575788] RBP: 000000000072bf50 R08: 00000000200001c0 R09: 0000000000000000 [ 219.583066] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000015 [ 219.590330] R13: 00000000004c01fb R14: 00000000004cfe38 R15: 000000000000001e 20:43:38 executing program 5 (fault-call:7 fault-nth:31): mkdir(&(0x7f000082f000)='./control\x00', 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x1032, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000e4c000)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0) write$sndseq(r1, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) mount(&(0x7f0000000100)='./control\x00', &(0x7f0000000640)='./control/file0\x00', &(0x7f0000000140)='proc\x00', 0x0, &(0x7f00000001c0)) lchown(&(0x7f0000000040)='./control/file0\x00', 0x0, 0x0) close(r0) 20:43:38 executing program 7: 20:43:38 executing program 3: 20:43:38 executing program 6: 20:43:38 executing program 2: 20:43:38 executing program 4: preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000080)=""/148, 0x289}], 0x1, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/arp\x00') preadv(r0, &(0x7f0000000480), 0x10000000000002a1, 0x10400003) ioctl$TUNGETSNDBUF(0xffffffffffffffff, 0x800454d3, &(0x7f0000000000)) ioctl$PERF_EVENT_IOC_RESET(0xffffffffffffffff, 0x2403, 0x5) fcntl$setown(r0, 0x8, 0x0) r1 = epoll_create1(0x80006) r2 = socket(0x1d, 0x0, 0x1116) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r2, &(0x7f0000000000)={0xfffffffe8000201f}) setsockopt$inet_udp_int(r2, 0x11, 0x6f, &(0x7f0000000100)=0x7, 0x4) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r1, &(0x7f0000000540)={0x20000003}) ioctl$sock_netdev_private(r3, 0x89f0, &(0x7f0000000480)="dd6c4aae95babf1ba2cec8b824c3d8fd5e5e2a57f332e1c96456a1d00ea4ce51a18b3bfae24dc491ada880e92ffe5376d59852e5ee1b2cde661cadfb31d0a597bb36b5180ca4958e224ea71a6b099d1592d459f4f498fce378ebf9ec4774f407b189a23bfebadf74943b2858f72fd422c838df1af095ff") ioctl$BLKSECDISCARD(r3, 0x127d, &(0x7f0000000300)=0x6bb) r5 = perf_event_open(&(0x7f0000000140)={0x2, 0xb1, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) fcntl$getown(r5, 0x9) r6 = mq_open(&(0x7f00005a1ffb)='eth0\x00', 0x42, 0x0, &(0x7f0000000000)={0x0, 0x6, 0x4}) mq_notify(r6, &(0x7f0000000140)={0x0, 0x2e, 0x1, @thr={&(0x7f0000000040), &(0x7f00000000c0)="3c5d8da40d1477844fc4c160b6004a90edc520a6935a49cf5da4c2b525d13146ed27d429c762a4b0e9aaed82555cd1ae800d"}}) r7 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rtc0\x00', 0x101004, 0x0) preadv(r7, &(0x7f0000000440)=[{&(0x7f0000000340)=""/249, 0xf9}], 0x1, 0x0) pipe2(&(0x7f0000000580)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) ioctl$SG_GET_PACK_ID(r8, 0x227c, &(0x7f00000005c0)) ppoll(&(0x7f00000001c0)=[{r6, 0x8000}, {r7, 0x420}], 0x2, &(0x7f0000000200)={0x77359400}, &(0x7f0000000240)={0x9}, 0x8) mq_timedsend(r6, &(0x7f00000e6000), 0x0, 0xe7, &(0x7f0000e0b000)) getsockopt$inet_udp_int(r3, 0x11, 0x1, &(0x7f0000000280), &(0x7f0000000640)=0x4) write$eventfd(r4, &(0x7f00000002c0)=0x43, 0x8) setsockopt$inet_mreq(r2, 0x0, 0x23, &(0x7f0000000500)={@local, @rand_addr=0x800}, 0x8) syz_genetlink_get_family_id$team(&(0x7f0000000780)='team\x00') 20:43:38 executing program 0: r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCSIFADDR(r0, 0x8916, &(0x7f00000000c0)={'bond_slave_0\x00'}) ioctl$sock_inet_SIOCSIFADDR(r0, 0x8916, &(0x7f0000000000)={"626f6e645f736c6176655f3000fd00", {0x2, 0x0, @local}}) [ 219.619333] binder: 11652:11653 unknown command 0 [ 219.624776] binder: 11652:11653 ioctl c0306201 2000dfd0 returned -22 [ 219.632548] binder: 11652:11655 unknown command 0 [ 219.637592] binder: 11652:11655 ioctl c0306201 2000dfd0 returned -22 20:43:38 executing program 2: 20:43:38 executing program 3: 20:43:38 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x800) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008fd0)={0x0, 0x0, &(0x7f0000003fe8), 0x0, 0x0, &(0x7f0000009000)}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f000000dfd0)={0x6c00, 0x0, &(0x7f000000dfac), 0x1, 0x0, &(0x7f000000df36)="12"}) 20:43:38 executing program 6: 20:43:38 executing program 7: 20:43:38 executing program 3: [ 219.756358] binder: 11674:11676 unknown command 0 20:43:38 executing program 6: 20:43:38 executing program 2: 20:43:38 executing program 7: [ 219.782524] binder: 11674:11676 ioctl c0306201 2000dfd0 returned -22 [ 219.799157] binder: 11674:11680 unknown command 0 [ 219.812117] binder: 11674:11680 ioctl c0306201 2000dfd0 returned -22 [ 220.504089] FAULT_INJECTION: forcing a failure. [ 220.504089] name failslab, interval 1, probability 0, space 0, times 0 [ 220.515403] CPU: 1 PID: 11696 Comm: syz-executor5 Not tainted 4.18.0-rc5-next-20180720+ #12 [ 220.523900] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 220.533254] Call Trace: [ 220.535857] dump_stack+0x1c9/0x2b4 [ 220.539493] ? dump_stack_print_info.cold.2+0x52/0x52 [ 220.544699] ? __kernel_text_address+0xd/0x40 [ 220.549212] ? unwind_get_return_address+0x61/0xa0 [ 220.554153] should_fail.cold.4+0xa/0x11 [ 220.558226] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 220.563333] ? save_stack+0xa9/0xd0 [ 220.566967] ? save_stack+0x43/0xd0 [ 220.570601] ? kasan_kmalloc+0xc4/0xe0 [ 220.574513] ? kmem_cache_alloc_trace+0x152/0x780 [ 220.579378] ? __memcg_init_list_lru_node+0x185/0x2d0 [ 220.584579] ? __list_lru_init+0x4d6/0x840 [ 220.588857] ? alloc_super+0x9a6/0xb10 [ 220.592787] ? vfs_get_super+0x6e/0x270 [ 220.596805] ? proc_get_tree+0x88/0xb0 [ 220.600709] ? vfs_get_tree+0x1cb/0x5c0 [ 220.604756] ? do_mount+0x6f2/0x1e20 [ 220.608479] ? ksys_mount+0x12d/0x140 [ 220.612296] ? __x64_sys_mount+0xbe/0x150 [ 220.616475] ? do_syscall_64+0x1b9/0x820 [ 220.620583] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 220.625956] ? save_stack+0xa9/0xd0 [ 220.629580] ? lock_acquire+0x1e4/0x540 [ 220.633551] ? fs_reclaim_acquire+0x20/0x20 [ 220.637869] ? lock_downgrade+0x8f0/0x8f0 [ 220.642025] ? __x64_sys_mount+0xbe/0x150 [ 220.646172] ? check_same_owner+0x340/0x340 [ 220.650491] ? rcu_note_context_switch+0x730/0x730 [ 220.655422] __should_failslab+0x124/0x180 [ 220.659661] should_failslab+0x9/0x14 [ 220.663471] kmem_cache_alloc_trace+0x2cb/0x780 [ 220.668129] ? kasan_kmalloc+0xc4/0xe0 [ 220.672187] __memcg_init_list_lru_node+0x185/0x2d0 [ 220.677195] ? kvfree_rcu+0x20/0x20 [ 220.680833] ? __kmalloc_node+0x47/0x70 [ 220.684802] __list_lru_init+0x4d6/0x840 [ 220.688863] ? list_lru_destroy+0x500/0x500 [ 220.693199] ? prealloc_shrinker+0x213/0x480 [ 220.697595] ? __init_waitqueue_head+0x9e/0x150 [ 220.702262] ? inactive_list_is_low+0x850/0x850 [ 220.706921] ? __lockdep_init_map+0x105/0x590 [ 220.711410] alloc_super+0x9a6/0xb10 [ 220.715123] ? destroy_unused_super.part.11+0x110/0x110 [ 220.720489] ? lock_downgrade+0x8f0/0x8f0 [ 220.724659] ? kasan_check_read+0x11/0x20 [ 220.728798] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 220.733374] ? kasan_check_write+0x14/0x20 [ 220.737598] ? do_raw_spin_lock+0xc1/0x200 [ 220.741825] ? ns_test_super+0x50/0x50 [ 220.745720] sget_fc+0x269/0x950 [ 220.749098] ? compare_single+0x10/0x10 [ 220.753077] ? alloc_super+0xb10/0xb10 [ 220.756963] ? kasan_kmalloc+0xc4/0xe0 [ 220.760847] ? __kmalloc_track_caller+0x311/0x760 [ 220.765693] ? proc_root_lookup+0x60/0x60 [ 220.769858] vfs_get_super+0x6e/0x270 [ 220.773654] proc_get_tree+0x88/0xb0 [ 220.777369] vfs_get_tree+0x1cb/0x5c0 [ 220.781173] do_mount+0x6f2/0x1e20 [ 220.784727] ? check_same_owner+0x340/0x340 [ 220.789300] ? lock_release+0xa30/0xa30 [ 220.793268] ? copy_mount_string+0x40/0x40 [ 220.797504] ? __do_page_fault+0x449/0xe50 [ 220.801751] ? retint_kernel+0x10/0x10 [ 220.805652] ? copy_mount_options+0x1f0/0x380 [ 220.810159] ? copy_mount_options+0x200/0x380 [ 220.814661] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 220.820194] ? copy_mount_options+0x285/0x380 [ 220.824695] ksys_mount+0x12d/0x140 [ 220.828318] __x64_sys_mount+0xbe/0x150 [ 220.832296] do_syscall_64+0x1b9/0x820 [ 220.836177] ? finish_task_switch+0x1d3/0x870 [ 220.840679] ? syscall_return_slowpath+0x5e0/0x5e0 [ 220.845614] ? syscall_return_slowpath+0x31d/0x5e0 [ 220.850538] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 220.855558] ? prepare_exit_to_usermode+0x291/0x3b0 [ 220.860564] ? perf_trace_sys_enter+0xb10/0xb10 [ 220.865228] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 220.870070] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 220.875274] RIP: 0033:0x455ab9 [ 220.878451] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 220.897930] RSP: 002b:00007f9b4e0a1c68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 20:43:39 executing program 5 (fault-call:7 fault-nth:32): mkdir(&(0x7f000082f000)='./control\x00', 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x1032, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000e4c000)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0) write$sndseq(r1, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) mount(&(0x7f0000000100)='./control\x00', &(0x7f0000000640)='./control/file0\x00', &(0x7f0000000140)='proc\x00', 0x0, &(0x7f00000001c0)) lchown(&(0x7f0000000040)='./control/file0\x00', 0x0, 0x0) close(r0) 20:43:39 executing program 3: 20:43:39 executing program 0: r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCSIFADDR(r0, 0x8916, &(0x7f00000000c0)={'bond_slave_0\x00'}) ioctl$sock_inet_SIOCSIFADDR(r0, 0x8916, &(0x7f0000000000)={'bond_slave_0\f\x00', {0x2, 0x0, @local}}) 20:43:39 executing program 2: 20:43:39 executing program 6: 20:43:39 executing program 7: 20:43:39 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x800) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008fd0)={0x0, 0x0, &(0x7f0000003fe8), 0x0, 0x0, &(0x7f0000009000)}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f000000dfd0)={0x700, 0x0, &(0x7f000000dfac), 0x1, 0x0, &(0x7f000000df36)="12"}) 20:43:39 executing program 4: preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000080)=""/148, 0x289}], 0x1, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/arp\x00') preadv(r0, &(0x7f0000000480), 0x10000000000002a1, 0x10400003) ioctl$TUNGETSNDBUF(0xffffffffffffffff, 0x800454d3, &(0x7f0000000000)) ioctl$PERF_EVENT_IOC_RESET(0xffffffffffffffff, 0x2403, 0x5) fcntl$setown(r0, 0x8, 0x0) r1 = epoll_create1(0x80006) r2 = socket(0x1d, 0x0, 0x1116) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r2, &(0x7f0000000000)={0xfffffffe8000201f}) setsockopt$inet_udp_int(r2, 0x11, 0x6f, &(0x7f0000000100)=0x7, 0x4) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r1, &(0x7f0000000540)={0x20000003}) ioctl$sock_netdev_private(r3, 0x89f0, &(0x7f0000000480)="dd6c4aae95babf1ba2cec8b824c3d8fd5e5e2a57f332e1c96456a1d00ea4ce51a18b3bfae24dc491ada880e92ffe5376d59852e5ee1b2cde661cadfb31d0a597bb36b5180ca4958e224ea71a6b099d1592d459f4f498fce378ebf9ec4774f407b189a23bfebadf74943b2858f72fd422c838df1af095ff") ioctl$BLKSECDISCARD(r3, 0x127d, &(0x7f0000000300)=0x6bb) r5 = perf_event_open(&(0x7f0000000140)={0x2, 0xb1, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) fcntl$getown(r5, 0x9) r6 = mq_open(&(0x7f00005a1ffb)='eth0\x00', 0x42, 0x0, &(0x7f0000000000)={0x0, 0x6, 0x4}) mq_notify(r6, &(0x7f0000000140)={0x0, 0x2e, 0x1, @thr={&(0x7f0000000040)="7be4d6b00202ca53878499e01146863a2e7c8ca45e1910e5eba6453bb6f234b5a1b1bca731970a74bfc8e1793749ea18", &(0x7f00000000c0)="3c5d8da40d1477844fc4c160b6004a90edc520a6935a49cf5da4c2b525d13146ed27d429c762a4b0e9aaed82555cd1ae800d"}}) r7 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rtc0\x00', 0x101004, 0x0) preadv(r7, &(0x7f0000000440)=[{&(0x7f0000000340)=""/249, 0xf9}], 0x1, 0x0) pipe2(&(0x7f0000000580)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) ioctl$SG_GET_PACK_ID(r8, 0x227c, &(0x7f00000005c0)) ppoll(&(0x7f00000001c0)=[{r6, 0x8000}, {r7, 0x420}], 0x2, &(0x7f0000000200)={0x77359400}, &(0x7f0000000240)={0x9}, 0x8) mq_timedsend(r6, &(0x7f00000e6000), 0x0, 0xe7, &(0x7f0000e0b000)) getsockopt$inet_udp_int(r3, 0x11, 0x1, &(0x7f0000000280), &(0x7f0000000640)=0x4) write$eventfd(r4, &(0x7f00000002c0)=0x43, 0x8) setsockopt$inet_mreq(r2, 0x0, 0x23, &(0x7f0000000500)={@local, @rand_addr=0x800}, 0x8) syz_genetlink_get_family_id$team(&(0x7f0000000780)='team\x00') [ 220.905633] RAX: ffffffffffffffda RBX: 00007f9b4e0a26d4 RCX: 0000000000455ab9 [ 220.912893] RDX: 0000000020000140 RSI: 0000000020000640 RDI: 0000000020000100 [ 220.920164] RBP: 000000000072bf50 R08: 00000000200001c0 R09: 0000000000000000 [ 220.927528] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000015 [ 220.935418] R13: 00000000004c01fb R14: 00000000004cfe38 R15: 000000000000001f 20:43:39 executing program 3: 20:43:39 executing program 2: [ 221.016098] binder: 11706:11708 unknown command 0 20:43:39 executing program 6: 20:43:39 executing program 7: [ 221.049418] binder: 11706:11708 ioctl c0306201 2000dfd0 returned -22 20:43:39 executing program 3: 20:43:39 executing program 6: [ 221.090893] binder: 11706:11720 unknown command 0 20:43:39 executing program 2: 20:43:39 executing program 7: [ 221.119530] binder: 11706:11720 ioctl c0306201 2000dfd0 returned -22 [ 221.822662] FAULT_INJECTION: forcing a failure. [ 221.822662] name failslab, interval 1, probability 0, space 0, times 0 [ 221.833956] CPU: 0 PID: 11741 Comm: syz-executor5 Not tainted 4.18.0-rc5-next-20180720+ #12 [ 221.842454] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 221.851816] Call Trace: [ 221.854480] dump_stack+0x1c9/0x2b4 [ 221.858153] ? dump_stack_print_info.cold.2+0x52/0x52 [ 221.863383] ? __kernel_text_address+0xd/0x40 [ 221.867899] ? unwind_get_return_address+0x61/0xa0 [ 221.872857] should_fail.cold.4+0xa/0x11 [ 221.876939] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 221.882079] ? save_stack+0xa9/0xd0 [ 221.885715] ? save_stack+0x43/0xd0 [ 221.889354] ? kasan_kmalloc+0xc4/0xe0 [ 221.893264] ? kmem_cache_alloc_trace+0x152/0x780 [ 221.898142] ? __memcg_init_list_lru_node+0x185/0x2d0 [ 221.903373] ? __list_lru_init+0x4d6/0x840 [ 221.907620] ? alloc_super+0x9a6/0xb10 [ 221.911538] ? vfs_get_super+0x6e/0x270 [ 221.915623] ? proc_get_tree+0x88/0xb0 [ 221.919542] ? vfs_get_tree+0x1cb/0x5c0 [ 221.923734] ? do_mount+0x6f2/0x1e20 [ 221.927490] ? ksys_mount+0x12d/0x140 [ 221.931327] ? __x64_sys_mount+0xbe/0x150 [ 221.935515] ? do_syscall_64+0x1b9/0x820 [ 221.939602] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 221.945003] ? save_stack+0xa9/0xd0 [ 221.948654] ? lock_acquire+0x1e4/0x540 [ 221.952641] ? fs_reclaim_acquire+0x20/0x20 [ 221.957001] ? lock_downgrade+0x8f0/0x8f0 [ 221.961181] ? lock_downgrade+0x8f0/0x8f0 [ 221.965378] ? check_same_owner+0x340/0x340 [ 221.969710] ? do_raw_spin_unlock+0xa7/0x2f0 [ 221.974133] ? rcu_note_context_switch+0x730/0x730 [ 221.979098] __should_failslab+0x124/0x180 [ 221.983362] should_failslab+0x9/0x14 [ 221.987193] kmem_cache_alloc_trace+0x2cb/0x780 [ 221.991864] ? kasan_kmalloc+0xc4/0xe0 [ 221.995774] __memcg_init_list_lru_node+0x185/0x2d0 [ 222.000847] ? kvfree_rcu+0x20/0x20 [ 222.004516] ? __kmalloc_node+0x47/0x70 [ 222.008536] __list_lru_init+0x4d6/0x840 [ 222.012652] ? list_lru_destroy+0x500/0x500 [ 222.017000] ? prealloc_shrinker+0x213/0x480 [ 222.021609] ? __init_waitqueue_head+0x9e/0x150 [ 222.026295] ? inactive_list_is_low+0x850/0x850 [ 222.031086] ? __lockdep_init_map+0x105/0x590 [ 222.035609] alloc_super+0x9a6/0xb10 [ 222.039436] ? destroy_unused_super.part.11+0x110/0x110 [ 222.045010] ? lock_downgrade+0x8f0/0x8f0 [ 222.049194] ? kasan_check_read+0x11/0x20 [ 222.053367] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 222.058003] ? kasan_check_write+0x14/0x20 [ 222.062267] ? do_raw_spin_lock+0xc1/0x200 [ 222.066530] ? ns_test_super+0x50/0x50 [ 222.070449] sget_fc+0x269/0x950 [ 222.074144] ? compare_single+0x10/0x10 [ 222.078146] ? alloc_super+0xb10/0xb10 [ 222.082119] ? kasan_kmalloc+0xc4/0xe0 [ 222.086059] ? __kmalloc_track_caller+0x311/0x760 [ 222.091061] ? proc_root_lookup+0x60/0x60 [ 222.095235] vfs_get_super+0x6e/0x270 [ 222.099115] proc_get_tree+0x88/0xb0 [ 222.102855] vfs_get_tree+0x1cb/0x5c0 [ 222.106684] do_mount+0x6f2/0x1e20 [ 222.115325] ? check_same_owner+0x340/0x340 [ 222.119677] ? lock_release+0xa30/0xa30 [ 222.124003] ? copy_mount_string+0x40/0x40 [ 222.128287] ? __do_page_fault+0x449/0xe50 [ 222.133090] ? retint_kernel+0x10/0x10 [ 222.137052] ? copy_mount_options+0x1f0/0x380 [ 222.142020] ? copy_mount_options+0x200/0x380 [ 222.146537] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 222.152201] ? copy_mount_options+0x285/0x380 [ 222.156831] ksys_mount+0x12d/0x140 [ 222.160506] __x64_sys_mount+0xbe/0x150 [ 222.164521] do_syscall_64+0x1b9/0x820 [ 222.168460] ? finish_task_switch+0x1d3/0x870 [ 222.172973] ? syscall_return_slowpath+0x5e0/0x5e0 [ 222.177918] ? syscall_return_slowpath+0x31d/0x5e0 [ 222.182888] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 222.188040] ? prepare_exit_to_usermode+0x291/0x3b0 [ 222.194440] ? perf_trace_sys_enter+0xb10/0xb10 [ 222.199139] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 222.204001] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 222.209211] RIP: 0033:0x455ab9 [ 222.212411] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 222.231885] RSP: 002b:00007f9b4e0a1c68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 222.239617] RAX: ffffffffffffffda RBX: 00007f9b4e0a26d4 RCX: 0000000000455ab9 [ 222.246935] RDX: 0000000020000140 RSI: 0000000020000640 RDI: 0000000020000100 [ 222.254227] RBP: 000000000072bf50 R08: 00000000200001c0 R09: 0000000000000000 [ 222.261537] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000015 [ 222.268837] R13: 00000000004c01fb R14: 00000000004cfe38 R15: 0000000000000020 20:43:41 executing program 5 (fault-call:7 fault-nth:33): mkdir(&(0x7f000082f000)='./control\x00', 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x1032, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000e4c000)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000043fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = creat(&(0x7f0000000000)='./control/file0\x00', 0x0) write$sndseq(r1, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) mount(&(0x7f0000000100)='./control\x00', &(0x7f0000000640)='./control/file0\x00', &(0x7f0000000140)='proc\x00', 0x0, &(0x7f00000001c0)) lchown(&(0x7f0000000040)='./control/file0\x00', 0x0, 0x0) close(r0) 20:43:41 executing program 3: 20:43:41 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x800) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008fd0)={0x0, 0x0, &(0x7f0000003fe8), 0x0, 0x0, &(0x7f0000009000)}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f000000dfd0)={0x500, 0x0, &(0x7f000000dfac), 0x1, 0x0, &(0x7f000000df36)="12"}) 20:43:41 executing program 7: 20:43:41 executing program 2: 20:43:41 executing program 6: 20:43:41 executing program 0: r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCSIFADDR(r0, 0x8916, &(0x7f00000000c0)={'bond_slave_0\x00'}) ioctl$sock_inet_SIOCSIFADDR(r0, 0x8916, &(0x7f0000000000)={"626f6e645f736c6176655f300000000e", {0x2, 0x0, @local}}) [ 222.350706] binder: 11749:11751 unknown command 0 [ 222.376994] binder: 11749:11751 ioctl c0306201 2000dfd0 returned -22 20:43:41 executing program 4: preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000080)=""/148, 0x289}], 0x1, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/arp\x00') preadv(r0, &(0x7f0000000480), 0x10000000000002a1, 0x10400003) ioctl$TUNGETSNDBUF(0xffffffffffffffff, 0x800454d3, &(0x7f0000000000)) ioctl$PERF_EVENT_IOC_RESET(0xffffffffffffffff, 0x2403, 0x5) fcntl$setown(r0, 0x8, 0x0) r1 = epoll_create1(0x80006) r2 = socket(0x1d, 0x0, 0x1116) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r2, &(0x7f0000000000)={0xfffffffe8000201f}) setsockopt$inet_udp_int(r2, 0x11, 0x6f, &(0x7f0000000100)=0x7, 0x4) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r1, &(0x7f0000000540)={0x20000003}) ioctl$sock_netdev_private(r3, 0x89f0, &(0x7f0000000480)="dd6c4aae95babf1ba2cec8b824c3d8fd5e5e2a57f332e1c96456a1d00ea4ce51a18b3bfae24dc491ada880e92ffe5376d59852e5ee1b2cde661cadfb31d0a597bb36b5180ca4958e224ea71a6b099d1592d459f4f498fce378ebf9ec4774f407b189a23bfebadf74943b2858f72fd422c838df1af095ff") ioctl$BLKSECDISCARD(r3, 0x127d, &(0x7f0000000300)=0x6bb) r5 = perf_event_open(&(0x7f0000000140)={0x2, 0xb1, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) fcntl$getown(r5, 0x9) r6 = mq_open(&(0x7f00005a1ffb)='eth0\x00', 0x42, 0x0, &(0x7f0000000000)={0x0, 0x6, 0x4}) mq_notify(r6, &(0x7f0000000140)={0x0, 0x2e, 0x1, @thr={&(0x7f0000000040)="7be4d6b00202ca53878499e01146863a2e7c8ca45e1910e5eba6453bb6f234b5a1b1bca731970a74bfc8e1793749ea18156c9b8a615bfa2f506fcf44060d36e38f66f111149434d5", &(0x7f00000000c0)="3c5d8da40d1477844fc4c160b6004a90edc520a6935a49cf5da4c2b525d13146ed27d429c762a4b0e9aaed82555cd1ae800d"}}) r7 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rtc0\x00', 0x101004, 0x0) preadv(r7, &(0x7f0000000440)=[{&(0x7f0000000340)=""/249, 0xf9}], 0x1, 0x0) pipe2(&(0x7f0000000580)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) ioctl$SG_GET_PACK_ID(r8, 0x227c, &(0x7f00000005c0)) ppoll(&(0x7f00000001c0)=[{r6, 0x8000}, {r7, 0x420}], 0x2, &(0x7f0000000200)={0x77359400}, &(0x7f0000000240)={0x9}, 0x8) mq_timedsend(r6, &(0x7f00000e6000), 0x0, 0xe7, &(0x7f0000e0b000)) getsockopt$inet_udp_int(r3, 0x11, 0x1, &(0x7f0000000280), &(0x7f0000000640)=0x4) write$eventfd(r4, &(0x7f00000002c0)=0x43, 0x8) setsockopt$inet_mreq(r2, 0x0, 0x23, &(0x7f0000000500)={@local, @rand_addr=0x800}, 0x8) syz_genetlink_get_family_id$team(&(0x7f0000000780)='team\x00') 20:43:41 executing program 2: 20:43:41 executing program 6: 20:43:41 executing program 3: 20:43:41 executing program 7: 20:43:41 executing program 6: [ 222.421859] binder: 11749:11760 unknown command 0 [ 222.436833] binder: 11749:11760 ioctl c0306201 2000dfd0 returned -22 20:43:41 executing program 3: 20:43:41 executing program 7: 20:43:41 executing program 2: [ 223.179836] FAULT_INJECTION: forcing a failure. [ 223.179836] name failslab, interval 1, probability 0, space 0, times 0 [ 223.191167] CPU: 1 PID: 11782 Comm: syz-executor5 Not tainted 4.18.0-rc5-next-20180720+ #12 [ 223.199660] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 223.209014] Call Trace: [ 223.211625] dump_stack+0x1c9/0x2b4 [ 223.215248] ? dump_stack_print_info.cold.2+0x52/0x52 [ 223.220446] should_fail.cold.4+0xa/0x11 [ 223.224512] ? wait_for_completion+0x8d0/0x8d0 [ 223.229115] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 223.234220] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 223.239384] ? __memcg_init_list_lru_node+0x20a/0x2d0 [ 223.244582] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 223.250144] ? xas_find_tagged+0x49d/0x1310 [ 223.254485] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 223.260054] ? xas_store+0x52f/0x1720 [ 223.263862] ? ida_alloc_range+0x5d0/0xc70 [ 223.268112] ? lock_downgrade+0x8f0/0x8f0 [ 223.272265] ? lock_acquire+0x1e4/0x540 [ 223.276247] ? fs_reclaim_acquire+0x20/0x20 [ 223.280590] ? lock_downgrade+0x8f0/0x8f0 [ 223.284738] ? check_same_owner+0x340/0x340 [ 223.289079] ? kfree+0x15e/0x260 [ 223.292443] ? rcu_note_context_switch+0x730/0x730 [ 223.297370] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 223.302948] __should_failslab+0x124/0x180 [ 223.307187] should_failslab+0x9/0x14 [ 223.310987] kmem_cache_alloc+0x2af/0x760 [ 223.315150] ? up_read+0x110/0x110 [ 223.318707] ? down_read+0x1d0/0x1d0 [ 223.322451] ? proc_i_callback+0x30/0x30 [ 223.326673] proc_alloc_inode+0x1b/0x190 [ 223.330738] alloc_inode+0x63/0x190 [ 223.334364] new_inode_pseudo+0x71/0x1a0 [ 223.338542] ? prune_icache_sb+0x1b0/0x1b0 [ 223.342773] ? memcpy+0x45/0x50 [ 223.346073] proc_get_inode+0x1e/0x680 [ 223.349959] proc_fill_super+0x32c/0x630 [ 223.354035] ? proc_root_lookup+0x60/0x60 [ 223.358315] ? __kmalloc_track_caller+0x311/0x760 [ 223.363164] ? proc_root_lookup+0x60/0x60 [ 223.367380] vfs_get_super+0x15e/0x270 [ 223.371272] proc_get_tree+0x88/0xb0 [ 223.375009] vfs_get_tree+0x1cb/0x5c0 [ 223.378818] do_mount+0x6f2/0x1e20 [ 223.382361] ? do_raw_spin_unlock+0xa7/0x2f0 [ 223.386790] ? copy_mount_string+0x40/0x40 [ 223.391032] ? __do_page_fault+0x449/0xe50 [ 223.395277] ? retint_kernel+0x10/0x10 [ 223.399188] ? copy_mount_options+0x1f0/0x380 [ 223.403701] ? copy_mount_options+0x200/0x380 [ 223.408203] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 223.413839] ? copy_mount_options+0x285/0x380 [ 223.418344] ksys_mount+0x12d/0x140 [ 223.421972] __x64_sys_mount+0xbe/0x150 [ 223.425952] do_syscall_64+0x1b9/0x820 [ 223.429858] ? syscall_return_slowpath+0x5e0/0x5e0 [ 223.434791] ? syscall_return_slowpath+0x31d/0x5e0 [ 223.439719] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 223.444912] ? prepare_exit_to_usermode+0x291/0x3b0 [ 223.450226] ? perf_trace_sys_enter+0xb10/0xb10 [ 223.454924] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 223.462464] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 223.467662] RIP: 0033:0x455ab9 [ 223.470841] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 223.490157] RSP: 002b:00007f9b4e0a1c68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 223.497864] RAX: ffffffffffffffda RBX: 00007f9b4e0a26d4 RCX: 0000000000455ab9 [ 223.505395] RDX: 0000000020000140 RSI: 0000000020000640 RDI: 0000000020000100 [ 223.512662] RBP: 000000000072bf50 R08: 00000000200001c0 R09: 0000000000000000 [ 223.519947] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000015 [ 223.527305] R13: 00000000004c01fb R14: 00000000004cfe38 R15: 0000000000000021 [ 223.534712] proc_fill_super: get root inode failed [ 223.539754] ================================================================== [ 223.547148] BUG: KASAN: use-after-free in dput.part.26+0x634/0x7a0 [ 223.553469] Read of size 4 at addr ffff88018a92c000 by task syz-executor5/11782 [ 223.560926] [ 223.562592] CPU: 1 PID: 11782 Comm: syz-executor5 Not tainted 4.18.0-rc5-next-20180720+ #12 [ 223.571172] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 223.580533] Call Trace: [ 223.583142] dump_stack+0x1c9/0x2b4 [ 223.586794] ? dump_stack_print_info.cold.2+0x52/0x52 [ 223.592005] ? printk+0xa7/0xcf [ 223.595301] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 223.600067] ? dput.part.26+0x634/0x7a0 [ 223.604090] print_address_description+0x6c/0x20b [ 223.608949] ? dput.part.26+0x634/0x7a0 [ 223.612922] kasan_report.cold.7+0x242/0x30d [ 223.617341] __asan_report_load4_noabort+0x14/0x20 [ 223.622276] dput.part.26+0x634/0x7a0 [ 223.626103] ? shrink_dcache_sb+0x350/0x350 [ 223.630463] ? __kasan_slab_free+0x131/0x170 [ 223.634914] ? trace_hardirqs_on+0xd/0x10 [ 223.639091] dput+0x15/0x20 [ 223.642038] proc_kill_sb+0x125/0x1e0 [ 223.645860] ? proc_get_inode+0x680/0x680 [ 223.650025] ? proc_root_lookup+0x60/0x60 [ 223.654335] deactivate_locked_super+0x97/0x100 [ 223.659020] vfs_get_super+0x20f/0x270 [ 223.662941] proc_get_tree+0x88/0xb0 [ 223.666683] vfs_get_tree+0x1cb/0x5c0 [ 223.670520] do_mount+0x6f2/0x1e20 [ 223.674074] ? do_raw_spin_unlock+0xa7/0x2f0 [ 223.678500] ? copy_mount_string+0x40/0x40 [ 223.682743] ? __do_page_fault+0x449/0xe50 [ 223.686998] ? retint_kernel+0x10/0x10 [ 223.690897] ? copy_mount_options+0x1f0/0x380 [ 223.695401] ? copy_mount_options+0x200/0x380 [ 223.699897] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 223.705436] ? copy_mount_options+0x285/0x380 [ 223.709955] ksys_mount+0x12d/0x140 [ 223.713596] __x64_sys_mount+0xbe/0x150 [ 223.717584] do_syscall_64+0x1b9/0x820 [ 223.721474] ? syscall_return_slowpath+0x5e0/0x5e0 [ 223.726955] ? syscall_return_slowpath+0x31d/0x5e0 [ 223.731900] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 223.736929] ? prepare_exit_to_usermode+0x291/0x3b0 [ 223.741946] ? perf_trace_sys_enter+0xb10/0xb10 [ 223.746621] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 223.751493] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 223.756988] RIP: 0033:0x455ab9 [ 223.760178] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 223.779459] RSP: 002b:00007f9b4e0a1c68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 223.787172] RAX: ffffffffffffffda RBX: 00007f9b4e0a26d4 RCX: 0000000000455ab9 [ 223.794435] RDX: 0000000020000140 RSI: 0000000020000640 RDI: 0000000020000100 [ 223.801707] RBP: 000000000072bf50 R08: 00000000200001c0 R09: 0000000000000000 [ 223.808972] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000015 [ 223.816243] R13: 00000000004c01fb R14: 00000000004cfe38 R15: 0000000000000021 [ 223.823601] [ 223.825221] Allocated by task 11566: [ 223.828929] save_stack+0x43/0xd0 [ 223.832385] kasan_kmalloc+0xc4/0xe0 [ 223.836092] kasan_slab_alloc+0x12/0x20 [ 223.840063] kmem_cache_alloc+0x12e/0x760 [ 223.844206] __d_alloc+0xc8/0xd50 [ 223.847653] d_alloc+0x96/0x380 [ 223.850941] d_alloc_parallel+0x15a/0x1ea0 [ 223.855167] __lookup_slow+0x1e6/0x540 [ 223.859052] lookup_slow+0x57/0x80 [ 223.862600] walk_component+0x94a/0x2630 [ 223.866655] link_path_walk.part.42+0x6e0/0x1540 [ 223.871416] path_openat+0x268/0x5300 [ 223.875234] do_filp_open+0x255/0x380 [ 223.879033] do_sys_open+0x584/0x720 [ 223.882734] __x64_sys_open+0x7e/0xc0 [ 223.886636] do_syscall_64+0x1b9/0x820 [ 223.890529] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 223.895701] [ 223.897327] Freed by task 4518: [ 223.900599] save_stack+0x43/0xd0 [ 223.904058] __kasan_slab_free+0x11a/0x170 [ 223.908462] kasan_slab_free+0xe/0x10 [ 223.912280] kmem_cache_free+0x86/0x2d0 [ 223.916263] __d_free+0x20/0x30 [ 223.919551] rcu_process_callbacks+0xf98/0x2860 [ 223.924211] __do_softirq+0x2e8/0xb17 [ 223.928001] [ 223.929990] The buggy address belongs to the object at ffff88018a92c000 [ 223.929990] which belongs to the cache dentry(97:syz5) of size 288 [ 223.942997] The buggy address is located 0 bytes inside of [ 223.942997] 288-byte region [ffff88018a92c000, ffff88018a92c120) [ 223.954795] The buggy address belongs to the page: [ 223.959721] page:ffffea00062a4b00 count:1 mapcount:0 mapping:ffff8801d79a7680 index:0xffff88018a92c9a0 [ 223.969158] flags: 0x2fffc0000000200(slab) [ 223.973385] raw: 02fffc0000000200 ffffea00062a4d48 ffffea00062a1088 ffff8801d79a7680 [ 223.981367] raw: ffff88018a92c9a0 ffff88018a92c000 0000000100000008 ffff8801991fca00 [ 223.989271] page dumped because: kasan: bad access detected [ 223.994977] page->mem_cgroup:ffff8801991fca00 [ 223.999457] [ 224.001065] Memory state around the buggy address: [ 224.006009] ffff88018a92bf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 224.013390] ffff88018a92bf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 224.022315] >ffff88018a92c000: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 224.029692] ^ [ 224.033138] ffff88018a92c080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 224.040512] ffff88018a92c100: fb fb fb fb fc fc fc fc fc fc fc fc fb fb fb fb [ 224.047867] ================================================================== [ 224.055421] Kernel panic - not syncing: panic_on_warn set ... [ 224.055421] [ 224.062820] CPU: 1 PID: 11782 Comm: syz-executor5 Tainted: G B 4.18.0-rc5-next-20180720+ #12 [ 224.072696] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 224.082084] Call Trace: [ 224.084690] dump_stack+0x1c9/0x2b4 [ 224.088311] ? dump_stack_print_info.cold.2+0x52/0x52 [ 224.093514] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 224.098271] panic+0x238/0x4e7 [ 224.101484] ? add_taint.cold.5+0x16/0x16 [ 224.105648] ? do_raw_spin_unlock+0xa7/0x2f0 [ 224.110056] ? dput.part.26+0x634/0x7a0 [ 224.114029] kasan_end_report+0x47/0x4f [ 224.118178] kasan_report.cold.7+0x76/0x30d [ 224.122707] __asan_report_load4_noabort+0x14/0x20 [ 224.127643] dput.part.26+0x634/0x7a0 [ 224.131530] ? shrink_dcache_sb+0x350/0x350 [ 224.136057] ? __kasan_slab_free+0x131/0x170 [ 224.140470] ? trace_hardirqs_on+0xd/0x10 [ 224.144630] dput+0x15/0x20 [ 224.147576] proc_kill_sb+0x125/0x1e0 [ 224.151369] ? proc_get_inode+0x680/0x680 [ 224.155542] ? proc_root_lookup+0x60/0x60 [ 224.159694] deactivate_locked_super+0x97/0x100 [ 224.164378] vfs_get_super+0x20f/0x270 [ 224.168270] proc_get_tree+0x88/0xb0 [ 224.171983] vfs_get_tree+0x1cb/0x5c0 [ 224.175778] do_mount+0x6f2/0x1e20 [ 224.179307] ? do_raw_spin_unlock+0xa7/0x2f0 [ 224.183709] ? copy_mount_string+0x40/0x40 [ 224.187939] ? __do_page_fault+0x449/0xe50 [ 224.192201] ? retint_kernel+0x10/0x10 [ 224.196090] ? copy_mount_options+0x1f0/0x380 [ 224.200584] ? copy_mount_options+0x200/0x380 [ 224.205334] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 224.210867] ? copy_mount_options+0x285/0x380 [ 224.215468] ksys_mount+0x12d/0x140 [ 224.219088] __x64_sys_mount+0xbe/0x150 [ 224.223075] do_syscall_64+0x1b9/0x820 [ 224.226955] ? syscall_return_slowpath+0x5e0/0x5e0 [ 224.231877] ? syscall_return_slowpath+0x31d/0x5e0 [ 224.236811] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 224.241845] ? prepare_exit_to_usermode+0x291/0x3b0 [ 224.246956] ? perf_trace_sys_enter+0xb10/0xb10 [ 224.251616] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 224.256538] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 224.261715] RIP: 0033:0x455ab9 [ 224.264899] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 224.284267] RSP: 002b:00007f9b4e0a1c68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 224.291971] RAX: ffffffffffffffda RBX: 00007f9b4e0a26d4 RCX: 0000000000455ab9 [ 224.299288] RDX: 0000000020000140 RSI: 0000000020000640 RDI: 0000000020000100 [ 224.306548] RBP: 000000000072bf50 R08: 00000000200001c0 R09: 0000000000000000 [ 224.313911] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000015 [ 224.321168] R13: 00000000004c01fb R14: 00000000004cfe38 R15: 0000000000000021 [ 224.329299] Dumping ftrace buffer: [ 224.332849] (ftrace buffer empty) [ 224.336561] Kernel Offset: disabled [ 224.340179] Rebooting in 86400 seconds..